Mon pc est vérolé (comment le réparer) ?

Locara92 Messages postés 29 Statut Membre -  
 laurent paturel -
Bonjour tout le monde,

mon pc est vérolé par des virus + trojans + adwares car il est supe rlent et mouline !
Ci-joint mon hijackthis
Merci pour votre aide s'il vous plâît :

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 09:21:23, on 09/06/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Micro Application\Anti-Virus Personnel 2007\avp.exe
C:\Program Files\Micro Application\Anti-Virus Personnel 2007\avp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\locara\Bureau\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.update.microsoft.com/windowsupdate/v6/default.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Micro Application\Anti-Virus Personnel 2007\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Anti-Virus Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Micro Application\Anti-Virus Personnel 2007\scieplugin.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Anti-Virus Personnel 2007 (AVP) - Micro Application - C:\Program Files\Micro Application\Anti-Virus Personnel 2007\avp.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: DDE réseau (NetDDE) - Unknown owner - C:\WINDOWS\system32\netdde.exe
O23 - Service: DSDM DDE réseau (NetDDEdsdm) - Unknown owner - C:\WINDOWS\system32\netdde.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Prise en charge des cartes à puces (SCardDrv) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Unknown owner - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe (file missing)
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe

--
End of file - 4735 bytes
Configuration: Windows XP
Internet Explorer 6.0

2 réponses

  1. Utilisateur anonyme
     
    Bonjour

    Fais ceci pour vérifier quelque chose ..

    Télécharge ComboScan sur ton Bureau.
    ---> http://www.techsupportforum.com/sectools/Deckard/dss.exe
    Ferme toutes les applications en cours ; antivirus, pare-feu, etc ..
    Double-clic sur comboscan.exe A la fenêtre qui s'affiche, clic sur OK.
    Soit patient ..
    Le rapport Comboscan.txt s'affichera, copie et colle le contenu de ce fichier ici.
    Attention, il peut avoir deux, trois rapports mets les tous ici stp

    0
    1. Locara92 Messages postés 29 Statut Membre
       
      Bonjour, voici le rapport Comboscan :

      Deckard's System Scanner v20070603.47
      Run by locara on 2007-06-09 at 09:55:17
      Computer is in Normal Mode.
      --------------------------------------------------------------------------------

      -- System Restore --------------------------------------------------------------

      Successfully created a Deckard's System Scanner Restore Point.


      -- Last 5 Restore Point(s) --
      10: 2007-06-09 07:56:26 UTC - RP10 - Deckard's System Scanner Restore Point
      9: 2007-06-09 06:37:11 UTC - RP9 - Installed Windows XP (KB892130).
      8: 2007-06-09 06:36:21 UTC - RP8 - Le KB898461 pour Windows XP a été installé.
      7: 2007-06-09 06:35:14 UTC - RP7 - Le KB893803v2 pour Windows Installer a été installé.
      6: 2007-06-09 06:33:00 UTC - RP6 - Le KB842773 pour Windows XP a été installé.


      -- First Restore Point --
      1: 2007-06-08 21:04:16 UTC - RP1 - Point de vérification système


      Backed up registry hives.

      Performed disk cleanup.


      -- HijackThis Clone ------------------------------------------------------------

      Emulating logfile of HijackThis v1.99.1
      Scan saved at 2007-06-09 09:57:31
      Platform: Windows XP Service Pack 1 (5.01.2600)
      MSIE: Internet Explorer (6.00.2800.1106)

