[aide] pour eradication de virus

Résolu
la_paille Messages postés 24 Statut Membre -  
 Utilisateur anonyme -
Bonjour,

alors voila j ai de gros problemes avec mon ordinateur et mon antivirus (antivir) qui detecte des vers de partout. J ai essayé de me servir de patch mais cela n a pas tout résolu... Si quelqu un pouvait m aider a m en sortir... J ai vu sur d autres discussions qu Hijack était utile donc voila ce qu il en ressort.

Merci d avance,

Logfile of HijackThis v1.99.1
Scan saved at 08:12:41, on 02/11/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\LAUNCH~1\QtZpAcer.EXE
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\AVPersonal\AVSched32.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Documents and Settings\Moi\Mes documents\FixMytob.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
C:\PROGRA~1\CleanUp!\cleanup.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Moi\Mes documents\outils\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=10.203.15.25:808;gopher=10.203.15.25:808;http=10.203.15.25:808;https=10.203.15.25:808;socks=10.203.15.25:808
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Barre d'outils Texto Web - {4E7BD74F-2B8D-469E-C0FF-FD63A08DBF29} - C:\WINDOWS\DOWNLO~1\textobar.dll
O3 - Toolbar: Barre d'outils Texto Web - {4E7BD74F-2B8D-469E-C0FF-FD63A08DBF29} - C:\WINDOWS\DOWNLO~1\textobar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZpAcer.EXE
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [AVSCHED32] C:\Program Files\AVPersonal\AVSched32.EXE /min
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [WINTASK] taskgmr.exe
O4 - HKLM\..\RunServices: [WINTASK] taskgmr.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [WINTASK] taskgmr.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1A8D59CC-9BFC-44D8-9578-F2D9C7D09269}: NameServer = 10.200.1.1
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O21 - SSODL: CGCJBGF0 - {389C0A4B-21FA-6624-23B2-09DA04203382} - C:\WINDOWS\System32\Dieeijeb.dll (file missing)
O21 - SSODL: mtkle - {84E673EF-0FF6-431B-748C-FB1627EC8440} - C:\WINDOWS\System32\ffhna32.dll (file missing)
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

25 réponses

  • 1
  • 2
  1. Utilisateur anonyme
     
    salut
    tu peux faire ceci avant?
    demarer<poste de travail < c < program files < av personal < logfiles < NTGRDRT.LOG <---copie/colle sur le forum tout ce qu il y a a l interieur stp

    a+
    0
    1. la_paille Messages postés 24 Statut Membre
       
      voila c est fait

      01/11/2005,23:18:38 [INFO] Stop Filter Device.
      01/11/2005,23:18:41 AVGuard service has been stopped!
      02/11/2005,07:50:22 ---------------------------------------------------------
      02/11/2005,07:50:22 [INIT] The AVGuard Service is starting.
      02/11/2005,07:50:27 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
      02/11/2005,07:50:29 [LOGON] Connection request by remote computer. Establishing secure communication channel.
      02/11/2005,07:50:29 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaa3e1a.
      02/11/2005,07:51:10 [INFO] Start Filter Device.
      02/11/2005,07:51:10 AntiVirService Version: 6.32.00.12 AVE Version 6.32.0.57 VDF Version: 6.32.0.127
      02/11/2005,07:51:10 AVGuard has been started successfully!
      02/11/2005,07:51:46 WARNING: Contains signature of the worm WORM/Mytob.KV!
      C:\WINDOWS\SYSTEM32\TASKGMR.EXE
      02/11/2005,07:51:57 WARNING: Contains signature of the worm WORM/Mytob.KV!
      C:\WINDOWS\SYSTEM32\TASKGMR.EXE
      02/11/2005,07:51:56 WARNING: Contains signature of the worm WORM/Mytob.KV!
      C:\WINDOWS\SYSTEM32\TASKGMR.EXE
      02/11/2005,07:51:56 WARNING: Contains signature of the worm WORM/Mytob.KV!
      C:\WINDOWS\SYSTEM32\TASKGMR.EXE
      02/11/2005,07:51:54 WARNING: Contains signature of the worm WORM/Mytob.KV!
      C:\WINDOWS\SYSTEM32\TASKGMR.EXE
      02/11/2005,07:51:28 WARNING: Is the Trojan horse TR/Qhost.AA!
      C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
      02/11/2005,07:52:01 WARNING: Contains signature of the worm WORM/Mytob.KV!
      C:\WINDOWS\SYSTEM32\TASKGMR.EXE
      02/11/2005,07:52:00 WARNING: Contains signature of the worm WORM/Mytob.KV!
      C:\WINDOWS\SYSTEM32\TASKGMR.EXE
      02/11/2005,07:52:00 WARNING: Contains signature of the worm WORM/Mytob.KV!
      C:\WINDOWS\SYSTEM32\TASKGMR.EXE
      02/11/2005,07:51:59 WARNING: Contains signature of the worm WORM/Mytob.KV!
      C:\WINDOWS\SYSTEM32\TASKGMR.EXE
      02/11/2005,07:52:04 WARNING: Contains signature of the worm WORM/Mytob.KV!
      C:\WINDOWS\SYSTEM32\TASKGMR.EXE
      02/11/2005,07:52:04 WARNING: Contains signature of the worm WORM/Mytob.KV!
      C:\WINDOWS\SYSTEM32\TASKGMR.EXE
      02/11/2005,07:52:04 WARNING: Contains signature of the worm WORM/Mytob.KV!
      C:\WINDOWS\SYSTEM32\TASKGMR.EXE
      02/11/2005,07:52:04 WARNING: Contains signature of the worm WORM/Mytob.KV!
      C:\WINDOWS\SYSTEM32\TASKGMR.EXE
      02/11/2005,07:52:15 WARNING: Contains signature of the worm WORM/Mytob.KV!
      C:\WINDOWS\SYSTEM32\TASKGMR.EXE
      02/11/2005,07:52:14 WARNING: Contains signature of the worm WORM/Mytob.KV!
      C:\WINDOWS\SYSTEM32\TASKGMR.EXE
      02/11/2005,07:52:14 WARNING: Contains signature of the worm WORM/Mytob.KV!
      C:\WINDOWS\SYSTEM32\TASKGMR.EXE
      02/11/2005,07:52:17 WARNING: Contains signature of the worm WORM/Mytob.KV!
      C:\WINDOWS\SYSTEM32\TASKGMR.EXE
      02/11/2005,07:52:18 WARNING: Contains signature of the worm WORM/Mytob.KV!
      C:\WINDOWS\SYSTEM32\TASKGMR.EXE
      02/11/2005,07:52:20 WARNING: Contains signature of the worm WORM/Mytob.KV!
      C:\WINDOWS\SYSTEM32\TASKGMR.EXE
      02/11/2005,07:52:20 WARNING: Contains signature of the worm WORM/Mytob.KV!
      C:\WINDOWS\SYSTEM32\TASKGMR.EXE
      02/11/2005,07:52:20 WARNING: Contains signature of the worm WORM/Mytob.KV!
      C:\WINDOWS\SYSTEM32\TASKGMR.EXE
      02/11/2005,07:52:20 WARNING: Contains signature of the worm WORM/Mytob.KV!
      C:\WINDOWS\SYSTEM32\TASKGMR.EXE
      02/11/2005,07:52:23 WARNING: Contains signature of the worm WORM/Mytob.KV!
      C:\WINDOWS\SYSTEM32\TASKGMR.EXE
      02/11/2005,07:52:34 WARNING: Contains signature of the worm WORM/Mytob.KV!
      C:\WINDOWS\SYSTEM32\TASKGMR.EXE
      02/11/2005,07:52:23 WARNING: Contains signature of the worm WORM/Mytob.KV!
      C:\WINDOWS\SYSTEM32\TASKGMR.EXE
      02/11/2005,07:52:23 WARNING: Contains signature of the worm WORM/Mytob.KV!
      C:\WINDOWS\SYSTEM32\TASKGMR.EXE
      02/11/2005,07:52:22 WARNING: Contains signature of the worm WORM/Mytob.KV!
      C:\WINDOWS\SYSTEM32\TASKGMR.EXE
      02/11/2005,07:52:42 WARNING: Contains signature of the worm WORM/Mytob.KV!
      C:\WINDOWS\SYSTEM32\TASKGMR.EXE
      02/11/2005,07:52:56 WARNING: Contains signature of the worm WORM/Mytob.KV!
      C:\WINDOWS\SYSTEM32\TASKGMR.EXE
      02/11/2005,07:53:02 WARNING: Contains signature of the worm WORM/Mytob.KV!
      C:\WINDOWS\SYSTEM32\TASKGMR.EXE
      02/11/2005,07:54:47 WARNING: Contains signature of the worm WORM/Padobot.Z.8!
      C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\D4EBCZJG\XXXXXXXXX[2]
      02/11/2005,07:55:13 WARNING: Contains signature of the worm WORM/Padobot.Z.8!
      C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\D4EBCZJG\XXXXXXXXX[3]
      02/11/2005,07:55:18 WARNING: Contains signature of the worm WORM/Padobot.Z.8!
      C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\D4EBCZJG\XXXXXXXXX[5]
      02/11/2005,07:55:22 WARNING: Contains signature of the worm WORM/Padobot.Z.8!
      C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\D4EBCZJG\XXXXXXXXX[6]
      02/11/2005,07:55:24 WARNING: Contains signature of the worm WORM/Padobot.Z.8!
      C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\D4EBCZJG\XXXXXXXXX[7]
      02/11/2005,07:55:26 WARNING: Contains signature of the worm WORM/Padobot.Z.8!
      C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\D4EBCZJG\XXXXXXXXX[8]
      02/11/2005,07:55:28 WARNING: Contains signature of the worm WORM/Padobot.Z.8!
      C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\D4EBCZJG\XXXXXXXXX[9]
      02/11/2005,07:55:30 WARNING: Contains signature of the worm WORM/Padobot.Z.8!
      C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\D4EBCZJG\XXXXXXXXX[10]
      02/11/2005,07:55:32 WARNING: Contains signature of the worm WORM/Padobot.Z.8!
      C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\MTX8V9OB\XXXXXXXXX[3]
      02/11/2005,07:55:45 WARNING: Is the Trojan horse TR/Qhost.AA!
      C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
      02/11/2005,07:59:40 WARNING: Contains signature of the worm WORM/Mytob.KV!
      C:\WINDOWS\SYSTEM32\NETHELL.EXE
      02/11/2005,07:59:44 WARNING: Contains signature of the worm WORM/Mytob.KV!
      C:\WINDOWS\SYSTEM32\BINGOO.EXE.VIR
      02/11/2005,07:59:46 WARNING: Contains signature of the worm WORM/Mytob.KV!
      C:\WINDOWS\SYSTEM32\BINGOO.EXE
      02/11/2005,07:59:46 WARNING: Contains signature of the worm WORM/Mytob.KV!
      C:\WINDOWS\SYSTEM32\TASKGMR.EXE
      0
  2. Utilisateur anonyme
     
    Bonjour,

    Méthode à suivre dans l'ordre...
    ----------------------------------------------------------------------------
    ¤Télécharge ces logiciels mais que tu n‘utilises pas tout de suite:

    1/

    Spybot S&D 1.4 <<nouvelle version.
    http://www.safer-networking.org/fr/index.html

    Démo d’utilisation (merci à Balltrap34 pour cette réalisation).
    http://pageperso.aol.fr/Balltrap34/demo%20spybot.htm

    2/

    Ad-Aware SE 1.06 <<nouvelle version.
    http://www.lavasoftusa.com/software/adaware/
    -Une aide:
    http://www.tutopat.com/viewtopic.php?t=1191
    - installe le patch français, tu pourras le trouver ici:
    http://download.lavasoft.de.edgesuite.net/public/pllangs.exe
    et une petite vidéo d'utilisation ici:(merci à Moe31 pour cette réalisation).
    http://pageperso.aol.fr/balltrap34/adawrevid.asf
    ----------------------------------------------------------------------------
    ¤Désactive ta restauration système (uniquement si tu es sous XP):
    Clic droit sur poste de travail puis,
    propriété, tu cliques sur onglet restauration système
    tu coches la case « désactiver la restauration » et applique.
    ----------------------------------------------------------------------------
    ¤Affiche tous les fichiers et dossiers :
    Clique sur démarrer/panneau de configuration/outil/option des dossiers/affichage

    Coche « afficher les fichiers et dossiers cachés »

    Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"

    Décoche « masquer les extensions dont le type est connu »
    Puis fais «Ok» pour valider les changements.

