Bonsoir,
Oui tu as quelques cochonneries.

Alors,
> Télécharge Navilog1 de Il Mafioso : http://perso.orange.fr/il.mafioso/Navifix/Navilog1.zip
- Enregistre-le sur ton Bureau puis décompresse-le en faisant « extraire-tout ».
- Double clique sur Navilog1.bat.
- Choisis pour la langue le français, puis l'option 1 et valide.
Attention : n’utilise surtout pas les options 2,3 ou 4 maintenant. (tu risquerais d’endommager ton pc)
- Patiente jusqu'au message : < Analyse Terminée le ..... > Ensuite appuie sur une touche comme demandé. Le Bloc-notes va s'ouvrir.
- Fais un copier coller du rapport généré et poste-le ici stp.
NB : Le rapport se trouve aussi à la racine de ton disque : fixnavi.txt

Après,
>Ouvre ce lien (merci a S!RI pour ce fix) http://siri.urz.free.fr/Fix/SmitfraudFix.php et télécharge SmitfraudFix.exe.
- Regarde le tuto
- Exécute le programme et choisi l’option 1 (et uniquement).
Le programme va générer un rapport, copie/colle le sur le forum stp.

Ensuite,
> Télécharge ComboFix : http://download.bleepingcomputer.com/sUBs/ComboFix.exe (par sUBs) sur ton Bureau.
Déconnecte toi du net et désactive ton antivirus pour que Combofix puisse s'exécuter normalement.
- Double clique combofix.exe :
- Tape sur la touche 1 (Yes) pour démarrer le scan.
- Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.


A+ Fire Walk with Me ~~~~~~~~~~> o_Ö

Bonsoir,
Ok très bien voilà qui fait du nettoyage.
Par contre tu as oublié le rapport Navilog et je pense que tu as toujours des pubs, ,non ?

Alors,
> Télécharge Navilog1 de Il Mafioso : http://perso.orange.fr/il.mafioso/Navifix/Navilog1.zip
- Enregistre-le sur ton Bureau puis décompresse-le en faisant « extraire-tout ».
- Double clique sur Navilog1.bat.
- Choisis pour la langue le français, puis l'option 1 et valide.
Attention : n’utilise surtout pas les options 2,3 ou 4 maintenant. (tu risquerais d’endommager ton pc)
- Patiente jusqu'au message : < Analyse Terminée le ..... > Ensuite appuie sur une touche comme demandé. Le Bloc-notes va s'ouvrir.
- Fais un copier coller du rapport généré et poste-le ici stp.
NB : Le rapport se trouve aussi à la racine de ton disque : fixnavi.txt

Ensuite,
> Démarre en mode sans échec : (image). Si problème : tuto ici
- Dans le dossier "SmitfraudFix" ouvre "Smitfraudfix.cmd" puis choisit l 'option 2 et tape "oui" pour toutes les questions.
- Enregistre le rapport puis envoie le dans ton prochain poste.

Et puis pour finir poste un nouveau rapport HiJackT stp.

Après on continue (oui il y a du monde sur ton PC..)

:)

A+
Fire Walk with Me ~~~~~~~~~~> o_Ö

Pour le rapport Navilog, ton message n'en faisait pas mention dans le courriel que j'ai reçu du site, m'avertissant d'une réponse. Désolé, j'aurais dû venir voir ici. :-)

Search Navipromo version 3.5.2 commencé le 2008-03-31 à 19:25:05,98

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "Vincent"

Mise à jour le 29.03.2008 à 22h00 par IL-MAFIOSO


Microsoft Windows XP [Version 5.1.2600]
Internet Explorer : 7.0.5730.11
Système de fichiers : NTFS

Executé en mode normal

*** Recherche Programmes installés ***




*** Recherche dossiers dans C:\windows ***



*** Recherche dossiers dans C:\Program Files ***



*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\APPLIC~1 ***




*** Recherche dossiers dans "C:\Documents and Settings\Vincent\applic~1" ***



*** Recherche dossiers dans "C:\Documents and Settings\Vincent\locals~1\applic~1" ***



*** Recherche dossiers dans "C:\Documents and Settings\Vincent\startm~1\programs" ***


*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs ***


*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

Aucun Fichier trouvé



*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans C:\windows\system32 *

* Recherche dans "C:\Documents and Settings\Vincent\locals~1\applic~1" *

* Recherche dans "C:\DOCUME~1\Claudia\locals~1\applic~1" *

* Recherche dans "C:\DOCUME~1\Johanne\locals~1\applic~1" *

* Recherche dans "C:\DOCUME~1\Larry\locals~1\applic~1" *

* Recherche dans "C:\DOCUME~1\Pascal\locals~1\applic~1" *



*** Recherche fichiers ***




*** Recherche clés spécifiques dans le Registre ***


*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :


2)Recherche Heuristique :

* Dans C:\windows\system32 :


* Dans "C:\Documents and Settings\Vincent\locals~1\applic~1" :


* Dans "C:\DOCUME~1\Claudia\locals~1\applic~1" :


* Dans "C:\DOCUME~1\Johanne\locals~1\applic~1" :


* Dans "C:\DOCUME~1\Larry\locals~1\applic~1" :


* Dans "C:\DOCUME~1\Pascal\locals~1\applic~1" :


3)Recherche Certificats :

Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche fichiers connus :



*** Analyse terminée le 2008-03-31 à 19:33:26,26 ***




J'ai aussi fait le truc en mode sans échec...

SmitFraudFix v2.309

Scan done at 19:46:46,64, 2008-03-31
Run from C:\Documents and Settings\Vincent\My Documents\PC\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{33528DED-5EFE-45D0-9F38-0627012E847C}: DhcpNameServer=10.10.1.2 10.11.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{CA056A18-CCAC-459D-8116-900E53B6D6B9}: NameServer=142.217.192.9,142.217.192.8
HKLM\SYSTEM\CCS\Services\Tcpip\..\{F4D48D1A-B598-44A1-9894-62CEE98FCF05}: DhcpNameServer=10.10.1.2 10.11.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{33528DED-5EFE-45D0-9F38-0627012E847C}: DhcpNameServer=10.10.1.2 10.11.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{CA056A18-CCAC-459D-8116-900E53B6D6B9}: NameServer=142.217.192.9,142.217.192.8
HKLM\SYSTEM\CS1\Services\Tcpip\..\{F4D48D1A-B598-44A1-9894-62CEE98FCF05}: DhcpNameServer=10.10.1.2 10.11.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{33528DED-5EFE-45D0-9F38-0627012E847C}: DhcpNameServer=10.10.1.2 10.11.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{CA056A18-CCAC-459D-8116-900E53B6D6B9}: NameServer=142.217.192.9,142.217.192.8
HKLM\SYSTEM\CS2\Services\Tcpip\..\{F4D48D1A-B598-44A1-9894-62CEE98FCF05}: DhcpNameServer=10.10.1.2 10.11.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End


Voilà! Et non, je n'ai plus de pubs, le problème de base est donc correct, mais tant qu'à y être... Merci encore une fois pour toutes les indications!

