The egodktf

Ptibou -  
g!rly Messages postés 18462 Statut Contributeur -
Bonjour,
Je ne sais pas par ou commencer, mais mon pc est contaminé par je ne sais quoi, je possede norton antivirus mais quand je le lance, il ne me met pas de virus detecté, pourtant je ne suis plus administrateur sur mon propre pc, j'ai des messages d'infection qui s'affichent toute les minutes marqués " spyware alert" ou autre, ainsi qu'une bare d'outil nomée the egodktf...
Bref je usis dépassé, je ne sais plus quoi faire pour nettoyer mon pc, pouvez vous m'aider s'il vous plait
Configuration: Windows XP
Internet Explorer 7.0

15 réponses

  1. g!rly Messages postés 18462 Statut Contributeur 407
     
    salut a toi;

    fais ceci :

    Fais un clic droit sur ce lien :
    http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe
    Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau.
    Ensuite double clique sur navilog1.exe pour lancer l'installation.
    Une fois l'installation terminée, le fix s'exécutera automatiquement.
    (Si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau).

    Laisse-toi guider. Au menu principal, choisis 1 et valides.
    (ne fais pas le choix 2,3 ou 4 sans notre avis/accord)

    Patiente jusqu'au message :
    *** Analyse Termine le ..... ***
    Appuie sur une touche comme demandé, le blocnote va s'ouvrir.
    Copie-colle l'intégralité dans une réponse. Referme le blocnote.
    Le rapport est en outre sauvegardé à la racine du disque (fixnavi.txt)

    et

    Télécharge HijackThis ici :

    -> http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis

    Tutoriel d´utilisation (video) :

    -> http://pageperso.aol.fr/balltrap34/demohijack.htm

    Post le rapport généré ici stp...

    @+
    0
  2. Ptibou
     
    Voila ce que met navilog:

    Search Navipromo version 3.4.0 commencé le 19/01/2008 à 13:47:02,85

    !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
    !!! Postez ce rapport sur le forum pour le faire analyser !!!
    !!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

    Outil exécuté depuis D:\Program Files\navilog1
    Mise à jour le 09.01.2008 à 20h00 par IL-MAFIOSO

    Microsoft Windows XP [version 5.1.2600]
    Internet Explorer : 7.0.5730.13
    Système de fichiers : NTFS

    Executé en mode normal

    *** Recherche Programmes installés ***

    *** Recherche dossiers dans D:\WINDOWS ***

    *** Recherche dossiers dans D:\Program Files ***

    *** Recherche dossiers dans D:\DOCUME~1\ALLUSE~1\APPLIC~1 ***

    *** Recherche dossiers dans "D:\Documents and Settings\Ptibou\application data" ***

    *** Recherche dossiers dans "D:\Documents and Settings\Ptibou\MENUDM~1\PROGRA~1" ***

    *** Recherche dossiers dans D:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1 ***

    *** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
    pour + d'infos : http://www.gmer.net

    Aucun Fichier trouvé

    *** Recherche avec GenericNaviSearch ***
    !!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
    !!! A vérifier impérativement avant toute suppression manuelle !!!

    * Recherche dans D:\WINDOWS\system32 *

    * Recherche dans "D:\Documents and Settings\Ptibou\local settings\application data" *

    *** Recherche fichiers ***

    *** Recherche clés spécifiques dans le Registre ***

    *** Module de Recherche complémentaire ***
    (Recherche fichiers spécifiques)

    1)Recherche nouveaux fichiers Instant Access :

    2)Recherche Heuristique :

    * Dans D:\WINDOWS\system32 :

    * Dans "D:\Documents and Settings\Ptibou\local settings\application data" :

    3)Recherche Certificats :

    Certificat Egroup absent !

    4)Recherche fichiers connus :

    *** Analyse terminée le 19/01/2008 à 13:48:37,73 ***
    0
  3. Ptibou
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:51:24, on 19/01/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\WINDOWS\Explorer.EXE
    D:\Program Files\Analog Devices\Core\smax4pnp.exe
    D:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    D:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
    D:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
    D:\WINDOWS\system32\RUNDLL32.EXE
    D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    D:\WINDOWS\system32\ctfmon.exe
    D:\Program Files\Micro Application\Dictionnaires Multilingues\TrueTerm.exe
    D:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
    D:\Program Files\Netropa\Onscreen Display\OSD.exe
    D:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
    D:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
    D:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
    D:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    D:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
    D:\WINDOWS\system32\nvsvc32.exe
    D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    D:\WINDOWS\System32\svchost.exe
    D:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
    D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
    D:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
    D:\Program Files\Windows Live\Messenger\usnsvc.exe
    D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    D:\Program Files\Windows Media Player\wmplayer.exe
    C:\Jeux\EA GAMES\Need for Speed Underground 2\speed2.exe
    D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    D:\Program Files\Internet Explorer\IEXPLORE.EXE
    D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SXG Advisor - {5257F0D5-2868-4758-94D3-E268EB6D43C5} - D:\WINDOWS\dopfwrlvtq.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: The egodktf - {4288B655-63B4-4817-BB1E-B6F3E242234F} - D:\WINDOWS\egodktf.dll
    O4 - HKLM\..\Run: [SoundMAXPnP] D:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [SoundMAX] "D:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [osCheck] "D:\Program Files\Norton AntiVirus\osCheck.exe"
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "D:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "D:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] D:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Activer Dictionnaires Multilingues.lnk = ?
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
    O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - https://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O21 - SSODL: bxsnvqt - {4175145D-5837-4A10-93CE-36E1EA84602B} - D:\WINDOWS\bxsnvqt.dll
    O21 - SSODL: aslpmqk - {7F719827-36C1-4557-8BCA-7AE93D79D5C8} - D:\WINDOWS\aslpmqk.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - D:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
    O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
    O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - D:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - D:\Program Files\Norton AntiVirus\isPwdSvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - D:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - D:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - D:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - D:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
    O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
    O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    O23 - Service: Symantec Core LC - Unknown owner - D:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - D:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
    0
  4. g!rly Messages postés 18462 Statut Contributeur 407
     
    re,

    fais ceci

    Télécharge combofix.exe (par sUBs) sur ton Bureau.

    -> http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    -> Double clique combofix.exe.
    -> Tape sur la touche 1 (Yes) pour démarrer le scan.
    -> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

    NOTE : Le rapport se trouve également ici : C:\Combofix.txt

    et post un nouveau hijack this

    @+
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Ptibou
     
    ComboFix 08-01-18.5 - Ptibou 2008-01-19 14:08:55.1 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.291 [GMT 1:00]
    Running from: D:\Documents and Settings\Ptibou\Bureau\ComboFix.exe
    * Created a new restore point

    [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    D:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
    D:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
    D:\WINDOWS\dat.txt
    D:\WINDOWS\dopfwrlvtq.dll
    D:\WINDOWS\egodktf.dll
    D:\WINDOWS\search_res.txt

    .
    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-19 to 2008-01-19 ))))))))))))))))))))))))))))))))))))
    .

