Se connecter / S'enregistrer
Votre question

Y a t'il des choses à éradiquer ?

Tags :
  • Internet Explorer
  • Sécurité
Dernière réponse : dans Sécurité et virus
4 Avril 2008 16:49:03

Bonjour, mon frère disposait auparavant d'Avast, je lui est installé AntiVir , et après un scan avec celui ci, plus de 4000 saloperies ont été détectées ... j'aimerais savoir quelle est la marche à suivre pour rendre le pc clean :D 

Voici le log HijackThis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:45:04, on 04/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Acer\eRecovery\Monitor.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\acer\epm\epm-dm.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\Program Files\PERFECT SERIES\MULTI-DIRECTION OPTICAL MOUSE\1.4\MOUSE32A.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Pierrick\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/webhp?sourceid=navclient&hl=fr&ie=...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: C:\WINDOWS\system32\jfiehayd.dll - {C5AF49A2-94F3-42BD-F434-2604812C897D} - C:\WINDOWS\system32\jfiehayd.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Program Files\Acer\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\PERFECT SERIES\MULTI-DIRECTION OPTICAL MOUSE\1.4\MOUSE32A.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [jdgf894jrghoiiskd] C:\DOCUME~1\Pierrick\LOCALS~1\Temp\winlogan.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] c:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [jdgf894jrghoiiskd] C:\DOCUME~1\Pierrick\LOCALS~1\Temp\winlogan.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Policies\Explorer\Run: [Windows Security Tool] WinSecure.exe
O4 - HKCU\..\Policies\Explorer\Run: [NT Security Service] NTSecurity.exe
O4 - HKCU\..\Policies\Explorer\Run: [Printing Utilities] spolsv.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - http://www.mayeticvillage.com/qp2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WLCtrl32 - C:\WINDOWS\SYSTEM32\WLCtrl32.dll
O22 - SharedTaskScheduler: jhsf8d984jief8dsfus98jkefn - {C5AF49A2-94F3-42BD-F434-2604812C897D} - C:\WINDOWS\system32\jfiehayd.dll (file missing)
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

--
End of file - 10776 bytes

Autres pages sur : choses eradiquer

4 Avril 2008 17:17:25

Salut,

Télécharge SDFix (d’Andy Manchesta)

Enregistre le sur ton le bureau.

Lance le.
Fais install afin qu’il puisse s’extraire.

Redémarre en mode sans échec
/!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\

Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\
Double clique sur RunThis.bat . (L’extension bat peut ne pas apparaître)
Appuie sur Y pour le lancer.

Il te sera demandé d'appuyer sur une touche pour redemarrer , fais le
Il est probable que le redémarrage soit un peu plus long que d’habitude.
Une fois l’apparition de ton Bureau, il affichera Finished

Appuie sur une touche.

Un rapport est généré , poste le dans ta réponse.
Il se trouve également. dans le dossier SDFix >Report.txt<
4 Avril 2008 18:38:17

Hello Michou ;) 

Voila le rapport :

SDFix: Version 1.166

Run by Pierrick on 04/04/2008 at 18:08

Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix

Checking Services :

Name:
UCI41

Path:
System32\Drivers\Uci41.sys

UCI41 - Deleted



Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting

Service UCI41 - Deleted after Reboot

Checking Files :

Trojan Files Found:

C:\WINDOWS\antiv.exe - Deleted
C:\WINDOWS\kiasys.dll - Deleted
C:\WINDOWS\system32\WLCtrl32.dll - Deleted
C:\WINDOWS\yeTyezzd.sys - Deleted
C:\WINDOWS\system32\drivers\UCI41.sys - Deleted





Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-04 18:32:09
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe"="C:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\InterVideo\\DVD5\\WinDVD.exe"="C:\\Program Files\\InterVideo\\DVD5\\WinDVD.exe:*:Enabled:WinDVD"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\Google\\Google Updater\\GoogleUpdater.exe"="C:\\Program Files\\Google\\Google Updater\\GoogleUpdater.exe:*:D isabled:Google Updater"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Wed 24 Aug 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTICDMK7.dll"
Wed 24 Aug 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTIMPEG2.dll"
Wed 24 Aug 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTIMP3.dll"
Wed 24 Aug 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTIFCD3.dll"
Wed 24 Aug 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTIBUN4.dll"
Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Tue 11 Mar 2008 30,208 ...H. --- "C:\Documents and Settings\Pierrick\Bureau\~WRL0001.tmp"
Thu 7 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\585dc2612ebcefc90e7dee4c276ee95e\BIT1.tmp"
Wed 5 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\cb8921d0c7830b2f33c00fa4c8a10d17\BIT3.tmp"
Tue 18 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\e8ac11bc9e4687d6c2a32699ff0541d6\BIT24.tmp"
Tue 18 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\29f6d57cd4efa945b402cdec2ffedddf\BIT25.tmp"
Tue 18 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\90e550d1a108d8bbd6da9841aafd83a8\BIT26.tmp"
Tue 18 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4febda7b78da8f94eaee96a8b432d591\BIT3.tmp"
Tue 18 Dec 2007 1,009,976 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\5857fd464a38367b479c179d651cd5d4\BIT7.tmp"
Wed 19 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\9e870549834e2bceb796e44a1e3ac6f5\BIT38.tmp"
Wed 19 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\22fb973e059470cc1b5d76c4ae605351\BIT39.tmp"
Wed 19 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2769b111678c52099a3b3123b12f2325\BIT36.tmp"
Wed 19 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\18b19374451d28a8fbaf1939cf31ff45\BIT35.tmp"
Wed 19 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\26924cbc8132a10b438ce6e2b49d4652\BIT31.tmp"
Wed 19 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\30285791903730fbf957a83562db4ff4\BIT33.tmp"
Wed 19 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d77b9b5b8fed23dd91f50d167cce60d3\BIT37.tmp"
Wed 19 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0a67b6c406b1d7e0f5c1e6f6d44a3f6e\BIT32.tmp"
Fri 21 Dec 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Tue 18 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\61cb8cabb47496dec6d7e4c842c3b827\download\BIT4.tmp"
Tue 18 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ec9dc63e53c8bf9a1e80cf1489c682bd\download\BIT6.tmp"
Fri 13 Oct 2006 31,232 A..H. --- "C:\Documents and Settings\Pierrick\Mes documents\DBS\1iŠre ann‚e\DBS promotion\~WRL0001.tmp"
Mon 14 Aug 2006 56,320 A..H. --- "C:\Documents and Settings\Pierrick\Mes documents\Licence Pro commerce\Stage\Stage D‚cathlon\~WRL2054.tmp"
Mon 26 Nov 2007 27,136 A..H. --- "C:\Documents and Settings\Pierrick\Mes documents\DBS\2e ann‚e\Placement\Covering letters\~WRL0003.tmp"
Mon 14 Aug 2006 80,384 A..H. --- "C:\Documents and Settings\Pierrick\Mes documents\Licence Pro commerce\Stage\Stage D‚cathlon\Travail fini\~WRL0002.tmp"
Tue 15 Aug 2006 82,432 A..H. --- "C:\Documents and Settings\Pierrick\Mes documents\Licence Pro commerce\Stage\Stage D‚cathlon\Travail fini\~WRL0665.tmp"
Tue 15 Aug 2006 83,456 A..H. --- "C:\Documents and Settings\Pierrick\Mes documents\Licence Pro commerce\Stage\Stage D‚cathlon\Travail fini\~WRL0748.tmp"
Tue 15 Aug 2006 82,944 A..H. --- "C:\Documents and Settings\Pierrick\Mes documents\Licence Pro commerce\Stage\Stage D‚cathlon\Travail fini\~WRL2164.tmp"
Tue 15 Aug 2006 83,456 A..H. --- "C:\Documents and Settings\Pierrick\Mes documents\Licence Pro commerce\Stage\Stage D‚cathlon\Travail fini\~WRL2609.tmp"
Tue 15 Aug 2006 80,896 A..H. --- "C:\Documents and Settings\Pierrick\Mes documents\Licence Pro commerce\Stage\Stage D‚cathlon\Travail fini\~WRL2835.tmp"
Tue 15 Aug 2006 82,944 A..H. --- "C:\Documents and Settings\Pierrick\Mes documents\Licence Pro commerce\Stage\Stage D‚cathlon\Travail fini\~WRL3347.tmp"

