Changement d'utilisateur impossibleFermé

Question

Bonjour,

Bien que j'ai remis a zéro mon ordi, un virus qui m'empche de changer d'utilisateur et de réstaurer mon systeme continue a sévir.

J'ai vu dans plusieurs autre topic que certain d'entre vous sont capable de détecter le problème gràce au rapport d'hijackthis.

Voici le mien:

ogfile of HijackThis v1.99.1
Scan saved at 14:34:46, on 12/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Apps\Powercinema\PCMService.exe
C:\apps\ABoard\ABoard.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Minuterie\CREBOURS.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Mourad\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file://C:\APPS\IE\offline\fr.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = file://C:\APPS\IE\offline\fr.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\secpol.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Burn4Free Toolbar Helper - {60BF5EE3-0105-4858-AD98-17C19F86B042} - C:\Program Files\Burn4Free Toolbar\v3.3.0.0\Burn4Free_Toolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Burn4Free Toolbar - {55FAF0F2-44D4-425F-B5F5-6B275B621EAB} - C:\Program Files\Burn4Free Toolbar\v3.3.0.0\Burn4Free_Toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: fsmgmt - C:\WINDOWS\SYSTEM32\fsmgmt.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: MysqlInventime - Unknown owner - c:\mysql\bin\mysqld-nt.exe
O23 - Service: SmartLinkService (SLService) -   - C:\WINDOWS\SYSTEM32\slserv.exe

J'éspère que vous allez pouvoir m'aider.

nardino · Answer

Bonsoir.
Télécharge sur ton bureau [b]OAD[/b] (Outil Aide Diagnostic) de !aur3n7 :
http://sosvirus.changelog.fr/OAD.exe

Clique droit sur OAD.exe, Exécuter en tant qu'administrateur, entre le nom du fichier suivant, puis Entrée.
fsmgmt
Dans la fenêtre suivante tape 6 puis entrée et laisse le scan se terminer.
Enregistre la totalité du rapport qui s'ouvre dans le blocnote sous fsmgmt.txt
Puis poste-le dans ta réponse.

Prince25 · Answer

Bonjour docteur nardino.

J'ai fais ce que vous m'avez dit mais quand j'ai taper 6 puis entrée.

AOE m'écris deux fois la même ligne:
Le fichier est introuvable.

nardino · Answer

Bonsoir,
Désactive provisoirement ton antivirus.
Télécharge Combofix de sUBs : 
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sur ton bureau IMPORTANT
- Ouvre le bloc-note et colles-y les lignes écrites ci-dessous :
Veille à ce que Retour à la ligne ne soit pas coché dans Format.
    
    File::
    C:\WINDOWS\SYSTEM32\fsmgmt.dll
    C:\WINDOWS\system32\secpol.exe
    C:\autorun.inf


- Enregistre-le sous CFScript.txt, sur le bureau
- Comme sur l'image présentée ici, fais glisser CFScript.txt dans Combofix.exe
	https://i34.servimg.com/u/f34/11/05/93/83/cfscri11.gif
- Combofix va se lancer et faire redémarrer l'ordinateur.

Lance HijackThis par Do a system scan only, coche ces lignes :

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\secpol.exe
O20 - Winlogon Notify: fsmgmt - C:\WINDOWS\SYSTEM32\fsmgmt.dll

Clic sur fix checked

Redémarre l'ordinateur et poste un nouveau rapport HijackThis avec le rapport Combofix.

Prince25 · Answer

Voici le rapport incompréhensible:

ComboFix 08-04-12.1 - Mourad 2008-04-13 0:13:17.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.237 [GMT 2:00]
Endroit: C:\Documents and Settings\Mourad\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Mourad\Bureau\CFScript.txt
* Création d'un nouveau point de restauration
.

((((((((((((((((((((((((((((( Fichiers créés 2008-03-12 to 2008-04-12 ))))))))))))))))))))))))))))))))))))
.

