Sujet Précédent Sujet Suivant

Mon pc est vérolé (comment le réparer) ?

Fermé
Locara92 Messages postés 29 Date d'inscription samedi 9 juin 2007 Statut Membre Dernière intervention 22 octobre 2008 - 9 juin 2007 à 09:33
 laurent paturel - 9 juin 2007 à 23:46
Bonjour tout le monde,

mon pc est vérolé par des virus + trojans + adwares car il est supe rlent et mouline !
Ci-joint mon hijackthis
Merci pour votre aide s'il vous plâît :

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 09:21:23, on 09/06/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Micro Application\Anti-Virus Personnel 2007\avp.exe
C:\Program Files\Micro Application\Anti-Virus Personnel 2007\avp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\locara\Bureau\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.update.microsoft.com/windowsupdate/v6/default.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Micro Application\Anti-Virus Personnel 2007\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Anti-Virus Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Micro Application\Anti-Virus Personnel 2007\scieplugin.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Anti-Virus Personnel 2007 (AVP) - Micro Application - C:\Program Files\Micro Application\Anti-Virus Personnel 2007\avp.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: DDE réseau (NetDDE) - Unknown owner - C:\WINDOWS\system32\netdde.exe
O23 - Service: DSDM DDE réseau (NetDDEdsdm) - Unknown owner - C:\WINDOWS\system32\netdde.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Prise en charge des cartes à puces (SCardDrv) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Unknown owner - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe (file missing)
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe
A voir également:

2 réponses

Réponse 1 / 2
Utilisateur anonyme
9 juin 2007 à 09:39
Bonjour

Fais ceci pour vérifier quelque chose ..


Télécharge ComboScan sur ton Bureau.
---> http://www.techsupportforum.com/sectools/Deckard/dss.exe
Ferme toutes les applications en cours ; antivirus, pare-feu, etc ..
Double-clic sur comboscan.exe A la fenêtre qui s'affiche, clic sur OK.
Soit patient ..
Le rapport Comboscan.txt s'affichera, copie et colle le contenu de ce fichier ici.
Attention, il peut avoir deux, trois rapports mets les tous ici stp

0
Locara92 Messages postés 29 Date d'inscription samedi 9 juin 2007 Statut Membre Dernière intervention 22 octobre 2008
9 juin 2007 à 10:10
Bonjour, voici le rapport Comboscan :

Deckard's System Scanner v20070603.47
Run by locara on 2007-06-09 at 09:55:17
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
10: 2007-06-09 07:56:26 UTC - RP10 - Deckard's System Scanner Restore Point
9: 2007-06-09 06:37:11 UTC - RP9 - Installed Windows XP (KB892130).
8: 2007-06-09 06:36:21 UTC - RP8 - Le KB898461 pour Windows XP a été installé.
7: 2007-06-09 06:35:14 UTC - RP7 - Le KB893803v2 pour Windows Installer a été installé.
6: 2007-06-09 06:33:00 UTC - RP6 - Le KB842773 pour Windows XP a été installé.


-- First Restore Point --
1: 2007-06-08 21:04:16 UTC - RP1 - Point de vérification système


Backed up registry hives.

Performed disk cleanup.


-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of HijackThis v1.99.1
Scan saved at 2007-06-09 09:57:31
Platform: Windows XP Service Pack 1 (5.01.2600)
MSIE: Internet Explorer (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\SYSTEM32\services.exe
C:\WINDOWS\SYSTEM32\lsass.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\SYSTEM32\spoolsv.exe
C:\Program Files\Micro Application\Anti-Virus Personnel 2007\avp.exe
C:\Program Files\Micro Application\Anti-Virus Personnel 2007\avp.exe
C:\WINDOWS\SYSTEM32\ctfmon.exe
C:\WINDOWS\SYSTEM32\wuauclt.exe
C:\WINDOWS\SYSTEM32\wuauclt.exe
C:\Documents and Settings\locara\Bureau\dss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.update.microsoft.com/windowsupdate/v6/default.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Micro Application\Anti-Virus Personnel 2007\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O9 - Extra button: Anti-Virus Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - (file missing)
O9 - Extra 'Tools' menuitem: (no name) - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - (file missing)
O9 - Extra button: Liens apparentés - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\WEB\related.htm
O9 - Extra 'Tools' menuitem: Afficher les liens &apparentés - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\WEB\related.htm
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O20 - Winlogon Notify: klogon - C:\WINDOWS\SYSTEM32\klogon.dll
O23 - Service: Anti-Virus Personnel 2007 (AVP) - Micro Application - C:\Program Files\Micro Application\Anti-Virus Personnel 2007\avp.exe -r
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Unknown owner - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe


-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

All drivers whitelisted.