    2008-01-19 14:08 . 2000-08-31 08:00 51,200 --a------ D:\WINDOWS\NirCmd.exe
    2008-01-19 13:50 . 2008-01-19 13:50 <REP> d-------- D:\Program Files\Trend Micro
    2008-01-19 13:45 . 2008-01-19 13:48 <REP> d-------- D:\Program Files\Navilog1
    2008-01-19 12:26 . 2008-01-19 12:26 <REP> d-------- D:\Program Files\Lavasoft
    2008-01-19 12:26 . 2008-01-19 12:26 <REP> d-------- D:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-01-19 12:26 . 2008-01-19 12:28 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-01-19 12:18 . 2008-01-19 12:20 <REP> d-a------ D:\Documents and Settings\All Users\Application Data\TEMP
    2008-01-18 22:41 . 2008-01-18 20:08 323,584 --a------ D:\WINDOWS\bxsnvqt.dll
    2008-01-18 22:41 . 2008-01-18 20:08 217,088 --a------ D:\WINDOWS\aslpmqk.dll
    2008-01-18 22:41 . 2008-01-18 20:08 81,920 --a------ D:\WINDOWS\fknxwqf.exe
    2008-01-17 18:16 . 2008-01-17 18:16 <REP> d-------- D:\Program Files\Micro Application
    2008-01-17 18:16 . 1998-09-24 13:03 171,967 --a------ D:\WINDOWS\system32\Odbcjet.hlp
    2008-01-17 18:16 . 1998-09-24 13:03 7,348 --a------ D:\WINDOWS\system32\Odbcjet.cnt
    2008-01-17 18:15 . 2008-01-17 18:15 40 --a------ D:\WINDOWS\navigma.INI
    2008-01-12 21:36 . 2008-01-12 21:36 <REP> d-------- D:\Documents and Settings\Ptibou\Application Data\InstallShield Installation Information
    2008-01-12 21:28 . 2008-01-12 21:28 <REP> d-------- D:\Program Files\DIFX
    2008-01-12 21:28 . 2006-07-01 22:42 43,520 --a------ D:\WINDOWS\system32\drivers\AmdK8.sys
    2008-01-12 20:35 . 2008-01-19 12:03 <REP> d-------- D:\Program Files\DAEMON Tools
    2008-01-12 12:08 . 2008-01-12 12:08 <REP> d-------- D:\Program Files\Guitar Pro 5
    2008-01-09 20:20 . 2008-01-09 20:20 <REP> d-------- D:\Program Files\K-Lite Codec Pack
    2008-01-09 20:20 . 2006-11-01 14:52 765,952 --a------ D:\WINDOWS\system32\xvidcore.dll
    2008-01-08 17:47 . 2008-01-08 17:47 <REP> d-------- D:\Program Files\Microsoft Silverlight
    2008-01-05 11:47 . 2008-01-05 11:48 34,519 --a------ D:\WINDOWS\Ascd_tmp.ini
    2008-01-05 11:40 . 2008-01-05 11:40 <REP> d-------- D:\Program Files\ASUS WiFi-AP Solo
    2008-01-05 11:40 . 2006-03-31 04:39 13,532 --a------ D:\WINDOWS\system32\drivers\SjyPkt.sys
    2008-01-05 11:07 . 2008-01-05 11:07 <REP> d-------- D:\Program Files\SystemRequirementsLab
    2008-01-03 21:11 . 2008-01-03 21:11 <REP> d-------- D:\Documents and Settings\Ptibou\Application Data\InstallShield
    2008-01-03 20:40 . 2008-01-03 20:40 1 --a------ D:\Documents and Settings\Ptibou\SI.bin
    2008-01-03 19:21 . 2008-01-03 19:21 98,304 --a------ D:\WINDOWS\system32CmdLineExt.dll
    2007-12-30 22:21 . 2007-12-30 22:21 <REP> d-------- D:\Program Files\Traction Software
    2007-12-30 13:48 . 2007-12-30 13:48 <REP> d-------- D:\Program Files\Alcohol Soft
    2007-12-30 13:45 . 2007-12-30 13:45 639,224 --a------ D:\WINDOWS\system32\drivers\sptd.sys
    2007-12-29 23:02 . 2006-03-23 19:53 442,368 --a------ D:\WINDOWS\system32\CapabilityTable.exe
    2007-12-29 18:55 . 2007-12-29 19:27 <REP> d-------- D:\Documents and Settings\All Users\Application Data\NFS Underground
    2007-12-29 15:58 . 2007-12-29 15:58 <REP> d-------- D:\Program Files\MSXML 4.0
    2007-12-25 14:50 . 2007-12-25 14:50 <REP> d-------- D:\Documents and Settings\Ptibou\Application Data\Samsung
    2007-12-25 14:48 . 2004-08-04 07:08 26,496 --a--c--- D:\WINDOWS\system32\dllcache\usbstor.sys
    2007-12-25 14:38 . 2007-12-25 14:38 <REP> d-------- D:\Program Files\Samsung
    2007-12-25 14:38 . 2005-08-13 05:06 22,486 -ra------ D:\WINDOWS\system32\UnInstall_Driver.ico
    2007-12-24 09:57 . 2007-07-30 19:19 271,224 --a------ D:\WINDOWS\system32\mucltui.dll
    2007-12-24 09:57 . 2007-07-30 19:18 30,072 --a------ D:\WINDOWS\system32\mucltui.dll.mui
    2007-12-23 19:17 . 2007-12-23 19:18 <REP> d-------- D:\Program Files\Fichiers communs\Adobe
    2007-12-23 16:24 . 2007-12-23 16:24 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Ubisoft
    2007-12-23 15:52 . 2007-12-23 15:52 <REP> d-------- D:\Program Files\Fichiers communs\DirectX
    2007-12-23 13:47 . 2007-12-23 13:47 <REP> d-------- D:\Program Files\MSXML 6.0
    2007-12-23 12:29 . 2007-12-23 12:29 <REP> d-------- D:\Program Files\MSBuild
    2007-12-23 12:28 . 2007-12-23 14:14 <REP> d-------- D:\WINDOWS\system32\XPSViewer
    2007-12-23 12:27 . 2007-12-23 12:27 <REP> d-------- D:\Program Files\Reference Assemblies
    2007-12-23 12:27 . 2006-06-29 13:07 14,048 --------- D:\WINDOWS\system32\spmsg2.dll
    2007-12-23 12:26 . 2007-12-23 12:26 <REP> d-------- D:\Program Files\Windows Media Connect 2
    2007-12-23 12:26 . 2006-10-04 15:06 1,197,294 -----c--- D:\WINDOWS\system32\dllcache\sysmain.sdb
    2007-12-23 12:26 . 2006-10-04 15:06 764,868 -----c--- D:\WINDOWS\system32\dllcache\apph_sp.sdb
    2007-12-23 12:26 . 2006-10-04 15:06 217,118 -----c--- D:\WINDOWS\system32\dllcache\apphelp.sdb
    2007-12-23 12:25 . 2007-12-23 12:25 <REP> d-------- D:\WINDOWS\system32\LogFiles
    2007-12-23 12:25 . 2007-12-23 12:26 <REP> d-------- D:\WINDOWS\system32\drivers\UMDF
    2007-12-23 12:21 . 2007-12-23 12:21 <REP> d-------- D:\WINDOWS\system32\URTTemp
    2007-12-23 12:11 . 2008-01-06 11:52 <REP> d-------- D:\WINDOWS\VdCap03C
    2007-12-23 12:11 . 2007-12-23 12:11 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Messenger Plus!
    2007-12-23 12:11 . 2004-08-20 00:10 91,648 --a------ D:\WINDOWS\kswdmcap.ax
    2007-12-23 12:11 . 2004-08-20 00:10 61,952 --a------ D:\WINDOWS\kstvtune.ax
    2007-12-23 12:11 . 2004-08-20 00:09 54,784 --a------ D:\WINDOWS\vfwwdm32.dll
    2007-12-23 12:11 . 2004-08-20 00:10 43,008 --a------ D:\WINDOWS\ksxbar.ax
    2007-12-23 12:11 . 2004-08-20 00:10 28,672 --a------ D:\WINDOWS\vidcap.ax
    2007-12-23 12:05 . 2007-12-23 12:30 <REP> d-------- D:\WINDOWS\system32\fr-fr
    2007-12-23 12:03 . 2007-08-13 18:54 33,792 --a--c--- D:\WINDOWS\system32\dllcache\custsat.dll
    2007-12-23 11:56 . 2007-12-23 11:56 <REP> d-------- D:\Program Files\uTorrent
    2007-12-23 11:56 . 2007-12-23 11:56 <REP> d-------- D:\Program Files\Microsoft CAPICOM 2.1.0.2
    2007-12-23 11:56 . 2008-01-18 23:10 <REP> d-------- D:\Documents and Settings\Ptibou\Application Data\uTorrent
    2007-12-23 11:49 . 2007-07-09 14:11 584,192 -----c--- D:\WINDOWS\system32\dllcache\rpcrt4.dll
    2007-12-23 11:48 . 2003-12-08 17:08 36,864 --------- D:\WINDOWS\CleanTrb.exe
    2007-12-23 11:47 . 2007-12-23 11:47 <REP> d-------- D:\Program Files\Netropa
    2007-12-23 11:47 . 2002-07-11 07:47 98,304 --a------ D:\WINDOWS\system32\msikbd.dll
    2007-12-23 11:47 . 2000-06-08 02:09 28,672 --------- D:\WINDOWS\system32\msiosd32.dll
    2007-12-23 11:47 . 2001-12-20 09:02 6,656 --------- D:\WINDOWS\system32\drivers\Msikbd2k.sys
    2007-12-23 11:47 . 2008-01-19 14:12 245 --a------ D:\WINDOWS\Msiosd.ini
    2007-12-23 11:47 . 2007-12-23 11:47 0 --a------ D:\WINDOWS\WININIT.INI
    2007-12-23 11:44 . 2007-12-23 11:44 <REP> d-------- D:\Program Files\Messenger Plus! Live
    2007-12-23 11:43 . 2008-01-19 10:58 <REP> d----c--- D:\WINDOWS\system32\DRVSTORE
    2007-12-23 11:43 . 2008-01-06 10:58 <REP> d-------- D:\Documents and Settings\Ptibou\Contacts
    2007-12-23 11:39 . 2007-12-23 11:43 <REP> d-------- D:\Program Files\Windows Live
    2007-12-23 11:39 . 2007-12-23 11:42 <REP> d--hsc--- D:\Program Files\Fichiers communs\WindowsLiveInstaller
    2007-12-23 11:39 . 2007-12-23 11:39 <REP> d-------- D:\Documents and Settings\All Users\Application Data\WLInstaller
    2007-12-23 11:38 . 2007-12-23 11:38 <REP> d-------- D:\Documents and Settings\LocalService\Menu D‚marrer
    2007-12-23 11:26 . 2007-12-23 12:22 316,640 --a------ D:\WINDOWS\WMSysPr9.prx
    2007-12-23 11:25 . 2007-12-23 11:25 <REP> d-------- D:\WINDOWS\provisioning
    2007-12-23 11:25 . 2007-12-23 11:25 <REP> d-------- D:\WINDOWS\peernet
    2007-12-23 11:24 . 2007-12-23 11:24 <REP> d-------- D:\WINDOWS\ServicePackFiles
    2007-12-23 11:21 . 2007-12-23 11:21 <REP> d-------- D:\WINDOWS\EHome
    2007-12-23 11:19 . 2002-04-15 21:11 67,866 --------- D:\WINDOWS\system32\drivers\netwlan5.img
    2007-12-23 11:19 . 2004-08-19 16:10 11,776 --------- D:\WINDOWS\system32\spnpinst.exe
    2007-12-23 11:19 . 2004-08-02 14:20 7,208 --------- D:\WINDOWS\system32\secupd.sig
    2007-12-23 11:19 . 2004-08-02 14:20 4,569 --------- D:\WINDOWS\system32\secupd.dat
    2007-12-23 09:59 . 2007-12-23 09:59 <REP> d-------- D:\WINDOWS\system32\MsDtc
    2007-12-23 09:59 . 2007-12-23 09:59 <REP> d-------- D:\Program Files\Services en ligne
    2007-12-23 09:49 . 2004-08-20 00:09 77,312 --a------ D:\WINDOWS\system32\usbui.dll
    2007-12-23 09:49 . 2004-08-19 23:54 58,496 --a------ D:\WINDOWS\system32\drivers\redbook.sys
    2007-12-23 09:49 . 2001-08-17 21:46 6,400 --a------ D:\WINDOWS\system32\drivers\enum1394.sys
    2007-12-23 09:49 . 2001-08-17 21:59 3,072 --a------ D:\WINDOWS\system32\drivers\audstub.sys
    2007-12-23 09:49 . 2008-01-09 13:04 1,355 --a------ D:\WINDOWS\imsins.BAK
    2007-12-23 09:48 . 2007-12-23 09:48 <REP> d-------- D:\Program Files\Fichiers communs\SpeechEngines

