Votre question

éiminer Win32:Trojan-gen. {UPX!}

Tags :
  • Trojan
  • Sécurité
Dernière réponse : dans Sécurité et virus
11 Mars 2008 08:37:14

Bonjour, j'ai un problème avec cette saleté de virus Win32:Trojan-gen. {UPX!} (et je ne suis visiblement pas le seul vu le nombre de discussions portant cet intitulé)...

Voilà, mon ordinateur semble fonctionner correctement, mais avast n'arrête pas d'afficher des messages d'alerte indiquant que je suis infecté par ce trojan, je le met en quarantaine, mais il revient tout le temps. Le message s'affiche surtout quand j'ouvre mon disque dur externe (wd passport) et parfois au démarrage de l'ordinateur.

J'ai pu constater en me balladant sur ce forum qu'il y a des gens plutôt balèzes qui seraient en mesure de m'aider à résoudre ce problème. Etant relativement une buse en informatique, je m'en remet à vos doctes conseils.
Merci de m'aider ça serait vraiment très sympa...

Voici le log de hijack this :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:53:22, on 10/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Apps\Powercinema\PCMService.exe
C:\PROGRA~1\NUMERI~1\MONASS~1\SMARTB~1\MotiveSB.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\Recycler.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\dlcccoms.exe
c:\Program Files\Numericable\Mon Assistant Internet\bin\mad.exe
c:\Program Files\Numericable\Mon Assistant Internet\bin\mpbtn.exe
C:\PROGRA~1\Motive\ASSTCO~1\MOTIVE~1.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Alwil Software\Avast4\ashChest.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = www.google.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.huddi.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer par NUMERICABLE
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [Workflow] D:\Workflow.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\NUMERI~1\MONASS~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"
O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [devenv] C:\WINDOWS\system\smvss.exe /w
O4 - HKLM\..\Run: [Windows Recycled] C:\WINDOWS\system32\Recycler.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Mon Assistant Internet.lnk = C:\Program Files\Numericable\Mon Assistant Internet\bin\matcli.exe
O8 - Extra context menu item: Afficher cette page dans Firefox - file://C:\Documents and Settings\hervault jules\Application Data\Mozilla\Firefox\Profiles\zx3sw3sa.default\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA­­9F975}\firefoxviewpage.html
O8 - Extra context menu item: Ouvrir la cible dans Firefox - file://C:\Documents and Settings\hervault jules\Application Data\Mozilla\Firefox\Profiles\zx3sw3sa.default\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA­­9F975}\firefoxviewlink.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O15 - Trusted Zone: http://www.mediapluspro.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O16 - DPF: {D28C3640-A6D7-4668-A53C-07A9CF67D157} (CFnacComposantCtrl Object) - http://www.fnacmusic.com/telechargementFnacmusic/FnacCo...
O22 - SharedTaskScheduler: grassily - {4233ac08-a2c4-4742-a0b4-83719613d62c} - C:\WINDOWS\system32\ilmpjy.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: CyberLink Media Library Service - Unknown owner - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe (file missing)
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe
O23 - Service: dlcc_device - Unknown owner - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: MySqlInventime - Unknown owner - c:\mysql\bin\mysqld-max-nt.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O24 - Desktop Component 0: (no name) - http://www.wtv-zone.com/whales/images/clapton/clapton17...

End of file - 10585 bytes

Autres pages sur : eiminer win32 trojan gen upx

a b 8 Sécurité
11 Mars 2008 12:43:38

Bonjour,

Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
Double clique sur SDFix.exe et choisis Install pour l'extraire sur le Bureau.

Redémarre en mode sans échec

  • Ouvre le dossier SDFix qui vient d'être créé à la racine de ton dique dur (C:) et double clique sur RunThis.bat pour lancer le script.
  • Appuie sur Y pour commencer le processus de nettoyage.
  • Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
  • Appuie sur une touche pour redémarrer le PC.
  • Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
  • Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
  • Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
  • Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
  • Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis.
    11 Mars 2008 19:28:19

    Voici le contenu du fichier report.txt :

    SDFix: Version 1.155

    Run by hervault jules on 10/03/2008 at 23:35

    Microsoft Windows XP [version 5.1.2600]
    Running From: C:\DOCUME~1\HERVAU~1\Bureau\DSINFE~1\SDFix

    Checking Services :


    Restoring Windows Registry Values
    Restoring Windows Default Hosts File

    Rebooting


    Checking Files :

    Trojan Files Found:

