Virus pop up et page de démarrage

Question

Bonjour, 

Je viens faire appel à vous car j'ai actuellement de gros problèmes avec Internet Explorer : des pop-ups ne cessent de s'afficher quoique je fasse. De plus, ma page de démarrage habituelle (club-internet) a été remplacée par  un site : findthewebsiteyouneed.com, même si je configure mon pc de façon à tomber sur club-internet au démarrage, dès que j'éteins mon ordinateur findthewebsiteyouneed.com revient. 
J'ai bien essayé d'enlever les virus de mon ordinateur mais peine perdue! 

Que dois-je faire? 

Merci d'avance pour vos réponses, 

Emeline

Utilisateur anonyme · Answer

Bonjour

Télécharge le logiciel HijackThis v1.99.1
http://pchelpbordeaux.free.fr/logiciels.html
Tutorial
http://pchelpbordeaux.free.fr/tuto.html
Démo en image
http://pageperso.aol.fr/balltrap34/demohijack.htm

Fais un scan et poste l'analyse.

Utilisateur anonyme · Answer

Bonjour


Une partie de la procédure se déroulera sans avoir accès à internet, prière d'imprimer ces instructions, ou de les coller dans un fichier texte, pour lecture durant cette désinfection.
Les  manipulations sont à faire sans interruption et dans l'ordre.
Si tu ne comprends pas quelque chose, demande des explications avant de commencer.


Télécharge Brute Force Uninstaller (de Merijn)
http://www.merijn.org/files/bfu.zip
Créé un nouveau dossier directement sur le C:\ et nomme-le BFU. Décompresse le fichier téléchargé dans ce nouveau dossier (C:\BFU)


FAIS UN CLIC-DROIT sur le lien suivant
http://metallica.geekstogo.com/alcanshorty.bfu
et choisis "Enregistrer la cible sous..." afin de télécharger Alcanshorty.bfu (de Metallica). Sauvegarde dans le dossier créé (C:\BFU). **Note: si tu utlises Internet Explorer, lors de la sauvegarde, assure-toi que le champs "Type :" affiche "Tous les fichiers". Tu dois maintenant avoir deux fichiers dans le dossier C:\BFU : Alcanshorty.bfu et BFU.exe (très important).


Redémarre en mode Sans Échec : au redémarrage, tapote immédiatement la touche F8 ou F5; tu verras un écran avec choix de démarrages apparaître. Utilisant les flèches du clavier, choisis "Mode Sans Échec" et valide avec "Entrée". Choisis ton compte usuel, et non Administrateur.


Démarre le "Brute Force Uninstaller" en double-cliquant BFU.exe (du dossier C:\BFU)
Clique sur le petit dossier jaune, à la droite de la boîte Scriptline to execute, et double-clique sur :

Alcanshorty.bfu

Dans la boîte "Scriptline to execute", tu devrais maintenant voir ceci : C:\BFU\Alcanshorty.bfu
Clique sur Execute et laisse-le faire son travail.
Attendre que Complete script execution apparaîsse et clique sur OK.
Clique Exit pour fermer le programme BFU.


Redémarre normalement


Télécharge Combofix.exe (par sUBs) sur ton Bureau
http://download.bleepingcomputer.com/sUBs/combofix.exe 
Double clique combofix.exe et suis les invites.
Lorsque le scan sera complété, un rapport apparaîtra. 

Copie/colle ce rapport dans ta prochaine réponse avec un nouveau HijackThis.

Emeline · Answer

EFAP - 06-11-19 22:19:06,79    Service Pack 2
ComboFix 06.11.9 - Running from: "C:\Documents and Settings\EFAP\Bureau"

(((((((((((((((((((((((((((((((((((((((((((   E-Give / Ssk's Log   )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\dxclib303562752.dll
C:\Documents and Settings\EFAP\Application Data\Dxcdmns.dll
C:\Documents and Settings\EFAP\Application Data\Dxcknwrd.dll
C:\WINDOWS\system32\bkd.exe
C:\Program Files\DeluxeCommunications\DxcBho.dll
C:\Program Files\DeluxeCommunications\DxcCore.dll


* * *  POST RUN FILES/FOLDERS  * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


((((((((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
 

C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\atmtd.dll
C:\WINDOWS\system32\atmtd.dll._
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Program Files\Fichiers communs\{3034072A-06FF-1036-0416-040512030021}
C:\Program Files\Fichiers communs\{6034072A-06FF-1036-0416-040512030021}

 
(((((((((((((((((((((((((((((((   Files Created from 2006-10-19 to 2006-11-19  ))))))))))))))))))))))))))))))))))
 
 
2006-11-19	10:34	516,173	--a------	C:\WINDOWS\system32\MSVCP60D.DLL
2006-11-19	10:34	385,100	--a------	C:\WINDOWS\system32\MSVCRTD.DLL
2006-11-13	18:48	368,912	--a------	C:\WINDOWS\system32\vbar332.dll
2006-11-12	21:24	1,232	--a------	C:
avipromo.reg
2006-11-09	13:44	502,368	--a------	C:\WINDOWS\system32\drivers\amon.sys
2006-11-09	13:44	274,432	--a------	C:\WINDOWS\system32\imon.dll
2006-11-07	17:46	163,600	--a------	C:\WINDOWS\system32\wmaudsdk.dll
2006-11-06	17:19	61,952	--a------	C:\WINDOWS\system32\fhkc3b35.dll
2006-11-06	17:19	32,768	--a------	C:\WINDOWS\system32\WinDmy.dll
2006-11-06	17:19	1,259	--a------	C:\WINDOWS\system32\fhkc3b35.sys
2006-11-04	14:17	1,245,696	--a------	C:\WINDOWS\system32\msxml4.dll
2006-11-02	11:52	44,032	---------	C:\WINDOWS\system32\wpdshextres.dll
2006-10-30	14:33	178,408	--a------	C:\WINDOWS\system32\muweb.dll
2006-10-30	14:33	128,744	--a------	C:\WINDOWS\system32\mucltui.dll
2006-10-26	18:35	73,216	--a------	C:\WINDOWS\ST6UNST.EXE
2006-10-26	18:35	249,856	---------	C:\WINDOWS\Setup1.exe