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-19 10:07 --------- d--h--w D:\Program Files\InstallShield Installation Information
    2007-12-30 12:48 --------- d-----w D:\Program Files\Fichiers communs\Symantec Shared
    2007-12-23 10:59 --------- d-----w D:\Program Files\Microsoft Works
    2007-12-23 09:57 --------- d-----w D:\Program Files\Microsoft.NET
    2007-12-23 09:39 --------- d-----w D:\Program Files\Norton AntiVirus
    2007-12-23 09:37 805 ----a-w D:\WINDOWS\system32\drivers\SYMEVENT.INF
    2007-12-23 09:37 123,952 ----a-w D:\WINDOWS\system32\drivers\SYMEVENT.SYS
    2007-12-23 09:37 10,740 ----a-w D:\WINDOWS\system32\drivers\SYMEVENT.CAT
    2007-12-23 09:37 --------- d-----w D:\Program Files\Symantec
    2007-12-23 09:37 --------- d-----w D:\Documents and Settings\All Users\Application Data\Symantec
    2007-12-23 09:26 --------- d-----w D:\Program Files\ASUS
    2007-12-23 09:25 --------- d-----w D:\Program Files\Fichiers communs\InstallShield
    2007-12-23 09:12 --------- d-----w D:\Program Files\Analog Devices
    2007-12-23 09:10 21,035 ----a-w D:\WINDOWS\system32\drivers\AegisP.sys
    2007-12-23 09:10 --------- d-----w D:\Program Files\NVIDIA Corporation
    2007-12-23 09:01 558,142 ----a-w D:\WINDOWS\java\Packages\A53BJT3T.ZIP
    2007-12-23 09:01 155,995 ----a-w D:\WINDOWS\java\Packages\D7XVJ3NB.ZIP
    2007-12-23 09:01 --------- d-----w D:\Program Files\microsoft frontpage
    2007-12-23 09:00 --------- d-----w D:\Program Files\Fichiers communs\MSSoap
    2007-12-05 00:41 7,435,392 ----a-w D:\WINDOWS\system32\drivers\nv4_mini.sys
    2007-11-30 22:57 43,696 ----a-w D:\WINDOWS\system32\drivers\srtspx.sys
    2007-11-30 22:57 317,616 ----a-w D:\WINDOWS\system32\drivers\srtspl.sys
    2007-11-30 22:57 279,088 ----a-w D:\WINDOWS\system32\drivers\srtsp.sys
    2007-11-30 22:57 10,549 ----a-w D:\WINDOWS\system32\drivers\srtspx.cat
    2007-11-30 22:57 10,549 ----a-w D:\WINDOWS\system32\drivers\srtspl.cat
    2007-11-30 22:57 10,545 ----a-w D:\WINDOWS\system32\drivers\srtsp.cat
    2007-11-30 22:57 1,430 ----a-w D:\WINDOWS\system32\drivers\srtspl.inf
    2007-11-30 22:57 1,421 ----a-w D:\WINDOWS\system32\drivers\srtspx.inf
    2007-11-30 22:57 1,415 ----a-w D:\WINDOWS\system32\drivers\srtsp.inf
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="D:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
    "ctfmon.exe"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMAXPnP"="D:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 14:34 868352]
    "SoundMAX"="D:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-07-13 07:12 729088]
    "NvCplDaemon"="D:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
    "nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 D:\WINDOWS\system32\nwiz.exe]
    "ccApp"="D:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2007-01-09 22:59 115816]
    "osCheck"="D:\Program Files\Norton AntiVirus\osCheck.exe" [2007-01-14 00:11 771704]
    "Symantec PIF AlertEng"="D:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 10:22 517768]
    "MULTIMEDIA KEYBOARD"="D:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe" [2002-07-23 01:55 167936]
    "NvMediaCenter"="D:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="D:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "bxsnvqt"= {4175145D-5837-4A10-93CE-36E1EA84602B} - D:\WINDOWS\bxsnvqt.dll [2008-01-18 20:08 323584]
    "aslpmqk"= {7F719827-36C1-4557-8BCA-7AE93D79D5C8} - D:\WINDOWS\aslpmqk.dll [2008-01-18 20:08 217088]