Bonjour Vincent,
Bon désolé mais Navilog n'a rien trouvé (mais je ne m'y attendais pas) par contre pour Smitfraudfix j'aurais du prévoir que le combo l'aurais fait...

Bref,
on continue parce qu'il en reste : tu as toujours une infection Vundo (elles sont souvent coriaces).

La procédure est longue parce que je te mets tous d'un coup. Mais c'est le PC qui va le plus travailler.

1°/ NETTOYAGE AU SEAU D'EAU + DETERGENT :

> Les logiciels suivants (AVG et Ccleaner) te seront utiles par la suite - ils sont à conserver...

> Télécharge et installe sur ton PC AVG anti-spyware (si tu as déjà les programmes alors fais juste les mises à jour) : http://www.commentcamarche.net/telecharger/telecharger 218 avg anti spyware, fais les mises à jour puis ferme le programme.

> Télécharge et installe Ccleaner : http://www.commentcamarche.net/telecharger/telecharger 168 ccleaner, fais les mises à jour puis ferme le programme.
Si besoin est tu trouveras des Tutoriaux ici :
http://kerio.probb.fr/... , http://www.malekal.com/tutorial_CCleaner.html et [http://perso.orange.fr/jesses/Docs/Logiciels/CCleaner

> Télécharge Cleaner : http://www.malekal.com/download/clean.zip (différent de Ccleaner),

> Télécharge SDFix sur ton bureau
- Double clique sur l'archive SDFix qui à été créé sur le Bureau et installe le programme (l'installation va créer un dossier (à la racine du disque dur par défaut) nommé SDFix). Ferme ensuite le programme.

> Commence par faire un copier/coller de ce poste (c'est manip.) : (conseillé)
Ouvre un nouveau fichier Bloc notes (clique sur "Démarrer" => "Programmes" =>"Accessoires" => "Bloc notes"),
puis fait un copier/coller de tout le contenu de la fenêtre de ce poste dans le fichier texte.
Sauvegarde le sur le bureau, tu pourras alors y avoir accès même déconnecté ou en mode sans échec.

> Démarre en mode sans échec : (image). Si problème : tuto ici

> Lance AVG,
- Clique sur le menu Analyse (de la barre d'outils). Clique après sur l'onglet Paramètres, puis <Dans Comment réagir?> clique sur <Actions recommandées> et choisi <Supprimer>.
- Vérifie que toutes les cases sont cochées dans <Comment faire l'analyse ?> et dans <Programmes potentiellement dangereux> et vérifie que le bouton-radio <Générer un rapport après chaque analyse> soit aussi coché.
- Vas dans l'onglet 'Analyse', puis clique <Analyse complète du système>.
Remarque : Une fois l'analyse terminée, il faut faire un clique droit sur un fichier infecté et demander à "AVG Anti-Spyware 7.5" de le supprimer.
Puis clique sur "Appliquer toutes les actions" afin de tout supprimer automatiquement.
- Clique sur "Enregistrer le rapport" puis enregistre le sur ton bureau.
- Fais un copier/coller du rapport généré dans ton prochain poste.

> Lance Ccleaner,
- Choisi l’onglet "Options" puis clique sur "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier temp de Windows, plus vieux que 48 heures" (tout doit être supprimé).
- Dans l'onglet "Nettoyeur" clique sur "Analyse".
- Une fois l'analyse terminée, clique sur "Lancer le Nettoyage".
- Dans l'onglet "registre" => Recherches des erreurs => Réparer les erreurs sélectionnées => enregistre une sauvegarde => corriger toutes erreurs sélectionnées => ok => fermer.
N.B : Si Ccleaner te propose d'enregistrer une sauvegarde, reponds oui et enregistre sous 'Bureau'
Recommence jusqu’à ce qu’il ne trouve plus rien (cela varie en général entre 1 et 4 fois).

> Pour Clean (encore en mode sans échec) :
- Double-clic sur clean.cmd
- Une fenêtre va apparaître, choisis l'option 2, suis les consignes et poste le rapport clean (Le rapport clean se trouve ici : C:\rapport_clean.txt)
NB : Si besoin, clean : http://mickael.barroux.free.fr/securite/clean.php

> Pour SDFix (toujours en mode sans échec) :
- Vas dans c:/SDFix et double-clique sur RunThis.bat
- Appuie sur < Y > puis < Entrée >....Le nettoyage commance....patience...
- Le programme va te demander de relancer le PC, frappe une touche...
- Le nettoyage se termine...un rapport apparait...
-Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse

> Relance ton PC en mode normal

2°/ NETTOYAGE DE FINITION : LE POOLISH

> Repasse un coup de combofix et ne redémarre pas ton PC (sauf si tu y es invité)

Ensuite,
>Télécharge VundoFix : http://www.atribune.org/ccount/click.php?id=4 (par Atribune) sur ton Bureau.
- Lance le programme, puis clique sur le bouton <Scan for Vundo>
- Lorsque le scan est complété, clique sur le bouton <Remove Vundo>
- Une invite te demandera si tu veux supprimer les fichiers, clique <YES> (le Bureau disparaîtra lors de la suppression des fichiers).
- Tu verras une invite qui t'annonce que ton PC va redémarrer; clique <OK>
- Copie/colle le contenu du rapport situé dans C:\vundofix.txt dans ton prochain poste.
Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage.
Si un message runtime error '339' s'affiche : télécharge MSWINSCK.OCX du lien ci-dessous, et place-le dans le dossier C:\Windows\System32
http://www.ascentive.com/support/new/images/lib/MSWINSCK.OCX

> Relance ton PC en mode normal puis Hijackthis :
Puis sélectionne < do a system scan and save a logfile >,

Et envoie moi, par collier/coller, ton log Hijackthis stp,

Bon courage, après cela normalement on termine.