2008-04-12 20:12 . 2008-04-12 20:12 <REP> d-------- C:\WINDOWS\Sun
2008-04-12 16:38 . 2008-04-12 06:40 <REP> d-------- C:\Documents and Settings\Saloua\WINDOWS
2008-04-12 16:38 . 2008-04-12 06:40 <REP> d--h----- C:\Documents and Settings\Saloua\Voisinage réseau
2008-04-12 16:38 . 2008-04-12 06:40 <REP> d--h----- C:\Documents and Settings\Saloua\Voisinage d'impression
2008-04-12 16:38 . 2008-04-12 06:43 <REP> d--h----- C:\Documents and Settings\Saloua\Modèles
2008-04-12 16:38 . 2008-04-12 16:38 <REP> dr------- C:\Documents and Settings\Saloua\Mes documents
2008-04-12 16:38 . 2008-04-12 06:43 <REP> dr------- C:\Documents and Settings\Saloua\Menu Démarrer
2008-04-12 16:38 . 2008-04-12 16:44 <REP> dr------- C:\Documents and Settings\Saloua\Favoris
2008-04-12 16:38 . 2008-04-12 16:38 <REP> dr------- C:\Documents and Settings\Saloua\Bureau
2008-04-12 16:38 . 2008-04-12 06:40 <REP> d-------- C:\Documents and Settings\Saloua\Application Data\You've Got Pictures Screensaver
2008-04-12 16:38 . 2008-04-12 06:40 <REP> d-------- C:\Documents and Settings\Saloua\Application Data\Symantec
2008-04-12 13:07 . 2008-04-12 13:07 <REP> d-------- C:\Program Files\MSXML 4.0
2008-04-12 13:02 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-04-12 13:00 . 2008-04-12 13:00 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-04-12 12:52 . 2008-04-12 12:52 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-04-12 12:52 . 2007-07-09 15:11 584,192 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-04-12 12:50 . 2007-04-17 11:32 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-04-12 12:50 . 2007-03-08 07:10 1,048,576 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-04-12 12:50 . 2008-03-01 14:58 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-04-12 12:50 . 2008-03-01 14:58 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-04-12 12:50 . 2008-03-01 14:58 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-04-12 12:50 . 2008-03-01 14:58 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
2008-04-12 12:50 . 2008-03-01 14:58 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-04-12 12:50 . 2008-02-22 12:00 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-12 12:49 . 2008-03-01 14:58 6,066,176 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-04-12 12:39 . 2008-04-12 12:47 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-04-12 12:39 . 2008-04-12 12:39 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-12 09:34 . 2008-04-12 09:34 <REP> d-------- C:\Documents and Settings\Sabrina\Application Data\Template
2008-04-12 09:25 . 2008-04-12 09:25 <REP> d-------- C:\Documents and Settings\Sabrina\Application Data\Sonic
2008-04-12 09:25 . 2008-04-12 09:25 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-12 09:25 . 2008-04-12 09:25 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-12 09:06 . 2008-04-12 06:40 <REP> d-------- C:\Documents and Settings\Sabrina\WINDOWS
2008-04-12 09:06 . 2008-04-12 06:40 <REP> d--h----- C:\Documents and Settings\Sabrina\Voisinage réseau
2008-04-12 09:06 . 2008-04-12 06:40 <REP> d--h----- C:\Documents and Settings\Sabrina\Voisinage d'impression
2008-04-12 09:06 . 2008-04-12 06:43 <REP> d--h----- C:\Documents and Settings\Sabrina\Modèles
2008-04-12 09:06 . 2008-04-12 09:31 <REP> dr------- C:\Documents and Settings\Sabrina\Mes documents
2008-04-12 09:06 . 2008-04-12 06:43 <REP> dr------- C:\Documents and Settings\Sabrina\Menu Démarrer
2008-04-12 09:06 . 2008-04-12 09:06 <REP> dr------- C:\Documents and Settings\Sabrina\Favoris
2008-04-12 09:06 . 2008-04-12 09:35 <REP> dr------- C:\Documents and Settings\Sabrina\Bureau
2008-04-12 09:06 . 2008-04-12 06:40 <REP> d-------- C:\Documents and Settings\Sabrina\Application Data\You've Got Pictures Screensaver
2008-04-12 09:06 . 2008-04-12 06:40 <REP> d-------- C:\Documents and Settings\Sabrina\Application Data\Symantec
2008-04-12 02:27 . 2008-04-12 02:27 46,080 --a------ C:\WINDOWS\system32\fsmgmt.dll
2008-04-12 01:00 . 2008-04-12 13:12 <REP> d-------- C:\WINDOWS\system32\fr-fr
2008-04-12 00:58 . 2008-04-12 13:35 <REP> d--h----- C:\WINDOWS\$hf_mig$
2008-04-12 00:42 . 2008-02-01 08:40 110,592 --a------ C:\WINDOWS\system32\TG_DUMP0708.DLL
2008-04-12 00:39 . 2008-04-12 00:39 <REP> d-------- C:\Program Files\XviD
2008-04-12 00:39 . 2008-04-12 00:39 <REP> d-------- C:\Program Files\Lame MP3 Codec
2008-04-12 00:39 . 2002-12-03 22:13 1,048,576 --a------ C:\WINDOWS\system32\lameACM.acm
2008-04-12 00:39 . 2005-05-03 09:33 299,008 --a------ C:\WINDOWS\system32\LAME_MP3.dll
2008-04-12 00:39 . 2008-04-12 00:39 65,024 --a------ C:\WINDOWS\IFinst26.exe
2008-04-12 00:39 . 2004-12-10 21:29 401 --a------ C:\WINDOWS\system32\lame_acm.xml
2008-04-12 00:38 . 2008-04-12 00:38 <REP> d-------- C:\Program Files\MarkAny
2008-04-12 00:35 . 2008-04-12 00:35 <REP> d-------- C:\Program Files\VirginMega
2008-04-12 00:35 . 2008-04-12 00:35 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
2008-04-12 00:35 . 2006-10-04 16:06 1,197,294 --------- C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-04-12 00:35 . 2006-10-04 16:06 764,868 --------- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-04-12 00:35 . 2006-10-04 16:06 217,118 --------- C:\WINDOWS\system32\dllcache\apphelp.sdb
2008-04-12 00:34 . 2008-04-12 00:34 <REP> d-------- C:\Program Files\Windows Media Connect 2
2008-04-12 00:33 . 2008-04-12 00:33 <REP> d-------- C:\WINDOWS\system32\LogFiles
2008-04-12 00:33 . 2008-04-12 00:34 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-04-12 00:33 . 2006-10-16 16:10 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-04-12 00:16 . 2008-04-12 00:17 <REP> d-------- C:\Program Files\Vdownloader
2008-04-12 00:13 . 2008-04-12 00:13 <REP> d-------- C:\Program Files\Fichiers communs\DVDVideoSoft
2008-04-12 00:13 . 2008-04-12 00:13 <REP> d-------- C:\Program Files\DVDVideoSoft
2008-04-11 23:56 . 2008-04-12 06:40 <REP> d-------- C:\Documents and Settings\Mourad\WINDOWS
2008-04-11 23:56 . 2008-04-12 06:40 <REP> d--h----- C:\Documents and Settings\Mourad\Voisinage réseau
2008-04-11 23:56 . 2008-04-12 06:40 <REP> d--h----- C:\Documents and Settings\Mourad\Voisinage d'impression
2008-04-11 23:56 . 2008-04-12 06:43 <REP> d--h----- C:\Documents and Settings\Mourad\Modèles
2008-04-11 23:56 . 2008-04-12 14:30 <REP> dr------- C:\Documents and Settings\Mourad\Mes documents