    Et appliquer !
    ----------------------------------------------------------------------------
    ¤Vide tes fichiers temps et temporary internet file:

    :: Supprimer les fichiers temporaires ::
    vider tout le contenu de ces dossiers.

    Passe clean up !
    ----------------------------------------------------------------------------
    ¤Relance HijackThis, coche les cases devant ces lignes et ensuite clique sur fix checked :

    O4 - HKLM\..\Run: [WINTASK] taskgmr.exe

    O4 - HKLM\..\RunServices: [WINTASK] taskgmr.exe

    O4 - HKCU\..\Run: [WINTASK] taskgmr.exe

    O21 - SSODL: CGCJBGF0 - {389C0A4B-21FA-6624-23B2-09DA04203382} - C:\WINDOWS\System32\Dieeijeb.dll (file missing)

    O21 - SSODL: mtkle - {84E673EF-0FF6-431B-748C-FB1627EC8440} - C:\WINDOWS\System32\ffhna32.dll (file missing)

    ----------------------------------------------------------------------------
    ¤Démarre en mode sans échec :
    Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter
    Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
    Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
    (Si F8 ne marche pas utilise la touche F5).
    ----------------------------------------------------------------------------
    ¤Recherche et supprime ceci:
    attention seulement les fichiers (si présents).

    C:\WINDOWS\SYSTEM32\TASKGMR.EXE

    ----------------------------------------------------------------------------
    ¤ Passe Ad-Aware et supprime tout ce qu’il trouve + supprime les quarantaines…
    ----------------------------------------------------------------------------
    ¤ Passe Spybot et corrige tout ce qu’il trouve + vaccine + supprime les quarantaines…
    ----------------------------------------------------------------------------
    ¤ Vide ta Corbeille.
    ----------------------------------------------------------------------------
    ¤ Redémarre en mode normal,

    Lance ce scan en ligne:
    http://www.bitdefender.com/scan/licence.php
    Copie/colle le rapport

    relance Hijackthis et copie/colle un nouveau rapport sur le forum.

    Précise tes soucis s’il en reste....

    Tiens-moi au courant

    A+
    0
    1. la_paille Messages postés 24 Statut Membre
       
      toujours des alertes d antivir ...bitdefender est en trian de s executer...



      Logfile of HijackThis v1.99.1
      Scan saved at 10:07:14, on 02/11/2005
      Platform: Windows XP SP1 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\csrss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\System32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\SOUNDMAN.EXE
      C:\WINDOWS\AGRSMMSG.exe
      C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
      C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
      C:\PROGRA~1\LAUNCH~1\QtZpAcer.EXE
      C:\Program Files\Messenger Plus! 3\MsgPlus.exe
      C:\Program Files\AVPersonal\AVGNT.EXE
      C:\Program Files\AVPersonal\AVSched32.EXE
      C:\Program Files\Messenger\msmsgs.exe
      C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
      C:\WINDOWS\System32\alg.exe
      C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
      C:\Program Files\AVPersonal\AVWUPSRV.EXE
      C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\System32\wdfmgr.exe
      C:\Program Files\Internet Explorer\IEXPLORE.EXE
      C:\Program Files\Internet Explorer\IEXPLORE.EXE
      C:\Documents and Settings\Moi\Mes documents\outils\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=10.203.15.25:808;gopher=10.203.15.25:808;http=10.203.15.25:808;https=10.203.15.25:808;socks=10.203.15.25:808
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
      O2 - BHO: Barre d'outils Texto Web - {4E7BD74F-2B8D-469E-C0FF-FD63A08DBF29} - C:\WINDOWS\DOWNLO~1\textobar.dll
      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O3 - Toolbar: Barre d'outils Texto Web - {4E7BD74F-2B8D-469E-C0FF-FD63A08DBF29} - C:\WINDOWS\DOWNLO~1\textobar.dll
      O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
      O4 - HKLM\..\Run: [LaunchApp] Alaunch
      O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
      O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
      O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
      O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
      O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
      O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
      O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZpAcer.EXE
      O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
      O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
      O4 - HKLM\..\Run: [AVSCHED32] C:\Program Files\AVPersonal\AVSched32.EXE /min
      O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
      O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
      O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
      O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
      O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
      O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
      O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
      O17 - HKLM\System\CCS\Services\Tcpip\..\{1A8D59CC-9BFC-44D8-9578-F2D9C7D09269}: NameServer = 10.200.1.1
      O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
      O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
      O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
      O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
      O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

      ______________________________________________________

      02/11/2005,09:37:52 [INIT] The AVGuard Service is starting.
      02/11/2005,09:37:56 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
      02/11/2005,09:38:02 [LOGON] Connection request by remote computer. Establishing secure communication channel.
      02/11/2005,09:38:02 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaa027c.
      02/11/2005,09:38:16 [INFO] Start Filter Device.
      02/11/2005,09:38:16 AntiVirService Version: 6.32.00.12 AVE Version 6.32.0.57 VDF Version: 6.32.0.127
      02/11/2005,09:38:16 AVGuard has been started successfully!
      02/11/2005,09:50:35 WARNING: Contains signature of the worm WORM/Mytob.KV!
      C:\WINDOWS\SYSTEM32\NETHELL.EXE
      02/11/2005,09:50:50 WARNING: Contains signature of the worm WORM/Mytob.KV!
      C:\WINDOWS\SYSTEM32\BINGOO.EXE
      02/11/2005,09:55:01 WARNING: Contains signature of the worm WORM/Padobot.Z.8!
      C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\D4EBCZJG\XXXXXXXXX[2]
      02/11/2005,09:55:09 WARNING: Contains signature of the worm WORM/Padobot.Z.8!
      C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\D4EBCZJG\XXXXXXXXX[3]
      02/11/2005,09:55:11 WARNING: Contains signature of the worm WORM/Padobot.Z.8!
      C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\D4EBCZJG\XXXXXXXXX[5]
      02/11/2005,09:55:12 WARNING: Contains signature of the worm WORM/Padobot.Z.8!
      C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\D4EBCZJG\XXXXXXXXX[6]
      02/11/2005,09:55:14 WARNING: Contains signature of the worm WORM/Padobot.Z.8!
      C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\D4EBCZJG\XXXXXXXXX[7]
      02/11/2005,09:55:15 WARNING: Contains signature of the worm WORM/Padobot.Z.8!
      C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\D4EBCZJG\XXXXXXXXX[8]
      02/11/2005,09:55:15 WARNING: Contains signature of the worm WORM/Padobot.Z.8!
      C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\D4EBCZJG\XXXXXXXXX[9]
      02/11/2005,09:55:17 WARNING: Contains signature of the worm WORM/Padobot.Z.8!
      C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\D4EBCZJG\XXXXXXXXX[10]
      02/11/2005,09:55:18 WARNING: Contains signature of the worm WORM/Padobot.Z.8!
      C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\MTX8V9OB\XXXXXXXXX[3]
      02/11/2005,09:59:21 WARNING: Contains signature of the worm WORM/Mytob.KV!
      C:\WINDOWS\SYSTEM32\NETHELL.EXE
      02/11/2005,09:59:28 WARNING: Contains signature of the worm WORM/Mytob.KV!
      C:\WINDOWS\SYSTEM32\BINGOO.EXE.VIR
      02/11/2005,09:59:32 WARNING: Contains signature of the worm WORM/Mytob.KV!
      C:\WINDOWS\SYSTEM32\BINGOO.EXE.VIR
      02/11/2005,09:59:33 WARNING: Contains signature of the worm WORM/Mytob.KV!
      C:\WINDOWS\SYSTEM32\BINGOO.EXE
      02/11/2005,09:59:35 WARNING: Contains signature of the worm WORM/Mytob.KV!
      C:\WINDOWS\SYSTEM32\BINGOO.EXE
      02/11/2005,10:00:57 WARNING: Contains signature of the worm WORM/Mytob.KV!
      C:\WINDOWS\SYSTEM32\BINGOO.EXE
      02/11/2005,10:01:05 WARNING: Contains signature of the worm WORM/Mytob.KV!
      C:\WINDOWS\SYSTEM32\BINGOO.EXE
      0
  3. Utilisateur anonyme
     
    salut
    fais bitdefendder et apres on avisera ;-)

    a+
    0
    1. la_paille Messages postés 24 Statut Membre
       
      bit defender n a trouvé aucun probleme!
      0
  4. Utilisateur anonyme
     
    re
    utilise ceci comme sur la video

    Clean Up 40:
    http://pageperso.aol.fr/balltrap34/CleanUp40.exe
    -aide en image:(merci à Balltrap34).
    http://pageperso.aol.fr/balltrap34/democleanup.htm

    puis
    ¤Affiche tous les fichiers et dossiers :
    Clique sur démarrer/panneau de configuration/outil/option des dossiers/affichage

    Coche « afficher les fichiers et dossiers cachés »

    Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"

    Décoche « masquer les extensions dont le type est connu »
    Puis fais «Ok» pour valider les changements.