Finished!

Contenus similaires
4 Avril 2008 19:22:51

Re,

Télécharge Combofix (de sUBs) sur ton Bureau. (Tuto)

Désactive temporairement toute protection résidente ! (Antivirus, antispywares..)
Double clique combofix.exe. (Clique droit->Exécuter en tant qu'administrateur si sous Vista)
Tape sur la touche 1 (Yes) pour démarrer le scan.
Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.

Le rapport se trouve ici : C:\Combofix.txt
4 Avril 2008 20:33:55

Voila le rapport de ComboFix ;) 

ComboFix 08-04-03.5 - Pierrick 2008-04-04 20:25:52.1 - FAT32x86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.599 [GMT 2:00]
Endroit: C:\Documents and Settings\Pierrick\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Pierrick\Application Data\inst.exe
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\NPF


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-04 to 2008-04-04 ))))))))))))))))))))))))))))))))))))
.

2008-04-04 18:05 . 2008-04-04 18:05 <REP> d-------- C:\WINDOWS\ERUNT
2008-04-04 17:56 . 2008-04-04 06:08 <REP> d-------- C:\SDFix
2008-04-03 16:36 . 2008-04-03 16:36 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-03 16:36 . 2008-04-03 16:36 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-03 13:00 . 2008-04-03 13:00 <REP> d-------- C:\Program Files\Avira
2008-04-03 13:00 . 2008-04-03 13:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-04-03 01:39 . 2008-04-03 01:39 <REP> d--hs---- C:\FOUND.003
2008-04-02 14:01 . 2008-04-02 14:00 361,984 --a------ C:\WINDOWS\system32\spolsv.exe
2008-03-28 10:45 . 2008-03-28 10:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-03-25 13:25 . 2008-03-25 13:25 <REP> d-------- C:\Documents and Settings\Pierrick\Application Data\Intel
2008-03-22 15:02 . 2008-03-22 15:02 <REP> d-------- C:\Documents and Settings\Pierrick\Application Data\Vso
2008-03-22 15:02 . 2008-03-22 15:02 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2008-03-22 15:02 . 2008-03-23 13:24 47,360 --a------ C:\Documents and Settings\Pierrick\Application Data\pcouffin.sys
2008-03-20 18:25 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-03-20 18:24 . 2008-03-20 18:24 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-03-20 18:20 . 2008-03-20 18:20 <REP> d-------- C:\Program Files\Windows Live
2008-03-19 20:04 . 2008-03-19 20:04 <REP> d--hs---- C:\FOUND.002
2008-03-14 13:28 . 2008-03-14 13:32 6,148 --ah----- C:\.DS_Store
2008-03-06 21:55 . 2008-03-06 21:55 <REP> d-------- C:\Program Files\ShareVB
2008-03-06 20:43 . 2008-03-06 20:43 115 --a------ C:\WINDOWS\AIMPR.INI
2008-03-06 20:42 . 2008-03-06 20:42 <REP> d-------- C:\Program Files\ElcomSoft