2008-04-11 23:56 . 2008-04-12 06:43 <REP> dr------- C:\Documents and Settings\Mourad\Menu Démarrer
2008-04-11 23:56 . 2008-04-12 19:30 <REP> dr------- C:\Documents and Settings\Mourad\Favoris
2008-04-11 23:56 . 2008-04-13 00:14 <REP> dr------- C:\Documents and Settings\Mourad\Bureau
2008-04-11 23:56 . 2008-04-12 06:40 <REP> d-------- C:\Documents and Settings\Mourad\Application Data\You've Got Pictures Screensaver
2008-04-11 23:56 . 2008-04-12 06:40 <REP> d-------- C:\Documents and Settings\Mourad\Application Data\Symantec
2008-04-11 23:51 . 2006-05-03 22:53 174,592 --a------ C:\WINDOWS\system32\framedyn.dll
2008-04-11 23:50 . 2008-04-11 23:51 <REP> d-------- C:\WINDOWS\system32\Samsung_USB_Drivers
2008-04-11 23:50 . 2008-04-12 00:38 <REP> d-------- C:\Program Files\Samsung
2008-04-11 23:50 . 2005-12-22 12:24 137,884 --a------ C:\WINDOWS\system32\drivers\sscdmdm.sys
2008-04-11 23:50 . 2005-12-22 12:24 80,272 --a------ C:\WINDOWS\system32\drivers\sscdbus.sys
2008-04-11 23:50 . 2005-12-22 12:24 11,877 --a------ C:\WINDOWS\system32\drivers\sscdcmnt.sys
2008-04-11 23:50 . 2005-12-22 12:24 11,877 --a------ C:\WINDOWS\system32\drivers\sscdcm.sys
2008-04-11 23:50 . 2005-12-22 12:24 11,188 --a------ C:\WINDOWS\system32\drivers\sscdwhnt.sys
2008-04-11 23:50 . 2005-12-22 12:24 11,188 --a------ C:\WINDOWS\system32\drivers\sscdwh.sys
2008-04-11 23:50 . 2005-12-22 12:24 10,864 --a------ C:\WINDOWS\system32\drivers\sscdmdfl.sys
2008-04-11 23:50 . 2006-07-24 16:05 5,632 --a------ C:\WINDOWS\system32\drivers\StarOpen.sys
2008-04-11 23:50 . 2005-08-28 20:51 766 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-04-11 23:49 . 2008-04-11 23:49 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
2008-04-11 23:23 . 2008-04-11 23:37 <REP> d-------- C:\Program Files\Google
2008-04-11 23:22 . 2008-04-11 23:22 <REP> d-------- C:\Program Files\Alwil Software
2008-04-11 23:22 . 2008-03-29 19:45 1,146,232 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-04-11 23:22 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-04-11 23:13 . 2008-04-11 23:14 <REP> d-------- C:\j2sdk1.4.2_13
2008-04-11 23:12 . 2008-04-11 23:12 <REP> d-------- C:\WTK21
2008-04-11 23:12 . 2008-04-11 23:14 <REP> d-------- C:\Program Files\netbeans-5.0
2008-04-11 23:11 . 2008-04-11 23:12 <REP> d-------- C:\WINDOWS\system32\Temp
2008-04-11 23:11 . 2008-04-11 23:11 <REP> d-------- C:\Program Files\Burn4Free Toolbar
2008-04-11 23:11 . 2008-04-11 23:11 <REP> d-------- C:\Program Files\Burn4Free
2008-04-11 23:11 . 2008-04-11 23:11 229,727 --a------ C:\WINDOWS\Burn4Free_Toolbar_Uninstaller_6625.exe
2008-04-11 23:04 . 2008-04-11 23:04 <REP> d-------- C:\Program Files\Minuterie
2008-04-11 22:58 . 2004-08-05 15:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-12 04:44 --------- d-----w C:\Program Files\Services en ligne
2008-04-12 04:44 --------- d-----w C:\Program Files\QuickTime
2008-04-12 04:44 --------- d-----w C:\Program Files\Microsoft Works
2008-04-12 04:42 --------- d-----w C:\Program Files\Fichiers communs\SureThing Shared
2008-04-12 04:42 --------- d-----w C:\Program Files\Fichiers communs\Sonic Shared
2008-04-12 04:42 --------- d-----w C:\Program Files\Fichiers communs\aolshare
2008-04-12 04:42 --------- d-----w C:\Program Files\Fichiers communs\AOL
2008-04-12 04:42 --------- d-----w C:\Program Files\Dynamic Toolbar
2008-04-12 04:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\QuickTime
2008-04-12 04:41 --------- d-----w C:\Program Files\AOL Compagnon
2008-04-12 04:41 --------- d-----w C:\Program Files\AOL 9.0
2008-04-12 00:27 17,920 ----a-w C:\WINDOWS\system32\secpol.exe
2008-04-11 22:43 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-11 21:23 --------- d-----w C:\Program Files\Java
2008-04-11 21:12 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-03-29 17:35 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2008-03-29 17:35 20,560 ----a-w C:\WINDOWS\system32\drivers\aswFsBlk.sys
2008-03-29 17:31 75,856 ----a-w C:\WINDOWS\system32\drivers\aswSP.sys
2008-03-29 17:29 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2008-03-29 17:27 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2008-03-29 17:26 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2008-03-29 17:23 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 08:09 1,845,376 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-01 16:28 3,591,680 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-29 08:57 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-02-29 08:56 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:35 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:35 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-15 05:44 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-02-01 06:40 40,960 ----a-w C:\WINDOWS\system32\MAMACExtract.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 15:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-04-11 23:32 171448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-05 15:00 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 15:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 15:00 455168]
"ATIPTA"="C:\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-12 22:10 339968]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"PCMService"="c:\Apps\Powercinema\PCMService.exe" [2004-10-08 04:14 81920]
"ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 11:31 24576]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]
"SMSTray"="C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-09-20 08:23 132624]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-02-02 12:42 98304]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 15:00 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{88485281-8b4b-4f8d-9ede-82e29a064277}"= C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL [2004-11-23 16:51 192512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fsmgmt]
fsmgmt.dll 2008-04-12 02:27 46080 C:\WINDOWS\system32\fsmgmt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%ProgramFiles%\\AOL 9.0\\aol.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\APPS\\Inventime\\my.exe"=
"C:\\WINDOWS\\system32\\muzapp.exe"=
"C:\\Program Files\\Java\\j2re1.4.2_05\\bin\\java.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ab394cd2-081b-11dd-95d1-00038a000015}]
\Shell\Auto\command - I:\UFO.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL UFO.exe