      Running processes:
      C:\WINDOWS\SYSTEM32\smss.exe
      C:\WINDOWS\SYSTEM32\winlogon.exe
      C:\WINDOWS\SYSTEM32\services.exe
      C:\WINDOWS\SYSTEM32\lsass.exe
      C:\WINDOWS\SYSTEM32\svchost.exe
      C:\WINDOWS\SYSTEM32\svchost.exe
      C:\WINDOWS\explorer.exe
      C:\WINDOWS\SYSTEM32\spoolsv.exe
      C:\Program Files\Micro Application\Anti-Virus Personnel 2007\avp.exe
      C:\Program Files\Micro Application\Anti-Virus Personnel 2007\avp.exe
      C:\WINDOWS\SYSTEM32\ctfmon.exe
      C:\WINDOWS\SYSTEM32\wuauclt.exe
      C:\WINDOWS\SYSTEM32\wuauclt.exe
      C:\Documents and Settings\locara\Bureau\dss.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
      R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.update.microsoft.com/windowsupdate/v6/default.aspx
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
      O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
      O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM32\msdxm.ocx
      O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
      O4 - HKLM\..\Run: [AVP] "C:\Program Files\Micro Application\Anti-Virus Personnel 2007\avp.exe"
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
      O9 - Extra button: Anti-Virus Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - (file missing)
      O9 - Extra 'Tools' menuitem: (no name) - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - (file missing)
      O9 - Extra button: Liens apparentés - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\WEB\related.htm
      O9 - Extra 'Tools' menuitem: Afficher les liens &apparentés - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\WEB\related.htm
      O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
      O20 - Winlogon Notify: klogon - C:\WINDOWS\SYSTEM32\klogon.dll
      O23 - Service: Anti-Virus Personnel 2007 (AVP) - Micro Application - C:\Program Files\Micro Application\Anti-Virus Personnel 2007\avp.exe -r
      O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Unknown owner - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe


      -- File Associations -----------------------------------------------------------

      All associations okay.


      -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

      All drivers whitelisted.


      -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

      S2 SPF4 (Sunbelt Personal Firewall 4) - c:\program files\sunbelt software\personal firewall\kpf4ss.exe (file missing)


