invasion de pop up, help....Résolu/Fermé

Question

Bonsoir à tous,
depuis ce matin dès que j'ouvre une adresse dasn IE j'ai des pop up qui s'ouvrent (casino, drive cleaner, et tous genre de pub pour antivirus...). Je ne peux quasiment plus surfer, ma connexion ressemble maintenant à celle d'un modem 56k.....c'est moche.
J'ai chercher sur les forums a trouver une solution, mais il semblerait que chaque cas soit particulier. Est ce que quelqu'un pourrait me donner la marche a suivre pour nettoyer tout ça?
Je vous remercie par avance.

FillPCA · Answer

Bonjour,

1/ Télécharge Ccleaner Basic https://www.ccleaner.com/ccleaner/download

Ouvre Ccleaner, clique sur "lancer le nettoyage".

2/ Télécharge AVGantispyware : https://www.avg.com/en-ww/free-antivirus-download
Tu l'installes.
Lance AVG Anti-Spyware et clique sur le bouton Mise à jour. Patiente.

Clique sur le bouton Analyse (de la barre d'outils)
Puis sur l'onglets Comment réagir, clique sur Actions recommandées. Sélectionne Quarantaine.
Reviens à l'onglet Analyse. Clique sur Analyse complète du système.
A la fin du scan, choisis l'option " Appliquer toutes les actions " en bas. Ensuite.
Clique sur "Enregistrer le rapport". Ceci génère un rapport en fichier texte qui se trouve dans le dossier Reports du dossier d'AVG Anti-Spyware. 

3/ Pour une meilleure réponse, télécharge le logiciel HijackThis v1.99.1
http://pchelpbordeaux.free.fr/logiciels.html

Tutorial
http://pchelpbordeaux.free.fr/tuto.html

Démo en image
http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm

Fais un scan et poste l'analyse.

FillPCA

harryploteur · Answer

Comme demandé voici le rapport AVG Antispyware:

---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

 + Créé à:	15:59:55 09/09/2007

 + Résultat de l'analyse:	



D:	emp\plug & vsti\Nero7Keygen.exe -> Backdoor.Hupigon : Nettoyé et sauvegardé (mise en quarantaine).
D:	emp\plug & vsti\Nero7Keygen.rar/Nero7Keygen.exe -> Backdoor.Hupigon : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\yo\Local Settings\Temporary Internet Files\Content.IE5\UTAQUYM3\lkjh[1] -> Downloader.Tiny.id : Nettoyé et sauvegardé (mise en quarantaine).
C:\Program Files\Radminaddrv.dll -> Not-A-Virus.RemoteAdmin.Win32.RAdmin.20 : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32addrv.dll -> Not-A-Virus.RemoteAdmin.Win32.RAdmin.20 : Nettoyé et sauvegardé (mise en quarantaine).
C:\Program Files\Radmin_server.exe -> Not-A-Virus.RemoteAdmin.Win32.RAdmin.22 : Nettoyé et sauvegardé (mise en quarantaine).
C:\Program Files\Radminadmin.exe -> Not-A-Virus.RemoteAdmin.Win32.RAdmin.22 : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32_server.exe -> Not-A-Virus.RemoteAdmin.Win32.RAdmin.22 : Nettoyé et sauvegardé (mise en quarantaine).
[2448] C:\WINDOWS\system32_server.exe -> Not-A-Virus.RemoteAdmin.Win32.RAdmin.22 : Nettoyé et sauvegardé (mise en quarantaine).
D:	emp\plug & vsti
orton_ghost_90\keygen\ssg-ng90.exe -> Trojan.Keygen.s : Nettoyé et sauvegardé (mise en quarantaine).


Fin du rapport



Et voici celui d'HiJackThis:

Logfile of HijackThis v1.99.1
Scan saved at 16:01:00, on 09/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\Securitoo\Common\FSM32.EXE
C:\PROGRA~1\Logitech\iTouch\iTouch.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\PDesk\PDesk.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\devldr32.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\SECURI~1\Av_Fw\8520111\Program\SERVIC~1.EXE
C:\Program Files\Securitoo\Anti-Virus\fsgk32st.exe
C:\Program Files\Securitoo\Av_Fw\8520111\Program\fspex.exe
C:\Program Files\Securitoo\Anti-Virus\FSGK32.EXE
C:\Program Files\Securitoo\Av_Fw\8520111\program\fsbwsys.exe
C:\Program Files\Securitoo\Common\FSMA32.EXE
C:\Program Files\Securitoo\Anti-Virus\fssm32.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\mgabg.exe
C:\Program Files\Securitoo\Common\FSMB32.EXE
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Securitoo\Common\FCH32.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Securitoo\Common\FAMEH32.EXE
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\FICHIE~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Securitoo\Anti-Virus\fsav32.exe
C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
C:\Program Files\Securitoo\FWES\Program\fsdfwd.exe
C:\Program Files\Securitoo\FSGUI\fsguiexe.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Documents and Settings\yo\Bureau\Scanner.exe.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.search.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*https://fr.search.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://192.168.1.1/ServicesAcces.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {51766B90-9E5F-46AD-B474-BCDF24110DF8} - C:\WINDOWS\system32\awvtu.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {984544AB-5FA6-46AF-BE1D-E21804DAD281} - C:\WINDOWS\system32\ddcbbab.dll
O2 - BHO: (no name) - {CF46BFB3-2ACC-441b-B82B-36B9562C7FF1} - C:\WINDOWS\system32\hlobvtya.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Securitoo\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Securitoo\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Securitoo\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\PROGRA~1\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe 
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINDOWS\system32\PDesk\PDesk.exe /Autolaunch
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\system32\ylkiomuk.dll",forkonce
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g.lnk = ?
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {254E4AA8-659F-4A93-A9D2-C924F5975DCD} (Cam09.Chargement) - http://www.libersud.net/Liber'Chat.CAB
O16 - DPF: {275D2217-FFE8-46B5-8FD2-B18CA0B7EE36} (Seagate SeaTools Online French) - http://www.seagate.com/support/disc/asp/tools/fr/bin/npseatools.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {7DFDB8FD-B498-4958-B930-38021B94351D} (imlUCID Class) - https://validate.perfdrive.com/?ssa=1cb613c1-b580-495b-866c-b6fe71718572&ssb=36371211747&ssc=https%3A%2F%2Fimlive.com%2Fchatsource%2FImlCID.cab&ssi=b98a4b26-ba0f-44c8-a2a5-0315e1e966ee&ssk=support@shieldsquare.com&ssm=77124680964133473105650333749186&ssn=7eafd9fa9826c01597307b85effe791743b46ba2f27a-3977-4b0e-988e66&sso=940ea59d-ee88a13130f2489df365438a8b123fc056d418d499c5df48&ssp=15188465711607082399160702401540426&ssq=67141537474651350705574746278120044759785&ssr=OTEuMjA5LjM1LjIxOA==&sst=Mozilla/5.0%20(X11;%20Linux%20x86_64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/74.0.3729.131%20Safari/537.36&ssv=&ssw=
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner371420.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://72.32.179.44/filter/cameraviewer/isetup.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: ddcbbab - C:\WINDOWS\SYSTEM32\ddcbbab.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Securitoo Antivirus Firewall (BackWeb Plug-in - 8520111) - Unknown owner - C:\PROGRA~1\SECURI~1\Av_Fw\8520111\Program\SERVIC~1.EXE
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\Securitoo\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Securitoo\Av_Fw\8520111\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Securitoo\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Securitoo\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINDOWS\system32\mgabg.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\system32_server.exe" /service (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe

FillPCA · Answer

Re,

# Télécharge Vundofix  (par Atribune) sur ton Bureau : http://www.atribune.org/ccount/click.php?id=4
# Double-clique VundoFix.exe afin de le lancer.
# Clique sur le bouton Scan for Vundo.
# Lorsque le scan est complété, clique sur le bouton Remove Vundo (uniquement si des fichiers infectieux sont trouvés).
# Une invite te demandera si tu veux supprimer les fichiers, clique YES.
# Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
# Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK.
# Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse.

FillPCA

harryploteur · Answer

après avoir fait ce que tu m'as demandé le probleme persiste toujours j'ai meme aussi eu le message suivant en ouvrant une fenetre IE:

Buffer overrun detected! 

Program: C:\WINDOWS\Explorer.EXE 

A buffer overrun has been detected which has corrupted the program's 
internal state. The program cannot safely continue execution and must 
now be terminated. 


voici le rapport de vundo:


VundoFix V6.5.8

Checking Java version...

Java version is 1.5.0.5
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Java version is 1.5.0.11

Scan started at 17:52:28 09/09/2007

Listing files found while scanning....

C:\windows\system32\cbanahxv.ini
C:\windows\system32\ddcbbab.dll
C:\WINDOWS\system32\hlobvtya.dll
C:\windows\system32\kumoikly.ini
C:\windows\system32\vxhanabc.dll
C:\WINDOWS\system32\ylkiomuk.dll

Beginning removal...

