[résolu] Log Hijack

[Gof]

Bonsoir screwd

 

Recommence je te prie. Pour le rapport, sauvegarde le comme indiqué dans mon post précédent. Mais laisse La fenêtre du rapport ouverte, de sorte que si le fichier est déplacé, tu puisses me le copier coller dans ta prochaine réponse malgré tout.

 

Ne t'en fais pas, ce n'est pas forcément inquiétant ton rapport, cela dépendra de ce qui est révélé.

[screwd]

-------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER REPORT

Thursday, January 17, 2008 7:55:42 AM

Operating System: Microsoft Windows Vista Home Edition, (Build 6000)

Kaspersky Online Scanner version: 5.0.98.0

Kaspersky Anti-Virus database last update: 16/01/2008

Kaspersky Anti-Virus database records: 513295

-------------------------------------------------------------------------------

 

Scan Settings:

Scan using the following antivirus database: extended

Scan Archives: true

Scan Mail Bases: true

 

Scan Target - My Computer:

C:\

D:\

E:\

F:\

 

Scan Statistics:

Total number of scanned objects: 201297

Number of viruses found: 1

Number of infected objects: 3

Number of suspicious objects: 0

Duration of the scan process: 01:39:06

 

Infected Object Name / Virus Name / Last Action

C:\Boot\BCD Object is locked skipped

C:\Boot\BCD.LOG Object is locked skipped

C:\Program Files\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\Program Files\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\Program Files\SmitfraudFix.exe RarSFX: infected - 2 skipped

C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9575565cfdda5f6f28d088bfdadb2bd0_cd3eb991-61ae-4894-8603-79ca7cd20418 Object is locked skipped

C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.52.Crwl Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.52.gthr Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles010001.ci Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles010001.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles010001.wsb Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles010002.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles010003.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles010004.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles010005.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles010006.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles010007.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles010008.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles010009.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles010011.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles010020.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.000 Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000 Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\Used0000.000 Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000 Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk1.gthr Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk2.gthr Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Ntfy34.gthr Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc\Ntf83BF.tmp Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc\Ntf83C0.tmp Object is locked skipped

C:\ProgramData\Microsoft\Windows Defender\Support\MPLog-11022006-050241.log Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\Users\proprietaire\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped

C:\Users\proprietaire\AppData\Local\Microsoft\Messenger\tchattty@hotmail.fr\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped

C:\Users\proprietaire\AppData\Local\Microsoft\Messenger\tchattty@hotmail.fr\SharingMetadata\pending.dat Object is locked skipped

C:\Users\proprietaire\AppData\Local\Microsoft\Messenger\tchattty@hotmail.fr\SharingMetadata\Working\database_3CC6_695_C606_4F96\dfsr.db Object is locked skipped

C:\Users\proprietaire\AppData\Local\Microsoft\Messenger\tchattty@hotmail.fr\SharingMetadata\Working\database_3CC6_695_C606_4F96\fsr.log Object is locked skipped

C:\Users\proprietaire\AppData\Local\Microsoft\Messenger\tchattty@hotmail.fr\SharingMetadata\Working\database_3CC6_695_C606_4F96\fsrtmp.log Object is locked skipped

C:\Users\proprietaire\AppData\Local\Microsoft\Messenger\tchattty@hotmail.fr\SharingMetadata\Working\database_3CC6_695_C606_4F96\tmp.edb Object is locked skipped

C:\Users\proprietaire\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked skipped

C:\Users\proprietaire\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008011720080118\index.dat Object is locked skipped

C:\Users\proprietaire\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped

C:\Users\proprietaire\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Users\proprietaire\AppData\Local\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Users\proprietaire\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Object is locked skipped

C:\Users\proprietaire\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Object is locked skipped

C:\Users\proprietaire\AppData\Local\Microsoft\Windows\UsrClass.dat{7eeeef91-7286-11dc-b254-001d60586deb}.TM.blf Object is locked skipped

C:\Users\proprietaire\AppData\Local\Microsoft\Windows\UsrClass.dat{7eeeef91-7286-11dc-b254-001d60586deb}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped

C:\Users\proprietaire\AppData\Local\Microsoft\Windows\UsrClass.dat{7eeeef91-7286-11dc-b254-001d60586deb}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped

C:\Users\proprietaire\AppData\Local\Microsoft\Windows Live Contacts\tchattty@hotmail.fr\real\members.stg Object is locked skipped

C:\Users\proprietaire\AppData\Local\Microsoft\Windows Live Contacts\tchattty@hotmail.fr\shadow\members.stg Object is locked skipped

C:\Users\proprietaire\AppData\Local\Temp\~DF6852.tmp Object is locked skipped

C:\Users\proprietaire\AppData\Local\Temp\~DF6A2B.tmp Object is locked skipped

C:\Users\proprietaire\AppData\Local\Temp\~DFF2C.tmp Object is locked skipped

C:\Users\proprietaire\AppData\Local\Temp\~DFF36.tmp Object is locked skipped

C:\Users\proprietaire\AppData\Roaming\Microsoft\Windows\Cookies\index.dat Object is locked skipped

C:\Users\proprietaire\NTUSER.DAT Object is locked skipped

C:\Users\proprietaire\ntuser.dat.LOG1 Object is locked skipped

C:\Users\proprietaire\ntuser.dat.LOG2 Object is locked skipped

C:\Users\proprietaire\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf Object is locked skipped

C:\Users\proprietaire\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped

C:\Users\proprietaire\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped

C:\Windows\Debug\PASSWD.LOG Object is locked skipped

C:\Windows\Debug\sam.log Object is locked skipped

C:\Windows\Debug\WIA\wiatrace.log Object is locked skipped

C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat Object is locked skipped

C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat Object is locked skipped

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WindowsUpdate.log Object is locked skipped

C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT Object is locked skipped

C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 Object is locked skipped

C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG2 Object is locked skipped

C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{3a539869-6a70-11db-887c-d362bd253390}.TM.blf Object is locked skipped

C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{3a539869-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped

C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{3a539869-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped

C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT Object is locked skipped

C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 Object is locked skipped

C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG2 Object is locked skipped

C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{3a539865-6a70-11db-887c-d362bd253390}.TM.blf Object is locked skipped

C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{3a539865-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped

C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{3a539865-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped

C:\Windows\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped

C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped

C:\Windows\System32\catroot2\edb.log Object is locked skipped

C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Object is locked skipped

C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Object is locked skipped

C:\Windows\System32\config\COMPONENTS Object is locked skipped

C:\Windows\System32\config\COMPONENTS.LOG1 Object is locked skipped

C:\Windows\System32\config\COMPONENTS.LOG2 Object is locked skipped

C:\Windows\System32\config\DEFAULT Object is locked skipped

C:\Windows\System32\config\DEFAULT.LOG1 Object is locked skipped

C:\Windows\System32\config\DEFAULT.LOG2 Object is locked skipped

C:\Windows\System32\config\RegBack\COMPONENTS Object is locked skipped

C:\Windows\System32\config\RegBack\DEFAULT Object is locked skipped

C:\Windows\System32\config\RegBack\SAM Object is locked skipped

C:\Windows\System32\config\RegBack\SECURITY Object is locked skipped

C:\Windows\System32\config\RegBack\SOFTWARE Object is locked skipped

C:\Windows\System32\config\RegBack\SYSTEM Object is locked skipped

C:\Windows\System32\config\SAM Object is locked skipped

C:\Windows\System32\config\SAM.LOG1 Object is locked skipped

C:\Windows\System32\config\SAM.LOG2 Object is locked skipped

C:\Windows\System32\config\SECURITY Object is locked skipped

C:\Windows\System32\config\SECURITY.LOG1 Object is locked skipped

C:\Windows\System32\config\SECURITY.LOG2 Object is locked skipped

C:\Windows\System32\config\SOFTWARE Object is locked skipped

C:\Windows\System32\config\SOFTWARE.LOG1 Object is locked skipped

C:\Windows\System32\config\SOFTWARE.LOG2 Object is locked skipped

C:\Windows\System32\config\SYSTEM Object is locked skipped

C:\Windows\System32\config\SYSTEM.LOG1 Object is locked skipped

C:\Windows\System32\config\SYSTEM.LOG2 Object is locked skipped

C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.0.regtrans-ms Object is locked skipped

