Sujet Précédent Sujet Suivant

Probleme de Trojan TR/StartPa.DU.DLL.1

Fermé
Manu - 14 nov. 2005 à 13:50
 Utilisateur anonyme - 30 nov. 2005 à 13:14
Bonjour,
depuis 2 semaines, j'ai des soucis avec mon PC. Il semblerait que je sois ifeté par un trojan qui s'appelle TR/StartPa.DU.DLL.1 (d'apres mon antivirus). J'ai essayé plusieurs fois de "nettoyer au Karsher" mon PC avec Easy Cleaner, Ad-aware, Spybot, etc, mais le trojan revient sans cesse.
Merci pour votre aide
voici mon log :

Logfile of HijackThis v1.99.1
Scan saved at 13:48:51, on 14/11/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
D:\WINXP\System32\smss.exe
D:\WINXP\system32\winlogon.exe
D:\WINXP\system32\services.exe
D:\WINXP\system32\lsass.exe
D:\WINXP\system32\svchost.exe
D:\WINXP\System32\svchost.exe
D:\WINXP\Explorer.EXE
D:\WINXP\system32\spoolsv.exe
D:\Program Files\Winamp\Winampa.exe
D:\Program Files\Ahead\InCD\InCD.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
D:\Program Files\AVPersonal\AVGNT.EXE
D:\WINXP\apiui.exe
D:\Program Files\AVPersonal\AVGUARD.EXE
D:\Program Files\AVPersonal\AVWUPSRV.EXE
D:\WINXP\System32\cisvc.exe
D:\Program Files\ewido\security suite\ewidoctrl.exe
D:\WINXP\System32\svchost.exe
D:\WINXP\system32\ZoneLabs\vsmon.exe
D:\WINXP\System32\wuauclt.exe
D:\WINXP\System32\cidaemon.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\WINXP\system32\javasz32.exe
D:\Documents and Settings\Fabienne\Bureau\manu raccourcis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://D:\WINXP\xysup.dll/sp.html#93256
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://D:\WINXP\xysup.dll/sp.html#93256
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://D:\WINXP\xysup.dll/sp.html#93256
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://D:\WINXP\xysup.dll/sp.html#93256
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://D:\WINXP\xysup.dll/sp.html#93256
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://D:\WINXP\xysup.dll/sp.html#93256
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://D:\WINXP\xysup.dll/sp.html#93256
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {81C8D1B5-FEF1-D764-E087-ABE5B631A208} - D:\WINXP\system32\apitm.dll
O2 - BHO: Class - {B07DE2EF-914A-4BE3-4E2F-728546F6FC92} - D:\WINXP\system32\mfcaf32.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - D:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
O2 - BHO: Class - {E4EF4A50-80E5-058C-029B-78A74EDA59F9} - D:\WINXP\system32\sdklq32.dll
O3 - Toolbar: Yahoo! Compagnon - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\WINXP\Downloaded Program Files\ycomp5_1_5_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINXP\System32\msdxm.ocx
O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [NeroCheck] D:\WINXP\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] D:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Zone Labs Client] D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [OneClick] "D:\Program Files\oneclick\oneclick.exe"
O4 - HKLM\..\Run: [AVGCtrl] D:\Program Files\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [d3jb.exe] D:\WINXP\system32\d3jb.exe
O4 - HKLM\..\Run: [crzw.exe] D:\WINXP\system32\crzw.exe
O4 - HKLM\..\Run: [apios32.exe] D:\WINXP\apios32.exe
O4 - HKLM\..\Run: [javasz32.exe] D:\WINXP\system32\javasz32.exe
O4 - HKCU\..\Run: [Wallpaper] "D:\Program Files\Wallpaper\Wallpaper.exe" Starter
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Télécharger avec NetTransport - D:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: Tout t&élécharger avec NetTransport - D:\Program Files\Xi\NetTransport 2\NTAddList.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\j2re1.4.1_03\bin\npjpi141_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\j2re1.4.1_03\bin\npjpi141_03.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - D:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - D:\Program Files\ICQ\ICQ.exe
O16 - DPF: {01347765-1965-426B-91A4-AA6BB342B9A3} (InstallerObj Class) - http://videohd.m6.fr.ipercast.net/installer-hidden.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Compagnon) - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/yiebio5_1_5_0.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4F4FD958-F3D7-4248-9F07-7D70ED8EC4BC}: NameServer = 192.168.32.249,194.51.3.65
O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - D:\WINXP\apiui.exe
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - D:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - D:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: ewido security suite control - ewido networks - D:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: SmartFinder Uninstall (SmartFinder_Uninstall) - Unknown owner - D:\Documents and Settings\Fabienne\Bureau\SFUninstaller.exe" service (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - D:\WINXP\system32\ZoneLabs\vsmon.exe
A voir également:

4 réponses

Réponse 1 / 4
Utilisateur anonyme
14 nov. 2005 à 17:45
Bonjour,

Méthode à suivre dans l'ordre...
----------------------------------------------------------------------------
¤Télécharge ces logiciels mais que tu n‘utilises pas tout de suite:

1/

Spybot S&D 1.4 <<nouvelle version.
http://www.safer-networking.org/fr/index.html

Démo d’utilisation (merci à Balltrap34 pour cette réalisation).
http://pageperso.aol.fr/Balltrap34/demo%20spybot.htm

2/

Ad-Aware SE 1.06 <<nouvelle version.
http://www.lavasoftusa.com/software/adaware/
-Une aide:
http://www.tutopat.com/viewtopic.php?t=1191
- installe le patch français, tu pourras le trouver ici:
http://download.lavasoft.de.edgesuite.net/public/pllangs.exe
et une petite vidéo d'utilisation ici:(merci à Moe31 pour cette réalisation).
http://pageperso.aol.fr/balltrap34/adawrevid.asf

6/

About Buster:
http://www.majorgeeks.com/download4289.html

Clique "Check for updates".
Télécharge les mises à jour
referme le
on l‘utilisera plus tard.

http://files4.majorgeeks.com/files/64bb3c7589214974e7fd34f975ced5be/spyware/hsremove.exe
----------------------------------------------------------------------------
¤Affiche tous les fichiers et dossiers :
Clique sur démarrer/panneau de configuration/outil/option des dossiers/affichage

Coche « afficher les fichiers et dossiers cachés »

Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"

Décoche « masquer les extensions dont le type est connu »
Puis fais «Ok» pour valider les changements.

Et appliquer !
----------------------------------------------------------------------------
¤Relance HijackThis, coche les cases devant ces lignes et ensuite clique sur fix checked :

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://D:\WINXP\xysup.dll/sp.html#93256

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://D:\WINXP\xysup.dll/sp.html#93256

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://D:\WINXP\xysup.dll/sp.html#93256

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://D:\WINXP\xysup.dll/sp.html#93256

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://D:\WINXP\xysup.dll/sp.html#93256

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://D:\WINXP\xysup.dll/sp.html#93256

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://D:\WINXP\xysup.dll/sp.html#93256

R3 - Default URLSearchHook is missing

O2 - BHO: Class - {81C8D1B5-FEF1-D764-E087-ABE5B631A208} - D:\WINXP\system32\apitm.dll

O2 - BHO: Class - {B07DE2EF-914A-4BE3-4E2F-728546F6FC92} - D:\WINXP\system32\mfcaf32.dll

O2 - BHO: Class - {E4EF4A50-80E5-058C-029B-78A74EDA59F9} - D:\WINXP\system32\sdklq32.dll

4 - HKLM\..\Run: [d3jb.exe] D:\WINXP\system32\d3jb.exe

O4 - HKLM\..\Run: [crzw.exe] D:\WINXP\system32\crzw.exe

O4 - HKLM\..\Run: [apios32.exe] D:\WINXP\apios32.exe

O4 - HKLM\..\Run: [javasz32.exe] D:\WINXP\system32\javasz32.exe

O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - D:\WINXP\apiui.exe

----------------------------------------------------------------------------
¤Démarre en mode sans échec :
Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter
Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
(Si F8 ne marche pas utilise la touche F5).
----------------------------------------------------------------------------
¤Vide tes fichiers temps et temporary internet file:

:: Supprimer les fichiers temporaires ::
vider tout le contenu de ces dossiers.