    C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\0exgmrgml19.exe - Deleted
    C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\10exgmrgml18.exe - Deleted
    C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\10exgmrgml19.exe - Deleted
    C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\11exgmrgml18.exe - Deleted
    C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\13exgmrgml18.exe - Deleted
    C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\13exgmrgml19.exe - Deleted
    C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\15exgmrgml19.exe - Deleted
    C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\16exgmrgml18.exe - Deleted
    C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\18exgmrgml18.exe - Deleted
    C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\18exgmrgml19.exe - Deleted
    C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\19exgmrgml18.exe - Deleted
    C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\19exgmrgml19.exe - Deleted
    C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\1exgmrgml18.exe - Deleted
    C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\1exgmrgml19.exe - Deleted
    C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\21exgmrgml18.exe - Deleted
    C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\21exgmrgml19.exe - Deleted
    C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\22exgmrgml18.exe - Deleted
    C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\22exgmrgml19.exe - Deleted
    C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\23exgmrgml18.exe - Deleted
    C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\23exgmrgml19.exe - Deleted
    C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\25exgmrgml19.exe - Deleted
    C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\28exgmrgml18.exe - Deleted
    C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\28exgmrgml19.exe - Deleted
    C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\29exgmrgml19.exe - Deleted
    C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\2exgmrgml19.exe - Deleted
    C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\30exgmrgml19.exe - Deleted
    C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\31exgmrgml18.exe - Deleted
    C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\31exgmrgml19.exe - Deleted
    C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\32exgmrgml19.exe - Deleted
    C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\33exgmrgml18.exe - Deleted
    C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\33exgmrgml19.exe - Deleted
    C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\34exgmrgml18.exe - Deleted
    C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\34exgmrgml19.exe - Deleted
    C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\36exgmrgml19.exe - Deleted
    C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\38exgmrgml18.exe - Deleted
    C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\38exgmrgml19.exe - Deleted
    C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\42exgmrgml19.exe - Deleted
    C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\43exgmrgml18.exe - Deleted
    C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\43exgmrgml19.exe - Deleted
    C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\44exgmrgml18.exe - Deleted
    C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\48exgmrgml18.exe - Deleted
    C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\48exgmrgml19.exe - Deleted
    C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\49exgmrgml18.exe - Deleted
    C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\4exgmrgml18.exe - Deleted
    C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\4exgmrgml19.exe - Deleted
    C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\50exgmrgml18.exe - Deleted
    C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\50exgmrgml19.exe - Deleted
    C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\51exgmrgml10.exe - Deleted
    C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\51exgmrgml19.exe - Deleted
    C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\52exgmrgml19.exe - Deleted
    C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\53exgmrgml18.exe - Deleted
    C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\54exgmrgml19.exe - Deleted
    C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\55exgmrgml18.exe - Deleted
    C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\57exgmrgml19.exe - Deleted
    C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\58exgmrgml18.exe - Deleted
    C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\58exgmrgml19.exe - Deleted
    C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\59exgmrgml19.exe - Deleted
    C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\60exgmrgml19.exe - Deleted
    C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\61exgmrgml19.exe - Deleted
    C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\62exgmrgml19.exe - Deleted
    C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\64exgmrgml18.exe - Deleted
    C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\64exgmrgml19.exe - Deleted
    C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\65exgmrgml19.exe - Deleted
    C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\66exgmrgml10.exe - Deleted
    C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\66exgmrgml19.exe - Deleted
    C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\67exgmrgml18.exe - Deleted
    C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\67exgmrgml19.exe - Deleted
    C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\68exgmrgml19.exe - Deleted
    C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\69exgmrgml19.exe - Deleted
    C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\6exgmrgml19.exe - Deleted
    C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\71exgmrgml18.exe - Deleted
    C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\72exgmrgml18.exe - Deleted
    C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\74exgmrgml18.exe - Deleted
    C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\74exgmrgml19.exe - Deleted
    C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\75exgmrgml18.exe - Deleted
    C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\75exgmrgml19.exe - Deleted
    C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\76exgmrgml18.exe - Deleted
    C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\77exgmrgml19.exe - Deleted
    C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\78exgmrgml19.exe - Deleted
    C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\79exgmrgml19.exe - Deleted
    C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\7exgmrgml10.exe - Deleted
    C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\80exgmrgml18.exe - Deleted
    C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\80exgmrgml19.exe - Deleted
    C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\81exgmrgml19.exe - Deleted
    C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\82exgmrgml19.exe - Deleted
    C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\83exgmrgml18.exe - Deleted
    C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\84exgmrgml18.exe - Deleted
    C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\84exgmrgml19.exe - Deleted
    C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\86exgmrgml19.exe - Deleted
    C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\87exgmrgml19.exe - Deleted
    C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\88exgmrgml19.exe - Deleted
    C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\89exgmrgml18.exe - Deleted
    C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\89exgmrgml19.exe - Deleted
    C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\8exgmrgml18.exe - Deleted
    C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\90exgmrgml18.exe - Deleted
    C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\90exgmrgml19.exe - Deleted
    C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\91exgmrgml19.exe - Deleted
    C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\92exgmrgml18.exe - Deleted
    C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\93exgmrgml19.exe - Deleted
    C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\94exgmrgml10.exe - Deleted
    C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\94exgmrgml18.exe - Deleted
    C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\94exgmrgml19.exe - Deleted
    C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\95exgmrgml19.exe - Deleted
    C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\96exgmrgml19.exe - Deleted
    C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\97exgmrgml18.exe - Deleted
    C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\99exgmrgml19.exe - Deleted
    C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\9exgmrgml10.exe - Deleted
    C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\9exgmrgml18.exe - Deleted
    C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\9exgmrgml19.exe - Deleted
    C:\WINDOWS\system\smvss.exe - Deleted