((((((((((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))))	


2006-11-19 22:19	--------	d--------	C:\Program Files\Fichiers communs
2006-11-19 21:59	--------	d--------	C:\Program Files\bfu
2006-11-19 21:56	62862	--a------	C:\Program Files\bfu.zip
2006-11-19 19:09	--------	d--------	C:\Program Files\Hijackthis Version Fran‡aise
2006-11-19 10:34	--------	d--------	C:\Program Files\Free Audio Pack
2006-11-19 10:31	131072	--a--c---	C:\WINDOWS\system32\SpoonUninstall.exe
2006-11-19 10:31	--------	d--------	C:\Program Files\Illustrate
2006-11-18 12:34	--------	d--------	C:\Program Files\MSXML 4.0
2006-11-18 12:33	--------	d--------	C:\Program Files\Internet Explorer
2006-11-17 20:52	--------	d--------	C:\Program Files\BitTorrent
2006-11-17 20:52	--------	d--------	C:\Documents and Settings\EFAP\Application Data\BitTorrent
2006-11-16 17:36	--------	d--------	C:\Program Files\Windows Media Player
2006-11-16 17:36	--------	d--------	C:\Program Files\Windows Media Connect 2
2006-11-09 14:56	--------	d--------	C:\Program Files\ESET
2006-11-07 17:46	--------	d--------	C:\Program Files\Cool MP3 Converter
2006-11-07 16:42	--------	d--------	C:\Program Files\NetMeeting
2006-11-07 16:42	--------	d--------	C:\Program Files\MSN Gaming Zone
2006-11-07 16:41	--------	d--------	C:\Program Files\microsoft frontpage
2006-11-07 16:19	--------	d--------	C:\Program Files\Alwil Software
2006-11-07 16:04	--------	d--------	C:\Program Files\Windows Live Toolbar
2006-11-06 19:50	--------	d--------	C:\Program Files\Fichiers communs\Adobe
2006-10-29 20:18	--------	d--------	C:\Program Files\Fichiers communs\Microsoft Shared
2006-10-29 20:17	--------	d--------	C:\Program Files\MSN Messenger
2006-10-23 18:42	--------	d--------	C:\Documents and Settings\EFAP\Application Data\Adobe
2006-10-18 21:58	8704	--a------	C:\WINDOWS\system32\wdfmgr.exe
2006-10-18 21:58	8704	--a------	C:\WINDOWS\system32\uwdf.exe
2006-10-18 21:47	99840	--a------	C:\WINDOWS\system32\wmpshell.dll
2006-10-18 21:47	991744	--a------	C:\WINDOWS\system32\drmv2clt.dll
2006-10-18 21:47	937984	--a------	C:\WINDOWS\system32\WMNetMgr.dll
2006-10-18 21:47	8231936	--a------	C:\WINDOWS\system32\wmploc.dll
2006-10-18 21:47	767488	---------	C:\WINDOWS\system32\WMVSENCD.dll
2006-10-18 21:47	757248	--a------	C:\WINDOWS\system32\WMADMOD.dll
2006-10-18 21:47	7168	--a------	C:\WINDOWS\system32\asferror.dll
2006-10-18 21:47	656896	---------	C:\WINDOWS\system32\WMVXENCD.dll
2006-10-18 21:47	63488	--a------	C:\WINDOWS\system32\wpdmtpus.dll
2006-10-18 21:47	629760	--a------	C:\WINDOWS\system32\wpd_ci.dll
2006-10-18 21:47	613376	---------	C:\WINDOWS\system32\wmpmde.dll
2006-10-18 21:47	603648	--a------	C:\WINDOWS\system32\WMSPDMOD.dll
2006-10-18 21:47	542720	--a------	C:\WINDOWS\system32\blackbox.dll
2006-10-18 21:47	535040	---------	C:\WINDOWS\system32\wmdrmsdk.dll
2006-10-18 21:47	429056	--a------	C:\WINDOWS\system32\wmdrmdev.dll
2006-10-18 21:47	414208	--a------	C:\WINDOWS\system32\msscp.dll
2006-10-18 21:47	4096	--a------	C:\WINDOWS\system32\wmvdmoe2.dll
2006-10-18 21:47	4096	--a------	C:\WINDOWS\system32\wmvdmod.dll
2006-10-18 21:47	4096	--a------	C:\WINDOWS\system32\WMVADVE.DLL
2006-10-18 21:47	4096	--a------	C:\WINDOWS\system32\WMVADVD.dll
2006-10-18 21:47	4096	--a------	C:\WINDOWS\system32\wmsdmoe2.dll
2006-10-18 21:47	4096	--a------	C:\WINDOWS\system32\wmsdmod.dll
2006-10-18 21:47	4096	--a------	C:\WINDOWS\system32\wdfapi.dll
2006-10-18 21:47	4096	--a------	C:\WINDOWS\system32\MPG4DMOD.dll
2006-10-18 21:47	4096	--a------	C:\WINDOWS\system32\MP4SDMOD.dll
2006-10-18 21:47	4096	--a------	C:\WINDOWS\system32\MP43DMOD.dll
2006-10-18 21:47	37376	--a------	C:\WINDOWS\system32\wmdmps.dll
2006-10-18 21:47	35840	--a------	C:\WINDOWS\system32\wpdconns.dll
2006-10-18 21:47	356352	--a------	C:\WINDOWS\system32\wpdsp.dll
2006-10-18 21:47	348672	--a------	C:\WINDOWS\system32\wmdrmnet.dll
2006-10-18 21:47	33792	--a------	C:\WINDOWS\system32\wmdmlog.dll
2006-10-18 21:47	321536	--a------	C:\WINDOWS\system32\mswmdm.dll
2006-10-18 21:47	317440	---------	C:\WINDOWS\system32\MP4SDECD.dll
2006-10-18 21:47	314880	--a------	C:\WINDOWS\system32\wmpdxm.dll
2006-10-18 21:47	295936	---------	C:\WINDOWS\system32\wmpeffects.dll
2006-10-18 21:47	284160	---------	C:\WINDOWS\system32\PortableDeviceApi.dll