:)

NB : N'oublie pas de poster TOUS les rapports stp (AVG, Clean (différent de Ccleaner), SDFix, Combofix, Vundofix puis HiJAckT).

As tu toujours des pubs ? Si oui, as tu accepté le sponsor MSN+ ?

A+ Fire Walk with Me ~~~~~~~~~~> o_Ö

Merci encore pour toutes les instructions que j'ai suivies à la lettre. Voici les nombreux rapports...


AVG

Bon... Il n'y a pas vraiment de rapport... Après l'analyse (plus que 4h!), j'ai cliqué sur "appliquer toutes les actions", puis je me suis rendu compte que je ne pouvais pas cliquer sur "Enregistrer le rapport". J'avais pourtant tout fait comme mentionné, il me semble. J'ai donc pris une capture d'écran. Il y avait beaucoup de tracking cookie, et 4 trucs de niveau élevé, effacés avec succès.

-Trojan.ClassLoader.g
-Hijacker.StartPage.afb
-Trojan.Agent.cj
-Backdoor.Hupigon


Clean

Script executed in Safe Mode
Rapport clean par Malekal_morte - http://www.malekal.com
Script executed in Safe Mode 2008-04-03 a 16:41:54,50

Microsoft Windows XP [Version 5.1.2600]

*** Suppression C:

*** Suppression C:\windows\
tentative de suppression de C:\windows\ALCXMNTR.EXE

*** Suppression C:\windows\system32

*** Suppression C:\Program Files

*** Deletion of the registry keys successful..
*** End of the report !


Je trouvais un peu étrange de voir "Suppression C:\windows\system32" et puis la même chose avec Program Files... J'ai continué quand même. xD


SDFix

[b]SDFix: Version 1.165 /b

Run by Vincent on 2008-04-03 at 16:50

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

[b]Checking Services /b:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting


[b]Checking Files /b:

Trojan Files Found:

C:\WINDOWS\SYSTEM32\IALMCOIN.DLL - Deleted





Removing Temp Files

[b]ADS Check /b:



[b]Final Check /b:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-03 17:03:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:47dca5ec
"s2"=dword:b26a6f77
"h0"=dword:00000002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000001
"ujdew"=hex:57,1c,b3,5c,fc,dc,6e,90,ad,20,62,98,0f,c3,0c,dd,5c,0f,ad,5e,ff,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:b7,85,24,94,b2,56,7d,02,d9,cb,3f,cf,25,b9,05,f6,89,f7,75,76,ab,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,e8,f7,78,da,d9,c6,b6,de,70,79,65,2e,8c,76,ba,72,ee,..
"khjeh"=hex:c3,10,31,ec,ca,02,6f,61,a8,9b,f0,21,f7,16,32,4b,b2,d7,fb,45,5a,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:64,62,02,00,48,b9,1d,00,00,00,00,00,e8,ff,ff,ff,b8,29,50,00,00,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:d7,7a,df,1d,a2,6c,da,d3,fd,c9,9d,1f,bc,51,eb,1f,a4,43,ee,df,1f,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:b5,a8,c9,5a,81,13,9e,7f,e9,64,a7,b0,a4,55,eb,4d,e9,f2,45,68,46,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
"khjeh"=hex:c1,a9,c9,2f,b0,a0,0a,72,5e,fa,31,5f,a4,26,98,e1,08,08,f4,fd,f8,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000001
"ujdew"=hex:57,1c,b3,5c,fc,dc,6e,90,ad,20,62,98,0f,c3,0c,dd,5c,0f,ad,5e,ff,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:b7,85,24,94,b2,56,7d,02,d9,cb,3f,cf,25,b9,05,f6,89,f7,75,76,ab,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,e8,f7,78,da,d9,c6,b6,de,70,79,65,2e,8c,76,ba,72,ee,..
"khjeh"=hex:c3,10,31,ec,ca,02,6f,61,a8,9b,f0,21,f7,16,32,4b,b2,d7,fb,45,5a,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:64,62,02,00,b8,3f,15,00,65,00,6d,00,08,00,00,00,00,00,00,00,e0,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:d7,7a,df,1d,a2,6c,da,d3,fd,c9,9d,1f,bc,51,eb,1f,a4,43,ee,df,1f,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:b5,a8,c9,5a,81,13,9e,7f,e9,64,a7,b0,a4,55,eb,4d,e9,f2,45,68,46,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
"khjeh"=hex:c1,a9,c9,2f,b0,a0,0a,72,5e,fa,31,5f,a4,26,98,e1,08,08,f4,fd,f8,..

scanning hidden registry entries ...

scanning hidden files ...


scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 51


[b]Remaining Services /b:



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[b]Remaining Files /b:


File Backups: - C:\SDFix\backups\backups.zip

[b]Files with Hidden Attributes /b:

Tue 30 Dec 2003 196 A.SHR --- "C:\BOOT.BAK"
Mon 25 Feb 2008 24 ..SH. --- "C:\WINDOWS\SB207ED1C.tmp"
Thu 1 Jan 2004 0 A.SH. --- "C:\WINDOWS\SMINST\HPCD.sys"
Sun 1 Apr 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sat 10 Mar 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Wed 8 Aug 2007 400 A..H. --- "C:\Program Files\Common Files\Symantec Shared\COH\COH32LU.reg"
Wed 8 Aug 2007 403 A..H. --- "C:\Program Files\Common Files\Symantec Shared\COH\COHDLU.reg"
Thu 8 Jan 2004 876,544 A..H. --- "C:\Documents and Settings\Larry\My Documents\Pluritec\secr‚tariat\03380\Devis\~WRL3527.tmp"
Thu 31 Mar 2005 73,728 A..H. --- "C:\Documents and Settings\Larry\My Documents\Pluritec\secr‚tariat\03377\Devis\Proc‚d‚\~WRL0218.tmp"
Tue 1 Jun 2004 126,976 A..H. --- "C:\Documents and Settings\Larry\My Documents\Pluritec\secr‚tariat\04408\Devis\M‚canique\~WRL0158.tmp"
Tue 1 Jun 2004 36,864 A..H. --- "C:\Documents and Settings\Larry\My Documents\Pluritec\secr‚tariat\04408\Devis\M‚canique\~WRL1243.tmp"

[b]Finished!/b


ComboFix

ComboFix 08-03-30.2 - Vincent 2008-04-03 17:09:45.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.157 [GMT -4:00]
Running from: C:\Documents and Settings\Vincent\My Documents\PC\ComboFix.exe

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!/b/color
.

