Probleme de Trojan TR/StartPa.DU.DLL.1

Manu -  
 Utilisateur anonyme -
Bonjour,
depuis 2 semaines, j'ai des soucis avec mon PC. Il semblerait que je sois ifeté par un trojan qui s'appelle TR/StartPa.DU.DLL.1 (d'apres mon antivirus). J'ai essayé plusieurs fois de "nettoyer au Karsher" mon PC avec Easy Cleaner, Ad-aware, Spybot, etc, mais le trojan revient sans cesse.
Merci pour votre aide
voici mon log :

Logfile of HijackThis v1.99.1
Scan saved at 13:48:51, on 14/11/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
D:\WINXP\System32\smss.exe
D:\WINXP\system32\winlogon.exe
D:\WINXP\system32\services.exe
D:\WINXP\system32\lsass.exe
D:\WINXP\system32\svchost.exe
D:\WINXP\System32\svchost.exe
D:\WINXP\Explorer.EXE
D:\WINXP\system32\spoolsv.exe
D:\Program Files\Winamp\Winampa.exe
D:\Program Files\Ahead\InCD\InCD.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
D:\Program Files\AVPersonal\AVGNT.EXE
D:\WINXP\apiui.exe
D:\Program Files\AVPersonal\AVGUARD.EXE
D:\Program Files\AVPersonal\AVWUPSRV.EXE
D:\WINXP\System32\cisvc.exe
D:\Program Files\ewido\security suite\ewidoctrl.exe
D:\WINXP\System32\svchost.exe
D:\WINXP\system32\ZoneLabs\vsmon.exe
D:\WINXP\System32\wuauclt.exe
D:\WINXP\System32\cidaemon.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\WINXP\system32\javasz32.exe
D:\Documents and Settings\Fabienne\Bureau\manu raccourcis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://D:\WINXP\xysup.dll/sp.html#93256
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://D:\WINXP\xysup.dll/sp.html#93256
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://D:\WINXP\xysup.dll/sp.html#93256
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://D:\WINXP\xysup.dll/sp.html#93256
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://D:\WINXP\xysup.dll/sp.html#93256
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://D:\WINXP\xysup.dll/sp.html#93256
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://D:\WINXP\xysup.dll/sp.html#93256
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {81C8D1B5-FEF1-D764-E087-ABE5B631A208} - D:\WINXP\system32\apitm.dll
O2 - BHO: Class - {B07DE2EF-914A-4BE3-4E2F-728546F6FC92} - D:\WINXP\system32\mfcaf32.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - D:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
O2 - BHO: Class - {E4EF4A50-80E5-058C-029B-78A74EDA59F9} - D:\WINXP\system32\sdklq32.dll
O3 - Toolbar: Yahoo! Compagnon - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\WINXP\Downloaded Program Files\ycomp5_1_5_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINXP\System32\msdxm.ocx
O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [NeroCheck] D:\WINXP\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] D:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Zone Labs Client] D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [OneClick] "D:\Program Files\oneclick\oneclick.exe"
O4 - HKLM\..\Run: [AVGCtrl] D:\Program Files\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [d3jb.exe] D:\WINXP\system32\d3jb.exe
O4 - HKLM\..\Run: [crzw.exe] D:\WINXP\system32\crzw.exe
O4 - HKLM\..\Run: [apios32.exe] D:\WINXP\apios32.exe
O4 - HKLM\..\Run: [javasz32.exe] D:\WINXP\system32\javasz32.exe
O4 - HKCU\..\Run: [Wallpaper] "D:\Program Files\Wallpaper\Wallpaper.exe" Starter
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Télécharger avec NetTransport - D:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: Tout t&élécharger avec NetTransport - D:\Program Files\Xi\NetTransport 2\NTAddList.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\j2re1.4.1_03\bin\npjpi141_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\j2re1.4.1_03\bin\npjpi141_03.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - D:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - D:\Program Files\ICQ\ICQ.exe
O16 - DPF: {01347765-1965-426B-91A4-AA6BB342B9A3} (InstallerObj Class) - http://videohd.m6.fr.ipercast.net/installer-hidden.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Compagnon) - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/yiebio5_1_5_0.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4F4FD958-F3D7-4248-9F07-7D70ED8EC4BC}: NameServer = 192.168.32.249,194.51.3.65
O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - D:\WINXP\apiui.exe
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - D:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - D:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: ewido security suite control - ewido networks - D:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: SmartFinder Uninstall (SmartFinder_Uninstall) - Unknown owner - D:\Documents and Settings\Fabienne\Bureau\SFUninstaller.exe" service (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - D:\WINXP\system32\ZoneLabs\vsmon.exe