 Attempting to delete C:\windows\system32\cbanahxv.ini
C:\windows\system32\cbanahxv.ini Has been deleted!

 Attempting to delete C:\windows\system32\ddcbbab.dll
C:\windows\system32\ddcbbab.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\hlobvtya.dll
C:\WINDOWS\system32\hlobvtya.dll Has been deleted!

 Attempting to delete C:\windows\system32\kumoikly.ini
C:\windows\system32\kumoikly.ini Has been deleted!

 Attempting to delete C:\windows\system32\vxhanabc.dll
C:\windows\system32\vxhanabc.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\ylkiomuk.dll
C:\WINDOWS\system32\ylkiomuk.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

 Attempting to delete C:\WINDOWS\system32\ylkiomuk.dll
C:\WINDOWS\system32\ylkiomuk.dll Has been deleted!

Performing Repairs to the registry.
Done!


et le rapport d'HiJackThis:

Logfile of HijackThis v1.99.1
Scan saved at 18:07:09, on 09/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\Securitoo\Common\FSM32.EXE
C:\PROGRA~1\Logitech\iTouch\iTouch.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\PDesk\PDesk.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\devldr32.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\PROGRA~1\SECURI~1\Av_Fw\8520111\Program\SERVIC~1.EXE
C:\Program Files\Securitoo\Av_Fw\8520111\Program\fspex.exe
C:\Program Files\Securitoo\Anti-Virus\fsgk32st.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Securitoo\Av_Fw\8520111\program\fsbwsys.exe
C:\Program Files\Securitoo\Anti-Virus\FSGK32.EXE
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Securitoo\Anti-Virus\fssm32.exe
C:\Program Files\Securitoo\Common\FSMA32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Securitoo\Common\FSMB32.EXE
C:\WINDOWS\system32\mgabg.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Securitoo\Common\FCH32.EXE
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\FICHIE~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
C:\Program Files\Securitoo\Common\FAMEH32.EXE
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Securitoo\Anti-Virus\fsav32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Securitoo\FWES\Program\fsdfwd.exe
C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Securitoo\FSGUI\fsguiexe.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\yo\Bureau\Scanner.exe.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.search.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*https://fr.search.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://192.168.1.1/ServicesAcces.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {984544AB-5FA6-46AF-BE1D-E21804DAD281} - C:\WINDOWS\system32\ddcbbab.dll (file missing)
O2 - BHO: (no name) - {98B1C285-C01F-4DE0-9729-8369DD01D75A} - C:\WINDOWS\system32\awvtu.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Securitoo\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Securitoo\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Securitoo\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\PROGRA~1\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe 
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINDOWS\system32\PDesk\PDesk.exe /Autolaunch
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g.lnk = ?
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {254E4AA8-659F-4A93-A9D2-C924F5975DCD} (Cam09.Chargement) - http://www.libersud.net/Liber'Chat.CAB
O16 - DPF: {275D2217-FFE8-46B5-8FD2-B18CA0B7EE36} (Seagate SeaTools Online French) - http://www.seagate.com/support/disc/asp/tools/fr/bin/npseatools.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {7DFDB8FD-B498-4958-B930-38021B94351D} (imlUCID Class) - https://validate.perfdrive.com/?ssa=1cb613c1-b580-495b-866c-b6fe71718572&ssb=36371211747&ssc=https%3A%2F%2Fimlive.com%2Fchatsource%2FImlCID.cab&ssi=b98a4b26-ba0f-44c8-a2a5-0315e1e966ee&ssk=support@shieldsquare.com&ssm=77124680964133473105650333749186&ssn=7eafd9fa9826c01597307b85effe791743b46ba2f27a-3977-4b0e-988e66&sso=940ea59d-ee88a13130f2489df365438a8b123fc056d418d499c5df48&ssp=15188465711607082399160702401540426&ssq=67141537474651350705574746278120044759785&ssr=OTEuMjA5LjM1LjIxOA==&sst=Mozilla/5.0%20(X11;%20Linux%20x86_64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/74.0.3729.131%20Safari/537.36&ssv=&ssw=
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner371420.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://72.32.179.44/filter/cameraviewer/isetup.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Securitoo Antivirus Firewall (BackWeb Plug-in - 8520111) - Unknown owner - C:\PROGRA~1\SECURI~1\Av_Fw\8520111\Program\SERVIC~1.EXE
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\Securitoo\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Securitoo\Av_Fw\8520111\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Securitoo\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Securitoo\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINDOWS\system32\mgabg.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\system32\r_server.exe" /service (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe

FillPCA · Answer

Re,

1/
    *  Lance Vundofix mais ne clique pas sur "Scan for Vundo".
    * Fais un clic droit sur la fenêtre blanche et choisis "add more files".
    * Indique le ou les fichiers suivants dans les cases (un fichier par case) :

C:\WINDOWS\system32\awvtu.dll

    * Clique sur "add files" puis "close windows".
    * Clique sur "Remove Vundo". Un redémarrage sera peut-être nécessaire.
    * Poste le rapport généré. Il se trouve ici :  C:\vundofix.txt

2/ # Télécharge SDFix (créé par Andy Manchesta) et sauvegarde le sur ton Bureau : http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
# Imprime ceci.
# Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :

    * Redémarre ton ordinateur.
    * Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (ou F5).
    * A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
    * Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
    * Choisis ton compte.

# Déroule la liste des instructions ci-dessous :

    * En mode sans échec, double-clique sur le fichier SDFix.exe et clique sur install,
    * Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
    * Appuie sur Y pour commencer le script.
    * Il va supprimer les services de certains trojans, effectuera aussi quelques réparations du Registre et il te demandera d'appuyer sur une touche pour redémarrer.
    * Appuie sur une touche pour redémarrer le PC.
    * Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
    * Après le chargement du Bureau, l'outil terminera son travail et affichera Finished
    * Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
    * Enfin, ouvre le dossier de SDFix sur ton Bureau et copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis !

FillPCA

harryploteur · Answer

re,
le probleme persiste, voici les rappots demandés:

pour vundo:


VundoFix V6.5.8

Checking Java version...

Java version is 1.5.0.5
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Java version is 1.5.0.11

Scan started at 17:52:28 09/09/2007

Listing files found while scanning....

C:\windows\system32\cbanahxv.ini
C:\windows\system32\ddcbbab.dll
C:\WINDOWS\system32\hlobvtya.dll
C:\windows\system32\kumoikly.ini
C:\windows\system32\vxhanabc.dll
C:\WINDOWS\system32\ylkiomuk.dll

Beginning removal...

 Attempting to delete C:\windows\system32\cbanahxv.ini
C:\windows\system32\cbanahxv.ini Has been deleted!

 Attempting to delete C:\windows\system32\ddcbbab.dll
C:\windows\system32\ddcbbab.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\hlobvtya.dll
C:\WINDOWS\system32\hlobvtya.dll Has been deleted!

 Attempting to delete C:\windows\system32\kumoikly.ini
C:\windows\system32\kumoikly.ini Has been deleted!

 Attempting to delete C:\windows\system32\vxhanabc.dll
C:\windows\system32\vxhanabc.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\ylkiomuk.dll
C:\WINDOWS\system32\ylkiomuk.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

 Attempting to delete C:\WINDOWS\system32\ylkiomuk.dll
C:\WINDOWS\system32\ylkiomuk.dll Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

 Attempting to delete C:\WINDOWS\system32\awvtu.dll
C:\WINDOWS\system32\awvtu.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

 Attempting to delete C:\WINDOWS\system32\awvtu.dll
C:\WINDOWS\system32\awvtu.dll Could not be deleted.

Performing Repairs to the registry.
Done!


Pour SDFix:


SDFix: Version 1.103

Run by yo on 09/09/2007 at 21:07

Microsoft Windows XP [version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services: 


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files: 

No Trojan Files Found




Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found. 

C:\WINDOWS\system32
No streams found. 

C:\WINDOWS\system32\svchost.exe
No streams found.
 
C:\WINDOWS\system32
toskrnl.exe
No streams found.
 


                                 Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"C:\Program Files\Securitoo\Av_Fw\8520111\Program\fspex.exe"="C:\Program Files\Securitoo\Av_Fw\8520111\Program\fspex.exe:*:Enabled:Securitoo3"
"C:\Program Files\mIRC\mirc.exe"="C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC"
"C:\Program Files\GlobalSCAPE\CuteFTP Professional\ftpte.exe"="C:\Program Files\GlobalSCAPE\CuteFTP Professional\ftpte.exe:*:Enabled:FTP Transfer Engine"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\Program Files\BitTornado\btdownloadgui.exe"="C:\Program Files\BitTornado\btdownloadgui.exe:*:Enabled:btdownloadgui"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\Program Files\Yahoo!\Messenger\YPager.exe"="C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Disabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\GhostSurf 2005\Proxy.exe"="C:\Program Files\GhostSurf 2005\Proxy.exe:*:Disabled:GhostSurf proxy"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"

Remaining Files:
---------------


Files with Hidden Attributes:

C:\Documents and Settings\yo\Local Settings\Application Data\Microsoft\Messenger\harry_ploteur@hotmail.fr\Sharing Folders\veromarko@hotmail.com\Thumbs.db
C:\Program Files\Fichiers communs\Adobe\ESD\DLMCleanup.exe
C:\Program Files\Picasa2\setup.exe
C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp

Finished! 