    Et appliquer !
    ----------------------------------------------------------------------------
    et supprime:
    C:\WINDOWS\SYSTEM32\NETHELL.EXE
    C:\WINDOWS\SYSTEM32\BINGOO.EXE

    a+
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. la_paille Messages postés 24 Statut Membre
     
    merci de ton aide régis, j ai fait tout ce que tu m avais dit. J ai redémarré apres avoir vider la corbeille. j espere que cela sera suffisant.
    une derniere petite question: antivir est il un antivirus valable selon toi? Dois je decocher la desactivation de rstauration du systeme?
    j execute antivir pour voir s il trouve encore qqch.

    voila le dernier hijack
    Logfile of HijackThis v1.99.1
    Scan saved at 11:04:39, on 02/11/2005
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\PROGRA~1\LAUNCH~1\QtZpAcer.EXE
    C:\Program Files\Messenger Plus! 3\MsgPlus.exe
    C:\Program Files\AVPersonal\AVGNT.EXE
    C:\Program Files\AVPersonal\AVSched32.EXE
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\WINDOWS\System32\alg.exe
    C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
    C:\Program Files\AVPersonal\AVWUPSRV.EXE
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\wdfmgr.exe
    C:\Documents and Settings\Moi\Mes documents\outils\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=10.203.15.25:808;gopher=10.203.15.25:808;http=10.203.15.25:808;https=10.203.15.25:808;socks=10.203.15.25:808
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: Barre d'outils Texto Web - {4E7BD74F-2B8D-469E-C0FF-FD63A08DBF29} - C:\WINDOWS\DOWNLO~1\textobar.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O3 - Toolbar: Barre d'outils Texto Web - {4E7BD74F-2B8D-469E-C0FF-FD63A08DBF29} - C:\WINDOWS\DOWNLO~1\textobar.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [LaunchApp] Alaunch
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZpAcer.EXE
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
    O4 - HKLM\..\Run: [AVSCHED32] C:\Program Files\AVPersonal\AVSched32.EXE /min
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{1A8D59CC-9BFC-44D8-9578-F2D9C7D09269}: NameServer = 10.200.1.1
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

    encore merci!
    0
  7. Utilisateur anonyme
     
    salut
    la restauration systeme, reactive la quand tu n auras plus de soucis (de mme pour les fichiers caches, recaches les quand tu n auras plus de soucis)
    **
    Pour antivir, si cela te rassure, c est l antivirus dont je dispose ;-)
    Tu devrais peut etre mieux te proteger grace a un pare feu, persollement j ai zone alarm
    - Un firewall
    http://www.inoculer.com/firewall5.php3
    http://www.firewall-net.com/
    http://www.commentcamarche.net/protect/firewall.php3

    Mais selon moi, antivir est un excellent antivirus, bien sur ne pas oublié de le mettre regulierement a jour ! C etait l un des meilleurs antivirus sur le marche il y a quelques mois, a l heure actuel, avast semble etre tres recommandable.ceci dit, je te conseilles de le garder (et en plus je le connais bien donc plus facile pour t aider lol)

    a+
    0
    1. la_paille Messages postés 24 Statut Membre
       
      encore une fois merci !
      antivir a trouvé encore des virus. je t envoie le rapport.

      Creation date of the report file: mercredi 2 novembre 2005 11:11

      AntiVir®/XP (2000 + NT) PersonalEdition Classic
      Build 1111 of 18.10.2005
      Mainprogram 6.32.00.50 of 13.10.2005
      VDF file 6.32.11.14 (0) of 01.11.2005


      This program is for PERSONAL USE only.
      Any other use is PROHIBITED.
      Informations regarding commercial versions of AntiVir may be obtained from:
      www.hbedv.com.


      Scanning for 239807 virus strains and unwanted programs.

      Licensed for: AntiVir Personal Edition
      Serial number: 0000149991-WURGE-0001

      Please enter the workstation and
      contact name with phone number in this form:

      Name ___________________________________________

      Street ___________________________________________

      Town ___________________________________________

      Phone/Fax ___________________________________________

      Email ___________________________________________

      Platform: Windows NT Workstation
      Windows version: 5.1 Build 2600 (Service Pack 1)
      Username: Moi
      Processor: Pentium
      Working memory: 260592 KB free

      Version information:
      AVWIN.DLL : 6.32.00.50 561192 13.10.2005 16:32:14
      AVEWIN32.DLL : 6.32.0.57 954880 01.11.2005 14:58:32
      AVGNT.EXE : 6.32.00.02 180327 14.10.2005 12:32:02
      AVGUARD.EXE : 6.32.00.12 208424 17.10.2005 08:35:12
      GUARDMSG.DLL : 6.30.00.02 94248 01.02.2005 11:24:10
      AVGCMSG.DLL : 6.32.00.01 295029 13.10.2005 16:32:14
      AVGNTDW.SYS : 6.31.00.01 32896 29.04.2005 08:07:16
      AVPACK32.DLL : 6.32.00.02 319528 18.10.2005 11:57:30
      AVGETVER.DLL : 6.30.00.00 24576 28.01.2005 18:10:20
      AVSHLEXT.DLL : 6.30.00.01 40960 28.01.2005 18:10:22
      AVSched32.EXE : 6.32.00.01 110632 20.09.2005 14:16:24
      AVSched32.DLL : 6.30.00.00 122880 01.02.2005 11:24:10
      AVREG.DLL : 6.31.00.05 41000 07.09.2005 16:34:50
      AVRep.DLL : 6.32.00.120 1454120 01.11.2005 14:58:44
      INETUPD.EXE : 6.32.00.52 262203 17.10.2005 15:46:14
      INETUPD.DLL : 6.32.00.52 143360 17.10.2005 15:46:14
      CTL3D32.DLL : 2.31.000 27136 24.04.2003 12:00:00
      MFC42.DLL : 6.00.8665.0 995383 24.04.2003 12:00:00
      MSVCRT.DLL : 7.0.2600.1106 (xpsp1.020828-1920
      MSVCRT.DLL : 7.0.2600.1106 323072 24.04.2003 12:00:00
      CTL3DV2.DLL : No information

      Configuration file:

      Name of configuration file: C:\Program Files\AVPersonal\AVWIN.INI
      Name of report file: C:\Program Files\AVPersonal\LOGFILES\AVWIN.LOG
      Start path: C:\Program Files\AVPersonal
      Command line:
      Start mode: unknown

      Mode of report file:
      [ ] Do not create report
      [X] Overwrite report
      [ ] Append new report

      Data in report file:
      [X] Infected files
      [ ] Infected files with paths
      [ ] All scanned files
      [ ] Full information

      Abridge report file:
      [ ] Abridge report file

      Warnings in report:
      [X] Access denied/file locked
      [X] Wrong file size in directory
      [X] Wrong creation time in directory
      [ ] COM file is too large
      [X] Invalid start address
      [X] Invalid EXE header
      [X] Possibly damaged

      Summary report:
      [X] Create summary report
      Output file: AVWIN.ACT
      Maximum number of entries: 100

      Where to search:
      [X] Memory
      [X] Boot record of selected drives
      [ ] Report unknown boot sectors
      [X] All files
      [ ] Program files

      Response in case of a detection:
      [X] Repair with prompt
      [ ] Repair without prompt
      [ ] Delete with prompt
      [ ] Delete without prompt
      [ ] Write in report file only
      [X] Acoustic alarm

      Response in case of destroyed files:
      [ ] Delete with prompt
      [ ] Delete without prompt
      [X] Ignore

      Response in case of destroyed files:
      [X] No change
      [ ] Current system time
      [ ] Correct date

      Drag&drop settings:
      [X] Scan subdirectories

      Profile settings:
      [X] Scan subdirectories

      Archive options
      [X] Search archive
      [X] All archive types

      Miscellaneous options:
      Temporary path: %TEMP% -> C:\DOCUME~1\Moi\LOCALS~1\Temp
      [X] Overwrite infected files
      [ ] Detect idle time
      [X] Allow interruptions of scan
      [X] Load AVWin®/NT Guard on System start

      General settings:
      [X] Save options on exiting AntiVir
      Priority: medium

      Drives:
      C: Hard disk
      D: Hard disk
      E: CD-ROM

      Start of scan: mercredi 2 novembre 2005 11:11

      Memory test OK
      Master boot record of hard disk HD0 OK
      Boot record of drive C: OK
      Boot record of drive D: OK


      Access denied! Error during file opening!
      Error code: 0x0002
      C:\

      WARNING! Access error/file locked!
      Access denied! Error during file opening!
      Error code: 0x0002

      WARNING! Access error/file locked!
      C:\WINDOWS\system32
      BINGOO.EXE.VIR
      [DETECTION] Contains signature of the worm WORM/Mytob.KV
      C:\WINDOWS\system32\config
      system.LOG
      Access denied! Error during file opening!
      Error code: 0x000D
      WARNING! Access error/file locked!
      software.LOG
      Access denied! Error during file opening!
      Error code: 0x000D
      WARNING! Access error/file locked!
      default.LOG
      Access denied! Error during file opening!
      Error code: 0x000D
      WARNING! Access error/file locked!
      SECURITY
      Access denied! Error during file opening!
      Error code: 0x000D
      WARNING! Access error/file locked!
      SAM
      Access denied! Error during file opening!
      Error code: 0x000D
      WARNING! Access error/file locked!
      SAM.LOG
      Access denied! Error during file opening!
      Error code: 0x000D
      WARNING! Access error/file locked!
      SECURITY.LOG
      Access denied! Error during file opening!
      Error code: 0x000D
      WARNING! Access error/file locked!
      SYSTEM
      Access denied! Error during file opening!
      Error code: 0x000D
      WARNING! Access error/file locked!
      SOFTWARE
      Access denied! Error during file opening!
      Error code: 0x000D
      WARNING! Access error/file locked!
      DEFAULT
      Access denied! Error during file opening!
      Error code: 0x000D
      WARNING! Access error/file locked!
      C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\D4EBCZJG
      xxxxxxxxx[2]
      [DETECTION] Contains signature of the worm WORM/Padobot.Z.8
      xxxxxxxxx[3]
      [DETECTION] Contains signature of the worm WORM/Padobot.Z.8
      xxxxxxxxx[5]
      [DETECTION] Contains signature of the worm WORM/Padobot.Z.8
      xxxxxxxxx[6]
      [DETECTION] Contains signature of the worm WORM/Padobot.Z.8
      xxxxxxxxx[7]
      [DETECTION] Contains signature of the worm WORM/Padobot.Z.8
      xxxxxxxxx[8]
      [DETECTION] Contains signature of the worm WORM/Padobot.Z.8
      xxxxxxxxx[9]
      [DETECTION] Contains signature of the worm WORM/Padobot.Z.8
      xxxxxxxxx[10]
      [DETECTION] Contains signature of the worm WORM/Padobot.Z.8
      C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\MTX8V9OB
      xxxxxxxxx[3]
      [DETECTION] Contains signature of the worm WORM/Padobot.Z.8
      C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery
      AlexaRelated.zip
      ArchiveType: ZIP
      NOTE! The whole archive is password protected
      LSA.zip
      ArchiveType: ZIP
      NOTE! No files to extract.
      LSA1.zip
      ArchiveType: ZIP
      NOTE! The whole archive is password protected
      LSA2.zip
      ArchiveType: ZIP
      NOTE! No files to extract.
      SmitfraudC.zip
      ArchiveType: ZIP
      NOTE! The whole archive is password protected
      SmitfraudC1.zip
      ArchiveType: ZIP
      NOTE! No files to extract.
      SmitfraudC2.zip
      ArchiveType: ZIP
      NOTE! No files to extract.
      C:\Documents and Settings\NetworkService
      NTUSER.DAT
      Access denied! Error during file opening!
      Error code: 0x000D
      WARNING! Access error/file locked!
      ntuser.dat.LOG
      Access denied! Error during file opening!
      Error code: 0x000D
      WARNING! Access error/file locked!
      C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows
      UsrClass.dat
      Access denied! Error during file opening!
      Error code: 0x000D
      WARNING! Access error/file locked!
      UsrClass.dat.LOG
      Access denied! Error during file opening!
      Error code: 0x000D
      WARNING! Access error/file locked!
      C:\Documents and Settings\LocalService
      NTUSER.DAT
      Access denied! Error during file opening!
      Error code: 0x000D
      WARNING! Access error/file locked!
      ntuser.dat.LOG
      Access denied! Error during file opening!
      Error code: 0x000D
      WARNING! Access error/file locked!
      C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows
      UsrClass.dat
      Access denied! Error during file opening!
      Error code: 0x000D
      WARNING! Access error/file locked!
      UsrClass.dat.LOG
      Access denied! Error during file opening!
      Error code: 0x000D
      WARNING! Access error/file locked!
      C:\Documents and Settings\Moi
      NTUSER.DAT
      Access denied! Error during file opening!
      Error code: 0x000D
      WARNING! Access error/file locked!
      ntuser.dat.LOG
      Access denied! Error during file opening!
      Error code: 0x000D
      WARNING! Access error/file locked!
      C:\Documents and Settings\Moi\Local Settings\Application Data\Microsoft\Windows
      UsrClass.dat.LOG
      Access denied! Error during file opening!
      Error code: 0x000D
      WARNING! Access error/file locked!
      UsrClass.dat
      Access denied! Error during file opening!
      Error code: 0x000D
      WARNING! Access error/file locked!
      C:\Program Files\AVPersonal\INFECTED
      HOSTS.VIR
      [DETECTION] Is the Trojan horse TR/Qhost.AA
      C:\Program Files\WinRAR
      rarnew.dat
      ArchiveType: RAR
      NOTE! The archive is created by multiple volumes



      End of scan: mercredi 2 novembre 2005 11:32
      Time taken: 21:10 min


      1989 directories were scanned
      45229 files were scanned
      24 warning messages were issued
      0 files were deleted
      0 files were repaired
      11 detections
      0
  8. Utilisateur anonyme
     
    re,
    1/tu as utiliser clean up?