4 réponses

  1. Utilisateur anonyme
     
    Bonjour,

    Méthode à suivre dans l'ordre...
    ----------------------------------------------------------------------------
    ¤Télécharge ces logiciels mais que tu n‘utilises pas tout de suite:

    1/

    Spybot S&D 1.4 <<nouvelle version.
    http://www.safer-networking.org/fr/index.html

    Démo d’utilisation (merci à Balltrap34 pour cette réalisation).
    http://pageperso.aol.fr/Balltrap34/demo%20spybot.htm

    2/

    Ad-Aware SE 1.06 <<nouvelle version.
    http://www.lavasoftusa.com/software/adaware/
    -Une aide:
    http://www.tutopat.com/viewtopic.php?t=1191
    - installe le patch français, tu pourras le trouver ici:
    http://download.lavasoft.de.edgesuite.net/public/pllangs.exe
    et une petite vidéo d'utilisation ici:(merci à Moe31 pour cette réalisation).
    http://pageperso.aol.fr/balltrap34/adawrevid.asf

    6/

    About Buster:
    http://www.majorgeeks.com/download4289.html

    Clique "Check for updates".
    Télécharge les mises à jour
    referme le
    on l‘utilisera plus tard.

    http://files4.majorgeeks.com/files/64bb3c7589214974e7fd34f975ced5be/spyware/hsremove.exe
    ----------------------------------------------------------------------------
    ¤Affiche tous les fichiers et dossiers :
    Clique sur démarrer/panneau de configuration/outil/option des dossiers/affichage

    Coche « afficher les fichiers et dossiers cachés »

    Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"

    Décoche « masquer les extensions dont le type est connu »
    Puis fais «Ok» pour valider les changements.

    Et appliquer !
    ----------------------------------------------------------------------------
    ¤Relance HijackThis, coche les cases devant ces lignes et ensuite clique sur fix checked :

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://D:\WINXP\xysup.dll/sp.html#93256

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://D:\WINXP\xysup.dll/sp.html#93256

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://D:\WINXP\xysup.dll/sp.html#93256

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://D:\WINXP\xysup.dll/sp.html#93256

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://D:\WINXP\xysup.dll/sp.html#93256

    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://D:\WINXP\xysup.dll/sp.html#93256

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://D:\WINXP\xysup.dll/sp.html#93256

    R3 - Default URLSearchHook is missing

    O2 - BHO: Class - {81C8D1B5-FEF1-D764-E087-ABE5B631A208} - D:\WINXP\system32\apitm.dll

    O2 - BHO: Class - {B07DE2EF-914A-4BE3-4E2F-728546F6FC92} - D:\WINXP\system32\mfcaf32.dll

    O2 - BHO: Class - {E4EF4A50-80E5-058C-029B-78A74EDA59F9} - D:\WINXP\system32\sdklq32.dll

    4 - HKLM\..\Run: [d3jb.exe] D:\WINXP\system32\d3jb.exe

    O4 - HKLM\..\Run: [crzw.exe] D:\WINXP\system32\crzw.exe

    O4 - HKLM\..\Run: [apios32.exe] D:\WINXP\apios32.exe

    O4 - HKLM\..\Run: [javasz32.exe] D:\WINXP\system32\javasz32.exe

    O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - D:\WINXP\apiui.exe

    ----------------------------------------------------------------------------
    ¤Démarre en mode sans échec :
    Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter
    Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
    Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
    (Si F8 ne marche pas utilise la touche F5).
    ----------------------------------------------------------------------------
    ¤Vide tes fichiers temps et temporary internet file:

    :: Supprimer les fichiers temporaires ::
    vider tout le contenu de ces dossiers.

    * C:\Documents and Settings\ton compte\Local Settings\Temp
    * C:\Documents and Settings\tous les autres comptes\Local Settings\Temp
    * C:\Windows\Temp

    :: Le contenu du dossier prefetch ::

    * C:\WINDOWS\Prefetch <= sauf le fichier layout.ini

    * Ne pas oublier de vider la corbeille !
    ----------------------------------------------------------------------------
    ¤Recherche et supprime ceci:
    attention seulement les fichiers (si présents).