Pour HiJackThis:

Logfile of HijackThis v1.99.1
Scan saved at 21:21:41, on 09/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\SECURI~1\Av_Fw\8520111\Program\SERVIC~1.EXE
C:\Program Files\Securitoo\Anti-Virus\fsgk32st.exe
C:\Program Files\Securitoo\Anti-Virus\FSGK32.EXE
C:\Program Files\Securitoo\Av_Fw\8520111\program\fsbwsys.exe
C:\Program Files\Securitoo\Common\FSMA32.EXE
C:\Program Files\Securitoo\Anti-Virus\fssm32.exe
C:\WINDOWS\system32\mgabg.exe
C:\Program Files\Securitoo\Common\FSMB32.EXE
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\Securitoo\Common\FCH32.EXE
C:\Program Files\Securitoo\Common\FAMEH32.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Securitoo\Anti-Virus\fsav32.exe
C:\Program Files\Securitoo\FWES\Program\fsdfwd.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Securitoo\Common\FSM32.EXE
C:\Program Files\Securitoo\FSGUI\ispnews.exe
C:\Program Files\Securitoo\FSGUI\fsguiexe.exe
C:\Program Files\Securitoo\Av_Fw\8520111\Program\fspex.exe
C:\PROGRA~1\Logitech\iTouch\iTouch.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\PDesk\PDesk.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\PROGRA~1\FICHIE~1\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Documents and Settings\yo\Bureau\Scanner.exe.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.search.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*https://fr.search.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://192.168.1.1/ServicesAcces.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7D177040-0A88-4102-9786-6C1210CF59F1} - C:\WINDOWS\system32\awvtu.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {984544AB-5FA6-46AF-BE1D-E21804DAD281} - C:\WINDOWS\system32\ddcbbab.dll (file missing)
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Securitoo\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Securitoo\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Securitoo\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\PROGRA~1\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe 
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINDOWS\system32\PDesk\PDesk.exe /Autolaunch
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g.lnk = ?
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {254E4AA8-659F-4A93-A9D2-C924F5975DCD} (Cam09.Chargement) - http://www.libersud.net/Liber'Chat.CAB
O16 - DPF: {275D2217-FFE8-46B5-8FD2-B18CA0B7EE36} (Seagate SeaTools Online French) - http://www.seagate.com/support/disc/asp/tools/fr/bin/npseatools.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {7DFDB8FD-B498-4958-B930-38021B94351D} (imlUCID Class) - https://validate.perfdrive.com/?ssa=1cb613c1-b580-495b-866c-b6fe71718572&ssb=36371211747&ssc=https%3A%2F%2Fimlive.com%2Fchatsource%2FImlCID.cab&ssi=b98a4b26-ba0f-44c8-a2a5-0315e1e966ee&ssk=support@shieldsquare.com&ssm=77124680964133473105650333749186&ssn=7eafd9fa9826c01597307b85effe791743b46ba2f27a-3977-4b0e-988e66&sso=940ea59d-ee88a13130f2489df365438a8b123fc056d418d499c5df48&ssp=15188465711607082399160702401540426&ssq=67141537474651350705574746278120044759785&ssr=OTEuMjA5LjM1LjIxOA==&sst=Mozilla/5.0%20(X11;%20Linux%20x86_64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/74.0.3729.131%20Safari/537.36&ssv=&ssw=
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner371420.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://72.32.179.44/filter/cameraviewer/isetup.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Securitoo Antivirus Firewall (BackWeb Plug-in - 8520111) - Unknown owner - C:\PROGRA~1\SECURI~1\Av_Fw\8520111\Program\SERVIC~1.EXE
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\Securitoo\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Securitoo\Av_Fw\8520111\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Securitoo\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Securitoo\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINDOWS\system32\mgabg.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\system32_server.exe" /service (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe

FillPCA · Answer

Re,

Une ligne infectieuse résiste. On essaiera de s'occuper de ce problème ensuite.

    *  Télécharge combofix.exe (par sUBs) sur ton Bureau : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    * Double clique combofix.exe et suis les invites.
    * Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

Edite aussi un nouveau rapport Hijackthis.