      -- Files created between 2007-05-09 and 2007-06-09 -----------------------------

      2007-06-09 09:22:51 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo! Companion
      2007-06-09 09:18:51 0 dr-h----- C:\Documents and Settings\locara\Recent
      2007-06-09 08:50:28 0 d-------- C:\WINDOWS\LastGood
      2007-06-09 08:36:23 0 d-------- C:\WINDOWS\System32\PreInstall
      2007-06-09 08:36:16 0 d--h----- C:\WINDOWS\$hf_mig$
      2007-06-09 08:33:08 0 d-------- C:\WINDOWS\System32\bits
      2007-06-09 01:16:49 0 --ahs---- C:\WINDOWS\System32\.exe
      2007-06-09 01:15:07 123 --a------ C:\WINDOWS\System32\unff.bat
      2007-06-09 00:12:15 0 d-------- C:\WINDOWS\System32\SoftwareDistribution
      2007-06-09 00:10:41 0 d---s---- C:\Documents and Settings\locara\UserData
      2007-06-08 23:54:32 2920 --ah----- C:\WINDOWS\System32\euclt.exe
      2007-06-08 23:46:55 0 d-------- C:\WINDOWS\SoftwareDistribution
      2007-06-08 23:44:01 27136 --ah----- C:\WINDOWS\System32\keibs.exe
      2007-06-08 23:38:25 0 -ra------ C:\WINDOWS\System32\TFTP2044
      2007-06-08 23:25:43 0 d--h----- C:\Documents and Settings\Default User.WINDOWS\Voisinage réseau
      2007-06-08 23:25:43 0 d--h----- C:\Documents and Settings\Default User.WINDOWS\Voisinage d'impression
      2007-06-08 23:25:43 0 dr-h----- C:\Documents and Settings\Default User.WINDOWS\SendTo
      2007-06-08 23:25:43 0 d--h----- C:\Documents and Settings\Default User.WINDOWS\Recent
      2007-06-08 23:25:43 0 d--h----- C:\Documents and Settings\Default User.WINDOWS\Modèles
      2007-06-08 23:25:43 0 d-------- C:\Documents and Settings\Default User.WINDOWS\Mes documents
      2007-06-08 23:25:43 0 dr------- C:\Documents and Settings\Default User.WINDOWS\Menu Démarrer
      2007-06-08 23:25:43 0 dr-h----- C:\Documents and Settings\Default User.WINDOWS\Local Settings
      2007-06-08 23:25:43 0 d-------- C:\Documents and Settings\Default User.WINDOWS\Favoris
      2007-06-08 23:25:43 0 d---s---- C:\Documents and Settings\Default User.WINDOWS\Cookies
      2007-06-08 23:25:43 0 d-------- C:\Documents and Settings\Default User.WINDOWS\Bureau
      2007-06-08 23:25:43 0 d--h----- C:\Documents and Settings\All Users.WINDOWS\Modèles
      2007-06-08 23:25:43 0 dr------- C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer
      2007-06-08 23:25:43 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Favoris
      2007-06-08 23:25:43 0 dr------- C:\Documents and Settings\All Users.WINDOWS\Documents
      2007-06-08 23:25:43 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Bureau
      2007-06-08 23:25:10 0 dr-h----- C:\Documents and Settings\Default User.WINDOWS\Application Data
      2007-06-08 23:25:10 0 d---s---- C:\Documents and Settings\Default User.WINDOWS\Application Data\Microsoft
      2007-06-08 23:25:09 0 dr-h----- C:\Documents and Settings\All Users.WINDOWS\Application Data
      2007-06-08 23:25:09 0 d---s---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft
      2007-06-08 23:11:13 28448 --ahs---- C:\WINDOWS\System32\drivers\fidbox2.dat
      2007-06-08 23:11:13 1392416 --ahs---- C:\WINDOWS\System32\drivers\fidbox.dat
      2007-06-08 23:11:13 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Micro Application
      2007-06-08 23:03:35 0 d-------- C:\Documents and Settings\locara\Application Data\Identities
      2007-06-08 23:02:53 0 dr------- C:\Documents and Settings\locara\Favoris
      2007-06-08 23:02:53 0 d---s---- C:\Documents and Settings\locara\Cookies
      2007-06-08 23:02:53 0 d-------- C:\Documents and Settings\locara\Bureau
      2007-06-08 23:02:53 0 dr-h----- C:\Documents and Settings\locara\Application Data
      2007-06-08 23:02:52 0 d--h----- C:\Documents and Settings\locara\Voisinage réseau
      2007-06-08 23:02:52 0 d--h----- C:\Documents and Settings\locara\Voisinage d'impression
      2007-06-08 23:02:52 0 dr-h----- C:\Documents and Settings\locara\SendTo