    [HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^ASUS WiFi-AP Solo.lnk]
    path=D:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\ASUS WiFi-AP Solo.lnk
    backup=D:\WINDOWS\pss\ASUS WiFi-AP Solo.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    --a------ 2007-10-10 19:51 39792 D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

    R1 msikbd2k;Multimedia Keyboard Filter Driver;D:\WINDOWS\system32\DRIVERS\msikbd2k.sys [2001-12-20 09:02]
    R2 nhksrv;Netropa NHK Server;D:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe [2001-08-06 06:41]
    R2 Planificateur LiveUpdate automatique;Planificateur LiveUpdate automatique;"D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2007-09-26 10:56]
    S1 AmdPPM;Pilote de processeur AMD HwPState;D:\WINDOWS\system32\DRIVERS\AmdPPM.sys [2007-04-16 21:46]
    S3 hamachi_oem;PlayLinc Adapter;D:\WINDOWS\system32\DRIVERS\gan_adapter.sys [2006-08-28 23:54]
    S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;D:\WINDOWS\system32\DRIVERS\RTL8187.sys [2006-06-16 23:30]

    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2008-01-19 10:09:48 D:\WINDOWS\Tasks\Norton AntiVirus - Analyse système complète - Ptibou.job"
    0
  7. g!rly Messages postés 18462 Statut Contributeur 407
     
    puis je voir un nouveau hijack this stp
    0
  8. Ptibou
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:30, on 2008-01-19
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    D:\WINDOWS\Explorer.EXE
    D:\WINDOWS\system32\spoolsv.exe
    D:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
    D:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
    D:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
    D:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    D:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    D:\Program Files\Analog Devices\Core\smax4pnp.exe
    D:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    D:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
    D:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
    D:\WINDOWS\system32\RUNDLL32.EXE
    D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    D:\WINDOWS\system32\ctfmon.exe
    D:\Program Files\Micro Application\Dictionnaires Multilingues\TrueTerm.exe
    D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
    D:\WINDOWS\system32\nvsvc32.exe
    D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    D:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
    D:\Program Files\Netropa\Onscreen Display\OSD.exe
    D:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    D:\WINDOWS\System32\svchost.exe
    D:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
    D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
    D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
    D:\Program Files\Internet Explorer\IEXPLORE.EXE
    D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [SoundMAXPnP] D:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [SoundMAX] "D:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [osCheck] "D:\Program Files\Norton AntiVirus\osCheck.exe"
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "D:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "D:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] D:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Activer Dictionnaires Multilingues.lnk = ?
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
    O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - https://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O21 - SSODL: bxsnvqt - {4175145D-5837-4A10-93CE-36E1EA84602B} - D:\WINDOWS\bxsnvqt.dll
    O21 - SSODL: aslpmqk - {7F719827-36C1-4557-8BCA-7AE93D79D5C8} - D:\WINDOWS\aslpmqk.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - D:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
    O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
    O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - D:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - D:\Program Files\Norton AntiVirus\isPwdSvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - D:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - D:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - D:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - D:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
    O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
    O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    O23 - Service: Symantec Core LC - Unknown owner - D:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - D:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
    0
  9. g!rly Messages postés 18462 Statut Contributeur 407
     
    re,

    Copie le texte ci-dessous :

    File::
    D:\WINDOWS\bxsnvqt.dll
    D:\WINDOWS\aslpmqk.dll
    Folder::

    Registry::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "bxsnvqt"=-
    "aslpmqk"=-

    Ouvre le Bloc-Notes puis colle le texte copié.
    (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

    http://serveur1.archive-host.com/membres/up/1366464061/CFScript.gif

    Cela va relancer Combofix,

    Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

    Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

    Ne touche à rien tant que le scan n'est pas terminé.

    Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

    S'il n'y a pas de rédémarrage, poste quand même les rapports.
    0
  10. Ptibou
     
    ComboFix 08-01-18.5 - Ptibou 2008-01-19 15:24:11.2 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.547 [GMT 1:00]
    Running from: D:\Documents and Settings\Ptibou\Bureau\ComboFix.exe
    Command switches used :: C:\Mes documents\CFScript.txt
    * Created a new restore point

    [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]

    FILE
    D:\WINDOWS\aslpmqk.dll
    D:\WINDOWS\bxsnvqt.dll
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    D:\WINDOWS\aslpmqk.dll
    D:\WINDOWS\bxsnvqt.dll
    .
    ---- Previous Run -------
    .
    D:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
    D:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
    D:\WINDOWS\dat.txt
    D:\WINDOWS\dopfwrlvtq.dll
    D:\WINDOWS\egodktf.dll
    D:\WINDOWS\search_res.txt

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2007-12-19 to 2008-01-19 ))))))))))))))))))))))))))))))))))))
    .