FillPCA

harryploteur · Answer

voici les rapports: celui de combofix: ComboFix 07-09-09.5 - "yo" 2007-09-09 21:39:20.1 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.302 [GMT 2:00] * Created a new restore point . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\cookies.ini C:\WINDOWS\pack.epk C:\WINDOWS\system32\awvtu.dll C:\WINDOWS\system32\utvwa.bak1 C:\WINDOWS\system32\utvwa.bak2 C:\WINDOWS\system32\utvwa.ini ((((((((((((((((((((((((((((( Fichiers créés 2007-08-09 to 2007-09-09 )))))))))))))))))))))))))))))))))))) . 2007-09-09 21:36 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-09-09 21:05 d-------- C:\WINDOWS\ERUNT 2007-09-09 17:52 d-------- C:\VundoFix Backups 2007-09-09 14:12 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2007-09-09 18:01 --------- d-------- C:\DOCUME~1\yo\APPLIC~1\Skype 2007-09-09 16:24 --------- d-------- C:\Program Files\Everest Poker 2007-09-09 15:59 --------- d-------- C:\Program Files\Radmin 2007-09-07 14:09 --------- d-------- C:\DOCUME~1\yo\APPLIC~1\Screenshot Sender 2007-09-06 15:59 --------- d-------- C:\Program Files\eMule 2007-08-18 16:38 --------- d--h----- C:\Program Files\InstallShield Installation Information 2007-08-18 16:37 --------- d-------- C:\Program Files\Logitech 2007-08-04 17:14 --------- d-------- C:\DOCUME~1\yo\APPLIC~1\Sony 2007-08-03 00:23 --------- d-------- C:\Program Files\mIRC 2007-07-27 14:09 --------- d-------- C:\Program Files\SweetLight 2007-07-25 19:45 --------- d-------- C:\Program Files\FreeStyler 2005-05-12 00:36 12288 --a------ C:\WINDOWS\Fonts\RandFont.dll . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{984544AB-5FA6-46AF-BE1D-E21804DAD281}] C:\WINDOWS\system32\ddcbbab.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Norton Ghost 9.0"="C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe" [2004-07-29 04:41] "F-Secure Manager"="C:\Program Files\Securitoo\Common\FSM32.exe" [2004-12-22 10:28] "F-Secure TNB"="C:\Program Files\Securitoo\TNB\TNBUtil.exe" [2005-01-25 17:13] "F-Secure Startup Wizard"="C:\Program Files\Securitoo\FSGUI\FSSW.exe" [2005-03-16 15:45] "News Service"="C:\Program Files\Securitoo\FSGUI\ispnews.exe" [2004-05-06 14:21] "zBrowser Launcher"="C:\PROGRA~1\Logitech\iTouch\iTouch.exe" [1999-09-01 01:10] "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-10-08 11:52] "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-01-18 17:47] "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-01-18 17:37] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB ealsched.exe" [2005-08-10 22:57] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00] "Matrox Powerdesk"="C:\WINDOWS\system32\PDesk\PDesk.exe" [2004-09-14 11:13] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-10-18 12:58] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-01-29 18:46] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50] "NWEReboot"="" [] "PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [2006-06-15 12:36] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 00:12] "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-05-02 08:08] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-01-18 17:07] "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-02-15 05:26] "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-03-27 15:22] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" [2005-09-03 15:18] "PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 16:21] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45] C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\ Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-08-23 15:31:12] Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader eader_sl.exe [2005-09-23 23:05:26] D‚marrage rapide du logiciel HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-12 01:49:24] HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 00:23:26] Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-02-15 05:26:11] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 11:01:04] Sagem - Utilitaire r‚seau pour Cl‚ USB Wi-Fi 802.11g.lnk - C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe [2005-08-08 20:46:35] Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 17:23:32] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=0 (0x0) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{984544AB-5FA6-46AF-BE1D-E21804DAD281}"= C:\WINDOWS\system32\ddcbbab.dll [ ] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 C:\WINDOWS\system32\awvtu [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "mnmsrvc"=3 (0x3) "SharedAccess"=2 (0x2) R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys R0 PQV2i;PQV2i;C:\WINDOWS\system32\drivers\PQV2i.sys R1 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys R1 lkbdhlpr;Logitech Keyboard Class Helper Driver;C:\WINDOWS\system32\Drivers\lkbdhlpr.sys R1 PQIMount;PQIMount;C:\WINDOWS\system32\drivers\PQIMount.sys R2 BackWeb Plug-in - 8520111;Securitoo Antivirus Firewall;C:\PROGRA~1\SECURI~1\Av_Fw\8520111\Program\SERVIC~1.EXE R2 DLPortIO;DriverLINX Port I/O Driver;C:\WINDOWS\system32\drivers\DLPortIO.sys R2 F-Secure Filter;F-Secure File System Filter;\??\C:\Program Files\Securitoo\Anti-Virus\Win2K\FSfilter.sys R2 F-Secure Gatekeeper;F-Secure Gatekeeper;\??\C:\Program Files\Securitoo\Anti-Virus\Win2K\FSgk.sys R2 F-Secure Recognizer;F-Secure File System Recognizer;\??\C:\Program Files\Securitoo\Anti-Virus\Win2K\FSrec.sys R3 G400DH;G400DH;C:\WINDOWS\system32\DRIVERS\g400dhm.sys R3 WlanUIG;Sagem 802.11g Wireless LAN USB Adapter Driver;C:\WINDOWS\system32\DRIVERS\WlanUIG.sys S2 r_server;Remote Administrator Service;"C:\WINDOWS\system32 _server.exe" /service [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d23df526-0077-11dc-812e-0060b3bc5ee8}] AutoRun\command- G:\LaunchU3.exe -a *Newly Created Service* - PCANDIS5 . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2007-09-09 00:03:11 C:\WINDOWS\Tasks\Scheduled scanning task.job" . ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-09-09 21:49:43 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-09-09 21:54:54 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2007-09-09 21:54 . --- E O F --- et celui d'HiJackThis: Logfile of HijackThis v1.99.1 Scan saved at 21:58:26, on 09/09/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\SECURI~1\Av_Fw\8520111\Program\SERVIC~1.EXE C:\Program Files\Securitoo\Anti-Virus\fsgk32st.exe C:\Program Files\Securitoo\Av_Fw\8520111\program\fsbwsys.exe C:\Program Files\Securitoo\Anti-Virus\FSGK32.EXE C:\Program Files\Securitoo\Common\FSMA32.EXE C:\Program Files\Securitoo\Anti-Virus\fssm32.exe C:\Program Files\Securitoo\Common\FSMB32.EXE C:\WINDOWS\system32\mgabg.exe C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe C:\Program Files\Securitoo\Common\FCH32.EXE C:\WINDOWS\Explorer.EXE C:\Program Files\Securitoo\Common\FAMEH32.EXE C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Securitoo\Anti-Virus\fsav32.exe C:\Program Files\Securitoo\FWES\Program\fsdfwd.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe C:\WINDOWS\system32\devldr32.exe C:\Program Files\Securitoo\Common\FSM32.EXE C:\Program Files\Securitoo\Av_Fw\8520111\Program\fspex.exe C:\Program Files\Securitoo\FSGUI\fsguiexe.exe C:\Program Files\Securitoo\FSGUI\ispnews.exe C:\PROGRA~1\Logitech\iTouch\iTouch.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\Fichiers communs\Real\Update_OB ealsched.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\WINDOWS\system32\PDesk\PDesk.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\iPod\bin\iPodService.exe C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\FICHIE~1\Nokia\MPAPI\MPAPI3s.exe C:\Program Files\Adobe\Acrobat 7.0\Reader eader_sl.exe C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\WINDOWS\system32 otepad.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\yo\Bureau\Scanner.exe.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.search.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*https://fr.search.yahoo.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://192.168.1.1/ServicesAcces.html R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {984544AB-5FA6-46AF-BE1D-E21804DAD281} - C:\WINDOWS\system32\ddcbbab.dll (file missing) O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Securitoo\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Securitoo\FSGUI\FSSW.EXE" /reboot O4 - HKLM\..\Run: [News Service] "C:\Program Files\Securitoo\FSGUI\ispnews.exe" O4 - HKLM\..\Run: [zBrowser Launcher] C:\PROGRA~1\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB ealsched.exe" -osboot O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINDOWS\system32\PDesk\PDesk.exe /Autolaunch O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader eader_sl.exe O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g.lnk = ? O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab O16 - DPF: {254E4AA8-659F-4A93-A9D2-C924F5975DCD} (Cam09.Chargement) - http://www.libersud.net/Liber'Chat.CAB O16 - DPF: {275D2217-FFE8-46B5-8FD2-B18CA0B7EE36} (Seagate SeaTools Online French) - http://www.seagate.com/support/disc/asp/tools/fr/bin/npseatools.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/... O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {7DFDB8FD-B498-4958-B930-38021B94351D} (imlUCID Class) - https://validate.perfdrive.com/?ssa=1cb613c1-b580-495b-866c-b6fe71718572&ssb=36371211747&ssc=https%3A%2F%2Fimlive.com%2Fchatsource%2FImlCID.cab&ssi=b98a4b26-ba0f-44c8-a2a5-0315e1e966ee&ssk=support@shieldsquare.com&ssm=77124680964133473105650333749186&ssn=7eafd9fa9826c01597307b85effe791743b46ba2f27a-3977-4b0e-988e66&sso=940ea59d-ee88a13130f2489df365438a8b123fc056d418d499c5df48&ssp=15188465711607082399160702401540426&ssq=67141537474651350705574746278120044759785&ssr=OTEuMjA5LjM1LjIxOA==&sst=Mozilla/5.0%20(X11;%20Linux%20x86_64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/74.0.3729.131%20Safari/537.36&ssv=&ssw= O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner371420.cab O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://72.32.179.44/filter/cameraviewer/isetup.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Securitoo Antivirus Firewall (BackWeb Plug-in - 8520111) - Unknown owner - C:\PROGRA~1\SECURI~1\Av_Fw\8520111\Program\SERVIC~1.EXE O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\Securitoo\Anti-Virus\fsgk32st.exe O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Securitoo\Av_Fw\8520111\program\fsbwsys.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Securitoo\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Securitoo\Common\FSMA32.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINDOWS\system32\mgabg.exe O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\system32 _server.exe" /service (file missing) O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe

FillPCA · Answer

Re,

1/ Place le fichier Scanner.exe dans un dossier dédié comme C:\HJT
2/ Ouvre Hijackthis>"Do a scan only" et coche ceci :
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {984544AB-5FA6-46AF-BE1D-E21804DAD281} - C:\WINDOWS\system32\ddcbbab.dll (file missing) 
O16 - DPF: {254E4AA8-659F-4A93-A9D2-C924F5975DCD} (Cam09.Chargement) - http://www.libersud.net/Liber'Chat.CAB 
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {7DFDB8FD-B498-4958-B930-38021B94351D} (imlUCID Class) - https://validate.perfdrive.com/?ssa=1cb613c1-b580-495b-866c-b6fe71718572&ssb=36371211747&ssc=https%3A%2F%2Fimlive.com%2Fchatsource%2FImlCID.cab&ssi=b98a4b26-ba0f-44c8-a2a5-0315e1e966ee&ssk=support@shieldsquare.com&ssm=77124680964133473105650333749186&ssn=7eafd9fa9826c01597307b85effe791743b46ba2f27a-3977-4b0e-988e66&sso=940ea59d-ee88a13130f2489df365438a8b123fc056d418d499c5df48&ssp=15188465711607082399160702401540426&ssq=67141537474651350705574746278120044759785&ssr=OTEuMjA5LjM1LjIxOA==&sst=Mozilla/5.0%20(X11;%20Linux%20x86_64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/74.0.3729.131%20Safari/537.36&ssv=&ssw= 
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://72.32.179.44/filter/cameraviewer/isetup.cab 

Clique sur fix/réparer.

3/ Clique sur démarrer>Exécuter>cmd

Tape sfc /scannow

Le CD de XP te sera peut-être demandé.

Dis-moi ensuite comment le pc fonctionne.

FillPCA

harryploteur · Answer

Tout à l'air de fonctionner normalement à nouveau.
Je tiens à te remercier pour ton efficacité.
Est ce que tu pourrais me dire brièvement d'ou venait le problème et comment je peux eviter de l'avoir de nouveau (mieux vaut prevenir que guérir)?

FillPCA · Answer

Re,

Je voudrais effectuer un scan en ligne pour être sûr qu'il n'y a plus rien.
Tu étais d'ore et déjà touché par Vundo, qui s'attrape par p2p.

    *  Fais un scan en ligne en cliquant ici : http://assiste.com.free.fr/...
    * Choisis Kaspersky.
    * Tu dois réaliser le scan en utilisant Internet explorer. Une information apparait en haut, près de la barre d'état. Tu dois accepter et installer l'activeX proposé. La mise à jour de l'antivirus se lance.
    * Réalise un scan complet du système.
    * Sauvegarde le rapport en mode texte à l'issue du scan.