    Could Not Remove C:\autorun.inf



    Removing Temp Files

    ADS Check :



    Final Check :

    catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-03-10 23:50:54
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
    "s1"=dword:a92210cc
    "s2"=dword:a3818a1b
    "h0"=dword:00000001

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "p0"="C:\Program Files\DAEMON Tools\"
    "h0"=dword:00000000
    "khjeh"=hex:b7,12,17,54,a6,c0,21,b0,25,1f,7f,d2,6d,ff,9e,f8,6d,da,cf,8a,a8,..

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "a0"=hex:20,01,00,00,8c,02,ef,f5,3d,65,22,fa,ac,14,41,c4,90,cc,ca,22,82,..
    "khjeh"=hex:93,69,f5,7f,26,cb,1e,6a,97,61,2d,a9,f9,b9,56,d2,14,35,34,f0,14,..

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:c4,19,83,b3,5a,d0,0c,ef,e9,92,3b,1e,8a,47,e0,f3,95,67,1b,0b,a7,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "p0"="C:\Program Files\DAEMON Tools\"
    "h0"=dword:00000000
    "khjeh"=hex:b7,12,17,54,a6,c0,21,b0,25,1f,7f,d2,6d,ff,9e,f8,6d,da,cf,8a,a8,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "a0"=hex:20,01,00,00,8c,02,ef,f5,3d,65,22,fa,ac,14,41,c4,90,cc,ca,22,82,..
    "khjeh"=hex:93,69,f5,7f,26,cb,1e,6a,97,61,2d,a9,f9,b9,56,d2,14,35,34,f0,14,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:c4,19,83,b3,5a,d0,0c,ef,e9,92,3b,1e,8a,47,e0,f3,95,67,1b,0b,a7,..

    scanning hidden registry entries ...

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
    "TracesProcessed"=dword:00000045

    scanning hidden files ...


    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 33


    Remaining Services :



    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%ProgramFiles%\\AOL 9.0\\aol.exe"="%ProgramFiles%\\AOL 9.0\\aol.exe:*:Enabled:AOL"
    "%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"="%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe:*:Enabled:SPLINTER CELL PANDORA"
    "%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"="%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe:*:Enabled:p ANDORA"
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\APPS\\Inventime\\my.exe"="C:\\APPS\\Inventime\\my.exe:*:Enabled:INVENTIME"
    "C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL 9.0"
    "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
    "C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
    "C:\\APPS\\skype\\phone\\Skype.exe"="C:\\APPS\\skype\\phone\\Skype.exe:*:Enabled:Skype"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL 9.0"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

    Remaining Files :

    C:\autorun.inf Found

    File Backups: - C:\DOCUME~1\HERVAU~1\Bureau\DSINFE~1\SDFix\backups\backups.zip

    Files with Hidden Attributes :