    2008-01-19 14:08 . 2000-08-31 08:00 51,200 --a------ D:\WINDOWS\NirCmd.exe
    2008-01-19 13:50 . 2008-01-19 13:50 <REP> d-------- D:\Program Files\Trend Micro
    2008-01-19 13:45 . 2008-01-19 13:48 <REP> d-------- D:\Program Files\Navilog1
    2008-01-19 12:26 . 2008-01-19 12:26 <REP> d-------- D:\Program Files\Lavasoft
    2008-01-19 12:26 . 2008-01-19 12:26 <REP> d-------- D:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-01-19 12:26 . 2008-01-19 12:28 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-01-19 12:18 . 2008-01-19 12:20 <REP> d-a------ D:\Documents and Settings\All Users\Application Data\TEMP
    2008-01-18 22:41 . 2008-01-18 20:08 81,920 --a------ D:\WINDOWS\fknxwqf.exe
    2008-01-17 18:16 . 2008-01-17 18:16 <REP> d-------- D:\Program Files\Micro Application
    2008-01-17 18:16 . 1998-09-24 13:03 171,967 --a------ D:\WINDOWS\system32\Odbcjet.hlp
    2008-01-17 18:16 . 1998-09-24 13:03 7,348 --a------ D:\WINDOWS\system32\Odbcjet.cnt
    2008-01-17 18:15 . 2008-01-17 18:15 40 --a------ D:\WINDOWS\navigma.INI
    2008-01-12 21:36 . 2008-01-12 21:36 <REP> d-------- D:\Documents and Settings\Ptibou\Application Data\InstallShield Installation Information
    2008-01-12 21:28 . 2008-01-12 21:28 <REP> d-------- D:\Program Files\DIFX
    2008-01-12 21:28 . 2006-07-01 22:42 43,520 --a------ D:\WINDOWS\system32\drivers\AmdK8.sys
    2008-01-12 20:35 . 2008-01-19 12:03 <REP> d-------- D:\Program Files\DAEMON Tools
    2008-01-12 12:08 . 2008-01-12 12:08 <REP> d-------- D:\Program Files\Guitar Pro 5
    2008-01-09 20:20 . 2008-01-09 20:20 <REP> d-------- D:\Program Files\K-Lite Codec Pack
    2008-01-09 20:20 . 2006-11-01 14:52 765,952 --a------ D:\WINDOWS\system32\xvidcore.dll
    2008-01-08 17:47 . 2008-01-08 17:47 <REP> d-------- D:\Program Files\Microsoft Silverlight
    2008-01-05 11:47 . 2008-01-05 11:48 34,519 --a------ D:\WINDOWS\Ascd_tmp.ini
    2008-01-05 11:40 . 2008-01-05 11:40 <REP> d-------- D:\Program Files\ASUS WiFi-AP Solo
    2008-01-05 11:40 . 2006-03-31 04:39 13,532 --a------ D:\WINDOWS\system32\drivers\SjyPkt.sys
    2008-01-05 11:07 . 2008-01-05 11:07 <REP> d-------- D:\Program Files\SystemRequirementsLab
    2008-01-03 21:11 . 2008-01-03 21:11 <REP> d-------- D:\Documents and Settings\Ptibou\Application Data\InstallShield
    2008-01-03 20:40 . 2008-01-03 20:40 1 --a------ D:\Documents and Settings\Ptibou\SI.bin
    2008-01-03 19:21 . 2008-01-03 19:21 98,304 --a------ D:\WINDOWS\system32CmdLineExt.dll
    2007-12-30 22:21 . 2007-12-30 22:21 <REP> d-------- D:\Program Files\Traction Software
    2007-12-30 13:48 . 2007-12-30 13:48 <REP> d-------- D:\Program Files\Alcohol Soft
    2007-12-30 13:45 . 2007-12-30 13:45 639,224 --a------ D:\WINDOWS\system32\drivers\sptd.sys
    2007-12-29 23:02 . 2006-03-23 19:53 442,368 --a------ D:\WINDOWS\system32\CapabilityTable.exe
    2007-12-29 18:55 . 2007-12-29 19:27 <REP> d-------- D:\Documents and Settings\All Users\Application Data\NFS Underground
    2007-12-29 15:58 . 2007-12-29 15:58 <REP> d-------- D:\Program Files\MSXML 4.0
    2007-12-25 14:50 . 2007-12-25 14:50 <REP> d-------- D:\Documents and Settings\Ptibou\Application Data\Samsung
    2007-12-25 14:48 . 2004-08-04 07:08 26,496 --a--c--- D:\WINDOWS\system32\dllcache\usbstor.sys
    2007-12-25 14:38 . 2007-12-25 14:38 <REP> d-------- D:\Program Files\Samsung
    2007-12-25 14:38 . 2005-08-13 05:06 22,486 -ra------ D:\WINDOWS\system32\UnInstall_Driver.ico
    2007-12-24 09:57 . 2007-07-30 19:19 271,224 --a------ D:\WINDOWS\system32\mucltui.dll
    2007-12-24 09:57 . 2007-07-30 19:18 30,072 --a------ D:\WINDOWS\system32\mucltui.dll.mui
    2007-12-23 19:17 . 2007-12-23 19:18 <REP> d-------- D:\Program Files\Fichiers communs\Adobe
    2007-12-23 16:24 . 2007-12-23 16:24 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Ubisoft
    2007-12-23 15:52 . 2007-12-23 15:52 <REP> d-------- D:\Program Files\Fichiers communs\DirectX
    2007-12-23 13:47 . 2007-12-23 13:47 <REP> d-------- D:\Program Files\MSXML 6.0
    2007-12-23 12:29 . 2007-12-23 12:29 <REP> d-------- D:\Program Files\MSBuild
    2007-12-23 12:28 . 2007-12-23 14:14 <REP> d-------- D:\WINDOWS\system32\XPSViewer
    2007-12-23 12:27 . 2007-12-23 12:27 <REP> d-------- D:\Program Files\Reference Assemblies
    2007-12-23 12:27 . 2006-06-29 13:07 14,048 --------- D:\WINDOWS\system32\spmsg2.dll
    2007-12-23 12:26 . 2007-12-23 12:26 <REP> d-------- D:\Program Files\Windows Media Connect 2
    2007-12-23 12:26 . 2006-10-04 15:06 1,197,294 -----c--- D:\WINDOWS\system32\dllcache\sysmain.sdb
    2007-12-23 12:26 . 2006-10-04 15:06 764,868 -----c--- D:\WINDOWS\system32\dllcache\apph_sp.sdb
    2007-12-23 12:26 . 2006-10-04 15:06 217,118 -----c--- D:\WINDOWS\system32\dllcache\apphelp.sdb
    2007-12-23 12:25 . 2007-12-23 12:25 <REP> d-------- D:\WINDOWS\system32\LogFiles
    2007-12-23 12:25 . 2007-12-23 12:26 <REP> d-------- D:\WINDOWS\system32\drivers\UMDF
    2007-12-23 12:21 . 2007-12-23 12:21 <REP> d-------- D:\WINDOWS\system32\URTTemp
    2007-12-23 12:11 . 2008-01-06 11:52 <REP> d-------- D:\WINDOWS\VdCap03C
    2007-12-23 12:11 . 2007-12-23 12:11 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Messenger Plus!
    2007-12-23 12:11 . 2004-08-20 00:10 91,648 --a------ D:\WINDOWS\kswdmcap.ax
    2007-12-23 12:11 . 2004-08-20 00:10 61,952 --a------ D:\WINDOWS\kstvtune.ax
    2007-12-23 12:11 . 2004-08-20 00:09 54,784 --a------ D:\WINDOWS\vfwwdm32.dll
    2007-12-23 12:11 . 2004-08-20 00:10 43,008 --a------ D:\WINDOWS\ksxbar.ax
    2007-12-23 12:11 . 2004-08-20 00:10 28,672 --a------ D:\WINDOWS\vidcap.ax
    2007-12-23 12:05 . 2007-12-23 12:30 <REP> d-------- D:\WINDOWS\system32\fr-fr
    2007-12-23 12:03 . 2007-08-13 18:54 33,792 --a--c--- D:\WINDOWS\system32\dllcache\custsat.dll
    2007-12-23 11:56 . 2007-12-23 11:56 <REP> d-------- D:\Program Files\uTorrent
    2007-12-23 11:56 . 2007-12-23 11:56 <REP> d-------- D:\Program Files\Microsoft CAPICOM 2.1.0.2
    2007-12-23 11:56 . 2008-01-18 23:10 <REP> d-------- D:\Documents and Settings\Ptibou\Application Data\uTorrent
    2007-12-23 11:49 . 2007-07-09 14:11 584,192 -----c--- D:\WINDOWS\system32\dllcache\rpcrt4.dll
    2007-12-23 11:48 . 2003-12-08 17:08 36,864 --------- D:\WINDOWS\CleanTrb.exe
    2007-12-23 11:47 . 2007-12-23 11:47 <REP> d-------- D:\Program Files\Netropa
    2007-12-23 11:47 . 2002-07-11 07:47 98,304 --a------ D:\WINDOWS\system32\msikbd.dll
    2007-12-23 11:47 . 2000-06-08 02:09 28,672 --------- D:\WINDOWS\system32\msiosd32.dll
    2007-12-23 11:47 . 2001-12-20 09:02 6,656 --------- D:\WINDOWS\system32\drivers\Msikbd2k.sys
    2007-12-23 11:47 . 2008-01-19 15:25 245 --a------ D:\WINDOWS\Msiosd.ini
    2007-12-23 11:47 . 2007-12-23 11:47 0 --a------ D:\WINDOWS\WININIT.INI
    2007-12-23 11:44 . 2007-12-23 11:44 <REP> d-------- D:\Program Files\Messenger Plus! Live
    2007-12-23 11:43 . 2008-01-19 10:58 <REP> d----c--- D:\WINDOWS\system32\DRVSTORE
    2007-12-23 11:43 . 2008-01-06 10:58 <REP> d-------- D:\Documents and Settings\Ptibou\Contacts
    2007-12-23 11:39 . 2007-12-23 11:43 <REP> d-------- D:\Program Files\Windows Live
    2007-12-23 11:39 . 2007-12-23 11:42 <REP> d--hsc--- D:\Program Files\Fichiers communs\WindowsLiveInstaller
    2007-12-23 11:39 . 2007-12-23 11:39 <REP> d-------- D:\Documents and Settings\All Users\Application Data\WLInstaller
    2007-12-23 11:38 . 2007-12-23 11:38 <REP> d-------- D:\Documents and Settings\LocalService\Menu Démarrer
    2007-12-23 11:26 . 2007-12-23 12:22 316,640 --a------ D:\WINDOWS\WMSysPr9.prx
    2007-12-23 11:25 . 2007-12-23 11:25 <REP> d-------- D:\WINDOWS\provisioning
    2007-12-23 11:25 . 2007-12-23 11:25 <REP> d-------- D:\WINDOWS\peernet
    2007-12-23 11:24 . 2007-12-23 11:24 <REP> d-------- D:\WINDOWS\ServicePackFiles
    2007-12-23 11:21 . 2007-12-23 11:21 <REP> d-------- D:\WINDOWS\EHome
    2007-12-23 11:19 . 2002-04-15 21:11 67,866 --------- D:\WINDOWS\system32\drivers\netwlan5.img
    2007-12-23 11:19 . 2004-08-19 16:10 11,776 --------- D:\WINDOWS\system32\spnpinst.exe
    2007-12-23 11:19 . 2004-08-02 14:20 7,208 --------- D:\WINDOWS\system32\secupd.sig
    2007-12-23 11:19 . 2004-08-02 14:20 4,569 --------- D:\WINDOWS\system32\secupd.dat
    2007-12-23 09:59 . 2007-12-23 09:59 <REP> d-------- D:\WINDOWS\system32\MsDtc
    2007-12-23 09:59 . 2007-12-23 09:59 <REP> d-------- D:\Program Files\Services en ligne
    2007-12-23 09:49 . 2004-08-20 00:09 77,312 --a------ D:\WINDOWS\system32\usbui.dll
    2007-12-23 09:49 . 2004-08-19 23:54 58,496 --a------ D:\WINDOWS\system32\drivers\redbook.sys
    2007-12-23 09:49 . 2001-08-17 21:46 6,400 --a------ D:\WINDOWS\system32\drivers\enum1394.sys
    2007-12-23 09:49 . 2001-08-17 21:59 3,072 --a------ D:\WINDOWS\system32\drivers\audstub.sys
    2007-12-23 09:49 . 2008-01-09 13:04 1,355 --a------ D:\WINDOWS\imsins.BAK
    2007-12-23 09:48 . 2007-12-23 09:48 <REP> d-------- D:\Program Files\Fichiers communs\SpeechEngines
    2007-12-23 09:48 . 2007-12-23 09:48 <REP> d-------- D:\Program Files\Fichiers communs\ODBC
    2007-12-23 09:48 . 2007-12-23 09:48 <REP> d--h----- D:\Documents and Settings\Default User\Voisinage réseau