((((((((((((((((((((((((( Files Created from 2008-03-03 to 2008-04-03 )))))))))))))))))))))))))))))))
.

2008-04-03 16:46 . 2008-04-03 16:47 <DIR> d-------- C:\WINDOWS\ERUNT
2008-04-03 16:46 . 2008-04-03 17:07 <DIR> d-------- C:\SDFix
2008-04-01 16:00 . 2008-04-01 16:00 <DIR> d-------- C:\Documents and Settings\Vincent\Application Data\Grisoft
2008-04-01 16:00 . 2008-04-01 16:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-01 16:00 . 2007-05-30 08:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-03-31 19:23 . 2008-03-31 19:36 <DIR> d-------- C:\Program Files\Navilog1
2008-03-30 21:29 . 2008-03-31 19:46 506 --a------ C:\WINDOWS\system32\tmp.reg
2008-03-28 08:18 . 2008-03-29 10:14 594 ---hs---- C:\WINDOWS\system32\gtaqbbcm.ini
2008-03-28 07:19 . 2008-03-28 07:19 294 --ahs---- C:\WINDOWS\system32\jxcsgmsa.ini
2008-03-28 07:15 . 2008-03-28 07:15 54,336 --a------ C:\WINDOWS\system32\phrmaard.dll
2008-03-27 20:03 . 2008-03-27 20:03 294 --ahs---- C:\WINDOWS\system32\ignirqln.ini
2008-03-26 06:47 . 2008-03-26 08:08 <DIR> d-------- C:\WINDOWS\DvzCommon
2008-03-25 22:29 . 2008-03-25 22:29 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-03-11 08:29 . 2008-03-31 17:02 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-11 08:29 . 2008-03-11 08:29 1,409 --a------ C:\WINDOWS\QTFont.for

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-03 21:13 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-03 20:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-03-29 14:33 --------- d-----w C:\Program Files\QuickTime
2008-03-29 00:38 --------- d-----w C:\Documents and Settings\Larry\Application Data\Azureus
2008-03-28 12:32 --------- d-----w C:\Program Files\palmOne
2008-03-26 12:11 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-24 19:38 --------- d-----w C:\Program Files\Warcraft III
2008-03-22 15:36 --------- d-----w C:\Documents and Settings\Larry\Application Data\Vso
2008-03-21 00:14 --------- d-----w C:\Program Files\adslTV
2008-03-19 20:15 --------- d-----w C:\Program Files\Alcohol 120
2008-03-19 01:52 --------- d-----w C:\Documents and Settings\Johanne\Application Data\Active Disk
2008-03-12 04:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-03-08 21:00 --------- d-----w C:\Program Files\TI Education
2008-03-08 21:00 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-03-08 20:54 --------- d-----w C:\Program Files\Call of Duty Game of the Year Edition
2008-03-07 22:54 --------- d-----w C:\Program Files\Azureus
2008-03-07 01:32 706 ----a-w C:\windows\system32\drivers\COH_Mon.inf
2008-03-07 01:32 23,904 ----a-w C:\windows\system32\drivers\COH_Mon.sys
2008-03-07 01:32 10,537 ----a-w C:\windows\system32\drivers\coh_mon.cat
2008-02-29 02:37 --------- d-----w C:\Documents and Settings\Larry\Application Data\Active Disk
2008-02-27 01:48 --------- d-----w C:\Program Files\MagicISO
2008-02-26 23:53 --------- d-----w C:\Program Files\Clone CD DVD
2008-02-26 22:44 --------- d-----w C:\Program Files\Microsoft Games
2008-02-25 01:53 --------- d-----w C:\Documents and Settings\Vincent\Application Data\Active Disk
2008-02-25 00:26 716,272 ----a-w C:\windows\system32\drivers\sptd.sys
2008-02-23 16:30 --------- d-----w C:\Program Files\Common Files\AVSMedia
2008-02-23 16:28 --------- d-----w C:\Documents and Settings\Larry\Application Data\vlc
2008-02-23 16:23 --------- d-----w C:\Program Files\AVSMedia
2008-02-23 15:25 --------- d-----w C:\Documents and Settings\Larry\Application Data\AVSMedia
2008-02-23 15:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\AVS4YOU
2008-02-19 18:44 96,432 ----a-w C:\windows\system32\drivers\symfw.sys
2008-02-19 18:44 41,008 ----a-w C:\windows\system32\drivers\symndisv.sys
2008-02-19 18:44 38,576 ----a-w C:\windows\system32\drivers\symids.sys
2008-02-19 18:44 37,424 ----a-w C:\windows\system32\drivers\symndis.sys
2008-02-19 18:44 31,408 ----a-w C:\windows\system32\drivers\SymIM.sys
2008-02-19 18:44 22,320 ----a-w C:\windows\system32\drivers\symredrv.sys
2008-02-19 18:44 188,464 ----a-w C:\windows\system32\drivers\symtdi.sys
2008-02-19 18:44 13,616 ----a-w C:\windows\system32\drivers\symdns.sys
2008-02-19 18:44 13,021 ----a-w C:\windows\system32\drivers\SymRedir.cat
2008-02-19 18:44 1,612 ----a-w C:\windows\system32\drivers\SymRedir.inf
2008-02-15 22:20 --------- d-----w C:\Documents and Settings\Johanne\Application Data\Symantec
2008-02-09 02:16 --------- d-----w C:\Documents and Settings\Larry\Application Data\WinBatch
2008-02-06 03:00 --------- d-----w C:\Program Files\Java
2007-03-20 02:38 87,608 ----a-w C:\Documents and Settings\Larry\Application Data\ezpinst.exe
2007-03-20 02:38 47,360 ----a-w C:\Documents and Settings\Larry\Application Data\pcouffin.sys
1999-05-06 03:22 112,439 ----a-w C:\Documents and Settings\All Users\DIALER.EXE
2003-12-31 03:01 32 -csha-w C:\windows\{F95A3A16-61EC-4680-BCE2-07643A08816F}.dat
2004-01-02 01:04 0 -csha-w C:\windows\SMINST\HPCD.sys
2003-12-31 03:01 32 --sha-w C:\windows\system32\{B018F0C9-07DA-4578-827B-6CABE8329707}.dat
.