2006-10-18 21:47	276992	--a------	C:\WINDOWS\system32\audiodev.dll
2006-10-18 21:47	27136	--a------	C:\WINDOWS\system32\mspmsnsv.dll
2006-10-18 21:47	2603008	---------	C:\WINDOWS\system32\WpdShext.dll
2006-10-18 21:47	259072	---------	C:\WINDOWS\system32\MPG4DECD.dll
2006-10-18 21:47	259072	---------	C:\WINDOWS\system32\MP43DECD.dll
2006-10-18 21:47	2450944	--a------	C:\WINDOWS\system32\wmvcore.dll
2006-10-18 21:47	242688	--a------	C:\WINDOWS\system32\wmpasf.dll
2006-10-18 21:47	229376	--a------	C:\WINDOWS\system32\cewmdm.dll
2006-10-18 21:47	227328	--a------	C:\WINDOWS\system32\wmerror.dll
2006-10-18 21:47	222208	--a------	C:\WINDOWS\system32\WMASF.dll
2006-10-18 21:47	212992	---------	C:\WINDOWS\system32\MFPLAT.dll
2006-10-18 21:47	211456	--a------	C:\WINDOWS\system32\qasf.dll
2006-10-18 21:47	204288	--a------	C:\WINDOWS\system32\wmpsrcwp.dll
2006-10-18 21:47	199168	---------	C:\WINDOWS\system32\PortableDeviceWMDRM.dll
2006-10-18 21:47	179712	--a------	C:\WINDOWS\system32\msnetobj.dll
2006-10-18 21:47	175616	--a------	C:\WINDOWS\system32\mspmsp.dll
2006-10-18 21:47	166912	---------	C:\WINDOWS\system32\PortableDeviceTypes.dll
2006-10-18 21:47	1661440	--a------	C:\WINDOWS\system32\wmpencen.dll
2006-10-18 21:47	1574912	---------	C:\WINDOWS\system32\WMVENCOD.dll
2006-10-18 21:47	157184	--a------	C:\WINDOWS\system32\wmidx.dll
2006-10-18 21:47	154624	--a------	C:\WINDOWS\system32\wpdmtp.dll
2006-10-18 21:47	1543680	---------	C:\WINDOWS\system32\WMVDECOD.dll
2006-10-18 21:47	1382912	---------	C:\WINDOWS\system32\WMVSDECD.dll
2006-10-18 21:47	133632	---------	C:\WINDOWS\system32\WPDShServiceObj.dll
2006-10-18 21:47	1329152	--a------	C:\WINDOWS\system32\WMSPDMOE.dll
2006-10-18 21:47	132096	---------	C:\WINDOWS\system32\PortableDeviceWiaCompat.dll
2006-10-18 21:47	130048	---------	C:\WINDOWS\system32\wmpps.dll
2006-10-18 21:47	11264	--a------	C:\WINDOWS\system32\LAPRXY.dll
2006-10-18 21:47	1117696	--a------	C:\WINDOWS\system32\WMADMOE.dll
2006-10-18 21:47	101888	---------	C:\WINDOWS\system32\PortableDeviceClassExtension.dll
2006-10-18 20:03	100864	--a------	C:\WINDOWS\system32\logagent.exe
2006-10-18 20:00	38528	--a------	C:\WINDOWS\system32\drivers\wpdusb.sys
2006-10-18 20:00	249856	---------	C:\WINDOWS\system32\drmupgds.exe
2006-10-18 20:00	17408	---------	C:\WINDOWS\system32\wpdshextautoplay.exe
2006-10-13 13:36	145920	--a------	C:\WINDOWS\system32
wprovau.dll
2006-10-10 14:44	--------	d--------	C:\Program Files\Sony
2006-10-10 14:41	--------	d--------	C:\Program Files\Fichiers communs\Sony Shared
2006-10-09 16:48	--------	d--------	C:\Documents and Settings\EFAP\Application Data\Sonic Foundry
2006-10-09 16:46	--------	d--------	C:\Program Files\Sonic Foundry
2006-10-09 16:44	--------	d--------	C:\Program Files\Sonic Foundry Setup
2006-10-08 21:52	--------	d--------	C:\Documents and Settings\EFAP\Application Data\Canon
2006-10-06 08:11	0	--ah-----	C:\Documents and Settings\EFAP\Application Data\L84577898.5v1
2006-10-05 23:39	--------	d--------	C:\Documents and Settings\EFAP\Application Data\IDM
2006-10-05 23:32	--------	d--------	C:\Documents and Settings\EFAP\Application Data\3M
2006-10-02 15:28	312128	---------	C:\WINDOWS\system32\msdelta.dll
2006-09-28 20:13	95344	---------	C:\WINDOWS\system32\WUDFCoinstaller.dll
2006-09-28 19:00	82944	---------	C:\WINDOWS\system32\drivers\WudfRd.sys
2006-09-28 18:56	55808	---------	C:\WINDOWS\system32\WudfSvc.dll
2006-09-28 18:56	316416	---------	C:\WINDOWS\system32\WUDFx.dll
2006-09-28 18:56	165376	---------	C:\WINDOWS\system32\WudfPlatform.dll
2006-09-28 18:56	146432	---------	C:\WINDOWS\system32\WudfHost.exe
2006-09-28 18:55	77568	---------	C:\WINDOWS\system32\drivers\WudfPf.sys
2006-09-25 17:58	23856	--a------	C:\WINDOWS\system32\spupdsvc.exe
2006-09-22 21:22	--------	d--------	C:\Program Files\Java
2006-09-13 06:03	1084416	--a------	C:\WINDOWS\system32\msxml3.dll
2006-08-30 12:58	278528	--a------	C:\Program Files\Fichiers communs\FDEUnInstaller.exe
2006-08-25 16:51	617472	--a------	C:\WINDOWS\system32\comctl32.dll
2006-08-21 13:26	16896	--a------	C:\WINDOWS\system32\fltlib.dll
2006-08-21 10:14	23040	--a------	C:\WINDOWS\system32\fltmc.exe
2006-08-20 19:24	14848	--a--c---	C:\WINDOWS\system32\BASSMOD.dll
 