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S2 SPF4 (Sunbelt Personal Firewall 4) - c:\program files\sunbelt software\personal firewall\kpf4ss.exe (file missing)


-- Files created between 2007-05-09 and 2007-06-09 -----------------------------

2007-06-09 09:22:51 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo! Companion
2007-06-09 09:18:51 0 dr-h----- C:\Documents and Settings\locara\Recent
2007-06-09 08:50:28 0 d-------- C:\WINDOWS\LastGood
2007-06-09 08:36:23 0 d-------- C:\WINDOWS\System32\PreInstall
2007-06-09 08:36:16 0 d--h----- C:\WINDOWS\$hf_mig$
2007-06-09 08:33:08 0 d-------- C:\WINDOWS\System32\bits
2007-06-09 01:16:49 0 --ahs---- C:\WINDOWS\System32\.exe
2007-06-09 01:15:07 123 --a------ C:\WINDOWS\System32\unff.bat
2007-06-09 00:12:15 0 d-------- C:\WINDOWS\System32\SoftwareDistribution
2007-06-09 00:10:41 0 d---s---- C:\Documents and Settings\locara\UserData
2007-06-08 23:54:32 2920 --ah----- C:\WINDOWS\System32\euclt.exe
2007-06-08 23:46:55 0 d-------- C:\WINDOWS\SoftwareDistribution
2007-06-08 23:44:01 27136 --ah----- C:\WINDOWS\System32\keibs.exe
2007-06-08 23:38:25 0 -ra------ C:\WINDOWS\System32\TFTP2044
2007-06-08 23:25:43 0 d--h----- C:\Documents and Settings\Default User.WINDOWS\Voisinage réseau
2007-06-08 23:25:43 0 d--h----- C:\Documents and Settings\Default User.WINDOWS\Voisinage d'impression
2007-06-08 23:25:43 0 dr-h----- C:\Documents and Settings\Default User.WINDOWS\SendTo
2007-06-08 23:25:43 0 d--h----- C:\Documents and Settings\Default User.WINDOWS\Recent
2007-06-08 23:25:43 0 d--h----- C:\Documents and Settings\Default User.WINDOWS\Modèles
2007-06-08 23:25:43 0 d-------- C:\Documents and Settings\Default User.WINDOWS\Mes documents
2007-06-08 23:25:43 0 dr------- C:\Documents and Settings\Default User.WINDOWS\Menu Démarrer
2007-06-08 23:25:43 0 dr-h----- C:\Documents and Settings\Default User.WINDOWS\Local Settings
2007-06-08 23:25:43 0 d-------- C:\Documents and Settings\Default User.WINDOWS\Favoris
2007-06-08 23:25:43 0 d---s---- C:\Documents and Settings\Default User.WINDOWS\Cookies
2007-06-08 23:25:43 0 d-------- C:\Documents and Settings\Default User.WINDOWS\Bureau
2007-06-08 23:25:43 0 d--h----- C:\Documents and Settings\All Users.WINDOWS\Modèles
2007-06-08 23:25:43 0 dr------- C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer
2007-06-08 23:25:43 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Favoris
2007-06-08 23:25:43 0 dr------- C:\Documents and Settings\All Users.WINDOWS\Documents
2007-06-08 23:25:43 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Bureau
2007-06-08 23:25:10 0 dr-h----- C:\Documents and Settings\Default User.WINDOWS\Application Data
2007-06-08 23:25:10 0 d---s---- C:\Documents and Settings\Default User.WINDOWS\Application Data\Microsoft
2007-06-08 23:25:09 0 dr-h----- C:\Documents and Settings\All Users.WINDOWS\Application Data
2007-06-08 23:25:09 0 d---s---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft
2007-06-08 23:11:13 28448 --ahs---- C:\WINDOWS\System32\drivers\fidbox2.dat
2007-06-08 23:11:13 1392416 --ahs---- C:\WINDOWS\System32\drivers\fidbox.dat
2007-06-08 23:11:13 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Micro Application
2007-06-08 23:03:35 0 d-------- C:\Documents and Settings\locara\Application Data\Identities
2007-06-08 23:02:53 0 dr------- C:\Documents and Settings\locara\Favoris
2007-06-08 23:02:53 0 d---s---- C:\Documents and Settings\locara\Cookies
2007-06-08 23:02:53 0 d-------- C:\Documents and Settings\locara\Bureau
2007-06-08 23:02:53 0 dr-h----- C:\Documents and Settings\locara\Application Data
2007-06-08 23:02:52 0 d--h----- C:\Documents and Settings\locara\Voisinage réseau