    2/rend toi ici
    C:\Program Files\AVPersonal\INFECTED <--supprime tout ce qu il y a a l interieur et vide ta corbeille !

    3/lance spybot
    supprime les sauvegardes et vaccines !

    4/Redemarre ton pc
    si tu as des fentres d antivir, choisis l option, mettre en quarantaine !

    a+
    0
    1. la_paille Messages postés 24 Statut Membre
       
      merci pour ton aide!
      J ai fait tout ce que tu m as dit et cela a l air de marcher.
      0
  9. Utilisateur anonyme
     
    re,
    tiens moi au courant , dis moi si ce soir tout est resolu

    a+
    0
    1. la_paille Messages postés 24 Statut Membre
       
      pas de probleme ce sera fait
      j ai un 2e ordi qui a qq pbs. si ca derange pas, je ferai passer...
      0
  10. Utilisateur anonyme
     
    salut
    oui pas de probleme :-)

    a+
    0
  11. la_paille Messages postés 24 Statut Membre
     
    rebonjour,

    voila ce que j obtiens sur mon 2e ordi pour hijack. Que dois je fixer?

    Logfile of HijackThis v1.99.1
    Scan saved at 14:26:23, on 02/11/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
    C:\Program Files\AVPersonal\AVWUPSRV.EXE
    C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\WINDOWS\explorer.exe
    C:\Documents and Settings\Compaq_Propriétaire\Mes documents\outils\FixMytob.exe
    C:\Documents and Settings\Compaq_Propriétaire\Mes documents\outils\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=Q305&bd=presario&pf=desktop
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q305&bd=presario&pf=desktop
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.free.fr/search/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q305&bd=presario&pf=desktop
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lequipe.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.free.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q305&bd=presario&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q305&bd=presario&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q305&bd=presario&pf=desktop
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=Q305&bd=presario&pf=desktop
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=Q305&bd=presario&pf=desktop
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;localhost;<local>
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: Barre d'outils Texto Web - {4E7BD74F-2B8D-469E-C0FF-FD63A08DBF29} - C:\WINDOWS\DOWNLO~1\textobar.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O3 - Toolbar: Barre d'outils Texto Web - {4E7BD74F-2B8D-469E-C0FF-FD63A08DBF29} - C:\WINDOWS\DOWNLO~1\textobar.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
    O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
    O4 - HKLM\..\Run: [AVSCHED32] C:\Program Files\AVPersonal\AVSched32.EXE /min
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [CCProxy] C:\Program Files\CCProxy\CCProxy.exe
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
    O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
    O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/
    O16 - DPF: {084DAC27-6FA3-4F55-9005-033F2F102F5C} (ITPPDiagIE Class) - http://data.jeuxclassiques.com/npwwg.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{A2E97F64-C932-40C1-89BA-D5FC8FFBEC2D}: NameServer = 10.200.1.1
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
    O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

    en ce qui concerne antivir , il n y a pas eu d alertes depuis l allumage de l ordi.

    je vais essayer de faire une analyse mais celle ci a du mal a se faire...

    a plus tard
    0
  12. Utilisateur anonyme
     
    re
    fixe ceci
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

    supprime ceci

    ALCXMNTR.EXE

    et ensuite:
    Lance ce scan en ligne:
    http://www.bitdefender.com/scan/licence.php
    Copie/colle le rapport

    a+
    0
    1. la_paille Messages postés 24 Statut Membre
       
      re
      pour le premier ordi cela semble casiment réglé.
      mon 2e ordi est sp2 donc le lien de bit defender ne marche pas.
      comment faire?
      voila le rapport d antivir:

      Creation date of the report file: mercredi 2 novembre 2005 14:43

      AntiVir®/XP (2000 + NT) PersonalEdition Classic
      Build 1111 of 18.10.2005
      Mainprogram 6.32.00.50 of 13.10.2005
      VDF file 6.32.11.14 (0) of 01.11.2005


      This program is for PERSONAL USE only.
      Any other use is PROHIBITED.
      Informations regarding commercial versions of AntiVir may be obtained from:
      www.hbedv.com.


      Scanning for 239807 virus strains and unwanted programs.

      Licensed for: AntiVir Personal Edition
      Serial number: 0000149991-WURGE-0001

      Please enter the workstation and
      contact name with phone number in this form:

      Name ___________________________________________

      Street ___________________________________________

      Town ___________________________________________

      Phone/Fax ___________________________________________

      Email ___________________________________________

      Platform: Windows NT Workstation
      Windows version: 5.1 Build 2600 (Service Pack 2)
      Username: Compaq_Propriétaire
      Computername: LA_PAILLE
      Processor: Pentium
      Working memory: 391664 KB free

      Version information:
      AVWIN.DLL : 6.32.00.50 561192 19.10.2005 15:48:52
      AVEWIN32.DLL : 6.32.0.57 954880 24.10.2005 10:55:46
      AVGNT.EXE : 6.32.00.02 180327 19.10.2005 15:48:52
      AVGUARD.EXE : 6.32.00.12 208424 19.10.2005 15:48:52
      GUARDMSG.DLL : 6.30.00.02 94248 01.02.2005 10:24:10
      AVGCMSG.DLL : 6.32.00.01 295029 19.10.2005 15:48:52
      AVGNTDW.SYS : 6.31.00.01 32896 29.04.2005 07:07:16
      AVPACK32.DLL : 6.32.00.02 319528 19.10.2005 15:48:52
      AVGETVER.DLL : 6.30.00.00 24576 28.01.2005 17:10:20
      AVSHLEXT.DLL : 6.30.00.01 40960 28.01.2005 17:10:22
      AVSched32.EXE : 6.32.00.01 110632 21.09.2005 10:14:42
      AVSched32.DLL : 6.30.00.00 122880 01.02.2005 10:24:10
      AVREG.DLL : 6.31.00.05 41000 13.09.2005 10:19:36
      AVRep.DLL : 6.32.00.120 1454120 01.11.2005 14:54:22
      INETUPD.EXE : 6.32.00.52 262203 19.10.2005 15:48:52
      INETUPD.DLL : 6.32.00.52 143360 19.10.2005 15:48:52
      CTL3D32.DLL : 2.31.000 27136 05.08.2004 13:00:00
      MFC42.DLL : 6.02.4131.0 1028096 05.08.2004 19:00:00
      MSVCRT.DLL : 7.0.2600.2180 (xpsp_sp2_rtm.0408
      MSVCRT.DLL : 7.0.2600.2180 343040 05.08.2004 19:00:00
      CTL3DV2.DLL : No information

      Configuration file:

      Name of configuration file: C:\Program Files\AVPersonal\AVWIN.INI
      Name of report file: C:\Program Files\AVPersonal\LOGFILES\AVWIN.LOG
      Start path: C:\Program Files\AVPersonal
      Command line:
      Start mode: unknown

      Mode of report file:
      [ ] Do not create report
      [X] Overwrite report
      [ ] Append new report

      Data in report file:
      [X] Infected files
      [ ] Infected files with paths
      [ ] All scanned files
      [ ] Full information

      Abridge report file:
      [ ] Abridge report file

      Warnings in report:
      [X] Access denied/file locked
      [X] Wrong file size in directory
      [X] Wrong creation time in directory
      [ ] COM file is too large
      [X] Invalid start address
      [X] Invalid EXE header
      [X] Possibly damaged

      Summary report:
      [X] Create summary report
      Output file: AVWIN.ACT
      Maximum number of entries: 100

      Where to search:
      [X] Memory
      [X] Boot record of selected drives
      [ ] Report unknown boot sectors
      [ ] All files
      [X] Program files
      Extensions: .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SPL .SWF .SYS .TLB .TMP .TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP

      Response in case of a detection:
      [X] Repair with prompt
      [ ] Repair without prompt
      [ ] Delete with prompt
      [ ] Delete without prompt
      [ ] Write in report file only
      [X] Acoustic alarm

      Response in case of destroyed files:
      [X] Delete with prompt
      [ ] Delete without prompt
      [ ] Ignore

      Response in case of destroyed files:
      [X] No change
      [ ] Current system time
      [ ] Correct date

      Drag&drop settings:
      [X] Scan subdirectories

      Profile settings:
      [X] Scan subdirectories

      Archive options
      [X] Search archive
      [X] All archive types

      Miscellaneous options:
      Temporary path: %TEMP% -> C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp
      [X] Overwrite infected files
      [ ] Detect idle time
      [X] Allow interruptions of scan
      [X] Load AVWin®/NT Guard on System start

      General settings:
      [X] Save options on exiting AntiVir
      Priority: low

      Drives:
      C: Hard disk
      D: Hard disk
      E: CD-ROM
      G: Floppy drive
      H: Floppy drive
      I: Floppy drive
      J: Floppy drive

      Start of scan: mercredi 2 novembre 2005 14:43

      Memory test OK
      Master boot record of hard disk HD0 OK
      Master boot record of hard disk HD1
      The record could not be read!
      Error code: 0x0015
      Master boot record of hard disk HD2
      The record could not be read!
      Error code: 0x0015
      Master boot record of hard disk HD3
      The record could not be read!
      Error code: 0x0015
      Master boot record of hard disk HD4
      The record could not be read!
      Error code: 0x0015
      Boot record of drive C: OK
      Boot record of drive D: OK


      Access denied! Error during file opening!
      Error code: 0x0002
      C:\

      WARNING! Access error/file locked!
      Access denied! Error during file opening!
      Error code: 0x0002