* C:\Documents and Settings\ton compte\Local Settings\Temp
* C:\Documents and Settings\tous les autres comptes\Local Settings\Temp
* C:\Windows\Temp

:: Le contenu du dossier prefetch ::

* C:\WINDOWS\Prefetch <= sauf le fichier layout.ini

* Ne pas oublier de vider la corbeille !
----------------------------------------------------------------------------
¤Recherche et supprime ceci:
attention seulement les fichiers (si présents).

D:\WINXP\system32\d3jb.exe
D:\WINXP\system32\crzw.exe
D:\WINXP\apios32.exe
D:\WINXP\system32\javasz32.exe
D:\WINXP\apiui.exe

----------------------------------------------------------------------------
¤Arrête ces services :

Clique sur Démarrer->exécuter->tape: services.msc

Double-clique: Service: Workstation NetLogon Service

Règle-le sur "Arrêté" et "Désactivé".
----------------------------------------------------------------------------
¤ Passe About Buster autant de fois qu’il trouve quelque chose (5/10/15 fois si la nécessité est présente).
----------------------------------------------------------------------------
¤ Passe Ad-Aware et supprime tout ce qu’il trouve + supprime les quarantaines…
----------------------------------------------------------------------------
¤ Passe Spybot et corrige tout ce qu’il trouve + vaccine + supprime les quarantaines…
----------------------------------------------------------------------------
¤ Vide ta Corbeille.
----------------------------------------------------------------------------
¤ Redémarre en mode normal, relance Hijackthis et copie/colle un nouveau rapport sur le forum.

Précise tes soucis s’il en reste....

Tiens-moi au courant

A+
0
manu
15 nov. 2005 à 23:52
Bonjour,

et d'abord merci d'avoir répondu si vite.
J'ai fait ce que tu indiquais. J'ai même passé un coup de scan ewido qui m'a encore trouvé quelques fichiers infectés. Ensuite j'ai redémarré en mode normal. Mais le trojan est rapidement réaparu, détecté par antivir. Je dois avouer que j'ai commis une petite erreur : je n'ai pas fait "masquer les fichiers cachés" tout de suite. Est ce que ça peut etre la raison du retour du virus?
J'ai une autre question: faut il que je fasse les mises à jour de windows XP comme me le suggère windows? (ou est ce que c'est mieux de ne pas les faire quand on est infecté?)

Je te poste ma nouvellelog highjackthis :

Logfile of HijackThis v1.99.1
Scan saved at 19:53:10, on 15/11/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
D:\WINXP\System32\smss.exe
D:\WINXP\system32\winlogon.exe
D:\WINXP\system32\services.exe
D:\WINXP\system32\lsass.exe
D:\WINXP\system32\svchost.exe
D:\WINXP\System32\svchost.exe
D:\WINXP\system32\spoolsv.exe
D:\WINXP\Explorer.EXE
D:\Program Files\AVPersonal\AVGUARD.EXE
D:\Program Files\AVPersonal\AVWUPSRV.EXE
D:\WINXP\System32\cisvc.exe
D:\Program Files\ewido\security suite\ewidoctrl.exe
D:\WINXP\System32\svchost.exe
D:\WINXP\system32\ZoneLabs\vsmon.exe
D:\Program Files\Winamp\Winampa.exe
D:\Program Files\Ahead\InCD\InCD.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
D:\Program Files\AVPersonal\AVGNT.EXE
D:\WINXP\System32\wuauclt.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\WINXP\System32\cidaemon.exe
D:\Documents and Settings\Fabienne\Bureau\manu raccourcis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - D:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
O3 - Toolbar: Yahoo! Compagnon - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\WINXP\Downloaded Program Files\ycomp5_1_5_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINXP\System32\msdxm.ocx
O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [NeroCheck] D:\WINXP\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] D:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Zone Labs Client] D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [OneClick] "D:\Program Files\oneclick\oneclick.exe"
O4 - HKLM\..\Run: [AVGCtrl] D:\Program Files\AVPersonal\AVGNT.EXE /min
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Télécharger avec NetTransport - D:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: Tout t&élécharger avec NetTransport - D:\Program Files\Xi\NetTransport 2\NTAddList.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\j2re1.4.1_03\bin\npjpi141_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\j2re1.4.1_03\bin\npjpi141_03.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - D:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - D:\Program Files\ICQ\ICQ.exe
O16 - DPF: {01347765-1965-426B-91A4-AA6BB342B9A3} (InstallerObj Class) - http://videohd.m6.fr.ipercast.net/installer-hidden.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Compagnon) - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/yiebio5_1_5_0.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4F4FD958-F3D7-4248-9F07-7D70ED8EC4BC}: NameServer = 192.168.32.249,194.51.3.65
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - D:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - D:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: ewido security suite control - ewido networks - D:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: SmartFinder Uninstall (SmartFinder_Uninstall) - Unknown owner - D:\Documents and Settings\Fabienne\Bureau\SFUninstaller.exe" service (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - D:\WINXP\system32\ZoneLabs\vsmon.exe
0
Réponse 2 / 4
Utilisateur anonyme
16 nov. 2005 à 13:42
salut
les mises a jour tu les feras quand les soucis seront resolu