2007-06-08 23:02:52 0 d--h----- C:\Documents and Settings\locara\Voisinage d'impression
2007-06-08 23:02:52 0 dr-h----- C:\Documents and Settings\locara\SendTo
2007-06-08 23:02:52 786432 --ah----- C:\Documents and Settings\locara\NTUSER.DAT
2007-06-08 23:02:52 0 d--h----- C:\Documents and Settings\locara\Modèles
2007-06-08 23:02:52 0 dr------- C:\Documents and Settings\locara\Mes documents
2007-06-08 23:02:52 0 dr------- C:\Documents and Settings\locara\Menu Démarrer
2007-06-08 23:02:52 0 d--h----- C:\Documents and Settings\locara\Local Settings
2007-06-08 23:00:23 0 d--h----- C:\Documents and Settings\LocalService.AUTORITE NT.001\Local Settings
2007-06-08 23:00:23 0 d---s---- C:\Documents and Settings\LocalService.AUTORITE NT.001\Cookies
2007-06-08 23:00:23 0 d-------- C:\Documents and Settings\LocalService.AUTORITE NT.001\Application Data
2007-06-08 23:00:23 0 d---s---- C:\Documents and Settings\LocalService.AUTORITE NT.001\Application Data\Microsoft
2007-06-08 23:00:22 233472 --ah----- C:\Documents and Settings\LocalService.AUTORITE NT.001\NTUSER.DAT
2007-06-08 23:00:21 0 d--h----- C:\Documents and Settings\NetworkService.AUTORITE NT.001\Local Settings
2007-06-08 23:00:21 0 d---s---- C:\Documents and Settings\NetworkService.AUTORITE NT.001\Cookies
2007-06-08 23:00:21 0 d-------- C:\Documents and Settings\NetworkService.AUTORITE NT.001\Application Data
2007-06-08 23:00:21 0 d---s---- C:\Documents and Settings\NetworkService.AUTORITE NT.001\Application Data\Microsoft
2007-06-08 23:00:20 233472 --ah----- C:\Documents and Settings\NetworkService.AUTORITE NT.001\NTUSER.DAT
2007-06-08 22:49:51 233472 ---h----- C:\Documents and Settings\Default User.WINDOWS\NTUSER.DAT
2007-06-08 22:45:55 0 d--hs---- C:\Documents and Settings\All Users.WINDOWS\DRM
2007-06-08 22:40:39 21892 --a------ C:\WINDOWS\System32\emptyregdb.dat
2007-06-08 21:40:40 0 dr-h----- C:\Documents and Settings\the rock\Recent
2007-06-06 22:34:57 0 d-------- C:\Program Files\Yahoo!
2007-06-06 22:32:21 0 d-------- C:\Program Files\CCleaner
2007-06-05 23:50:43 0 d-------- C:\WINDOWS\Prefetch
2007-06-05 21:22:52 0 d-------- C:\Documents and Settings\the rock\Application Data\Identities
2007-06-05 21:22:26 0 d--h----- C:\Documents and Settings\the rock\Voisinage réseau
2007-06-05 21:22:26 0 d--h----- C:\Documents and Settings\the rock\Voisinage d'impression
2007-06-05 21:22:26 0 dr-h----- C:\Documents and Settings\the rock\SendTo
2007-06-05 21:22:26 0 d--h----- C:\Documents and Settings\the rock\Modèles
2007-06-05 21:22:26 0 dr------- C:\Documents and Settings\the rock\Mes documents
2007-06-05 21:22:26 0 dr------- C:\Documents and Settings\the rock\Menu Démarrer
2007-06-05 21:22:26 0 d--h----- C:\Documents and Settings\the rock\Local Settings
2007-06-05 21:22:26 0 dr------- C:\Documents and Settings\the rock\Favoris
2007-06-05 21:22:26 0 d---s---- C:\Documents and Settings\the rock\Cookies
2007-06-05 21:22:26 0 d-------- C:\Documents and Settings\the rock\Bureau
2007-06-05 21:22:26 0 dr-h----- C:\Documents and Settings\the rock\Application Data
2007-06-05 21:22:26 0 d---s---- C:\Documents and Settings\the rock\Application Data\Microsoft
2007-06-05 21:22:25 786432 --ah----- C:\Documents and Settings\the rock\NTUSER.DAT
2007-06-05 21:19:22 233472 --ah----- C:\Documents and Settings\LocalService.AUTORITE NT.000\NTUSER.DAT
2007-06-05 21:19:22 0 d--h----- C:\Documents and Settings\LocalService.AUTORITE NT.000\Local Settings
2007-06-05 21:19:22 0 d---s---- C:\Documents and Settings\LocalService.AUTORITE NT.000\Cookies
2007-06-05 21:19:22 0 d-------- C:\Documents and Settings\LocalService.AUTORITE NT.000\Application Data
2007-06-05 21:19:22 0 d---s---- C:\Documents and Settings\LocalService.AUTORITE NT.000\Application Data\Microsoft