C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.1.regtrans-ms Object is locked skipped

C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.2.regtrans-ms Object is locked skipped

C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.blf Object is locked skipped

C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TM.blf Object is locked skipped

C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped

C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped

C:\Windows\System32\LogFiles\Scm\SCM.EVM Object is locked skipped

C:\Windows\System32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped

C:\Windows\System32\Msdtc\KtmRmTm.blf Object is locked skipped

C:\Windows\System32\Msdtc\KtmRmTmContainer00000000000000000001 Object is locked skipped

C:\Windows\System32\Msdtc\KtmRmTmContainer00000000000000000002 Object is locked skipped

C:\Windows\System32\spool\SpoolerETW.etl Object is locked skipped

C:\Windows\System32\wbem\Logs\WMITracing.log Object is locked skipped

C:\Windows\System32\wbem\Repository\INDEX.BTR Object is locked skipped

C:\Windows\System32\wbem\Repository\MAPPING1.MAP Object is locked skipped

C:\Windows\System32\wbem\Repository\MAPPING2.MAP Object is locked skipped

C:\Windows\System32\wbem\Repository\OBJECTS.DATA Object is locked skipped

C:\Windows\System32\WDI\LogFiles\WdiContextLog.etl.002 Object is locked skipped

C:\Windows\System32\wfp\wfpdiag.etl Object is locked skipped

C:\Windows\System32\winevt\Logs\Application.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\DFS Replication.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\HardwareEvents.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Internet Explorer.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Key Management Service.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Media Center.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Resolver%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Leak-Diagnostic%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-RestartManager%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC-FileVirtualization%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-WLAN-AutoConfig%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Security.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Setup.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\System.evtx Object is locked skipped

C:\Windows\Tasks\SCHEDLGU.TXT Object is locked skipped

C:\Windows\WindowsUpdate.log Object is locked skipped

E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

 

Scan process completed.

[Gof]

Bonjour screwd

 

Rien d'inquiétant dans ton rapport d'analyse en ligne. L'outil a détecté la présence d'un processus lié à l'outil Smitfraudifx, qui est détecté comme potentiellement dangereux. Pas de soucis de ce côté la.

 

Peux tu t'assurer qu'Antivir fonctionne correctement et me rapporter ce qu'il en est ?

 

Suite aux différents rapports que je t'ai demandé, je ne vois rien d'inquiétant et d'infectieux qui pourrait expliquer tes soucis. Je ne crois pas ces ennuis d'origine infectieuse. Peux tu me dire si tu constates d'autres disfonctionnements particuliers ?

[screwd]

Bonjour Gof.

 

Tout d'abord merci mille fois pour tes réponses, et pour ta pédagogie

 

Antivir semble fonctionner normalement. Il se met à jour très régulièrement.

 

Mes erreurs doivent être dues à des problemes de compatibilité de codecs.

 

Encore merci pour ton aide !

 

[screwd]

Bonjour Gof.

 

Tout d'abord merci mille fois pour tes réponses, et pour ta pédagogie

 

Antivir semble fonctionner normalement. Il se met à jour très régulièrement.

 

Mes erreurs doivent être dues à des problemes de compatibilité de codecs.

 

Encore merci pour ton aide !

 

 

edit : jai trouvé la réponse au pbleme de surrogate ici !

[Gof]

Bonjour screwd

 

edit : jai trouvé la réponse au pbleme de surrogate ici !

Merci du retour, je ne connaissais pas l'astuce. "Après quelques recherches, la cause est définie pour la plupart des cas: Nero est responsable!".

 

Pense à supprimer Smitfraudfix de ton pc, conserver une version obsolète ne servira à rien car tu ne bénéficieras pas des dernières mises à jour, et tu risques de faire "biper" ton antivirus pour rien.

 

Supprime DSS de ton système également, tu n'en as plus besoin. Tu peux désinstaller HijackThis également.

 

A bientôt, bon surf