    D:\WINXP\system32\d3jb.exe
    D:\WINXP\system32\crzw.exe
    D:\WINXP\apios32.exe
    D:\WINXP\system32\javasz32.exe
    D:\WINXP\apiui.exe

    ----------------------------------------------------------------------------
    ¤Arrête ces services :

    Clique sur Démarrer->exécuter->tape: services.msc

    Double-clique: Service: Workstation NetLogon Service

    Règle-le sur "Arrêté" et "Désactivé".
    ----------------------------------------------------------------------------
    ¤ Passe About Buster autant de fois qu’il trouve quelque chose (5/10/15 fois si la nécessité est présente).
    ----------------------------------------------------------------------------
    ¤ Passe Ad-Aware et supprime tout ce qu’il trouve + supprime les quarantaines…
    ----------------------------------------------------------------------------
    ¤ Passe Spybot et corrige tout ce qu’il trouve + vaccine + supprime les quarantaines…
    ----------------------------------------------------------------------------
    ¤ Vide ta Corbeille.
    ----------------------------------------------------------------------------
    ¤ Redémarre en mode normal, relance Hijackthis et copie/colle un nouveau rapport sur le forum.

    Précise tes soucis s’il en reste....

    Tiens-moi au courant

    A+
    0
    1. manu
       
      Bonjour,

      et d'abord merci d'avoir répondu si vite.
      J'ai fait ce que tu indiquais. J'ai même passé un coup de scan ewido qui m'a encore trouvé quelques fichiers infectés. Ensuite j'ai redémarré en mode normal. Mais le trojan est rapidement réaparu, détecté par antivir. Je dois avouer que j'ai commis une petite erreur : je n'ai pas fait "masquer les fichiers cachés" tout de suite. Est ce que ça peut etre la raison du retour du virus?
      J'ai une autre question: faut il que je fasse les mises à jour de windows XP comme me le suggère windows? (ou est ce que c'est mieux de ne pas les faire quand on est infecté?)

      Je te poste ma nouvellelog highjackthis :

      Logfile of HijackThis v1.99.1
      Scan saved at 19:53:10, on 15/11/2005
      Platform: Windows XP (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

      Running processes:
      D:\WINXP\System32\smss.exe
      D:\WINXP\system32\winlogon.exe
      D:\WINXP\system32\services.exe
      D:\WINXP\system32\lsass.exe
      D:\WINXP\system32\svchost.exe
      D:\WINXP\System32\svchost.exe
      D:\WINXP\system32\spoolsv.exe
      D:\WINXP\Explorer.EXE
      D:\Program Files\AVPersonal\AVGUARD.EXE
      D:\Program Files\AVPersonal\AVWUPSRV.EXE
      D:\WINXP\System32\cisvc.exe
      D:\Program Files\ewido\security suite\ewidoctrl.exe
      D:\WINXP\System32\svchost.exe
      D:\WINXP\system32\ZoneLabs\vsmon.exe
      D:\Program Files\Winamp\Winampa.exe
      D:\Program Files\Ahead\InCD\InCD.exe
      D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
      D:\Program Files\AVPersonal\AVGNT.EXE
      D:\WINXP\System32\wuauclt.exe
      D:\Program Files\Mozilla Firefox\firefox.exe
      D:\WINXP\System32\cidaemon.exe
      D:\Documents and Settings\Fabienne\Bureau\manu raccourcis\HijackThis.exe