*Newly Created Service* - CATCHME
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-04-11 20:56:01 C:\WINDOWS\Tasks\HDReg.job"
- c:\Apps\HDReg\HDRegRem.exe
"2008-04-11 20:57:35 C:\WINDOWS\Tasks\Rappel d'enregistrement 2.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2008-04-11 20:57:35 C:\WINDOWS\Tasks\Rappel d'enregistrement 3.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-13 00:14:32
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MysqlInventime]
"ImagePath"="c:\mysql\bin\mysqld-nt MysqlInventime"
.
Temps d'accomplissement: 2008-04-13 0:15:01
ComboFix-quarantined-files.txt 2008-04-12 22:14:49
Pre-Run: 182,380,167,168 octets libres
Post-Run: 182,369,267,712 octets libres
.
2008-04-12 11:36:19 --- E O F ---

nardino · Answer

Bonsoir.
Je ne suis pas sur que tu aies bien appliqué ce qui t'es demandé.

Prince25 · Answer

Exuse moi j'avais oublié la fin.

Je ne suis pas sur que j'ai bien procédé. Je n'ai pas pu cocher la ligne "F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\secpol.exe " car elle n'y étais pas.

Après le rapport, mon ordi s'est redémaré subitement et m'a ensuite dit qu'un rapport sérieux pouvait etre envoyé a microsoft (j'ai mis non)

Voici donc le rapport:

omboFix 08-04-12.1 - Mourad 2008-04-13 13:20:46.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.204 [GMT 2:00]
Endroit: C:\Documents and Settings\Mourad\Bureau\ComboFix.exe
.

((((((((((((((((((((((((((((( Fichiers créés 2008-03-13 to 2008-04-13 ))))))))))))))))))))))))))))))))))))
.

