A voir également:
- Small bat1
- Damn small linux - Télécharger - Systèmes d'exploitation
- Small pdf fusionner - Guide
- Small Business Publisher - Télécharger - Outils professionnels
- Installation de carte graphique pour hp 6200 pro small form factor - Forum Carte graphique
14 réponses
salut
utilise clean up
http://pageperso.aol.fr/balltrap34/CleanUp40.exe
-aide en image:(merci a Balltrap34)
http://pageperso.aol.fr/balltrap34/democleanup.htm
utilise clean up
http://pageperso.aol.fr/balltrap34/CleanUp40.exe
-aide en image:(merci a Balltrap34)
http://pageperso.aol.fr/balltrap34/democleanup.htm
bjr caroline,
as-tu essayé un scan en ligne?
--> http://www.secuser.com/antivirus/index.htm par exemple
ou encore rav antivirus
bon courage
as-tu essayé un scan en ligne?
--> http://www.secuser.com/antivirus/index.htm par exemple
ou encore rav antivirus
bon courage
, télécharge hijackthis ici:
http://www.hijackthis.de/downloads/hijackthis_199.zip
Dézippe le dans un dossier prévu a cet effet.
Par exemple C:\hijackthis < Enregistre le bien dans c : !
Lancez le puis:
clic sur "do a system scan and save logfile" (cf demo)
faire un copier coller du log entier sur le forum
Démo : (merci a balltrap34 pour cette réalisation)
http://pageperso.aol.fr/balltrap34/demohijack.htm
Bon courage
a+
http://www.hijackthis.de/downloads/hijackthis_199.zip
Dézippe le dans un dossier prévu a cet effet.
Par exemple C:\hijackthis < Enregistre le bien dans c : !
Lancez le puis:
clic sur "do a system scan and save logfile" (cf demo)
faire un copier coller du log entier sur le forum
Démo : (merci a balltrap34 pour cette réalisation)
http://pageperso.aol.fr/balltrap34/demohijack.htm
Bon courage
a+
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Voici
Logfile of HijackThis v1.99.1
Scan saved at 18:36:20, on 2/08/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP4 (5.00.2920.0000)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
F:\Securite\AVPersonal\AVGUARD.EXE
F:\Securite\AVPersonal\AVWUPSRV.EXE
C:\WINNT\System32\CTSvcCDA.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\Fichiers communs\Adaptec Shared\CreateCD\CreateCD50.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Daily Weather Forecast\weather.exe
F:\Securite\AVPersonal\AVGNT.EXE
C:\WINNT\system32\internat.exe
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\Program Files\RamBoost XP\rambxpfr.exe
F:\Securite\Dreamweaver 2\Dreamweaver.exe
C:\Program Files\Outlook Express\msimn.exe
F:\ATransit\hijackthis_199\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.letopweb.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.fr.msn.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://F%3A%5CMozilla%5Csearchplugins%5Cgoogle.src"); (C:\Documents and Settings\Caro-Guy\Application Data\Mozilla\Profiles\default\oa8v2foi.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: @msdxmLC.dll,-1@1036,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Détecteur de disque] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Fichiers communs\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor
O4 - HKLM\..\Run: [QuickTime Task] "F:\securite\quick\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PrevxHome] F:\Securite\prevx\SAGUI.exe
O4 - HKLM\..\Run: [Daily Weather Forecast] C:\Program Files\Daily Weather Forecast\weather.exe
O4 - HKLM\..\Run: [AVGCtrl] "F:\Securite\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [IECHECK.EXE] C:\WINNT\iecheck.exe
O4 - HKCU\..\Run: [RamBoostXp] C:\Program Files\RamBoost XP\rambxpfr.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Microsoft_Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .png: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.fr.msn.com
O14 - IERESET.INF: MS_START_PAGE_URL=http://www.fr.msn.com
O16 - DPF: ServerPushBox - http://www.spot.be/servp12.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - F:\Securite\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - F:\Securite\AVPersonal\AVWUPSRV.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTSvcCDA.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
Logfile of HijackThis v1.99.1
Scan saved at 18:36:20, on 2/08/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP4 (5.00.2920.0000)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
F:\Securite\AVPersonal\AVGUARD.EXE
F:\Securite\AVPersonal\AVWUPSRV.EXE
C:\WINNT\System32\CTSvcCDA.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\Fichiers communs\Adaptec Shared\CreateCD\CreateCD50.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Daily Weather Forecast\weather.exe
F:\Securite\AVPersonal\AVGNT.EXE
C:\WINNT\system32\internat.exe
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\Program Files\RamBoost XP\rambxpfr.exe
F:\Securite\Dreamweaver 2\Dreamweaver.exe
C:\Program Files\Outlook Express\msimn.exe
F:\ATransit\hijackthis_199\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.letopweb.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.fr.msn.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://F%3A%5CMozilla%5Csearchplugins%5Cgoogle.src"); (C:\Documents and Settings\Caro-Guy\Application Data\Mozilla\Profiles\default\oa8v2foi.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: @msdxmLC.dll,-1@1036,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Détecteur de disque] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Fichiers communs\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor
O4 - HKLM\..\Run: [QuickTime Task] "F:\securite\quick\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PrevxHome] F:\Securite\prevx\SAGUI.exe
O4 - HKLM\..\Run: [Daily Weather Forecast] C:\Program Files\Daily Weather Forecast\weather.exe
O4 - HKLM\..\Run: [AVGCtrl] "F:\Securite\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [IECHECK.EXE] C:\WINNT\iecheck.exe
O4 - HKCU\..\Run: [RamBoostXp] C:\Program Files\RamBoost XP\rambxpfr.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Microsoft_Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .png: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.fr.msn.com
O14 - IERESET.INF: MS_START_PAGE_URL=http://www.fr.msn.com
O16 - DPF: ServerPushBox - http://www.spot.be/servp12.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - F:\Securite\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - F:\Securite\AVPersonal\AVWUPSRV.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTSvcCDA.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
re,
tu peux faire ceci stp
demarer<poste de travail< c<programmes files< av personal<logfiles<NTGRDT
copie/colle tout ce qu il y a dedans stp
tu peux faire ceci stp
demarer<poste de travail< c<programmes files< av personal<logfiles<NTGRDT
copie/colle tout ce qu il y a dedans stp
Le fichier étant très long, je colle juste la fin
30/07/2005,12:54:53 [INIT] The AVGuard Service is starting.
30/07/2005,12:55:04 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
30/07/2005,12:55:15 [INFO] Start Filter Device.
30/07/2005,12:55:15 AntiVirService Version: 6.31.00.01 AVE Version 6.31.0.9 VDF Version: 6.31.0.221
30/07/2005,12:55:15 AVGuard has been started successfully!
30/07/2005,12:56:29 [LOGON] Connection request by remote computer. Establishing secure communication channel.
30/07/2005,12:56:31 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaa882d3.
30/07/2005,13:53:22 [INFO] Stop Filter Device.
30/07/2005,13:53:23 AVGuard service has been stopped!
30/07/2005,14:34:03 ---------------------------------------------------------
30/07/2005,14:34:03 [INIT] The AVGuard Service is starting.
30/07/2005,14:34:14 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
30/07/2005,14:34:24 [INFO] Start Filter Device.
30/07/2005,14:34:24 AntiVirService Version: 6.31.00.01 AVE Version 6.31.0.9 VDF Version: 6.31.0.221
30/07/2005,14:34:24 AVGuard has been started successfully!
30/07/2005,14:35:36 [LOGON] Connection request by remote computer. Establishing secure communication channel.
30/07/2005,14:35:37 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaa8b331.
30/07/2005,15:09:32 [INFO] Stop Filter Device.
30/07/2005,15:09:34 AVGuard service has been stopped!
30/07/2005,15:48:16 ---------------------------------------------------------
30/07/2005,15:48:16 [INIT] The AVGuard Service is starting.
30/07/2005,15:48:23 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
30/07/2005,15:48:37 [INFO] Start Filter Device.
30/07/2005,15:48:37 AntiVirService Version: 6.31.00.01 AVE Version 6.31.0.9 VDF Version: 6.31.0.221
30/07/2005,15:48:37 AVGuard has been started successfully!
30/07/2005,15:49:47 [LOGON] Connection request by remote computer. Establishing secure communication channel.
30/07/2005,15:49:48 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaa8bb77.
30/07/2005,16:49:44 WARNING: Is the Trojan horse TR/Dldr.Small.bat.1!
C:\DOCUME~1\CARO-GUY\LOCALS~1\TEMP\22319.EXE
File has been deleted!
30/07/2005,17:43:57 [INFO] Stop Filter Device.
30/07/2005,17:43:58 AVGuard service has been stopped!
30/07/2005,22:42:18 ---------------------------------------------------------
30/07/2005,22:42:18 [INIT] The AVGuard Service is starting.
30/07/2005,22:42:25 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
30/07/2005,22:42:39 [INFO] Start Filter Device.
30/07/2005,22:42:39 AntiVirService Version: 6.31.00.01 AVE Version 6.31.0.9 VDF Version: 6.31.0.221
30/07/2005,22:42:39 AVGuard has been started successfully!
30/07/2005,22:43:56 [LOGON] Connection request by remote computer. Establishing secure communication channel.
30/07/2005,22:43:59 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaa89805.
30/07/2005,23:43:51 WARNING: Is the Trojan horse TR/Dldr.Small.bat.1!
C:\DOCUME~1\CARO-GUY\LOCALS~1\TEMP\5158.EXE
File has been deleted!
31/07/2005,00:15:18 [INFO] Stop Filter Device.
31/07/2005,00:15:19 AVGuard service has been stopped!
31/07/2005,07:29:46 ---------------------------------------------------------
31/07/2005,07:29:46 [INIT] The AVGuard Service is starting.
31/07/2005,07:29:52 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
31/07/2005,07:30:02 [INFO] Start Filter Device.
31/07/2005,07:30:02 AntiVirService Version: 6.31.00.01 AVE Version 6.31.0.9 VDF Version: 6.31.0.221
31/07/2005,07:30:02 AVGuard has been started successfully!
31/07/2005,07:31:46 [LOGON] Connection request by remote computer. Establishing secure communication channel.
31/07/2005,07:31:49 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaa8262a.
31/07/2005,08:31:41 WARNING: Is the Trojan horse TR/Dldr.Small.bat.1!
C:\DOCUME~1\CARO-GUY\LOCALS~1\TEMP\10272.EXE
File has been deleted!
31/07/2005,09:01:26 [INFO] Stop Filter Device.
31/07/2005,09:01:28 AVGuard service has been stopped!
31/07/2005,13:39:31 ---------------------------------------------------------
31/07/2005,13:39:31 [INIT] The AVGuard Service is starting.
31/07/2005,13:39:39 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
31/07/2005,13:39:49 [INFO] Start Filter Device.
31/07/2005,13:39:49 AntiVirService Version: 6.31.00.01 AVE Version 6.31.0.9 VDF Version: 6.31.0.221
31/07/2005,13:39:49 AVGuard has been started successfully!
31/07/2005,13:41:03 [LOGON] Connection request by remote computer. Establishing secure communication channel.
31/07/2005,13:41:05 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaa88e25.
31/07/2005,13:46:41 [INFO] Stop Filter Device.
31/07/2005,13:46:42 AVGuard service has been stopped!
31/07/2005,13:46:43 ---------------------------------------------------------
31/07/2005,13:46:43 [INIT] The AVGuard Service is starting.
31/07/2005,13:46:49 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
31/07/2005,13:46:50 [INFO] Start Filter Device.
31/07/2005,13:46:50 AntiVirService Version: 6.31.00.01 AVE Version 6.31.1.0 VDF Version: 6.31.1.39
31/07/2005,13:46:50 AVGuard has been started successfully!
31/07/2005,13:46:55 [LOGON] Connection request by remote computer. Establishing secure communication channel.
31/07/2005,13:46:56 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaadd452.
31/07/2005,14:40:58 WARNING: Is the Trojan horse TR/Dldr.Small.bat.1!
C:\DOCUME~1\CARO-GUY\LOCALS~1\TEMP\17091.EXE
File has been deleted!
31/07/2005,15:29:36 [INFO] Stop Filter Device.
31/07/2005,15:29:36 AVGuard service has been stopped!
31/07/2005,16:52:29 ---------------------------------------------------------
31/07/2005,16:52:29 [INIT] The AVGuard Service is starting.
31/07/2005,16:52:40 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
31/07/2005,16:52:50 [INFO] Start Filter Device.
31/07/2005,16:52:50 AntiVirService Version: 6.31.00.01 AVE Version 6.31.1.0 VDF Version: 6.31.1.39
31/07/2005,16:52:50 AVGuard has been started successfully!
31/07/2005,16:54:10 [LOGON] Connection request by remote computer. Establishing secure communication channel.
31/07/2005,16:54:13 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaa8ed1a.
31/07/2005,17:54:13 WARNING: Is the Trojan horse TR/Dldr.Small.bat.1!
C:\DOCUME~1\CARO-GUY\LOCALS~1\TEMP\22181.EXE
File has been deleted!
31/07/2005,18:54:16 WARNING: Is the Trojan horse TR/Dldr.Small.alr.1!
C:\DOCUME~1\CARO-GUY\LOCALS~1\TEMP\27065.EXE
File has been deleted!
31/07/2005,19:54:19 WARNING: Is the Trojan horse TR/Dldr.Small.bat.1!
C:\DOCUME~1\CARO-GUY\LOCALS~1\TEMP\31860.EXE
File has been deleted!
31/07/2005,20:54:24 WARNING: Is the Trojan horse TR/Dldr.Small.bat.1!
C:\DOCUME~1\CARO-GUY\LOCALS~1\TEMP\31824.EXE
File has been deleted!
31/07/2005,21:54:39 WARNING: Is the Trojan horse TR/Dldr.Small.alr.1!
C:\DOCUME~1\CARO-GUY\LOCALS~1\TEMP\16581.EXE
File has been deleted!
31/07/2005,22:54:49 WARNING: Is the Trojan horse TR/Dldr.Small.bat.1!
C:\DOCUME~1\CARO-GUY\LOCALS~1\TEMP\8894.EXE
File has been deleted!
31/07/2005,23:48:24 [INFO] Stop Filter Device.
31/07/2005,23:48:26 AVGuard service has been stopped!
01/08/2005,05:35:44 ---------------------------------------------------------
01/08/2005,05:35:44 [INIT] The AVGuard Service is starting.
01/08/2005,05:35:54 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
01/08/2005,05:36:01 [INFO] Start Filter Device.
01/08/2005,05:36:01 AntiVirService Version: 6.31.00.01 AVE Version 6.31.1.0 VDF Version: 6.31.1.39
01/08/2005,05:36:01 AVGuard has been started successfully!
01/08/2005,05:37:44 [LOGON] Connection request by remote computer. Establishing secure communication channel.
01/08/2005,05:37:46 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaa826f2.
01/08/2005,06:32:36 [INFO] Stop Filter Device.
01/08/2005,06:32:36 AVGuard service has been stopped!
01/08/2005,14:10:35 ---------------------------------------------------------
01/08/2005,14:10:35 [INIT] The AVGuard Service is starting.
01/08/2005,14:10:44 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
01/08/2005,14:10:55 [INFO] Start Filter Device.
01/08/2005,14:10:55 AntiVirService Version: 6.31.00.01 AVE Version 6.31.1.0 VDF Version: 6.31.1.39
01/08/2005,14:10:55 AVGuard has been started successfully!
01/08/2005,14:11:55 [LOGON] Connection request by remote computer. Establishing secure communication channel.
01/08/2005,14:11:57 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaab456a.
01/08/2005,14:48:38 [INFO] Stop Filter Device.
01/08/2005,14:48:39 AVGuard service has been stopped!
01/08/2005,18:25:45 ---------------------------------------------------------
01/08/2005,18:25:45 [INIT] The AVGuard Service is starting.
01/08/2005,18:25:55 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
01/08/2005,18:26:05 [INFO] Start Filter Device.
01/08/2005,18:26:05 AntiVirService Version: 6.31.00.01 AVE Version 6.31.1.0 VDF Version: 6.31.1.39
01/08/2005,18:26:05 AVGuard has been started successfully!
01/08/2005,18:27:25 [LOGON] Connection request by remote computer. Establishing secure communication channel.
01/08/2005,18:27:27 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaa8950b.
01/08/2005,19:27:26 WARNING: Is the Trojan horse TR/Dldr.Small.bat.1!
C:\DOCUME~1\CARO-GUY\LOCALS~1\TEMP\27689.EXE
File has been deleted!
01/08/2005,20:20:32 [INFO] Stop Filter Device.
01/08/2005,20:20:34 AVGuard service has been stopped!
01/08/2005,22:15:56 ---------------------------------------------------------
01/08/2005,22:15:56 [INIT] The AVGuard Service is starting.
01/08/2005,22:16:07 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
01/08/2005,22:16:14 [INFO] Start Filter Device.
01/08/2005,22:16:14 AntiVirService Version: 6.31.00.01 AVE Version 6.31.1.0 VDF Version: 6.31.1.39
01/08/2005,22:16:14 AVGuard has been started successfully!
01/08/2005,22:17:53 [LOGON] Connection request by remote computer. Establishing secure communication channel.
01/08/2005,22:17:54 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaa8df23.
01/08/2005,22:52:43 [INFO] Stop Filter Device.
01/08/2005,22:52:44 AVGuard service has been stopped!
02/08/2005,05:35:26 ---------------------------------------------------------
02/08/2005,05:35:26 [INIT] The AVGuard Service is starting.
02/08/2005,05:35:36 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
02/08/2005,05:35:43 [INFO] Start Filter Device.
02/08/2005,05:35:43 AntiVirService Version: 6.31.00.01 AVE Version 6.31.1.0 VDF Version: 6.31.1.39
02/08/2005,05:35:43 AVGuard has been started successfully!
02/08/2005,05:36:52 [LOGON] Connection request by remote computer. Establishing secure communication channel.
02/08/2005,05:36:54 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaa8af52.
02/08/2005,06:23:05 [INFO] Stop Filter Device.
02/08/2005,06:23:06 AVGuard service has been stopped!
02/08/2005,14:11:41 ---------------------------------------------------------
02/08/2005,14:11:41 [INIT] The AVGuard Service is starting.
02/08/2005,14:11:51 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
02/08/2005,14:12:01 [INFO] Start Filter Device.
02/08/2005,14:12:01 AntiVirService Version: 6.31.00.01 AVE Version 6.31.1.0 VDF Version: 6.31.1.39
02/08/2005,14:12:01 AVGuard has been started successfully!
02/08/2005,14:13:24 [LOGON] Connection request by remote computer. Establishing secure communication channel.
02/08/2005,14:13:26 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaa8ee61.
02/08/2005,14:32:36 [INFO] Stop Filter Device.
02/08/2005,14:32:38 AVGuard service has been stopped!
02/08/2005,17:30:58 ---------------------------------------------------------
02/08/2005,17:30:58 [INIT] The AVGuard Service is starting.
02/08/2005,17:31:04 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
02/08/2005,17:31:15 [INFO] Start Filter Device.
02/08/2005,17:31:15 AntiVirService Version: 6.31.00.01 AVE Version 6.31.1.0 VDF Version: 6.31.1.39
02/08/2005,17:31:15 AVGuard has been started successfully!
02/08/2005,17:33:00 [LOGON] Connection request by remote computer. Establishing secure communication channel.
02/08/2005,17:33:02 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaa83a4b.
02/08/2005,18:32:55 WARNING: Is the Trojan horse TR/Dldr.Small.bat.1!
C:\DOCUME~1\CARO-GUY\LOCALS~1\TEMP\4242.EXE
File has been deleted!
02/08/2005,19:32:59 WARNING: Is the Trojan horse TR/Dldr.Small.alr.1!
C:\DOCUME~1\CARO-GUY\LOCALS~1\TEMP\16741.EXE
File has been deleted!
02/08/2005,20:42:13 WARNING: Is the Trojan horse TR/Dldr.Small.bat.1!
C:\DOCUME~1\CARO-GUY\LOCALS~1\TEMP\2855.EXE
File has been deleted!
30/07/2005,12:54:53 [INIT] The AVGuard Service is starting.
30/07/2005,12:55:04 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
30/07/2005,12:55:15 [INFO] Start Filter Device.
30/07/2005,12:55:15 AntiVirService Version: 6.31.00.01 AVE Version 6.31.0.9 VDF Version: 6.31.0.221
30/07/2005,12:55:15 AVGuard has been started successfully!
30/07/2005,12:56:29 [LOGON] Connection request by remote computer. Establishing secure communication channel.
30/07/2005,12:56:31 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaa882d3.
30/07/2005,13:53:22 [INFO] Stop Filter Device.
30/07/2005,13:53:23 AVGuard service has been stopped!
30/07/2005,14:34:03 ---------------------------------------------------------
30/07/2005,14:34:03 [INIT] The AVGuard Service is starting.
30/07/2005,14:34:14 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
30/07/2005,14:34:24 [INFO] Start Filter Device.
30/07/2005,14:34:24 AntiVirService Version: 6.31.00.01 AVE Version 6.31.0.9 VDF Version: 6.31.0.221
30/07/2005,14:34:24 AVGuard has been started successfully!
30/07/2005,14:35:36 [LOGON] Connection request by remote computer. Establishing secure communication channel.
30/07/2005,14:35:37 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaa8b331.
30/07/2005,15:09:32 [INFO] Stop Filter Device.
30/07/2005,15:09:34 AVGuard service has been stopped!
30/07/2005,15:48:16 ---------------------------------------------------------
30/07/2005,15:48:16 [INIT] The AVGuard Service is starting.
30/07/2005,15:48:23 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
30/07/2005,15:48:37 [INFO] Start Filter Device.
30/07/2005,15:48:37 AntiVirService Version: 6.31.00.01 AVE Version 6.31.0.9 VDF Version: 6.31.0.221
30/07/2005,15:48:37 AVGuard has been started successfully!
30/07/2005,15:49:47 [LOGON] Connection request by remote computer. Establishing secure communication channel.
30/07/2005,15:49:48 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaa8bb77.
30/07/2005,16:49:44 WARNING: Is the Trojan horse TR/Dldr.Small.bat.1!
C:\DOCUME~1\CARO-GUY\LOCALS~1\TEMP\22319.EXE
File has been deleted!
30/07/2005,17:43:57 [INFO] Stop Filter Device.
30/07/2005,17:43:58 AVGuard service has been stopped!
30/07/2005,22:42:18 ---------------------------------------------------------
30/07/2005,22:42:18 [INIT] The AVGuard Service is starting.
30/07/2005,22:42:25 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
30/07/2005,22:42:39 [INFO] Start Filter Device.
30/07/2005,22:42:39 AntiVirService Version: 6.31.00.01 AVE Version 6.31.0.9 VDF Version: 6.31.0.221
30/07/2005,22:42:39 AVGuard has been started successfully!
30/07/2005,22:43:56 [LOGON] Connection request by remote computer. Establishing secure communication channel.
30/07/2005,22:43:59 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaa89805.
30/07/2005,23:43:51 WARNING: Is the Trojan horse TR/Dldr.Small.bat.1!
C:\DOCUME~1\CARO-GUY\LOCALS~1\TEMP\5158.EXE
File has been deleted!
31/07/2005,00:15:18 [INFO] Stop Filter Device.
31/07/2005,00:15:19 AVGuard service has been stopped!
31/07/2005,07:29:46 ---------------------------------------------------------
31/07/2005,07:29:46 [INIT] The AVGuard Service is starting.
31/07/2005,07:29:52 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
31/07/2005,07:30:02 [INFO] Start Filter Device.
31/07/2005,07:30:02 AntiVirService Version: 6.31.00.01 AVE Version 6.31.0.9 VDF Version: 6.31.0.221
31/07/2005,07:30:02 AVGuard has been started successfully!
31/07/2005,07:31:46 [LOGON] Connection request by remote computer. Establishing secure communication channel.
31/07/2005,07:31:49 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaa8262a.
31/07/2005,08:31:41 WARNING: Is the Trojan horse TR/Dldr.Small.bat.1!
C:\DOCUME~1\CARO-GUY\LOCALS~1\TEMP\10272.EXE
File has been deleted!
31/07/2005,09:01:26 [INFO] Stop Filter Device.
31/07/2005,09:01:28 AVGuard service has been stopped!
31/07/2005,13:39:31 ---------------------------------------------------------
31/07/2005,13:39:31 [INIT] The AVGuard Service is starting.
31/07/2005,13:39:39 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
31/07/2005,13:39:49 [INFO] Start Filter Device.
31/07/2005,13:39:49 AntiVirService Version: 6.31.00.01 AVE Version 6.31.0.9 VDF Version: 6.31.0.221
31/07/2005,13:39:49 AVGuard has been started successfully!
31/07/2005,13:41:03 [LOGON] Connection request by remote computer. Establishing secure communication channel.
31/07/2005,13:41:05 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaa88e25.
31/07/2005,13:46:41 [INFO] Stop Filter Device.
31/07/2005,13:46:42 AVGuard service has been stopped!
31/07/2005,13:46:43 ---------------------------------------------------------
31/07/2005,13:46:43 [INIT] The AVGuard Service is starting.
31/07/2005,13:46:49 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
31/07/2005,13:46:50 [INFO] Start Filter Device.
31/07/2005,13:46:50 AntiVirService Version: 6.31.00.01 AVE Version 6.31.1.0 VDF Version: 6.31.1.39
31/07/2005,13:46:50 AVGuard has been started successfully!
31/07/2005,13:46:55 [LOGON] Connection request by remote computer. Establishing secure communication channel.
31/07/2005,13:46:56 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaadd452.
31/07/2005,14:40:58 WARNING: Is the Trojan horse TR/Dldr.Small.bat.1!
C:\DOCUME~1\CARO-GUY\LOCALS~1\TEMP\17091.EXE
File has been deleted!
31/07/2005,15:29:36 [INFO] Stop Filter Device.
31/07/2005,15:29:36 AVGuard service has been stopped!
31/07/2005,16:52:29 ---------------------------------------------------------
31/07/2005,16:52:29 [INIT] The AVGuard Service is starting.
31/07/2005,16:52:40 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
31/07/2005,16:52:50 [INFO] Start Filter Device.
31/07/2005,16:52:50 AntiVirService Version: 6.31.00.01 AVE Version 6.31.1.0 VDF Version: 6.31.1.39
31/07/2005,16:52:50 AVGuard has been started successfully!
31/07/2005,16:54:10 [LOGON] Connection request by remote computer. Establishing secure communication channel.
31/07/2005,16:54:13 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaa8ed1a.
31/07/2005,17:54:13 WARNING: Is the Trojan horse TR/Dldr.Small.bat.1!
C:\DOCUME~1\CARO-GUY\LOCALS~1\TEMP\22181.EXE
File has been deleted!
31/07/2005,18:54:16 WARNING: Is the Trojan horse TR/Dldr.Small.alr.1!
C:\DOCUME~1\CARO-GUY\LOCALS~1\TEMP\27065.EXE
File has been deleted!
31/07/2005,19:54:19 WARNING: Is the Trojan horse TR/Dldr.Small.bat.1!
C:\DOCUME~1\CARO-GUY\LOCALS~1\TEMP\31860.EXE
File has been deleted!
31/07/2005,20:54:24 WARNING: Is the Trojan horse TR/Dldr.Small.bat.1!
C:\DOCUME~1\CARO-GUY\LOCALS~1\TEMP\31824.EXE
File has been deleted!
31/07/2005,21:54:39 WARNING: Is the Trojan horse TR/Dldr.Small.alr.1!
C:\DOCUME~1\CARO-GUY\LOCALS~1\TEMP\16581.EXE
File has been deleted!
31/07/2005,22:54:49 WARNING: Is the Trojan horse TR/Dldr.Small.bat.1!
C:\DOCUME~1\CARO-GUY\LOCALS~1\TEMP\8894.EXE
File has been deleted!
31/07/2005,23:48:24 [INFO] Stop Filter Device.
31/07/2005,23:48:26 AVGuard service has been stopped!
01/08/2005,05:35:44 ---------------------------------------------------------
01/08/2005,05:35:44 [INIT] The AVGuard Service is starting.
01/08/2005,05:35:54 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
01/08/2005,05:36:01 [INFO] Start Filter Device.
01/08/2005,05:36:01 AntiVirService Version: 6.31.00.01 AVE Version 6.31.1.0 VDF Version: 6.31.1.39
01/08/2005,05:36:01 AVGuard has been started successfully!
01/08/2005,05:37:44 [LOGON] Connection request by remote computer. Establishing secure communication channel.
01/08/2005,05:37:46 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaa826f2.
01/08/2005,06:32:36 [INFO] Stop Filter Device.
01/08/2005,06:32:36 AVGuard service has been stopped!
01/08/2005,14:10:35 ---------------------------------------------------------
01/08/2005,14:10:35 [INIT] The AVGuard Service is starting.
01/08/2005,14:10:44 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
01/08/2005,14:10:55 [INFO] Start Filter Device.
01/08/2005,14:10:55 AntiVirService Version: 6.31.00.01 AVE Version 6.31.1.0 VDF Version: 6.31.1.39
01/08/2005,14:10:55 AVGuard has been started successfully!
01/08/2005,14:11:55 [LOGON] Connection request by remote computer. Establishing secure communication channel.
01/08/2005,14:11:57 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaab456a.
01/08/2005,14:48:38 [INFO] Stop Filter Device.
01/08/2005,14:48:39 AVGuard service has been stopped!
01/08/2005,18:25:45 ---------------------------------------------------------
01/08/2005,18:25:45 [INIT] The AVGuard Service is starting.
01/08/2005,18:25:55 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
01/08/2005,18:26:05 [INFO] Start Filter Device.
01/08/2005,18:26:05 AntiVirService Version: 6.31.00.01 AVE Version 6.31.1.0 VDF Version: 6.31.1.39
01/08/2005,18:26:05 AVGuard has been started successfully!
01/08/2005,18:27:25 [LOGON] Connection request by remote computer. Establishing secure communication channel.
01/08/2005,18:27:27 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaa8950b.
01/08/2005,19:27:26 WARNING: Is the Trojan horse TR/Dldr.Small.bat.1!
C:\DOCUME~1\CARO-GUY\LOCALS~1\TEMP\27689.EXE
File has been deleted!
01/08/2005,20:20:32 [INFO] Stop Filter Device.