Edite ce rapport.

FillPCA

harryploteur · Answer

ok, je suis en train de faire le scan, ça va prendre du temps, je poste le rapport dès que c'est fini.
merci

FillPCA · Answer

Re,

Je serai sans doute parti sous la couette, mais je regarde cela demain !

FillPCA

harryploteur · Answer

voici le rapport de Kaspersky:

-------------------------------------------------------------------------------
 KASPERSKY ONLINE SCANNER REPORT
 Monday, September 10, 2007 2:07:00 PM
 Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
 Kaspersky Online Scanner version: 5.0.93.1
 Kaspersky Anti-Virus database last update: 10/09/2007
 Kaspersky Anti-Virus database records: 410673
-------------------------------------------------------------------------------

Scan Settings:
	Scan using the following antivirus database: extended
	Scan Archives: true
	Scan Mail Bases: true

Scan Target - My Computer:
	A:\
	C:\
	D:\
	E:\
	F:\
	H:\

Scan Statistics:
	Total number of scanned objects: 112497
	Number of viruses found: 12
	Number of infected objects: 48
	Number of suspicious objects: 0
	Duration of the scan process: 03:05:01

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\LocalService\Cookies\index.dat	Object is locked	skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat	Object is locked	skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG	Object is locked	skipped
C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat	Object is locked	skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat	Object is locked	skipped
C:\Documents and Settings\LocalService\NTUSER.DAT	Object is locked	skipped
C:\Documents and Settings\LocalService
tuser.dat.LOG	Object is locked	skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat	Object is locked	skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG	Object is locked	skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT	Object is locked	skipped
C:\Documents and Settings\NetworkService
tuser.dat.LOG	Object is locked	skipped
C:\Documents and Settings\yo\Application Data\ispnews\ispn.ini	Object is locked	skipped
C:\Documents and Settings\yo\Application Data\ispnews\ispnc.items	Object is locked	skipped
C:\Documents and Settings\yo\Application Data\ispnews\ispnr.items	Object is locked	skipped
C:\Documents and Settings\yo\Cookies\index.dat	Object is locked	skipped
C:\Documents and Settings\yo\Local Settings\Application Data\ApplicationHistory\hpqimzone.exe.3204510e.ini.inuse	Object is locked	skipped
C:\Documents and Settings\yo\Local Settings\Application Data\HP\Digital Imaging\db\administrativeInfo.dbf	Object is locked	skipped
C:\Documents and Settings\yo\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.cdx	Object is locked	skipped
C:\Documents and Settings\yo\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.dbf	Object is locked	skipped
C:\Documents and Settings\yo\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.cdx	Object is locked	skipped
C:\Documents and Settings\yo\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.dbf	Object is locked	skipped
C:\Documents and Settings\yo\Local Settings\Application Data\HP\Digital Imaging\db\CB_Server_Errors.txt	Object is locked	skipped
C:\Documents and Settings\yo\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.cdx	Object is locked	skipped
C:\Documents and Settings\yo\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.dbf	Object is locked	skipped
C:\Documents and Settings\yo\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.cdx	Object is locked	skipped
C:\Documents and Settings\yo\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.dbf	Object is locked	skipped
C:\Documents and Settings\yo\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.fpt	Object is locked	skipped
C:\Documents and Settings\yo\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.cdx	Object is locked	skipped
C:\Documents and Settings\yo\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.dbf	Object is locked	skipped
C:\Documents and Settings\yo\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.cdx	Object is locked	skipped
C:\Documents and Settings\yo\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.dbf	Object is locked	skipped
C:\Documents and Settings\yo\Local Settings\Application Data\HP\Digital Imaging\db\managedFolderTable.dbf	Object is locked	skipped
C:\Documents and Settings\yo\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.cdx	Object is locked	skipped
C:\Documents and Settings\yo\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.dbf	Object is locked	skipped
C:\Documents and Settings\yo\Local Settings\Application Data\HP\Digital Imaging\db\propertiesTable.cdx	Object is locked	skipped
C:\Documents and Settings\yo\Local Settings\Application Data\HP\Digital Imaging\db\propertiesTable.dbf	Object is locked	skipped
C:\Documents and Settings\yo\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.cdx	Object is locked	skipped
C:\Documents and Settings\yo\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.dbf	Object is locked	skipped
C:\Documents and Settings\yo\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.cdx	Object is locked	skipped
C:\Documents and Settings\yo\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.dbf	Object is locked	skipped
C:\Documents and Settings\yo\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat	Object is locked	skipped
C:\Documents and Settings\yo\Local Settings\Application Data\Microsoft\Messenger\harry_ploteur@hotmail.fr\SharingMetadata\Logs\Dfsr00005.log	Object is locked	skipped
C:\Documents and Settings\yo\Local Settings\Application Data\Microsoft\Messenger\harry_ploteur@hotmail.fr\SharingMetadata\pending.dat	Object is locked	skipped
C:\Documents and Settings\yo\Local Settings\Application Data\Microsoft\Messenger\harry_ploteur@hotmail.fr\SharingMetadata\Working\database_5AA8_F125_A8F0_FFF5\dfsr.db	Object is locked	skipped
C:\Documents and Settings\yo\Local Settings\Application Data\Microsoft\Messenger\harry_ploteur@hotmail.fr\SharingMetadata\Working\database_5AA8_F125_A8F0_FFF5\fsr.log	Object is locked	skipped
C:\Documents and Settings\yo\Local Settings\Application Data\Microsoft\Messenger\harry_ploteur@hotmail.fr\SharingMetadata\Working\database_5AA8_F125_A8F0_FFF5\fsrtmp.log	Object is locked	skipped
C:\Documents and Settings\yo\Local Settings\Application Data\Microsoft\Messenger\harry_ploteur@hotmail.fr\SharingMetadata\Working\database_5AA8_F125_A8F0_FFF5	mp.edb	Object is locked	skipped
C:\Documents and Settings\yo\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat	Object is locked	skipped
C:\Documents and Settings\yo\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG	Object is locked	skipped
C:\Documents and Settings\yo\Local Settings\Application Data\Microsoft\Windows Live Contacts\harry_ploteur@hotmail.freal\members.stg	Object is locked	skipped
C:\Documents and Settings\yo\Local Settings\Application Data\Microsoft\Windows Live Contacts\harry_ploteur@hotmail.fr\shadow\members.stg	Object is locked	skipped
C:\Documents and Settings\yo\Local Settings\Historique\History.IE5\index.dat	Object is locked	skipped
C:\Documents and Settings\yo\Local Settings\Historique\History.IE5\MSHist012007090920070910\index.dat	Object is locked	skipped
C:\Documents and Settings\yo\Local Settings\Historique\History.IE5\MSHist012007091020070911\index.dat	Object is locked	skipped
C:\Documents and Settings\yo\Local Settings\Temp\hpodvd09.log	Object is locked	skipped
C:\Documents and Settings\yo\Local Settings\Temp\~DF3E83.tmp	Object is locked	skipped
C:\Documents and Settings\yo\Local Settings\Temp\~DFD7F8.tmp	Object is locked	skipped
C:\Documents and Settings\yo\Local Settings\Temp\~DFD828.tmp	Object is locked	skipped
C:\Documents and Settings\yo\Local Settings\Temp\~DFFE3.tmp	Object is locked	skipped
C:\Documents and Settings\yo\Local Settings\Temp\~DFFF1.tmp	Object is locked	skipped
C:\Documents and Settings\yo\Local Settings\Temporary Internet Files\Content.IE5\index.dat	Object is locked	skipped
C:\Documents and Settings\yo\NTUSER.DAT	Object is locked	skipped
C:\Documents and Settings\yo