((((((((((((((((((((((((((((( snapshot@2008-03-30_22.00.36.57 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-01 14:56:58 163,328 ----a-w C:\windows\ERUNT\SDFIX\ERDNT.EXE
+ 2008-04-03 20:47:24 5,586,944 ----a-w C:\windows\ERUNT\SDFIX\Users\[u]0/u0000001\NTUSER.DAT
+ 2008-04-03 20:47:24 147,456 ----a-w C:\windows\ERUNT\SDFIX\Users\[u]0/u0000002\UsrClass.dat
+ 2008-04-01 14:56:58 163,328 ----a-w C:\windows\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-04-03 20:47:08 5,586,944 ----a-w C:\windows\ERUNT\SDFIX_First_Run\Users\[u]0/u0000001\NTUSER.DAT
+ 2008-04-03 20:47:08 147,456 ----a-w C:\windows\ERUNT\SDFIX_First_Run\Users\[u]0/u0000002\UsrClass.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2B0B59B4-55A3-4737-9FD5-B93C6430BF75}]
2008-03-28 07:15 54336 --a------ C:\windows\system32\phrmaard.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
2007-08-24 15:51 316784 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-01-31 09:06 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= "C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll" [2007-08-24 15:51 316784]

[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [2007-08-24 15:51 316784]

[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIEW"="nview.dll" [2003-03-03 19:44 831557 C:\WINDOWS\system32\nview.dll]
"ctfmon.exe"="C:\windows\system32\ctfmon.exe" [2004-08-04 01:56 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-09-03 16:18 94208]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-31 14:15 51048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:56 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"= 1 (0x1)
"AllowUnhashedWebView"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
C:\Program Files\Softex\OmniPass\opxpgina.dll 2003-02-21 06:50 40960 C:\Program Files\Softex\OmniPass\OPXPGina.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yayabbb]
yayabbb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CamMonitor]
--a------ 2002-06-22 10:27 69632 c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
--a--c--- 2002-04-17 20:42 69632 c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageGuard]
--a------ 2003-02-13 11:01 155648 C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon []
R3 COH_Mon;COH_Mon;C:\windows\system32\Drivers\COH_Mon.sys [2008-03-06 21:32]
R3 EPPSCSIx;EPPSCSI Driver;C:\windows\system32\DRIVERS\EPPSCAN.sys [2002-03-06 15:20]
R3 SymIMMP;SymIMMP;C:\windows\system32\DRIVERS\SymIM.sys [2008-02-19 14:44]
S3 BRGSp50;BRGSp50 NDIS Protocol Driver;C:\windows\system32\Drivers\BRGSp50.sys [2005-06-08 18:44]
S3 PCDRDRV;Pcdr Helper Driver;C:\PROGRA~1\PC-DOC~1\DIAGNO~1\PCDRDRV.sys []
S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\windows\system32\DRIVERS\SymIM.sys [2008-02-19 14:44]
S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS);C:\windows\system32\DRIVERS\zd1211Bu.sys [2006-08-24 13:44]

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-03-29 13:21:37 C:\windows\Tasks\Norton Internet Security - Effectuer une analyse complète du système - Larry.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeh/TASK:
"2008-03-24 16:32:01 C:\windows\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe
"2007-04-29 15:14:40 C:\windows\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-03 17:13:56
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Iomega Activity Disk2]
"ImagePath"="\"\""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\windows\system32\winlogon.exe
-> C:\Program Files\Softex\OmniPass\opxpgina.dll
.
Completion time: 2008-04-03 17:16:43
ComboFix-quarantined-files.txt 2008-04-03 21:16:34
ComboFix2.txt 2008-03-31 20:07:21
Pre-Run: 42,475,032,576 bytes free
Post-Run: 42,515,537,920 bytes free
.
2008-03-12 04:55:35 --- E O F ---


VundoFix

VundoFix V7.0.3

Scan started at 17:19:28 2008-04-03

Listing files found while scanning....

C:\windows\system32\phrmaard.dll

Beginning removal...

Attempting to delete C:\windows\system32\phrmaard.dll
C:\windows\system32\phrmaard.dll Has been deleted!

Performing Repairs to the registry.
Done!


Hijack This

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:39:27, on 2008-04-03
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\System32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Documents and Settings\Vincent\My Documents\PC\AVG anti spyware\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\windows\system32\HPZipm12.exe
C:\windows\System32\svchost.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\Explorer.EXE
C:\windows\system32\wuauclt.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\WINDOWS\DvzCommon\DvzMsgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: Afficher Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: DataViz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CA056A18-CCAC-459D-8116-900E53B6D6B9}: NameServer = 142.217.192.9,142.217.192.8
O20 - Winlogon Notify: yayabbb - yayabbb.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\System32\Ati2evxx.exe
O23 - Service: Planificateur LiveUpdate automatique (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Documents and Settings\Vincent\My Documents\PC\AVG anti spyware\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: License Management Service ESD - element5 - C:\Program Files\Common Files\element5 Shared\Service\Licence Manager ESD.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\windows\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe
End of file - 7450 bytes



Désolé pour le temps de réponse, mais j'ai fait du mieux que je pouvais. Merci encore. :)

Bonjour,
Bon joué,
et bien c'est mieux !
Pas grave pour le retard.