 
((((((((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))
 
*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversionun]
"Sonic RecordNow!"=""
"TVAgent WiFi"="C:\Club-Internet\Wizard\Agent_WiFi.exe"
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe"
"BitTorrent"="\"C:\Program Files\BitTorrent\bittorrent.exe\" --force_start_minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversionun]
"STDSB"="C:\WINDOWS\System32\STDSB.exe"
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"SoundMan"="SOUNDMAN.EXE"
"UpdateManager"="\"c:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe\" /r"
"TkBellExe"="\"C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe\" -osboot"
"StandardInstall"=""
"iTunesHelper"="\"C:\Program Files\iTunes\iTunesHelper.exe\""
"QuickTime Task"="\"C:\Program Files\QuickTime\qttask.exe\" -atboottime"
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe"
"Club-Internet_McciTrayApp"="C:\Program Files\Club-Internet\Agent Wi-Fi V2\McciTrayApp.exe"
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe"
"nod32kui"="\"C:\Program Files\Eset\nod32kui.exe\" /WAITSERVICE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversionun\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversionun\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversionun\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversionun\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="C:\Program Files\Internet Explorer\polobi.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,e8,\
  03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
  00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
"Source"="C:\Program Files\MSN Gaming Zone\mejexara.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,ea,\
  03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
  00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\2]
"Source"="C:\Program Files\Messenger\polobi.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,ec,\
  03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
  00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\3]
"Source"="C:\Program Files\MSN\mejexara.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,ee,\
  03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
  00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\4]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
  00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
  ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
  00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversionun]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversionun]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
"path"="C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk"
"backup"="C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\PROGRA~1\FICHIE~1\Adobe\CALIBR~1\ADOBEG~1.EXE "
"item"="Adobe Gamma Loader"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^hp psc 2000 Series.lnk]
"path"="C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\hp psc 2000 Series.lnk"
"backup"="C:\WINDOWS\pss\hp psc 2000 Series.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hpobnz08.exe "
"item"="hp psc 2000 Series"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
"path"="C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk"
"backup"="C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\PROGRA~1\MICROS~3\Office\OSA9.EXE -b -l"
"item"="Microsoft Office"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Rappels du Calendrier Microsoft Works.lnk]
"path"="C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Rappels du Calendrier Microsoft Works.lnk"
"backup"="C:\WINDOWS\pss\Rappels du Calendrier Microsoft Works.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\PROGRA~1\FICHIE~1\MICROS~1\WORKSS~1\wkcalrem.exe "
"item"="Rappels du Calendrier Microsoft Works"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnappau]
"key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
"item"="msnappau"
"hkey"="HKLM"
"command"="\"C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\msnappau.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe\" -osboot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]	
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

 
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS	asks\V‚rifier les mises … jour de Windows Live Toolbar.job