tuser.dat.LOG	Object is locked	skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\yo\Data\chandir.dat	Object is locked	skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\yo\Data\chandir.idx	Object is locked	skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\yo\Data\chn.dat	Object is locked	skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\yo\Data\chn.idx	Object is locked	skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\yo\Data\D0000000.FCS	Object is locked	skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\yo\Data\inuse.txt	Object is locked	skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\yo\Data\L0000019.FCS	Object is locked	skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\yo\Data\main.log	Object is locked	skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\yo\Data\prs.dat	Object is locked	skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\yo\Data\prs.idx	Object is locked	skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\yo\Data\prs_die.dat	Object is locked	skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\yo\Data\prs_die.idx	Object is locked	skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\yo\Data\prs_dnd.dat	Object is locked	skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\yo\Data\prs_dnd.idx	Object is locked	skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\yo\Data\prs_ext.dat	Object is locked	skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\yo\Data\prs_ext.idx	Object is locked	skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\yo\Data\prs_rcv.dat	Object is locked	skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\yo\Data\prs_rcv.idx	Object is locked	skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\yo\Data\storydb.dat	Object is locked	skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\yo\Data\storydb.idx	Object is locked	skipped
C:\Program Files\mIRC\mirc.exe	Infected: not-a-virus:Client-IRC.Win32.mIRC.616	skipped
C:\Program Files\mIRC\mirc.exe.BAK	Infected: not-a-virus:Client-IRC.Win32.mIRC.616	skipped
C:\Program Files\Radminaddrv.dll	Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.20	skipped
C:\Program Files\Radminadmin.exe	Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.22	skipped
C:\Program Files\Radmin_server.exe	Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.22	skipped
C:\Program Files\Securitoo\Av_Fw\8520111\Users\Default\Data\cache.dat	Object is locked	skipped
C:\Program Files\Securitoo\Av_Fw\8520111\Users\Default\Data\chandir.dat	Object is locked	skipped
C:\Program Files\Securitoo\Av_Fw\8520111\Users\Default\Data\chandir.idx	Object is locked	skipped
C:\Program Files\Securitoo\Av_Fw\8520111\Users\Default\Data\chn.dat	Object is locked	skipped
C:\Program Files\Securitoo\Av_Fw\8520111\Users\Default\Data\chn.idx	Object is locked	skipped
C:\Program Files\Securitoo\Av_Fw\8520111\Users\Default\Data\D0000000.FCS	Object is locked	skipped
C:\Program Files\Securitoo\Av_Fw\8520111\Users\Default\Data\inuse.txt	Object is locked	skipped
C:\Program Files\Securitoo\Av_Fw\8520111\Users\Default\Data\L0000046.FCS	Object is locked	skipped
C:\Program Files\Securitoo\Av_Fw\8520111\Users\Default\Data\main.log	Object is locked	skipped
C:\Program Files\Securitoo\Av_Fw\8520111\Users\Default\Data\prs.dat	Object is locked	skipped
C:\Program Files\Securitoo\Av_Fw\8520111\Users\Default\Data\prs.idx	Object is locked	skipped
C:\Program Files\Securitoo\Av_Fw\8520111\Users\Default\Data\prs_die.dat	Object is locked	skipped
C:\Program Files\Securitoo\Av_Fw\8520111\Users\Default\Data\prs_die.idx	Object is locked	skipped
C:\Program Files\Securitoo\Av_Fw\8520111\Users\Default\Data\prs_dnd.dat	Object is locked	skipped
C:\Program Files\Securitoo\Av_Fw\8520111\Users\Default\Data\prs_dnd.idx	Object is locked	skipped
C:\Program Files\Securitoo\Av_Fw\8520111\Users\Default\Data\prs_ext.dat	Object is locked	skipped
C:\Program Files\Securitoo\Av_Fw\8520111\Users\Default\Data\prs_ext.idx	Object is locked	skipped
C:\Program Files\Securitoo\Av_Fw\8520111\Users\Default\Data\prs_rcv.dat	Object is locked	skipped
C:\Program Files\Securitoo\Av_Fw\8520111\Users\Default\Data\prs_rcv.idx	Object is locked	skipped
C:\Program Files\Securitoo\Av_Fw\8520111\Users\Default\Data\storydb.dat	Object is locked	skipped
C:\Program Files\Securitoo\Av_Fw\8520111\Users\Default\Data\storydb.idx	Object is locked	skipped
C:\Program Files\Securitoo\Common\admin.pub	Object is locked	skipped
C:\Program Files\Securitoo\Common\policy.bpf	Object is locked	skipped
C:\Program Files\Securitoo\Common\policy.ipf	Object is locked	skipped
C:\Program Files\Securitoo\Spam Control\log\fs_sa_log.txt	Object is locked	skipped
C:\System Volume Information\MountPointManagerRemoteDatabase	Object is locked	skipped
C:\System Volume Information\_restore{58BB4364-38DA-453D-915E-0180EC987BA6}\RP685\A0137604.exe	Infected: not-a-virus:FraudTool.Win32.SpywareSecure.a	skipped
C:\System Volume Information\_restore{58BB4364-38DA-453D-915E-0180EC987BA6}\RP685\A0140334.exe	Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.22	skipped
C:\System Volume Information\_restore{58BB4364-38DA-453D-915E-0180EC987BA6}\RP685\A0140335.exe	Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.22	skipped
C:\System Volume Information\_restore{58BB4364-38DA-453D-915E-0180EC987BA6}\RP685\A0140336.exe	Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.22	skipped
C:\System Volume Information\_restore{58BB4364-38DA-453D-915E-0180EC987BA6}\RP685\A0140337.dll	Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.20	skipped
C:\System Volume Information\_restore{58BB4364-38DA-453D-915E-0180EC987BA6}\RP685\A0140338.dll	Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.20	skipped
C:\System Volume Information\_restore{58BB4364-38DA-453D-915E-0180EC987BA6}\RP685\A0140344.dll	Infected: not-a-virus:AdWare.Win32.Virtumonde.jp	skipped
C:\System Volume Information\_restore{58BB4364-38DA-453D-915E-0180EC987BA6}\RP687\change.log	Object is locked	skipped
C:\VundoFix Backups\ddcbbab.dll.bad	Infected: not-a-virus:AdWare.Win32.Virtumonde.jp	skipped
C:\WINDOWS\CSC\00000001	Object is locked	skipped
C:\WINDOWS\Debug\PASSWD.LOG	Object is locked	skipped
C:\WINDOWS\SchedLgU.Txt	Object is locked	skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log	Object is locked	skipped
C:\WINDOWS\Sti_Trace.log	Object is locked	skipped
C:\WINDOWS\system32\CatRoot2\edb.log	Object is locked	skipped
C:\WINDOWS\system32\CatRoot2	mp.edb	Object is locked	skipped
C:\WINDOWS\system32\config\AppEvent.Evt	Object is locked	skipped
C:\WINDOWS\system32\config\default	Object is locked	skipped
C:\WINDOWS\system32\config\default.LOG	Object is locked	skipped
C:\WINDOWS\system32\config\Internet.evt	Object is locked	skipped
C:\WINDOWS\system32\config\SAM	Object is locked	skipped
C:\WINDOWS\system32\config\SAM.LOG	Object is locked	skipped
C:\WINDOWS\system32\config\SecEvent.Evt	Object is locked	skipped
C:\WINDOWS\system32\config\SECURITY	Object is locked	skipped
C:\WINDOWS\system32\config\SECURITY.LOG	Object is locked	skipped
C:\WINDOWS\system32\config\software	Object is locked	skipped
C:\WINDOWS\system32\config\software.LOG	Object is locked	skipped
C:\WINDOWS\system32\config\SysEvent.Evt	Object is locked	skipped
C:\WINDOWS\system32\config\system	Object is locked	skipped
C:\WINDOWS\system32\config\system.LOG	Object is locked	skipped
C:\WINDOWS\system32\drivers\atapi.sys	Object is locked	skipped
C:\WINDOWS\system32\h323log.txt	Object is locked	skipped
C:\WINDOWS\system32addrv.dll	Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.20	skipped
C:\WINDOWS\system32_server.exe	Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.22	skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP	Object is locked	skipped
C:\WINDOWS\wiadebug.log	Object is locked	skipped
C:\WINDOWS\wiaservc.log	Object is locked	skipped
C:\WINDOWS\WindowsUpdate.log	Object is locked	skipped
D:\mp3\download\more than 120 games cracked (popcap,alaware,GameHouse,luxor,Zuma,Chainz,Tetris,Ricochet,Equilibria,Kahuna Reef,Rocket Mania,Brick,Shooter,zib, Etc).rar/more than 120 games cracked(popcap,alaware,GameHouse,luxor,Zuma,Chainz,Tetris,Ricochet,Equilibria,Kahuna Reef,Rocket Mania,Brick,Shooter,zib, Etc)/Match Blox/MatchBlox v.1.06.exe/cd_clint.dll	Infected: not-a-virus:AdWare.Win32.Cydoor	skipped
D:\mp3\download\more than 120 games cracked (popcap,alaware,GameHouse,luxor,Zuma,Chainz,Tetris,Ricochet,Equilibria,Kahuna Reef,Rocket Mania,Brick,Shooter,zib, Etc).rar/more than 120 games cracked(popcap,alaware,GameHouse,luxor,Zuma,Chainz,Tetris,Ricochet,Equilibria,Kahuna Reef,Rocket Mania,Brick,Shooter,zib, Etc)/Match Blox/MatchBlox v.1.06.exe/cd_load.exe	Infected: not-a-virus:AdWare.Win32.Cydoor	skipped
D:\mp3\download\more than 120 games cracked (popcap,alaware,GameHouse,luxor,Zuma,Chainz,Tetris,Ricochet,Equilibria,Kahuna Reef,Rocket Mania,Brick,Shooter,zib, Etc).rar/more than 120 games cracked(popcap,alaware,GameHouse,luxor,Zuma,Chainz,Tetris,Ricochet,Equilibria,Kahuna Reef,Rocket Mania,Brick,Shooter,zib, Etc)/Match Blox/MatchBlox v.1.06.exe/cd_swf.dll	Infected: not-a-virus:AdWare.Win32.Cydoor	skipped
D:\mp3\download\more than 120 games cracked (popcap,alaware,GameHouse,luxor,Zuma,Chainz,Tetris,Ricochet,Equilibria,Kahuna Reef,Rocket Mania,Brick,Shooter,zib, Etc).rar/more than 120 games cracked(popcap,alaware,GameHouse,luxor,Zuma,Chainz,Tetris,Ricochet,Equilibria,Kahuna Reef,Rocket Mania,Brick,Shooter,zib, Etc)/Match Blox/MatchBlox v.1.06.exe	Infected: not-a-virus:AdWare.Win32.Cydoor	skipped