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-19 10:07 --------- d--h--w D:\Program Files\InstallShield Installation Information
    2007-12-30 12:48 --------- d-----w D:\Program Files\Fichiers communs\Symantec Shared
    2007-12-23 10:59 --------- d-----w D:\Program Files\Microsoft Works
    2007-12-23 09:57 --------- d-----w D:\Program Files\Microsoft.NET
    2007-12-23 09:39 --------- d-----w D:\Program Files\Norton AntiVirus
    2007-12-23 09:37 805 ----a-w D:\WINDOWS\system32\drivers\SYMEVENT.INF
    2007-12-23 09:37 60,800 ----a-w D:\WINDOWS\system32\S32EVNT1.DLL
    2007-12-23 09:37 123,952 ----a-w D:\WINDOWS\system32\drivers\SYMEVENT.SYS
    2007-12-23 09:37 10,740 ----a-w D:\WINDOWS\system32\drivers\SYMEVENT.CAT
    2007-12-23 09:37 --------- d-----w D:\Program Files\Symantec
    2007-12-23 09:37 --------- d-----w D:\Documents and Settings\All Users\Application Data\Symantec
    2007-12-23 09:26 --------- d-----w D:\Program Files\ASUS
    2007-12-23 09:25 --------- d-----w D:\Program Files\Fichiers communs\InstallShield
    2007-12-23 09:12 --------- d-----w D:\Program Files\Analog Devices
    2007-12-23 09:10 21,035 ----a-w D:\WINDOWS\system32\drivers\AegisP.sys
    2007-12-23 09:10 --------- d-----w D:\Program Files\NVIDIA Corporation
    2007-12-23 09:01 558,142 ----a-w D:\WINDOWS\java\Packages\A53BJT3T.ZIP
    2007-12-23 09:01 155,995 ----a-w D:\WINDOWS\java\Packages\D7XVJ3NB.ZIP
    2007-12-23 09:01 --------- d-----w D:\Program Files\microsoft frontpage
    2007-12-23 09:00 --------- d-----w D:\Program Files\Fichiers communs\MSSoap
    2007-12-14 10:32 12,632 ----a-w D:\WINDOWS\system32\lsdelete.exe
    2007-12-05 01:53 356,352 ----a-w D:\WINDOWS\system32\NVUNINST.EXE
    2007-12-05 00:41 81,920 ----a-w D:\WINDOWS\system32\nvwddi.dll
    2007-12-05 00:41 81,920 ----a-w D:\WINDOWS\system32\nvmctray.dll
    2007-12-05 00:41 8,523,776 ----a-w D:\WINDOWS\system32\nvcpl.dll
    2007-12-05 00:41 753,664 ----a-w D:\WINDOWS\system32\nvcplui.exe
    2007-12-05 00:41 7,435,392 ----a-w D:\WINDOWS\system32\drivers\nv4_mini.sys
    2007-12-05 00:41 6,901,760 ----a-w D:\WINDOWS\system32\nvoglnt.dll
    2007-12-05 00:41 6,549,504 ----a-w D:\WINDOWS\system32\nvdisps.dll
    2007-12-05 00:41 5,773,568 ----a-w D:\WINDOWS\system32\nv4_disp.dll
    2007-12-05 00:41 466,944 ----a-w D:\WINDOWS\system32\nvshell.dll
    2007-12-05 00:41 45,056 ----a-w D:\WINDOWS\system32\nvmccsrs.dll
    2007-12-05 00:41 442,368 ----a-w D:\WINDOWS\system32\nvappbar.exe
    2007-12-05 00:41 425,984 ----a-w D:\WINDOWS\system32\keystone.exe
    2007-12-05 00:41 385,024 ----a-w D:\WINDOWS\system32\nvapi.dll
    2007-12-05 00:41 356,352 ----a-w D:\WINDOWS\system32\nvudisp.exe
    2007-12-05 00:41 35,328 ----a-w D:\WINDOWS\system32\nvcodins.dll
    2007-12-05 00:41 35,328 ----a-w D:\WINDOWS\system32\nvcod.dll
    2007-12-05 00:41 307,200 ----a-w D:\WINDOWS\system32\nvexpbar.dll
    2007-12-05 00:41 3,710,976 ----a-w D:\WINDOWS\system32\nvvitvs.dll
    2007-12-05 00:41 3,420,160 ----a-w D:\WINDOWS\system32\nvgames.dll
    2007-12-05 00:41 286,720 ----a-w D:\WINDOWS\system32\nvnt4cpl.dll
    2007-12-05 00:41 229,376 ----a-w D:\WINDOWS\system32\nvmccs.dll
    2007-12-05 00:41 2,498,560 ----a-w D:\WINDOWS\system32\nvwss.dll
    2007-12-05 00:41 188,416 ----a-w D:\WINDOWS\system32\nvmccss.dll
    2007-12-05 00:41 155,716 ----a-w D:\WINDOWS\system32\nvsvc32.exe
    2007-12-05 00:41 147,456 ----a-w D:\WINDOWS\system32\nvcolor.exe
    2007-12-05 00:41 1,703,936 ----a-w D:\WINDOWS\system32\nvwdmcpl.dll
    2007-12-05 00:41 1,626,112 ----a-w D:\WINDOWS\system32\nwiz.exe
    2007-12-05 00:41 1,474,560 ----a-w D:\WINDOWS\system32\nview.dll
    2007-12-05 00:41 1,339,392 ----a-w D:\WINDOWS\system32\nvdspsch.exe
    2007-12-05 00:41 1,228,800 ----a-w D:\WINDOWS\system32\nvmobls.dll
    2007-12-05 00:41 1,089,536 ----a-w D:\WINDOWS\system32\nvcuda.dll
    2007-12-05 00:41 1,019,904 ----a-w D:\WINDOWS\system32\nvwimg.dll
    2007-11-30 22:57 43,696 ----a-w D:\WINDOWS\system32\drivers\srtspx.sys
    2007-11-30 22:57 317,616 ----a-w D:\WINDOWS\system32\drivers\srtspl.sys
    2007-11-30 22:57 279,088 ----a-w D:\WINDOWS\system32\drivers\srtsp.sys
    2007-11-30 22:57 10,549 ----a-w D:\WINDOWS\system32\drivers\srtspx.cat
    2007-11-30 22:57 10,549 ----a-w D:\WINDOWS\system32\drivers\srtspl.cat
    2007-11-30 22:57 10,545 ----a-w D:\WINDOWS\system32\drivers\srtsp.cat
    2007-11-30 22:57 1,430 ----a-w D:\WINDOWS\system32\drivers\srtspl.inf
    2007-11-30 22:57 1,421 ----a-w D:\WINDOWS\system32\drivers\srtspx.inf
    2007-11-30 22:57 1,415 ----a-w D:\WINDOWS\system32\drivers\srtsp.inf
    2007-11-07 09:28 728,576 ----a-w D:\WINDOWS\system32\lsasrv.dll
    2007-10-30 18:55 625,032 ----a-w D:\WINDOWS\system32\SymNeti.dll
    2007-10-30 18:55 242,056 ----a-w D:\WINDOWS\system32\SymRedir.dll
    2007-10-29 22:43 1,293,824 ----a-w D:\WINDOWS\system32\quartz.dll
    2007-10-25 08:28 222,720 ----a-w D:\WINDOWS\system32\wmasf.dll
    2007-10-24 00:47 96,760 ----a-w D:\WINDOWS\system32\dfshim.dll
    2007-10-24 00:47 84,480 ----a-w D:\WINDOWS\system32\mscories.dll
    2007-10-24 00:47 282,112 ----a-w D:\WINDOWS\system32\mscoree.dll
    2007-10-24 00:47 158,720 ----a-w D:\WINDOWS\system32\mscorier.dll
    2007-10-22 02:39 267,272 ----a-w D:\WINDOWS\system32\xactengine2_10.dll
    2007-10-22 02:37 17,928 ----a-w D:\WINDOWS\system32\X3DAudio1_2.dll
    .