2008-04-13 11:50 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-04-13 11:50 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-04-13 11:50 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-04-12 20:12 . 2008-04-12 20:12 <REP> d-------- C:\WINDOWS\Sun
2008-04-12 16:38 . 2008-04-12 06:40 <REP> d-------- C:\Documents and Settings\Saloua\WINDOWS
2008-04-12 16:38 . 2008-04-12 06:40 <REP> d--h----- C:\Documents and Settings\Saloua\Voisinage réseau
2008-04-12 16:38 . 2008-04-12 06:40 <REP> d--h----- C:\Documents and Settings\Saloua\Voisinage d'impression
2008-04-12 16:38 . 2008-04-12 06:43 <REP> d--h----- C:\Documents and Settings\Saloua\Modèles
2008-04-12 16:38 . 2008-04-13 11:50 <REP> dr------- C:\Documents and Settings\Saloua\Mes documents
2008-04-12 16:38 . 2008-04-12 06:43 <REP> dr------- C:\Documents and Settings\Saloua\Menu Démarrer
2008-04-12 16:38 . 2008-04-12 16:44 <REP> dr------- C:\Documents and Settings\Saloua\Favoris
2008-04-12 16:38 . 2008-04-12 16:38 <REP> dr------- C:\Documents and Settings\Saloua\Bureau
2008-04-12 16:38 . 2008-04-12 06:40 <REP> d-------- C:\Documents and Settings\Saloua\Application Data\You've Got Pictures Screensaver
2008-04-12 16:38 . 2008-04-12 06:40 <REP> d-------- C:\Documents and Settings\Saloua\Application Data\Symantec
2008-04-12 13:07 . 2008-04-12 13:07 <REP> d-------- C:\Program Files\MSXML 4.0
2008-04-12 13:02 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-04-12 13:00 . 2008-04-12 13:00 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-04-12 12:52 . 2008-04-12 12:52 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-04-12 12:52 . 2007-07-09 15:11 584,192 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-04-12 12:50 . 2007-04-17 11:32 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-04-12 12:50 . 2007-03-08 07:10 1,048,576 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-04-12 12:50 . 2008-03-01 14:58 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-04-12 12:50 . 2008-03-01 14:58 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-04-12 12:50 . 2008-03-01 14:58 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-04-12 12:50 . 2008-03-01 14:58 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
2008-04-12 12:50 . 2008-03-01 14:58 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-04-12 12:50 . 2008-02-22 12:00 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-12 12:49 . 2008-03-01 14:58 6,066,176 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-04-12 12:39 . 2008-04-12 12:47 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-04-12 12:39 . 2008-04-12 12:39 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-12 09:34 . 2008-04-12 09:34 <REP> d-------- C:\Documents and Settings\Sabrina\Application Data\Template
2008-04-12 09:25 . 2008-04-12 09:25 <REP> d-------- C:\Documents and Settings\Sabrina\Application Data\Sonic
2008-04-12 09:25 . 2008-04-12 09:25 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-12 09:25 . 2008-04-12 09:25 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-12 09:06 . 2008-04-12 06:40 <REP> d-------- C:\Documents and Settings\Sabrina\WINDOWS
2008-04-12 09:06 . 2008-04-12 06:40 <REP> d--h----- C:\Documents and Settings\Sabrina\Voisinage réseau
2008-04-12 09:06 . 2008-04-12 06:40 <REP> d--h----- C:\Documents and Settings\Sabrina\Voisinage d'impression
2008-04-12 09:06 . 2008-04-12 06:43 <REP> d--h----- C:\Documents and Settings\Sabrina\Modèles
2008-04-12 09:06 . 2008-04-13 12:51 <REP> dr------- C:\Documents and Settings\Sabrina\Mes documents
2008-04-12 09:06 . 2008-04-12 06:43 <REP> dr------- C:\Documents and Settings\Sabrina\Menu Démarrer
2008-04-12 09:06 . 2008-04-12 09:06 <REP> dr------- C:\Documents and Settings\Sabrina\Favoris
2008-04-12 09:06 . 2008-04-12 09:35 <REP> dr------- C:\Documents and Settings\Sabrina\Bureau
2008-04-12 09:06 . 2008-04-12 06:40 <REP> d-------- C:\Documents and Settings\Sabrina\Application Data\You've Got Pictures Screensaver
2008-04-12 09:06 . 2008-04-12 06:40 <REP> d-------- C:\Documents and Settings\Sabrina\Application Data\Symantec
2008-04-12 02:27 . 2008-04-12 02:27 46,080 --a------ C:\WINDOWS\system32\fsmgmt.dll
2008-04-12 01:00 . 2008-04-12 13:12 <REP> d-------- C:\WINDOWS\system32\fr-fr
2008-04-12 00:58 . 2008-04-12 13:35 <REP> d--h----- C:\WINDOWS\$hf_mig$
2008-04-12 00:42 . 2008-02-01 08:40 110,592 --a------ C:\WINDOWS\system32\TG_DUMP0708.DLL
2008-04-12 00:39 . 2008-04-12 00:39 <REP> d-------- C:\Program Files\XviD
2008-04-12 00:39 . 2008-04-12 00:39 <REP> d-------- C:\Program Files\Lame MP3 Codec
2008-04-12 00:39 . 2002-12-03 22:13 1,048,576 --a------ C:\WINDOWS\system32\lameACM.acm
2008-04-12 00:39 . 2005-05-03 09:33 299,008 --a------ C:\WINDOWS\system32\LAME_MP3.dll
2008-04-12 00:39 . 2008-04-12 00:39 65,024 --a------ C:\WINDOWS\IFinst26.exe
2008-04-12 00:39 . 2004-12-10 21:29 401 --a------ C:\WINDOWS\system32\lame_acm.xml
2008-04-12 00:38 . 2008-04-12 00:38 <REP> d-------- C:\Program Files\MarkAny
2008-04-12 00:35 . 2008-04-12 00:35 <REP> d-------- C:\Program Files\VirginMega
2008-04-12 00:35 . 2008-04-12 00:35 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
2008-04-12 00:35 . 2006-10-04 16:06 1,197,294 --------- C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-04-12 00:35 . 2006-10-04 16:06 764,868 --------- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-04-12 00:35 . 2006-10-04 16:06 217,118 --------- C:\WINDOWS\system32\dllcache\apphelp.sdb
2008-04-12 00:34 . 2008-04-12 00:34 <REP> d-------- C:\Program Files\Windows Media Connect 2
2008-04-12 00:33 . 2008-04-12 00:33 <REP> d-------- C:\WINDOWS\system32\LogFiles
2008-04-12 00:33 . 2008-04-12 00:34 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-04-12 00:33 . 2006-10-16 16:10 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-04-12 00:16 . 2008-04-12 00:17 <REP> d-------- C:\Program Files\Vdownloader
2008-04-12 00:13 . 2008-04-12 00:13 <REP> d-------- C:\Program Files\Fichiers communs\DVDVideoSoft
2008-04-12 00:13 . 2008-04-12 00:13 <REP> d-------- C:\Program Files\DVDVideoSoft
2008-04-11 23:56 . 2008-04-12 06:40 <REP> d-------- C:\Documents and Settings\Mourad\WINDOWS
2008-04-11 23:56 . 2008-04-12 06:40 <REP> d--h----- C:\Documents and Settings\Mourad\Voisinage réseau
2008-04-11 23:56 . 2008-04-12 06:40 <REP> d--h----- C:\Documents and Settings\Mourad\Voisinage d'impression
2008-04-11 23:56 . 2008-04-12 06:43 <REP> d--h----- C:\Documents and Settings\Mourad\Modèles
2008-04-11 23:56 . 2008-04-12 14:30 <REP> dr------- C:\Documents and Settings\Mourad\Mes documents
2008-04-11 23:56 . 2008-04-12 06:43 <REP> dr------- C:\Documents and Settings\Mourad\Menu Démarrer
2008-04-11 23:56 . 2008-04-13 00:35 <REP> dr------- C:\Documents and Settings\Mourad\Favoris
2008-04-11 23:56 . 2008-04-13 13:22 <REP> dr------- C:\Documents and Settings\Mourad\Bureau
2008-04-11 23:56 . 2008-04-12 06:40 <REP> d-------- C:\Documents and Settings\Mourad\Application Data\You've Got Pictures Screensaver
2008-04-11 23:56 . 2008-04-12 06:40 <REP> d-------- C:\Documents and Settings\Mourad\Application Data\Symantec
2008-04-11 23:51 . 2006-05-03 22:53 174,592 --a------ C:\WINDOWS\system32\framedyn.dll
2008-04-11 23:50 . 2008-04-11 23:51 <REP> d-------- C:\WINDOWS\system32\Samsung_USB_Drivers
2008-04-11 23:50 . 2008-04-12 00:38 <REP> d-------- C:\Program Files\Samsung
2008-04-11 23:50 . 2005-12-22 12:24 137,884 --a------ C:\WINDOWS\system32\drivers\sscdmdm.sys
2008-04-11 23:50 . 2005-12-22 12:24 80,272 --a------ C:\WINDOWS\system32\drivers\sscdbus.sys
2008-04-11 23:50 . 2005-12-22 12:24 11,877 --a------ C:\WINDOWS\system32\drivers\sscdcmnt.sys
2008-04-11 23:50 . 2005-12-22 12:24 11,877 --a------ C:\WINDOWS\system32\drivers\sscdcm.sys
2008-04-11 23:50 . 2005-12-22 12:24 11,188 --a------ C:\WINDOWS\system32\drivers\sscdwhnt.sys
2008-04-11 23:50 . 2005-12-22 12:24 11,188 --a------ C:\WINDOWS\system32\drivers\sscdwh.sys
2008-04-11 23:50 . 2005-12-22 12:24 10,864 --a------ C:\WINDOWS\system32\drivers\sscdmdfl.sys
2008-04-11 23:50 . 2006-07-24 16:05 5,632 --a------ C:\WINDOWS\system32\drivers\StarOpen.sys
2008-04-11 23:50 . 2005-08-28 20:51 766 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-04-11 23:49 . 2008-04-11 23:49 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
2008-04-11 23:23 . 2008-04-11 23:37 <REP> d-------- C:\Program Files\Google
2008-04-11 23:22 . 2008-04-11 23:22 <REP> d-------- C:\Program Files\Alwil Software
2008-04-11 23:22 . 2008-03-29 19:45 1,146,232 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-04-11 23:22 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-04-11 23:13 . 2008-04-11 23:14 <REP> d-------- C:\j2sdk1.4.2_13
2008-04-11 23:12 . 2008-04-11 23:12 <REP> d-------- C:\WTK21
2008-04-11 23:12 . 2008-04-11 23:14 <REP> d-------- C:\Program Files\netbeans-5.0
2008-04-11 23:11 . 2008-04-11 23:12 <REP> d-------- C:\WINDOWS\system32\Temp
2008-04-11 23:11 . 2008-04-11 23:11 <REP> d-------- C:\Program Files\Burn4Free Toolbar
2008-04-11 23:11 . 2008-04-11 23:11 <REP> d-------- C:\Program Files\Burn4Free