      2007-06-08 23:02:52 786432 --ah----- C:\Documents and Settings\locara\NTUSER.DAT
      2007-06-08 23:02:52 0 d--h----- C:\Documents and Settings\locara\Modèles
      2007-06-08 23:02:52 0 dr------- C:\Documents and Settings\locara\Mes documents
      2007-06-08 23:02:52 0 dr------- C:\Documents and Settings\locara\Menu Démarrer
      2007-06-08 23:02:52 0 d--h----- C:\Documents and Settings\locara\Local Settings
      2007-06-08 23:00:23 0 d--h----- C:\Documents and Settings\LocalService.AUTORITE NT.001\Local Settings
      2007-06-08 23:00:23 0 d---s---- C:\Documents and Settings\LocalService.AUTORITE NT.001\Cookies
      2007-06-08 23:00:23 0 d-------- C:\Documents and Settings\LocalService.AUTORITE NT.001\Application Data
      2007-06-08 23:00:23 0 d---s---- C:\Documents and Settings\LocalService.AUTORITE NT.001\Application Data\Microsoft
      2007-06-08 23:00:22 233472 --ah----- C:\Documents and Settings\LocalService.AUTORITE NT.001\NTUSER.DAT
      2007-06-08 23:00:21 0 d--h----- C:\Documents and Settings\NetworkService.AUTORITE NT.001\Local Settings
      2007-06-08 23:00:21 0 d---s---- C:\Documents and Settings\NetworkService.AUTORITE NT.001\Cookies
      2007-06-08 23:00:21 0 d-------- C:\Documents and Settings\NetworkService.AUTORITE NT.001\Application Data
      2007-06-08 23:00:21 0 d---s---- C:\Documents and Settings\NetworkService.AUTORITE NT.001\Application Data\Microsoft
      2007-06-08 23:00:20 233472 --ah----- C:\Documents and Settings\NetworkService.AUTORITE NT.001\NTUSER.DAT
      2007-06-08 22:49:51 233472 ---h----- C:\Documents and Settings\Default User.WINDOWS\NTUSER.DAT
      2007-06-08 22:45:55 0 d--hs---- C:\Documents and Settings\All Users.WINDOWS\DRM
      2007-06-08 22:40:39 21892 --a------ C:\WINDOWS\System32\emptyregdb.dat
      2007-06-08 21:40:40 0 dr-h----- C:\Documents and Settings\the rock\Recent
      2007-06-06 22:34:57 0 d-------- C:\Program Files\Yahoo!
      2007-06-06 22:32:21 0 d-------- C:\Program Files\CCleaner
      2007-06-05 23:50:43 0 d-------- C:\WINDOWS\Prefetch
      2007-06-05 21:22:52 0 d-------- C:\Documents and Settings\the rock\Application Data\Identities
      2007-06-05 21:22:26 0 d--h----- C:\Documents and Settings\the rock\Voisinage réseau
      2007-06-05 21:22:26 0 d--h----- C:\Documents and Settings\the rock\Voisinage d'impression
      2007-06-05 21:22:26 0 dr-h----- C:\Documents and Settings\the rock\SendTo
      2007-06-05 21:22:26 0 d--h----- C:\Documents and Settings\the rock\Modèles
      2007-06-05 21:22:26 0 dr------- C:\Documents and Settings\the rock\Mes documents
      2007-06-05 21:22:26 0 dr------- C:\Documents and Settings\the rock\Menu Démarrer
      2007-06-05 21:22:26 0 d--h----- C:\Documents and Settings\the rock\Local Settings
      2007-06-05 21:22:26 0 dr------- C:\Documents and Settings\the rock\Favoris
      2007-06-05 21:22:26 0 d---s---- C:\Documents and Settings\the rock\Cookies
      2007-06-05 21:22:26 0 d-------- C:\Documents and Settings\the rock\Bureau
      2007-06-05 21:22:26 0 dr-h----- C:\Documents and Settings\the rock\Application Data
      2007-06-05 21:22:26 0 d---s---- C:\Documents and Settings\the rock\Application Data\Microsoft
      2007-06-05 21:22:25 786432 --ah----- C:\Documents and Settings\the rock\NTUSER.DAT
      2007-06-05 21:19:22 233472 --ah----- C:\Documents and Settings\LocalService.AUTORITE NT.000\NTUSER.DAT
      2007-06-05 21:19:22 0 d--h----- C:\Documents and Settings\LocalService.AUTORITE NT.000\Local Settings
      2007-06-05 21:19:22 0 d---s---- C:\Documents and Settings\LocalService.AUTORITE NT.000\Cookies
      2007-06-05 21:19:22 0 d-------- C:\Documents and Settings\LocalService.AUTORITE NT.000\Application Data
      2007-06-05 21:19:22 0 d---s---- C:\Documents and Settings\LocalService.AUTORITE NT.000\Application Data\Microsoft
      2007-06-05 21:19:21 233472 --ah----- C:\Documents and Settings\NetworkService.AUTORITE NT.000\NTUSER.DAT