    Thu 22 Jun 2006 215 A.SHR --- "C:\BOOT.BAK"
    Tue 31 May 2005 54,384 A..H. --- "C:\Program Files\AOL 9.0\aolphx.exe"
    Tue 31 May 2005 156,784 A..H. --- "C:\Program Files\AOL 9.0\aoltray.exe"
    Tue 31 May 2005 31,344 A..H. --- "C:\Program Files\AOL 9.0\RBM.exe"
    Mon 23 Oct 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
    Thu 26 Apr 2007 37,888 ...H. --- "C:\Documents and Settings\hervault jules\Mes documents\~WRL0635.tmp"
    Sun 19 Nov 2006 35,840 ...H. --- "C:\Documents and Settings\hervault jules\Mes documents\~WRL1157.tmp"
    Sun 9 Dec 2007 24,064 ...H. --- "C:\Documents and Settings\hervault jules\Mes documents\~WRL1462.tmp"
    Sun 29 Apr 2007 26,112 ...H. --- "C:\Documents and Settings\hervault jules\Mes documents\~WRL2995.tmp"
    Sat 24 Nov 2007 22,528 ...H. --- "C:\Documents and Settings\hervault jules\Mes documents\~WRL3597.tmp"
    Fri 27 Feb 2004 233,472 A..H. --- "C:\Program Files\Image-Line\FL Studio 7\REX Shared Library.dll"
    Thu 25 Jan 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
    Thu 24 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f7db876e78b88fd8276fd7d29cb7e4eb\BIT2.tmp"
    Sat 16 Feb 2008 1,035 A..H. --- "C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy\xzvYfyupcepPG68\sujSrrpTjQQ.tmp"
    Tue 17 Apr 2007 29,696 ...H. --- "C:\Documents and Settings\hervault jules\Application Data\Microsoft\ModŠles\~WRL0176.tmp"
    Sat 24 Nov 2007 19,968 ...H. --- "C:\Documents and Settings\hervault jules\Application Data\Microsoft\Word\~WRL0003.tmp"
    Sun 9 Dec 2007 26,624 ...H. --- "C:\Documents and Settings\hervault jules\Application Data\Microsoft\Word\~WRL0004.tmp"
    Sat 24 Nov 2007 19,968 ...H. --- "C:\Documents and Settings\hervault jules\Application Data\Microsoft\Word\~WRL0005.tmp"
    Sat 24 Nov 2007 20,480 ...H. --- "C:\Documents and Settings\hervault jules\Application Data\Microsoft\Word\~WRL0012.tmp"
    Sat 24 Nov 2007 21,504 ...H. --- "C:\Documents and Settings\hervault jules\Application Data\Microsoft\Word\~WRL0412.tmp"
    Sat 24 Nov 2007 23,552 ...H. --- "C:\Documents and Settings\hervault jules\Application Data\Microsoft\Word\~WRL0446.tmp"
    Sun 29 Apr 2007 38,400 ...H. --- "C:\Documents and Settings\hervault jules\Application Data\Microsoft\Word\~WRL0530.tmp"
    Sun 29 Apr 2007 34,816 ...H. --- "C:\Documents and Settings\hervault jules\Application Data\Microsoft\Word\~WRL1049.tmp"
    Sat 24 Nov 2007 20,992 ...H. --- "C:\Documents and Settings\hervault jules\Application Data\Microsoft\Word\~WRL1689.tmp"
    Sat 24 Nov 2007 22,016 ...H. --- "C:\Documents and Settings\hervault jules\Application Data\Microsoft\Word\~WRL1804.tmp"
    Sun 9 Dec 2007 26,624 ...H. --- "C:\Documents and Settings\hervault jules\Application Data\Microsoft\Word\~WRL1825.tmp"
    Sat 24 Nov 2007 20,992 ...H. --- "C:\Documents and Settings\hervault jules\Application Data\Microsoft\Word\~WRL1939.tmp"
    Sat 24 Nov 2007 20,992 ...H. --- "C:\Documents and Settings\hervault jules\Application Data\Microsoft\Word\~WRL2128.tmp"
    Sat 24 Nov 2007 23,040 ...H. --- "C:\Documents and Settings\hervault jules\Application Data\Microsoft\Word\~WRL2968.tmp"
    Sat 24 Nov 2007 22,528 ...H. --- "C:\Documents and Settings\hervault jules\Application Data\Microsoft\Word\~WRL3867.tmp"
    Sun 29 Apr 2007 34,816 ...H. --- "C:\Documents and Settings\hervault jules\Application Data\Microsoft\Word\~WRL4020.tmp"
    Thu 24 Jan 2008 1,745 ...HR --- "C:\Documents and Settings\hervault jules\Application Data\SecuROM\UserData\securom_v7_01.bak"
    Tue 31 May 2005 106,496 A..H. --- "C:\Program Files\Fichiers communs\aolshare\shell\fr\shellext.dll"
    Fri 24 Jun 2005 1,121 A..H. --- "C:\Documents and Settings\All Users\Application Data\Microsoft\Media Player\UXI0WYQy19R0F\kF6Tz2ZRIJ.tmp"
    Thu 30 Nov 2006 257,536 A.SH. --- "C:\Documents and Settings\hervault jules\Mes documents\Docs\Cours A2\ann‚e 2007 2008\pas en cours\SP\droit administratif\~WRL3147.tmp"
    Mon 4 Dec 2006 253,952 A.SH. --- "C:\Documents and Settings\hervault jules\Mes documents\Docs\Cours A2\ann‚e 2007 2008\pas en cours\SP\droit administratif\~WRL3407.tmp"

    Finished!