:)

On continue,
> Lance Hijackthis :
- Puis sélectionne < Do a system scan only >
- Coche les cases des lignes suivantes :

O20 - Winlogon Notify: yayabbb - yayabbb.dll (file missing)

Ensuite,
- Ferme toutes les autres fenêtres et applications (même internet)
- Clic sur < fixe checked >

Après,
> Fais un scan en ligne avec Kaspersky : http://webscanner.kaspersky.fr/
- Sous Démonstration en ligne, on t'explique la marche à suivre, et pour lancer le scan il faut sélectionner < Exécuter l'analyse en ligne >.
Le scan ne marche que sous Internet Explorer.
- On va te demander de télécharger un contôle active x, accepte .
- Dans le menu Choisissez la cible de l'analyse, sélectionne Poste de travail. Le scan va commencer.
- Poste le rapport qui sera généré stp.
S'il y a un problème, assure toi que les contrôles active x sont bien configurés dans les options internet comme décrit sur ce lien : http://www.inoculer.com/activex.php3
Rappel : le scan est à faire sous Internet Explorer
Tuto ici si problème : http://www.vista-xp.fr/forum/topic109.html

Et puis on termine.

As tu un réseau intranet (comme une entreprise) et quel est ton fournisseur d'accès internet (orange, free...) ?

A+
Fire Walk with Me ~~~~~~~~~~> o_Ö

Voilà, le temps d'attente a été encore plus long que l'autre fois... J'ai bien fais ce que tu m'as dit avec HijackThis.

Kapersky

------------------------------------------------------------­-------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, April 11, 2008 2:41:18 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 11/04/2008
Kaspersky Anti-Virus database records: 625106
------------------------------------------------------------­-------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
G:\
H:\
I:\
J:\
K:\
L:\
Y:\
Z:\

Scan Statistics:
Total number of scanned objects: 260610
Number of viruses found: 1
Number of infected objects: 4
Number of suspicious objects: 0
Duration of the scan process: 06:09:33

Infected Object Name / Virus Name / Last Action
C:\da625099d11969a350d804\update\update.exe Object is locked skipped
C:\da625099d11969a350d804\update\wpdinstallutil.dll Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\ccSubSDK\submissions.idx Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.DAT Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\volatile.DAT Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\{2C43E693-BF83-457A-AA2E-ED8AC6FA0B39}.DAT Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\{6CABB68B-3462-4919-B625-B8321E976F44}.DAT Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\{869FC37B-E6F2-4A7E-8D67-4F65384CCF1A}.DAT Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\{F4C7ACCF-D511-4994-86A4-967725C29A83}.DAT Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2008-04-10_Log.ALUSchedulerSvc.Live­Update Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Log.LiveUpdate Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\index.qbs Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBConfig.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDebug.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDetect.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBNotify.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBRefr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetDev.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetLoc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetUsr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBStHash.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBValid.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\Shl_{92332069-894A-4336-87A7-2AE1C83D313­F}.ldb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\Shl_{92332069-894A-4336-87A7-2AE1C83D313­F}.sds Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPPolicy.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStart.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStop.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtErEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\12D13D4A.TMP Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\BA51F691.TMP Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\FC85ADE8.TMP Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtScEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtViEvt.log Object is locked skipped
C:\Documents and Settings\Claudia\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Claudia\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Larry\Application Data\Symantec\NPMDataStore\CIMStore.xml Object is locked skipped
C:\Documents and Settings\Larry\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Larry\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Larry\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Larry\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Larry\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Larry\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Larry\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Vincent\Application Data\Symantec\NPMDataStore\CIMStore.xml Object is locked skipped
C:\Documents and Settings\Vincent\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Vincent\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Vincent\Local Settings\Application Data\Microsoft\Messenger\supervin4@hotmail.com\SharingMetada­ta\Logs\Dfsr00005.log Object is locked skipped
C:\Documents and Settings\Vincent\Local Settings\Application Data\Microsoft\Messenger\supervin4@hotmail.com\SharingMetada­ta\pending.dat Object is locked skipped
C:\Documents and Settings\Vincent\Local Settings\Application Data\Microsoft\Messenger\supervin4@hotmail.com\SharingMetada­ta\Working\database_5838_F6DB_38F6_B6DA\dfsr.db Object is locked skipped
C:\Documents and Settings\Vincent\Local Settings\Application Data\Microsoft\Messenger\supervin4@hotmail.com\SharingMetada­ta\Working\database_5838_F6DB_38F6_B6DA\fsr.log Object is locked skipped
C:\Documents and Settings\Vincent\Local Settings\Application Data\Microsoft\Messenger\supervin4@hotmail.com\SharingMetada­ta\Working\database_5838_F6DB_38F6_B6DA\fsrtmp.log Object is locked skipped
C:\Documents and Settings\Vincent\Local Settings\Application Data\Microsoft\Messenger\supervin4@hotmail.com\SharingMetada­ta\Working\database_5838_F6DB_38F6_B6DA\tmp.edb Object is locked skipped
C:\Documents and Settings\Vincent\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Vincent\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Vincent\Local Settings\Application Data\Microsoft\Windows Live Contacts\supervin4@hotmail.com\real\members.stg Object is locked skipped
C:\Documents and Settings\Vincent\Local Settings\Application Data\Microsoft\Windows Live Contacts\supervin4@hotmail.com\shadow\members.stg Object is locked skipped
C:\Documents and Settings\Vincent\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Vincent\Local Settings\History\History.IE5\MSHist012008041020080411\index.­dat Object is locked skipped
C:\Documents and Settings\Vincent\Local Settings\Temp\~DF7103.tmp Object is locked skipped
C:\Documents and Settings\Vincent\Local Settings\Temp\~DF71C8.tmp Object is locked skipped
C:\Documents and Settings\Vincent\Local Settings\Temp\~DF9471.tmp Object is locked skipped
C:\Documents and Settings\Vincent\Local Settings\Temp\~DF9516.tmp Object is locked skipped
C:\Documents and Settings\Vincent\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Vincent\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Vincent\ntuser.dat.LOG Object is locked skipped
C:\f6eafe192cc6b1e5f404c5af932f98\update\update.exe Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\NFWEVT.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\Program Files\palmOne\Palm3\DS.DVZ Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\xxyvwtu.dll.vir Infe­cted: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\catchme2008-03-30_215710.50.zip/ssqrr.d­ll Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\catchme2008-03-30_215710.50.zip/yayabbb­.dll Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\catchme2008-03-30_215710.50.zip ZIP: infected - 2 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\R­P549\change.log Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\callcont.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\gdi32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\h323.tsp Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\helpctr.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\mf3216.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\msgina.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\mst120.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\netapi32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\schannel.dll Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{89E1D57F-6253-44­B4-A450-3CAA6B9BFAF7}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edbtmp.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\dtscsi.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\JETE752.tmp Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\da625099d11969a350d804\update\update.exe Object is locked skipped
D:\da625099d11969a350d804\update\wpdinstallutil.dll Object is locked skipped
D:\f6eafe192cc6b1e5f404c5af932f98\update\update.exe Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\WINDOWS\$NtUninstallKB835732$\callcont.dll Object is locked skipped
D:\WINDOWS\$NtUninstallKB835732$\gdi32.dll Object is locked skipped
D:\WINDOWS\$NtUninstallKB835732$\h323.tsp Object is locked skipped
D:\WINDOWS\$NtUninstallKB835732$\h323msp.dll Object is locked skipped
D:\WINDOWS\$NtUninstallKB835732$\helpctr.exe Object is locked skipped
D:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll Object is locked skipped
D:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll Object is locked skipped
D:\WINDOWS\$NtUninstallKB835732$\mf3216.dll Object is locked skipped
D:\WINDOWS\$NtUninstallKB835732$\msasn1.dll Object is locked skipped
D:\WINDOWS\$NtUninstallKB835732$\msgina.dll Object is locked skipped
D:\WINDOWS\$NtUninstallKB835732$\mst120.dll Object is locked skipped
D:\WINDOWS\$NtUninstallKB835732$\netapi32.dll Object is locked skipped
D:\WINDOWS\$NtUninstallKB835732$\nmcom.dll Object is locked skipped
D:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll Object is locked skipped
D:\WINDOWS\$NtUninstallKB835732$\schannel.dll Object is locked skipped

