Small bat1

caroline -  
 Utilisateur anonyme -
C:\DOCUME~1\CARO-GUY\LOCALS~1\TEMP\31824.EXE

Is the Trojan horse TR/Dldr.Small.bat.1

J'ai ce virus et j'ai tout assayé, ca ne part pas

Pourriez-vous m'aider?

14 réponses

  1. caroline
     
    J'ai utlisé clean up
    Ad aware
    spy bot
    a2
    Et antivir

    Et c'est toujours là !
    0
  2. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  3. caroline
     
    Voici

    Logfile of HijackThis v1.99.1
    Scan saved at 18:36:20, on 2/08/2005
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v5.00 SP4 (5.00.2920.0000)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    F:\Securite\AVPersonal\AVGUARD.EXE
    F:\Securite\AVPersonal\AVWUPSRV.EXE
    C:\WINNT\System32\CTSvcCDA.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\Explorer.EXE
    C:\Program Files\Creative\ShareDLL\CtNotify.exe
    C:\Program Files\Fichiers communs\Adaptec Shared\CreateCD\CreateCD50.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\Support.com\bin\tgcmd.exe
    C:\Program Files\Daily Weather Forecast\weather.exe
    F:\Securite\AVPersonal\AVGNT.EXE
    C:\WINNT\system32\internat.exe
    C:\Program Files\Creative\ShareDLL\MediaDet.Exe
    C:\Program Files\RamBoost XP\rambxpfr.exe
    F:\Securite\Dreamweaver 2\Dreamweaver.exe
    C:\Program Files\Outlook Express\msimn.exe
    F:\ATransit\hijackthis_199\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.letopweb.net/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.fr.msn.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://F%3A%5CMozilla%5Csearchplugins%5Cgoogle.src"); (C:\Documents and Settings\Caro-Guy\Application Data\Mozilla\Profiles\default\oa8v2foi.slt\prefs.js)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: @msdxmLC.dll,-1@1036,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [Détecteur de disque] C:\Program Files\Creative\ShareDLL\CtNotify.exe
    O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
    O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Fichiers communs\Adaptec Shared\CreateCD\CreateCD50.exe" -r
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor
    O4 - HKLM\..\Run: [QuickTime Task] "F:\securite\quick\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [PrevxHome] F:\Securite\prevx\SAGUI.exe
    O4 - HKLM\..\Run: [Daily Weather Forecast] C:\Program Files\Daily Weather Forecast\weather.exe
    O4 - HKLM\..\Run: [AVGCtrl] "F:\Securite\AVPersonal\AVGNT.EXE" /min
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKCU\..\Run: [internat.exe] internat.exe
    O4 - HKCU\..\Run: [IECHECK.EXE] C:\WINNT\iecheck.exe
    O4 - HKCU\..\Run: [RamBoostXp] C:\Program Files\RamBoost XP\rambxpfr.exe
    O4 - Global Startup: Microsoft Office.lnk = E:\Microsoft_Office\Office\OSA9.EXE
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
    O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
    O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
    O12 - Plugin for .png: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.fr.msn.com
    O14 - IERESET.INF: MS_START_PAGE_URL=http://www.fr.msn.com
    O16 - DPF: ServerPushBox - http://www.spot.be/servp12.cab
    O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
    O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - F:\Securite\AVPersonal\AVGUARD.EXE
    O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - F:\Securite\AVPersonal\AVWUPSRV.EXE
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTSvcCDA.exe
    O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    0
  4. Utilisateur anonyme
     
    re,
    tu peux faire ceci stp
    demarer<poste de travail< c<programmes files< av personal<logfiles<NTGRDT
    copie/colle tout ce qu il y a dedans stp
    0
  5. caroline
     