fais ceci
demarer < poste de travail< c < program files < av personal < logfiles < cherche NTGRDRT <copie/colle ici tout ce qu il y a dedans

merci

a+
0
Réponse 3 / 4
manup1212 Messages postés 1 Date d'inscription mardi 29 novembre 2005 Statut Membre Dernière intervention 29 novembre 2005
29 nov. 2005 à 22:04
J'ai effectué des mises à jour d'Antivir (mon antivirus) puis un scan complet du système, cela semble avoir éradiqué le trojan. Suis-je débarrassé de toute infection ?
Voici ma nouvelle log, et plus bas, le contenu du fichier que tu m'as dit d'afficher.
En tous cas merci pour tes réponses.

Logfile of HijackThis v1.99.1
Scan saved at 19:55:53, on 29/11/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
D:\WINXP\System32\smss.exe
D:\WINXP\system32\winlogon.exe
D:\WINXP\system32\services.exe
D:\WINXP\system32\lsass.exe
D:\WINXP\system32\svchost.exe
D:\WINXP\System32\svchost.exe
D:\WINXP\Explorer.EXE
D:\WINXP\system32\spoolsv.exe
D:\Program Files\Winamp\Winampa.exe
D:\Program Files\Ahead\InCD\InCD.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
D:\Program Files\AVPersonal\AVGNT.EXE
D:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
D:\Program Files\AVPersonal\AVWUPSRV.EXE
D:\WINXP\System32\cisvc.exe
D:\Program Files\ewido\security suite\ewidoctrl.exe
D:\WINXP\System32\svchost.exe
D:\WINXP\system32\ZoneLabs\vsmon.exe
D:\WINXP\System32\wuauclt.exe
D:\WINXP\System32\cidaemon.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\MSN Messenger\msnmsgr.exe
D:\Documents and Settings\Fabienne\Bureau\manu raccourcis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - D:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
O3 - Toolbar: Yahoo! Compagnon - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\WINXP\Downloaded Program Files\ycomp5_1_5_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINXP\System32\msdxm.ocx
O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [NeroCheck] D:\WINXP\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] D:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Zone Labs Client] D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [OneClick] "D:\Program Files\oneclick\oneclick.exe"
O4 - HKLM\..\Run: [AVGCtrl] "D:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Télécharger avec NetTransport - D:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: Tout t&élécharger avec NetTransport - D:\Program Files\Xi\NetTransport 2\NTAddList.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\j2re1.4.1_03\bin\npjpi141_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\j2re1.4.1_03\bin\npjpi141_03.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - D:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - D:\Program Files\ICQ\ICQ.exe
O16 - DPF: {01347765-1965-426B-91A4-AA6BB342B9A3} (InstallerObj Class) - http://videohd.m6.fr.ipercast.net/installer-hidden.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Compagnon) - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/yiebio5_1_5_0.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4F4FD958-F3D7-4248-9F07-7D70ED8EC4BC}: NameServer = 192.168.32.249,194.51.3.65
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - D:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - D:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: ewido security suite control - ewido networks - D:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: SmartFinder Uninstall (SmartFinder_Uninstall) - Unknown owner - D:\Documents and Settings\Fabienne\Bureau\SFUninstaller.exe" service (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - D:\WINXP\system32\ZoneLabs\vsmon.exe


voici le fichier :