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-29 08:52 --------- d-----w C:\Documents and Settings\Pierrick\Application Data\U3
2008-02-29 07:01 37,888 ----a-w C:\WINDOWS\system32\rar.exe
2008-02-29 06:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-27 14:26 --------- d-----w C:\Program Files\Fichiers communs\DVDVideoSoft
2008-02-27 14:26 --------- d-----w C:\Program Files\DVDVideoSoft
2008-02-15 11:20 --------- d-----w C:\Program Files\Toshiba
2008-02-07 20:08 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-02-05 21:02 --------- d-----w C:\Program Files\eMule
2008-02-05 19:59 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-02-05 19:59 --------- d-----w C:\Documents and Settings\Pierrick\Application Data\skypePM
2008-02-05 19:58 --------- d-----w C:\Program Files\Skype
2008-02-05 19:58 --------- d-----w C:\Program Files\Fichiers communs\Skype
2008-02-05 18:04 --------- d-----w C:\Documents and Settings\Pierrick\Application Data\GetRightToGo
2008-02-05 15:02 --------- d-----w C:\Documents and Settings\Pierrick\Application Data\3M
2008-01-11 04:36 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 05:00 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-19 11:46 68856]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"updateMgr"="c:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [ ]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" []
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-06-07 20:02 94208]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-06-07 19:59 77824]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2005-06-07 20:03 114688]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-11 19:51 53248]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-08 14:44 98394]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-08 14:43 688218]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-05 05:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 05:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 05:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 05:00 455168]
"RTHDCPL"="RTHDCPL.EXE" [2005-08-09 15:17 14743552 C:\WINDOWS\RTHDCPL.EXE]
"PCMService"="C:\Program Files\Acer\Acer Arcade\PCMService.exe" [2005-08-11 11:48 143360]
"EPM-DM"="c:\acer\epm\epm-dm.exe" [2005-08-11 19:21 200704]
"ePowerManagement"="C:\Acer\ePM\ePM.exe" [2005-03-15 10:03 2893824]
"LManager"="C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE" [2005-08-19 01:28 462848]
"eRecoveryService"="C:\Program Files\Acer\eRecovery\Monitor.exe" [2005-08-18 19:38 352256]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"LWBMOUSE"="C:\Program Files\PERFECT SERIES\MULTI-DIRECTION OPTICAL MOUSE\1.4\MOUSE32A.EXE" [2004-08-04 16:19 365568]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-05 05:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-03 13:04 249896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 05:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.yv12"= yv12vfw.dll
"msacm.ac3acm"= ac3acm.acm
"VIDC.wmv3"= wmv9vcm.dll
"msacm.l3codecp"=

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Uci41.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\InterVideo\\DVD5\\WinDVD.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Google\\Google Updater\\GoogleUpdater.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2004-07-19 13:10]
R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-04-07 18:08]
R2 int15.sys;int15.sys;C:\Program Files\Acer\eRecovery\int15.sys [2005-01-13 14:46]
R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 16:58]
R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 15:57]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d03f6c17-e545-11dc-b172-0013ce6a6d3a}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-04 20:29:10
Windows 5.1.2600 Service Pack 2 FAT NTAPI

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\system32\igfxsrvc.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-04-04 20:31:51 - machine was rebooted [Pierrick]
ComboFix-quarantined-files.txt 2008-04-04 18:31:48
Pre-Run: 9,436,266,496 octets libres
Post-Run: 9,357,885,440 octets libres
.
2008-03-22 12:39:33 --- E O F ---
5 Avril 2008 00:13:53

Re,

Copie le texte se situant dans le cadre ci-dessous :

File::
C:\WINDOWS\system32\spolsv.exe

Folder::
C:\FOUND.003
C:\FOUND.002

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"=-
"updateMgr"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"=-
"RTHDCPL"=-
"NeroFilterCheck"=-
"Adobe Reader Speed Launcher"=-


Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :


Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
S'il n'y a pas de rédémarrage, poste quand même les rapports.
5 Avril 2008 17:54:32

Bonjour, désolé de ne pas avoir pu répondre plus tôt , j'étais en déplacement ;) 

Rapport ComboFix:

ComboFix 08-04-03.5 - Pierrick 2008-04-05 17:50:01.2 - FAT32x86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.600 [GMT 2:00]
Endroit: C:\Documents and Settings\Pierrick\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Pierrick\Bureau\CFScript.txt..txt
* Création d'un nouveau point de restauration

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

FILE ::
C:\WINDOWS\system32\spolsv.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\FOUND.002
C:\FOUND.002\FILE0000.CHK
C:\FOUND.003
C:\FOUND.003\FILE0000.CHK
C:\FOUND.003\FILE0001.CHK
C:\FOUND.003\FILE0002.CHK
C:\FOUND.003\FILE0003.CHK
C:\FOUND.003\FILE0004.CHK

.
((((((((((((((((((((((((((((( Fichiers créés 2008-03-05 to 2008-04-05 ))))))))))))))))))))))))))))))))))))
.

2008-04-04 18:05 . 2008-04-04 18:05 <REP> d-------- C:\WINDOWS\ERUNT
2008-04-04 17:56 . 2008-04-04 06:08 <REP> d-------- C:\SDFix
2008-04-03 16:36 . 2008-04-03 16:36 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-03 16:36 . 2008-04-03 16:36 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-03 13:00 . 2008-04-03 13:00 <REP> d-------- C:\Program Files\Avira
2008-04-03 13:00 . 2008-04-03 13:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-03-28 10:45 . 2008-03-28 10:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-03-25 13:25 . 2008-03-25 13:25 <REP> d-------- C:\Documents and Settings\Pierrick\Application Data\Intel
2008-03-22 15:02 . 2008-03-22 15:02 <REP> d-------- C:\Documents and Settings\Pierrick\Application Data\Vso
2008-03-22 15:02 . 2008-03-22 15:02 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2008-03-22 15:02 . 2008-03-23 13:24 47,360 --a------ C:\Documents and Settings\Pierrick\Application Data\pcouffin.sys
2008-03-20 18:25 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-03-20 18:24 . 2008-03-20 18:24 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-03-20 18:20 . 2008-03-20 18:20 <REP> d-------- C:\Program Files\Windows Live
2008-03-14 13:28 . 2008-03-14 13:32 6,148 --ah----- C:\.DS_Store
2008-03-06 21:55 . 2008-03-06 21:55 <REP> d-------- C:\Program Files\ShareVB
2008-03-06 20:43 . 2008-03-06 20:43 115 --a------ C:\WINDOWS\AIMPR.INI
2008-03-06 20:42 . 2008-03-06 20:42 <REP> d-------- C:\Program Files\ElcomSoft

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-29 08:52 --------- d-----w C:\Documents and Settings\Pierrick\Application Data\U3
2008-02-29 07:01 37,888 ----a-w C:\WINDOWS\system32\rar.exe
2008-02-29 06:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-27 14:26 --------- d-----w C:\Program Files\Fichiers communs\DVDVideoSoft
2008-02-27 14:26 --------- d-----w C:\Program Files\DVDVideoSoft
2008-02-15 11:20 --------- d-----w C:\Program Files\Toshiba
2008-02-07 20:08 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-02-05 21:02 --------- d-----w C:\Program Files\eMule
2008-02-05 19:59 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-02-05 19:59 --------- d-----w C:\Documents and Settings\Pierrick\Application Data\skypePM
2008-02-05 19:58 --------- d-----w C:\Program Files\Skype
2008-02-05 19:58 --------- d-----w C:\Program Files\Fichiers communs\Skype
2008-02-05 18:04 --------- d-----w C:\Documents and Settings\Pierrick\Application Data\GetRightToGo
2008-02-05 15:02 --------- d-----w C:\Documents and Settings\Pierrick\Application Data\3M
2008-01-11 04:36 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
.