    Le fichier étant très long, je colle juste la fin

    30/07/2005,12:54:53 [INIT] The AVGuard Service is starting.
    30/07/2005,12:55:04 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
    30/07/2005,12:55:15 [INFO] Start Filter Device.
    30/07/2005,12:55:15 AntiVirService Version: 6.31.00.01 AVE Version 6.31.0.9 VDF Version: 6.31.0.221
    30/07/2005,12:55:15 AVGuard has been started successfully!
    30/07/2005,12:56:29 [LOGON] Connection request by remote computer. Establishing secure communication channel.
    30/07/2005,12:56:31 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaa882d3.
    30/07/2005,13:53:22 [INFO] Stop Filter Device.
    30/07/2005,13:53:23 AVGuard service has been stopped!
    30/07/2005,14:34:03 ---------------------------------------------------------
    30/07/2005,14:34:03 [INIT] The AVGuard Service is starting.
    30/07/2005,14:34:14 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
    30/07/2005,14:34:24 [INFO] Start Filter Device.
    30/07/2005,14:34:24 AntiVirService Version: 6.31.00.01 AVE Version 6.31.0.9 VDF Version: 6.31.0.221
    30/07/2005,14:34:24 AVGuard has been started successfully!
    30/07/2005,14:35:36 [LOGON] Connection request by remote computer. Establishing secure communication channel.
    30/07/2005,14:35:37 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaa8b331.
    30/07/2005,15:09:32 [INFO] Stop Filter Device.
    30/07/2005,15:09:34 AVGuard service has been stopped!
    30/07/2005,15:48:16 ---------------------------------------------------------
    30/07/2005,15:48:16 [INIT] The AVGuard Service is starting.
    30/07/2005,15:48:23 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
    30/07/2005,15:48:37 [INFO] Start Filter Device.
    30/07/2005,15:48:37 AntiVirService Version: 6.31.00.01 AVE Version 6.31.0.9 VDF Version: 6.31.0.221
    30/07/2005,15:48:37 AVGuard has been started successfully!
    30/07/2005,15:49:47 [LOGON] Connection request by remote computer. Establishing secure communication channel.
    30/07/2005,15:49:48 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaa8bb77.
    30/07/2005,16:49:44 WARNING: Is the Trojan horse TR/Dldr.Small.bat.1!
    C:\DOCUME~1\CARO-GUY\LOCALS~1\TEMP\22319.EXE
    File has been deleted!
    30/07/2005,17:43:57 [INFO] Stop Filter Device.
    30/07/2005,17:43:58 AVGuard service has been stopped!
    30/07/2005,22:42:18 ---------------------------------------------------------
    30/07/2005,22:42:18 [INIT] The AVGuard Service is starting.
    30/07/2005,22:42:25 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
    30/07/2005,22:42:39 [INFO] Start Filter Device.
    30/07/2005,22:42:39 AntiVirService Version: 6.31.00.01 AVE Version 6.31.0.9 VDF Version: 6.31.0.221
    30/07/2005,22:42:39 AVGuard has been started successfully!
    30/07/2005,22:43:56 [LOGON] Connection request by remote computer. Establishing secure communication channel.
    30/07/2005,22:43:59 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaa89805.
    30/07/2005,23:43:51 WARNING: Is the Trojan horse TR/Dldr.Small.bat.1!
    C:\DOCUME~1\CARO-GUY\LOCALS~1\TEMP\5158.EXE
    File has been deleted!
    31/07/2005,00:15:18 [INFO] Stop Filter Device.
    31/07/2005,00:15:19 AVGuard service has been stopped!
    31/07/2005,07:29:46 ---------------------------------------------------------
    31/07/2005,07:29:46 [INIT] The AVGuard Service is starting.
    31/07/2005,07:29:52 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
    31/07/2005,07:30:02 [INFO] Start Filter Device.
    31/07/2005,07:30:02 AntiVirService Version: 6.31.00.01 AVE Version 6.31.0.9 VDF Version: 6.31.0.221
    31/07/2005,07:30:02 AVGuard has been started successfully!
    31/07/2005,07:31:46 [LOGON] Connection request by remote computer. Establishing secure communication channel.
    31/07/2005,07:31:49 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaa8262a.
    31/07/2005,08:31:41 WARNING: Is the Trojan horse TR/Dldr.Small.bat.1!
    C:\DOCUME~1\CARO-GUY\LOCALS~1\TEMP\10272.EXE
    File has been deleted!
    31/07/2005,09:01:26 [INFO] Stop Filter Device.
    31/07/2005,09:01:28 AVGuard service has been stopped!
    31/07/2005,13:39:31 ---------------------------------------------------------
    31/07/2005,13:39:31 [INIT] The AVGuard Service is starting.
    31/07/2005,13:39:39 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
    31/07/2005,13:39:49 [INFO] Start Filter Device.
    31/07/2005,13:39:49 AntiVirService Version: 6.31.00.01 AVE Version 6.31.0.9 VDF Version: 6.31.0.221
    31/07/2005,13:39:49 AVGuard has been started successfully!
    31/07/2005,13:41:03 [LOGON] Connection request by remote computer. Establishing secure communication channel.
    31/07/2005,13:41:05 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaa88e25.
    31/07/2005,13:46:41 [INFO] Stop Filter Device.
    31/07/2005,13:46:42 AVGuard service has been stopped!
    31/07/2005,13:46:43 ---------------------------------------------------------
    31/07/2005,13:46:43 [INIT] The AVGuard Service is starting.
    31/07/2005,13:46:49 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
    31/07/2005,13:46:50 [INFO] Start Filter Device.
    31/07/2005,13:46:50 AntiVirService Version: 6.31.00.01 AVE Version 6.31.1.0 VDF Version: 6.31.1.39
    31/07/2005,13:46:50 AVGuard has been started successfully!
    31/07/2005,13:46:55 [LOGON] Connection request by remote computer. Establishing secure communication channel.
    31/07/2005,13:46:56 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaadd452.
    31/07/2005,14:40:58 WARNING: Is the Trojan horse TR/Dldr.Small.bat.1!
    C:\DOCUME~1\CARO-GUY\LOCALS~1\TEMP\17091.EXE
    File has been deleted!
    31/07/2005,15:29:36 [INFO] Stop Filter Device.
    31/07/2005,15:29:36 AVGuard service has been stopped!
    31/07/2005,16:52:29 ---------------------------------------------------------
    31/07/2005,16:52:29 [INIT] The AVGuard Service is starting.
    31/07/2005,16:52:40 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
    31/07/2005,16:52:50 [INFO] Start Filter Device.
    31/07/2005,16:52:50 AntiVirService Version: 6.31.00.01 AVE Version 6.31.1.0 VDF Version: 6.31.1.39
    31/07/2005,16:52:50 AVGuard has been started successfully!
    31/07/2005,16:54:10 [LOGON] Connection request by remote computer. Establishing secure communication channel.
    31/07/2005,16:54:13 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaa8ed1a.
    31/07/2005,17:54:13 WARNING: Is the Trojan horse TR/Dldr.Small.bat.1!
    C:\DOCUME~1\CARO-GUY\LOCALS~1\TEMP\22181.EXE
    File has been deleted!
    31/07/2005,18:54:16 WARNING: Is the Trojan horse TR/Dldr.Small.alr.1!
    C:\DOCUME~1\CARO-GUY\LOCALS~1\TEMP\27065.EXE
    File has been deleted!
    31/07/2005,19:54:19 WARNING: Is the Trojan horse TR/Dldr.Small.bat.1!
    C:\DOCUME~1\CARO-GUY\LOCALS~1\TEMP\31860.EXE
    File has been deleted!
    31/07/2005,20:54:24 WARNING: Is the Trojan horse TR/Dldr.Small.bat.1!
    C:\DOCUME~1\CARO-GUY\LOCALS~1\TEMP\31824.EXE
    File has been deleted!
    31/07/2005,21:54:39 WARNING: Is the Trojan horse TR/Dldr.Small.alr.1!
    C:\DOCUME~1\CARO-GUY\LOCALS~1\TEMP\16581.EXE
    File has been deleted!
    31/07/2005,22:54:49 WARNING: Is the Trojan horse TR/Dldr.Small.bat.1!
    C:\DOCUME~1\CARO-GUY\LOCALS~1\TEMP\8894.EXE
    File has been deleted!
    31/07/2005,23:48:24 [INFO] Stop Filter Device.
    31/07/2005,23:48:26 AVGuard service has been stopped!
    01/08/2005,05:35:44 ---------------------------------------------------------
    01/08/2005,05:35:44 [INIT] The AVGuard Service is starting.
    01/08/2005,05:35:54 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
    01/08/2005,05:36:01 [INFO] Start Filter Device.
    01/08/2005,05:36:01 AntiVirService Version: 6.31.00.01 AVE Version 6.31.1.0 VDF Version: 6.31.1.39
    01/08/2005,05:36:01 AVGuard has been started successfully!
    01/08/2005,05:37:44 [LOGON] Connection request by remote computer. Establishing secure communication channel.
    01/08/2005,05:37:46 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaa826f2.
    01/08/2005,06:32:36 [INFO] Stop Filter Device.
    01/08/2005,06:32:36 AVGuard service has been stopped!
    01/08/2005,14:10:35 ---------------------------------------------------------
    01/08/2005,14:10:35 [INIT] The AVGuard Service is starting.
    01/08/2005,14:10:44 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
    01/08/2005,14:10:55 [INFO] Start Filter Device.
    01/08/2005,14:10:55 AntiVirService Version: 6.31.00.01 AVE Version 6.31.1.0 VDF Version: 6.31.1.39
    01/08/2005,14:10:55 AVGuard has been started successfully!
    01/08/2005,14:11:55 [LOGON] Connection request by remote computer. Establishing secure communication channel.
    01/08/2005,14:11:57 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaab456a.
    01/08/2005,14:48:38 [INFO] Stop Filter Device.
    01/08/2005,14:48:39 AVGuard service has been stopped!
    01/08/2005,18:25:45 ---------------------------------------------------------
    01/08/2005,18:25:45 [INIT] The AVGuard Service is starting.
    01/08/2005,18:25:55 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
    01/08/2005,18:26:05 [INFO] Start Filter Device.
    01/08/2005,18:26:05 AntiVirService Version: 6.31.00.01 AVE Version 6.31.1.0 VDF Version: 6.31.1.39
    01/08/2005,18:26:05 AVGuard has been started successfully!
    01/08/2005,18:27:25 [LOGON] Connection request by remote computer. Establishing secure communication channel.
    01/08/2005,18:27:27 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaa8950b.
    01/08/2005,19:27:26 WARNING: Is the Trojan horse TR/Dldr.Small.bat.1!
    C:\DOCUME~1\CARO-GUY\LOCALS~1\TEMP\27689.EXE
    File has been deleted!
    01/08/2005,20:20:32 [INFO] Stop Filter Device.
    01/08/2005,20:20:34 AVGuard service has been stopped!
    01/08/2005,22:15:56 ---------------------------------------------------------
    01/08/2005,22:15:56 [INIT] The AVGuard Service is starting.
    01/08/2005,22:16:07 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
    01/08/2005,22:16:14 [INFO] Start Filter Device.
    01/08/2005,22:16:14 AntiVirService Version: 6.31.00.01 AVE Version 6.31.1.0 VDF Version: 6.31.1.39
    01/08/2005,22:16:14 AVGuard has been started successfully!
    01/08/2005,22:17:53 [LOGON] Connection request by remote computer. Establishing secure communication channel.
    01/08/2005,22:17:54 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaa8df23.
    01/08/2005,22:52:43 [INFO] Stop Filter Device.
    01/08/2005,22:52:44 AVGuard service has been stopped!
    02/08/2005,05:35:26 ---------------------------------------------------------
    02/08/2005,05:35:26 [INIT] The AVGuard Service is starting.
    02/08/2005,05:35:36 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
    02/08/2005,05:35:43 [INFO] Start Filter Device.
    02/08/2005,05:35:43 AntiVirService Version: 6.31.00.01 AVE Version 6.31.1.0 VDF Version: 6.31.1.39
    02/08/2005,05:35:43 AVGuard has been started successfully!
    02/08/2005,05:36:52 [LOGON] Connection request by remote computer. Establishing secure communication channel.
    02/08/2005,05:36:54 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaa8af52.
    02/08/2005,06:23:05 [INFO] Stop Filter Device.
    02/08/2005,06:23:06 AVGuard service has been stopped!
    02/08/2005,14:11:41 ---------------------------------------------------------
    02/08/2005,14:11:41 [INIT] The AVGuard Service is starting.
    02/08/2005,14:11:51 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
    02/08/2005,14:12:01 [INFO] Start Filter Device.
    02/08/2005,14:12:01 AntiVirService Version: 6.31.00.01 AVE Version 6.31.1.0 VDF Version: 6.31.1.39
    02/08/2005,14:12:01 AVGuard has been started successfully!
    02/08/2005,14:13:24 [LOGON] Connection request by remote computer. Establishing secure communication channel.
    02/08/2005,14:13:26 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaa8ee61.
    02/08/2005,14:32:36 [INFO] Stop Filter Device.
    02/08/2005,14:32:38 AVGuard service has been stopped!
    02/08/2005,17:30:58 ---------------------------------------------------------
    02/08/2005,17:30:58 [INIT] The AVGuard Service is starting.
    02/08/2005,17:31:04 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
    02/08/2005,17:31:15 [INFO] Start Filter Device.
    02/08/2005,17:31:15 AntiVirService Version: 6.31.00.01 AVE Version 6.31.1.0 VDF Version: 6.31.1.39
    02/08/2005,17:31:15 AVGuard has been started successfully!
    02/08/2005,17:33:00 [LOGON] Connection request by remote computer. Establishing secure communication channel.
    02/08/2005,17:33:02 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaa83a4b.
    02/08/2005,18:32:55 WARNING: Is the Trojan horse TR/Dldr.Small.bat.1!
    C:\DOCUME~1\CARO-GUY\LOCALS~1\TEMP\4242.EXE
    File has been deleted!
    02/08/2005,19:32:59 WARNING: Is the Trojan horse TR/Dldr.Small.alr.1!
    C:\DOCUME~1\CARO-GUY\LOCALS~1\TEMP\16741.EXE
    File has been deleted!
    02/08/2005,20:42:13 WARNING: Is the Trojan horse TR/Dldr.Small.bat.1!
    C:\DOCUME~1\CARO-GUY\LOCALS~1\TEMP\2855.EXE
    File has been deleted!
    0
  6. caroline
     
    Voici, j'ai effectuée ( j'espère sans erreurs) vos conseils:

    Logfile of HijackThis v1.99.1
    Scan saved at 6:33:17, on 3/08/2005
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v5.00 SP4 (5.00.2920.0000)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    F:\Securite\AVPersonal\AVGUARD.EXE
    F:\Securite\AVPersonal\AVWUPSRV.EXE
    C:\WINNT\System32\CTSvcCDA.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\Explorer.EXE
    C:\Program Files\Creative\ShareDLL\CtNotify.exe
    C:\Program Files\Fichiers communs\Adaptec Shared\CreateCD\CreateCD50.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\Support.com\bin\tgcmd.exe
    F:\Securite\AVPersonal\AVGNT.EXE
    C:\Program Files\Creative\ShareDLL\MediaDet.Exe
    C:\WINNT\system32\internat.exe
    C:\Program Files\RamBoost XP\rambxpfr.exe
    F:\ATransit\hijackthis_199\HijackThis.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.letopweb.net/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.fr.msn.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://F%3A%5CMozilla%5Csearchplugins%5Cgoogle.src"); (C:\Documents and Settings\Caro-Guy\Application Data\Mozilla\Profiles\default\oa8v2foi.slt\prefs.js)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: @msdxmLC.dll,-1@1036,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [Détecteur de disque] C:\Program Files\Creative\ShareDLL\CtNotify.exe
    O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
    O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Fichiers communs\Adaptec Shared\CreateCD\CreateCD50.exe" -r
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor
    O4 - HKLM\..\Run: [QuickTime Task] "F:\securite\quick\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [PrevxHome] F:\Securite\prevx\SAGUI.exe
    O4 - HKLM\..\Run: [AVGCtrl] "F:\Securite\AVPersonal\AVGNT.EXE" /min
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKCU\..\Run: [internat.exe] internat.exe
    O4 - HKCU\..\Run: [IECHECK.EXE] C:\WINNT\iecheck.exe
    O4 - HKCU\..\Run: [RamBoostXp] C:\Program Files\RamBoost XP\rambxpfr.exe
    O4 - Global Startup: Microsoft Office.lnk = E:\Microsoft_Office\Office\OSA9.EXE
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
    O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
    O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
    O12 - Plugin for .png: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.fr.msn.com
    O14 - IERESET.INF: MS_START_PAGE_URL=http://www.fr.msn.com
    O16 - DPF: ServerPushBox - http://www.spot.be/servp12.cab
    O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
    O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - F:\Securite\AVPersonal\AVGUARD.EXE
    O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - F:\Securite\AVPersonal\AVWUPSRV.EXE
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTSvcCDA.exe
    O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    0
  7. Utilisateur anonyme
     
    coucou,
    ou en sont tes soucis maintenant?

    a+
    0
  8. caroline
     
    Et bien je n'ai plus eu l'alarme Antivir pour l'instant

    Je te remercie beaucoup

    PS comment avais-tu remaqué que c'étatit celui - là qui provoquait le phénmène?

    Encore merci
    0
  9. Utilisateur anonyme
     
    coucou
    tout d abord ton antivirus generait le rapport quotidien de cette infection
    C:\DOCUME~1\CARO-GUY\LOCALS~1\TEMP\4242.EXE
    Ensuite dans ton log, il y avait que cela de mauvais, je le connaissais de nom donc je l ai vu tout de suite
    et voila

    bon surf caroline et si tu as des questions, n hesites pas

    bisous
    0
  10. Kabuto
     
    Salut tout le monde,

    Tout d'abord, merci pour la méthode. J'ai eu le même problème et ça semble ok maintenant.

    Je voulais juste savoir d'où pouvait venir ce fichier "daily weather forecast"?

    Encore MERCI!
    0