18/11/2005,00:26:20 [INFO] Stop Filter Device.
18/11/2005,00:26:21 AVGuard service has been stopped!
22/11/2005,08:19:54 ---------------------------------------------------------
22/11/2005,08:19:54 [INIT] The AVGuard Service is starting.
22/11/2005,08:20:02 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
22/11/2005,08:20:05 [LOGON] Connection request by remote computer. Establishing secure communication channel.
22/11/2005,08:20:05 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaa1fd2.
22/11/2005,08:20:15 [INFO] Start Filter Device.
22/11/2005,08:20:15 AntiVirService Version: 6.32.00.12 AVE Version 6.32.0.57 VDF Version: 6.32.0.188
22/11/2005,08:20:15 AVGuard has been started successfully!
22/11/2005,19:57:54 ---------------------------------------------------------
22/11/2005,19:57:54 [INIT] The AVGuard Service is starting.
22/11/2005,19:57:58 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
22/11/2005,19:58:02 [LOGON] Connection request by remote computer. Establishing secure communication channel.
22/11/2005,19:58:02 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaa1a8c.
22/11/2005,19:58:15 [INFO] Start Filter Device.
22/11/2005,19:58:15 AntiVirService Version: 6.32.00.12 AVE Version 6.32.0.57 VDF Version: 6.32.0.188
22/11/2005,19:58:15 AVGuard has been started successfully!
23/11/2005,20:28:53 ---------------------------------------------------------
23/11/2005,20:28:53 [INIT] The AVGuard Service is starting.
23/11/2005,20:28:55 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
23/11/2005,20:28:58 [LOGON] Connection request by remote computer. Establishing secure communication channel.
23/11/2005,20:28:58 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaa02cd.
23/11/2005,20:29:15 [INFO] Start Filter Device.
23/11/2005,20:29:15 AntiVirService Version: 6.32.00.12 AVE Version 6.32.0.57 VDF Version: 6.32.0.188
23/11/2005,20:29:15 AVGuard has been started successfully!
23/11/2005,22:20:21 [LOGON] Connection request by remote computer. Establishing secure communication channel.
23/11/2005,22:20:22 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaacc6924.
23/11/2005,23:27:23 [INFO] Stop Filter Device.
23/11/2005,23:27:27 AVGuard service has been stopped!
24/11/2005,19:49:52 ---------------------------------------------------------
24/11/2005,19:49:52 [INIT] The AVGuard Service is starting.
24/11/2005,19:49:56 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
24/11/2005,19:49:57 [LOGON] Connection request by remote computer. Establishing secure communication channel.
24/11/2005,19:49:58 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaa7bdb.
24/11/2005,19:50:13 [INFO] Start Filter Device.
24/11/2005,19:50:13 AntiVirService Version: 6.32.00.12 AVE Version 6.32.0.57 VDF Version: 6.32.0.188
24/11/2005,19:50:13 AVGuard has been started successfully!
24/11/2005,20:59:04 [INFO] Stop Filter Device.
24/11/2005,20:59:04 AVGuard service has been stopped!
24/11/2005,23:24:45 ---------------------------------------------------------
24/11/2005,23:24:45 [INIT] The AVGuard Service is starting.
24/11/2005,23:24:47 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
24/11/2005,23:24:51 [LOGON] Connection request by remote computer. Establishing secure communication channel.
24/11/2005,23:24:51 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaa0d19.
24/11/2005,23:25:08 [INFO] Start Filter Device.
24/11/2005,23:25:08 AntiVirService Version: 6.32.00.12 AVE Version 6.32.0.57 VDF Version: 6.32.0.188
24/11/2005,23:25:08 AVGuard has been started successfully!
25/11/2005,00:04:24 [INFO] Stop Filter Device.
25/11/2005,00:04:26 AVGuard service has been stopped!
25/11/2005,20:12:31 ---------------------------------------------------------
25/11/2005,20:12:31 [INIT] The AVGuard Service is starting.
25/11/2005,20:12:38 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
25/11/2005,20:12:40 [LOGON] Connection request by remote computer. Establishing secure communication channel.
25/11/2005,20:12:41 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaa1cd7.