2007-06-05 21:19:21 233472 --ah----- C:\Documents and Settings\NetworkService.AUTORITE NT.000\NTUSER.DAT
2007-06-05 21:19:21 0 d--h----- C:\Documents and Settings\NetworkService.AUTORITE NT.000\Local Settings
2007-06-05 21:19:21 0 d---s---- C:\Documents and Settings\NetworkService.AUTORITE NT.000\Cookies
2007-06-05 21:19:21 0 d-------- C:\Documents and Settings\NetworkService.AUTORITE NT.000\Application Data
2007-06-05 21:19:21 0 d---s---- C:\Documents and Settings\NetworkService.AUTORITE NT.000\Application Data\Microsoft
2007-06-03 20:45:07 2 --a------ C:\808074015
2007-06-03 20:43:57 0 d-------- C:\Documents and Settings\paturel\Application Data\Identities
2007-06-03 20:43:19 0 d--h----- C:\Documents and Settings\paturel\Voisinage réseau
2007-06-03 20:43:19 0 d--h----- C:\Documents and Settings\paturel\Voisinage d'impression
2007-06-03 20:43:19 0 dr-h----- C:\Documents and Settings\paturel\SendTo
2007-06-03 20:43:19 0 dr-h----- C:\Documents and Settings\paturel\Recent
2007-06-03 20:43:19 0 d--h----- C:\Documents and Settings\paturel\Modèles
2007-06-03 20:43:19 0 dr------- C:\Documents and Settings\paturel\Mes documents
2007-06-03 20:43:19 0 dr------- C:\Documents and Settings\paturel\Menu Démarrer
2007-06-03 20:43:19 0 d--h----- C:\Documents and Settings\paturel\Local Settings
2007-06-03 20:43:19 0 dr------- C:\Documents and Settings\paturel\Favoris
2007-06-03 20:43:19 0 d---s---- C:\Documents and Settings\paturel\Cookies
2007-06-03 20:43:19 0 d-------- C:\Documents and Settings\paturel\Bureau
2007-06-03 20:43:19 0 dr-h----- C:\Documents and Settings\paturel\Application Data
2007-06-03 20:43:19 0 d---s---- C:\Documents and Settings\paturel\Application Data\Microsoft
2007-06-03 20:43:18 786432 --ah----- C:\Documents and Settings\paturel\NTUSER.DAT
2007-06-03 20:41:37 233472 --ah----- C:\Documents and Settings\LocalService.AUTORITE NT\NTUSER.DAT
2007-06-03 20:41:37 0 d--h----- C:\Documents and Settings\LocalService.AUTORITE NT\Local Settings
2007-06-03 20:41:37 0 d---s---- C:\Documents and Settings\LocalService.AUTORITE NT\Cookies
2007-06-03 20:41:37 0 d-------- C:\Documents and Settings\LocalService.AUTORITE NT\Application Data
2007-06-03 20:41:37 0 d---s---- C:\Documents and Settings\LocalService.AUTORITE NT\Application Data\Microsoft
2007-06-03 20:41:35 233472 --ah----- C:\Documents and Settings\NetworkService.AUTORITE NT\NTUSER.DAT
2007-06-03 20:41:35 0 d--h----- C:\Documents and Settings\NetworkService.AUTORITE NT\Local Settings
2007-06-03 20:41:35 0 d---s---- C:\Documents and Settings\NetworkService.AUTORITE NT\Cookies
2007-06-03 20:41:35 0 d-------- C:\Documents and Settings\NetworkService.AUTORITE NT\Application Data
2007-06-03 20:41:35 0 d---s---- C:\Documents and Settings\NetworkService.AUTORITE NT\Application Data\Microsoft
2007-06-03 20:29:24 0 d--h----- C:\Program Files\Fichiers communs\delsim
2007-05-31 21:11:13 0 d-------- C:\Program Files\Packard Bell
2007-05-30 19:59:55 0 d-------- C:\Garmin
2007-05-26 23:39:26 0 d--hs---- C:\FOUND.002
2007-05-22 20:07:18 0 d-------- C:\Documents and Settings\famille paturel\Application Data\vlc
2007-05-22 20:05:44 0 d-------- C:\Program Files\VideoLAN
2007-05-17 21:57:06 0 d-------- C:\Program Files\eMule
2007-05-17 21:56:34 0 d-------- C:\audiograbber
2007-05-17 18:25:06 0 d--hs---- C:\FOUND.001
2007-05-17 18:07:54 0 d-------- C:\Program Files\Micro Application
2007-05-17 18:07:54 0 d-------- C:\Documents and Settings\All Users\Application Data\Micro Application
2007-05-12 18:39:28 0 d--hs---- C:\FOUND.000
2007-05-09 19:17:55 0 d-------- C:\Documents and Settings\famille paturel\Application Data\MSN6
2007-05-09 19:17:55 0 d-------- C:\Documents and Settings\All Users\Application Data\MSN6