      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - D:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
      O3 - Toolbar: Yahoo! Compagnon - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\WINXP\Downloaded Program Files\ycomp5_1_5_0.dll
      O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINXP\System32\msdxm.ocx
      O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp\Winampa.exe"
      O4 - HKLM\..\Run: [NeroCheck] D:\WINXP\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [InCD] D:\Program Files\Ahead\InCD\InCD.exe
      O4 - HKLM\..\Run: [Zone Labs Client] D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
      O4 - HKLM\..\Run: [OneClick] "D:\Program Files\oneclick\oneclick.exe"
      O4 - HKLM\..\Run: [AVGCtrl] D:\Program Files\AVPersonal\AVGNT.EXE /min
      O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
      O8 - Extra context menu item: &Télécharger avec NetTransport - D:\Program Files\Xi\NetTransport 2\NTAddLink.html
      O8 - Extra context menu item: Tout t&élécharger avec NetTransport - D:\Program Files\Xi\NetTransport 2\NTAddList.html
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\j2re1.4.1_03\bin\npjpi141_03.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\j2re1.4.1_03\bin\npjpi141_03.dll
      O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - D:\Program Files\ICQ\ICQ.exe
      O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - D:\Program Files\ICQ\ICQ.exe
      O16 - DPF: {01347765-1965-426B-91A4-AA6BB342B9A3} (InstallerObj Class) - http://videohd.m6.fr.ipercast.net/installer-hidden.cab
      O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
      O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
      O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
      O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Compagnon) - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/yiebio5_1_5_0.cab
      O17 - HKLM\System\CCS\Services\Tcpip\..\{4F4FD958-F3D7-4248-9F07-7D70ED8EC4BC}: NameServer = 192.168.32.249,194.51.3.65
      O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - D:\Program Files\AVPersonal\AVGUARD.EXE
      O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - D:\Program Files\AVPersonal\AVWUPSRV.EXE
      O23 - Service: ewido security suite control - ewido networks - D:\Program Files\ewido\security suite\ewidoctrl.exe
      O23 - Service: SmartFinder Uninstall (SmartFinder_Uninstall) - Unknown owner - D:\Documents and Settings\Fabienne\Bureau\SFUninstaller.exe" service (file missing)
      O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - D:\WINXP\system32\ZoneLabs\vsmon.exe
      0
  2. Utilisateur anonyme
     
    salut
    les mises a jour tu les feras quand les soucis seront resolu

    fais ceci
    demarer < poste de travail< c < program files < av personal < logfiles < cherche NTGRDRT <copie/colle ici tout ce qu il y a dedans

    merci

    a+
    0
  3. manup1212 Messages postés 1 Statut Membre
     
    J'ai effectué des mises à jour d'Antivir (mon antivirus) puis un scan complet du système, cela semble avoir éradiqué le trojan. Suis-je débarrassé de toute infection ?
    Voici ma nouvelle log, et plus bas, le contenu du fichier que tu m'as dit d'afficher.
    En tous cas merci pour tes réponses.

    Logfile of HijackThis v1.99.1
    Scan saved at 19:55:53, on 29/11/2005
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

    Running processes:
    D:\WINXP\System32\smss.exe
    D:\WINXP\system32\winlogon.exe
    D:\WINXP\system32\services.exe
    D:\WINXP\system32\lsass.exe
    D:\WINXP\system32\svchost.exe
    D:\WINXP\System32\svchost.exe
    D:\WINXP\Explorer.EXE
    D:\WINXP\system32\spoolsv.exe
    D:\Program Files\Winamp\Winampa.exe
    D:\Program Files\Ahead\InCD\InCD.exe
    D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    D:\Program Files\AVPersonal\AVGNT.EXE
    D:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
    D:\Program Files\AVPersonal\AVWUPSRV.EXE
    D:\WINXP\System32\cisvc.exe
    D:\Program Files\ewido\security suite\ewidoctrl.exe
    D:\WINXP\System32\svchost.exe
    D:\WINXP\system32\ZoneLabs\vsmon.exe
    D:\WINXP\System32\wuauclt.exe
    D:\WINXP\System32\cidaemon.exe
    D:\Program Files\Mozilla Firefox\firefox.exe
    D:\Program Files\MSN Messenger\msnmsgr.exe
    D:\Documents and Settings\Fabienne\Bureau\manu raccourcis\HijackThis.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - D:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
    O3 - Toolbar: Yahoo! Compagnon - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\WINXP\Downloaded Program Files\ycomp5_1_5_0.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINXP\System32\msdxm.ocx
    O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp\Winampa.exe"
    O4 - HKLM\..\Run: [NeroCheck] D:\WINXP\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] D:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [Zone Labs Client] D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKLM\..\Run: [OneClick] "D:\Program Files\oneclick\oneclick.exe"
    O4 - HKLM\..\Run: [AVGCtrl] "D:\Program Files\AVPersonal\AVGNT.EXE" /min
    O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: &Télécharger avec NetTransport - D:\Program Files\Xi\NetTransport 2\NTAddLink.html
    O8 - Extra context menu item: Tout t&élécharger avec NetTransport - D:\Program Files\Xi\NetTransport 2\NTAddList.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\j2re1.4.1_03\bin\npjpi141_03.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\j2re1.4.1_03\bin\npjpi141_03.dll
    O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - D:\Program Files\ICQ\ICQ.exe
    O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - D:\Program Files\ICQ\ICQ.exe
    O16 - DPF: {01347765-1965-426B-91A4-AA6BB342B9A3} (InstallerObj Class) - http://videohd.m6.fr.ipercast.net/installer-hidden.cab
    O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Compagnon) - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/yiebio5_1_5_0.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4F4FD958-F3D7-4248-9F07-7D70ED8EC4BC}: NameServer = 192.168.32.249,194.51.3.65
    O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - D:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
    O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - D:\Program Files\AVPersonal\AVWUPSRV.EXE
    O23 - Service: ewido security suite control - ewido networks - D:\Program Files\ewido\security suite\ewidoctrl.exe
    O23 - Service: SmartFinder Uninstall (SmartFinder_Uninstall) - Unknown owner - D:\Documents and Settings\Fabienne\Bureau\SFUninstaller.exe" service (file missing)
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - D:\WINXP\system32\ZoneLabs\vsmon.exe