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-12 04:44 --------- d-----w C:\Program Files\Services en ligne
2008-04-12 04:44 --------- d-----w C:\Program Files\QuickTime
2008-04-12 04:44 --------- d-----w C:\Program Files\Microsoft Works
2008-04-12 04:42 --------- d-----w C:\Program Files\Fichiers communs\SureThing Shared
2008-04-12 04:42 --------- d-----w C:\Program Files\Fichiers communs\Sonic Shared
2008-04-12 04:42 --------- d-----w C:\Program Files\Fichiers communs\aolshare
2008-04-12 04:42 --------- d-----w C:\Program Files\Fichiers communs\AOL
2008-04-12 04:42 --------- d-----w C:\Program Files\Dynamic Toolbar
2008-04-12 04:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\QuickTime
2008-04-12 04:41 --------- d-----w C:\Program Files\AOL Compagnon
2008-04-12 04:41 --------- d-----w C:\Program Files\AOL 9.0
2008-04-12 00:27 17,920 ----a-w C:\WINDOWS\system32\secpol.exe
2008-04-11 22:43 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-11 21:23 --------- d-----w C:\Program Files\Java
2008-04-11 21:12 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-03-29 17:35 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2008-03-29 17:35 20,560 ----a-w C:\WINDOWS\system32\drivers\aswFsBlk.sys
2008-03-29 17:31 75,856 ----a-w C:\WINDOWS\system32\drivers\aswSP.sys
2008-03-29 17:29 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2008-03-29 17:27 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2008-03-29 17:26 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2008-03-29 17:23 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 08:09 1,845,376 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-01 16:28 3,591,680 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-29 08:57 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-02-29 08:56 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:35 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:35 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-15 05:44 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-02-01 06:40 40,960 ----a-w C:\WINDOWS\system32\MAMACExtract.dll
.

((((((((((((((((((((((((((((( snapshot@2008-04-13_ 0.14.43,56 )))))))))))))))))))))))))))))))))))))))))
.
- 2006-11-03 07:58:34 317,440 ----a-w C:\WINDOWS\inf\unregmp2.exe
+ 2007-06-29 09:59:14 318,976 ----a-w C:\WINDOWS\inf\unregmp2.exe
- 2008-04-12 11:49:42 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-04-13 09:46:59 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-04-12 11:49:42 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2008-04-13 09:46:59 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
- 2008-04-12 11:49:42 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-04-13 09:46:59 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-04-13 11:18:04 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_4e0.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 15:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-04-11 23:32 171448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-05 15:00 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 15:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 15:00 455168]
"ATIPTA"="C:\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-12 22:10 339968]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"PCMService"="c:\Apps\Powercinema\PCMService.exe" [2004-10-08 04:14 81920]
"ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 11:31 24576]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]
"SMSTray"="C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-09-20 08:23 132624]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-02-02 12:42 98304]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 15:00 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{88485281-8b4b-4f8d-9ede-82e29a064277}"= C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL [2004-11-23 16:51 192512]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%ProgramFiles%\\AOL 9.0\\aol.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\APPS\\Inventime\\my.exe"=
"C:\\WINDOWS\\system32\\muzapp.exe"=
"C:\\Program Files\\Java\\j2re1.4.2_05\\bin\\java.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ab394cd2-081b-11dd-95d1-00038a000015}]
\Shell\Auto\command - I:\UFO.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL UFO.exe

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-04-11 20:56:01 C:\WINDOWS\Tasks\HDReg.job"
- c:\Apps\HDReg\HDRegRem.exe
"2008-04-11 20:57:35 C:\WINDOWS\Tasks\Rappel d'enregistrement 2.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2008-04-11 20:57:35 C:\WINDOWS\Tasks\Rappel d'enregistrement 3.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-13 13:22:25
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

nardino · Answer

Bonsoir.
On recommence à zéro.
Tu vires le fichier CFScipt.txt précédent.
Tu en crées un nouveau avec ce qui suit copié-collé :

Folder::
C:\Program Files\MarkAny 
C:\Documents and Settings\Saloua\Application Data\Symantec 
C:\Documents and Settings\Sabrina\Application Data\Symantec 
C:\Documents and Settings\Mourad\Application Data\Symantec 

File::
C:\WINDOWS\system32\fsmgmt.dll
C:\WINDOWS\system32\secpol.exe

Registry::
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] 
"{88485281-8b4b-4f8d-9ede-82e29a064277}"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\fsmgmt] 
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] 
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

Et tu déplace le fichier sur Combofix comme indiqué plus haut.
Tu postes le dernier rapport Combofix et un nouveau rapport Hijackthis.

Prince25 · Answer

salut je ne sais pas si c'est gràce à toi mais je peux a présent changer d'utilisateur !

je ne sais pas si je dois tout de même faire ce que tu m'a indiquer plus haut.

Si tu ne me répond pas avant minuit je feré tout de même les rapports. Répond vite s'il te plait.

nardino · Answer

Bonsoir.
Si je te demande quelque chose ce n'est pas pour faire beau sur le forum.
Maintenant si tu penses que ton pc est désinfecté, libre à toi.

Prince25 · Answer

je m'escuse nardini. Je voulais seulement etre sur de ne pas faire de gaffe.

Voci le rapport combofix:

ComboFix 08-04-13.1 - Mourad 2008-04-13 23:09:43.4 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.203 [GMT 2:00]
Endroit: C:\Documents and Settings\Mourad\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Mourad\Bureau\CFScript.txt.txt
* Création d'un nouveau point de restauration

FILE ::
C:\WINDOWS\system32\fsmgmt.dll
C:\WINDOWS\system32\secpol.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Mourad\Application Data\Symantec
C:\Documents and Settings\Mourad\Application Data\Symantec\Shared\Options.VcPref
C:\Documents and Settings\Sabrina\Application Data\Symantec
C:\Documents and Settings\Sabrina\Application Data\Symantec\Shared\Options.VcPref
C:\Documents and Settings\Saloua\Application Data\Symantec
C:\Documents and Settings\Saloua\Application Data\Symantec\Shared\Options.VcPref
C:\Program Files\MarkAny
C:\Program Files\MarkAny\ContentSafer\Data\markany.mp3
C:\Program Files\MarkAny\ContentSafer\FE250_DEVICE.dll
C:\Program Files\MarkAny\ContentSafer\MaAgent.exe
C:\Program Files\MarkAny\ContentSafer\MAAuthProc.dll
C:\Program Files\MarkAny\ContentSafer\MACLICX13.dll
C:\Program Files\MarkAny\ContentSafer\MACLICX15.dll
C:\Program Files\MarkAny\ContentSafer\MACSMANAGER.dll
C:\Program Files\MarkAny\ContentSafer\MaCSMgr.exe
C:\Program Files\MarkAny\ContentSafer\MaCSProHook.dll
C:\Program Files\MarkAny\ContentSafer\mapshapi.dll
C:\Program Files\MarkAny\ContentSafer\mapwij10.dll
C:\Program Files\MarkAny\ContentSafer\MaSyncP.dll
C:\Program Files\MarkAny\ContentSafer\MaWAMP.dll
C:\Program Files\MarkAny\ContentSafer\MAWebControl.exe
C:\Program Files\MarkAny\ContentSafer\MaWMP.dll
C:\Program Files\MarkAny\ContentSafer\MessageWind.dll
C:\Program Files\MarkAny\ContentSafer\MPXBox.exe
C:\Program Files\MarkAny\ContentSafer\MTDES.dll
C:\Program Files\MarkAny\ContentSafer\MtpAccess.dll
C:\Program Files\MarkAny\ContentSafer\MTTCC720U.dll
C:\Program Files\MarkAny\ContentSafer\MTTELECHIP.dll
C:\Program Files\MarkAny\ContentSafer\MTXSYNCMP1.dll
C:\Program Files\MarkAny\ContentSafer\MTXSYNCMP11.dll
C:\Program Files\MarkAny\ContentSafer\MTXSYNCMP12.dll
C:\Program Files\MarkAny\ContentSafer\MTXSYNCMP13.dll
C:\Program Files\MarkAny\ContentSafer\MTXSYNCMP2.dll
C:\Program Files\MarkAny\ContentSafer\MTXSYNCMP3.dll
C:\Program Files\MarkAny\ContentSafer\MTXSYNCMP4.dll
C:\Program Files\MarkAny\ContentSafer\MTXSYNCMP5.dll
C:\Program Files\MarkAny\ContentSafer\MTXSYNCMP6.dll
C:\Program Files\MarkAny\ContentSafer\MTXSYNCMP7.dll
C:\Program Files\MarkAny\ContentSafer\MTXSYNCMP8.dll
C:\Program Files\MarkAny\ContentSafer\MTXSYNCMP9.dll
C:\Program Files\MarkAny\ContentSafer\MTXUSB.dll
C:\Program Files\MarkAny\ContentSafer\T730usb.dll
C:\Program Files\MarkAny\ContentSafer\TCC730USB.dll
C:\Program Files\MarkAny\ContentSafer\UpdateClient\MAFileUpdate.dll
C:\Program Files\MarkAny\ContentSafer\UpdateClient\MAUpdateBoot.exe
C:\Program Files\MarkAny\ContentSafer\UpdateClient\MaUpdateClient.exe
C:\Program Files\MarkAny\ContentSafer\UpdateClient\musiccity@musiccity_Install.xml
C:\Program Files\MarkAny\ContentSafer\USBControl.dll
C:\Program Files\MarkAny\ContentSafer\UserShare.dll
C:\Program Files\MarkAny\ContentSafer\XSYNCClt.dll
C:\WINDOWS\system32\fsmgmt.dll
C:\WINDOWS\system32\secpol.exe