      WARNING! Access error/file locked!
      C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery
      BackWeblite.zip
      ArchiveType: ZIP
      NOTE! The whole archive is password protected
      BackWeblite1.zip
      ArchiveType: ZIP
      NOTE! The whole archive is password protected
      BackWeblite10.zip
      ArchiveType: ZIP
      NOTE! The whole archive is password protected
      BackWeblite11.zip
      ArchiveType: ZIP
      NOTE! The whole archive is password protected
      BackWeblite12.zip
      ArchiveType: ZIP
      NOTE! The whole archive is password protected
      BackWeblite13.zip
      ArchiveType: ZIP
      NOTE! The whole archive is password protected
      BackWeblite14.zip
      ArchiveType: ZIP
      NOTE! The whole archive is password protected
      BackWeblite15.zip
      ArchiveType: ZIP
      NOTE! The whole archive is password protected
      BackWeblite16.zip
      ArchiveType: ZIP
      NOTE! The whole archive is password protected
      BackWeblite17.zip
      ArchiveType: ZIP
      NOTE! The whole archive is password protected
      BackWeblite18.zip
      ArchiveType: ZIP
      NOTE! The whole archive is password protected
      BackWeblite19.zip
      ArchiveType: ZIP
      NOTE! The whole archive is password protected
      BackWeblite2.zip
      ArchiveType: ZIP
      NOTE! The whole archive is password protected
      BackWeblite20.zip
      ArchiveType: ZIP
      NOTE! The whole archive is password protected
      BackWeblite21.zip
      ArchiveType: ZIP
      NOTE! The whole archive is password protected
      BackWeblite22.zip
      ArchiveType: ZIP
      NOTE! The whole archive is password protected
      BackWeblite23.zip
      ArchiveType: ZIP
      NOTE! The whole archive is password protected
      BackWeblite24.zip
      ArchiveType: ZIP
      NOTE! The whole archive is password protected
      BackWeblite25.zip
      ArchiveType: ZIP
      NOTE! The whole archive is password protected
      BackWeblite26.zip
      ArchiveType: ZIP
      NOTE! The whole archive is password protected
      BackWeblite27.zip
      ArchiveType: ZIP
      NOTE! The whole archive is password protected
      BackWeblite28.zip
      ArchiveType: ZIP
      NOTE! The whole archive is password protected
      BackWeblite29.zip
      ArchiveType: ZIP
      NOTE! The whole archive is password protected
      BackWeblite3.zip
      ArchiveType: ZIP
      NOTE! No files to extract.
      BackWeblite30.zip
      ArchiveType: ZIP
      NOTE! The whole archive is password protected
      BackWeblite31.zip
      ArchiveType: ZIP
      NOTE! The whole archive is password protected
      BackWeblite32.zip
      ArchiveType: ZIP
      NOTE! The whole archive is password protected
      BackWeblite33.zip
      ArchiveType: ZIP
      NOTE! The whole archive is password protected
      BackWeblite34.zip
      ArchiveType: ZIP
      NOTE! The whole archive is password protected
      BackWeblite35.zip
      ArchiveType: ZIP
      NOTE! The whole archive is password protected
      BackWeblite36.zip
      ArchiveType: ZIP
      NOTE! The whole archive is password protected
      BackWeblite37.zip
      ArchiveType: ZIP
      NOTE! The whole archive is password protected
      BackWeblite38.zip
      ArchiveType: ZIP
      NOTE! The whole archive is password protected
      BackWeblite39.zip
      ArchiveType: ZIP
      NOTE! The whole archive is password protected
      BackWeblite4.zip
      ArchiveType: ZIP
      NOTE! The whole archive is password protected
      BackWeblite40.zip
      ArchiveType: ZIP
      NOTE! The whole archive is password protected
      BackWeblite41.zip
      ArchiveType: ZIP
      NOTE! The whole archive is password protected
      BackWeblite42.zip
      ArchiveType: ZIP
      NOTE! The whole archive is password protected
      BackWeblite43.zip
      ArchiveType: ZIP
      NOTE! The whole archive is password protected
      BackWeblite44.zip
      ArchiveType: ZIP
      NOTE! The whole archive is password protected
      BackWeblite45.zip
      ArchiveType: ZIP
      NOTE! The whole archive is password protected
      BackWeblite46.zip
      ArchiveType: ZIP
      NOTE! The whole archive is password protected
      BackWeblite47.zip
      ArchiveType: ZIP
      NOTE! The whole archive is password protected
      BackWeblite48.zip
      ArchiveType: ZIP
      NOTE! The whole archive is password protected
      BackWeblite49.zip
      ArchiveType: ZIP
      NOTE! The whole archive is password protected
      BackWeblite5.zip
      ArchiveType: ZIP
      NOTE! The whole archive is password protected
      BackWeblite50.zip
      ArchiveType: ZIP
      NOTE! The whole archive is password protected
      BackWeblite51.zip
      ArchiveType: ZIP
      NOTE! The whole archive is password protected
      BackWeblite52.zip
      ArchiveType: ZIP
      NOTE! The whole archive is password protected
      BackWeblite53.zip
      ArchiveType: ZIP
      NOTE! The whole archive is password protected
      BackWeblite54.zip
      ArchiveType: ZIP
      NOTE! The whole archive is password protected
      BackWeblite55.zip
      ArchiveType: ZIP
      NOTE! The whole archive is password protected
      BackWeblite56.zip
      ArchiveType: ZIP
      NOTE! The whole archive is password protected
      BackWeblite57.zip
      ArchiveType: ZIP
      NOTE! The whole archive is password protected
      BackWeblite58.zip
      ArchiveType: ZIP
      NOTE! The whole archive is password protected
      BackWeblite6.zip
      ArchiveType: ZIP
      NOTE! The whole archive is password protected
      BackWeblite7.zip
      ArchiveType: ZIP
      NOTE! The whole archive is password protected
      BackWeblite8.zip
      ArchiveType: ZIP
      NOTE! The whole archive is password protected
      BackWeblite9.zip
      ArchiveType: ZIP
      NOTE! The whole archive is password protected
      Error! Could not change directory: System Volume Information
      C:\WINDOWS\SoftwareDistribution\EventCache
      {974CC7BE-5E94-4A40-820A-EAC3D363FC85}.bin
      Access denied! Error during file opening!
      Error code: 0x000D
      WARNING! Access error/file locked!
      Access denied! Error during file opening!
      Error code: 0x0002
      C:\WINDOWS\system32

      WARNING! Access error/file locked!
      C:\WINDOWS\system32\config
      default
      Access denied! Error during file opening!
      Error code: 0x000D
      WARNING! Access error/file locked!
      SAM
      Access denied! Error during file opening!
      Error code: 0x000D
      WARNING! Access error/file locked!
      SECURITY
      Access denied! Error during file opening!
      Error code: 0x000D
      WARNING! Access error/file locked!
      software
      Access denied! Error during file opening!
      Error code: 0x000D
      WARNING! Access error/file locked!
      system
      Access denied! Error during file opening!
      Error code: 0x000D
      WARNING! Access error/file locked!



      End of scan: mercredi 2 novembre 2005 15:39
      Time taken: 55:38 min


      3708 directories were scanned
      93219 files were scanned
      9 warning messages were issued
      0 files were deleted
      0 files were repaired
      0 detections
      0
  13. Utilisateur anonyme
     
    salut
    meme avec le sp2, cela fonctionne, il faut que tu acceptes les active x quand il te le demande...

    ***
    Lance spybot, clik sur sauvegardes, coches tous et purge
    vaccine egalement

    a+
    0
    1. la_paille Messages postés 24 Statut Membre
       
      désolé, j avais pas fait gaffe la fenee avait été bloquée. bit defender a trouvé deux fichiers infectés et ils ont été supprimés.
      Juste une derniere petite question pratique: comment cela se fait que j ai autant de "lignes" sur le 2e ordi en executant hijack?
      N y aurait il pas des trucs inutiles?

      Logfile of HijackThis v1.99.1
      Scan saved at 17:51:16, on 02/11/2005
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\LEXBCES.EXE
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\system32\LEXPPS.EXE
      C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
      C:\Program Files\AVPersonal\AVWUPSRV.EXE
      C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\wscntfy.exe
      C:\WINDOWS\explorer.exe
      C:\Program Files\MSN Messenger\msnmsgr.exe
      C:\Program Files\CCProxy\CCProxy.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Documents and Settings\Compaq_Propriétaire\Mes documents\outils\HijackThis.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=Q305&bd=presario&pf=desktop
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q305&bd=presario&pf=desktop
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.free.fr/search/
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q305&bd=presario&pf=desktop
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lequipe.fr/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.free.fr/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q305&bd=presario&pf=desktop
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q305&bd=presario&pf=desktop
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q305&bd=presario&pf=desktop
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=Q305&bd=presario&pf=desktop
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie
      R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=Q305&bd=presario&pf=desktop
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;localhost;<local>
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
      O2 - BHO: Barre d'outils Texto Web - {4E7BD74F-2B8D-469E-C0FF-FD63A08DBF29} - C:\WINDOWS\DOWNLO~1\textobar.dll
      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O3 - Toolbar: Barre d'outils Texto Web - {4E7BD74F-2B8D-469E-C0FF-FD63A08DBF29} - C:\WINDOWS\DOWNLO~1\textobar.dll
      O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
      O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
      O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
      O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
      O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
      O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
      O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
      O4 - HKLM\..\Run: [AVSCHED32] C:\Program Files\AVPersonal\AVSched32.EXE /min
      O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
      O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
      O4 - HKLM\..\Run: [CCProxy] C:\Program Files\CCProxy\CCProxy.exe
      O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
      O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
      O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
      O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
      O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
      O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
      O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
      O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
      O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
      O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
      O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
      O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
      O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
      O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
      O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
      O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/
      O16 - DPF: {084DAC27-6FA3-4F55-9005-033F2F102F5C} (ITPPDiagIE Class) - http://data.jeuxclassiques.com/npwwg.cab
      O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
      O17 - HKLM\System\CCS\Services\Tcpip\..\{A2E97F64-C932-40C1-89BA-D5FC8FFBEC2D}: NameServer = 10.200.1.1
      O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
      O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
      O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
      O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
      O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE


      Je te remercie,encore une fois, pour ton aide précieuse.
      a bientot (j espere pas mais bon... ce fut une aide appréciable!)
      ;)
      0
  14. Utilisateur anonyme
     
    salut
    autant de lignes ou? sur la globalite du log hijack this ?

    a+

    PS: Ce fut un plaisir de vous aider en tout cas
    0
  15. la_paille Messages postés 24 Statut Membre
     
    Je me demandai si certains processus n étaient pas inutiles.
    A +
    0
  16. Utilisateur anonyme
     
    re,
    les processus, non, c est raisonable

    tu peux eventuellement acceler le demarrage ton pc en retirant les programmes inutiles du demarrage..(ms,+; ta cam...)
    Pour cela
    demarer<executer<tape msconfig
    onglet demarrage et coche les cases devant les lignes correspondant aux logiciels que tu ne veuix pas lancer au demarrage et valide
    accepte le redemarrage selectif

    a+
    0
  17. la_paille Messages postés 24 Statut Membre
     
    ok merci pour tout.
    bonne fin de journée
    0
  18. Nestor345
     
    Bonjour,
    Effectivement, il n'y a rien d'excessif, sauf peut-être dans la zone de démarrage [04]. le démarrage du PC s'en trouverait grandement amélioré. Inutile de désactiver, encore moins supprimer, les logiciels non utilisés temporairement.
    Lorsqu'on fixe les clés dans la zone 04, ces logiciels ne démarre plus.
    On peut les remettre en fonction via la fonction backup. Par conséquent, je conseille la démarche suivante:
    1° S'informer sur les processus via windows ou google en cas de doute.
    2° La plupart des logiciels n'ont pas à se trouver dans zone 04, sans votre autorisation. Je fais une exception pour l'antivrus et le firewall.
    3° Fixe d'abord les clés dont tu peux te passer avec certitute. Supprimer un clé au démarrage ne veut pas dire que le logiciel sera inutilisable. Par exemple, Nero n'a rien à faire dans la zone 04. Ensuite fixe poste par poste si tu es incertain. C'est plus facile de restaurer (fonction backup en bas à droite: clique sur config).