Completion time: 06-11-19 22:22:09.22 
C:\ComboFix.txt ... 06-11-19 22:22

Logfile of HijackThis v1.99.1
Scan saved at 22:25:25, on 19/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
C:\Program Files\Eset
od32krn.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\STDSB.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Club-Internet\Agent Wi-Fi V2\McciTrayApp.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Eset
od32kui.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://findthewebsiteyouneed.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
O1 - Hosts file is located at: C:\WINDOWS
sdb\hosts
O1 - Hosts: 82.179.166.192 new-search.net
O1 - Hosts: 82.179.166.190 x-google.net
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {4631A538-5400-48F2-AA5E-F144E9707414} - C:\Program Files\microsoft frontpage\medonuca.dll (file missing)
O2 - BHO: (no name) - {64352607-0EA2-48D7-84C2-9570634A22FD} - C:\Program Files\NetMeeting\medonuca.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [STDSB] C:\WINDOWS\System32\STDSB.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [Club-Internet_McciTrayApp] C:\Program Files\Club-Internet\Agent Wi-Fi V2\McciTrayApp.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset
od32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [TVAgent WiFi] C:\Club-Internet\Wizard\Agent_WiFi.exe
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?8aab91bd42874617ab8edd533516584c
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?8aab91bd42874617ab8edd533516584c
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} (InstallerObj Class) - http://mm.tf1.fr/superdistribution/installer2.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://lespetitsecretsdemmie.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - https://www.afternic.com/domains/errorsafe.com
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter: text/html - {4F7681E5-6CAF-478D-9CB8-4CA593BEE7FB} - (no file)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: MySqlInventime - Unknown owner - c:\mysql\bin\mysqld-max-nt.exe (file missing)
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Program Files\Eset
od32krn.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) -   - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Utilisateur anonyme · Answer

Re

C'est déja mieux. On continue.

Une partie de la procédure se déroulera sans avoir accès à internet, prière d'imprimer ces instructions, ou de les coller dans un fichier texte, pour lecture durant cette désinfection.
Les  manipulations sont à faire sans interruption et dans l'ordre.
Si tu ne comprends pas quelque chose, demande des explications avant de commencer

1 Télécharge 
CCleaner.
http://www.filehippo.com/download_ccleaner.html
Installe le dans un répertoire dédié.

AVG Anti-Spyware
https://www.avg.com/en-ww/free-antivirus-download
Tu l'installes.
Lance AVG Anti-Spyware et clique sur le bouton Mise à jour. Patiente

clean.zip 
http://www.malekal.com/download/clean.zip 
Décompresse-le sur ton bureau (clic droit / extraire tout), tu dois obtenir un dossier clean. 

2 Redémarre en mode sans échec. Attention, tu n'as pas accès à internet dans ce mode, note bien ce que tu as à faire.
Démarre l'ordinateur.
Une fois le chargement du BIOS terminé, il y a un écran noir. Appuye sur la touche F8 ou F5 jusqu'à l'affichage du menu des options avancées de Windows. 
En utilisant les touches du curseur, sélectionne le mode sans échec approprié et appuye sur Entrée.

3 Relance un scan HijackThis et coche les lignes ci-dessous :

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://findthewebsiteyouneed.com/ 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com 
O1 - Hosts file is located at: C:\WINDOWS
sdb\hosts 
O1 - Hosts: 82.179.166.192 new-search.net 
O1 - Hosts: 82.179.166.190 x-google.net 
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx 
O2 - BHO: (no name) - {4631A538-5400-48F2-AA5E-F144E9707414} - C:\Program Files\microsoft frontpage\medonuca.dll (file missing) 
O2 - BHO: (no name) - {64352607-0EA2-48D7-84C2-9570634A22FD} - C:\Program Files\NetMeeting\medonuca.dll (file missing) 
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe" -osboot 
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime 
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll 
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm 
O15 - Trusted Zone: http://click.getmirar.com (HKLM) 
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM) 
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM) 
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM) 
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - https://www.afternic.com/domains/errorsafe.com 
O18 - Filter: text/html - {4F7681E5-6CAF-478D-9CB8-4CA593BEE7FB} - (no file) 

Ferme toutes les fenêtres Windows, Internet explorer, Outlook,sauf le logiciel Hijackthis et clique sur « Fix checked »

4 Lance le nettoyage avec CCleaner

5 Lance Lance AVG Anti-Spyware
Clique sur le bouton Analyse (de la barre d'outils)
Puis sur l'onglets Comment réagir, clique sur Actions recommandées. Sélectionne Quarantine.
Reviens à l'onglet Analyse. Clique sur Analyse complète du système.
A la fin du scan, choisis l'option " Appliquer toutes les actions " en bas. 
Clique sur "Enregistrer le rapport". Ceci génère un rapport en fichier texte qui se trouve dans le dossier Reports du dossier d'AVG Anti-Spyware.

6 Ouvre le dossier Clean qui se trouve sur ton bureau, et double-clic sur clean.cmd.
Une fenêtre noire va apparaître pendant un instant, laisse la ouverte. 

7 Redémarre normalement

Poste un nouveau log HijackThis avec le rapport d'AVG Anti-Spyware et le rapport qui se trouve ici C:apport_clean.txt

Utilisateur anonyme · Answer

Bonjour

HijackThis est propre.

Le rapport d'AVG est tellement long qu'il dépasse.

Il manque aussi le rapport de clean.


Fais une analyse antivirus en ligne sur Kaspersky
https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
Sélectionne le poste de travail comme analyse.
Colle son rapport ici.

emeline · Answer

KASPERSKY ONLINE SCANNER REPORT  
Monday, November 20, 2006 9:01:11 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 20/11/2006
Kaspersky Anti-Virus database records: 229544
 
 
Scan Settings 
Scan using the following antivirus database standard 
Scan Archives true 
Scan Mail Bases true 
 
Scan Target My Computer 
C:\
D:\  
 
Scan Statistics 
Total number of scanned objects 60174 
Number of viruses found 9 
Number of infected objects 16 / 0 
Number of suspicious objects 0 
Duration of the scan process 01:24:19 

Infected Object Name Virus Name Last Action 
C:\Documents and Settings\EFAP\Cookies\index.dat  Object is locked  skipped  
 
C:\Documents and Settings\EFAP\Local Settings\Application Data\Microsoft\Messenger\emeline.coget@club-internet.fr\SharingMetadata\Logs\Dfsr.log  Object is locked  skipped  
 