.
((((((((((((((((((((((((((((( Fichiers créés 2008-03-13 to 2008-04-13 ))))))))))))))))))))))))))))))))))))
.

2008-04-13 23:06 . 2008-04-13 23:06 268 --ah----- C:\sqmdata00.sqm
2008-04-13 23:06 . 2008-04-13 23:06 244 --ah----- C:\sqmnoopt00.sqm
2008-04-13 21:37 . 2008-04-13 21:37 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-04-13 21:33 . 2008-04-13 22:48 <REP> d-------- C:\Program Files\Messenger Plus! Live
2008-04-13 21:30 . 2008-04-13 21:30 <REP> d-------- C:\Documents and Settings\Mourad\Contacts
2008-04-13 21:05 . 2008-04-12 06:40 <REP> d-------- C:\Documents and Settings\Famille\WINDOWS
2008-04-13 21:05 . 2008-04-12 06:40 <REP> d--h----- C:\Documents and Settings\Famille\Voisinage réseau
2008-04-13 21:05 . 2008-04-12 06:40 <REP> d--h----- C:\Documents and Settings\Famille\Voisinage d'impression
2008-04-13 21:05 . 2008-04-12 06:43 <REP> d--h----- C:\Documents and Settings\Famille\Modèles
2008-04-13 21:05 . 2008-04-13 21:06 <REP> dr------- C:\Documents and Settings\Famille\Mes documents
2008-04-13 21:05 . 2008-04-12 06:43 <REP> dr------- C:\Documents and Settings\Famille\Menu Démarrer
2008-04-13 21:05 . 2008-04-13 21:06 <REP> dr------- C:\Documents and Settings\Famille\Favoris
2008-04-13 21:05 . 2008-04-13 21:05 <REP> dr------- C:\Documents and Settings\Famille\Bureau
2008-04-13 21:05 . 2008-04-12 06:40 <REP> d-------- C:\Documents and Settings\Famille\Application Data\You've Got Pictures Screensaver
2008-04-13 21:05 . 2008-04-12 06:40 <REP> d-------- C:\Documents and Settings\Famille\Application Data\Symantec
2008-04-13 16:55 . 2008-04-13 17:49 <REP> d-------- C:\Documents and Settings\Sabrina\Contacts
2008-04-13 14:14 . 2008-04-13 21:28 <REP> d-------- C:\Program Files\Windows Live
2008-04-13 11:50 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-04-13 11:50 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-04-13 11:50 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-04-12 20:12 . 2008-04-12 20:12 <REP> d-------- C:\WINDOWS\Sun
2008-04-12 16:38 . 2008-04-12 06:40 <REP> d-------- C:\Documents and Settings\Saloua\WINDOWS
2008-04-12 16:38 . 2008-04-12 06:40 <REP> d--h----- C:\Documents and Settings\Saloua\Voisinage réseau
2008-04-12 16:38 . 2008-04-12 06:40 <REP> d--h----- C:\Documents and Settings\Saloua\Voisinage d'impression
2008-04-12 16:38 . 2008-04-12 06:43 <REP> d--h----- C:\Documents and Settings\Saloua\Modèles
2008-04-12 16:38 . 2008-04-13 11:50 <REP> dr------- C:\Documents and Settings\Saloua\Mes documents
2008-04-12 16:38 . 2008-04-12 06:43 <REP> dr------- C:\Documents and Settings\Saloua\Menu Démarrer
2008-04-12 16:38 . 2008-04-12 16:44 <REP> dr------- C:\Documents and Settings\Saloua\Favoris
2008-04-12 16:38 . 2008-04-13 14:14 <REP> dr------- C:\Documents and Settings\Saloua\Bureau
2008-04-12 16:38 . 2008-04-12 06:40 <REP> d-------- C:\Documents and Settings\Saloua\Application Data\You've Got Pictures Screensaver
2008-04-12 13:07 . 2008-04-12 13:07 <REP> d-------- C:\Program Files\MSXML 4.0
2008-04-12 13:02 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-04-12 13:00 . 2008-04-12 13:00 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-04-12 12:52 . 2008-04-12 12:52 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-04-12 12:52 . 2007-07-09 15:11 584,192 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-04-12 12:50 . 2007-04-17 11:32 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-04-12 12:50 . 2007-03-08 07:10 1,048,576 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-04-12 12:50 . 2008-03-01 14:58 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-04-12 12:50 . 2008-03-01 14:58 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-04-12 12:50 . 2008-03-01 14:58 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-04-12 12:50 . 2008-03-01 14:58 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
2008-04-12 12:50 . 2008-03-01 14:58 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-04-12 12:50 . 2008-02-22 12:00 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-12 12:49 . 2008-03-01 14:58 6,066,176 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-04-12 12:39 . 2008-04-12 12:47 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-04-12 12:39 . 2008-04-13 21:24 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-12 09:34 . 2008-04-12 09:34 <REP> d-------- C:\Documents and Settings\Sabrina\Application Data\Template
2008-04-12 09:25 . 2008-04-12 09:25 <REP> d-------- C:\Documents and Settings\Sabrina\Application Data\Sonic
2008-04-12 09:25 . 2008-04-12 09:25 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-12 09:25 . 2008-04-12 09:25 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-12 09:06 . 2008-04-12 06:40 <REP> d-------- C:\Documents and Settings\Sabrina\WINDOWS
2008-04-12 09:06 . 2008-04-12 06:40 <REP> d--h----- C:\Documents and Settings\Sabrina\Voisinage réseau
2008-04-12 09:06 . 2008-04-12 06:40 <REP> d--h----- C:\Documents and Settings\Sabrina\Voisinage d'impression
2008-04-12 09:06 . 2008-04-12 06:43 <REP> d--h----- C:\Documents and Settings\Sabrina\Modèles
2008-04-12 09:06 . 2008-04-13 16:56 <REP> dr------- C:\Documents and Settings\Sabrina\Mes documents
2008-04-12 09:06 . 2008-04-12 06:43 <REP> dr------- C:\Documents and Settings\Sabrina\Menu Démarrer
2008-04-12 09:06 . 2008-04-12 09:06 <REP> dr------- C:\Documents and Settings\Sabrina\Favoris
2008-04-12 09:06 . 2008-04-12 09:35 <REP> dr------- C:\Documents and Settings\Sabrina\Bureau
2008-04-12 09:06 . 2008-04-12 06:40 <REP> d-------- C:\Documents and Settings\Sabrina\Application Data\You've Got Pictures Screensaver
2008-04-12 01:00 . 2008-04-12 13:12 <REP> d-------- C:\WINDOWS\system32\fr-fr
2008-04-12 00:58 . 2008-04-12 13:35 <REP> d--h----- C:\WINDOWS\$hf_mig$
2008-04-12 00:42 . 2008-02-01 08:40 110,592 --a------ C:\WINDOWS\system32\TG_DUMP0708.DLL
2008-04-12 00:39 . 2008-04-12 00:39 <REP> d-------- C:\Program Files\XviD
2008-04-12 00:39 . 2008-04-12 00:39 <REP> d-------- C:\Program Files\Lame MP3 Codec
2008-04-12 00:39 . 2002-12-03 22:13 1,048,576 --a------ C:\WINDOWS\system32\lameACM.acm
2008-04-12 00:39 . 2005-05-03 09:33 299,008 --a------ C:\WINDOWS\system32\LAME_MP3.dll
2008-04-12 00:39 . 2008-04-12 00:39 65,024 --a------ C:\WINDOWS\IFinst26.exe
2008-04-12 00:39 . 2004-12-10 21:29 401 --a------ C:\WINDOWS\system32\lame_acm.xml
2008-04-12 00:35 . 2008-04-12 00:35 <REP> d-------- C:\Program Files\VirginMega
2008-04-12 00:35 . 2008-04-12 00:35 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
2008-04-12 00:35 . 2006-10-04 16:06 1,197,294 --------- C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-04-12 00:35 . 2006-10-04 16:06 764,868 --------- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-04-12 00:35 . 2006-10-04 16:06 217,118 --------- C:\WINDOWS\system32\dllcache\apphelp.sdb
2008-04-12 00:34 . 2008-04-12 00:34 <REP> d-------- C:\Program Files\Windows Media Connect 2
2008-04-12 00:33 . 2008-04-12 00:33 <REP> d-------- C:\WINDOWS\system32\LogFiles
2008-04-12 00:33 . 2008-04-12 00:34 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-04-12 00:33 . 2006-10-16 16:10 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-04-12 00:16 . 2008-04-12 00:17 <REP> d-------- C:\Program Files\Vdownloader
2008-04-12 00:13 . 2008-04-12 00:13 <REP> d-------- C:\Program Files\Fichiers communs\DVDVideoSoft
2008-04-12 00:13 . 2008-04-12 00:13 <REP> d-------- C:\Program Files\DVDVideoSoft
2008-04-11 23:56 . 2008-04-12 06:40 <REP> d-------- C:\Documents and Settings\Mourad\WINDOWS
2008-04-11 23:56 . 2008-04-12 06:40 <REP> d--h----- C:\Documents and Settings\Mourad\Voisinage réseau
2008-04-11 23:56 . 2008-04-12 06:40 <REP> d--h----- C:\Documents and Settings\Mourad\Voisinage d'impression
2008-04-11 23:56 . 2008-04-12 06:43 <REP> d--h----- C:\Documents and Settings\Mourad\Modèles
2008-04-11 23:56 . 2008-04-13 21:31 <REP> dr------- C:\Documents and Settings\Mourad\Mes documents
2008-04-11 23:56 . 2008-04-12 06:43 <REP> dr------- C:\Documents and Settings\Mourad\Menu Démarrer
2008-04-11 23:56 . 2008-04-13 21:17 <REP> dr------- C:\Documents and Settings\Mourad\Favoris
2008-04-11 23:56 . 2008-04-13 23:11 <REP> dr------- C:\Documents and Settings\Mourad\Bureau
2008-04-11 23:56 . 2008-04-12 06:40 <REP> d-------- C:\Documents and Settings\Mourad\Application Data\You've Got Pictures Screensaver
2008-04-11 23:51 . 2006-05-03 22:53 174,592 --a------ C:\WINDOWS\system32\framedyn.dll
2008-04-11 23:50 . 2008-04-11 23:51 <REP> d-------- C:\WINDOWS\system32\Samsung_USB_Drivers
2008-04-11 23:50 . 2008-04-12 00:38 <REP> d-------- C:\Program Files\Samsung
2008-04-11 23:50 . 2005-12-22 12:24 137,884 --a------ C:\WINDOWS\system32\drivers\sscdmdm.sys
2008-04-11 23:50 . 2005-12-22 12:24 80,272 --a------ C:\WINDOWS\system32\drivers\sscdbus.sys
2008-04-11 23:50 . 2005-12-22 12:24 11,877 --a------ C:\WINDOWS\system32\drivers\sscdcmnt.sys
2008-04-11 23:50 . 2005-12-22 12:24 11,877 --a------ C:\WINDOWS\system32\drivers\sscdcm.sys
2008-04-11 23:50 . 2005-12-22 12:24 11,188 --a------ C:\WINDOWS\system32\drivers\sscdwhnt.sys
2008-04-11 23:50 . 2005-12-22 12:24 11,188 --a------ C:\WINDOWS\system32\drivers\sscdwh.sys
2008-04-11 23:50 . 2005-12-22 12:24 10,864 --a------ C:\WINDOWS\system32\drivers\sscdmdfl.sys
2008-04-11 23:50 . 2006-07-24 16:05 5,632 --a------ C:\WINDOWS\system32\drivers\StarOpen.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-12 04:44 --------- d-----w C:\Program Files\Services en ligne
2008-04-12 04:44 --------- d-----w C:\Program Files\QuickTime
2008-04-12 04:44 --------- d-----w C:\Program Files\Microsoft Works
2008-04-12 04:42 --------- d-----w C:\Program Files\Fichiers communs\SureThing Shared
2008-04-12 04:42 --------- d-----w C:\Program Files\Fichiers communs\Sonic Shared
2008-04-12 04:42 --------- d-----w C:\Program Files\Fichiers communs\aolshare
2008-04-12 04:42 --------- d-----w C:\Program Files\Fichiers communs\AOL
2008-04-12 04:42 --------- d-----w C:\Program Files\Dynamic Toolbar
2008-04-12 04:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\QuickTime
2008-04-12 04:41 --------- d-----w C:\Program Files\AOL Compagnon
2008-04-12 04:41 --------- d-----w C:\Program Files\AOL 9.0
2008-04-11 22:43 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-11 21:23 --------- d-----w C:\Program Files\Java
2008-04-11 21:12 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-03-29 17:35 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2008-03-29 17:35 20,560 ----a-w C:\WINDOWS\system32\drivers\aswFsBlk.sys
2008-03-29 17:31 75,856 ----a-w C:\WINDOWS\system32\drivers\aswSP.sys
2008-03-29 17:29 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2008-03-29 17:27 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2008-03-29 17:26 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2008-03-29 17:23 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 08:09 1,845,376 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-01 16:28 3,591,680 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-29 08:57 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-02-29 08:56 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:35 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:35 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-15 05:44 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-02-01 06:40 40,960 ----a-w C:\WINDOWS\system32\MAMACExtract.dll
.

