Ordinateur infecté (Scan HijackThis)Résolu/Fermé

Question

Bonjour,

J'ai quelques problèmes avec mon ordinateur, spécialement internet. J'utilise internet explorer 7 (j'ai maintenant firefox) et des pop-up s'ovrent toujours, me disant que mon ordinateur est infecté et que je dois installer leur logicel. D'autres fenêtres s'ouvent aussi, comme partypoker ou bien un formulaire pour gagner un macbook.

J'ai installer HijackThis et j'ai fait une analyse. J'ai le rapport, mais je suis incapable de comprendre quoi que ce soit de ces applications, et je sais encore moins lesquelles sont normales. Voici le rapport, et merci à quiconque qui pourrait tenter de m'aider.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:27:40, on 2008-03-30
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\System32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\windows\system32\HPZipm12.exe
C:\windows\System32\svchost.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\WINDOWS\DvzCommon\DvzMsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\windows\system32undll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\windows\explorer.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.legobelin.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: Afficher Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [BM3bc585e9] Rundll32.exe "C:\windows\system32
vfflxpm.dll",s
O4 - HKLM\..\Run: [38f6b675] rundll32.exe "C:\windows\system32\vanyxttr.dll",b
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: DataViz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CA056A18-CCAC-459D-8116-900E53B6D6B9}: NameServer = 142.217.192.9,142.217.192.8
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\System32\Ati2evxx.exe
O23 - Service: Planificateur LiveUpdate automatique (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: License Management Service ESD - element5 - C:\Program Files\Common Files\element5 Shared\Service\Licence Manager ESD.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\windows\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

Utilisateur anonyme · Answer

Bonsoir,
Oui tu as quelques cochonneries.

Alors,
> Télécharge Navilog1 de Il Mafioso : http://perso.orange.fr/il.mafioso/Navifix/Navilog1.zip
- Enregistre-le sur ton Bureau puis décompresse-le en faisant « extraire-tout ».
- Double clique sur Navilog1.bat.
- Choisis pour la langue le français, puis l'option 1 et valide.
Attention  : n’utilise surtout pas les options 2,3 ou 4 maintenant. (tu risquerais d’endommager ton pc)
- Patiente jusqu'au message : < Analyse Terminée le ..... > Ensuite appuie sur une touche comme demandé. Le Bloc-notes va s'ouvrir. 
- Fais un copier coller du rapport généré et poste-le ici stp.
NB : Le rapport se trouve aussi à la racine de ton disque : fixnavi.txt

Après,
>Ouvre ce lien (merci a S!RI pour ce fix) http://siri.urz.free.fr/Fix/SmitfraudFix.php et télécharge SmitfraudFix.exe.
- Regarde le tuto
- Exécute le programme et choisi l’option 1 (et uniquement).
Le programme va générer un rapport, copie/colle le sur le forum stp. 

Ensuite,
> Télécharge ComboFix : http://download.bleepingcomputer.com/sUBs/ComboFix.exe (par sUBs) sur ton Bureau.
Déconnecte toi du net et désactive ton antivirus pour que Combofix puisse s'exécuter normalement.
- Double clique combofix.exe :
- Tape sur la touche 1 (Yes) pour démarrer le scan.
- Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
 

A+

Utilisateur anonyme · Answer

Bonsoir,
Ok très bien voilà qui fait du nettoyage.
Par contre tu as oublié le rapport Navilog et je pense que tu as toujours des pubs, ,non ?

Alors, 
> Télécharge Navilog1 de Il Mafioso : http://perso.orange.fr/il.mafioso/Navifix/Navilog1.zip
- Enregistre-le sur ton Bureau puis décompresse-le en faisant « extraire-tout ».
- Double clique sur Navilog1.bat.
- Choisis pour la langue le français, puis l'option 1 et valide.
Attention  : n’utilise surtout pas les options 2,3 ou 4 maintenant. (tu risquerais d’endommager ton pc)
- Patiente jusqu'au message : < Analyse Terminée le ..... > Ensuite appuie sur une touche comme demandé. Le Bloc-notes va s'ouvrir. 
- Fais un copier coller du rapport généré et poste-le ici stp.
NB : Le rapport se trouve aussi à la racine de ton disque : fixnavi.txt

Ensuite,
> Démarre en mode sans échec : (image). Si problème : tuto ici
- Dans le dossier "SmitfraudFix" ouvre "Smitfraudfix.cmd" puis choisit l 'option 2 et tape "oui" pour toutes les questions.
- Enregistre le rapport puis envoie le dans ton prochain poste. 

Et puis pour finir poste un nouveau rapport HiJackT stp.

Après on continue (oui il y a du monde sur ton PC..)

:)

A+

Vincent · Answer

Pour le rapport Navilog, ton message n'en faisait pas mention dans le courriel que j'ai reçu du site, m'avertissant d'une réponse. Désolé, j'aurais dû venir voir ici. :-)

Search Navipromo version 3.5.2 commencé le 2008-03-31 à 19:25:05,98

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files
avilog1
Session actuelle : "Vincent" 

Mise à jour le 29.03.2008 à 22h00 par IL-MAFIOSO


Microsoft Windows XP [Version 5.1.2600]
Internet Explorer : 7.0.5730.11 
Système de fichiers : NTFS

Executé en mode normal

*** Recherche Programmes installés ***




*** Recherche dossiers dans C:\windows ***



*** Recherche dossiers dans C:\Program Files ***



*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\APPLIC~1 ***




*** Recherche dossiers dans "C:\Documents and Settings\Vincent\applic~1" *** 



*** Recherche dossiers dans "C:\Documents and Settings\Vincent\locals~1\applic~1" *** 



*** Recherche dossiers dans "C:\Documents and Settings\Vincent\startm~1\programs" *** 


*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs ***


*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

Aucun Fichier trouvé



*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans C:\windows\system32 *

* Recherche dans "C:\Documents and Settings\Vincent\locals~1\applic~1" * 

* Recherche dans "C:\DOCUME~1\Claudia\locals~1\applic~1" * 

* Recherche dans "C:\DOCUME~1\Johanne\locals~1\applic~1" * 

* Recherche dans "C:\DOCUME~1\Larry\locals~1\applic~1" * 

* Recherche dans "C:\DOCUME~1\Pascal\locals~1\applic~1" * 



*** Recherche fichiers *** 




*** Recherche clés spécifiques dans le Registre ***


*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :


2)Recherche Heuristique :

* Dans C:\windows\system32 :


* Dans "C:\Documents and Settings\Vincent\locals~1\applic~1" : 


* Dans "C:\DOCUME~1\Claudia\locals~1\applic~1" : 


* Dans "C:\DOCUME~1\Johanne\locals~1\applic~1" : 


* Dans "C:\DOCUME~1\Larry\locals~1\applic~1" : 


* Dans "C:\DOCUME~1\Pascal\locals~1\applic~1" : 


3)Recherche Certificats :

Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche fichiers connus :



*** Analyse terminée le 2008-03-31 à 19:33:26,26 ***




J'ai aussi fait le truc en mode sans échec...

SmitFraudFix v2.309

Scan done at 19:46:46,64, 2008-03-31
Run from C:\Documents and Settings\Vincent\My Documents\PC\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1       localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{33528DED-5EFE-45D0-9F38-0627012E847C}: DhcpNameServer=10.10.1.2 10.11.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{CA056A18-CCAC-459D-8116-900E53B6D6B9}: NameServer=142.217.192.9,142.217.192.8
HKLM\SYSTEM\CCS\Services\Tcpip\..\{F4D48D1A-B598-44A1-9894-62CEE98FCF05}: DhcpNameServer=10.10.1.2 10.11.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{33528DED-5EFE-45D0-9F38-0627012E847C}: DhcpNameServer=10.10.1.2 10.11.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{CA056A18-CCAC-459D-8116-900E53B6D6B9}: NameServer=142.217.192.9,142.217.192.8
HKLM\SYSTEM\CS1\Services\Tcpip\..\{F4D48D1A-B598-44A1-9894-62CEE98FCF05}: DhcpNameServer=10.10.1.2 10.11.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{33528DED-5EFE-45D0-9F38-0627012E847C}: DhcpNameServer=10.10.1.2 10.11.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{CA056A18-CCAC-459D-8116-900E53B6D6B9}: NameServer=142.217.192.9,142.217.192.8
HKLM\SYSTEM\CS2\Services\Tcpip\..\{F4D48D1A-B598-44A1-9894-62CEE98FCF05}: DhcpNameServer=10.10.1.2 10.11.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
 
Registry Cleaning done. 
 