25/11/2005,20:12:52 [INFO] Start Filter Device.
25/11/2005,20:12:52 AntiVirService Version: 6.32.00.12 AVE Version 6.32.0.57 VDF Version: 6.32.0.188
25/11/2005,20:12:52 AVGuard has been started successfully!
26/11/2005,09:00:29 ---------------------------------------------------------
26/11/2005,09:00:29 [INIT] The AVGuard Service is starting.
26/11/2005,09:00:35 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
26/11/2005,09:00:37 [LOGON] Connection request by remote computer. Establishing secure communication channel.
26/11/2005,09:00:37 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaa1fbe.
26/11/2005,09:00:51 [INFO] Start Filter Device.
26/11/2005,09:00:51 AntiVirService Version: 6.32.00.12 AVE Version 6.32.0.57 VDF Version: 6.32.0.188
26/11/2005,09:00:51 AVGuard has been started successfully!
27/11/2005,19:55:19 ---------------------------------------------------------
27/11/2005,19:55:19 [INIT] The AVGuard Service is starting.
27/11/2005,19:55:28 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
27/11/2005,19:55:39 [LOGON] Connection request by remote computer. Establishing secure communication channel.
27/11/2005,19:55:40 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaa6b43.
27/11/2005,19:56:07 [INFO] Start Filter Device.
27/11/2005,19:56:07 AntiVirService Version: 6.32.00.12 AVE Version 6.32.0.57 VDF Version: 6.32.0.188
27/11/2005,19:56:07 AVGuard has been started successfully!
28/11/2005,00:04:24 [INFO] Stop Filter Device.
28/11/2005,00:04:28 AVGuard service has been stopped!
28/11/2005,22:42:14 ---------------------------------------------------------
28/11/2005,22:42:14 [INIT] The AVGuard Service is starting.
28/11/2005,22:42:16 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
28/11/2005,22:42:19 [LOGON] Connection request by remote computer. Establishing secure communication channel.
28/11/2005,22:42:19 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaa08ad.
28/11/2005,22:42:32 [INFO] Start Filter Device.
28/11/2005,22:42:32 AntiVirService Version: 6.32.00.12 AVE Version 6.32.0.57 VDF Version: 6.32.0.188
28/11/2005,22:42:32 AVGuard has been started successfully!
29/11/2005,08:19:08 ---------------------------------------------------------
29/11/2005,08:19:08 [INIT] The AVGuard Service is starting.
29/11/2005,08:19:13 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
29/11/2005,08:19:15 [LOGON] Connection request by remote computer. Establishing secure communication channel.
29/11/2005,08:19:15 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaa03ee.
29/11/2005,08:19:30 [INFO] Start Filter Device.
29/11/2005,08:19:30 AntiVirService Version: 6.32.00.12 AVE Version 6.32.0.57 VDF Version: 6.32.0.188
29/11/2005,08:19:30 AVGuard has been started successfully!
29/11/2005,08:32:42 [INFO] Stop Filter Device.
29/11/2005,08:32:42 AVGuard service has been stopped!
29/11/2005,18:17:48 ---------------------------------------------------------
29/11/2005,18:17:48 [INIT] The AVGuard Service is starting.
29/11/2005,18:17:50 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
29/11/2005,18:17:51 [LOGON] Connection request by remote computer. Establishing secure communication channel.
29/11/2005,18:17:51 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaa340a.
29/11/2005,18:18:11 [INFO] Start Filter Device.
29/11/2005,18:18:11 AntiVirService Version: 6.32.00.12 AVE Version 6.32.0.57 VDF Version: 6.32.0.188
29/11/2005,18:18:11 AVGuard has been started successfully!
0
Réponse 4 / 4
Utilisateur anonyme
30 nov. 2005 à 13:14
salut

super !!! met a jour de suite windows, installe le sp1 !! (c est capital pour ton pc)
http://update.microsoft.com/windowsupdate/v6/default.aspx?ln=fr

a+
0

Discussions similaires

Comment supprimer le virus Trojan
vitsou -
vitsou -

18 réponses
Aide pour un virus
cerise92700 -
MisteryBean -

41 réponses
casque sans fil Sennheiser TR 4200 ne fonctionne plus
jcb83400 -
DIY -

3 réponses
Trojan impossible à supprimer!
Gridouu -
Malekal_morte- -

12 réponses
Virus : trojan:win32/wacatac.h!ml
Alky09 -
bazfile -

8 réponses