((((((((((((((((((((((((((((( snapshot@2008-04-13_ 0.14.43,56 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-13 11:24:01 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2004-08-05 13:00:00 2,589 ----a-w C:\WINDOWS\I386\RUNW32.BAT
- 2006-11-03 07:58:34 317,440 ----a-w C:\WINDOWS\inf\unregmp2.exe
+ 2007-06-29 09:59:14 318,976 ----a-w C:\WINDOWS\inf\unregmp2.exe
- 2008-04-12 10:51:33 29,926 ----a-r C:\WINDOWS\Installer\{BADF6744-3787-48F6-B8C9-4C4995401D65}\MsblIco.Exe
+ 2008-04-13 13:09:32 29,926 ----a-r C:\WINDOWS\Installer\{BADF6744-3787-48F6-B8C9-4C4995401D65}\MsblIco.Exe
+ 2008-04-13 19:28:19 86,746 ----a-r C:\WINDOWS\Installer\{C514C594-23AA-4F13-A070-DB8BDB27594F}\wlmail.exe
+ 2004-08-16 17:28:44 2,692 ----a-w C:\WINDOWS\pchealth\helpctr\PackageStore\SkuStore.bin
+ 2004-08-05 13:00:00 2,000 ----a-w C:\WINDOWS\system\KEYBOARD.DRV
+ 2004-08-05 13:00:00 2,032 ----a-w C:\WINDOWS\system\MOUSE.DRV
+ 2004-08-05 13:00:00 1,744 ----a-w C:\WINDOWS\system\SOUND.DRV
+ 2004-08-05 13:00:00 2,176 ----a-w C:\WINDOWS\system\VGA.DRV
- 2008-04-12 11:49:42 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-04-13 09:46:59 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-04-12 11:49:42 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2008-04-13 09:46:59 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
- 2008-04-12 11:49:42 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-04-13 09:46:59 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2004-08-05 13:00:00 1,788 ----a-w C:\WINDOWS\system32\Dcache.bin
+ 2004-08-03 22:07:58 2,944 ----a-w C:\WINDOWS\system32\drivers\drmkaud.sys
+ 2004-08-05 13:00:00 2,944 ----a-w C:\WINDOWS\system32\drivers\null.sys
+ 2004-08-05 13:00:00 2,000 ----a-w C:\WINDOWS\system32\keyboard.drv
+ 2004-08-05 13:00:00 2,560 ----a-w C:\WINDOWS\system32\lz32.dll
+ 2004-08-05 13:00:00 2,032 ----a-w C:\WINDOWS\system32\mouse.drv
+ 2007-10-18 09:31:46 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll
+ 2004-08-05 13:00:00 1,744 ----a-w C:\WINDOWS\system32\sound.drv
+ 2004-08-05 13:00:00 2,176 ----a-w C:\WINDOWS\system32\vga.drv
+ 2004-08-05 13:00:00 2,864 ----a-w C:\WINDOWS\system32\winsock.dll
+ 2004-08-05 13:00:00 2,112 ----a-w C:\WINDOWS\system32\winspool.exe
+ 2004-08-05 13:00:00 2,736 ----a-w C:\WINDOWS\system32\wowdeb.exe
+ 2008-04-13 11:24:20 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_4ec.dat
+ 2006-06-05 12:14:28 479,232 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcm80.dll
+ 2006-06-05 12:14:28 548,864 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcp80.dll
+ 2006-06-05 12:14:28 626,688 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcr80.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 15:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-04-11 23:32 171448]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-05 15:00 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 15:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 15:00 455168]
"ATIPTA"="C:\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-12 22:10 339968]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"PCMService"="c:\Apps\Powercinema\PCMService.exe" [2004-10-08 04:14 81920]
"ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 11:31 24576]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]
"SMSTray"="C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-09-20 08:23 132624]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-02-02 12:42 98304]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 15:00 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%ProgramFiles%\\AOL 9.0\\aol.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\APPS\\Inventime\\my.exe"=
"C:\\WINDOWS\\system32\\muzapp.exe"=
"C:\\Program Files\\Java\\j2re1.4.2_05\\bin\\java.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ab394cd2-081b-11dd-95d1-00038a000015}]
\Shell\Auto\command - I:\UFO.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL UFO.exe

*Newly Created Service* - USNJSVC
*Newly Created Service* - WLSETUPSVC
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-04-11 20:56:01 C:\WINDOWS\Tasks\HDReg.job"
- c:\Apps\HDReg\HDRegRem.exe
"2008-04-11 20:57:35 C:\WINDOWS\Tasks\Rappel d'enregistrement 2.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2008-04-11 20:57:35 C:\WINDOWS\Tasks\Rappel d'enregistrement 3.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-13 23:11:22
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MysqlInventime]
"ImagePath"="c:\mysql\bin\mysqld-nt MysqlInventime"
.
Temps d'accomplissement: 2008-04-13 23:11:53
ComboFix-quarantined-files.txt 2008-04-13 21:11:43
ComboFix2.txt 2008-04-12 22:15:02
Pre-Run: 181,984,464,896 octets libres
Post-Run: 181,970,890,752 octets libres
.
2008-04-12 23:22:02 --- E O F ---

ET VOICI LE RAPPORT HIJACKTHIS:

ogfile of HijackThis v1.99.1
Scan saved at 23:12:50, on 13/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Windows Live\installer\WLSetupSvc.exe
C:\WINDOWS\system32\winlogon.exe
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Apps\Powercinema\PCMService.exe
C:\apps\ABoard\ABoard.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\apps\ABoard\AOSD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Minuterie\CREBOURS.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Documents and Settings\Mourad\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file://C:\APPS\IE\offline\fr.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Burn4Free Toolbar Helper - {60BF5EE3-0105-4858-AD98-17C19F86B042} - C:\Program Files\Burn4Free Toolbar\v3.3.0.0\Burn4Free_Toolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Burn4Free Toolbar - {55FAF0F2-44D4-425F-B5F5-6B275B621EAB} - C:\Program Files\Burn4Free Toolbar\v3.3.0.0\Burn4Free_Toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: MysqlInventime - Unknown owner - c:\mysql\bin\mysqld-nt.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

nardino · Answer

Bonjour.

Nous y voilà cette fois.
Télécharge ToolsCleaner2 de A. Rothstein sur ton Bureau :*
http://pagesperso-orange.fr/AceRothstein/ToolsCleaner2.exe

    	Double clique sur ToolsCleaner2.exe
    	Clique sur Recherche et la liste des outils va s'afficher.
    	Clique sur le bouton Suppression.
	Quitter.

Un fichier C:\TCleaner.txt sera créé, postes-le    

Note : ton bureau va disparaître, c'est normal.

S'il n'apparaît pas à la fin du scan, fais la manip suivante :

CTRL+ALT+SUPP pour ouvrir le Gestionnaire des tâches.
Puis rends toi à l'onglet "Processus". Clique en haut à gauche sur Fichiers et choisis "Exécuter"
Tape explorer.exe et valide. Cela fera réapparaître le Bureau

Prince25 · Answer

Je sens qu'on s'approche de la fin... :P

Avant que tu lise le rapport j'ai compris ( hé oui ca m'arrive ) que touts les outils que j'ai utilisé sont supprimés. Alors je te demande si je ne peux tout de même pas les garder dans un dossier au cas ou un problème se reproduirai ?

Sur ce, voici le rapport:

-->- Recherche: 

C:\Qoobox: trouvé !
C:\Documents and Settings\Mourad\Bureau\Clean.zip: trouvé !
C:\Documents and Settings\Mourad\Bureau\ComboFix.exe: trouvé !
C:\Documents and Settings\Mourad\Bureau\HijackThis.exe: trouvé !
C:\Documents and Settings\Mourad\Recent\HijackThis.lnk: trouvé !

---------------------------------
-->- Suppression: 

C:\Documents and Settings\Mourad\Bureau\Clean.zip: supprimé !
C:\Documents and Settings\Mourad\Bureau\ComboFix.exe: supprimé !
C:\Documents and Settings\Mourad\Bureau\HijackThis.exe: supprimé !
C:\Documents and Settings\Mourad\Recent\HijackThis.lnk: supprimé !
C:\Qoobox: supprimé !

nardino · Answer

Bonjour.
Le seul que tu peux recharger et conserver est Hijackthis:
http://www.trendsecure.com/portal/en-US/threat_analytics/hijackthis.php?page=download
HijackThis™ 2.0 .2 
Tous les autres sont mis à jour régukièrement et doivent être chargés au moment de l'utilisation.

Prince25 · Answer

Ah d'accord c'est une question de mise à jour !

En tout cas je suppose que cette longue étape est terminé ?!! :P

Si c'est le cas Je remercie beaucoup nardino-sama et les créateurs des outils que j'ai utilisé ! Je vous seré éternellement reconnaissant ^^ :)

Changement d'utilisateur impossible

14 réponses

Discussions similaires

Newsletters