01/08/2005,20:20:34 AVGuard service has been stopped!
01/08/2005,22:15:56 ---------------------------------------------------------
01/08/2005,22:15:56 [INIT] The AVGuard Service is starting.
01/08/2005,22:16:07 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
01/08/2005,22:16:14 [INFO] Start Filter Device.
01/08/2005,22:16:14 AntiVirService Version: 6.31.00.01 AVE Version 6.31.1.0 VDF Version: 6.31.1.39
01/08/2005,22:16:14 AVGuard has been started successfully!
01/08/2005,22:17:53 [LOGON] Connection request by remote computer. Establishing secure communication channel.
01/08/2005,22:17:54 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaa8df23.
01/08/2005,22:52:43 [INFO] Stop Filter Device.
01/08/2005,22:52:44 AVGuard service has been stopped!
02/08/2005,05:35:26 ---------------------------------------------------------
02/08/2005,05:35:26 [INIT] The AVGuard Service is starting.
02/08/2005,05:35:36 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
02/08/2005,05:35:43 [INFO] Start Filter Device.
02/08/2005,05:35:43 AntiVirService Version: 6.31.00.01 AVE Version 6.31.1.0 VDF Version: 6.31.1.39
02/08/2005,05:35:43 AVGuard has been started successfully!
02/08/2005,05:36:52 [LOGON] Connection request by remote computer. Establishing secure communication channel.
02/08/2005,05:36:54 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaa8af52.
02/08/2005,06:23:05 [INFO] Stop Filter Device.
02/08/2005,06:23:06 AVGuard service has been stopped!
02/08/2005,14:11:41 ---------------------------------------------------------
02/08/2005,14:11:41 [INIT] The AVGuard Service is starting.
02/08/2005,14:11:51 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
02/08/2005,14:12:01 [INFO] Start Filter Device.
02/08/2005,14:12:01 AntiVirService Version: 6.31.00.01 AVE Version 6.31.1.0 VDF Version: 6.31.1.39
02/08/2005,14:12:01 AVGuard has been started successfully!
02/08/2005,14:13:24 [LOGON] Connection request by remote computer. Establishing secure communication channel.
02/08/2005,14:13:26 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaa8ee61.
02/08/2005,14:32:36 [INFO] Stop Filter Device.
02/08/2005,14:32:38 AVGuard service has been stopped!
02/08/2005,17:30:58 ---------------------------------------------------------
02/08/2005,17:30:58 [INIT] The AVGuard Service is starting.
02/08/2005,17:31:04 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
02/08/2005,17:31:15 [INFO] Start Filter Device.
02/08/2005,17:31:15 AntiVirService Version: 6.31.00.01 AVE Version 6.31.1.0 VDF Version: 6.31.1.39
02/08/2005,17:31:15 AVGuard has been started successfully!
02/08/2005,17:33:00 [LOGON] Connection request by remote computer. Establishing secure communication channel.
02/08/2005,17:33:02 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaa83a4b.
02/08/2005,18:32:55 WARNING: Is the Trojan horse TR/Dldr.Small.bat.1!
C:\DOCUME~1\CARO-GUY\LOCALS~1\TEMP\4242.EXE
File has been deleted!
02/08/2005,19:32:59 WARNING: Is the Trojan horse TR/Dldr.Small.alr.1!
C:\DOCUME~1\CARO-GUY\LOCALS~1\TEMP\16741.EXE
File has been deleted!
02/08/2005,20:42:13 WARNING: Is the Trojan horse TR/Dldr.Small.bat.1!
C:\DOCUME~1\CARO-GUY\LOCALS~1\TEMP\2855.EXE
File has been deleted!
re,
1/utilise ceci
Clean Up 40:
http://pageperso.aol.fr/balltrap34/CleanUp40.exe
-aide en image:(merci a Balltrap34)
http://pageperso.aol.fr/balltrap34/democleanup.htm
2/fix ceci dans hijack this
O4 - HKLM\..\Run: [Daily Weather Forecast] C:\Program Files\Daily Weather Forecast\weather.exe
Supprime le fichier
C:\Program Files\Daily Weather Forecast
Redemarre et remet un log stp
Dis moi ou tu en es
a+
1/utilise ceci
Clean Up 40:
http://pageperso.aol.fr/balltrap34/CleanUp40.exe
-aide en image:(merci a Balltrap34)
http://pageperso.aol.fr/balltrap34/democleanup.htm
2/fix ceci dans hijack this
O4 - HKLM\..\Run: [Daily Weather Forecast] C:\Program Files\Daily Weather Forecast\weather.exe
Supprime le fichier
C:\Program Files\Daily Weather Forecast
Redemarre et remet un log stp
Dis moi ou tu en es
a+
Voici, j'ai effectuée ( j'espère sans erreurs) vos conseils:
Logfile of HijackThis v1.99.1
Scan saved at 6:33:17, on 3/08/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP4 (5.00.2920.0000)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
F:\Securite\AVPersonal\AVGUARD.EXE
F:\Securite\AVPersonal\AVWUPSRV.EXE
C:\WINNT\System32\CTSvcCDA.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\Fichiers communs\Adaptec Shared\CreateCD\CreateCD50.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Support.com\bin\tgcmd.exe
F:\Securite\AVPersonal\AVGNT.EXE
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\WINNT\system32\internat.exe
C:\Program Files\RamBoost XP\rambxpfr.exe
F:\ATransit\hijackthis_199\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.letopweb.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.fr.msn.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://F%3A%5CMozilla%5Csearchplugins%5Cgoogle.src"); (C:\Documents and Settings\Caro-Guy\Application Data\Mozilla\Profiles\default\oa8v2foi.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: @msdxmLC.dll,-1@1036,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Détecteur de disque] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Fichiers communs\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor
O4 - HKLM\..\Run: [QuickTime Task] "F:\securite\quick\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PrevxHome] F:\Securite\prevx\SAGUI.exe
O4 - HKLM\..\Run: [AVGCtrl] "F:\Securite\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [IECHECK.EXE] C:\WINNT\iecheck.exe
O4 - HKCU\..\Run: [RamBoostXp] C:\Program Files\RamBoost XP\rambxpfr.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Microsoft_Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .png: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.fr.msn.com
O14 - IERESET.INF: MS_START_PAGE_URL=http://www.fr.msn.com
O16 - DPF: ServerPushBox - http://www.spot.be/servp12.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - F:\Securite\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - F:\Securite\AVPersonal\AVWUPSRV.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTSvcCDA.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
Logfile of HijackThis v1.99.1
Scan saved at 6:33:17, on 3/08/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP4 (5.00.2920.0000)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
F:\Securite\AVPersonal\AVGUARD.EXE
F:\Securite\AVPersonal\AVWUPSRV.EXE
C:\WINNT\System32\CTSvcCDA.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\Fichiers communs\Adaptec Shared\CreateCD\CreateCD50.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Support.com\bin\tgcmd.exe
F:\Securite\AVPersonal\AVGNT.EXE
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\WINNT\system32\internat.exe
C:\Program Files\RamBoost XP\rambxpfr.exe
F:\ATransit\hijackthis_199\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.letopweb.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.fr.msn.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://F%3A%5CMozilla%5Csearchplugins%5Cgoogle.src"); (C:\Documents and Settings\Caro-Guy\Application Data\Mozilla\Profiles\default\oa8v2foi.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: @msdxmLC.dll,-1@1036,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Détecteur de disque] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Fichiers communs\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor
O4 - HKLM\..\Run: [QuickTime Task] "F:\securite\quick\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PrevxHome] F:\Securite\prevx\SAGUI.exe
O4 - HKLM\..\Run: [AVGCtrl] "F:\Securite\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [IECHECK.EXE] C:\WINNT\iecheck.exe
O4 - HKCU\..\Run: [RamBoostXp] C:\Program Files\RamBoost XP\rambxpfr.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Microsoft_Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .png: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.fr.msn.com
O14 - IERESET.INF: MS_START_PAGE_URL=http://www.fr.msn.com
O16 - DPF: ServerPushBox - http://www.spot.be/servp12.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - F:\Securite\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - F:\Securite\AVPersonal\AVWUPSRV.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTSvcCDA.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
Et bien je n'ai plus eu l'alarme Antivir pour l'instant
Je te remercie beaucoup
PS comment avais-tu remaqué que c'étatit celui - là qui provoquait le phénmène?
Encore merci
Je te remercie beaucoup
PS comment avais-tu remaqué que c'étatit celui - là qui provoquait le phénmène?
Encore merci
coucou
tout d abord ton antivirus generait le rapport quotidien de cette infection
C:\DOCUME~1\CARO-GUY\LOCALS~1\TEMP\4242.EXE
Ensuite dans ton log, il y avait que cela de mauvais, je le connaissais de nom donc je l ai vu tout de suite
et voila
bon surf caroline et si tu as des questions, n hesites pas
bisous
tout d abord ton antivirus generait le rapport quotidien de cette infection
C:\DOCUME~1\CARO-GUY\LOCALS~1\TEMP\4242.EXE
Ensuite dans ton log, il y avait que cela de mauvais, je le connaissais de nom donc je l ai vu tout de suite
et voila
bon surf caroline et si tu as des questions, n hesites pas
bisous
Salut tout le monde,
Tout d'abord, merci pour la méthode. J'ai eu le même problème et ça semble ok maintenant.
Je voulais juste savoir d'où pouvait venir ce fichier "daily weather forecast"?
Encore MERCI!
Tout d'abord, merci pour la méthode. J'ai eu le même problème et ça semble ok maintenant.
Je voulais juste savoir d'où pouvait venir ce fichier "daily weather forecast"?
Encore MERCI!
salut kabuto
http://www.commentcamarche.net/forum/affich-1664126-spysherif-aider-moi-svp#2005-08-05%2014%3A47%3A30
Apparemment Jack a trouver une info ici et l explique
Voila; en esperant que cela t aide
si tu as des questions, nous sommes la pour t aider a y apporter une reponse
bon dimanche
http://www.commentcamarche.net/forum/affich-1664126-spysherif-aider-moi-svp#2005-08-05%2014%3A47%3A30
Apparemment Jack a trouver une info ici et l explique
Voila; en esperant que cela t aide
si tu as des questions, nous sommes la pour t aider a y apporter une reponse
bon dimanche