    Et voici le log hijackthis :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 08:58:45, on 11/03/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    C:\WINDOWS\system32\CTSvcCDA.EXE
    C:\Program Files\Digidesign\Drivers\MMERefresh.exe
    c:\APPS\HIDSERVICE\HIDSERVICE.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Apps\Powercinema\PCMService.exe
    C:\PROGRA~1\NUMERI~1\MONASS~1\SMARTB~1\MotiveSB.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\system32\Recycler.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\WINDOWS\system32\dlcccoms.exe
    c:\Program Files\Numericable\Mon Assistant Internet\bin\mad.exe
    c:\Program Files\Numericable\Mon Assistant Internet\bin\mpbtn.exe
    C:\PROGRA~1\Motive\ASSTCO~1\MOTIVE~1.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = www.google.fr
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.huddi.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
    O4 - HKLM\..\Run: [Workflow] D:\Workflow.exe
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\NUMERI~1\MONASS~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
    O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"
    O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [Windows Recycled] C:\WINDOWS\system32\Recycler.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Mon Assistant Internet.lnk = C:\Program Files\Numericable\Mon Assistant Internet\bin\matcli.exe
    O8 - Extra context menu item: Afficher cette page dans Firefox - file://C:\Documents and Settings\hervault jules\Application Data\Mozilla\Firefox\Profiles\zx3sw3sa.default\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA­9F975}\firefoxviewpage.html
    O8 - Extra context menu item: Ouvrir la cible dans Firefox - file://C:\Documents and Settings\hervault jules\Application Data\Mozilla\Firefox\Profiles\zx3sw3sa.default\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA­9F975}\firefoxviewlink.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
    O15 - Trusted Zone: http://www.mediapluspro.com
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O16 - DPF: {D28C3640-A6D7-4668-A53C-07A9CF67D157} (CFnacComposantCtrl Object) - http://www.fnacmusic.com/telechargementFnacmusic/FnacCo...
    O22 - SharedTaskScheduler: grassily - {4233ac08-a2c4-4742-a0b4-83719613d62c} - C:\WINDOWS\system32\ilmpjy.dll (file missing)
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
    O23 - Service: CyberLink Media Library Service - Unknown owner - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe (file missing)
    O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
    O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe
    O23 - Service: dlcc_device - Unknown owner - C:\WINDOWS\system32\dlcccoms.exe
    O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
    O23 - Service: MySqlInventime - Unknown owner - c:\mysql\bin\mysqld-max-nt.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O24 - Desktop Component 0: (no name) - http://www.wtv-zone.com/whales/images/clapton/clapton17...

    End of file - 10359 bytes
    Contenus similaires
    12 Mars 2008 07:44:40

    J'ai toujours le virus. Je n'y connaiS rien mais j'ai comme l'impression qu'il se loge,à la base, dans mon disque dur externe car le message d'alerte apparait au démarrage de l'ordinateur en même temps que s'affiche une fenêtre avec le contenu de mon disque dur externe. D'autant plus que cette fenêtre ne s'affichait pas toute seule au démarrage d'habitude, mais lorsque je connectait, le disque dur et seulement après que windows m'ait demandé l'action a effectué... Voilà... Enfin en tout cas le virus est toujours là uisque j'ai eu une alerte dès le redémarrage de l'ordinateur.
    a b 8 Sécurité
    12 Mars 2008 13:28:44

    Quoi ?!
    12 Mars 2008 18:30:00

    Et bien, j'ai fait tout ce que tu m'as dit de faire avec SDfix et le redémarrage en mode sans échec, mais ça n'a pas changé grand chose vu que, dès que j'ai relancé mon PC, avast m'a remis un message d'alerte pour le même virus.

    Et en fait, je pense que ça serait mon disque dur externe qui serait infecté car l'alerte ne s'affiche qu'au moment ou j'ouvre ce disque dur externe, ou au démarrage de windows, lorsque celui-ci s'ouvre tout seul (ce qui n'est pas normal)...

    Voilà, donc en gros j'ai toujours le même problème...
    a b 8 Sécurité
    12 Mars 2008 20:21:51

    Tu as fait ce que j'ai dit avec AntiVir ?
    13 Mars 2008 17:02:22

    Merci pour ton aide, mais finalement j'ai un ami qui est venu chez moi régler ça...Il n'y a plus de problème...

    Merci encore...
    a b 8 Sécurité
    13 Mars 2008 18:20:06

    Si tu le dis.
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS