Virus : compte a rebours services.exeRésolu/Fermé

Question

Bonjour,

Je pense avoir un virus puisque ca fait quelques jour que mon ordi s'éteint avec un compte à rebours de 60 sec. Le problème vient de services.exe

Est-ce que qqn peut m'aider? Voici le log file de hijackthis.

Un super grand merci d'avance

Raph

Logfile of HijackThis v1.99.1
Scan saved at 22:14:55, on 20/01/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINNT\System32\CTsvcCDA.EXE
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\MsPMSPSv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\devldr32.exe
C:\Program Files\Creative\SBLive2k\AudioHQ\AHQTB.EXE
C:\WINNT\System32\igfxtray.exe
C:\WINNT\System32\hkcmd.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINNT\system32\CTHELPER.EXE
C:\Program Files\Creative\News\NewsUpd.EXE
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Poste de Travail Sans Fil Labtec\MagicKey.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\eMule\emule.exe
C:\Documents and Settings\Ted\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.be/webhp?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINNT\Updreg.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive2k\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [NewsUpd] C:\Program Files\Creative\News\NewsUpd.EXE /q
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - Global Startup: Activer le Poste de Travail Sans Fil Labtec.lnk = C:\Program Files\Poste de Travail Sans Fil Labtec\MagicKey.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTsvcCDA.EXE
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: icrss manager 32bit (icrss) - Unknown owner - C:\WINNT\system\icrss.exe (file missing)
O23 - Service: Microsoft Sata emulation (mside) - Unknown owner - C:\WINNT\system\mside.exe (file missing)

Utilisateur anonyme · Answer

Bonjour



$$ Télécharge
SDFix sur ton bureau 
http://downloads.andymanchesta.com/RemovalTools/SDFix.zip 

clean.zip 
http://www.malekal.com/download/clean.zip 
Décompresse-le sur ton bureau (clic droit / extraire tout), tu dois obtenir un dossier clean. 


$$ Redémarre en mode sans échec. Attention, tu n'as pas accès à internet dans ce mode, note bien ce que tu as à faire.
Démarre l'ordinateur.
Une fois le chargement du BIOS terminé, il y a un écran noir. Appuye sur la touche F8 ou F5 jusqu'à l'affichage du menu des options avancées de Windows. 
En utilisant les touches du curseur, sélectionne le mode sans échec approprié et appuye sur Entrée.


$$ Ouvre le dossier Clean qui se trouve sur ton bureau, et double-clic sur clean.cmd.
Choisis l'option 2
Enregistre le rapport une fois le scan terminé


$$ Fais un clic droit sur SDFix.zip et choisis "Extraire tout" 
Double-clique sur RunThis.bat 
Tape Y pour lancer le script. 
Le Fix supprime les services du virus et nettoie le registre, de ce fait un redémarrage est nécessaire 
Presse une touche pour redémarrer 
Le PC va mettre du temps avant de démarrer, presse une touche lorsque "Finished" s'affiche 


Ouvre le dossier SDFix et copie/colle ici le contenu du fichier "Report.txt" avec le rapport qui se trouve ici C:\rapport_clean.txt  et un nouveau HijackThis.

Raph · Answer

Un super grand merci pour votre réponse!

Voici les différents rapports : 

pt execute en mode sans echec 
Rapport clean par Malekal_morte - http://www.malekal.com 
Option 2, executee le dim. 21/01/2007 a 12:39:07,07 

Microsoft Windows 2000 [Version 5.00.2195]
 
*** Suppression de fichiers sur C: 
 
*** Suppression des fichiers dans C:\WINNT\ 
 
*** Suppression des fichiers dans C:\WINNT\system32 
 
 
*** Suppression des clefs du registre effectuee.. 
*** Fin du rapport ! 


SD fix : 

SDFix: Version 1.60

dim. 21/01/2007 - 12:44:08,54

Microsoft Windows 2000 [Version 5.00.2195]

Running From: C:\SDFix

Safe Mode:
Checking Services: 

Name:
icrss
mside

Path:
"C:\WINNT\system\icrss.exe" 
"C:\WINNT\system\mside.exe" 

icrss Deleted
mside Deleted

Restoring Windows Registry Entries
Restoring Default Hosts File


Rebooting...

Normal Mode:
Checking Files:

Files will be copied to Backups folder and removed:

C:\WINNT\Temp\eraseme_00376.exe - Deleted
C:\WINNT\Temp\eraseme_00435.exe - Deleted
C:\WINNT\Temp\eraseme_00600.exe - Deleted
C:\WINNT\Temp\eraseme_00744.exe - Deleted
C:\WINNT\Temp\eraseme_00863.exe - Deleted
C:\WINNT\Temp\eraseme_01140.exe - Deleted
C:\WINNT\Temp\eraseme_01204.exe - Deleted
C:\WINNT\Temp\eraseme_01333.exe - Deleted
C:\WINNT\Temp\eraseme_01417.exe - Deleted
C:\WINNT\Temp\eraseme_01443.exe - Deleted
C:\WINNT\Temp\eraseme_01778.exe - Deleted
C:\WINNT\Temp\eraseme_02271.exe - Deleted
C:\WINNT\Temp\eraseme_02305.exe - Deleted
C:\WINNT\Temp\eraseme_02343.exe - Deleted
C:\WINNT\Temp\eraseme_02361.exe - Deleted
C:\WINNT\Temp\eraseme_02504.exe - Deleted
C:\WINNT\Temp\eraseme_02512.exe - Deleted
C:\WINNT\Temp\eraseme_02670.exe - Deleted
C:\WINNT\Temp\eraseme_02853.exe - Deleted
C:\WINNT\Temp\eraseme_03120.exe - Deleted
C:\WINNT\Temp\eraseme_04188.exe - Deleted
C:\WINNT\Temp\eraseme_04475.exe - Deleted
C:\WINNT\Temp\eraseme_04626.exe - Deleted
C:\WINNT\Temp\eraseme_05133.exe - Deleted
C:\WINNT\Temp\eraseme_05801.exe - Deleted
C:\WINNT\Temp\eraseme_05886.exe - Deleted
C:\WINNT\Temp\eraseme_06235.exe - Deleted
C:\WINNT\Temp\eraseme_06350.exe - Deleted
C:\WINNT\Temp\eraseme_06638.exe - Deleted
C:\WINNT\Temp\eraseme_06766.exe - Deleted
C:\WINNT\Temp\eraseme_06815.exe - Deleted
C:\WINNT\Temp\eraseme_07222.exe - Deleted
C:\WINNT\Temp\eraseme_07335.exe - Deleted
C:\WINNT\Temp\eraseme_07425.exe - Deleted
C:\WINNT\Temp\eraseme_07508.exe - Deleted
C:\WINNT\Temp\eraseme_07540.exe - Deleted
C:\WINNT\Temp\eraseme_07614.exe - Deleted
C:\WINNT\Temp\eraseme_07845.exe - Deleted
C:\WINNT\Temp\eraseme_07864.exe - Deleted
C:\WINNT\Temp\eraseme_08158.exe - Deleted
C:\WINNT\Temp\eraseme_08355.exe - Deleted
C:\WINNT\Temp\eraseme_08361.exe - Deleted
C:\WINNT\Temp\eraseme_08482.exe - Deleted
C:\WINNT\Temp\eraseme_08748.exe - Deleted
C:\WINNT\Temp\eraseme_08768.exe - Deleted
C:\WINNT\Temp\eraseme_10017.exe - Deleted
C:\WINNT\Temp\eraseme_10054.exe - Deleted
C:\WINNT\Temp\eraseme_10282.exe - Deleted
C:\WINNT\Temp\eraseme_10453.exe - Deleted
C:\WINNT\Temp\eraseme_10632.exe - Deleted
C:\WINNT\Temp\eraseme_10636.exe - Deleted
C:\WINNT\Temp\eraseme_10718.exe - Deleted
C:\WINNT\Temp\eraseme_10777.exe - Deleted
C:\WINNT\Temp\eraseme_10823.exe - Deleted
C:\WINNT\Temp\eraseme_10831.exe - Deleted
C:\WINNT\Temp\eraseme_10870.exe - Deleted
C:\WINNT\Temp\eraseme_11017.exe - Deleted
C:\WINNT\Temp\eraseme_11523.exe - Deleted
C:\WINNT\Temp\eraseme_11670.exe - Deleted
C:\WINNT\Temp\eraseme_11810.exe - Deleted
C:\WINNT\Temp\eraseme_11853.exe - Deleted
C:\WINNT\Temp\eraseme_12254.exe - Deleted
C:\WINNT\Temp\eraseme_12427.exe - Deleted
C:\WINNT\Temp\eraseme_12602.exe - Deleted
C:\WINNT\Temp\eraseme_12713.exe - Deleted
C:\WINNT\Temp\eraseme_12720.exe - Deleted
C:\WINNT\Temp\eraseme_12786.exe - Deleted
C:\WINNT\Temp\eraseme_12827.exe - Deleted
C:\WINNT\Temp\eraseme_13031.exe - Deleted
C:\WINNT\Temp\eraseme_13136.exe - Deleted
C:\WINNT\Temp\eraseme_13301.exe - Deleted
C:\WINNT\Temp\eraseme_13708.exe - Deleted
C:\WINNT\Temp\eraseme_13834.exe - Deleted
C:\WINNT\Temp\eraseme_14211.exe - Deleted
C:\WINNT\Temp\eraseme_14326.exe - Deleted
C:\WINNT\Temp\eraseme_14417.exe - Deleted
C:\WINNT\Temp\eraseme_14535.exe - Deleted
C:\WINNT\Temp\eraseme_14686.exe - Deleted
C:\WINNT\Temp\eraseme_14708.exe - Deleted
C:\WINNT\Temp\eraseme_14833.exe - Deleted
C:\WINNT\Temp\eraseme_15046.exe - Deleted
C:\WINNT\Temp\eraseme_15072.exe - Deleted
C:\WINNT\Temp\eraseme_15553.exe - Deleted
C:\WINNT\Temp\eraseme_15618.exe - Deleted
C:\WINNT\Temp\eraseme_15740.exe - Deleted
C:\WINNT\Temp\eraseme_15814.exe - Deleted
C:\WINNT\Temp\eraseme_16031.exe - Deleted
C:\WINNT\Temp\eraseme_16243.exe - Deleted
C:\WINNT\Temp\eraseme_16357.exe - Deleted
C:\WINNT\Temp\eraseme_16447.exe - Deleted
C:\WINNT\Temp\eraseme_16632.exe - Deleted
C:\WINNT\Temp\eraseme_16714.exe - Deleted
C:\WINNT\Temp\eraseme_16721.exe - Deleted
C:\WINNT\Temp\eraseme_16852.exe - Deleted
C:\WINNT\Temp\eraseme_17052.exe - Deleted
C:\WINNT\Temp\eraseme_17070.exe - Deleted
C:\WINNT\Temp\eraseme_17528.exe - Deleted
C:\WINNT\Temp\eraseme_17600.exe - Deleted
C:\WINNT\Temp\eraseme_17621.exe - Deleted
C:\WINNT\Temp\eraseme_17706.exe - Deleted
C:\WINNT\Temp\eraseme_18132.exe - Deleted
C:\WINNT\Temp\eraseme_18280.exe - Deleted
C:\WINNT\Temp\eraseme_18545.exe - Deleted
C:\WINNT\Temp\eraseme_18730.exe - Deleted
C:\WINNT\Temp\eraseme_20155.exe - Deleted
C:\WINNT\Temp\eraseme_20735.exe - Deleted
C:\WINNT\Temp\eraseme_20773.exe - Deleted
C:\WINNT\Temp\eraseme_20862.exe - Deleted
C:\WINNT\Temp\eraseme_21148.exe - Deleted
C:\WINNT\Temp\eraseme_21443.exe - Deleted
C:\WINNT\Temp\eraseme_21503.exe - Deleted
C:\WINNT\Temp\eraseme_21527.exe - Deleted
C:\WINNT\Temp\eraseme_21815.exe - Deleted
C:\WINNT\Temp\eraseme_22017.exe - Deleted
C:\WINNT\Temp\eraseme_22407.exe - Deleted
C:\WINNT\Temp\eraseme_22504.exe - Deleted
C:\WINNT\Temp\eraseme_22566.exe - Deleted
C:\WINNT\Temp\eraseme_22723.exe - Deleted
C:\WINNT\Temp\eraseme_22733.exe - Deleted
C:\WINNT\Temp\eraseme_23071.exe - Deleted
C:\WINNT\Temp\eraseme_23106.exe - Deleted
C:\WINNT\Temp\eraseme_23260.exe - Deleted
C:\WINNT\Temp\eraseme_23277.exe - Deleted
C:\WINNT\Temp\eraseme_23445.exe - Deleted
C:\WINNT\Temp\eraseme_23504.exe - Deleted
C:\WINNT\Temp\eraseme_23801.exe - Deleted
C:\WINNT\Temp\eraseme_23814.exe - Deleted
C:\WINNT\Temp\eraseme_24126.exe - Deleted
C:\WINNT\Temp\eraseme_24200.exe - Deleted
C:\WINNT\Temp\eraseme_24270.exe - Deleted
C:\WINNT\Temp\eraseme_24300.exe - Deleted
C:\WINNT\Temp\eraseme_24376.exe - Deleted
C:\WINNT\Temp\eraseme_24443.exe - Deleted
C:\WINNT\Temp\eraseme_24460.exe - Deleted
C:\WINNT\Temp\eraseme_24547.exe - Deleted
C:\WINNT\Temp\eraseme_24563.exe - Deleted
C:\WINNT\Temp\eraseme_24568.exe - Deleted
C:\WINNT\Temp\eraseme_24687.exe - Deleted
C:\WINNT\Temp\eraseme_24862.exe - Deleted
C:\WINNT\Temp\eraseme_24871.exe - Deleted
C:\WINNT\Temp\eraseme_25158.exe - Deleted
C:\WINNT\Temp\eraseme_25208.exe - Deleted
C:\WINNT\Temp\eraseme_25214.exe - Deleted
C:\WINNT\Temp\eraseme_25344.exe - Deleted
C:\WINNT\Temp\eraseme_25421.exe - Deleted
C:\WINNT\Temp\eraseme_25643.exe - Deleted
C:\WINNT\Temp\eraseme_25857.exe - Deleted
C:\WINNT\Temp\eraseme_25884.exe - Deleted
C:\WINNT\Temp\eraseme_26138.exe - Deleted
C:\WINNT\Temp\eraseme_26260.exe - Deleted
C:\WINNT\Temp\eraseme_26266.exe - Deleted
C:\WINNT\Temp\eraseme_26536.exe - Deleted
C:\WINNT\Temp\eraseme_26666.exe - Deleted
C:\WINNT\Temp\eraseme_26768.exe - Deleted
C:\WINNT\Temp\eraseme_26854.exe - Deleted
C:\WINNT\Temp\eraseme_27041.exe - Deleted
C:\WINNT\Temp\eraseme_27044.exe - Deleted
C:\WINNT\Temp\eraseme_27208.exe - Deleted
C:\WINNT\Temp\eraseme_27264.exe - Deleted
C:\WINNT\Temp\eraseme_27312.exe - Deleted
C:\WINNT\Temp\eraseme_27380.exe - Deleted
C:\WINNT\Temp\eraseme_27508.exe - Deleted
C:\WINNT\Temp\eraseme_27534.exe - Deleted
C:\WINNT\Temp\eraseme_27562.exe - Deleted
C:\WINNT\Temp\eraseme_27723.exe - Deleted
C:\WINNT\Temp\eraseme_27800.exe - Deleted
C:\WINNT\Temp\eraseme_27842.exe - Deleted
C:\WINNT\Temp\eraseme_28000.exe - Deleted
C:\WINNT\Temp\eraseme_28213.exe - Deleted
C:\WINNT\Temp\eraseme_28261.exe - Deleted
C:\WINNT\Temp\eraseme_28470.exe - Deleted
C:\WINNT\Temp\eraseme_28810.exe - Deleted
C:\WINNT\Temp\eraseme_28861.exe - Deleted
C:\WINNT\Temp\eraseme_30003.exe - Deleted
C:\WINNT\Temp\eraseme_30016.exe - Deleted
C:\WINNT\Temp\eraseme_30030.exe - Deleted
C:\WINNT\Temp\eraseme_30072.exe - Deleted
C:\WINNT\Temp\eraseme_30077.exe - Deleted
C:\WINNT\Temp\eraseme_30157.exe - Deleted
C:\WINNT\Temp\eraseme_30174.exe - Deleted
C:\WINNT\Temp\eraseme_30252.exe - Deleted
C:\WINNT\Temp\eraseme_30284.exe - Deleted
C:\WINNT\Temp\eraseme_30301.exe - Deleted
C:\WINNT\Temp\eraseme_30408.exe - Deleted
C:\WINNT\Temp\eraseme_30655.exe - Deleted
C:\WINNT\Temp\eraseme_31223.exe - Deleted
C:\WINNT\Temp\eraseme_31250.exe - Deleted
C:\WINNT\Temp\eraseme_31305.exe - Deleted
C:\WINNT\Temp\eraseme_31455.exe - Deleted
C:\WINNT\Temp\eraseme_31577.exe - Deleted
C:\WINNT\Temp\eraseme_32038.exe - Deleted
C:\WINNT\Temp\eraseme_32275.exe - Deleted
C:\WINNT\Temp\eraseme_32385.exe - Deleted
C:\WINNT\Temp\eraseme_32458.exe - Deleted
C:\WINNT\Temp\eraseme_32577.exe - Deleted
C:\WINNT\Temp\eraseme_32665.exe - Deleted
C:\WINNT\Temp\eraseme_32671.exe - Deleted
C:\WINNT\Temp\eraseme_33301.exe - Deleted
C:\WINNT\Temp\eraseme_33425.exe - Deleted
C:\WINNT\Temp\eraseme_33478.exe - Deleted
C:\WINNT\Temp\eraseme_33520.exe - Deleted
C:\WINNT\Temp\eraseme_33526.exe - Deleted
C:\WINNT\Temp\eraseme_33773.exe - Deleted
C:\WINNT\Temp\eraseme_33865.exe - Deleted
C:\WINNT\Temp\eraseme_34306.exe - Deleted
C:\WINNT\Temp\eraseme_34332.exe - Deleted
C:\WINNT\Temp\eraseme_34468.exe - Deleted
C:\WINNT\Temp\eraseme_34737.exe - Deleted
C:\WINNT\Temp\eraseme_34748.exe - Deleted
C:\WINNT\Temp\eraseme_35287.exe - Deleted
C:\WINNT\Temp\eraseme_35448.exe - Deleted
C:\WINNT\Temp\eraseme_35832.exe - Deleted
C:\WINNT\Temp\eraseme_36038.exe - Deleted
C:\WINNT\Temp\eraseme_36316.exe - Deleted
C:\WINNT\Temp\eraseme_36330.exe - Deleted
C:\WINNT\Temp\eraseme_36513.exe - Deleted
C:\WINNT\Temp\eraseme_36701.exe - Deleted
C:\WINNT\Temp\eraseme_37231.exe - Deleted
C:\WINNT\Temp\eraseme_37304.exe - Deleted
C:\WINNT\Temp\eraseme_37614.exe - Deleted
C:\WINNT\Temp\eraseme_37753.exe - Deleted
C:\WINNT\Temp\eraseme_38412.exe - Deleted
C:\WINNT\Temp\eraseme_38620.exe - Deleted
C:\WINNT\Temp\eraseme_38838.exe - Deleted
C:\WINNT\Temp\eraseme_38852.exe - Deleted
C:\WINNT\Temp\eraseme_40061.exe - Deleted
C:\WINNT\Temp\eraseme_40327.exe - Deleted
C:\WINNT\Temp\eraseme_40386.exe - Deleted
C:\WINNT\Temp\eraseme_40482.exe - Deleted
C:\WINNT\Temp\eraseme_40535.exe - Deleted
C:\WINNT\Temp\eraseme_40663.exe - Deleted
C:\WINNT\Temp\eraseme_40731.exe - Deleted
C:\WINNT\Temp\eraseme_41022.exe - Deleted
C:\WINNT\Temp\eraseme_41028.exe - Deleted
C:\WINNT\Temp\eraseme_41063.exe - Deleted
C:\WINNT\Temp\eraseme_41101.exe - Deleted
C:\WINNT\Temp\eraseme_41232.exe - Deleted
C:\WINNT\Temp\eraseme_41282.exe - Deleted
C:\WINNT\Temp\eraseme_41310.exe - Deleted
C:\WINNT\Temp\eraseme_41637.exe - Deleted
C:\WINNT\Temp\eraseme_41670.exe - Deleted
C:\WINNT\Temp\eraseme_42001.exe - Deleted
C:\WINNT\Temp\eraseme_42071.exe - Deleted
C:\WINNT\Temp\eraseme_42080.exe - Deleted
C:\WINNT\Temp\eraseme_42246.exe - Deleted
C:\WINNT\Temp\eraseme_42441.exe - Deleted
C:\WINNT\Temp\eraseme_42533.exe - Deleted
C:\WINNT\Temp\eraseme_42844.exe - Deleted
C:\WINNT\Temp\eraseme_42862.exe - Deleted
C:\WINNT\Temp\eraseme_43023.exe - Deleted
C:\WINNT\Temp\eraseme_43604.exe - Deleted
C:\WINNT\Temp\eraseme_43620.exe - Deleted
C:\WINNT\Temp\eraseme_43712.exe - Deleted
C:\WINNT\Temp\eraseme_44000.exe - Deleted
C:\WINNT\Temp\eraseme_44082.exe - Deleted
C:\WINNT\Temp\eraseme_44145.exe - Deleted
C:\WINNT\Temp\eraseme_44247.exe - Deleted
C:\WINNT\Temp\eraseme_44262.exe - Deleted
C:\WINNT\Temp\eraseme_44567.exe - Deleted
C:\WINNT\Temp\eraseme_44605.exe - Deleted
C:\WINNT\Temp\eraseme_44818.exe - Deleted
C:\WINNT\Temp\eraseme_45058.exe - Deleted
C:\WINNT\Temp\eraseme_45133.exe - Deleted
C:\WINNT\Temp\eraseme_45172.exe - Deleted
C:\WINNT\Temp\eraseme_45348.exe - Deleted
C:\WINNT\Temp\eraseme_45475.exe - Deleted
C:\WINNT\Temp\eraseme_45480.exe - Deleted
C:\WINNT\Temp\eraseme_45645.exe - Deleted
C:\WINNT\Temp\eraseme_46021.exe - Deleted
C:\WINNT\Temp\eraseme_46212.exe - Deleted
C:\WINNT\Temp\eraseme_46475.exe - Deleted
C:\WINNT\Temp\eraseme_46656.exe - Deleted
C:\WINNT\Temp\eraseme_46705.exe - Deleted
C:\WINNT\Temp\eraseme_46871.exe - Deleted
C:\WINNT\Temp\eraseme_47047.exe - Deleted
C:\WINNT\Temp\eraseme_47174.exe - Deleted
C:\WINNT\Temp\eraseme_47240.exe - Deleted
C:\WINNT\Temp\eraseme_47272.exe - Deleted
C:\WINNT\Temp\eraseme_47446.exe - Deleted
C:\WINNT\Temp\eraseme_47504.exe - Deleted
C:\WINNT\Temp\eraseme_47607.exe - Deleted
C:\WINNT\Temp\eraseme_48108.exe - Deleted
C:\WINNT\Temp\eraseme_48116.exe - Deleted
C:\WINNT\Temp\eraseme_48305.exe - Deleted
C:\WINNT\Temp\eraseme_48353.exe - Deleted
C:\WINNT\Temp\eraseme_48465.exe - Deleted
C:\WINNT\Temp\eraseme_48656.exe - Deleted
C:\WINNT\Temp\eraseme_48751.exe - Deleted
C:\WINNT\Temp\eraseme_48826.exe - Deleted
C:\WINNT\Temp\eraseme_48833.exe - Deleted
C:\WINNT\Temp\eraseme_50057.exe - Deleted
C:\WINNT\Temp\eraseme_50168.exe - Deleted
C:\WINNT\Temp\eraseme_50215.exe - Deleted
C:\WINNT\Temp\eraseme_50434.exe - Deleted
C:\WINNT\Temp\eraseme_51242.exe - Deleted
C:\WINNT\Temp\eraseme_51338.exe - Deleted
C:\WINNT\Temp\eraseme_51506.exe - Deleted
C:\WINNT\Temp\eraseme_51863.exe - Deleted
C:\WINNT\Temp\eraseme_52025.exe - Deleted
C:\WINNT\Temp\eraseme_52066.exe - Deleted
C:\WINNT\Temp\eraseme_52142.exe - Deleted
C:\WINNT\Temp\eraseme_52327.exe - Deleted
C:\WINNT\Temp\eraseme_52530.exe - Deleted
C:\WINNT\Temp\eraseme_52577.exe - Deleted
C:\WINNT\Temp\eraseme_52643.exe - Deleted
C:\WINNT\Temp\eraseme_52808.exe - Deleted
C:\WINNT\Temp\eraseme_53274.exe - Deleted
C:\WINNT\Temp\eraseme_53385.exe - Deleted
C:\WINNT\Temp\eraseme_53414.exe - Deleted
C:\WINNT\Temp\eraseme_53511.exe - Deleted
C:\WINNT\Temp\eraseme_53626.exe - Deleted
C:\WINNT\Temp\eraseme_53642.exe - Deleted
C:\WINNT\Temp\eraseme_53732.exe - Deleted
C:\WINNT\Temp\eraseme_53816.exe - Deleted
C:\WINNT\Temp\eraseme_54034.exe - Deleted
C:\WINNT\Temp\eraseme_54042.exe - Deleted
C:\WINNT\Temp\eraseme_54048.exe - Deleted
C:\WINNT\Temp\eraseme_54226.exe - Deleted
C:\WINNT\Temp\eraseme_54321.exe - Deleted
C:\WINNT\Temp\eraseme_54458.exe - Deleted
C:\WINNT\Temp\eraseme_54532.exe - Deleted
C:\WINNT\Temp\eraseme_54602.exe - Deleted
C:\WINNT\Temp\eraseme_54861.exe - Deleted
C:\WINNT\Temp\eraseme_55100.exe - Deleted
C:\WINNT\Temp\eraseme_55142.exe - Deleted
C:\WINNT\Temp\eraseme_55148.exe - Deleted
C:\WINNT\Temp\eraseme_55206.exe - Deleted
C:\WINNT\Temp\eraseme_55277.exe - Deleted
C:\WINNT\Temp\eraseme_55543.exe - Deleted
C:\WINNT\Temp\eraseme_55555.exe - Deleted
C:\WINNT\Temp\eraseme_55747.exe - Deleted
C:\WINNT\Temp\eraseme_55853.exe - Deleted
C:\WINNT\Temp\eraseme_56463.exe - Deleted
C:\WINNT\Temp\eraseme_56524.exe - Deleted
C:\WINNT\Temp\eraseme_56661.exe - Deleted
C:\WINNT\Temp\eraseme_56671.exe - Deleted
C:\WINNT\Temp\eraseme_56885.exe - Deleted
C:\WINNT\Temp\eraseme_57037.exe - Deleted
C:\WINNT\Temp\eraseme_57170.exe - Deleted
C:\WINNT\Temp\eraseme_57202.exe - Deleted
C:\WINNT\Temp\eraseme_57325.exe - Deleted
C:\WINNT\Temp\eraseme_57432.exe - Deleted
C:\WINNT\Temp\eraseme_57544.exe - Deleted
C:\WINNT\Temp\eraseme_57824.exe - Deleted
C:\WINNT\Temp\eraseme_58115.exe - Deleted
C:\WINNT\Temp\eraseme_58136.exe - Deleted
C:\WINNT\Temp\eraseme_58141.exe - Deleted
C:\WINNT\Temp\eraseme_58146.exe - Deleted
C:\WINNT\Temp\eraseme_58288.exe - Deleted
C:\WINNT\Temp\eraseme_58581.exe - Deleted
C:\WINNT\Temp\eraseme_60233.exe - Deleted
C:\WINNT\Temp\eraseme_60312.exe - Deleted
C:\WINNT\Temp\eraseme_60500.exe - Deleted
C:\WINNT\Temp\eraseme_60504.exe - Deleted
C:\WINNT\Temp\eraseme_60507.exe - Deleted
C:\WINNT\Temp\eraseme_60552.exe - Deleted
C:\WINNT\Temp\eraseme_60555.exe - Deleted
C:\WINNT\Temp\eraseme_60651.exe - Deleted
C:\WINNT\Temp\eraseme_60735.exe - Deleted
C:\WINNT\Temp\eraseme_60862.exe - Deleted
C:\WINNT\Temp\eraseme_61076.exe - Deleted
C:\WINNT\Temp\eraseme_61110.exe - Deleted
C:\WINNT\Temp\eraseme_61146.exe - Deleted
C:\WINNT\Temp\eraseme_61310.exe - Deleted
C:\WINNT\Temp\eraseme_61401.exe - Deleted
C:\WINNT\Temp\eraseme_61432.exe - Deleted
C:\WINNT\Temp\eraseme_61835.exe - Deleted
C:\WINNT\Temp\eraseme_61858.exe - Deleted
C:\WINNT\Temp\eraseme_62024.exe - Deleted
C:\WINNT\Temp\eraseme_62547.exe - Deleted
C:\WINNT\Temp\eraseme_63253.exe - Deleted
C:\WINNT\Temp\eraseme_63327.exe - Deleted
C:\WINNT\Temp\eraseme_63356.exe - Deleted
C:\WINNT\Temp\eraseme_64026.exe - Deleted
C:\WINNT\Temp\eraseme_64137.exe - Deleted
C:\WINNT\Temp\eraseme_64346.exe - Deleted
C:\WINNT\Temp\eraseme_64380.exe - Deleted
C:\WINNT\Temp\eraseme_64448.exe - Deleted
C:\WINNT\Temp\eraseme_64470.exe - Deleted
C:\WINNT\Temp\eraseme_64505.exe - Deleted
C:\WINNT\Temp\eraseme_64510.exe - Deleted
C:\WINNT\Temp\eraseme_64587.exe - Deleted
C:\WINNT\Temp\eraseme_64712.exe - Deleted
C:\WINNT\Temp\eraseme_64743.exe - Deleted
C:\WINNT\Temp\eraseme_64884.exe - Deleted
C:\WINNT\Temp\eraseme_65268.exe - Deleted
C:\WINNT\Temp\eraseme_65432.exe - Deleted
C:\WINNT\Temp\eraseme_66307.exe - Deleted
C:\WINNT\Temp\eraseme_66384.exe - Deleted
C:\WINNT\Temp\eraseme_66717.exe - Deleted
C:\WINNT\Temp\eraseme_66888.exe - Deleted
C:\WINNT\Temp\eraseme_67084.exe - Deleted
C:\WINNT\Temp\eraseme_67427.exe - Deleted
C:\WINNT\Temp\eraseme_67536.exe - Deleted
C:\WINNT\Temp\eraseme_67623.exe - Deleted
C:\WINNT\Temp\eraseme_67642.exe - Deleted
C:\WINNT\Temp\eraseme_67664.exe - Deleted
C:\WINNT\Temp\eraseme_67672.exe - Deleted
C:\WINNT\Temp\eraseme_67773.exe - Deleted
C:\WINNT\Temp\eraseme_68220.exe - Deleted
C:\WINNT\Temp\eraseme_68402.exe - Deleted
C:\WINNT\Temp\eraseme_68451.exe - Deleted
C:\WINNT\Temp\eraseme_68454.exe - Deleted
C:\WINNT\Temp\eraseme_68534.exe - Deleted
C:\WINNT\Temp\eraseme_68536.exe - Deleted
C:\WINNT\Temp\eraseme_68608.exe - Deleted
C:\WINNT\Temp\eraseme_68871.exe - Deleted
C:\WINNT\Temp\eraseme_70258.exe - Deleted
C:\WINNT\Temp\eraseme_70600.exe - Deleted
C:\WINNT\Temp\eraseme_71040.exe - Deleted
C:\WINNT\Temp\eraseme_71140.exe - Deleted
C:\WINNT\Temp\eraseme_71535.exe - Deleted
C:\WINNT\Temp\eraseme_71566.exe - Deleted
C:\WINNT\Temp\eraseme_71602.exe - Deleted
C:\WINNT\Temp\eraseme_71628.exe - Deleted
C:\WINNT\Temp\eraseme_71632.exe - Deleted
C:\WINNT\Temp\eraseme_71785.exe - Deleted
C:\WINNT\Temp\eraseme_71862.exe - Deleted
C:\WINNT\Temp\eraseme_72014.exe - Deleted
C:\WINNT\Temp\eraseme_72701.exe - Deleted
C:\WINNT\Temp\eraseme_72762.exe - Deleted
C:\WINNT\Temp\eraseme_72784.exe - Deleted
C:\WINNT\Temp\eraseme_72803.exe - Deleted
C:\WINNT\Temp\eraseme_72813.exe - Deleted
C:\WINNT\Temp\eraseme_73032.exe - Deleted
C:\WINNT\Temp\eraseme_73124.exe - Deleted
C:\WINNT\Temp\eraseme_73315.exe - Deleted
C:\WINNT\Temp\eraseme_73638.exe - Deleted
C:\WINNT\Temp\eraseme_73728.exe - Deleted
C:\WINNT\Temp\eraseme_73838.exe - Deleted
C:\WINNT\Temp\eraseme_73858.exe - Deleted
C:\WINNT\Temp\eraseme_74135.exe - Deleted
C:\WINNT\Temp\eraseme_74166.exe - Deleted
C:\WINNT\Temp\eraseme_74358.exe - Deleted
C:\WINNT\Temp\eraseme_74458.exe - Deleted
C:\WINNT\Temp\eraseme_74503.exe - Deleted
C:\WINNT\Temp\eraseme_74612.exe - Deleted
C:\WINNT\Temp\eraseme_74824.exe - Deleted
C:\WINNT\Temp\eraseme_74838.exe - Deleted
C:\WINNT\Temp\eraseme_75086.exe - Deleted
C:\WINNT\Temp\eraseme_75120.exe - Deleted
C:\WINNT\Temp\eraseme_75313.exe - Deleted
C:\WINNT\Temp\eraseme_75430.exe - Deleted
C:\WINNT\Temp\eraseme_75463.exe - Deleted
C:\WINNT\Temp\eraseme_75516.exe - Deleted
C:\WINNT\Temp\eraseme_75560.exe - Deleted
C:\WINNT\Temp\eraseme_75644.exe - Deleted
C:\WINNT\Temp\eraseme_75811.exe - Deleted
C:\WINNT\Temp\eraseme_76034.exe - Deleted
C:\WINNT\Temp\eraseme_76065.exe - Deleted
C:\WINNT\Temp\eraseme_76282.exe - Deleted
C:\WINNT\Temp\eraseme_76428.exe - Deleted
C:\WINNT\Temp\eraseme_76454.exe - Deleted
C:\WINNT\Temp\eraseme_76504.exe - Deleted
C:\WINNT\Temp\eraseme_76518.exe - Deleted
C:\WINNT\Temp\eraseme_77068.exe - Deleted
C:\WINNT\Temp\eraseme_77287.exe - Deleted
C:\WINNT\Temp\eraseme_77324.exe - Deleted
C:\WINNT\Temp\eraseme_77783.exe - Deleted
C:\WINNT\Temp\eraseme_77856.exe - Deleted
C:\WINNT\Temp\eraseme_77887.exe - Deleted
C:\WINNT\Temp\eraseme_78583.exe - Deleted
C:\WINNT\Temp\eraseme_78624.exe - Deleted
C:\WINNT\Temp\eraseme_80003.exe - Deleted
C:\WINNT\Temp\eraseme_80173.exe - Deleted
C:\WINNT\Temp\eraseme_80257.exe - Deleted
C:\WINNT\Temp\eraseme_80331.exe - Deleted
C:\WINNT\Temp\eraseme_80456.exe - Deleted
C:\WINNT\Temp\eraseme_80463.exe - Deleted
C:\WINNT\Temp\eraseme_80710.exe - Deleted
C:\WINNT\Temp\eraseme_80862.exe - Deleted
C:\WINNT\Temp\eraseme_81060.exe - Deleted
C:\WINNT\Temp\eraseme_81073.exe - Deleted
C:\WINNT\Temp\eraseme_81075.exe - Deleted
C:\WINNT\Temp\eraseme_81121.exe - Deleted
C:\WINNT\Temp\eraseme_81126.exe - Deleted
C:\WINNT\Temp\eraseme_81338.exe - Deleted
C:\WINNT\Temp\eraseme_81367.exe - Deleted
C:\WINNT\Temp\eraseme_81433.exe - Deleted
C:\WINNT\Temp\eraseme_81545.exe - Deleted
C:\WINNT\Temp\eraseme_81547.exe - Deleted
C:\WINNT\Temp\eraseme_81734.exe - Deleted
C:\WINNT\Temp\eraseme_82211.exe - Deleted
C:\WINNT\Temp\eraseme_82340.exe - Deleted
C:\WINNT\Temp\eraseme_82550.exe - Deleted
C:\WINNT\Temp\eraseme_82564.exe - Deleted
C:\WINNT\Temp\eraseme_82625.exe - Deleted
C:\WINNT\Temp\eraseme_82703.exe - Deleted
C:\WINNT\Temp\eraseme_82864.exe - Deleted
C:\WINNT\Temp\eraseme_83046.exe - Deleted
C:\WINNT\Temp\eraseme_83147.exe - Deleted
C:\WINNT\Temp\eraseme_83378.exe - Deleted
C:\WINNT\Temp\eraseme_83505.exe - Deleted
C:\WINNT\Temp\eraseme_83732.exe - Deleted
C:\WINNT\Temp\eraseme_83734.exe - Deleted
C:\WINNT\Temp\eraseme_83777.exe - Deleted
C:\WINNT\Temp\eraseme_83778.exe - Deleted
C:\WINNT\Temp\eraseme_84318.exe - Deleted
C:\WINNT\Temp\eraseme_84413.exe - Deleted
C:\WINNT\Temp\eraseme_85303.exe - Deleted
C:\WINNT\Temp\eraseme_85514.exe - Deleted
C:\WINNT\Temp\eraseme_85861.exe - Deleted
C:\WINNT\Temp\eraseme_86030.exe - Deleted
C:\WINNT\Temp\eraseme_86235.exe - Deleted
C:\WINNT\Temp\eraseme_86377.exe - Deleted
C:\WINNT\Temp\eraseme_86457.exe - Deleted
C:\WINNT\Temp\eraseme_86754.exe - Deleted
C:\WINNT\Temp\eraseme_86848.exe - Deleted
C:\WINNT\Temp\eraseme_86854.exe - Deleted
C:\WINNT\Temp\eraseme_86866.exe - Deleted
C:\WINNT\Temp\eraseme_87014.exe - Deleted
C:\WINNT\Temp\eraseme_87018.exe - Deleted
C:\WINNT\Temp\eraseme_87106.exe - Deleted
C:\WINNT\Temp\eraseme_87415.exe - Deleted
C:\WINNT\Temp\eraseme_87534.exe - Deleted
C:\WINNT\Temp\eraseme_87547.exe - Deleted
C:\WINNT\Temp\eraseme_87568.exe - Deleted
C:\WINNT\Temp\eraseme_87715.exe - Deleted
C:\WINNT\Temp\eraseme_88027.exe - Deleted
C:\WINNT\Temp\eraseme_88263.exe - Deleted
C:\WINNT\Temp\eraseme_88315.exe - Deleted
C:\WINNT\Temp\eraseme_88351.exe - Deleted
C:\WINNT\Temp\eraseme_88663.exe - Deleted



Alternate Streams Check:

C:\WINNT\system32
No streams found.

                                 Final Check:

Remaining Services:
------------------


Remaining Files:
---------------

Backups Folder: - C:\SDFix\backups\backups.zip


Checking For Files with Hidden Attributes :

C:\NTDETECT.COM
C:\CONFIG.SYS
C:\IO.SYS
C:\MSDOS.SYS
C:\pagefile.sys
C:\WINNT\system32\config\default.tmp.LOG
C:\WINNT\system32\config\software.tmp.LOG
C:\WINNT\system32\config\system.tmp.LOG

                                 Finished
Hijack this : 

Logfile of HijackThis v1.99.1
Scan saved at 23:31:27, on 21/01/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINNT\System32\CTsvcCDA.EXE
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\MsPMSPSv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\TEMP\2B5.tmp
C:\WINNT\system32\devldr32.exe
C:\Program Files\Creative\SBLive2k\AudioHQ\AHQTB.EXE
C:\WINNT\System32\igfxtray.exe
C:\WINNT\System32\hkcmd.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINNT\system32\CTHELPER.EXE
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\Program Files\Creative\News\NewsUpd.EXE
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Poste de Travail Sans Fil Labtec\MagicKey.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\Ted\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.be/webhp?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINNT\Updreg.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive2k\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [NewsUpd] C:\Program Files\Creative\News\NewsUpd.EXE /q
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - Global Startup: Activer le Poste de Travail Sans Fil Labtec.lnk = C:\Program Files\Poste de Travail Sans Fil Labtec\MagicKey.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTsvcCDA.EXE
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe

Utilisateur anonyme · Answer

Bonsoir


Plus de signe d'infection dans ce rapport, juste quelques lignes inutiles.
Relance un scan HijackThis et coche les lignes ci-dessous :

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx 
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx 
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe 
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll 
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll 
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm 
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm 

Ferme toutes les fenêtres Windows, Internet explorer, Outlook,sauf le logiciel Hijackthis et clique sur « Fix checked »


Fais une analyse antivirus en ligne sur Kaspersky
https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
Sélectionne le poste de travail comme analyse.
Colle son rapport ici.

Raph · Answer

Bonsoir,

Encore merci pour votre réponse. Le problème n'est hélas toujours pas résolu et mon ordinateur redémarre encore de manière intempestive. Voici le rapport Kaspersky, merci encore pour votre aide : 

KASPERSKY ON-LINE SCANNER REPORT
 Monday, January 22, 2007 12:49:56 PM
 Système d'exploitation : Microsoft Windows 2000 Professional, Service Pack 4 (Build 2195)
 Kaspersky On-line Scanner version : 5.0.83.0
 Dernière mise à jour de la base antivirus Kaspersky : 22/01/2007
 Enregistrements dans la base antivirus Kaspersky : 246142
-------------------------------------------------------------------------------

Paramètres d'analyse:
	Analyser avec la base antivirus suivante: standard
	Analyser les archives: vrai
	Analyser les bases de messagerie: vrai

Cible de l'analyse - Poste de travail:
	A:\
	C:\
	D:\
	E:\
	F:\
	G:\

Statistiques de l'analyse:
	Total d'objets analysés: 50619
	Nombre de virus trouvés: 2
	Nombre d'objets infectés: 9 / 0
	Nombre d'objets suspects: 0
	Durée de l'analyse: 02:01:13

Nom de l'objet infecté / Nom du virus / Dernière action
C:\Documents and Settings\All Users.WINNT\Application Data\avg7\Log\emc.log	L'objet est verrouillé	ignoré
C:\Documents and Settings\All Users.WINNT\Application Data\Grisoft\Avg7Data\avg7log.log	L'objet est verrouillé	ignoré
C:\Documents and Settings\All Users.WINNT\Application Data\Grisoft\Avg7Data\avg7log.log.lck	L'objet est verrouillé	ignoré
C:\Documents and Settings\Ted\Application Data\Mozilla\Firefox\Profiles\4emie7f1.default\cert8.db	L'objet est verrouillé	ignoré
C:\Documents and Settings\Ted\Application Data\Mozilla\Firefox\Profiles\4emie7f1.default\history.dat	L'objet est verrouillé	ignoré
C:\Documents and Settings\Ted\Application Data\Mozilla\Firefox\Profiles\4emie7f1.default\key3.db	L'objet est verrouillé	ignoré
C:\Documents and Settings\Ted\Application Data\Mozilla\Firefox\Profiles\4emie7f1.default\parent.lock	L'objet est verrouillé	ignoré
C:\Documents and Settings\Ted\Application Data\Mozilla\Firefox\Profiles\4emie7f1.default\search.sqlite	L'objet est verrouillé	ignoré
C:\Documents and Settings\Ted\Application Data\Mozilla\Firefox\Profiles\4emie7f1.default\urlclassifier2.sqlite	L'objet est verrouillé	ignoré
C:\Documents and Settings\Ted\Application Data\Mozilla\Firefox\Profiles\4emie7f1.default\urlclassifier2.sqlite-journal	L'objet est verrouillé	ignoré
C:\Documents and Settings\Ted\Cookies\index.dat	L'objet est verrouillé	ignoré
C:\Documents and Settings\Ted\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat	L'objet est verrouillé	ignoré
C:\Documents and Settings\Ted\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG	L'objet est verrouillé	ignoré
C:\Documents and Settings\Ted\Local Settings\Application Data\Mozilla\Firefox\Profiles\4emie7f1.default\Cache\_CACHE_001_	L'objet est verrouillé	ignoré
C:\Documents and Settings\Ted\Local Settings\Application Data\Mozilla\Firefox\Profiles\4emie7f1.default\Cache\_CACHE_002_	L'objet est verrouillé	ignoré
C:\Documents and Settings\Ted\Local Settings\Application Data\Mozilla\Firefox\Profiles\4emie7f1.default\Cache\_CACHE_003_	L'objet est verrouillé	ignoré
C:\Documents and Settings\Ted\Local Settings\Application Data\Mozilla\Firefox\Profiles\4emie7f1.default\Cache\_CACHE_MAP_	L'objet est verrouillé	ignoré
C:\Documents and Settings\Ted\Local Settings\Historique\History.IE5\index.dat	L'objet est verrouillé	ignoré
C:\Documents and Settings\Ted\Local Settings\Historique\History.IE5\MSHist012007012220070123\index.dat	L'objet est verrouillé	ignoré
C:\Documents and Settings\Ted\Local Settings\Temporary Internet Files\Content.IE5\index.dat	L'objet est verrouillé	ignoré
C:\Documents and Settings\Ted\Local Settings\Temporary Internet Files\Content.IE5\OPU3K56J\s3.0[1].exe	L'objet est verrouillé	ignoré
C:\Documents and Settings\Ted\NTUSER.DAT	L'objet est verrouillé	ignoré
C:\Documents and Settings\Ted
tuser.dat.LOG	L'objet est verrouillé	ignoré
C:\WINNT\CSC\00000001	L'objet est verrouillé	ignoré
C:\WINNT\Debug\ipsecpa.log	L'objet est verrouillé	ignoré
C:\WINNT\Debug\oakley.log	L'objet est verrouillé	ignoré
C:\WINNT\Debug\PASSWD.LOG	L'objet est verrouillé	ignoré
C:\WINNT\SchedLgU.Txt	L'objet est verrouillé	ignoré
C:\WINNT\system32\config\AppEvent.Evt	L'objet est verrouillé	ignoré
C:\WINNT\system32\config\default	L'objet est verrouillé	ignoré
C:\WINNT\system32\config\DEFAULT.LOG	L'objet est verrouillé	ignoré
C:\WINNT\system32\config\SAM	L'objet est verrouillé	ignoré
C:\WINNT\system32\config\SAM.LOG	L'objet est verrouillé	ignoré
C:\WINNT\system32\config\SecEvent.Evt	L'objet est verrouillé	ignoré
C:\WINNT\system32\config\SECURITY	L'objet est verrouillé	ignoré
C:\WINNT\system32\config\SECURITY.LOG	L'objet est verrouillé	ignoré
C:\WINNT\system32\config\software	L'objet est verrouillé	ignoré
C:\WINNT\system32\config\SOFTWARE.LOG	L'objet est verrouillé	ignoré
C:\WINNT\system32\config\SysEvent.Evt	L'objet est verrouillé	ignoré
C:\WINNT\system32\config\system	L'objet est verrouillé	ignoré
C:\WINNT\system32\config\SYSTEM.ALT	L'objet est verrouillé	ignoré
C:\WINNT\system32\crypts.dll	Infecté : Trojan-Downloader.Win32.Agent.ber	ignoré
C:\WINNT\Temp\1487.tmp	Infecté : Trojan-Proxy.Win32.Agent.ls	ignoré
C:\WINNT\Temp\2B5.tmp	Infecté : Trojan-Proxy.Win32.Agent.ls	ignoré
C:\WINNT\Temp\35DA.tmp	Infecté : Trojan-Proxy.Win32.Agent.ls	ignoré
C:\WINNT\Temp\E1FE.tmp	Infecté : Trojan-Proxy.Win32.Agent.ls	ignoré
C:\WINNT\Temp\F3EF.tmp	Infecté : Trojan-Proxy.Win32.Agent.ls	ignoré
C:\WINNT\Temp\F3FF.tmp	Infecté : Trojan-Proxy.Win32.Agent.ls	ignoré
C:\WINNT\Temp\FC7B.tmp	Infecté : Trojan-Proxy.Win32.Agent.ls	ignoré
C:\WINNT\Temp\FDD3.tmp	Infecté : Trojan-Proxy.Win32.Agent.ls	ignoré
D:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp	L'objet est verrouillé	ignoré

Analyse terminée

Utilisateur anonyme · Answer

Bonsoir


Télécharge la dernière version de Killbox -> http://www.downloads.subratam.org/KillBox.zip
Place le programme dans le répertoire qui te plaît.

- redémarre l'ordinateur en mode sans échec

- lance Pocket Killbox
--- choisis l'option Delete on Reboot

--- copie la liste ci-dessous, des fichiers à supprimer (Ctrl-C) et File / Paste from Clipboard

C:\WINNT\system32\crypts.dll 
C:\WINNT\Temp\1487.tmp  
C:\WINNT\Temp\2B5.tmp 
C:\WINNT\Temp\35DA.tmp
C:\WINNT\Temp\E1FE.tmp 
C:\WINNT\Temp\F3EF.tmp
C:\WINNT\Temp\F3FF.tmp  
C:\WINNT\Temp\FC7B.tmp
C:\WINNT\Temp\FDD3.tmp 
* les boutons "Single File" et "All Files" deviennent actifs mais "Single File" est activé par défaut.
Il faut alors impérativement activer (cliquer sur) "All Files", impérativement, sinon seul le premier de la liste sera supprimé.
--- vérifie que tous les fichiers sont enregistrés, par la liste déroulante "Full Path of File to Delete"
--- coche "Unregister .dll Before Deleting".
--- clique sur la croix blanche sur fond rouge (Delete File) :

- "File will be Removed on Reboot, Do you want to reboot now?", réponds OUI si tu es prêt à procéder

Si Pocket KillBox ne fait pas redémarrer le PC, redémarre le toi même.


Télécharge DiagHelp.zip (de Malekal_Morte) sur ton bureau 
http://www.malekal.com/download/DiagHelp.zip
- Fais un clic droit sur le fichier et extraire tout 
- Un nouveau dossier chercher va être créé DiagHelp 
- Ouvre le et double-clic sur go.cmd (le .cmd peut ne pas apparaître) 
- Une fenêtre va s'ouvrir, choisis l'option 1 
- L'analyse va commencer, ceci peut durer quelques minutes, laisse faire et appuie sur une touche quand on te le demande 
- A la fin de l'analyse, il te sera redemandé de redémarrer l'ordinateur... Une fois l'ordinateur redémarré le rapport va apparaître sur le bloc-note.. Ce dernier se trouve sur C:\resultat.txt
- Copie/colle le contenu du bloc-note qui s'ouvre, pour cela : 
-- Dans le bloc-note, cliquez sur le menu Edition / Selectionner tout 
-- A nouveau menu Edition / copier 
-- Dans un nouveau message ici, faire un clic droit / coller

Raph · Answer

Voilà. Le programme n'a pas demandé de redémarrer l'ordinateur mais le fichier resultat.txt est apparu directement.

Voici ce que ca donne... merci encore

C:\WINNT\System32\zllictbl.dat -->21/01/2007 23:38:21
C:\WINNT\System32\tempimg.tmp -->16/01/2007 14:33:49
C:\WINNT\System32\access.ctl -->16/01/2007 14:29:43
C:\WINNT\System32\FNTCACHE.DAT -->14/01/2007 11:28:13
C:\WINNT\System32\jupdate-1.5.0_10-b03.log -->12/01/2007 19:22:35
C:\WINNT\System32\Perflib_Perfdata_d8c.dat -->11/01/2007 00:06:34
C:\WINNT\System32\Perflib_Perfdata_cbc.dat -->09/01/2007 10:28:08
C:\WINNT\System32\settingsbkup.sfm -->08/01/2007 10:21:37
C:\WINNT\System32\settings.sfm -->08/01/2007 10:21:37
C:\WINNT\System32\DVCStateBkp-{00000001-00000000-00000000-00001102-00000002-80611102}.dat -->08/01/2007 10:21:37
C:\WINNT\System32\DVCState-{00000001-00000000-00000000-00001102-00000002-80611102}.dat -->08/01/2007 10:21:37
C:\WINNT\System32\BMXStateBkp-{00000001-00000000-00000000-00001102-00000002-80611102}.rfx -->08/01/2007 10:21:37
C:\WINNT\System32\BMXState-{00000001-00000000-00000000-00001102-00000002-80611102}.rfx -->08/01/2007 10:21:37
C:\WINNT\System32\BMXCtrlState-{00000001-00000000-00000000-00001102-00000002-80611102}.rfx -->08/01/2007 10:21:37
C:\WINNT\System32\BMXBkpCtrlState-{00000001-00000000-00000000-00001102-00000002-80611102}.rfx -->08/01/2007 10:21:37
C:\WINNT\System32\nscompat.tlb -->07/01/2007 19:23:12
C:\WINNT\System32\amcompat.tlb -->07/01/2007 19:23:12
C:\WINNT\System32\Perflib_Perfdata_878.dat -->06/01/2007 20:30:09
C:\WINNT\System32\msvcr71.dll -->06/01/2007 19:25:40
C:\WINNT\System32\msvcp71.dll -->06/01/2007 19:25:40
C:\WINNT\System32\spupdw2k.log -->06/01/2007 19:24:10
C:\WINNT\System32\spupdsvc.log -->06/01/2007 19:24:10
C:\WINNT\System32\Perflib_Perfdata_8a0.dat -->06/01/2007 18:49:42
C:\WINNT\System32\Perflib_Perfdata_8bc.dat -->06/01/2007 18:44:43
C:\WINNT\System32\perfh00C.dat -->06/01/2007 17:10:40

C:\WINNT\CTREGRUN.EXE |06/01/2007 17:58:26
C:\WINNT\IsUn040c.exe |06/01/2007 17:58:22
C:\WINNT\IsUninst.exe |06/01/2007 17:58:41
C:\WINNT\MIDIDEF.EXE |06/01/2007 20:07:11
C:\WINNT\PSCONV.EXE |06/01/2007 20:07:11
C:\WINNT\READREG.EXE |06/01/2007 20:07:11
C:\WINNT\twunk_16.exe |16/12/1999 01:00:00
C:\WINNT\twunk_32.exe |16/12/1999 01:00:00
C:\WINNT\Updreg.exe |06/01/2007 18:02:51
C:\WINNT\ctccw.dll |06/01/2007 18:02:24
C:\WINNT\CTDCRES.DLL |06/01/2007 20:07:11
C:\WINNT\Ctres.dll |06/01/2007 18:02:24
C:\WINNT\Ctres32.dll |06/01/2007 18:02:24
C:\WINNT\DEVREG.DLL |06/01/2007 20:07:11
C:\WINNT\HKLock.dll |07/01/2007 22:31:44
C:\WINNT\INRES.DLL |06/01/2007 20:07:13
C:\WINNT\twain.dll |16/12/1999 01:00:00
C:\WINNT\twain_32.dll |16/12/1999 01:00:00
C:\WINNT\zllsputility_loc040c.dll |21/01/2007 23:37:02
C:\WINNT\system32\append.exe |16/12/1999 01:00:00
C:\WINNT\system32\CTHELPER.EXE |06/01/2007 20:07:11
C:\WINNT\system32\CTSVCCDA.EXE |11/01/2007 18:22:06
C:\WINNT\system32\CTSVCCTL.EXE |11/01/2007 18:22:06
C:\WINNT\system32\debug.exe |16/12/1999 01:00:00
C:\WINNT\system32\devldr32.exe |11/01/2007 18:26:19
C:\WINNT\system32\dfrgfat.exe |06/01/2007 19:19:29
C:\WINNT\system32\dfrgntfs.exe |06/01/2007 19:19:29
C:\WINNT\system32\dmadmin.exe |06/01/2007 19:19:29
C:\WINNT\system32\dmremote.exe |06/01/2007 19:19:29
C:\WINNT\system32\dosx.exe |16/12/1999 01:00:00
C:\WINNT\system32\dvdplay.exe |15/12/1999 00:30:38
C:\WINNT\system32\edlin.exe |16/12/1999 01:00:00
C:\WINNT\system32\exe2bin.exe |16/12/1999 01:00:00
C:\WINNT\system32\fastopen.exe |16/12/1999 01:00:00
C:\WINNT\system32\hkcmd.exe |06/01/2007 17:50:40
C:\WINNT\system32\igfxcfg.exe |06/01/2007 17:50:40
C:\WINNT\system32\igfxdiag.exe |06/01/2007 17:50:40
C:\WINNT\system32\igfxext.exe |06/01/2007 17:50:40
C:\WINNT\system32\igfxtray.exe |06/01/2007 17:50:41
C:\WINNT\system32\igfxzoom.exe |06/01/2007 17:50:41
C:\WINNT\system32\java.exe |12/01/2007 19:22:36
C:\WINNT\system32\javaw.exe |12/01/2007 19:22:36
C:\WINNT\system32\javaws.exe |12/01/2007 19:22:36
C:\WINNT\system32\KILLAPPS.EXE |06/01/2007 20:07:11
C:\WINNT\system32\mem.exe |16/12/1999 01:00:00
C:\WINNT\system32\mscdexnt.exe |16/12/1999 01:00:00
C:\WINNT\system32\msswchx.exe |06/01/2007 19:19:36
C:\WINNT\system32\NeroCheck.exe |16/01/2007 16:09:25
C:\WINNT\system32\nlsfunc.exe |16/12/1999 01:00:00
C:\WINNT\system32\nw16.exe |16/12/1999 01:00:00
C:\WINNT\system32\redir.exe |16/12/1999 01:00:00
C:\WINNT\system32\REGPLIB.EXE |06/01/2007 20:07:11
C:\WINNT\system32\setver.exe |16/12/1999 01:00:00
C:\WINNT\system32\share.exe |16/12/1999 01:00:00
C:\WINNT\system32\vwipxspx.exe |16/12/1999 01:00:00
C:\WINNT\system32\a3d.dll |11/01/2007 18:26:19
C:\WINNT\system32\AC3API.DLL |06/01/2007 20:07:10
C:\WINNT\system32\AHQCpRes.dll |08/01/2007 10:31:33
C:\WINNT\system32\AHQCpURes.dll |06/01/2007 20:07:02
C:\WINNT\system32\amstream.dll |16/12/1999 01:00:00
C:\WINNT\system32\atmfd.dll |06/01/2007 19:19:26
C:\WINNT\system32\atmlib.dll |06/01/2007 19:19:26
C:\WINNT\system32\COMMONFX.DLL |06/01/2007 20:07:10
C:\WINNT\system32\CTAGENT.DLL |06/01/2007 20:07:10
C:\WINNT\system32\CTASIO.DLL |06/01/2007 20:07:10
C:\WINNT\system32\CtDetres.dll |06/01/2007 17:59:51
C:\WINNT\system32\CTDEVCON.DLL |06/01/2007 20:07:10
C:\WINNT\system32\CTDPROXY.DLL |06/01/2007 20:07:10
C:\WINNT\system32\CTDrmRes.dll |06/01/2007 17:59:51
C:\WINNT\system32\CTDrmUI.dll |06/01/2007 17:59:51
C:\WINNT\system32\CTEMUPIA.DLL |06/01/2007 20:07:11
C:\WINNT\system32\CTIntRes.dll |06/01/2007 17:59:51
C:\WINNT\system32\CTMedEng.dll |06/01/2007 17:59:51
C:\WINNT\system32\CTMERes.DLL |06/01/2007 17:59:51
C:\WINNT\system32\ctmp3io2.dll |06/01/2007 17:59:52
C:\WINNT\system32\CtMp3Lib.dll |06/01/2007 17:59:52
C:\WINNT\system32\CTOSUSER.DLL |06/01/2007 20:07:11
C:\WINNT\system32\CTSBLFX.DLL |06/01/2007 20:07:11
C:\WINNT\system32\CTSPKHLP.DLL |06/01/2007 20:07:11
C:\WINNT\system32\ctwdm32.dll |11/01/2007 18:26:19
C:\WINNT\system32\ctwflt32.dll |06/01/2007 18:02:24
C:\WINNT\system32\devcon32.dll |11/01/2007 18:26:19
C:\WINNT\system32\devenum.dll |16/12/1999 01:00:00
C:\WINNT\system32\dfrgres.dll |16/12/1999 01:00:00
C:\WINNT\system32\dfrgsnap.dll |06/01/2007 19:19:29
C:\WINNT\system32\dfrgui.dll |16/12/1999 01:00:00
C:\WINNT\system32\dgrpsetu.dll |06/01/2007 15:49:42
C:\WINNT\system32\dgsetup.dll |16/12/1999 01:00:00
C:\WINNT\system32\dmconfig.dll |06/01/2007 19:19:29
C:\WINNT\system32\dmintf.dll |06/01/2007 19:19:29
C:\WINNT\system32\dmserver.dll |06/01/2007 19:19:29
C:\WINNT\system32\dmutil.dll |06/01/2007 19:19:29
C:\WINNT\system32\EAXAC3.DLL |06/01/2007 20:07:11
C:\WINNT\system32\efsadu.dll |16/12/1999 01:00:00
C:\WINNT\system32\EqnClass.Dll |06/01/2007 15:49:41
C:\WINNT\system32\hccutils.dll |06/01/2007 17:50:40
C:\WINNT\system32\HKLock.dll |07/01/2007 22:31:44
C:\WINNT\system32\HTICONS.DLL |06/01/2007 19:19:32
C:\WINNT\system32\hypertrm.dll |06/01/2007 15:59:45
C:\WINNT\system32\iAlmCoIn_v3762.dll |06/01/2007 17:50:40
C:\WINNT\system32\ialmdd5.dll |06/01/2007 17:50:40
C:\WINNT\system32\ialmdev5.dll |06/01/2007 17:50:40
C:\WINNT\system32\ialmdnt5.dll |06/01/2007 17:50:40
C:\WINNT\system32\ialmgdev.dll |06/01/2007 17:50:40
C:\WINNT\system32\ialmgicd.dll |06/01/2007 17:50:40
C:\WINNT\system32\ialmrem.dll |06/01/2007 17:50:40
C:\WINNT\system32\ialmrnt5.dll |06/01/2007 17:50:40
C:\WINNT\system32\iccvid.dll |16/12/1999 01:00:00
C:\WINNT\system32\igfxdev.dll |06/01/2007 17:50:40
C:\WINNT\system32\igfxdgps.dll |06/01/2007 17:50:40
C:\WINNT\system32\igfxdo.dll |06/01/2007 17:50:40
C:\WINNT\system32\igfxeud.dll |06/01/2007 17:50:40
C:\WINNT\system32\igfxexps.dll |06/01/2007 17:50:40
C:\WINNT\system32\igfxhk.dll |06/01/2007 17:50:41
C:\WINNT\system32\igfxpph.dll |06/01/2007 17:50:41
C:\WINNT\system32\igfxres.dll |06/01/2007 17:53:09
C:\WINNT\system32\igfxress.dll |06/01/2007 17:50:41
C:\WINNT\system32\igfxsrvc.dll |06/01/2007 17:50:41
C:\WINNT\system32\ImagX7.dll |16/01/2007 16:09:25
C:\WINNT\system32\ImagXpr7.dll |16/01/2007 16:09:26
C:\WINNT\system32\ImagXR7.dll |16/01/2007 16:09:26
C:\WINNT\system32\ImagXRA7.dll |16/01/2007 16:09:26
C:\WINNT\system32\imgcmn.dll |06/01/2007 15:59:38
C:\WINNT\system32\imgshl.dll |06/01/2007 15:59:39
C:\WINNT\system32\imsinstall_loc040c.dll |21/01/2007 23:37:01
C:\WINNT\system32\Inetwh32.dll |06/01/2007 17:58:50
C:\WINNT\system32\ir32_32.dll |16/12/1999 01:00:00
C:\WINNT\system32\ir41_qc.dll |16/12/1999 01:00:00
C:\WINNT\system32\ir41_qcx.dll |16/12/1999 01:00:00
C:\WINNT\system32\ir50_32.dll |16/12/1999 01:00:00
C:\WINNT\system32\ir50_qc.dll |16/12/1999 01:00:00
C:\WINNT\system32\ir50_qcx.dll |16/12/1999 01:00:00
C:\WINNT\system32\jpeg1x32.dll |06/01/2007 15:59:39
C:\WINNT\system32\jpeg2x32.dll |06/01/2007 15:59:39
C:\WINNT\system32\lame_enc.dll |10/01/2007 12:35:01
C:\WINNT\system32\MP2enc.dll |10/01/2007 12:35:01
C:\WINNT\system32\msencode.dll |30/08/2002 18:24:06
C:\WINNT\system32\msswch.dll |06/01/2007 19:19:36
C:\WINNT\system32\oieng400.dll |06/01/2007 19:19:39
C:\WINNT\system32\oiprt400.dll |06/01/2007 15:59:39
C:\WINNT\system32\oislb400.dll |06/01/2007 15:59:39
C:\WINNT\system32\oissq400.dll |06/01/2007 15:59:39
C:\WINNT\system32\oitwa400.dll |06/01/2007 15:59:39
C:\WINNT\system32\oiui400.dll |06/01/2007 15:59:39
C:\WINNT\system32\OPENAL32.DLL |06/01/2007 20:07:11
C:\WINNT\system32\PIAPROXY.DLL |06/01/2007 20:07:11
C:\WINNT\system32\qcut.dll |16/12/1999 01:00:00
C:\WINNT\system32\qdvd.dll |16/12/1999 01:00:00
C:\WINNT\system32\S32EVNT1.DLL |22/01/2007 21:54:03
C:\WINNT\system32\sblfx.dll |11/01/2007 18:26:20
C:\WINNT\system32\sfcvrt32.dll |06/01/2007 18:02:24
C:\WINNT\system32\sfman32.dll |11/01/2007 18:26:20
C:\WINNT\system32\SFMS32.DLL |06/01/2007 20:07:11
C:\WINNT\system32\SmartMenuXP.dll |10/01/2007 12:35:02
C:\WINNT\system32\spxcoins.dll |06/01/2007 17:01:05
C:\WINNT\system32\SymNeti.dll |07/08/2006 16:02:32
C:\WINNT\system32\SymRedir.dll |07/08/2006 16:02:30
C:\WINNT\system32\tifflt.dll |06/01/2007 15:59:39
C:\WINNT\system32\tsbyuv.dll |15/12/1999 00:30:06
C:\WINNT\system32\tsd32.dll |16/12/1999 01:00:00
C:\WINNT\system32\TwnLib20.dll |16/01/2007 16:09:27
C:\WINNT\system32\VBUTILLight.dll |10/01/2007 12:35:02
C:\WINNT\system32\win87em.dll |16/12/1999 01:00:00
C:\WINNT\system32\xiffr3_0.dll |06/01/2007 15:59:39

Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 70A5-95C8

Répertoire de C:\WINNT\system32

19/06/2003 12:05 5 392 CSRSS.EXE
1 fichier(s) 5 392 octets
0 Rép(s) 4 937 748 480 octets libres

Contenu de Downloaded Program Files
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 70A5-95C8

Répertoire de C:\WINNT\Downloaded Program Files

22/01/2007 00:20 <DIR> .
22/01/2007 00:20 <DIR> ..
07/01/2007 19:33 65 desktop.ini
14/10/1997 18:52 697 DirectAnimation Java Classes.osd
08/08/2006 11:45 576 kavwebscan.inf
05/11/1998 16:11 1 162 Microsoft XML Parser for Java.osd
09/11/2006 14:36 5 019 swflash.inf
30/06/2003 22:41 1 689 WMV9VCM.inf
26/05/2005 04:19 291 wuweb.inf
7 fichier(s) 9 499 octets

Total des fichiers listés :
7 fichier(s) 9 499 octets
2 Rép(s) 4 937 748 480 octets libres

Recherche de rootkit! (Merci S!Ri)

Recherche d'infections connues

Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 70A5-95C8

Répertoire de C:\Program Files

22/01/2007 21:55 <DIR> .
22/01/2007 21:55 <DIR> ..
06/01/2007 15:59 <DIR> Accessoires
07/01/2007 03:30 <DIR> Adobe
16/01/2007 16:09 <DIR> Ahead
06/01/2007 19:31 <DIR> Audacity
10/01/2007 13:06 <DIR> AudioConvert
06/01/2007 16:00 <DIR> ComPlus Applications
11/01/2007 18:21 <DIR> Creative
22/01/2007 18:19 <DIR> eMule
25/01/2007 12:00 <DIR> ewido anti-spyware 4.0
22/01/2007 22:07 <DIR> Fichiers communs
06/01/2007 19:01 <DIR> Grisoft
22/01/2007 15:11 <DIR> ING
07/01/2007 19:28 <DIR> Internet Explorer
12/01/2007 19:22 <DIR> Java
06/01/2007 17:28 <DIR> Lavalys
07/01/2007 19:35 <DIR> Messenger
06/01/2007 16:20 <DIR> microsoft frontpage
22/01/2007 22:23 <DIR> Mozilla Firefox
07/01/2007 19:35 <DIR> MSN Messenger
14/01/2007 11:16 <DIR> NetMeeting
22/01/2007 22:21 <DIR> Norton Personal Firewall
07/01/2007 19:25 <DIR> OpenOffice.org 2.1
07/01/2007 19:34 <DIR> Outlook Express
08/01/2007 01:06 <DIR> PokerAcademyPro2
21/01/2007 03:36 <DIR> Poste de Travail Sans Fil Labtec
14/01/2007 18:11 <DIR> Skype
22/01/2007 22:07 <DIR> Symantec
06/01/2007 19:39 <DIR> Winamp
06/01/2007 19:19 <DIR> Windows Media Player
06/01/2007 19:20 <DIR> Windows NT
07/01/2007 20:03 <DIR> WinRAR
0 fichier(s) 0 octets
33 Rép(s) 4 937 555 968 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 70A5-95C8

Répertoire de C:\Program Files\fichiers communs

22/01/2007 22:07 <DIR> .
22/01/2007 22:07 <DIR> ..
07/01/2007 03:30 <DIR> Adobe
16/01/2007 16:09 <DIR> Ahead
06/01/2007 20:05 <DIR> InstallShield
12/01/2007 19:21 <DIR> Java
07/01/2007 19:34 <DIR> Microsoft Shared
06/01/2007 15:49 <DIR> ODBC
07/01/2007 19:23 <DIR> Services
14/01/2007 18:11 <DIR> Skype
23/01/2007 00:24 <DIR> Symantec Shared
07/01/2007 19:34 <DIR> System
22/01/2007 14:32 <DIR> Wise Installation Wizard
0 fichier(s) 0 octets
13 Rép(s) 4 937 617 408 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 70A5-95C8

Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders

06/01/2007 19:19 <DIR> .
06/01/2007 19:19 <DIR> ..
04/11/1999 00:38 561 210 MSONSEXT.DLL
03/06/1999 19:09 122 937 MSOWS409.DLL
13/08/1999 10:09 127 032 MSOWS40c.DLL
3 fichier(s) 811 179 octets
2 Rép(s) 4 937 617 408 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 70A5-95C8