      2007-06-05 21:19:21 0 d--h----- C:\Documents and Settings\NetworkService.AUTORITE NT.000\Local Settings
      2007-06-05 21:19:21 0 d---s---- C:\Documents and Settings\NetworkService.AUTORITE NT.000\Cookies
      2007-06-05 21:19:21 0 d-------- C:\Documents and Settings\NetworkService.AUTORITE NT.000\Application Data
      2007-06-05 21:19:21 0 d---s---- C:\Documents and Settings\NetworkService.AUTORITE NT.000\Application Data\Microsoft
      2007-06-03 20:45:07 2 --a------ C:\808074015
      2007-06-03 20:43:57 0 d-------- C:\Documents and Settings\paturel\Application Data\Identities
      2007-06-03 20:43:19 0 d--h----- C:\Documents and Settings\paturel\Voisinage réseau
      2007-06-03 20:43:19 0 d--h----- C:\Documents and Settings\paturel\Voisinage d'impression
      2007-06-03 20:43:19 0 dr-h----- C:\Documents and Settings\paturel\SendTo
      2007-06-03 20:43:19 0 dr-h----- C:\Documents and Settings\paturel\Recent
      2007-06-03 20:43:19 0 d--h----- C:\Documents and Settings\paturel\Modèles
      2007-06-03 20:43:19 0 dr------- C:\Documents and Settings\paturel\Mes documents
      2007-06-03 20:43:19 0 dr------- C:\Documents and Settings\paturel\Menu Démarrer
      2007-06-03 20:43:19 0 d--h----- C:\Documents and Settings\paturel\Local Settings
      2007-06-03 20:43:19 0 dr------- C:\Documents and Settings\paturel\Favoris
      2007-06-03 20:43:19 0 d---s---- C:\Documents and Settings\paturel\Cookies
      2007-06-03 20:43:19 0 d-------- C:\Documents and Settings\paturel\Bureau
      2007-06-03 20:43:19 0 dr-h----- C:\Documents and Settings\paturel\Application Data
      2007-06-03 20:43:19 0 d---s---- C:\Documents and Settings\paturel\Application Data\Microsoft
      2007-06-03 20:43:18 786432 --ah----- C:\Documents and Settings\paturel\NTUSER.DAT
      2007-06-03 20:41:37 233472 --ah----- C:\Documents and Settings\LocalService.AUTORITE NT\NTUSER.DAT
      2007-06-03 20:41:37 0 d--h----- C:\Documents and Settings\LocalService.AUTORITE NT\Local Settings
      2007-06-03 20:41:37 0 d---s---- C:\Documents and Settings\LocalService.AUTORITE NT\Cookies
      2007-06-03 20:41:37 0 d-------- C:\Documents and Settings\LocalService.AUTORITE NT\Application Data
      2007-06-03 20:41:37 0 d---s---- C:\Documents and Settings\LocalService.AUTORITE NT\Application Data\Microsoft
      2007-06-03 20:41:35 233472 --ah----- C:\Documents and Settings\NetworkService.AUTORITE NT\NTUSER.DAT
      2007-06-03 20:41:35 0 d--h----- C:\Documents and Settings\NetworkService.AUTORITE NT\Local Settings
      2007-06-03 20:41:35 0 d---s---- C:\Documents and Settings\NetworkService.AUTORITE NT\Cookies
      2007-06-03 20:41:35 0 d-------- C:\Documents and Settings\NetworkService.AUTORITE NT\Application Data
      2007-06-03 20:41:35 0 d---s---- C:\Documents and Settings\NetworkService.AUTORITE NT\Application Data\Microsoft
      2007-06-03 20:29:24 0 d--h----- C:\Program Files\Fichiers communs\delsim
      2007-05-31 21:11:13 0 d-------- C:\Program Files\Packard Bell
      2007-05-30 19:59:55 0 d-------- C:\Garmin
      2007-05-26 23:39:26 0 d--hs---- C:\FOUND.002
      2007-05-22 20:07:18 0 d-------- C:\Documents and Settings\famille paturel\Application Data\vlc
      2007-05-22 20:05:44 0 d-------- C:\Program Files\VideoLAN
      2007-05-17 21:57:06 0 d-------- C:\Program Files\eMule
      2007-05-17 21:56:34 0 d-------- C:\audiograbber
      2007-05-17 18:25:06 0 d--hs---- C:\FOUND.001
      2007-05-17 18:07:54 0 d-------- C:\Program Files\Micro Application
      2007-05-17 18:07:54 0 d-------- C:\Documents and Settings\All Users\Application Data\Micro Application
      2007-05-12 18:39:28 0 d--hs---- C:\FOUND.000
      2007-05-09 19:17:55 0 d-------- C:\Documents and Settings\famille paturel\Application Data\MSN6
      2007-05-09 19:17:55 0 d-------- C:\Documents and Settings\All Users\Application Data\MSN6