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End


Voilà! Et non, je n'ai plus de pubs, le problème de base est donc correct, mais tant qu'à y être... Merci encore une fois pour toutes les indications!

Utilisateur anonyme · Answer

Bonjour Vincent,
Bon désolé mais Navilog n'a rien trouvé (mais je ne m'y attendais pas) par contre pour Smitfraudfix j'aurais du prévoir que le combo l'aurais fait...

Bref,
on continue parce qu'il en reste : tu as toujours une infection Vundo (elles sont souvent coriaces).

La procédure est longue parce que je te mets tous d'un coup. Mais c'est le PC qui va le plus travailler.

1°/ NETTOYAGE AU SEAU D'EAU + DETERGENT :

> Les logiciels suivants (AVG et Ccleaner) te seront utiles par la suite - ils sont à conserver...

> Télécharge et installe sur ton PC AVG anti-spyware (si tu as déjà les programmes alors fais juste les mises à jour) : http://www.commentcamarche.net/telecharger/telecharger 218 avg anti spyware, fais les mises à jour puis ferme le programme.

> Télécharge et installe Ccleaner : http://www.commentcamarche.net/telecharger/telecharger 168 ccleaner, fais les mises à jour puis ferme le programme.
Si besoin est tu trouveras des Tutoriaux ici :
https://kerio.probb.fr/t242-tuto-ccleaner-v-2 , https://www.malekal.com/tutoriel-ccleaner/ et [http://perso.orange.fr/jesses/Docs/Logiciels/CCleaner

> Télécharge Cleaner : http://www.malekal.com/download/clean.zip (différent de Ccleaner),

> Télécharge SDFix sur ton bureau
- Double clique sur l'archive SDFix qui à été créé sur le Bureau et installe le programme (l'installation va créer un dossier (à la racine du disque dur par défaut) nommé SDFix). Ferme ensuite le programme.

> Commence par faire un copier/coller de ce poste (c'est manip.) : (conseillé)
Ouvre un nouveau fichier Bloc notes (clique sur "Démarrer" => "Programmes" =>"Accessoires" => "Bloc notes"),
puis fait un copier/coller de tout le contenu de la fenêtre de ce poste dans le fichier texte.
Sauvegarde le sur le bureau, tu pourras alors y avoir accès même déconnecté ou en mode sans échec.

> Démarre en mode sans échec : (image). Si problème : tuto ici

> Lance AVG,
- Clique sur le menu Analyse (de la barre d'outils). Clique après sur l'onglet Paramètres, puis <Dans Comment réagir?> clique sur <Actions recommandées> et choisi <Supprimer>.
- Vérifie que toutes les cases sont cochées dans <Comment faire l'analyse ?> et dans <Programmes potentiellement dangereux> et vérifie que le bouton-radio <Générer un rapport après chaque analyse> soit aussi coché.
- Vas dans l'onglet 'Analyse', puis clique <Analyse complète du système>.
Remarque : Une fois l'analyse terminée, il faut faire un clique droit sur un fichier infecté et demander à "AVG Anti-Spyware 7.5" de le supprimer.
Puis clique sur "Appliquer toutes les actions" afin de tout supprimer automatiquement.
- Clique sur "Enregistrer le rapport" puis enregistre le sur ton bureau.
- Fais un copier/coller du rapport généré dans ton prochain poste.

> Lance Ccleaner,
- Choisi l’onglet "Options" puis clique sur "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier temp de Windows, plus vieux que 48 heures" (tout doit être supprimé).
- Dans l'onglet "Nettoyeur" clique sur "Analyse".
- Une fois l'analyse terminée, clique sur "Lancer le Nettoyage".
- Dans l'onglet "registre" => Recherches des erreurs => Réparer les erreurs sélectionnées => enregistre une sauvegarde => corriger toutes erreurs sélectionnées => ok => fermer.
N.B : Si Ccleaner te propose d'enregistrer une sauvegarde, reponds oui et enregistre sous 'Bureau'
Recommence jusqu’à ce qu’il ne trouve plus rien (cela varie en général entre 1 et 4 fois).

> Pour Clean (encore en mode sans échec) :
- Double-clic sur clean.cmd
- Une fenêtre va apparaître, choisis l'option 2, suis les consignes et poste le rapport clean (Le rapport clean se trouve ici : C:\rapport_clean.txt)
NB : Si besoin, clean : http://mickael.barroux.free.fr/securite/clean.php

> Pour SDFix (toujours en mode sans échec) :
- Vas dans c:/SDFix et double-clique sur RunThis.bat
- Appuie sur < Y > puis < Entrée >....Le nettoyage commance....patience...
- Le programme va te demander de relancer le PC, frappe une touche...
- Le nettoyage se termine...un rapport apparait...
-Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse

> Relance ton PC en mode normal

2°/ NETTOYAGE DE FINITION : LE POOLISH

> Repasse un coup de combofix et ne redémarre pas ton PC (sauf si tu y es invité)

Ensuite,
>Télécharge VundoFix : http://www.atribune.org/ccount/click.php?id=4 (par Atribune) sur ton Bureau.
- Lance le programme, puis clique sur le bouton <Scan for Vundo>
- Lorsque le scan est complété, clique sur le bouton <Remove Vundo>
- Une invite te demandera si tu veux supprimer les fichiers, clique <YES> (le Bureau disparaîtra lors de la suppression des fichiers).
- Tu verras une invite qui t'annonce que ton PC va redémarrer; clique <OK>
- Copie/colle le contenu du rapport situé dans C:\vundofix.txt dans ton prochain poste.
Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage.
Si un message runtime error '339' s'affiche : télécharge MSWINSCK.OCX du lien ci-dessous, et place-le dans le dossier C:\Windows\System32
http://www.ascentive.com/support/new/images/lib/MSWINSCK.OCX

> Relance ton PC en mode normal puis Hijackthis :
Puis sélectionne < do a system scan and save a logfile >,

Et envoie moi, par collier/coller, ton log Hijackthis stp,

Bon courage, après cela normalement on termine.

:)

NB : N'oublie pas de poster TOUS les rapports stp (AVG, Clean (différent de Ccleaner), SDFix, Combofix, Vundofix puis HiJAckT).

As tu toujours des pubs ? Si oui, as tu accepté le sponsor MSN+ ?

A+

Vincent · Answer

Merci encore pour toutes les instructions que j'ai suivies à la lettre. Voici les nombreux rapports...

AVG

Bon... Il n'y a pas vraiment de rapport... Après l'analyse (plus que 4h!), j'ai cliqué sur "appliquer toutes les actions", puis je me suis rendu compte que je ne pouvais pas cliquer sur "Enregistrer le rapport". J'avais pourtant tout fait comme mentionné, il me semble. J'ai donc pris une capture d'écran. Il y avait beaucoup de tracking cookie, et 4 trucs de niveau élevé, effacés avec succès.