    ((((((((((((((((((((((((((((( snapshot@2008-01-19_14.13.15.37 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-01-19 13:08:43 229,376 ----a-w D:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000001\NTUSER.DAT
    + 2008-01-19 14:24:09 229,376 ----a-w D:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000001\NTUSER.DAT
    - 2008-01-19 13:08:43 8,192 ----a-w D:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000002\UsrClass.dat
    + 2008-01-19 14:24:09 8,192 ----a-w D:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000002\UsrClass.dat
    - 2008-01-19 13:08:43 229,376 ----a-w D:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000003\NTUSER.DAT
    + 2008-01-19 14:24:09 229,376 ----a-w D:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000003\NTUSER.DAT
    - 2008-01-19 13:08:43 8,192 ----a-w D:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000004\UsrClass.dat
    + 2008-01-19 14:24:09 8,192 ----a-w D:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000004\UsrClass.dat
    - 2008-01-19 13:08:43 4,734,976 ----a-w D:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000005\NTUSER.DAT
    + 2008-01-19 14:24:09 4,734,976 ----a-w D:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000005\NTUSER.DAT
    - 2008-01-19 13:08:43 24,576 ----a-w D:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000006\UsrClass.dat
    + 2008-01-19 14:24:09 24,576 ----a-w D:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000006\UsrClass.dat
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="D:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
    "ctfmon.exe"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMAXPnP"="D:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 14:34 868352]
    "SoundMAX"="D:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-07-13 07:12 729088]
    "NvCplDaemon"="D:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
    "nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 D:\WINDOWS\system32\nwiz.exe]
    "ccApp"="D:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2007-01-09 22:59 115816]
    "osCheck"="D:\Program Files\Norton AntiVirus\osCheck.exe" [2007-01-14 00:11 771704]
    "Symantec PIF AlertEng"="D:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 10:22 517768]
    "MULTIMEDIA KEYBOARD"="D:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe" [2002-07-23 01:55 167936]
    "NvMediaCenter"="D:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="D:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09 15360]

    [HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^ASUS WiFi-AP Solo.lnk]
    path=D:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\ASUS WiFi-AP Solo.lnk
    backup=D:\WINDOWS\pss\ASUS WiFi-AP Solo.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    --a------ 2007-10-10 19:51 39792 D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