((((((((((((((((((((((((((((( snapshot@2008-04-04_20.31.33.25 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-02-22 21:41:12 304,544 ----a-w C:\WINDOWS\Downloaded Program Files\MessengerStatsPAClient.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 05:00 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-06-07 20:02 94208]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-06-07 19:59 77824]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2005-06-07 20:03 114688]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-11 19:51 53248]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-08 14:44 98394]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-08 14:43 688218]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-05 05:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 05:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 05:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 05:00 455168]
"PCMService"="C:\Program Files\Acer\Acer Arcade\PCMService.exe" [2005-08-11 11:48 143360]
"EPM-DM"="c:\acer\epm\epm-dm.exe" [2005-08-11 19:21 200704]
"ePowerManagement"="C:\Acer\ePM\ePM.exe" [2005-03-15 10:03 2893824]
"LManager"="C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE" [2005-08-19 01:28 462848]
"eRecoveryService"="C:\Program Files\Acer\eRecovery\Monitor.exe" [2005-08-18 19:38 352256]
"LWBMOUSE"="C:\Program Files\PERFECT SERIES\MULTI-DIRECTION OPTICAL MOUSE\1.4\MOUSE32A.EXE" [2004-08-04 16:19 365568]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-05 05:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-03 13:04 249896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 05:00 15360]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2007-12-18 23:32:22 155648]
Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-12-19 11:46:55 124400]
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2004-12-21 20:42:30 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.yv12"= yv12vfw.dll
"msacm.ac3acm"= ac3acm.acm
"VIDC.wmv3"= wmv9vcm.dll
"msacm.l3codecp"=

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Uci41.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\InterVideo\\DVD5\\WinDVD.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Google\\Google Updater\\GoogleUpdater.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2004-07-19 13:10]
R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-04-07 18:08]
R2 int15.sys;int15.sys;C:\Program Files\Acer\eRecovery\int15.sys [2005-01-13 14:46]
R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 16:58]
R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 15:57]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d03f6c17-e545-11dc-b172-0013ce6a6d3a}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

*Newly Created Service* - INT15.SYS
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-05 17:51:40
Windows 5.1.2600 Service Pack 2 FAT NTAPI

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-04-05 17:51:58
ComboFix-quarantined-files.txt 2008-04-05 15:51:58
ComboFix2.txt 2008-04-04 18:31:54
Pre-Run: 9,094,397,952 octets libres
Post-Run: 9,077,489,664 octets libres
.
2008-03-22 12:39:33 --- E O F ---

Rapport Hijackthis :

ogfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:54:19, on 05/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Acer\eRecovery\Monitor.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\acer\epm\epm-dm.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\Program Files\PERFECT SERIES\MULTI-DIRECTION OPTICAL MOUSE\1.4\MOUSE32A.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Pierrick\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/webhp?sourceid=navclient&hl=fr&ie=...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Program Files\Acer\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\PERFECT SERIES\MULTI-DIRECTION OPTICAL MOUSE\1.4\MOUSE32A.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - http://www.mayeticvillage.com/qp2.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

--
End of file - 9312 bytes
5 Avril 2008 23:38:50

Bien, où en sont tes problèmes ?

Télécharge sur ton bureau : Clean (de Malekal) >Tuto<
Dézippe le sur ton bureau. Double-clic sur ce dossier clean.
Double-clic sur clean.cmd. (L’extension cmd peut ne pas apparaître) Cela va ouvrir une fenêtre noire.
Un menu va apparaître, choisis l'option 1 puis entrée. Ensuite appuies sur une touche comme il te sera demandé.
Poste le rapport se trouve ici : C:\rapport_clean.txt

Si tu obtiens un fichier C:\upload_moi.zip, merci de faire ceci.
Tom's guide dans le monde
  • Allemagne
  • Italie
  • Irlande
  • Royaume Uni
  • Etats Unis
Suivre Tom's Guide
Inscrivez-vous à la Newsletter
  • ajouter à twitter
  • ajouter à facebook
  • ajouter un flux RSS