-Trojan.ClassLoader.g
-Hijacker.StartPage.afb
-Trojan.Agent.cj
-Backdoor.Hupigon

Clean

Script executed in Safe Mode
Rapport clean par Malekal_morte - http://www.malekal.com
Script executed in Safe Mode 2008-04-03 a 16:41:54,50

Microsoft Windows XP [Version 5.1.2600]

*** Suppression C:

*** Suppression C:\windows\
tentative de suppression de C:\windows\ALCXMNTR.EXE

*** Suppression C:\windows\system32

*** Suppression C:\Program Files

*** Deletion of the registry keys successful..
*** End of the report !

Je trouvais un peu étrange de voir "Suppression C:\windows\system32" et puis la même chose avec Program Files... J'ai continué quand même. xD

SDFix

[b]SDFix: Version 1.165 /b

Run by Vincent on 2008-04-03 at 16:50

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

[b]Checking Services /b:

Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting

[b]Checking Files /b:

Trojan Files Found:

C:\WINDOWS\SYSTEM32\IALMCOIN.DLL - Deleted

Removing Temp Files

[b]ADS Check /b:

[b]Final Check /b:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-03 17:03:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:47dca5ec
"s2"=dword:b26a6f77
"h0"=dword:00000002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000001
"ujdew"=hex:57,1c,b3,5c,fc,dc,6e,90,ad,20,62,98,0f,c3,0c,dd,5c,0f,ad,5e,ff,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:b7,85,24,94,b2,56,7d,02,d9,cb,3f,cf,25,b9,05,f6,89,f7,75,76,ab,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,e8,f7,78,da,d9,c6,b6,de,70,79,65,2e,8c,76,ba,72,ee,..
"khjeh"=hex:c3,10,31,ec,ca,02,6f,61,a8,9b,f0,21,f7,16,32,4b,b2,d7,fb,45,5a,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:64,62,02,00,48,b9,1d,00,00,00,00,00,e8,ff,ff,ff,b8,29,50,00,00,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:d7,7a,df,1d,a2,6c,da,d3,fd,c9,9d,1f,bc,51,eb,1f,a4,43,ee,df,1f,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:b5,a8,c9,5a,81,13,9e,7f,e9,64,a7,b0,a4,55,eb,4d,e9,f2,45,68,46,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
"khjeh"=hex:c1,a9,c9,2f,b0,a0,0a,72,5e,fa,31,5f,a4,26,98,e1,08,08,f4,fd,f8,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000001
"ujdew"=hex:57,1c,b3,5c,fc,dc,6e,90,ad,20,62,98,0f,c3,0c,dd,5c,0f,ad,5e,ff,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:b7,85,24,94,b2,56,7d,02,d9,cb,3f,cf,25,b9,05,f6,89,f7,75,76,ab,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,e8,f7,78,da,d9,c6,b6,de,70,79,65,2e,8c,76,ba,72,ee,..
"khjeh"=hex:c3,10,31,ec,ca,02,6f,61,a8,9b,f0,21,f7,16,32,4b,b2,d7,fb,45,5a,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:64,62,02,00,b8,3f,15,00,65,00,6d,00,08,00,00,00,00,00,00,00,e0,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:d7,7a,df,1d,a2,6c,da,d3,fd,c9,9d,1f,bc,51,eb,1f,a4,43,ee,df,1f,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:b5,a8,c9,5a,81,13,9e,7f,e9,64,a7,b0,a4,55,eb,4d,e9,f2,45,68,46,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
"khjeh"=hex:c1,a9,c9,2f,b0,a0,0a,72,5e,fa,31,5f,a4,26,98,e1,08,08,f4,fd,f8,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 51

[b]Remaining Services /b:

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[b]Remaining Files /b:

File Backups: - C:\SDFix\backups\backups.zip

[b]Files with Hidden Attributes /b:

Tue 30 Dec 2003 196 A.SHR --- "C:\BOOT.BAK"
Mon 25 Feb 2008 24 ..SH. --- "C:\WINDOWS\SB207ED1C.tmp"
Thu 1 Jan 2004 0 A.SH. --- "C:\WINDOWS\SMINST\HPCD.sys"
Sun 1 Apr 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sat 10 Mar 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Wed 8 Aug 2007 400 A..H. --- "C:\Program Files\Common Files\Symantec Shared\COH\COH32LU.reg"
Wed 8 Aug 2007 403 A..H. --- "C:\Program Files\Common Files\Symantec Shared\COH\COHDLU.reg"
Thu 8 Jan 2004 876,544 A..H. --- "C:\Documents and Settings\Larry\My Documents\Pluritec\secr‚tariat\03380\Devis\~WRL3527.tmp"
Thu 31 Mar 2005 73,728 A..H. --- "C:\Documents and Settings\Larry\My Documents\Pluritec\secr‚tariat\03377\Devis\Proc‚d‚\~WRL0218.tmp"
Tue 1 Jun 2004 126,976 A..H. --- "C:\Documents and Settings\Larry\My Documents\Pluritec\secr‚tariat\04408\Devis\M‚canique\~WRL0158.tmp"
Tue 1 Jun 2004 36,864 A..H. --- "C:\Documents and Settings\Larry\My Documents\Pluritec\secr‚tariat\04408\Devis\M‚canique\~WRL1243.tmp"

[b]Finished!/b

ComboFix

ComboFix 08-03-30.2 - Vincent 2008-04-03 17:09:45.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.157 [GMT -4:00]
Running from: C:\Documents and Settings\Vincent\My Documents\PC\ComboFix.exe

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!/b/color
.

((((((((((((((((((((((((( Files Created from 2008-03-03 to 2008-04-03 )))))))))))))))))))))))))))))))
.

2008-04-03 16:46 . 2008-04-03 16:47 <DIR> d-------- C:\WINDOWS\ERUNT
2008-04-03 16:46 . 2008-04-03 17:07 <DIR> d-------- C:\SDFix
2008-04-01 16:00 . 2008-04-01 16:00 <DIR> d-------- C:\Documents and Settings\Vincent\Application Data\Grisoft
2008-04-01 16:00 . 2008-04-01 16:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-01 16:00 . 2007-05-30 08:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-03-31 19:23 . 2008-03-31 19:36 <DIR> d-------- C:\Program Files\Navilog1
2008-03-30 21:29 . 2008-03-31 19:46 506 --a------ C:\WINDOWS\system32\tmp.reg
2008-03-28 08:18 . 2008-03-29 10:14 594 ---hs---- C:\WINDOWS\system32\gtaqbbcm.ini
2008-03-28 07:19 . 2008-03-28 07:19 294 --ahs---- C:\WINDOWS\system32\jxcsgmsa.ini
2008-03-28 07:15 . 2008-03-28 07:15 54,336 --a------ C:\WINDOWS\system32\phrmaard.dll
2008-03-27 20:03 . 2008-03-27 20:03 294 --ahs---- C:\WINDOWS\system32\ignirqln.ini
2008-03-26 06:47 . 2008-03-26 08:08 <DIR> d-------- C:\WINDOWS\DvzCommon
2008-03-25 22:29 . 2008-03-25 22:29 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-03-11 08:29 . 2008-03-31 17:02 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-11 08:29 . 2008-03-11 08:29 1,409 --a------ C:\WINDOWS\QTFont.for

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-03 21:13 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-03 20:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-03-29 14:33 --------- d-----w C:\Program Files\QuickTime
2008-03-29 00:38 --------- d-----w C:\Documents and Settings\Larry\Application Data\Azureus
2008-03-28 12:32 --------- d-----w C:\Program Files\palmOne
2008-03-26 12:11 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-24 19:38 --------- d-----w C:\Program Files\Warcraft III
2008-03-22 15:36 --------- d-----w C:\Documents and Settings\Larry\Application Data\Vso
2008-03-21 00:14 --------- d-----w C:\Program Files\adslTV
2008-03-19 20:15 --------- d-----w C:\Program Files\Alcohol 120
2008-03-19 01:52 --------- d-----w C:\Documents and Settings\Johanne\Application Data\Active Disk
2008-03-12 04:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-03-08 21:00 --------- d-----w C:\Program Files\TI Education
2008-03-08 21:00 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-03-08 20:54 --------- d-----w C:\Program Files\Call of Duty Game of the Year Edition
2008-03-07 22:54 --------- d-----w C:\Program Files\Azureus
2008-03-07 01:32 706 ----a-w C:\windows\system32\drivers\COH_Mon.inf
2008-03-07 01:32 23,904 ----a-w C:\windows\system32\drivers\COH_Mon.sys
2008-03-07 01:32 10,537 ----a-w C:\windows\system32\drivers\coh_mon.cat
2008-02-29 02:37 --------- d-----w C:\Documents and Settings\Larry\Application Data\Active Disk
2008-02-27 01:48 --------- d-----w C:\Program Files\MagicISO
2008-02-26 23:53 --------- d-----w C:\Program Files\Clone CD DVD
2008-02-26 22:44 --------- d-----w C:\Program Files\Microsoft Games
2008-02-25 01:53 --------- d-----w C:\Documents and Settings\Vincent\Application Data\Active Disk
2008-02-25 00:26 716,272 ----a-w C:\windows\system32\drivers\sptd.sys
2008-02-23 16:30 --------- d-----w C:\Program Files\Common Files\AVSMedia
2008-02-23 16:28 --------- d-----w C:\Documents and Settings\Larry\Application Data\vlc
2008-02-23 16:23 --------- d-----w C:\Program Files\AVSMedia
2008-02-23 15:25 --------- d-----w C:\Documents and Settings\Larry\Application Data\AVSMedia
2008-02-23 15:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\AVS4YOU
2008-02-19 18:44 96,432 ----a-w C:\windows\system32\drivers\symfw.sys
2008-02-19 18:44 41,008 ----a-w C:\windows\system32\drivers\symndisv.sys
2008-02-19 18:44 38,576 ----a-w C:\windows\system32\drivers\symids.sys
2008-02-19 18:44 37,424 ----a-w C:\windows\system32\drivers\symndis.sys
2008-02-19 18:44 31,408 ----a-w C:\windows\system32\drivers\SymIM.sys
2008-02-19 18:44 22,320 ----a-w C:\windows\system32\drivers\symredrv.sys
2008-02-19 18:44 188,464 ----a-w C:\windows\system32\drivers\symtdi.sys
2008-02-19 18:44 13,616 ----a-w C:\windows\system32\drivers\symdns.sys
2008-02-19 18:44 13,021 ----a-w C:\windows\system32\drivers\SymRedir.cat
2008-02-19 18:44 1,612 ----a-w C:\windows\system32\drivers\SymRedir.inf
2008-02-15 22:20 --------- d-----w C:\Documents and Settings\Johanne\Application Data\Symantec
2008-02-09 02:16 --------- d-----w C:\Documents and Settings\Larry\Application Data\WinBatch
2008-02-06 03:00 --------- d-----w C:\Program Files\Java
2007-03-20 02:38 87,608 ----a-w C:\Documents and Settings\Larry\Application Data\ezpinst.exe
2007-03-20 02:38 47,360 ----a-w C:\Documents and Settings\Larry\Application Data\pcouffin.sys
1999-05-06 03:22 112,439 ----a-w C:\Documents and Settings\All Users\DIALER.EXE
2003-12-31 03:01 32 -csha-w C:\windows\{F95A3A16-61EC-4680-BCE2-07643A08816F}.dat
2004-01-02 01:04 0 -csha-w C:\windows\SMINST\HPCD.sys
2003-12-31 03:01 32 --sha-w C:\windows\system32\{B018F0C9-07DA-4578-827B-6CABE8329707}.dat
.