    R1 msikbd2k;Multimedia Keyboard Filter Driver;D:\WINDOWS\system32\DRIVERS\msikbd2k.sys [2001-12-20 09:02]
    R2 nhksrv;Netropa NHK Server;D:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe [2001-08-06 06:41]
    R2 Planificateur LiveUpdate automatique;Planificateur LiveUpdate automatique;"D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2007-09-26 10:56]
    S1 AmdPPM;Pilote de processeur AMD HwPState;D:\WINDOWS\system32\DRIVERS\AmdPPM.sys [2007-04-16 21:46]
    S3 hamachi_oem;PlayLinc Adapter;D:\WINDOWS\system32\DRIVERS\gan_adapter.sys [2006-08-28 23:54]
    S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;D:\WINDOWS\system32\DRIVERS\RTL8187.sys [2006-06-16 23:30]

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-01-19 10:09:48 D:\WINDOWS\Tasks\Norton AntiVirus - Analyse système complète - Ptibou.job"
    - D:\Program Files\Norton AntiVirus\Navw32.exeh/TASK:
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-19 15:25:06
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2008-01-19 15:25:24
    ComboFix-quarantined-files.txt 2008-01-19 14:25:22
    .
    2008-01-09 12:05:42 --- E O F ---
    0
  11. Ptibou
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:27:10, on 19/01/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
    D:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
    D:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
    D:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    D:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    D:\Program Files\Analog Devices\Core\smax4pnp.exe
    D:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    D:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
    D:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
    D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    D:\WINDOWS\system32\ctfmon.exe
    D:\Program Files\Micro Application\Dictionnaires Multilingues\TrueTerm.exe
    D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
    D:\WINDOWS\system32\nvsvc32.exe
    D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    D:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
    D:\Program Files\Netropa\Onscreen Display\OSD.exe
    D:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    D:\WINDOWS\System32\svchost.exe
    D:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
    D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
    D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
    D:\Program Files\Internet Explorer\IEXPLORE.EXE
    D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    D:\Program Files\Windows Media Player\wmplayer.exe
    D:\WINDOWS\explorer.exe
    D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [SoundMAXPnP] D:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [SoundMAX] "D:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [osCheck] "D:\Program Files\Norton AntiVirus\osCheck.exe"
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "D:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "D:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] D:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Activer Dictionnaires Multilingues.lnk = ?
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
    O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - https://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - D:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
    O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
    O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - D:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - D:\Program Files\Norton AntiVirus\isPwdSvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - D:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - D:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - D:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - D:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
    O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
    O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    O23 - Service: Symantec Core LC - Unknown owner - D:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - D:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
    0
  12. g!rly Messages postés 18462 Statut Contributeur 407
     
    re,

    comment va ton pc?
    0
  13. Ptibou
     
    Ben pour le moment tout va pour lem ieux, je n'ai plus la moindre trace de ce virus, il est finalement supprimé ???
    Merci beaucoup de cette aide pour le moins rapide et efficace, peux tu m'espliquer ce que j'avais au juste, et en quoi ça consiste ce virus ?
    0
  14. g!rly Messages postés 18462 Statut Contributeur 407
     
    re,

    cool ;-)

    ton infection :

    SXG Advisor
    bxsnvqt
    SSODL

    ca se resume a une attaque par un downlowder...

    @+
    0
  15. Bryan
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:11:30, on 19/01/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\ltmoh\Ltmoh.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
    C:\WINDOWS\system32\TPSMain.exe
    C:\Program Files\Synaptics\SynTP\Toshiba.exe
    C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
    C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\WINDOWS\system32\TDispVol.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\WINDOWS\system32\TPSBattM.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\DVDRAMSV.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\Program Files\Fichiers communs\ReparateurDeSysteme\strpmon.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\System32\alg.exe
    C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    C:\Program Files\Ares\Ares.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\WINDOWS\system32\RAMASST.exe
    C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
    C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
    C:\Program Files\Fichiers communs\Logitech\KhalShared\KHALMNPR.EXE
    C:\Program Files\Wanadoo\GestionnaireInternet.exe
    C:\Program Files\Wanadoo\ComComp.exe
    C:\PROGRA~1\Wanadoo\Toaster.exe
    C:\PROGRA~1\Wanadoo\Inactivity.exe
    C:\PROGRA~1\Wanadoo\PollingModule.exe
    C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
    C:\Program Files\Wanadoo\Watch.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SXG Advisor - {22E4849D-E499-4701-BB1C-8E8ABAB2EE21} - C:\WINDOWS\dopfwrlqox.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O3 - Toolbar: The egodktf - {00E1F032-D6AD-40E3-8AAF-ED8CAE5EC678} - C:\WINDOWS\egodktf.dll
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
    O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
    O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
    O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
    O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
    O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
    O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Fichiers communs\ReparateurDeSysteme\strpmon.exe" dm=http://reparateurdesysteme.com ad=http://reparateurdesysteme.com sd=http://repay.reparateurdesysteme.com
    O4 - HKLM\..\Run: [NI.UGA6PV_0001_N122M2910] "C:\documents and settings\quercy\application data\install_fr[1].exe"
    O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
    O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
    O4 - Global Startup: Gestionnaire de lancement d'application fax.lnk = C:\Program Files\Alliance MCA\Internet Fax\faxtray.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
    O17 - HKLM\System\CCS\Services\Tcpip\..\{16ACF693-1247-4E31-8905-A85B70011AF0}: NameServer = 85.255.115.61,85.255.112.113
    O17 - HKLM\System\CCS\Services\Tcpip\..\{26765932-88D5-4731-8410-ADBCDA4234DA}: NameServer = 85.255.115.61,85.255.112.113
    O17 - HKLM\System\CCS\Services\Tcpip\..\{59223CF0-CEB6-4620-96FD-7200E8A80819}: NameServer = 85.255.115.61,85.255.112.113
    O17 - HKLM\System\CCS\Services\Tcpip\..\{710ACE7D-7610-4C2C-A87F-19439CC2984C}: NameServer = 85.255.115.61,85.255.112.113
    O17 - HKLM\System\CCS\Services\Tcpip\..\{7E118346-8043-4E41-8188-A14CE43D4E2A}: NameServer = 85.255.115.61,85.255.112.113
    O17 - HKLM\System\CCS\Services\Tcpip\..\{90D29B13-03CB-4D38-86D8-C660367F131E}: NameServer = 85.255.115.61,85.255.112.113
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.61 85.255.112.113
    O17 - HKLM\System\CS1\Services\Tcpip\..\{16ACF693-1247-4E31-8905-A85B70011AF0}: NameServer = 85.255.115.61,85.255.112.113
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.61 85.255.112.113
    O17 - HKLM\System\CS2\Services\Tcpip\..\{16ACF693-1247-4E31-8905-A85B70011AF0}: NameServer = 85.255.115.61,85.255.112.113
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.61 85.255.112.113
    O21 - SSODL: bxsnvqt - {64ED66B0-441C-4957-A78B-F821CF409B3C} - C:\WINDOWS\bxsnvqt.dll (file missing)
    O21 - SSODL: aslpmqk - {1F4000FA-48A7-4D41-A781-08EFBD5A5EC6} - C:\WINDOWS\aslpmqk.dll
    O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
    O23 - Service: TOSHIBA Bluetooth Service - Unknown owner - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (file missing)
    0
  16. g!rly Messages postés 18462 Statut Contributeur 407
     
    Bonjour,

    Il serait préférable que tu fasses ton message personnel, cela rendra les postes plus compréhensibles et la réponse à ton problème sera plus efficace
    Procèdes comme ceci :
    http://pageperso.aol.fr/balltrap34/demofairesontmessage.htm

    A bientôt ''
    0