C:\Documents and Settings\EFAP\Local Settings\Application Data\Microsoft\Messenger\emeline.coget@club-internet.fr\SharingMetadata\pending.dat  Object is locked  skipped  
 
C:\Documents and Settings\EFAP\Local Settings\Application Data\Microsoft\Messenger\emeline.coget@club-internet.fr\SharingMetadata\Working\database_C860_340F_6034_72A\dfsr.db  Object is locked  skipped  
 
C:\Documents and Settings\EFAP\Local Settings\Application Data\Microsoft\Messenger\emeline.coget@club-internet.fr\SharingMetadata\Working\database_C860_340F_6034_72A\fsr.log  Object is locked  skipped  
 
C:\Documents and Settings\EFAP\Local Settings\Application Data\Microsoft\Messenger\emeline.coget@club-internet.fr\SharingMetadata\Working\database_C860_340F_6034_72A\fsrtmp.log  Object is locked  skipped  
 
C:\Documents and Settings\EFAP\Local Settings\Application Data\Microsoft\Messenger\emeline.coget@club-internet.fr\SharingMetadata\Working\database_C860_340F_6034_72A	mp.edb  Object is locked  skipped  
 
C:\Documents and Settings\EFAP\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat  Object is locked  skipped  
 
C:\Documents and Settings\EFAP\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG  Object is locked  skipped  
 
C:\Documents and Settings\EFAP\Local Settings\Application Data\Microsoft\Windows Live Contacts\emeline.coget@club-internet.freal\members.stg  Object is locked  skipped  
 
C:\Documents and Settings\EFAP\Local Settings\Application Data\Microsoft\Windows Live Contacts\emeline.coget@club-internet.fr\shadow\members.stg  Object is locked  skipped  
 
C:\Documents and Settings\EFAP\Local Settings\Historique\History.IE5\index.dat  Object is locked  skipped  
 
C:\Documents and Settings\EFAP\Local Settings\Historique\History.IE5\MSHist012006112020061121\index.dat  Object is locked  skipped  
 
C:\Documents and Settings\EFAP\Local Settings\Temp\~DF4752.tmp  Object is locked  skipped  
 
C:\Documents and Settings\EFAP\Local Settings\Temp\~DF4766.tmp  Object is locked  skipped  
 
C:\Documents and Settings\EFAP\Local Settings\Temp\~DF56A4.tmp  Object is locked  skipped  
 
C:\Documents and Settings\EFAP\Local Settings\Temp\~DF5703.tmp  Object is locked  skipped  
 
C:\Documents and Settings\EFAP\Local Settings\Temporary Internet Files\Content.IE5\index.dat  Object is locked  skipped  
 
C:\Documents and Settings\EFAP\NTUSER.DAT  Object is locked  skipped  
 
C:\Documents and Settings\EFAP
tuser.dat.LOG  Object is locked  skipped  
 
C:\Documents and Settings\LocalService\Cookies\index.dat  Object is locked  skipped  
 
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat  Object is locked  skipped  
 
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG  Object is locked  skipped  
 
C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat  Object is locked  skipped  
 
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat  Object is locked  skipped  
 
C:\Documents and Settings\LocalService\NTUSER.DAT  Object is locked  skipped  
 
C:\Documents and Settings\LocalService
tuser.dat.LOG  Object is locked  skipped  
 
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat  Object is locked  skipped  
 
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG  Object is locked  skipped  
 
C:\Documents and Settings\NetworkService\NTUSER.DAT  Object is locked  skipped  
 
C:\Documents and Settings\NetworkService
tuser.dat.LOG  Object is locked  skipped  
 
C:\Program Files\ESET\cache\CACHE.NDB  Object is locked  skipped  
 
C:\Program Files\ESET\infected\BQLQRNBA.NQF  Infected: Trojan-Downloader.Win32.Adload.di  skipped  
 
C:\Program Files\ESET\infected\C4Q14EDA.NQF  Infected: Trojan-Downloader.Win32.Adload.fu  skipped  
 
C:\Program Files\ESET\infected\FOP1G3AA.NQF  Infected: Trojan-Downloader.Win32.Adload.fu  skipped  
 
C:\Program Files\ESET\infected\MFM0XKBA.NQF  Infected: Trojan-Downloader.Win32.Small.buy  skipped  
 
C:\Program Files\ESET\infected\NMAWBODA.NQF  Infected: Trojan-Downloader.Win32.Adload.ii  skipped  
 
C:\Program Files\ESET\infected\OKXZGABA.NQF  Infected: Trojan-Downloader.Win32.Adload.di  skipped  
 
C:\Program Files\ESET\infected\OQTRDQBA.NQF  Infected: Trojan-Dropper.Win32.Small.auc  skipped  
 
C:\Program Files\ESET\infected\PWAFGKCA.NQF  Infected: Trojan-Downloader.Win32.Adload.ii  skipped  
 
C:\Program Files\ESET\infected\XEHSAADA.NQF  Infected: Trojan-Downloader.Win32.Adload.ii  skipped  
 
C:\Program Files\ESET\infected\ZSSUB4CA.NQF  Infected: Trojan-Downloader.Win32.Adload.ii  skipped  
 
C:\Program Files\ESET\logs\virlog.dat  Object is locked  skipped  
 
C:\Program Files\ESET\logs\warnlog.dat  Object is locked  skipped  
 
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP340\A0312339.exe  Object is locked  skipped  
 
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP340\A0312341.exe  Object is locked  skipped  
 