((((((((((((((((((((((((((((( snapshot@2008-03-30_22.00.36.57 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-01 14:56:58 163,328 ----a-w C:\windows\ERUNT\SDFIX\ERDNT.EXE
+ 2008-04-03 20:47:24 5,586,944 ----a-w C:\windows\ERUNT\SDFIX\Users\[u]0/u0000001\NTUSER.DAT
+ 2008-04-03 20:47:24 147,456 ----a-w C:\windows\ERUNT\SDFIX\Users\[u]0/u0000002\UsrClass.dat
+ 2008-04-01 14:56:58 163,328 ----a-w C:\windows\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-04-03 20:47:08 5,586,944 ----a-w C:\windows\ERUNT\SDFIX_First_Run\Users\[u]0/u0000001\NTUSER.DAT
+ 2008-04-03 20:47:08 147,456 ----a-w C:\windows\ERUNT\SDFIX_First_Run\Users\[u]0/u0000002\UsrClass.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2B0B59B4-55A3-4737-9FD5-B93C6430BF75}]
2008-03-28 07:15 54336 --a------ C:\windows\system32\phrmaard.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
2007-08-24 15:51 316784 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-01-31 09:06 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= "C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll" [2007-08-24 15:51 316784]

[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [2007-08-24 15:51 316784]

[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIEW"="nview.dll" [2003-03-03 19:44 831557 C:\WINDOWS\system32\nview.dll]
"ctfmon.exe"="C:\windows\system32\ctfmon.exe" [2004-08-04 01:56 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-09-03 16:18 94208]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-31 14:15 51048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:56 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"= 1 (0x1)
"AllowUnhashedWebView"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
C:\Program Files\Softex\OmniPass\opxpgina.dll 2003-02-21 06:50 40960 C:\Program Files\Softex\OmniPass\OPXPGina.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yayabbb]
yayabbb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CamMonitor]
--a------ 2002-06-22 10:27 69632 c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
--a--c--- 2002-04-17 20:42 69632 c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageGuard]
--a------ 2003-02-13 11:01 155648 C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon []
R3 COH_Mon;COH_Mon;C:\windows\system32\Drivers\COH_Mon.sys [2008-03-06 21:32]
R3 EPPSCSIx;EPPSCSI Driver;C:\windows\system32\DRIVERS\EPPSCAN.sys [2002-03-06 15:20]
R3 SymIMMP;SymIMMP;C:\windows\system32\DRIVERS\SymIM.sys [2008-02-19 14:44]
S3 BRGSp50;BRGSp50 NDIS Protocol Driver;C:\windows\system32\Drivers\BRGSp50.sys [2005-06-08 18:44]
S3 PCDRDRV;Pcdr Helper Driver;C:\PROGRA~1\PC-DOC~1\DIAGNO~1\PCDRDRV.sys []
S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\windows\system32\DRIVERS\SymIM.sys [2008-02-19 14:44]
S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS);C:\windows\system32\DRIVERS\zd1211Bu.sys [2006-08-24 13:44]

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-03-29 13:21:37 C:\windows\Tasks\Norton Internet Security - Effectuer une analyse complète du système - Larry.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeh/TASK:
"2008-03-24 16:32:01 C:\windows\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe
"2007-04-29 15:14:40 C:\windows\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-03 17:13:56
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Iomega Activity Disk2]
"ImagePath"="\"\""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\windows\system32\winlogon.exe
-> C:\Program Files\Softex\OmniPass\opxpgina.dll
.
Completion time: 2008-04-03 17:16:43
ComboFix-quarantined-files.txt 2008-04-03 21:16:34
ComboFix2.txt 2008-03-31 20:07:21
Pre-Run: 42,475,032,576 bytes free
Post-Run: 42,515,537,920 bytes free
.
2008-03-12 04:55:35 --- E O F ---

VundoFix

VundoFix V7.0.3

Scan started at 17:19:28 2008-04-03

Listing files found while scanning....

C:\windows\system32\phrmaard.dll

Beginning removal...

Attempting to delete C:\windows\system32\phrmaard.dll
C:\windows\system32\phrmaard.dll Has been deleted!

Performing Repairs to the registry.
Done!

Hijack This

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:39:27, on 2008-04-03
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\System32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Documents and Settings\Vincent\My Documents\PC\AVG anti spyware\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\windows\system32\HPZipm12.exe
C:\windows\System32\svchost.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\Explorer.EXE
C:\windows\system32\wuauclt.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\WINDOWS\DvzCommon\DvzMsgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: Afficher Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: DataViz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CA056A18-CCAC-459D-8116-900E53B6D6B9}: NameServer = 142.217.192.9,142.217.192.8
O20 - Winlogon Notify: yayabbb - yayabbb.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\System32\Ati2evxx.exe
O23 - Service: Planificateur LiveUpdate automatique (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Documents and Settings\Vincent\My Documents\PC\AVG anti spyware\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: License Management Service ESD - element5 - C:\Program Files\Common Files\element5 Shared\Service\Licence Manager ESD.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\windows\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

Utilisateur anonyme · Answer

Bonjour,
Bon joué,
et bien c'est mieux !
Pas grave pour le retard.

:)

On continue,
> Lance Hijackthis :
- Puis sélectionne < Do a system scan only >
- Coche les cases des lignes suivantes :

O20 - Winlogon Notify: yayabbb - yayabbb.dll (file missing)

Ensuite,
- Ferme toutes les autres fenêtres et applications (même internet)
- Clic sur < fixe checked >

Après,
> Fais un scan en ligne avec Kaspersky : https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
- Sous Démonstration en ligne, on t'explique la marche à suivre, et pour lancer le scan il faut sélectionner < Exécuter l'analyse en ligne >.
Le scan ne marche que sous Internet Explorer.
- On va te demander de télécharger un contôle active x, accepte .
- Dans le menu Choisissez la cible de l'analyse, sélectionne Poste de travail. Le scan va commencer.
- Poste le rapport qui sera généré stp.
S'il y a un problème, assure toi que les contrôles active x sont bien configurés dans les options internet comme décrit sur ce lien : http://www.inoculer.com/activex.php3
Rappel : le scan est à faire sous Internet Explorer
Tuto ici si problème : http://www.vista-xp.fr/forum/topic109.html

Et puis on termine.