    voici le fichier :

    18/11/2005,00:26:20 [INFO] Stop Filter Device.
    18/11/2005,00:26:21 AVGuard service has been stopped!
    22/11/2005,08:19:54 ---------------------------------------------------------
    22/11/2005,08:19:54 [INIT] The AVGuard Service is starting.
    22/11/2005,08:20:02 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
    22/11/2005,08:20:05 [LOGON] Connection request by remote computer. Establishing secure communication channel.
    22/11/2005,08:20:05 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaa1fd2.
    22/11/2005,08:20:15 [INFO] Start Filter Device.
    22/11/2005,08:20:15 AntiVirService Version: 6.32.00.12 AVE Version 6.32.0.57 VDF Version: 6.32.0.188
    22/11/2005,08:20:15 AVGuard has been started successfully!
    22/11/2005,19:57:54 ---------------------------------------------------------
    22/11/2005,19:57:54 [INIT] The AVGuard Service is starting.
    22/11/2005,19:57:58 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
    22/11/2005,19:58:02 [LOGON] Connection request by remote computer. Establishing secure communication channel.
    22/11/2005,19:58:02 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaa1a8c.
    22/11/2005,19:58:15 [INFO] Start Filter Device.
    22/11/2005,19:58:15 AntiVirService Version: 6.32.00.12 AVE Version 6.32.0.57 VDF Version: 6.32.0.188
    22/11/2005,19:58:15 AVGuard has been started successfully!
    23/11/2005,20:28:53 ---------------------------------------------------------
    23/11/2005,20:28:53 [INIT] The AVGuard Service is starting.
    23/11/2005,20:28:55 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
    23/11/2005,20:28:58 [LOGON] Connection request by remote computer. Establishing secure communication channel.
    23/11/2005,20:28:58 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaa02cd.
    23/11/2005,20:29:15 [INFO] Start Filter Device.
    23/11/2005,20:29:15 AntiVirService Version: 6.32.00.12 AVE Version 6.32.0.57 VDF Version: 6.32.0.188
    23/11/2005,20:29:15 AVGuard has been started successfully!
    23/11/2005,22:20:21 [LOGON] Connection request by remote computer. Establishing secure communication channel.
    23/11/2005,22:20:22 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaacc6924.
    23/11/2005,23:27:23 [INFO] Stop Filter Device.
    23/11/2005,23:27:27 AVGuard service has been stopped!
    24/11/2005,19:49:52 ---------------------------------------------------------
    24/11/2005,19:49:52 [INIT] The AVGuard Service is starting.
    24/11/2005,19:49:56 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
    24/11/2005,19:49:57 [LOGON] Connection request by remote computer. Establishing secure communication channel.
    24/11/2005,19:49:58 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaa7bdb.
    24/11/2005,19:50:13 [INFO] Start Filter Device.
    24/11/2005,19:50:13 AntiVirService Version: 6.32.00.12 AVE Version 6.32.0.57 VDF Version: 6.32.0.188
    24/11/2005,19:50:13 AVGuard has been started successfully!
    24/11/2005,20:59:04 [INFO] Stop Filter Device.
    24/11/2005,20:59:04 AVGuard service has been stopped!
    24/11/2005,23:24:45 ---------------------------------------------------------
    24/11/2005,23:24:45 [INIT] The AVGuard Service is starting.
    24/11/2005,23:24:47 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
    24/11/2005,23:24:51 [LOGON] Connection request by remote computer. Establishing secure communication channel.
    24/11/2005,23:24:51 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaa0d19.
    24/11/2005,23:25:08 [INFO] Start Filter Device.
    24/11/2005,23:25:08 AntiVirService Version: 6.32.00.12 AVE Version 6.32.0.57 VDF Version: 6.32.0.188
    24/11/2005,23:25:08 AVGuard has been started successfully!
    25/11/2005,00:04:24 [INFO] Stop Filter Device.
    25/11/2005,00:04:26 AVGuard service has been stopped!
    25/11/2005,20:12:31 ---------------------------------------------------------