Scan process completed.




Et oui, il y a un réseau intranet, enfin il me semble, un autre utiliosateur utilise cet ordinateur pour se connecter à son bureau. Pour ce qui est du fournisseur internet, euh..... Télébec/Sympatico/Bell (tous la même chose, il me semble). Je suis au Québec...

Merci encore une fois.

Voilà, le temps d'attente a été encore plus long que l'autre fois... J'ai bien fais ce que tu m'as dit avec HijackThis.

Kapersky

------------------------------------------------------------­-------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, April 11, 2008 2:41:18 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 11/04/2008
Kaspersky Anti-Virus database records: 625106
------------------------------------------------------------­-------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
G:\
H:\
I:\
J:\
K:\
L:\
Y:\
Z:\

Scan Statistics:
Total number of scanned objects: 260610
Number of viruses found: 1
Number of infected objects: 4
Number of suspicious objects: 0
Duration of the scan process: 06:09:33

Infected Object Name / Virus Name / Last Action
C:\da625099d11969a350d804\update\update.exe Object is locked skipped
C:\da625099d11969a350d804\update\wpdinstallutil.dll Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\ccSubSDK\submissions.idx Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.DAT Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\volatile.DAT Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\{2C43E693-BF83-457A-AA2E-ED8AC6FA0B39}.DAT Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\{6CABB68B-3462-4919-B625-B8321E976F44}.DAT Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\{869FC37B-E6F2-4A7E-8D67-4F65384CCF1A}.DAT Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\{F4C7ACCF-D511-4994-86A4-967725C29A83}.DAT Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2008-04-10_Log.ALUSchedulerSvc.Live­Update Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Log.LiveUpdate Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\index.qbs Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBConfig.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDebug.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDetect.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBNotify.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBRefr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetDev.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetLoc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetUsr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBStHash.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBValid.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\Shl_{92332069-894A-4336-87A7-2AE1C83D313­F}.ldb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\Shl_{92332069-894A-4336-87A7-2AE1C83D313­F}.sds Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPPolicy.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStart.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStop.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtErEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\12D13D4A.TMP Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\BA51F691.TMP Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\FC85ADE8.TMP Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtScEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtViEvt.log Object is locked skipped
C:\Documents and Settings\Claudia\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Claudia\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Larry\Application Data\Symantec\NPMDataStore\CIMStore.xml Object is locked skipped
C:\Documents and Settings\Larry\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Larry\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Larry\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Larry\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Larry\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Larry\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Larry\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Vincent\Application Data\Symantec\NPMDataStore\CIMStore.xml Object is locked skipped
C:\Documents and Settings\Vincent\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Vincent\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Vincent\Local Settings\Application Data\Microsoft\Messenger\supervin4@hotmail.com\SharingMetada­ta\Logs\Dfsr00005.log Object is locked skipped
C:\Documents and Settings\Vincent\Local Settings\Application Data\Microsoft\Messenger\supervin4@hotmail.com\SharingMetada­ta\pending.dat Object is locked skipped
C:\Documents and Settings\Vincent\Local Settings\Application Data\Microsoft\Messenger\supervin4@hotmail.com\SharingMetada­ta\Working\database_5838_F6DB_38F6_B6DA\dfsr.db Object is locked skipped
C:\Documents and Settings\Vincent\Local Settings\Application Data\Microsoft\Messenger\supervin4@hotmail.com\SharingMetada­ta\Working\database_5838_F6DB_38F6_B6DA\fsr.log Object is locked skipped
C:\Documents and Settings\Vincent\Local Settings\Application Data\Microsoft\Messenger\supervin4@hotmail.com\SharingMetada­ta\Working\database_5838_F6DB_38F6_B6DA\fsrtmp.log Object is locked skipped
C:\Documents and Settings\Vincent\Local Settings\Application Data\Microsoft\Messenger\supervin4@hotmail.com\SharingMetada­ta\Working\database_5838_F6DB_38F6_B6DA\tmp.edb Object is locked skipped
C:\Documents and Settings\Vincent\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Vincent\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Vincent\Local Settings\Application Data\Microsoft\Windows Live Contacts\supervin4@hotmail.com\real\members.stg Object is locked skipped
C:\Documents and Settings\Vincent\Local Settings\Application Data\Microsoft\Windows Live Contacts\supervin4@hotmail.com\shadow\members.stg Object is locked skipped
C:\Documents and Settings\Vincent\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Vincent\Local Settings\History\History.IE5\MSHist012008041020080411\index.­dat Object is locked skipped
C:\Documents and Settings\Vincent\Local Settings\Temp\~DF7103.tmp Object is locked skipped
C:\Documents and Settings\Vincent\Local Settings\Temp\~DF71C8.tmp Object is locked skipped
C:\Documents and Settings\Vincent\Local Settings\Temp\~DF9471.tmp Object is locked skipped
C:\Documents and Settings\Vincent\Local Settings\Temp\~DF9516.tmp Object is locked skipped
C:\Documents and Settings\Vincent\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Vincent\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Vincent\ntuser.dat.LOG Object is locked skipped
C:\f6eafe192cc6b1e5f404c5af932f98\update\update.exe Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\NFWEVT.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\Program Files\palmOne\Palm3\DS.DVZ Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\xxyvwtu.dll.vir Infe­cted: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\catchme2008-03-30_215710.50.zip/ssqrr.d­ll Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\catchme2008-03-30_215710.50.zip/yayabbb­.dll Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\catchme2008-03-30_215710.50.zip ZIP: infected - 2 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\R­P549\change.log Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\callcont.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\gdi32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\h323.tsp Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\helpctr.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\mf3216.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\msgina.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\mst120.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\netapi32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\schannel.dll Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{89E1D57F-6253-44­B4-A450-3CAA6B9BFAF7}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edbtmp.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\dtscsi.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\JETE752.tmp Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\da625099d11969a350d804\update\update.exe Object is locked skipped
D:\da625099d11969a350d804\update\wpdinstallutil.dll Object is locked skipped
D:\f6eafe192cc6b1e5f404c5af932f98\update\update.exe Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\WINDOWS\$NtUninstallKB835732$\callcont.dll Object is locked skipped
D:\WINDOWS\$NtUninstallKB835732$\gdi32.dll Object is locked skipped
D:\WINDOWS\$NtUninstallKB835732$\h323.tsp Object is locked skipped
D:\WINDOWS\$NtUninstallKB835732$\h323msp.dll Object is locked skipped
D:\WINDOWS\$NtUninstallKB835732$\helpctr.exe Object is locked skipped
D:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll Object is locked skipped
D:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll Object is locked skipped
D:\WINDOWS\$NtUninstallKB835732$\mf3216.dll Object is locked skipped
D:\WINDOWS\$NtUninstallKB835732$\msasn1.dll Object is locked skipped
D:\WINDOWS\$NtUninstallKB835732$\msgina.dll Object is locked skipped
D:\WINDOWS\$NtUninstallKB835732$\mst120.dll Object is locked skipped
D:\WINDOWS\$NtUninstallKB835732$\netapi32.dll Object is locked skipped
D:\WINDOWS\$NtUninstallKB835732$\nmcom.dll Object is locked skipped
D:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll Object is locked skipped
D:\WINDOWS\$NtUninstallKB835732$\schannel.dll Object is locked skipped