D:\mp3\download\more than 120 games cracked (popcap,alaware,GameHouse,luxor,Zuma,Chainz,Tetris,Ricochet,Equilibria,Kahuna Reef,Rocket Mania,Brick,Shooter,zib, Etc).rar/more than 120 games cracked(popcap,alaware,GameHouse,luxor,Zuma,Chainz,Tetris,Ricochet,Equilibria,Kahuna Reef,Rocket Mania,Brick,Shooter,zib, Etc)/Worms War III/Worms War III.exe/Stream/data0007	Infected: not-a-virus:AdWare.Win32.F1Organizer.h	skipped
D:\mp3\download\more than 120 games cracked (popcap,alaware,GameHouse,luxor,Zuma,Chainz,Tetris,Ricochet,Equilibria,Kahuna Reef,Rocket Mania,Brick,Shooter,zib, Etc).rar/more than 120 games cracked(popcap,alaware,GameHouse,luxor,Zuma,Chainz,Tetris,Ricochet,Equilibria,Kahuna Reef,Rocket Mania,Brick,Shooter,zib, Etc)/Worms War III/Worms War III.exe/Stream	Infected: not-a-virus:AdWare.Win32.F1Organizer.h	skipped
D:\mp3\download\more than 120 games cracked (popcap,alaware,GameHouse,luxor,Zuma,Chainz,Tetris,Ricochet,Equilibria,Kahuna Reef,Rocket Mania,Brick,Shooter,zib, Etc).rar/more than 120 games cracked(popcap,alaware,GameHouse,luxor,Zuma,Chainz,Tetris,Ricochet,Equilibria,Kahuna Reef,Rocket Mania,Brick,Shooter,zib, Etc)/Worms War III/Worms War III.exe	Infected: not-a-virus:AdWare.Win32.F1Organizer.h	skipped
D:\mp3\download\more than 120 games cracked (popcap,alaware,GameHouse,luxor,Zuma,Chainz,Tetris,Ricochet,Equilibria,Kahuna Reef,Rocket Mania,Brick,Shooter,zib, Etc).rar/more than 120 games cracked(popcap,alaware,GameHouse,luxor,Zuma,Chainz,Tetris,Ricochet,Equilibria,Kahuna Reef,Rocket Mania,Brick,Shooter,zib, Etc)/Magic Ball/Breakout Magic Ball-2 V2.1 + Serial.rar/MagicBall2.exe/Alawar_gamebar.exe/Alawar_bundle.exe/data0007/data0005	Infected: not-a-virus:AdWare.Win32.MegaSearch.g	skipped
D:\mp3\download\more than 120 games cracked (popcap,alaware,GameHouse,luxor,Zuma,Chainz,Tetris,Ricochet,Equilibria,Kahuna Reef,Rocket Mania,Brick,Shooter,zib, Etc).rar/more than 120 games cracked(popcap,alaware,GameHouse,luxor,Zuma,Chainz,Tetris,Ricochet,Equilibria,Kahuna Reef,Rocket Mania,Brick,Shooter,zib, Etc)/Magic Ball/Breakout Magic Ball-2 V2.1 + Serial.rar/MagicBall2.exe/Alawar_gamebar.exe/Alawar_bundle.exe/data0007/data0007	Infected: Trojan-Downloader.Win32.Keenval.n	skipped
D:\mp3\download\more than 120 games cracked (popcap,alaware,GameHouse,luxor,Zuma,Chainz,Tetris,Ricochet,Equilibria,Kahuna Reef,Rocket Mania,Brick,Shooter,zib, Etc).rar/more than 120 games cracked(popcap,alaware,GameHouse,luxor,Zuma,Chainz,Tetris,Ricochet,Equilibria,Kahuna Reef,Rocket Mania,Brick,Shooter,zib, Etc)/Magic Ball/Breakout Magic Ball-2 V2.1 + Serial.rar/MagicBall2.exe/Alawar_gamebar.exe/Alawar_bundle.exe/data0007	Infected: Trojan-Downloader.Win32.Keenval.n	skipped
D:\mp3\download\more than 120 games cracked (popcap,alaware,GameHouse,luxor,Zuma,Chainz,Tetris,Ricochet,Equilibria,Kahuna Reef,Rocket Mania,Brick,Shooter,zib, Etc).rar/more than 120 games cracked(popcap,alaware,GameHouse,luxor,Zuma,Chainz,Tetris,Ricochet,Equilibria,Kahuna Reef,Rocket Mania,Brick,Shooter,zib, Etc)/Magic Ball/Breakout Magic Ball-2 V2.1 + Serial.rar/MagicBall2.exe/Alawar_gamebar.exe/Alawar_bundle.exe/data0008/data0002/data0005	Infected: Trojan-Downloader.Win32.Keenval.h	skipped
D:\mp3\download\more than 120 games cracked (popcap,alaware,GameHouse,luxor,Zuma,Chainz,Tetris,Ricochet,Equilibria,Kahuna Reef,Rocket Mania,Brick,Shooter,zib, Etc).rar/more than 120 games cracked(popcap,alaware,GameHouse,luxor,Zuma,Chainz,Tetris,Ricochet,Equilibria,Kahuna Reef,Rocket Mania,Brick,Shooter,zib, Etc)/Magic Ball/Breakout Magic Ball-2 V2.1 + Serial.rar/MagicBall2.exe/Alawar_gamebar.exe/Alawar_bundle.exe/data0008/data0002	Infected: Trojan-Downloader.Win32.Keenval.h	skipped
D:\mp3\download\more than 120 games cracked (popcap,alaware,GameHouse,luxor,Zuma,Chainz,Tetris,Ricochet,Equilibria,Kahuna Reef,Rocket Mania,Brick,Shooter,zib, Etc).rar/more than 120 games cracked(popcap,alaware,GameHouse,luxor,Zuma,Chainz,Tetris,Ricochet,Equilibria,Kahuna Reef,Rocket Mania,Brick,Shooter,zib, Etc)/Magic Ball/Breakout Magic Ball-2 V2.1 + Serial.rar/MagicBall2.exe/Alawar_gamebar.exe/Alawar_bundle.exe/data0008/data0005	Infected: Trojan.Win32.Keenval.a	skipped
D:\mp3\download\more than 120 games cracked (popcap,alaware,GameHouse,luxor,Zuma,Chainz,Tetris,Ricochet,Equilibria,Kahuna Reef,Rocket Mania,Brick,Shooter,zib, Etc).rar/more than 120 games cracked(popcap,alaware,GameHouse,luxor,Zuma,Chainz,Tetris,Ricochet,Equilibria,Kahuna Reef,Rocket Mania,Brick,Shooter,zib, Etc)/Magic Ball/Breakout Magic Ball-2 V2.1 + Serial.rar/MagicBall2.exe/Alawar_gamebar.exe/Alawar_bundle.exe/data0008	Infected: Trojan.Win32.Keenval.a	skipped
D:\mp3\download\more than 120 games cracked (popcap,alaware,GameHouse,luxor,Zuma,Chainz,Tetris,Ricochet,Equilibria,Kahuna Reef,Rocket Mania,Brick,Shooter,zib, Etc).rar/more than 120 games cracked(popcap,alaware,GameHouse,luxor,Zuma,Chainz,Tetris,Ricochet,Equilibria,Kahuna Reef,Rocket Mania,Brick,Shooter,zib, Etc)/Magic Ball/Breakout Magic Ball-2 V2.1 + Serial.rar/MagicBall2.exe/Alawar_gamebar.exe/Alawar_bundle.exe	Infected: Trojan.Win32.Keenval.a	skipped
D:\mp3\download\more than 120 games cracked (popcap,alaware,GameHouse,luxor,Zuma,Chainz,Tetris,Ricochet,Equilibria,Kahuna Reef,Rocket Mania,Brick,Shooter,zib, Etc).rar/more than 120 games cracked(popcap,alaware,GameHouse,luxor,Zuma,Chainz,Tetris,Ricochet,Equilibria,Kahuna Reef,Rocket Mania,Brick,Shooter,zib, Etc)/Magic Ball/Breakout Magic Ball-2 V2.1 + Serial.rar/MagicBall2.exe/Alawar_gamebar.exe	Infected: Trojan.Win32.Keenval.a	skipped
D:\mp3\download\more than 120 games cracked (popcap,alaware,GameHouse,luxor,Zuma,Chainz,Tetris,Ricochet,Equilibria,Kahuna Reef,Rocket Mania,Brick,Shooter,zib, Etc).rar/more than 120 games cracked(popcap,alaware,GameHouse,luxor,Zuma,Chainz,Tetris,Ricochet,Equilibria,Kahuna Reef,Rocket Mania,Brick,Shooter,zib, Etc)/Magic Ball/Breakout Magic Ball-2 V2.1 + Serial.rar/MagicBall2.exe	Infected: Trojan.Win32.Keenval.a	skipped
D:\mp3\download\more than 120 games cracked (popcap,alaware,GameHouse,luxor,Zuma,Chainz,Tetris,Ricochet,Equilibria,Kahuna Reef,Rocket Mania,Brick,Shooter,zib, Etc).rar/more than 120 games cracked(popcap,alaware,GameHouse,luxor,Zuma,Chainz,Tetris,Ricochet,Equilibria,Kahuna Reef,Rocket Mania,Brick,Shooter,zib, Etc)/Magic Ball/Breakout Magic Ball-2 V2.1 + Serial.rar	Infected: Trojan.Win32.Keenval.a	skipped
D:\mp3\download\more than 120 games cracked (popcap,alaware,GameHouse,luxor,Zuma,Chainz,Tetris,Ricochet,Equilibria,Kahuna Reef,Rocket Mania,Brick,Shooter,zib, Etc).rar	RAR: infected - 18	skipped
D:\mp3\download\Remote Administrator (Radmin) 2.2 + serial + manual + tools\Remote Administrator (Radmin) 2.2\RADMIN22.EXE/raddrv.dll	Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.20	skipped
D:\mp3\download\Remote Administrator (Radmin) 2.2 + serial + manual + tools\Remote Administrator (Radmin) 2.2\RADMIN22.EXE/radmin.exe	Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.22	skipped
D:\mp3\download\Remote Administrator (Radmin) 2.2 + serial + manual + tools\Remote Administrator (Radmin) 2.2\RADMIN22.EXE/r_server.exe	Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.22	skipped
D:\mp3\download\Remote Administrator (Radmin) 2.2 + serial + manual + tools\Remote Administrator (Radmin) 2.2\RADMIN22.EXE	Gentee: infected - 3	skipped
D:\mp3\download\Remote Administrator (Radmin) 2.2 + serial + manual + tools.rar/Remote Administrator (Radmin) 2.2/RADMIN22.EXE/raddrv.dll	Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.20	skipped
D:\mp3\download\Remote Administrator (Radmin) 2.2 + serial + manual + tools.rar/Remote Administrator (Radmin) 2.2/RADMIN22.EXE/radmin.exe	Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.22	skipped
D:\mp3\download\Remote Administrator (Radmin) 2.2 + serial + manual + tools.rar/Remote Administrator (Radmin) 2.2/RADMIN22.EXE/r_server.exe	Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.22	skipped
D:\mp3\download\Remote Administrator (Radmin) 2.2 + serial + manual + tools.rar/Remote Administrator (Radmin) 2.2/RADMIN22.EXE	Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.22	skipped
D:\mp3\download\Remote Administrator (Radmin) 2.2 + serial + manual + tools.rar	RAR: infected - 4	skipped
D:\System Volume Information\MountPointManagerRemoteDatabase	Object is locked	skipped
D:\System Volume Information\_restore{58BB4364-38DA-453D-915E-0180EC987BA6}\RP687\change.log	Object is locked	skipped
D:	emp\activate_crack.exe/stream/data0001	Infected: not-a-virus:AdTool.Win32.Toolbar.a	skipped
D:	emp\activate_crack.exe/stream	Infected: not-a-virus:AdTool.Win32.Toolbar.a	skipped
D:	emp\activate_crack.exe	NSIS: infected - 2	skipped
D:	emp\mIRC_v6[1].16_ARTeam\mirc616.exe/data0001.bin	Infected: not-a-virus:Client-IRC.Win32.mIRC.616	skipped
D:	emp\mIRC_v6[1].16_ARTeam\mirc616.exe	mIRC: infected - 1	skipped
F:\System Volume Information\MountPointManagerRemoteDatabase	Object is locked	skipped
F:\System Volume Information\_restore{58BB4364-38DA-453D-915E-0180EC987BA6}\RP687\change.log	Object is locked	skipped