    25/11/2005,20:12:31 [INIT] The AVGuard Service is starting.
    25/11/2005,20:12:38 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
    25/11/2005,20:12:40 [LOGON] Connection request by remote computer. Establishing secure communication channel.
    25/11/2005,20:12:41 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaa1cd7.
    25/11/2005,20:12:52 [INFO] Start Filter Device.
    25/11/2005,20:12:52 AntiVirService Version: 6.32.00.12 AVE Version 6.32.0.57 VDF Version: 6.32.0.188
    25/11/2005,20:12:52 AVGuard has been started successfully!
    26/11/2005,09:00:29 ---------------------------------------------------------
    26/11/2005,09:00:29 [INIT] The AVGuard Service is starting.
    26/11/2005,09:00:35 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
    26/11/2005,09:00:37 [LOGON] Connection request by remote computer. Establishing secure communication channel.
    26/11/2005,09:00:37 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaa1fbe.
    26/11/2005,09:00:51 [INFO] Start Filter Device.
    26/11/2005,09:00:51 AntiVirService Version: 6.32.00.12 AVE Version 6.32.0.57 VDF Version: 6.32.0.188
    26/11/2005,09:00:51 AVGuard has been started successfully!
    27/11/2005,19:55:19 ---------------------------------------------------------
    27/11/2005,19:55:19 [INIT] The AVGuard Service is starting.
    27/11/2005,19:55:28 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
    27/11/2005,19:55:39 [LOGON] Connection request by remote computer. Establishing secure communication channel.
    27/11/2005,19:55:40 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaa6b43.
    27/11/2005,19:56:07 [INFO] Start Filter Device.
    27/11/2005,19:56:07 AntiVirService Version: 6.32.00.12 AVE Version 6.32.0.57 VDF Version: 6.32.0.188
    27/11/2005,19:56:07 AVGuard has been started successfully!
    28/11/2005,00:04:24 [INFO] Stop Filter Device.
    28/11/2005,00:04:28 AVGuard service has been stopped!
    28/11/2005,22:42:14 ---------------------------------------------------------
    28/11/2005,22:42:14 [INIT] The AVGuard Service is starting.
    28/11/2005,22:42:16 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
    28/11/2005,22:42:19 [LOGON] Connection request by remote computer. Establishing secure communication channel.
    28/11/2005,22:42:19 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaa08ad.
    28/11/2005,22:42:32 [INFO] Start Filter Device.
    28/11/2005,22:42:32 AntiVirService Version: 6.32.00.12 AVE Version 6.32.0.57 VDF Version: 6.32.0.188
    28/11/2005,22:42:32 AVGuard has been started successfully!
    29/11/2005,08:19:08 ---------------------------------------------------------
    29/11/2005,08:19:08 [INIT] The AVGuard Service is starting.
    29/11/2005,08:19:13 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
    29/11/2005,08:19:15 [LOGON] Connection request by remote computer. Establishing secure communication channel.
    29/11/2005,08:19:15 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaa03ee.
    29/11/2005,08:19:30 [INFO] Start Filter Device.
    29/11/2005,08:19:30 AntiVirService Version: 6.32.00.12 AVE Version 6.32.0.57 VDF Version: 6.32.0.188
    29/11/2005,08:19:30 AVGuard has been started successfully!
    29/11/2005,08:32:42 [INFO] Stop Filter Device.
    29/11/2005,08:32:42 AVGuard service has been stopped!
    29/11/2005,18:17:48 ---------------------------------------------------------
    29/11/2005,18:17:48 [INIT] The AVGuard Service is starting.
    29/11/2005,18:17:50 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
    29/11/2005,18:17:51 [LOGON] Connection request by remote computer. Establishing secure communication channel.
    29/11/2005,18:17:51 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaa340a.
    29/11/2005,18:18:11 [INFO] Start Filter Device.
    29/11/2005,18:18:11 AntiVirService Version: 6.32.00.12 AVE Version 6.32.0.57 VDF Version: 6.32.0.188
    29/11/2005,18:18:11 AVGuard has been started successfully!
    0