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP340\A0312342.exe  Object is locked  skipped  
 
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP340\A0312347.exe  Infected: Trojan-Downloader.Win32.Adload.hw  skipped  
 
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP342\A0313504.dll  Object is locked  skipped  
 
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP342\A0313506.dll  Object is locked  skipped  
 
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP343\A0313575.exe  Object is locked  skipped  
 
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP343\A0313708.exe  Object is locked  skipped  
 
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP343\A0313710.exe  Infected: Trojan-Downloader.Win32.Adload.ic  skipped  
 
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP343\A0313712.exe  Object is locked  skipped  
 
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP343\A0313713.exe  Object is locked  skipped  
 
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP343\A0313714.exe  Infected: Trojan-Downloader.Win32.Adload.id  skipped  
 
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP343\A0313716.exe  Object is locked  skipped  
 
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP343\A0313717.exe  Object is locked  skipped  
 
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP343\A0314344.exe  Object is locked  skipped  
 
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP343\A0315361.exe  Object is locked  skipped  
 
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP344\A0315478.dll  Object is locked  skipped  
 
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP344\A0315480.dll  Object is locked  skipped  
 
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP344\A0315487.exe  Object is locked  skipped  
 
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP344\A0315498.exe  Object is locked  skipped  
 
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP344\A0315526.exe  Object is locked  skipped  
 
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP344\A0315534.exe  Object is locked  skipped  
 
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP344\A0315535.exe  Object is locked  skipped  
 
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP344\A0315536.exe  Object is locked  skipped  
 
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP344\A0315537.exe  Object is locked  skipped  
 
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP344\A0315538.exe  Object is locked  skipped  
 
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP344\A0316520.exe  Object is locked  skipped  
 
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP344\A0316530.exe  Infected: Trojan-Downloader.Win32.Adload.ic  skipped  
 
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP344\A0316531.exe  Object is locked  skipped  
 
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP344\A0316534.exe  Object is locked  skipped  
 
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP344\A0316535.exe  Infected: Trojan-Downloader.Win32.Adload.if  skipped  
 
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP344\A0316536.exe  Infected: Trojan-Downloader.Win32.Adload.ic  skipped  
 
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP344\A0316538.exe  Object is locked  skipped  
 
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP345\A0317529.exe  Object is locked  skipped  
 
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP345\A0317534.exe  Object is locked  skipped  
 
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP345\A0317564.exe  Object is locked  skipped  
 
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP345\A0317565.exe  Object is locked  skipped  
 
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP345\A0317566.exe  Object is locked  skipped  
 
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP345\A0317567.exe  Object is locked  skipped  
 
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP345\A0317568.exe  Object is locked  skipped  
 
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP345\A0317569.exe  Object is locked  skipped  
 
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP345\A0317570.exe  Object is locked  skipped  
 
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP345\A0317571.exe  Object is locked  skipped  
 
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP345\A0317572.exe  Object is locked  skipped  
 
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP345\A0317573.exe  Object is locked  skipped  
 
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP351\A0318997.exe  Object is locked  skipped  
 
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP351\A0318998.exe  Object is locked  skipped  
 
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP351\A0318999.exe  Object is locked  skipped  
 
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP351\A0319000.exe  Object is locked  skipped  
 
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP351\A0319150.dll  Object is locked  skipped  
 
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP351\A0319151.dll  Object is locked  skipped  
 
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP351\A0319152.dll  Object is locked  skipped  
 
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP351\change.log  Object is locked  skipped  
 
C:\WINDOWS\$NtUninstallKB828741$\$NtUninstallKB835732$\h323msp.dll  Object is locked  skipped  
 
C:\WINDOWS\$NtUninstallKB828741$\$NtUninstallKB835732$\helpctr.exe  Object is locked  skipped  
 
C:\WINDOWS\$NtUninstallKB828741$\$NtUninstallKB835732$\ipnathlp.dll  Object is locked  skipped  
 
C:\WINDOWS\$NtUninstallKB828741$\$NtUninstallKB835732$\lsasrv.dll  Object is locked  skipped  
 
C:\WINDOWS\$NtUninstallKB828741$\$NtUninstallKB835732$\mf3216.dll  Object is locked  skipped  
 
C:\WINDOWS\$NtUninstallKB828741$\$NtUninstallKB835732$\msasn1.dll  Object is locked  skipped  
 
C:\WINDOWS\$NtUninstallKB828741$\$NtUninstallKB835732$\msgina.dll  Object is locked  skipped  
 
C:\WINDOWS\$NtUninstallKB828741$\$NtUninstallKB835732$\mst120.dll  Object is locked  skipped  
 
C:\WINDOWS\$NtUninstallKB828741$\$NtUninstallKB835732$
etapi32.dll  Object is locked  skipped  
 
C:\WINDOWS\$NtUninstallKB828741$\$NtUninstallKB835732$
mcom.dll  Object is locked  skipped  
 
C:\WINDOWS\$NtUninstallKB828741$\$NtUninstallKB835732$eg00004  Object is locked  skipped  
 
C:\WINDOWS\$NtUninstallKB828741$\$NtUninstallKB835732$eg00005  Object is locked  skipped  
 
C:\WINDOWS\$NtUninstallKB828741$\$NtUninstallKB835732$eg00006  Object is locked  skipped  
 
C:\WINDOWS\$NtUninstallKB828741$\$NtUninstallKB835732$eg00008  Object is locked  skipped  
 
C:\WINDOWS\$NtUninstallKB828741$\$NtUninstallKB835732$eg00009  Object is locked  skipped  
 