    Voici un lien pour un tuto sur HijackThis:
    http://forum.hardware.fr/hardwarefr/WindowsSoftwareReseaux/Tutoriel-R-HijackThis-sujet-171913-1.htm
    Nestor
    0
  19. la_paille Messages postés 24 Statut Membre
     
    Bonjour,
    j ai toujours des alertes avec antivir comme le montre le log ci apres.
    en suivant le bilan de hijack

    02/11/2005,11:01:32 [INFO] Stop Filter Device.
    02/11/2005,11:01:33 AVGuard service has been stopped!
    02/11/2005,11:02:19 ---------------------------------------------------------
    02/11/2005,11:02:19 [INIT] The AVGuard Service is starting.
    02/11/2005,11:02:23 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
    02/11/2005,11:02:26 [LOGON] Connection request by remote computer. Establishing secure communication channel.
    02/11/2005,11:02:27 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaa392e.
    02/11/2005,11:02:45 [INFO] Start Filter Device.
    02/11/2005,11:02:45 AntiVirService Version: 6.32.00.12 AVE Version 6.32.0.57 VDF Version: 6.32.11.14
    02/11/2005,11:02:45 AVGuard has been started successfully!
    02/11/2005,11:39:38 WARNING: Is the Trojan horse TR/Qhost.AA!
    C:\PROGRAM FILES\AVPERSONAL\INFECTED\HOSTS.VIR
    02/11/2005,11:39:42 WARNING: Is the Trojan horse TR/Qhost.AA!
    C:\PROGRAM FILES\AVPERSONAL\INFECTED\HOSTS.VIR
    02/11/2005,11:44:39 [LOGON] Connection request by remote computer. Establishing secure communication channel.
    02/11/2005,11:44:39 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaa8d93be.
    02/11/2005,11:45:48 [INFO] Stop Filter Device.
    02/11/2005,11:45:51 AVGuard service has been stopped!
    02/11/2005,11:46:37 ---------------------------------------------------------
    02/11/2005,11:46:37 [INIT] The AVGuard Service is starting.
    02/11/2005,11:46:52 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
    02/11/2005,11:46:55 [LOGON] Connection request by remote computer. Establishing secure communication channel.
    02/11/2005,11:46:55 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaa1769.
    02/11/2005,11:47:15 [INFO] Start Filter Device.
    02/11/2005,11:47:15 AntiVirService Version: 6.32.00.12 AVE Version 6.32.0.57 VDF Version: 6.32.11.14
    02/11/2005,11:47:15 AVGuard has been started successfully!
    02/11/2005,11:48:15 WARNING: Contains signature of the worm WORM/Korgo.U!
    C:\WINDOWS\SYSTEM32\FTPUPD.EXE
    File has been moved to quarantine directory!
    02/11/2005,11:47:50 WARNING: Contains signature of the worm WORM/Korgo.U!
    C:\WINDOWS\SYSTEM32\FTPUPD.EXE
    Unable to move the file to the quarantine directory:
    0x00000002 - Le fichier spécifié est introuvable.
    02/11/2005,16:19:29 WARNING: Contains signature of the worm WORM/Korgo.U!
    C:\PROGRAM FILES\AVPERSONAL\INFECTED\FTPUPD.EXE.VIR
    File has been moved to quarantine directory!
    02/11/2005,16:19:35 WARNING: Contains signature of the worm WORM/Korgo.U!
    C:\PROGRAM FILES\AVPERSONAL\INFECTED\FTPUPD.EXE.001
    File has been moved to quarantine directory!
    02/11/2005,16:19:42 WARNING: Contains signature of the worm WORM/Korgo.U!
    C:\PROGRAM FILES\AVPERSONAL\INFECTED\FTPUPD.EXE.VIR
    02/11/2005,16:19:42 WARNING: Contains signature of the worm WORM/Korgo.U!
    C:\PROGRAM FILES\AVPERSONAL\INFECTED\FTPUPD.EXE.VIR
    02/11/2005,16:21:12 [INFO] Stop Filter Device.
    02/11/2005,16:21:14 AVGuard service has been stopped!
    02/11/2005,16:22:01 ---------------------------------------------------------
    02/11/2005,16:22:01 [INIT] The AVGuard Service is starting.
    02/11/2005,16:22:08 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
    02/11/2005,16:22:16 [LOGON] Connection request by remote computer. Establishing secure communication channel.
    02/11/2005,16:22:17 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaa04ce.
    02/11/2005,16:22:28 [INFO] Start Filter Device.
    02/11/2005,16:22:28 AntiVirService Version: 6.32.00.12 AVE Version 6.32.0.57 VDF Version: 6.32.11.14
    02/11/2005,16:22:28 AVGuard has been started successfully!
    02/11/2005,16:55:24 [LOGON] Connection request by remote computer. Establishing secure communication channel.
    02/11/2005,16:55:25 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaab5ac77.
    02/11/2005,22:33:10 [INFO] Stop Filter Device.
    02/11/2005,22:33:14 AVGuard service has been stopped!
    03/11/2005,08:09:35 ---------------------------------------------------------
    03/11/2005,08:09:35 [INIT] The AVGuard Service is starting.
    03/11/2005,08:09:39 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
    03/11/2005,08:09:41 [LOGON] Connection request by remote computer. Establishing secure communication channel.
    03/11/2005,08:09:41 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaa2b57.
    03/11/2005,08:09:53 [INFO] Start Filter Device.
    03/11/2005,08:09:53 AntiVirService Version: 6.32.00.12 AVE Version 6.32.0.57 VDF Version: 6.32.11.14
    03/11/2005,08:09:53 AVGuard has been started successfully!
    03/11/2005,09:54:50 [INFO] Stop Filter Device.
    03/11/2005,09:54:51 AVGuard service has been stopped!
    03/11/2005,09:54:54 ---------------------------------------------------------
    03/11/2005,09:54:54 [INIT] The AVGuard Service is starting.
    03/11/2005,09:54:56 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
    03/11/2005,09:54:56 [INFO] Start Filter Device.
    03/11/2005,09:54:56 AntiVirService Version: 6.32.00.12 AVE Version 6.32.0.57 VDF Version: 6.32.14.1
    03/11/2005,09:54:56 AVGuard has been started successfully!
    03/11/2005,09:54:57 [LOGON] Connection request by remote computer. Establishing secure communication channel.
    03/11/2005,09:54:57 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaca4b2f.
    03/11/2005,10:33:19 WARNING: AVGuard detected a problem in the file
    C:\DOCUMENTS AND SETTINGS\MOI\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\SPA3G1YR\COMPOSITIONDESGROUPES[1].DOC
    ATTENTION: This OLE document is possibly damaged!
    03/11/2005,12:21:16 WARNING: Contains signature of the worm WORM/Korgo.U!
    C:\WINDOWS\SYSTEM32\FTPUPD.EXE
    File has been moved to quarantine directory!
    03/11/2005,12:20:50 WARNING: Contains signature of the worm WORM/Korgo.U!
    C:\WINDOWS\SYSTEM32\FTPUPD.EXE
    Unable to move the file to the quarantine directory:
    0x00000002 - Le fichier spécifié est introuvable.
    03/11/2005,16:46:24 WARNING: AVGuard detected a problem in the file
    C:\DOCUMENTS AND SETTINGS\MOI\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\WTEJ41AN\2005FLASHEXPRESS07OCTUSA[1].DOC
    ATTENTION: This OLE document is possibly damaged!
    03/11/2005,16:46:34 WARNING: AVGuard detected a problem in the file
    C:\DOCUMENTS AND SETTINGS\MOI\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\WTEJ41AN\2005FLASHEXPRESS07OCTUSA[1].DOC
    ATTENTION: This OLE document is possibly damaged!
    03/11/2005,21:57:34 [INFO] Stop Filter Device.
    03/11/2005,21:57:38 AVGuard service has been stopped!
    03/11/2005,21:58:27 ---------------------------------------------------------
    03/11/2005,21:58:27 [INIT] The AVGuard Service is starting.
    03/11/2005,21:58:34 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
    03/11/2005,21:58:37 [LOGON] Connection request by remote computer. Establishing secure communication channel.
    03/11/2005,21:58:37 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaa3318.
    03/11/2005,21:58:51 [INFO] Start Filter Device.
    03/11/2005,21:58:51 AntiVirService Version: 6.32.00.12 AVE Version 6.32.0.57 VDF Version: 6.32.14.1
    03/11/2005,21:58:51 AVGuard has been started successfully!
    03/11/2005,21:59:52 WARNING: Contains signature of the worm WORM/Lovsan.F.2!
    C:\WINDOWS\SYSTEM32\ENBIEI.EXE
    File has been moved to quarantine directory!
    03/11/2005,22:03:11 WARNING: Contains signature of the worm WORM/Mytob.KV!
    C:\WINDOWS\SYSTEM32\BINGOO.EXE.VIR
    File has been deleted!
    03/11/2005,22:57:22 [INFO] Stop Filter Device.
    03/11/2005,22:57:24 AVGuard service has been stopped!
    04/11/2005,07:24:30 ---------------------------------------------------------
    04/11/2005,07:24:30 [INIT] The AVGuard Service is starting.
    04/11/2005,07:24:35 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
    04/11/2005,07:24:41 [LOGON] Connection request by remote computer. Establishing secure communication channel.
    04/11/2005,07:24:41 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaa33b6.
    04/11/2005,07:24:55 [INFO] Start Filter Device.
    04/11/2005,07:24:55 AntiVirService Version: 6.32.00.12 AVE Version 6.32.0.57 VDF Version: 6.32.14.1
    04/11/2005,07:24:55 AVGuard has been started successfully!
    04/11/2005,07:28:07 WARNING: AVGuard detected a problem in the file
    C:\DOCUMENTS AND SETTINGS\MOI\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\CXGTI3OD\TPSAIGEPGPE2005_2006[1].DOC
    ATTENTION: This OLE document is possibly damaged!
    04/11/2005,07:53:34 [INFO] Stop Filter Device.
    04/11/2005,07:53:35 AVGuard service has been stopped!
    04/11/2005,12:24:53 ---------------------------------------------------------
    04/11/2005,12:24:53 [INIT] The AVGuard Service is starting.
    04/11/2005,12:25:01 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
    04/11/2005,12:25:05 [LOGON] Connection request by remote computer. Establishing secure communication channel.
    04/11/2005,12:25:06 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaa0873.
    04/11/2005,12:25:22 [INFO] Start Filter Device.
    04/11/2005,12:25:22 AntiVirService Version: 6.32.00.12 AVE Version 6.32.0.57 VDF Version: 6.32.14.1
    04/11/2005,12:25:22 AVGuard has been started successfully!
    04/11/2005,12:27:52 WARNING: AVGuard detected a problem in the file
    C:\DOCUMENTS AND SETTINGS\MOI\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\7EOR7P4X\10MECS1[1].PPS
    ATTENTION: This OLE document is possibly damaged!
    04/11/2005,12:32:38 WARNING: AVGuard detected a problem in the file
    C:\DOCUMENTS AND SETTINGS\MOI\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\SXQ3416N\LESFEMMES[1].PPS
    ATTENTION: This OLE document is possibly damaged!
    04/11/2005,18:01:38 WARNING: AVGuard detected a problem in the file
    C:\DOCUMENTS AND SETTINGS\MOI\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\7EOR7P4X\ADRESSES[1].XLS
    ATTENTION: This OLE document is possibly damaged!
    04/11/2005,20:32:35 [INFO] Stop Filter Device.
    04/11/2005,20:32:38 AVGuard service has been stopped!
    05/11/2005,12:18:09 ---------------------------------------------------------
    05/11/2005,12:18:09 [INIT] The AVGuard Service is starting.
    05/11/2005,12:18:13 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
    05/11/2005,12:18:18 [LOGON] Connection request by remote computer. Establishing secure communication channel.
    05/11/2005,12:18:18 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaa3cf5.
    05/11/2005,12:18:35 [INFO] Start Filter Device.
    05/11/2005,12:18:35 AntiVirService Version: 6.32.00.12 AVE Version 6.32.0.57 VDF Version: 6.32.14.1
    05/11/2005,12:18:35 AVGuard has been started successfully!
    05/11/2005,17:08:46 WARNING: Contains signature of the worm WORM/Korgo.U!
    C:\WINDOWS\SYSTEM32\FTPUPD.EXE
    File has been moved to quarantine directory!
    05/11/2005,20:23:56 [INFO] Stop Filter Device.
    05/11/2005,20:23:59 AVGuard service has been stopped!
    06/11/2005,12:00:34 ---------------------------------------------------------
    06/11/2005,12:00:34 [INIT] The AVGuard Service is starting.
    06/11/2005,12:00:38 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
    06/11/2005,12:00:43 [LOGON] Connection request by remote computer. Establishing secure communication channel.
    06/11/2005,12:00:43 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaa3f51.
    06/11/2005,12:00:58 [INFO] Start Filter Device.
    06/11/2005,12:00:58 AntiVirService Version: 6.32.00.12 AVE Version 6.32.0.57 VDF Version: 6.32.14.1
    06/11/2005,12:00:58 AVGuard has been started successfully!
    06/11/2005,22:57:32 [INFO] Stop Filter Device.
    06/11/2005,22:57:33 AVGuard service has been stopped!
    07/11/2005,09:23:57 ---------------------------------------------------------
    07/11/2005,09:23:57 [INIT] The AVGuard Service is starting.
    07/11/2005,09:24:03 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
    07/11/2005,09:24:06 [LOGON] Connection request by remote computer. Establishing secure communication channel.
    07/11/2005,09:24:06 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaa30a8.
    07/11/2005,09:24:19 [INFO] Start Filter Device.
    07/11/2005,09:24:19 AntiVirService Version: 6.32.00.12 AVE Version 6.32.0.57 VDF Version: 6.32.14.1
    07/11/2005,09:24:19 AVGuard has been started successfully!
    07/11/2005,14:02:34 [INFO] Stop Filter Device.
    07/11/2005,14:02:35 AVGuard service has been stopped!
    07/11/2005,14:02:38 ---------------------------------------------------------
    07/11/2005,14:02:38 [INIT] The AVGuard Service is starting.
    07/11/2005,14:02:39 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
    07/11/2005,14:02:39 [INFO] Start Filter Device.
    07/11/2005,14:02:39 AntiVirService Version: 6.32.00.12 AVE Version 6.32.0.57 VDF Version: 6.32.14.15
    07/11/2005,14:02:39 AVGuard has been started successfully!
    07/11/2005,14:02:43 [LOGON] Connection request by remote computer. Establishing secure communication channel.
    07/11/2005,14:02:43 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaa550663.
    07/11/2005,14:02:51 [INFO] Stop Filter Device.
    07/11/2005,14:02:51 AVGuard service has been stopped!
    07/11/2005,14:03:01 ---------------------------------------------------------
    07/11/2005,14:03:01 [INIT] The AVGuard Service is starting.
    07/11/2005,14:03:03 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
    07/11/2005,14:03:04 [INFO] Start Filter Device.
    07/11/2005,14:03:04 AntiVirService Version: 6.32.00.12 AVE Version 6.32.0.57 VDF Version: 6.32.14.15
    07/11/2005,14:03:04 AVGuard has been started successfully!
    07/11/2005,14:03:07 [LOGON] Connection request by remote computer. Establishing secure communication channel.
    07/11/2005,14:03:07 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xabaaa0da.
    07/11/2005,22:54:49 [INFO] Stop Filter Device.
    07/11/2005,22:54:51 AVGuard service has been stopped!
    07/11/2005,22:54:55 ---------------------------------------------------------
    07/11/2005,22:54:55 [INIT] The AVGuard Service is starting.
    07/11/2005,22:54:56 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
    07/11/2005,22:54:57 [INFO] Start Filter Device.
    07/11/2005,22:54:57 AntiVirService Version: 6.32.00.12 AVE Version 6.32.0.57 VDF Version: 6.32.14.17
    07/11/2005,22:54:57 AVGuard has been started successfully!
    07/11/2005,22:54:57 [LOGON] Connection request by remote computer. Establishing secure communication channel.
    07/11/2005,22:54:57 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xa84c5fd3.