      -- Find3M Report ---------------------------------------------------------------

      2007-06-09 00:12:24 0 d--h----- C:\Program Files\WindowsUpdate
      2007-06-08 23:25:43 62 --ahs---- C:\Documents and Settings\locara\Application Data\desktop.ini
      2007-06-08 23:06:47 367658 --a------ C:\WINDOWS\System32\perfh00C.dat
      2007-06-08 23:06:47 48616 --a------ C:\WINDOWS\System32\perfc00C.dat
      2007-06-03 20:29:24 0 dr------- C:\Program Files\Fichiers communs
      2007-06-03 20:00:58 0 d-------- C:\Program Files\Movie Maker
      2007-06-03 19:56:42 0 d-------- C:\Program Files\Messenger
      2007-06-03 19:56:27 0 d-------- C:\Program Files\Windows NT
      2007-05-04 17:19:54 0 d-------- C:\Program Files\Free
      2007-04-29 20:48:02 0 d-------- C:\Program Files\Fichiers communs\Symantec Shared
      2007-04-29 20:28:18 0 d-------- C:\Program Files\Google
      2007-04-19 20:08:08 0 d-------- C:\Program Files\Fichiers communs\Teleca Shared
      2007-04-14 17:26:58 0 d-------- C:\Program Files\Nero
      2007-04-14 17:26:58 0 d-------- C:\Program Files\Fichiers communs\Ahead
      2007-04-10 23:35:36 0 d-------- C:\Program Files\Webroot
      2007-04-10 22:37:20 0 d-------- C:\Program Files\Fichiers communs\Cisco Systems
      2007-04-10 22:36:46 0 d-------- C:\Program Files\Network Associates
      2007-04-10 22:24:26 0 d-------- C:\Program Files\microsoft frontpage
      2007-04-10 22:19:54 0 d-------- C:\Program Files\Fichiers communs\MSSoap
      2007-04-10 22:17:52 0 d-------- C:\Program Files\Services en ligne
      2007-04-10 22:17:34 0 d-------- C:\Program Files\MSN Gaming Zone
      2007-04-10 22:10:30 0 d-------- C:\Program Files\Fichiers communs\ODBC
      2007-04-10 22:10:26 0 d-------- C:\Program Files\Fichiers communs\SpeechEngines
      2007-04-10 21:40:10 100 --a------ C:\CONFIG.SYS
      2007-04-10 21:40:10 134 --a------ C:\AUTOEXEC.BAT
      2007-04-10 21:38:18 0 d-------- C:\Program Files\USB Driver-Express
      2007-04-10 21:37:30 0 d-------- C:\Program Files\Friendly Technologies
      2007-04-10 21:37:30 0 d-------- C:\Program Files\Fichiers communs\FTL Shared


      -- Registry Dump ---------------------------------------------------------------

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
      {02478D38-C3F9-4EFB-9B51-7695ECA05670} C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
      "AVP"="\"C:\\Program Files\\Micro Application\\Anti-Virus Personnel 2007\\avp.exe\""

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
      "CTFMON.EXE"="C:\\WINDOWS\\System32\\ctfmon.exe"

      [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
      "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

      HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
      Authentication Packages REG_MULTI_SZ msv1_0\0\0
      Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
      Notification Packages REG_MULTI_SZ scecli\0\0


      [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
      LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
      NetworkService REG_MULTI_SZ DnsCache\0\0
      rpcss REG_MULTI_SZ RpcSs\0\0
      imgsvc REG_MULTI_SZ StiSvc\0\0
      termsvcs REG_MULTI_SZ TermService\0\0



      -- End of Deckard's System Scanner: finished at 2007-06-09 at 10:06:16 ---------



      Deckard's System Scanner v20070603.47
      Extra logfile - please post this as an attachment with your post.
      --------------------------------------------------------------------------------