C:\WINDOWS\$NtUninstallKB828741$\$NtUninstallKB835732$tcdll.dll  Object is locked  skipped  
 
C:\WINDOWS\$NtUninstallKB828741$\$NtUninstallKB835732$\schannel.dll  Object is locked  skipped  
 
C:\WINDOWS\$NtUninstallKB828741$\clbcatq.dll  Object is locked  skipped  
 
C:\WINDOWS\$NtUninstallKB828741$\colbact.dll  Object is locked  skipped  
 
C:\WINDOWS\$NtUninstallKB828741$\comadmin.dll  Object is locked  skipped  
 
C:\WINDOWS\$NtUninstallKB828741$\comrepl.exe  Object is locked  skipped  
 
C:\WINDOWS\$NtUninstallKB828741$\comsvcs.dll  Object is locked  skipped  
 
C:\WINDOWS\$NtUninstallKB828741$\comuid.dll  Object is locked  skipped  
 
C:\WINDOWS\$NtUninstallKB828741$\es.dll  Object is locked  skipped  
 
C:\WINDOWS\$NtUninstallKB828741$\msdtcprx.dll  Object is locked  skipped  
 
C:\WINDOWS\$NtUninstallKB828741$\msdtctm.dll  Object is locked  skipped  
 
C:\WINDOWS\$NtUninstallKB828741$\msdtcuiu.dll  Object is locked  skipped  
 
C:\WINDOWS\$NtUninstallKB828741$\mtxclu.dll  Object is locked  skipped  
 
C:\WINDOWS\$NtUninstallKB828741$\mtxoci.dll  Object is locked  skipped  
 
C:\WINDOWS\$NtUninstallKB828741$pcrt4.dll  Object is locked  skipped  
 
C:\WINDOWS\$NtUninstallKB828741$	xflog.dll  Object is locked  skipped  
 
C:\WINDOWS\Debug\PASSWD.LOG  Object is locked  skipped  
 
C:\WINDOWS\SchedLgU.Txt  Object is locked  skipped  
 
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log  Object is locked  skipped  
 
C:\WINDOWS\Sti_Trace.log  Object is locked  skipped  
 
C:\WINDOWS\system32\CatRoot2\edb.log  Object is locked  skipped  
 
C:\WINDOWS\system32\CatRoot2	mp.edb  Object is locked  skipped  
 
C:\WINDOWS\system32\config\AppEvent.Evt  Object is locked  skipped  
 
C:\WINDOWS\system32\config\DEFAULT  Object is locked  skipped  
 
C:\WINDOWS\system32\config\default.LOG  Object is locked  skipped  
 
C:\WINDOWS\system32\config\SAM  Object is locked  skipped  
 
C:\WINDOWS\system32\config\SAM.LOG  Object is locked  skipped  
 
C:\WINDOWS\system32\config\SecEvent.Evt  Object is locked  skipped  
 
C:\WINDOWS\system32\config\SECURITY  Object is locked  skipped  
 
C:\WINDOWS\system32\config\SECURITY.LOG  Object is locked  skipped  
 
C:\WINDOWS\system32\config\SOFTWARE  Object is locked  skipped  
 
C:\WINDOWS\system32\config\software.LOG  Object is locked  skipped  
 
C:\WINDOWS\system32\config\SysEvent.Evt  Object is locked  skipped  
 
C:\WINDOWS\system32\config\SYSTEM  Object is locked  skipped  
 
C:\WINDOWS\system32\config\system.LOG  Object is locked  skipped  
 
C:\WINDOWS\system32\h323log.txt  Object is locked  skipped  
 
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR  Object is locked  skipped  
 
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP  Object is locked  skipped  
 
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER  Object is locked  skipped  
 
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP  Object is locked  skipped  
 
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP  Object is locked  skipped  
 
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA  Object is locked  skipped  
 
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP  Object is locked  skipped  
 
C:\WINDOWS\wiadebug.log  Object is locked  skipped  
 
C:\WINDOWS\wiaservc.log  Object is locked  skipped  
 
C:\WINDOWS\WindowsUpdate.log  Object is locked  skipped  
 
Scan process completed.

Utilisateur anonyme · Answer

Vide le contenu de ce dossier
C:\Program Files\ESET\infected

Clique sur Démarrer - Clic droit sur le Poste de Travail - Propriétés - Restauration du systéme - Cocher la case Désactiver la restauration du systéme et cliquer sur Appliquer.

Puis redémarrer l'ordinateur et faire l'opération inverse en décochant la case Désactiver la restauration systéme.

Comment se comporte le PC ?

Utilisateur anonyme · Answer

Bonjour

"openmg secure" est en rapport avec Sony. 
Est ce qu'il met un message d'erreur ?

Supprime :
- BFU
- Combofix
- Clean

On fait du ménage.

1 Télécharge EasyCleaner
https://www.telia.fi/palvelupaattynyt
Installe le dans un répertoire dédié.

2 Relance un scan HijackThis et coche les lignes ci-dessous :

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE 
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe 
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe 

Ferme toutes les fenêtres Windows, Internet explorer, Outlook,sauf le logiciel Hijackthis et clique sur « Fix checked »

3 Lance EasyCleaner.
Utilises les fonctions Inutiles et Registre. Supprimes ce qu'il trouve. Ne pas toucher à la fonction doublons.

4 Lance le nettoyage avec CCleaner.

5 Fais une défragmentation
http://www.trucsastuces.com/Astuces/76.php

Virus pop up et page de démarrage

8 réponses

Votre réponse

Discussions similaires

Newsletters