    07/11/2005,23:06:11 [INFO] Stop Filter Device.
    07/11/2005,23:06:13 AVGuard service has been stopped!
    08/11/2005,07:21:39 ---------------------------------------------------------
    08/11/2005,07:21:39 [INIT] The AVGuard Service is starting.
    08/11/2005,07:21:43 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
    08/11/2005,07:21:49 [LOGON] Connection request by remote computer. Establishing secure communication channel.
    08/11/2005,07:21:49 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaa320e.
    08/11/2005,07:21:59 [INFO] Start Filter Device.
    08/11/2005,07:21:59 AntiVirService Version: 6.32.00.12 AVE Version 6.32.0.57 VDF Version: 6.32.14.17
    08/11/2005,07:21:59 AVGuard has been started successfully!
    08/11/2005,13:05:31 WARNING: Contains signature of the worm WORM/Korgo.U!
    C:\WINDOWS\SYSTEM32\FTPUPD.EXE
    File has been moved to quarantine directory!
    08/11/2005,13:05:24 WARNING: Contains signature of the worm WORM/Korgo.U!
    C:\WINDOWS\SYSTEM32\FTPUPD.EXE
    Unable to move the file to the quarantine directory:
    0x00000002 - Le fichier spécifié est introuvable.
    08/11/2005,13:19:08 WARNING: Contains signature of the worm WORM/Korgo.U!
    C:\PROGRAM FILES\AVPERSONAL\INFECTED\FTPUPD.EXE.001
    08/11/2005,13:19:29 WARNING: Contains signature of the worm WORM/Korgo.U!
    C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\C5UN4LEZ\X[1].EXE
    File has been deleted!
    08/11/2005,13:19:40 WARNING: Contains signature of the worm WORM/Korgo.U!
    C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\C5UN4LEZ\X[2].EXE
    File has been moved to quarantine directory!
    08/11/2005,13:19:44 WARNING: Contains signature of the worm WORM/Korgo.U!
    C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\C5UN4LEZ\X[3].EXE
    File has been moved to quarantine directory!
    08/11/2005,13:19:47 WARNING: Contains signature of the worm WORM/Korgo.U!
    C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\C5UN4LEZ\X[4].EXE
    Unable to move the file to the quarantine directory:
    0x00000020 - Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.
    08/11/2005,13:21:22 WARNING: Contains signature of the worm WORM/Korgo.U!
    C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\C5UN4LEZ\X[4].EXE
    Unable to move the file to the quarantine directory:
    0x00000020 - Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.
    08/11/2005,13:21:31 WARNING: Contains signature of the worm WORM/Korgo.U!
    C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\C5UN4LEZ\X[4].EXE
    Unable to move the file to the quarantine directory:
    0x00000020 - Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.
    08/11/2005,13:21:30 WARNING: Contains signature of the worm WORM/Korgo.U!
    C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\C5UN4LEZ\X[4].EXE
    Unable to move the file to the quarantine directory:
    0x00000020 - Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.
    08/11/2005,13:21:39 WARNING: Contains signature of the worm WORM/Korgo.U!
    C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\C5UN4LEZ\X[4].EXE
    Unable to move the file to the quarantine directory:
    0x00000020 - Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.
    08/11/2005,13:22:04 WARNING: Contains signature of the worm WORM/Korgo.U!
    C:\PROGRAM FILES\AVPERSONAL\INFECTED\FTPUPD.EXE.001
    08/11/2005,13:22:08 WARNING: Contains signature of the worm WORM/Korgo.U!
    C:\PROGRAM FILES\AVPERSONAL\INFECTED\FTPUPD.EXE.001
    08/11/2005,23:12:52 [INFO] Stop Filter Device.
    08/11/2005,23:12:56 AVGuard service has been stopped!
    09/11/2005,08:06:53 ---------------------------------------------------------
    09/11/2005,08:06:53 [INIT] The AVGuard Service is starting.
    09/11/2005,08:06:58 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
    09/11/2005,08:07:01 [LOGON] Connection request by remote computer. Establishing secure communication channel.
    09/11/2005,08:07:01 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaa3c69.
    09/11/2005,08:07:19 [INFO] Start Filter Device.
    09/11/2005,08:07:19 AntiVirService Version: 6.32.00.12 AVE Version 6.32.0.57 VDF Version: 6.32.14.17
    09/11/2005,08:07:19 AVGuard has been started successfully!
    09/11/2005,08:08:22 WARNING: Contains signature of the worm WORM/Mytob.KV!
    C:\WINDOWS\SYSTEM32\TASKGMR.EXE
    File has been moved to quarantine directory!
    09/11/2005,08:08:03 WARNING: Contains signature of the worm WORM/Mytob.KV!
    C:\WINDOWS\SYSTEM32\TASKGMR.EXE
    Unable to move the file to the quarantine directory:
    0x00000002 - Le fichier spécifié est introuvable.
    09/11/2005,08:07:57 WARNING: Is the Trojan horse TR/Qhost.AA!
    C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
    File has been moved to quarantine directory!
    09/11/2005,08:08:44 WARNING: Contains signature of the worm WORM/Mytob.F.1!
    C:\HELLMSN.EXE
    File has been moved to quarantine directory!
    09/11/2005,08:24:33 WARNING: Contains signature of the worm WORM/Korgo.U!
    C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\C5UN4LEZ\X[4].EXE
    File has been moved to quarantine directory!
    09/11/2005,10:04:15 WARNING: Contains signature of the worm WORM/Mytob.KV!
    C:\WINDOWS\SYSTEM32\BINGOO.EXE
    File has been moved to quarantine directory!
    09/11/2005,10:04:32 WARNING: Contains signature of the worm WORM/Mytob.KV!
    C:\WINDOWS\SYSTEM32\NETHELL.EXE
    File has been moved to quarantine directory!
    09/11/2005,10:12:55 WARNING: Contains signature of the worm WORM/Mytob.KV!
    C:\PROGRAM FILES\AVPERSONAL\INFECTED\TASKGMR.EXE.VIR
    File has been moved to quarantine directory!
    09/11/2005,10:23:50 WARNING: Is the Trojan horse TR/Qhost.AA!
    C:\PROGRAM FILES\AVPERSONAL\INFECTED\HOSTS.VIR
    09/11/2005,10:23:51 WARNING: Contains signature of the worm WORM/Mytob.F.1!
    C:\PROGRAM FILES\AVPERSONAL\INFECTED\HELLMSN.EXE.VIR
    File has been moved to quarantine directory!
    09/11/2005,10:23:54 WARNING: Contains signature of the worm WORM/Korgo.U!
    C:\PROGRAM FILES\AVPERSONAL\INFECTED\X[4].EXE.VIR
    File has been moved to quarantine directory!
    09/11/2005,10:23:59 WARNING: Contains signature of the worm WORM/Mytob.KV!
    C:\PROGRAM FILES\AVPERSONAL\INFECTED\BINGOO.EXE.VIR
    File has been moved to quarantine directory!
    09/11/2005,10:24:03 WARNING: Contains signature of the worm WORM/Mytob.KV!
    C:\PROGRAM FILES\AVPERSONAL\INFECTED\NETHELL.EXE.VIR
    File has been moved to quarantine directory!
    09/11/2005,12:10:00 WARNING: Contains signature of the worm WORM/Korgo.U!
    C:\WINDOWS\SYSTEM32\FTPUPD.EXE
    09/11/2005,12:09:34 WARNING: Contains signature of the worm WORM/Korgo.U!
    C:\WINDOWS\SYSTEM32\FTPUPD.EXE
    09/11/2005,10:33:18 WARNING: Contains signature of the worm WORM/Lovsan.F.2!
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{55C43280-EB61-47CB-9151-2B2ACEA5AFE1}\RP2\A0000061.EXE
    09/11/2005,14:21:47 WARNING: Contains signature of the worm WORM/Mytob.KV!
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{55C43280-EB61-47CB-9151-2B2ACEA5AFE1}\RP5\A0000258.SCR
    File has been moved to quarantine directory!
    09/11/2005,14:21:57 WARNING: Contains signature of the worm WORM/Mytob.KV!
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{55C43280-EB61-47CB-9151-2B2ACEA5AFE1}\RP5\A0000259.SCR
    File has been moved to quarantine directory!
    09/11/2005,14:22:02 WARNING: Contains signature of the worm WORM/Mytob.KV!
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{55C43280-EB61-47CB-9151-2B2ACEA5AFE1}\RP5\A0000260.SCR
    09/11/2005,14:22:04 WARNING: Contains signature of the worm WORM/Mytob.KV!
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{55C43280-EB61-47CB-9151-2B2ACEA5AFE1}\RP5\A0000261.EXE
    09/11/2005,14:22:05 WARNING: Contains signature of the worm WORM/Mytob.F.1!
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{55C43280-EB61-47CB-9151-2B2ACEA5AFE1}\RP5\A0000262.EXE
    09/11/2005,14:22:06 WARNING: Contains signature of the worm WORM/Mytob.KV!
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{55C43280-EB61-47CB-9151-2B2ACEA5AFE1}\RP5\A0000268.EXE
    09/11/2005,14:22:08 WARNING: Contains signature of the worm WORM/Mytob.KV!
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{55C43280-EB61-47CB-9151-2B2ACEA5AFE1}\RP6\A0000288.EXE
    09/11/2005,14:22:27 WARNING: Contains signature of the worm WORM/Mytob.KV!
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{55C43280-EB61-47CB-9151-2B2ACEA5AFE1}\RP6\A0000289.EXE
    09/11/2005,14:22:28 WARNING: Contains signature of the worm WORM/Mytob.KV!
    C:\FUNNY_PIC.SCR
    09/11/2005,14:22:31 WARNING: Contains signature of the worm WORM/Mytob.KV!
    C:\SEE_THIS!!.SCR
    09/11/2005,14:22:32 WARNING: Contains signature of the worm WORM/Mytob.KV!
    C:\MY_PHOTO2005.SCR
    09/11/2005,14:25:52 WARNING: Contains signature of the worm WORM/Korgo.U!
    C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\KK8HRWHU\X[1].EXE
    09/11/2005,14:29:48 WARNING: Contains signature of the worm WORM/Korgo.U!
    C:\WINDOWS\SYSTEM32\FTPUPD.EXE
    09/11/2005,20:15:30 [INFO] Stop Filter Device.
    09/11/2005,20:15:34 AVGuard service has been stopped!
    10/11/2005,16:12:31 ---------------------------------------------------------
    10/11/2005,16:12:31 [INIT] The AVGuard Service is starting.
    10/11/2005,16:12:43 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
    10/11/2005,16:12:45 [LOGON] Connection request by remote computer. Establishing secure communication channel.
    10/11/2005,16:12:45 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaa1a4f.
    10/11/2005,16:13:10 [INFO] Start Filter Device.
    10/11/2005,16:13:10 AntiVirService Version: 6.32.00.12 AVE Version 6.32.0.57 VDF Version: 6.32.14.17
    10/11/2005,16:13:10 AVGuard has been started successfully!
    10/11/2005,18:36:22 WARNING: Contains signature of the worm WORM/Korgo.U!
    C:\WINDOWS\SYSTEM32\FTPUPD.EXE
    10/11/2005,18:38:58 [INFO] Stop Filter Device.
    10/11/2005,18:39:50 ---------------------------------------------------------
    10/11/2005,18:39:50 [INIT] The AVGuard Service is starting.
    10/11/2005,18:39:55 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
    10/11/2005,18:40:02 [LOGON] Connection request by remote computer. Establishing secure communication channel.
    10/11/2005,18:40:03 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaa0d91.
    10/11/2005,18:40:20 [INFO] Start Filter Device.
    10/11/2005,18:40:20 AntiVirService Version: 6.32.00.12 AVE Version 6.32.0.57 VDF Version: 6.32.14.17
    10/11/2005,18:40:20 AVGuard has been started successfully!
    10/11/2005,20:31:18 [INFO] Stop Filter Device.
    10/11/2005,20:31:18 AVGuard service has been stopped!
    10/11/2005,20:32:06 ---------------------------------------------------------
    10/11/2005,20:32:06 [INIT] The AVGuard Service is starting.
    10/11/2005,20:32:09 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
    10/11/2005,20:32:11 [LOGON] Connection request by remote computer. Establishing secure communication channel.
    10/11/2005,20:32:11 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaa27de.
    10/11/2005,20:32:21 [INFO] Start Filter Device.
    10/11/2005,20:32:21 AntiVirService Version: 6.32.00.12 AVE Version 6.32.0.57 VDF Version: 6.32.14.17
    10/11/2005,20:32:21 AVGuard has been started successfully!
    11/11/2005,05:21:59 WARNING: Contains signature of the worm WORM/Mytob.KV!
    C:\WINDOWS\SYSTEM32\BINGOO.EXE
    11/11/2005,03:08:41 WARNING: Contains signature of the worm WORM/Korgo.U!
    C:\WINDOWS\SYSTEM32\FTPUPD.EXE
    File has been moved to quarantine directory!
    11/11/2005,14:59:32 [INFO] Stop Filter Device.
    11/11/2005,14:59:33 AVGuard service has been stopped!
    11/11/2005,14:59:36 ---------------------------------------------------------
    11/11/2005,14:59:36 [INIT] The AVGuard Service is starting.
    11/11/2005,14:59:38 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
    11/11/2005,14:59:38 [LOGON] Connection request by remote computer. Establishing secure communication channel.
    11/11/2005,14:59:39 [INFO] Start Filter Device.
    11/11/2005,14:59:39 AntiVirService Version: 6.32.00.12 AVE Version 6.32.0.57 VDF Version: 6.32.15.16
    11/11/2005,14:59:39 AVGuard has been started successfully!
    11/11/2005,14:59:39 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xa95cdc92.
    11/11/2005,15:26:33 [INFO] Stop Filter Device.
    11/11/2005,15:26:35 AVGuard service has been stopped!
    13/11/2005,23:55:15 ---------------------------------------------------------
    13/11/2005,23:55:15 [INIT] The AVGuard Service is starting.
    13/11/2005,23:55:20 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
    13/11/2005,23:55:22 [LOGON] Connection request by remote computer. Establishing secure communication channel.
    13/11/2005,23:55:22 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaa3bcd.
    13/11/2005,23:55:27 [INFO] Start Filter Device.
    13/11/2005,23:55:27 AntiVirService Version: 6.32.00.12 AVE Version 6.32.0.57 VDF Version: 6.32.15.16
    13/11/2005,23:55:27 AVGuard has been started successfully!
    13/11/2005,23:59:14 WARNING: Contains signature of the worm WORM/Mytob.KV!
    C:\WINDOWS\SYSTEM32\BINGOO.EXE
    File has been deleted!
    14/11/2005,00:13:42 WARNING: Contains signature of the worm WORM/Mytob.KV!
    C:\WINDOWS\SYSTEM32\BINGOO.EXE
    File has been deleted!
    14/11/2005,00:57:32 [INFO] Stop Filter Device.
    14/11/2005,00:57:32 AVGuard service has been stopped!
    14/11/2005,10:10:25 ---------------------------------------------------------
    14/11/2005,10:10:25 [INIT] The AVGuard Service is starting.
    14/11/2005,10:10:29 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
    14/11/2005,10:10:32 [LOGON] Connection request by remote computer. Establishing secure communication channel.
    14/11/2005,10:10:33 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaa25ae.
    14/11/2005,10:10:39 [INFO] Start Filter Device.
    14/11/2005,10:10:39 AntiVirService Version: 6.32.00.12 AVE Version 6.32.0.57 VDF Version: 6.32.15.16
    14/11/2005,10:10:39 AVGuard has been started successfully!
    14/11/2005,11:16:43 WARNING: Contains signature of the worm WORM/Lovsan.F.2!
    C:\WINDOWS\SYSTEM32\TFTP736
    File has been deleted!
    14/11/2005,11:23:24 WARNING: Contains signature of the worm WORM/Korgo.U!
    C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\KK8HRWHU\X[1].EXE
    File has been deleted!
    14/11/2005,11:24:05 WARNING: Contains signature of the worm WORM/Korgo.U!
    C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\KK8HRWHU\X[2].EXE
    File has been deleted!
    14/11/2005,11:24:08 WARNING: Contains signature of the worm WORM/Korgo.U!
    C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\KK8HRWHU\X[3].EXE
    File has been deleted!
    -------------------------------------------------------------------------