-- Find3M Report ---------------------------------------------------------------

2007-06-09 00:12:24 0 d--h----- C:\Program Files\WindowsUpdate
2007-06-08 23:25:43 62 --ahs---- C:\Documents and Settings\locara\Application Data\desktop.ini
2007-06-08 23:06:47 367658 --a------ C:\WINDOWS\System32\perfh00C.dat
2007-06-08 23:06:47 48616 --a------ C:\WINDOWS\System32\perfc00C.dat
2007-06-03 20:29:24 0 dr------- C:\Program Files\Fichiers communs
2007-06-03 20:00:58 0 d-------- C:\Program Files\Movie Maker
2007-06-03 19:56:42 0 d-------- C:\Program Files\Messenger
2007-06-03 19:56:27 0 d-------- C:\Program Files\Windows NT
2007-05-04 17:19:54 0 d-------- C:\Program Files\Free
2007-04-29 20:48:02 0 d-------- C:\Program Files\Fichiers communs\Symantec Shared
2007-04-29 20:28:18 0 d-------- C:\Program Files\Google
2007-04-19 20:08:08 0 d-------- C:\Program Files\Fichiers communs\Teleca Shared
2007-04-14 17:26:58 0 d-------- C:\Program Files\Nero
2007-04-14 17:26:58 0 d-------- C:\Program Files\Fichiers communs\Ahead
2007-04-10 23:35:36 0 d-------- C:\Program Files\Webroot
2007-04-10 22:37:20 0 d-------- C:\Program Files\Fichiers communs\Cisco Systems
2007-04-10 22:36:46 0 d-------- C:\Program Files\Network Associates
2007-04-10 22:24:26 0 d-------- C:\Program Files\microsoft frontpage
2007-04-10 22:19:54 0 d-------- C:\Program Files\Fichiers communs\MSSoap
2007-04-10 22:17:52 0 d-------- C:\Program Files\Services en ligne
2007-04-10 22:17:34 0 d-------- C:\Program Files\MSN Gaming Zone
2007-04-10 22:10:30 0 d-------- C:\Program Files\Fichiers communs\ODBC
2007-04-10 22:10:26 0 d-------- C:\Program Files\Fichiers communs\SpeechEngines
2007-04-10 21:40:10 100 --a------ C:\CONFIG.SYS
2007-04-10 21:40:10 134 --a------ C:\AUTOEXEC.BAT
2007-04-10 21:38:18 0 d-------- C:\Program Files\USB Driver-Express
2007-04-10 21:37:30 0 d-------- C:\Program Files\Friendly Technologies
2007-04-10 21:37:30 0 d-------- C:\Program Files\Fichiers communs\FTL Shared