      -- System Information ----------------------------------------------------------

      Microsoft Windows XP Professionnel (build 2600) SP 1.0
      Architecture: X86; Language: French

      CPU 0: Processeur Intel Pentium III
      Percentage of Memory in Use: 62%
      Physical Memory (total/avail): 253.51 MiB / 95.42 MiB
      Pagefile Memory (total/avail): 624.73 MiB / 453.01 MiB
      Virtual Memory (total/avail): 2047.88 MiB / 1931.2 MiB

      A: is Removable (No Media)
      C: is Fixed (NTFS) - 18.65 GiB total, 7.11 GiB free.
      D: is CDROM (No Media)
      E: is CDROM (No Media)


      -- Security Center -------------------------------------------------------------

      AUOptions is set to notify before download.


      -- Environment Variables -------------------------------------------------------

      ALLUSERSPROFILE=C:\Documents and Settings\All Users.WINDOWS
      APPDATA=C:\Documents and Settings\locara\Application Data
      CLIENTNAME=Console
      CommonProgramFiles=C:\Program Files\Fichiers communs
      COMPUTERNAME=LOCARA-9AS0P2R8
      ComSpec=C:\WINDOWS\system32\cmd.exe
      HOMEDRIVE=C:
      HOMEPATH=\Documents and Settings\locara
      LOGONSERVER=\\LOCARA-9AS0P2R8
      NUMBER_OF_PROCESSORS=1
      OS=Windows_NT
      Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Internet Explorer;
      PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
      PROCESSOR_ARCHITECTURE=x86
      PROCESSOR_IDENTIFIER=x86 Family 6 Model 8 Stepping 6, GenuineIntel
      PROCESSOR_LEVEL=6
      PROCESSOR_REVISION=0806
      ProgramFiles=C:\Program Files
      PROMPT=$P$G
      SESSIONNAME=Console
      SystemDrive=C:
      SystemRoot=C:\WINDOWS
      TEMP=C:\DOCUME~1\locara\LOCALS~1\Temp
      TMP=C:\DOCUME~1\locara\LOCALS~1\Temp
      USERDOMAIN=LOCARA-9AS0P2R8
      USERNAME=locara
      USERPROFILE=C:\Documents and Settings\locara
      windir=C:\WINDOWS


      -- User Profiles ---------------------------------------------------------------

      locara [I](admin)[/I]


      -- Add/Remove Programs ---------------------------------------------------------

      --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
      Anti-Virus Personnel 2007 --> MsiExec.exe /I{75193929-9A52-4CA4-98DE-8C7296940920}
      CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
      Correctif Windows XP - KB842773 --> C:\WINDOWS\$NtUninstallKB842773$\spuninst\spuninst.exe
      HijackThis 2.0.0 --> "C:\Documents and Settings\locara\Bureau\HijackThis.exe" /uninstall
      Mise à jour pour Windows XP (KB898461) --> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
      Yahoo! Install Manager --> C:\WINDOWS\System32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
      Yahoo! Toolbar avec bloqueur de fenêtres pop-up --> C:\PROGRA~1\Yahoo!\Common\unyt.exe


      -- End of Deckard's System Scanner: finished at 2007-06-09 at 10:06:16 ---------
      0
  2. Utilisateur anonyme
     
    Clic sur démarrer, poste de travail, C:, Windows, system32, cherche et supprime :

    - unff.bat
    - euclt.exe
    - keibs.exe
    - .exe

    **Si un fichier/dossier persiste lors de la suppression fait ceci:
    - Redémarre ton PC. Dès l'allumage de celui-ci tapote la touche F8 (ou F5 si F8 ne fonctionne pas), à l'écran qui va apparaître choisis "mode sans echec" attends un peu..
    Puis va supprimer les fichiers/dossiers, vide ta corbeille et redémarre ton PC normalement.

    Continue à mettre ton PC à jour ;-)
    0
    1. laurent paturel
       
      Salut,
      je suis en train de rechercher ces fichiers. je te tiens au courant.
      merci de ton aide
      à plus
      0