Scan process completed.

FillPCA · Answer

Bonjour,

Comme tu peux le constater, les cracks étaient fourrés...au virus.

Oriente-toi plutôt vers les logiciels libres, beaucoup plus sains pour le pc.

1/     *  Télécharge OTMoveIt  (de Old_Timer) sur ton bureau : http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe
    * Double-clique sur OTMoveIt.exe pour lancer le programme,
    * Copie la liste de fichiers ou de dossiers ci-dessous et colle-la dans la fenêtre du programme "Paste List Of Files/Folders to be moved" :

D:\mp3\download\more than 120 games cracked (popcap,alaware,GameHouse,luxor,Zuma,Chainz,Tetris,Ricochet,Equilibria,Kahuna Reef,Rocket Mania,Brick,Shooter,zib, Etc).rar
D:\mp3\download\Remote Administrator (Radmin) 2.2 + serial + manual + tools\Remote Administrator (Radmin) 2.2\RADMIN22.EXE
D:	emp\activate_crack.exe


    * Clique sur MoveIt! pour lancer la suppression,
    * Le résultat appraraîtra dans le cadre Results.
    * Clique sur Exit pour fermer le programme.
    * Poste le rapport qui est situé ici : C:\\_OTMoveIt\MovedFiles
    * Il te sera peut-être demandé de redémarrer ton PC. Dans ce cas, clique sur Yes.

2/ Ouvre Ccleaner et clique sur "lancer le nettoyage".

3/ Tu dois désactiver la restauration système. Pour cela, fais un clic droit sur « poste de travail ». Dans l’onglet « restauration du système », coche la case « désactiver la restauration système ». Clique sur appliquer>OK.
Décoche cette case, clique sur appliquer>OK et redémarre le PC.

Edite le rapport OTMoveIt.

Tu as mIRC et Radmin installés. Si tu utliises ces logiceils, c'est OK, sinon, tu peux les virer.

Ensuite, on termine le nettoyage.

FillPCA

harryploteur · Answer

Merci pour ta réponse, cependant, les fichier que tu me demande d'enlever (à part les jeux que j'ai deja supprimé entre temps) sont des fichier utilisé par radmin notament que j'utilise, je m'en etais rendu compte au premier nettoyage car radmin ne marchait plus et j'avais du le reinstaller c'est pour ça que les fichier sont toujours presents.
Je teste mon ordi depuis hier et tout fonctionne parfaitement, du coup je ne sais pas si je dois suivre ton dernier post?

FillPCA · Answer

Re,
Je ne pense pas que les fichiers précédents soient liés au programme Radmin et qu'ils gênent son fonctionnemement.
Ils sont tous les trois sur la partition D et non sur C où tu as ton système.

FillPCA

harryploteur · Answer

effectivement, mais le premier je l'ai deja effacé et les 2 autres je les gardes car ils me servent à l'installation.
Je pense que je vais en rester la et eviter le p2p.
Je voulais te remercier encore; ton aide a été très utile et efficace.

harryploteur · Answer

En tous les cas chapeau, j'ai pas compris tout ce que j'ai fait mais ça a marché c'est l'essentiel ;)
merci

FillPCA · Answer

Re,
Ok, on finit.

1/
    *  Lance OTmoveIT.
    * Clique sur CleanUp! (le programme va télécharger un fichier texte qui servira a nettoyer les programmes que l'on a téléchargés).

NOTE : Normalement, ton firewall (parefeu) devrait te demander si OTmoveIT peut accéder à internet, Autorise le.

    * Une liste apparaît dans la partie gauche d'OTmoveIT.
    * Un message apparaît pour confirmer le nettoyage. Confirme.
    * Les fichiers infectés qui se trouvent dans les quarantaines seront supprimés aussi.

2/ Tu dois désactiver la restauration système. Pour cela, fais un clic droit sur « poste de travail ». Dans l’onglet « restauration du système », coche la case « désactiver la restauration système ». Clique sur appliquer>OK.
Décoche cette case, clique sur appliquer>OK et redémarre le PC.

Si tu n'as plus de soucis, tu peux marquer ton sujet en cliquant sur "résolu".

FillPCA

Invasion de pop up, help....

20 réponses

Discussions similaires

Newsletters