    Logfile of HijackThis v1.99.1
    Scan saved at 11:33:19, on 14/11/2005
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\PROGRA~1\LAUNCH~1\QtZpAcer.EXE
    C:\Program Files\Messenger Plus! 3\MsgPlus.exe
    C:\Program Files\AVPersonal\AVGNT.EXE
    C:\Program Files\AVPersonal\AVSched32.EXE
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
    C:\Program Files\AVPersonal\AVWUPSRV.EXE
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    C:\Documents and Settings\Moi\Local Settings\Temporary Internet Files\Content.IE5\M1RHG5T7\FixBlast[1].exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\Moi\Mes documents\outils\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.203.15.25:808
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: Barre d'outils Texto Web - {4E7BD74F-2B8D-469E-C0FF-FD63A08DBF29} - C:\WINDOWS\DOWNLO~1\textobar.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O3 - Toolbar: Barre d'outils Texto Web - {4E7BD74F-2B8D-469E-C0FF-FD63A08DBF29} - C:\WINDOWS\DOWNLO~1\textobar.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [LaunchApp] Alaunch
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZpAcer.EXE
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
    O4 - HKLM\..\Run: [AVSCHED32] C:\Program Files\AVPersonal\AVSched32.EXE /min
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{1A8D59CC-9BFC-44D8-9578-F2D9C7D09269}: NameServer = 10.200.1.1
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

    merci de me donner qq conseils pour eviter cela...
    0
  20. la_paille Messages postés 24 Statut Membre
     
    Quelqu un pourrait m aider.. svp..
    0
  • 1
  • 2