As tu un réseau intranet (comme une entreprise) et quel est ton fournisseur d'accès internet (orange, free...) ?

A+

Vincent · Answer

Voilà, le temps d'attente a été encore plus long que l'autre fois... J'ai bien fais ce que tu m'as dit avec HijackThis.

Kapersky

-------------------------------------------------------------------------------
 KASPERSKY ONLINE SCANNER REPORT
 Friday, April 11, 2008 2:41:18 PM
 Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
 Kaspersky Online Scanner version: 5.0.98.0
 Kaspersky Anti-Virus database last update: 11/04/2008
 Kaspersky Anti-Virus database records: 625106
-------------------------------------------------------------------------------

Scan Settings:
	Scan using the following antivirus database: standard
	Scan Archives: true
	Scan Mail Bases: true

Scan Target - My Computer:
	A:\
	C:\
	D:\
	E:\
	G:\
	H:\
	I:\
	J:\
	K:\
	L:\
	Y:\
	Z:\

Scan Statistics:
	Total number of scanned objects: 260610
	Number of viruses found: 1
	Number of infected objects: 4
	Number of suspicious objects: 0
	Duration of the scan process: 06:09:33

Infected Object Name / Virus Name / Last Action
C:\da625099d11969a350d804\update\update.exe	Object is locked	skipped
C:\da625099d11969a350d804\update\wpdinstallutil.dll	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\ccSubSDK\submissions.idx	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.DAT	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\volatile.DAT	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\{2C43E693-BF83-457A-AA2E-ED8AC6FA0B39}.DAT	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\{6CABB68B-3462-4919-B625-B8321E976F44}.DAT	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\{869FC37B-E6F2-4A7E-8D67-4F65384CCF1A}.DAT	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\{F4C7ACCF-D511-4994-86A4-967725C29A83}.DAT	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2008-04-10_Log.ALUSchedulerSvc.LiveUpdate	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Log.LiveUpdate	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\index.qbs	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBConfig.log	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDebug.log	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDetect.log	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBNotify.log	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBRefr.log	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg.log	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg2.log	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetDev.log	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetLoc.log	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetUsr.log	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBStHash.log	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBValid.log	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\Shl_{92332069-894A-4336-87A7-2AE1C83D313F}.ldb	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\Shl_{92332069-894A-4336-87A7-2AE1C83D313F}.sds	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPPolicy.log	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStart.log	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStop.log	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtErEvt.log	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\12D13D4A.TMP	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\BA51F691.TMP	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\FC85ADE8.TMP	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtMoEvt.log	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtNvEvt.log	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtScEvt.log	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtTxFEvt.log	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtViEvt.log	Object is locked	skipped
C:\Documents and Settings\Claudia\NTUSER.DAT	Object is locked	skipped
C:\Documents and Settings\Claudia
tuser.dat.LOG	Object is locked	skipped
C:\Documents and Settings\Larry\Application Data\Symantec\NPMDataStore\CIMStore.xml	Object is locked	skipped
C:\Documents and Settings\Larry\Cookies\index.dat	Object is locked	skipped
C:\Documents and Settings\Larry\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat	Object is locked	skipped
C:\Documents and Settings\Larry\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG	Object is locked	skipped
C:\Documents and Settings\Larry\Local Settings\History\History.IE5\index.dat	Object is locked	skipped
C:\Documents and Settings\Larry\Local Settings\Temporary Internet Files\Content.IE5\index.dat	Object is locked	skipped
C:\Documents and Settings\Larry\NTUSER.DAT	Object is locked	skipped
C:\Documents and Settings\Larry
tuser.dat.LOG	Object is locked	skipped
C:\Documents and Settings\LocalService\Cookies\index.dat	Object is locked	skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat	Object is locked	skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG	Object is locked	skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat	Object is locked	skipped
C:\Documents and Settings\LocalService\Local Settings	emp\Cookies\index.dat	Object is locked	skipped
C:\Documents and Settings\LocalService\Local Settings	emp\History\History.IE5\index.dat	Object is locked	skipped
C:\Documents and Settings\LocalService\Local Settings	emp\Temporary Internet Files\Content.IE5\index.dat	Object is locked	skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat	Object is locked	skipped
C:\Documents and Settings\LocalService\NTUSER.DAT	Object is locked	skipped
C:\Documents and Settings\LocalService
tuser.dat.LOG	Object is locked	skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat	Object is locked	skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG	Object is locked	skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT	Object is locked	skipped
C:\Documents and Settings\NetworkService
tuser.dat.LOG	Object is locked	skipped
C:\Documents and Settings\Vincent\Application Data\Symantec\NPMDataStore\CIMStore.xml	Object is locked	skipped
C:\Documents and Settings\Vincent\Cookies\index.dat	Object is locked	skipped
C:\Documents and Settings\Vincent\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat	Object is locked	skipped
C:\Documents and Settings\Vincent\Local Settings\Application Data\Microsoft\Messenger\supervin4@hotmail.com\SharingMetadata\Logs\Dfsr00005.log	Object is locked	skipped
C:\Documents and Settings\Vincent\Local Settings\Application Data\Microsoft\Messenger\supervin4@hotmail.com\SharingMetadata\pending.dat	Object is locked	skipped
C:\Documents and Settings\Vincent\Local Settings\Application Data\Microsoft\Messenger\supervin4@hotmail.com\SharingMetadata\Working\database_5838_F6DB_38F6_B6DA\dfsr.db	Object is locked	skipped
C:\Documents and Settings\Vincent\Local Settings\Application Data\Microsoft\Messenger\supervin4@hotmail.com\SharingMetadata\Working\database_5838_F6DB_38F6_B6DA\fsr.log	Object is locked	skipped
C:\Documents and Settings\Vincent\Local Settings\Application Data\Microsoft\Messenger\supervin4@hotmail.com\SharingMetadata\Working\database_5838_F6DB_38F6_B6DA\fsrtmp.log	Object is locked	skipped
C:\Documents and Settings\Vincent\Local Settings\Application Data\Microsoft\Messenger\supervin4@hotmail.com\SharingMetadata\Working\database_5838_F6DB_38F6_B6DA	mp.edb	Object is locked	skipped
C:\Documents and Settings\Vincent\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat	Object is locked	skipped
C:\Documents and Settings\Vincent\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG	Object is locked	skipped
C:\Documents and Settings\Vincent\Local Settings\Application Data\Microsoft\Windows Live Contacts\supervin4@hotmail.comeal\members.stg	Object is locked	skipped
C:\Documents and Settings\Vincent\Local Settings\Application Data\Microsoft\Windows Live Contacts\supervin4@hotmail.com\shadow\members.stg	Object is locked	skipped
C:\Documents and Settings\Vincent\Local Settings\History\History.IE5\index.dat	Object is locked	skipped
C:\Documents and Settings\Vincent\Local Settings\History\History.IE5\MSHist012008041020080411\index.dat	Object is locked	skipped
C:\Documents and Settings\Vincent\Local Settings\Temp\~DF7103.tmp	Object is locked	skipped
C:\Documents and Settings\Vincent\Local Settings\Temp\~DF71C8.tmp	Object is locked	skipped
C:\Documents and Settings\Vincent\Local Settings\Temp\~DF9471.tmp	Object is locked	skipped
C:\Documents and Settings\Vincent\Local Settings\Temp\~DF9516.tmp	Object is locked	skipped
C:\Documents and Settings\Vincent\Local Settings\Temporary Internet Files\Content.IE5\index.dat	Object is locked	skipped
C:\Documents and Settings\Vincent\NTUSER.DAT	Object is locked	skipped
C:\Documents and Settings\Vincent
tuser.dat.LOG	Object is locked	skipped
C:\f6eafe192cc6b1e5f404c5af932f98\update\update.exe	Object is locked	skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll	Object is locked	skipped
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT	Object is locked	skipped
C:\Program Files\Common Files\Symantec Shared\NFWEVT.LOG	Object is locked	skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log	Object is locked	skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log	Object is locked	skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log	Object is locked	skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log	Object is locked	skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log	Object is locked	skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log	Object is locked	skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVApp.log	Object is locked	skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVError.log	Object is locked	skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVVirus.log	Object is locked	skipped
C:\Program Files\palmOne\Palm3\DS.DVZ	Object is locked	skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\xxyvwtu.dll.vir	Infected: Packed.Win32.Monder.gen	skipped
C:\QooBox\Quarantine\catchme2008-03-30_215710.50.zip/ssqrr.dll	Infected: Packed.Win32.Monder.gen	skipped
C:\QooBox\Quarantine\catchme2008-03-30_215710.50.zip/yayabbb.dll	Infected: Packed.Win32.Monder.gen	skipped
C:\QooBox\Quarantine\catchme2008-03-30_215710.50.zip	ZIP: infected - 2	skipped
C:\System Volume Information\MountPointManagerRemoteDatabase	Object is locked	skipped
C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP549\change.log	Object is locked	skipped
C:\WINDOWS\$NtUninstallKB835732$\callcont.dll	Object is locked	skipped
C:\WINDOWS\$NtUninstallKB835732$\gdi32.dll	Object is locked	skipped
C:\WINDOWS\$NtUninstallKB835732$\h323.tsp	Object is locked	skipped
C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll	Object is locked	skipped
C:\WINDOWS\$NtUninstallKB835732$\helpctr.exe	Object is locked	skipped
C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll	Object is locked	skipped
C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll	Object is locked	skipped
C:\WINDOWS\$NtUninstallKB835732$\mf3216.dll	Object is locked	skipped
C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll	Object is locked	skipped
C:\WINDOWS\$NtUninstallKB835732$\msgina.dll	Object is locked	skipped
C:\WINDOWS\$NtUninstallKB835732$\mst120.dll	Object is locked	skipped
C:\WINDOWS\$NtUninstallKB835732$
etapi32.dll	Object is locked	skipped
C:\WINDOWS\$NtUninstallKB835732$
mcom.dll	Object is locked	skipped
C:\WINDOWS\$NtUninstallKB835732$tcdll.dll	Object is locked	skipped
C:\WINDOWS\$NtUninstallKB835732$\schannel.dll	Object is locked	skipped
C:\WINDOWS\Debug\PASSWD.LOG	Object is locked	skipped
C:\WINDOWS\SchedLgU.Txt	Object is locked	skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{89E1D57F-6253-44B4-A450-3CAA6B9BFAF7}.bin	Object is locked	skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log	Object is locked	skipped
C:\WINDOWS\Sti_Trace.log	Object is locked	skipped
C:\WINDOWS\system32\CatRoot2\edb.log	Object is locked	skipped
C:\WINDOWS\system32\CatRoot2\edbtmp.log	Object is locked	skipped
C:\WINDOWS\system32\CatRoot2	mp.edb	Object is locked	skipped
C:\WINDOWS\system32\config\AppEvent.Evt	Object is locked	skipped
C:\WINDOWS\system32\config\default	Object is locked	skipped
C:\WINDOWS\system32\config\default.LOG	Object is locked	skipped
C:\WINDOWS\system32\config\Internet.evt	Object is locked	skipped
C:\WINDOWS\system32\config\ODiag.evt	Object is locked	skipped
C:\WINDOWS\system32\config\OSession.evt	Object is locked	skipped
C:\WINDOWS\system32\config\SAM	Object is locked	skipped
C:\WINDOWS\system32\config\SAM.LOG	Object is locked	skipped
C:\WINDOWS\system32\config\SecEvent.Evt	Object is locked	skipped
C:\WINDOWS\system32\config\SECURITY	Object is locked	skipped
C:\WINDOWS\system32\config\SECURITY.LOG	Object is locked	skipped
C:\WINDOWS\system32\config\software	Object is locked	skipped
C:\WINDOWS\system32\config\software.LOG	Object is locked	skipped
C:\WINDOWS\system32\config\SysEvent.Evt	Object is locked	skipped
C:\WINDOWS\system32\config\system	Object is locked	skipped
C:\WINDOWS\system32\config\system.LOG	Object is locked	skipped
C:\WINDOWS\system32\drivers\dtscsi.sys	Object is locked	skipped
C:\WINDOWS\system32\drivers\sptd.sys	Object is locked	skipped
C:\WINDOWS\system32\h323log.txt	Object is locked	skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP	Object is locked	skipped
C:\WINDOWS\Temp\JETE752.tmp	Object is locked	skipped
C:\WINDOWS\wiadebug.log	Object is locked	skipped
C:\WINDOWS\wiaservc.log	Object is locked	skipped
C:\WINDOWS\WindowsUpdate.log	Object is locked	skipped
D:\da625099d11969a350d804\update\update.exe	Object is locked	skipped
D:\da625099d11969a350d804\update\wpdinstallutil.dll	Object is locked	skipped
D:\f6eafe192cc6b1e5f404c5af932f98\update\update.exe	Object is locked	skipped
D:\System Volume Information\MountPointManagerRemoteDatabase	Object is locked	skipped
D:\WINDOWS\$NtUninstallKB835732$\callcont.dll	Object is locked	skipped
D:\WINDOWS\$NtUninstallKB835732$\gdi32.dll	Object is locked	skipped
D:\WINDOWS\$NtUninstallKB835732$\h323.tsp	Object is locked	skipped
D:\WINDOWS\$NtUninstallKB835732$\h323msp.dll	Object is locked	skipped
D:\WINDOWS\$NtUninstallKB835732$\helpctr.exe	Object is locked	skipped
D:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll	Object is locked	skipped
D:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll	Object is locked	skipped
D:\WINDOWS\$NtUninstallKB835732$\mf3216.dll	Object is locked	skipped
D:\WINDOWS\$NtUninstallKB835732$\msasn1.dll	Object is locked	skipped
D:\WINDOWS\$NtUninstallKB835732$\msgina.dll	Object is locked	skipped
D:\WINDOWS\$NtUninstallKB835732$\mst120.dll	Object is locked	skipped
D:\WINDOWS\$NtUninstallKB835732$
etapi32.dll	Object is locked	skipped
D:\WINDOWS\$NtUninstallKB835732$
mcom.dll	Object is locked	skipped
D:\WINDOWS\$NtUninstallKB835732$tcdll.dll	Object is locked	skipped
D:\WINDOWS\$NtUninstallKB835732$\schannel.dll	Object is locked	skipped

Scan process completed.




Et oui, il y a un réseau intranet, enfin il me semble, un autre utiliosateur utilise cet ordinateur pour se connecter à son bureau. Pour ce qui est du fournisseur internet, euh..... Télébec/Sympatico/Bell (tous la même chose, il me semble). Je suis au Québec...

Merci encore une fois.

Vincent · Answer

Voilà, le temps d'attente a été encore plus long que l'autre fois... J'ai bien fais ce que tu m'as dit avec HijackThis.

Kapersky

-------------------------------------------------------------------------------
 KASPERSKY ONLINE SCANNER REPORT
 Friday, April 11, 2008 2:41:18 PM
 Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
 Kaspersky Online Scanner version: 5.0.98.0
 Kaspersky Anti-Virus database last update: 11/04/2008
 Kaspersky Anti-Virus database records: 625106
-------------------------------------------------------------------------------

Scan Settings:
	Scan using the following antivirus database: standard
	Scan Archives: true
	Scan Mail Bases: true

Scan Target - My Computer:
	A:\
	C:\
	D:\
	E:\
	G:\
	H:\
	I:\
	J:\
	K:\
	L:\
	Y:\
	Z:\

Scan Statistics:
	Total number of scanned objects: 260610
	Number of viruses found: 1
	Number of infected objects: 4
	Number of suspicious objects: 0
	Duration of the scan process: 06:09:33

Infected Object Name / Virus Name / Last Action
C:\da625099d11969a350d804\update\update.exe	Object is locked	skipped
C:\da625099d11969a350d804\update\wpdinstallutil.dll	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\ccSubSDK\submissions.idx	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.DAT	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\volatile.DAT	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\{2C43E693-BF83-457A-AA2E-ED8AC6FA0B39}.DAT	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\{6CABB68B-3462-4919-B625-B8321E976F44}.DAT	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\{869FC37B-E6F2-4A7E-8D67-4F65384CCF1A}.DAT	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\{F4C7ACCF-D511-4994-86A4-967725C29A83}.DAT	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2008-04-10_Log.ALUSchedulerSvc.LiveUpdate	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Log.LiveUpdate	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\index.qbs	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBConfig.log	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDebug.log	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDetect.log	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBNotify.log	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBRefr.log	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg.log	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg2.log	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetDev.log	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetLoc.log	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetUsr.log	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBStHash.log	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBValid.log	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\Shl_{92332069-894A-4336-87A7-2AE1C83D313F}.ldb	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\Shl_{92332069-894A-4336-87A7-2AE1C83D313F}.sds	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPPolicy.log	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStart.log	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStop.log	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtErEvt.log	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\12D13D4A.TMP	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\BA51F691.TMP	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\FC85ADE8.TMP	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtMoEvt.log	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtNvEvt.log	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtScEvt.log	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtTxFEvt.log	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtViEvt.log	Object is locked	skipped
C:\Documents and Settings\Claudia\NTUSER.DAT	Object is locked	skipped
C:\Documents and Settings\Claudia
tuser.dat.LOG	Object is locked	skipped
C:\Documents and Settings\Larry\Application Data\Symantec\NPMDataStore\CIMStore.xml	Object is locked	skipped
C:\Documents and Settings\Larry\Cookies\index.dat	Object is locked	skipped
C:\Documents and Settings\Larry\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat	Object is locked	skipped
C:\Documents and Settings\Larry\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG	Object is locked	skipped
C:\Documents and Settings\Larry\Local Settings\History\History.IE5\index.dat	Object is locked	skipped
C:\Documents and Settings\Larry\Local Settings\Temporary Internet Files\Content.IE5\index.dat	Object is locked	skipped
C:\Documents and Settings\Larry\NTUSER.DAT	Object is locked	skipped
C:\Documents and Settings\Larry
tuser.dat.LOG	Object is locked	skipped
C:\Documents and Settings\LocalService\Cookies\index.dat	Object is locked	skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat	Object is locked	skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG	Object is locked	skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat	Object is locked	skipped
C:\Documents and Settings\LocalService\Local Settings	emp\Cookies\index.dat	Object is locked	skipped
C:\Documents and Settings\LocalService\Local Settings	emp\History\History.IE5\index.dat	Object is locked	skipped
C:\Documents and Settings\LocalService\Local Settings	emp\Temporary Internet Files\Content.IE5\index.dat	Object is locked	skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat	Object is locked	skipped
C:\Documents and Settings\LocalService\NTUSER.DAT	Object is locked	skipped
C:\Documents and Settings\LocalService
tuser.dat.LOG	Object is locked	skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat	Object is locked	skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG	Object is locked	skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT	Object is locked	skipped
C:\Documents and Settings\NetworkService
tuser.dat.LOG	Object is locked	skipped
C:\Documents and Settings\Vincent\Application Data\Symantec\NPMDataStore\CIMStore.xml	Object is locked	skipped
C:\Documents and Settings\Vincent\Cookies\index.dat	Object is locked	skipped
C:\Documents and Settings\Vincent\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat	Object is locked	skipped
C:\Documents and Settings\Vincent\Local Settings\Application Data\Microsoft\Messenger\supervin4@hotmail.com\SharingMetadata\Logs\Dfsr00005.log	Object is locked	skipped
C:\Documents and Settings\Vincent\Local Settings\Application Data\Microsoft\Messenger\supervin4@hotmail.com\SharingMetadata\pending.dat	Object is locked	skipped
C:\Documents and Settings\Vincent\Local Settings\Application Data\Microsoft\Messenger\supervin4@hotmail.com\SharingMetadata\Working\database_5838_F6DB_38F6_B6DA\dfsr.db	Object is locked	skipped
C:\Documents and Settings\Vincent\Local Settings\Application Data\Microsoft\Messenger\supervin4@hotmail.com\SharingMetadata\Working\database_5838_F6DB_38F6_B6DA\fsr.log	Object is locked	skipped
C:\Documents and Settings\Vincent\Local Settings\Application Data\Microsoft\Messenger\supervin4@hotmail.com\SharingMetadata\Working\database_5838_F6DB_38F6_B6DA\fsrtmp.log	Object is locked	skipped
C:\Documents and Settings\Vincent\Local Settings\Application Data\Microsoft\Messenger\supervin4@hotmail.com\SharingMetadata\Working\database_5838_F6DB_38F6_B6DA	mp.edb	Object is locked	skipped
C:\Documents and Settings\Vincent\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat	Object is locked	skipped
C:\Documents and Settings\Vincent\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG	Object is locked	skipped
C:\Documents and Settings\Vincent\Local Settings\Application Data\Microsoft\Windows Live Contacts\supervin4@hotmail.comeal\members.stg	Object is locked	skipped
C:\Documents and Settings\Vincent\Local Settings\Application Data\Microsoft\Windows Live Contacts\supervin4@hotmail.com\shadow\members.stg	Object is locked	skipped
C:\Documents and Settings\Vincent\Local Settings\History\History.IE5\index.dat	Object is locked	skipped
C:\Documents and Settings\Vincent\Local Settings\History\History.IE5\MSHist012008041020080411\index.dat	Object is locked	skipped
C:\Documents and Settings\Vincent\Local Settings\Temp\~DF7103.tmp	Object is locked	skipped
C:\Documents and Settings\Vincent\Local Settings\Temp\~DF71C8.tmp	Object is locked	skipped
C:\Documents and Settings\Vincent\Local Settings\Temp\~DF9471.tmp	Object is locked	skipped
C:\Documents and Settings\Vincent\Local Settings\Temp\~DF9516.tmp	Object is locked	skipped
C:\Documents and Settings\Vincent\Local Settings\Temporary Internet Files\Content.IE5\index.dat	Object is locked	skipped
C:\Documents and Settings\Vincent\NTUSER.DAT	Object is locked	skipped
C:\Documents and Settings\Vincent
tuser.dat.LOG	Object is locked	skipped
C:\f6eafe192cc6b1e5f404c5af932f98\update\update.exe	Object is locked	skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll	Object is locked	skipped
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT	Object is locked	skipped
C:\Program Files\Common Files\Symantec Shared\NFWEVT.LOG	Object is locked	skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log	Object is locked	skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log	Object is locked	skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log	Object is locked	skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log	Object is locked	skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log	Object is locked	skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log	Object is locked	skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVApp.log	Object is locked	skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVError.log	Object is locked	skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVVirus.log	Object is locked	skipped
C:\Program Files\palmOne\Palm3\DS.DVZ	Object is locked	skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\xxyvwtu.dll.vir	Infected: Packed.Win32.Monder.gen	skipped
C:\QooBox\Quarantine\catchme2008-03-30_215710.50.zip/ssqrr.dll	Infected: Packed.Win32.Monder.gen	skipped
C:\QooBox\Quarantine\catchme2008-03-30_215710.50.zip/yayabbb.dll	Infected: Packed.Win32.Monder.gen	skipped
C:\QooBox\Quarantine\catchme2008-03-30_215710.50.zip	ZIP: infected - 2	skipped
C:\System Volume Information\MountPointManagerRemoteDatabase	Object is locked	skipped
C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP549\change.log	Object is locked	skipped
C:\WINDOWS\$NtUninstallKB835732$\callcont.dll	Object is locked	skipped
C:\WINDOWS\$NtUninstallKB835732$\gdi32.dll	Object is locked	skipped
C:\WINDOWS\$NtUninstallKB835732$\h323.tsp	Object is locked	skipped
C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll	Object is locked	skipped
C:\WINDOWS\$NtUninstallKB835732$\helpctr.exe	Object is locked	skipped
C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll	Object is locked	skipped
C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll	Object is locked	skipped
C:\WINDOWS\$NtUninstallKB835732$\mf3216.dll	Object is locked	skipped
C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll	Object is locked	skipped
C:\WINDOWS\$NtUninstallKB835732$\msgina.dll	Object is locked	skipped
C:\WINDOWS\$NtUninstallKB835732$\mst120.dll	Object is locked	skipped
C:\WINDOWS\$NtUninstallKB835732$
etapi32.dll	Object is locked	skipped
C:\WINDOWS\$NtUninstallKB835732$
mcom.dll	Object is locked	skipped
C:\WINDOWS\$NtUninstallKB835732$tcdll.dll	Object is locked	skipped
C:\WINDOWS\$NtUninstallKB835732$\schannel.dll	Object is locked	skipped
C:\WINDOWS\Debug\PASSWD.LOG	Object is locked	skipped
C:\WINDOWS\SchedLgU.Txt	Object is locked	skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{89E1D57F-6253-44B4-A450-3CAA6B9BFAF7}.bin	Object is locked	skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log	Object is locked	skipped
C:\WINDOWS\Sti_Trace.log	Object is locked	skipped
C:\WINDOWS\system32\CatRoot2\edb.log	Object is locked	skipped
C:\WINDOWS\system32\CatRoot2\edbtmp.log	Object is locked	skipped
C:\WINDOWS\system32\CatRoot2	mp.edb	Object is locked	skipped
C:\WINDOWS\system32\config\AppEvent.Evt	Object is locked	skipped
C:\WINDOWS\system32\config\default	Object is locked	skipped
C:\WINDOWS\system32\config\default.LOG	Object is locked	skipped
C:\WINDOWS\system32\config\Internet.evt	Object is locked	skipped
C:\WINDOWS\system32\config\ODiag.evt	Object is locked	skipped
C:\WINDOWS\system32\config\OSession.evt	Object is locked	skipped
C:\WINDOWS\system32\config\SAM	Object is locked	skipped
C:\WINDOWS\system32\config\SAM.LOG	Object is locked	skipped
C:\WINDOWS\system32\config\SecEvent.Evt	Object is locked	skipped
C:\WINDOWS\system32\config\SECURITY	Object is locked	skipped
C:\WINDOWS\system32\config\SECURITY.LOG	Object is locked	skipped
C:\WINDOWS\system32\config\software	Object is locked	skipped
C:\WINDOWS\system32\config\software.LOG	Object is locked	skipped
C:\WINDOWS\system32\config\SysEvent.Evt	Object is locked	skipped
C:\WINDOWS\system32\config\system	Object is locked	skipped
C:\WINDOWS\system32\config\system.LOG	Object is locked	skipped
C:\WINDOWS\system32\drivers\dtscsi.sys	Object is locked	skipped
C:\WINDOWS\system32\drivers\sptd.sys	Object is locked	skipped
C:\WINDOWS\system32\h323log.txt	Object is locked	skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP	Object is locked	skipped
C:\WINDOWS\Temp\JETE752.tmp	Object is locked	skipped
C:\WINDOWS\wiadebug.log	Object is locked	skipped
C:\WINDOWS\wiaservc.log	Object is locked	skipped
C:\WINDOWS\WindowsUpdate.log	Object is locked	skipped
D:\da625099d11969a350d804\update\update.exe	Object is locked	skipped
D:\da625099d11969a350d804\update\wpdinstallutil.dll	Object is locked	skipped
D:\f6eafe192cc6b1e5f404c5af932f98\update\update.exe	Object is locked	skipped
D:\System Volume Information\MountPointManagerRemoteDatabase	Object is locked	skipped
D:\WINDOWS\$NtUninstallKB835732$\callcont.dll	Object is locked	skipped
D:\WINDOWS\$NtUninstallKB835732$\gdi32.dll	Object is locked	skipped
D:\WINDOWS\$NtUninstallKB835732$\h323.tsp	Object is locked	skipped
D:\WINDOWS\$NtUninstallKB835732$\h323msp.dll	Object is locked	skipped
D:\WINDOWS\$NtUninstallKB835732$\helpctr.exe	Object is locked	skipped
D:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll	Object is locked	skipped
D:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll	Object is locked	skipped
D:\WINDOWS\$NtUninstallKB835732$\mf3216.dll	Object is locked	skipped
D:\WINDOWS\$NtUninstallKB835732$\msasn1.dll	Object is locked	skipped
D:\WINDOWS\$NtUninstallKB835732$\msgina.dll	Object is locked	skipped
D:\WINDOWS\$NtUninstallKB835732$\mst120.dll	Object is locked	skipped
D:\WINDOWS\$NtUninstallKB835732$
etapi32.dll	Object is locked	skipped
D:\WINDOWS\$NtUninstallKB835732$
mcom.dll	Object is locked	skipped
D:\WINDOWS\$NtUninstallKB835732$tcdll.dll	Object is locked	skipped
D:\WINDOWS\$NtUninstallKB835732$\schannel.dll	Object is locked	skipped

Scan process completed.




Et oui, il y a un réseau intranet, enfin il me semble, un autre utilisateur utilise cet ordinateur pour se connecter à son bureau. Pour ce qui est du fournisseur internet, euh..... Télébec/Sympatico/Bell (tous la même chose, il me semble). Je suis au Québec...

Merci encore une fois.

Utilisateur anonyme · Answer

Bonsoir,
Ok très bien.
Alors on termine :

> Peux-tu vérifier ta console JAVA ici : https://www.java.com/fr/download/uninstalltool.jsp, et installer la nouvelle version au besoin (dans ce cas désinstalle avant l'ancienne version). Dis moi ce qu'il en est stp.
Pour info. ou en cas de problème : http://assiste.com.free.fr/p/abc/c/anti_java.html

> Mets à jour Acrobat si ce n'est pas le cas (désinstalle avant la version antérieure) : https://get2.adobe.com/reader/otherversions/

> Télécharge ToolsCleaner : https://www.commentcamarche.net/telecharger/securite/22061-toolscleaner/ sur ton bureau.
- Clique sur Recherche et laisse le scan agir ...
- Clique sur Suppression pour finaliser (tu peux, si tu le souhaites, te servir des Options facultatives)
- Clique sur Quitter pour obtenir le rapport et poste le dans ta réponse (TCleaner.txt se trouve à la racine de ton disque dur (C:\)).
- Supprime ToolsCleaner ensuite.

> Télécharge et installe Easy Cleaner stp : https://www.01net.com/telecharger/windows/Utilitaire/registre/fiches/8351.html
(lien miroir : https://www.clubic.com/telecharger-fiche11170-easycleaner.html )
- Lance le programme puis clique sur <Registre> puis sur <Trouver>.
- A la fin du scan clique sur <Supprime tout> puis confirme par <Oui> puis quitte le programme.
Si besoin tuto ici : https://www.pcparadise.fr
et http://www.6ma.fr/tuto/easycleaner-nettoyer-windows-des-elements-obsoletes/

> Tu peux aussi vider ta corbeille.

> Désactive et réactive la restauration de système, pour cela : suis les instructions de ce lien : http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/fr_docid/20020830101856924

> Passe un coup d'AGV et de Ccleaner de temps en temps (1 fois par semaine à 1 fois par mois, suivant l'utilisation que tu fais de ton PC). Utilise aussi tes autres logiciels de protection (scannes antivirus, antispywares...). N'oublie pas de faire les mises à jour avant de les utiliser. Pense aussi à faire une défragmentation de tes disques durs de temps en temps (garde suffisamment d'espace sur C:\ (1/3 de libre pour être alaise))
Rappel des liens :
- http://www.commentcamarche.net/telecharger/telecharger 218 avg anti spyware
- https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html

> Pour bien protéger ton PC :
[1 seul Antivirus] + [1 seul Pare feu] + [Quelques Antispywares] + [Mises à Jour récentes Windows et Logiciels de Protection] + [Utilisation de Firefox -ou autres- (Internet Explorer présente des failles de sécurité qui mettent longtemps avant d'être corrigées mais il faut absolument le conserver pour les mises à jour Windows)] + [Utilisation du PC en mode Invité (= limité). Lors d'une infection en mode administrateur le PC est beaucoup plus vulnérable. Voir ICI]

> Quelques liens utiles :
- http://www.commentcamarche.net/faq/sujet 2432 securite proteger un ordinateur contre les malwares d internet
- https://sebsauvage.net/safehex.html
- https://www.zebulon.fr/telechargements/securite/protection-donnees-personnelles/spywareblaster.html (= petit logiciel qui bloque l'installation d'activ-X nuisibles au PC. Fonctionne en arrière plan)

Voila,
Bonne lecture....

A+

Utilisateur anonyme · Answer

--
Fire Walk with Me   ~~~~~~~~~~>   o_Ö

Ordinateur infecté (Scan HijackThis)

10 réponses

Discussions similaires

Newsletters