Scan process completed.




Et oui, il y a un réseau intranet, enfin il me semble, un autre utilisateur utilise cet ordinateur pour se connecter à son bureau. Pour ce qui est du fournisseur internet, euh..... Télébec/Sympatico/Bell (tous la même chose, il me semble). Je suis au Québec...

Merci encore une fois.

Bonsoir,
Ok très bien.
Alors on termine :

> Peux-tu vérifier ta console JAVA ici : http://www.java.com/fr/download/installed.jsp, et installer la nouvelle version au besoin (dans ce cas désinstalle avant l'ancienne version). Dis moi ce qu'il en est stp.
Pour info. ou en cas de problème : http://assiste.com.free.fr/p/abc/c/anti_java.html

> Mets à jour Acrobat si ce n'est pas le cas (désinstalle avant la version antérieure) : http://www.adobe.com/fr/products/acrobat/readstep2.html

> Télécharge ToolsCleaner : http://www.commentcamarche.net/telecharger/telecharger-34055291-toolscleaner sur ton bureau.
- Clique sur Recherche et laisse le scan agir ...
- Clique sur Suppression pour finaliser (tu peux, si tu le souhaites, te servir des Options facultatives)
- Clique sur Quitter pour obtenir le rapport et poste le dans ta réponse (TCleaner.txt se trouve à la racine de ton disque dur (C:\)).
- Supprime ToolsCleaner ensuite.

> Télécharge et installe Easy Cleaner stp : http://www.01net.com/telecharger/windows/Utilitaire/registre/fiches/8351.html
(lien miroir : http://www.clubic.com/telecharger-fiche11170-easycleaner.html )
- Lance le programme puis clique sur <Registre> puis sur <Trouver>.
- A la fin du scan clique sur <Supprime tout> puis confirme par <Oui> puis quitte le programme.
Si besoin tuto ici : http://www.pcparadise.fr/articles/index.php/tutorial-easycleaner
et http://www.6ma.fr/tuto/easycleaner+nettoyer+windows+des+elements+obsoletes-239

> Tu peux aussi vider ta corbeille.

> Désactive et réactive la restauration de système, pour cela : suis les instructions de ce lien : http://service1.symantec.com/...

> Passe un coup d'AGV et de Ccleaner de temps en temps (1 fois par semaine à 1 fois par mois, suivant l'utilisation que tu fais de ton PC). Utilise aussi tes autres logiciels de protection (scannes antivirus, antispywares...). N'oublie pas de faire les mises à jour avant de les utiliser. Pense aussi à faire une défragmentation de tes disques durs de temps en temps (garde suffisamment d'espace sur C:\ (1/3 de libre pour être alaise))
Rappel des liens :
- http://www.commentcamarche.net/telecharger/telecharger 218 avg anti spyware
- http://www.01net.com/...

> Pour bien protéger ton PC :
[1 seul Antivirus] + [1 seul Pare feu] + [Quelques Antispywares] + [Mises à Jour récentes Windows et Logiciels de Protection] + [Utilisation de Firefox -ou autres- (Internet Explorer présente des failles de sécurité qui mettent longtemps avant d'être corrigées mais il faut absolument le conserver pour les mises à jour Windows)] + [Utilisation du PC en mode Invité (= limité). Lors d'une infection en mode administrateur le PC est beaucoup plus vulnérable. Voir ICI]

> Quelques liens utiles :
- http://www.commentcamarche.net/faq/sujet 2432 securite proteger un ordinateur contre les malwares d internet
- http://sebsauvage.net/safehex.html
- http://telechargement.zebulon.fr/spywareblaster.html (= petit logiciel qui bloque l'installation d'activ-X nuisibles au PC. Fonctionne en arrière plan)

Voila,
Bonne lecture....

A+
Fire Walk with Me ~~~~~~~~~~> o_Ö

--
Fire Walk with Me ~~~~~~~~~~> o_Ö