-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4EFB-9B51-7695ECA05670} C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"AVP"="\"C:\\Program Files\\Micro Application\\Anti-Virus Personnel 2007\\avp.exe\""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\ctfmon.exe"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0



-- End of Deckard's System Scanner: finished at 2007-06-09 at 10:06:16 ---------



Deckard's System Scanner v20070603.47
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professionnel (build 2600) SP 1.0
Architecture: X86; Language: French

CPU 0: Processeur Intel Pentium III
Percentage of Memory in Use: 62%
Physical Memory (total/avail): 253.51 MiB / 95.42 MiB
Pagefile Memory (total/avail): 624.73 MiB / 453.01 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1931.2 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 18.65 GiB total, 7.11 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)


-- Security Center -------------------------------------------------------------

AUOptions is set to notify before download.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users.WINDOWS
APPDATA=C:\Documents and Settings\locara\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Fichiers communs
COMPUTERNAME=LOCARA-9AS0P2R8
ComSpec=C:\WINDOWS\system32\cmd.exe
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\locara
LOGONSERVER=\\LOCARA-9AS0P2R8
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Internet Explorer;
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 8 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0806
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\locara\LOCALS~1\Temp
TMP=C:\DOCUME~1\locara\LOCALS~1\Temp
USERDOMAIN=LOCARA-9AS0P2R8
USERNAME=locara
USERPROFILE=C:\Documents and Settings\locara
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

locara [I](admin)[/I]


-- Add/Remove Programs ---------------------------------------------------------

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Anti-Virus Personnel 2007 --> MsiExec.exe /I{75193929-9A52-4CA4-98DE-8C7296940920}
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Correctif Windows XP - KB842773 --> C:\WINDOWS\$NtUninstallKB842773$\spuninst\spuninst.exe
HijackThis 2.0.0 --> "C:\Documents and Settings\locara\Bureau\HijackThis.exe" /uninstall
Mise à jour pour Windows XP (KB898461) --> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Yahoo! Install Manager --> C:\WINDOWS\System32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Toolbar avec bloqueur de fenêtres pop-up --> C:\PROGRA~1\Yahoo!\Common\unyt.exe


-- End of Deckard's System Scanner: finished at 2007-06-09 at 10:06:16 ---------
0
Réponse 2 / 2
Utilisateur anonyme
9 juin 2007 à 12:19
Clic sur démarrer, poste de travail, C:, Windows, system32, cherche et supprime :

- unff.bat
- euclt.exe
- keibs.exe
- .exe

**Si un fichier/dossier persiste lors de la suppression fait ceci:
- Redémarre ton PC. Dès l'allumage de celui-ci tapote la touche F8 (ou F5 si F8 ne fonctionne pas), à l'écran qui va apparaître choisis "mode sans echec" attends un peu..
Puis va supprimer les fichiers/dossiers, vide ta corbeille et redémarre ton PC normalement.


Continue à mettre ton PC à jour ;-)
0
laurent paturel
9 juin 2007 à 23:46
Salut,
je suis en train de rechercher ces fichiers. je te tiens au courant.
merci de ton aide
à plus
0