Répertoire de C:\

11/11/2001 00:00 68 096 diff.exe
27/08/2006 14:10 103 424 grep.exe
2 fichier(s) 171 520 octets
0 Rép(s) 4 937 617 408 octets libres
c:\Documents and Settings\Default User.WINNT\Local Settings\Temporary Internet Files\Content.IE5\OTQJSXIN\acid[1].exe
c:\Documents and Settings\Ted\Bureau\AdbeRdr80_fr_FR.exe
c:\Documents and Settings\Ted\Bureau\audacity-win-1.2.6.exe
c:\Documents and Settings\Ted\Bureau\avg75free_432a904.exe
c:\Documents and Settings\Ted\Bureau\FxSasser(2).exe
c:\Documents and Settings\Ted\Bureau\FxSasser.exe
c:\Documents and Settings\Ted\Bureau\HijackThis.exe
c:\Documents and Settings\Ted\Bureau\LiveDrvPack_Patch.exe
c:\Documents and Settings\Ted\Bureau\LiveDrvUni-Pack(ENG).exe
c:\Documents and Settings\Ted\Bureau\rp505fra.exe
c:\Documents and Settings\Ted\Bureau\service-pack-4-windows-2000_service_pack_4_windows_2000_francais_13276.exe
c:\Documents and Settings\Ted\Bureau\winamp295_full.exe
c:\Documents and Settings\Ted\Bureau\Windows2000-KB835732-x86-FRA.EXE
c:\Documents and Settings\Ted\Bureau\clean\pskill.exe
c:\Documents and Settings\Ted\Bureau\DiagHelp\DiagHelp\diff.exe
c:\Documents and Settings\Ted\Bureau\DiagHelp\DiagHelp\FilesInfoCmd.exe
c:\Documents and Settings\Ted\Bureau\DiagHelp\DiagHelp\Fport.exe
c:\Documents and Settings\Ted\Bureau\DiagHelp\DiagHelp\grep.exe
c:\Documents and Settings\Ted\Bureau\DiagHelp\DiagHelp\LFiles.exe
c:\Documents and Settings\Ted\Bureau\DiagHelp\DiagHelp\LISTDLLS.exe
c:\Documents and Settings\Ted\Bureau\DiagHelp\DiagHelp\pslist.exe
c:\Documents and Settings\Ted\Bureau\DiagHelp\DiagHelp\streams.exe
c:\Documents and Settings\Ted\Bureau\DiagHelp\DiagHelp\swreg.exe
c:\Documents and Settings\Ted\Bureau\OpenOffice.org 2.1 Installation Files\instmsia.exe
c:\Documents and Settings\Ted\Bureau\OpenOffice.org 2.1 Installation Files\instmsiw.exe
c:\Documents and Settings\Ted\Bureau\OpenOffice.org 2.1 Installation Files\setup.exe
c:\Documents and Settings\Ted\Local Settings\Temp\ryjknh1j.EXE
c:\Documents and Settings\Ted\Local Settings\Temp\wmaudioredist.exe
c:\Documents and Settings\Ted\Local Settings\Temp\7zS1.tmp\setup.exe
c:\Documents and Settings\Ted\Local Settings\Temp\7zS1.tmp\localized\uninstall\uninst.exe
c:\Documents and Settings\Ted\Local Settings\Temp\7zS1.tmp\nonlocalized\firefox.exe
c:\Documents and Settings\Ted\Local Settings\Temp\7zS1.tmp\nonlocalized\updater.exe
c:\Documents and Settings\Ted\Local Settings\Temp\7zS1.tmp\nonlocalized\xpicleanup.exe
c:\Documents and Settings\Ted\Local Settings\Temp\7zS1.tmp\optional\extensions\talkback@mozilla.org\components\talkback.exe
c:\Documents and Settings\Ted\Local Settings\Temp\NPF9\CDSTART.EXE
c:\Documents and Settings\Ted\Local Settings\Temp\NPF9\SymSetup.EXE
c:\Documents and Settings\Ted\Local Settings\Temp\NPF9\Setup\ISCommon\ccEmFlSv.exe
c:\Documents and Settings\Ted\Local Settings\Temp\NPF9\Setup\ISCommon\APP\AlertAst.exe
c:\Documents and Settings\Ted\Local Settings\Temp\NPF9\Setup\ISCommon\APP\ALEScan.exe
c:\Documents and Settings\Ted\Local Settings\Temp\NPF9\Setup\ISCommon\APP\ALEUpdat.exe
c:\Documents and Settings\Ted\Local Settings\Temp\NPF9\Setup\ISCommon\APP\ccPwdSvc.exe
c:\Documents and Settings\Ted\Local Settings\Temp\NPF9\Setup\ISCommon\APP\HNetWiz.exe
c:\Documents and Settings\Ted\Local Settings\Temp\NPF9\Setup\ISCommon\SYMSHARE\ADBLCK\NSMdtr.exe
c:\Documents and Settings\Ted\Local Settings\Temp\NPF9\Setup\SymLT\CfgWiz.exe
c:\Documents and Settings\Ted\Local Settings\Temp\NPF9\Setup\SymLT\WebReg.exe
c:\Documents and Settings\Ted\Local Settings\Temp\NPF9\Setup\SymLT\SYMSHARE\DRMLFC.exe
c:\Documents and Settings\Ted\Local Settings\Temp\NPF9\Setup\SymLT\SYMSHARE\SMNLnch.exe
c:\Documents and Settings\Ted\Local Settings\Temp\NPF9\Setup\SymLT\SYMSHARE\SSAutoRN.exe
c:\Documents and Settings\Ted\Local Settings\Temp\NPF9\Support\ccCommon\ccCommon\ccApp.exe
c:\Documents and Settings\Ted\Local Settings\Temp\NPF9\Support\ccCommon\ccCommon\ccEvtMgr.exe
c:\Documents and Settings\Ted\Local Settings\Temp\NPF9\Support\ccCommon\ccCommon\ccLgView.exe
c:\Documents and Settings\Ted\Local Settings\Temp\NPF9\Support\ccCommon\ccCommon\ccSetMgr.exe
c:\Documents and Settings\Ted\Local Settings\Temp\NPF9\Support\ccCommon\ccCommon\NMain.exe
c:\Documents and Settings\Ted\Local Settings\Temp\NPF9\Support\FRE\FREMSI.exe
c:\Documents and Settings\Ted\Local Settings\Temp\NPF9\Support\FRE\FREUpdt.exe
c:\Documents and Settings\Ted\Local Settings\Temp\NPF9\Support\LUpdate\LUSetup.exe
c:\Documents and Settings\Ted\Local Settings\Temp\NPF9\Support\MSI\wiupdate.exe
c:\Documents and Settings\Ted\Local Settings\Temp\NPF9\Support\NISTools\ISRlRstr.exe
c:\Documents and Settings\Ted\Local Settings\Temp\NPF9\Support\NSC\NSCCore\SCenter\SYMSCUI.EXE
c:\Documents and Settings\Ted\Local Settings\Temp\NPF9\Support\NSC\NSCCore\SecCon\NSCSRVCE.EXE
c:\Documents and Settings\Ted\Local Settings\Temp\NPF9\Support\Proxy\ccPxyCre\ccProxy.exe
c:\Documents and Settings\Ted\Local Settings\Temp\NPF9\Support\SEVINST\sevinst.exe
c:\Documents and Settings\Ted\Local Settings\Temp\NPF9\Support\SPBBC\SPBBC\SYMSHARE\SPBBC\SPBBCSVC.EXE
c:\Documents and Settings\Ted\Local Settings\Temp\NPF9\Support\SPBBC\SPBBC\SYMSHARE\SPBBC\UPDMGR.EXE
c:\Documents and Settings\Ted\Local Settings\Temp\NPF9\Support\SymLnch\SymLnch.exe
c:\Documents and Settings\Ted\Local Settings\Temp\NPF9\Support\SymNet\SymNet\SYMSHARE\SNDInst.exe
c:\Documents and Settings\Ted\Local Settings\Temp\NPF9\Support\SymNet\SymNet\SYMSHARE\SNDSrvc.exe
c:\Documents and Settings\Ted\Local Settings\Temp\NPF9\Support\SymNet\SymNet\SYMSHARE\IDS\IdsInst.exe
c:\Documents and Settings\Ted\Local Settings\Temp\NPF9\Support\SymSC\SYMWMIIS\SymSC\UsrPrmpt.exe
c:\Documents and Settings\Ted\Local Settings\Temp\pft17~tmp\Setup.exe
c:\Documents and Settings\Ted\Local Settings\Temp\pft17~tmp\Win2000\hkcmd.exe
c:\Documents and Settings\Ted\Local Settings\Temp\pft17~tmp\Win2000\igfxcfg.exe
c:\Documents and Settings\Ted\Local Settings\Temp\pft17~tmp\Win2000\igfxdiag.exe
c:\Documents and Settings\Ted\Local Settings\Temp\pft17~tmp\Win2000\igfxext.exe
c:\Documents and Settings\Ted\Local Settings\Temp\pft17~tmp\Win2000\igfxtray.exe
c:\Documents and Settings\Ted\Local Settings\Temp\pft17~tmp\Win2000\igfxzoom.exe
c:\Documents and Settings\Ted\Local Settings\Temp\Rar$EX00.000\KillBox.exe
c:\Documents and Settings\Ted\Local Settings\Temp\_ISTMP3.DIR\_ISTMP1.DIR\IsUninst.exe
c:\Documents and Settings\Ted\Local Settings\Temp\_ISTMP4.DIR\_ISTMP0.DIR\ShFolder.Exe
c:\Documents and Settings\Ted\Local Settings\Temporary Internet Files\Content.IE5\OXAVSL6Z\s3.0[1].exe
c:\Documents and Settings\Ted\Mes documents\Téléchargements\Aquarium.exe
c:\Documents and Settings\Ted\Mes documents\Téléchargements\eMule0.47c-Installer.exe
c:\Documents and Settings\Ted\Mes documents\Téléchargements\ewido-setup_4.0.0.172a.exe
c:\Documents and Settings\Ted\Mes documents\Téléchargements\HBSecurity332.exe
c:\Documents and Settings\Ted\Mes documents\Téléchargements\INSTALL_MSN_MESSENGER_NT.EXE
c:\Documents and Settings\Ted\Mes documents\Téléchargements\Nero-6.6.1.4_no_yt.exe
c:\Documents and Settings\Ted\Mes documents\Téléchargements\NPF06900FR.exe
c:\Documents and Settings\Ted\Mes documents\Téléchargements\NVE-3.1.0.25_no_yt.exe
c:\Documents and Settings\Ted\Mes documents\Téléchargements\OOo_2.1.0_Win32Intel_install_en-US.exe
c:\Documents and Settings\Ted\Mes documents\Téléchargements\PokerAcademyPro2-Demo.exe
c:\Documents and Settings\Ted\Mes documents\Téléchargements\SimAQUARIUM-V2.311(2).exe
c:\Documents and Settings\Ted\Mes documents\Téléchargements\SimAQUARIUM-V2.311.exe
c:\Documents and Settings\Ted\Mes documents\Téléchargements\SkypeSetup.exe
c:\Documents and Settings\Ted\Mes documents\Téléchargements\spf.exe
c:\Documents and Settings\Ted\Mes documents\Téléchargements\WGAPluginInstall.exe
c:\Documents and Settings\Ted\Mes documents\Téléchargements\Windows2000-KB835732-x86-FRA.EXE
c:\Documents and Settings\Ted\Mes documents\Téléchargements\wrar362fr.exe
c:\Documents and Settings\Ted\Mes documents\Téléchargements\zaSuiteSetup_65_737_000_fr.exe

Utilisateur anonyme · Answer

Bonjour


Rien de visible dans ce rapport.

Comment se comporte le PC ?

Raph · Answer

Eh bien ca semble se passer beaucoup mieux... cela fait plus d'une journée que mon ordinateur n'a plus redémarré en présentant le message d'erreur "...services.exe".

1000 mercis pour votre aide.

Raphaël

elliot · Answer

si cela recommence:
essaie d'ouvrir le bloc note, de taper "shutdown /a" (sans les guillemets) d'enregistrer le fichier en .bat sur ton bureau et de l'ouvrir.
apparemment, tu as 60 sec... sinon, ouvre-le dès que le compte à rebours commence.
cela permettra peut-être de stopper la comment d'arrêt de l'ordinateur...

Virus : compte a rebours services.exe

9 réponses

Discussions similaires

Newsletters