rimbaut

salut megataupe, j'ai supprimé queques lignes ds hj mais je constate que le virus les remets notamment ds les R1 et les 04. J'ai l'impression que les virus s'installent des que je me connecte à IE, mais ce n'est qu'une impression ...

stonangel, ipl, tesgaz, megataupe et les autres, vous me laissez tomber ou quoi ? j'ai installe a2 et il me bloque souvent des programmes qui veulent s'installer ds system32. Est ce une bonne initiative Merci d'avance pour votre aide

Bonsoir stonangel, bonsoir à tous, J'ai effectué ttes la proc de desinfection et j'ai utilise 3 fois purityscan et je soumets mon log hj effectué en mode sans echec comme tt le reste d'ailleurs. Logfile of HijackThis v1.99.1 Scan saved at 19:13:56, on 10/07/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\AVPersonal\AVGNT.EXE C:\hijackthis\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\zpmtm.dll/sp.html#37049 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\zpmtm.dll/sp.html#37049 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\zpmtm.dll/sp.html#37049 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\zpmtm.dll/sp.html#37049 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\zpmtm.dll/sp.html#37049 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\zpmtm.dll/sp.html#37049 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - Default URLSearchHook is missing O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Class - {28F322DD-9910-4EFE-1C53-52037148150A} - C:\WINDOWS\atlgu32.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [intelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe O4 - HKLM\..\Run: [netpr32.exe] C:\WINDOWS\system32\netpr32.exe O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min O4 - HKLM\..\RunOnce: [ieat.exe] C:\WINDOWS\system32\ieat.exe O4 - HKLM\..\RunOnce: [apifj32.exe] C:\WINDOWS\system32\apifj32.exe O4 - HKLM\..\RunOnce: [mfcbl32.exe] C:\WINDOWS\system32\mfcbl32.exe O4 - HKLM\..\RunOnce: [iegn.exe] C:\WINDOWS\iegn.exe O4 - HKLM\..\RunOnce: [appkr32.exe] C:\WINDOWS\appkr32.exe O4 - HKLM\..\RunOnce: [appck32.exe] C:\WINDOWS\system32\appck32.exe O4 - HKLM\..\RunOnce: [mshm32.exe] C:\WINDOWS\system32\mshm32.exe O4 - HKLM\..\RunOnce: [msdh.exe] C:\WINDOWS\system32\msdh.exe O4 - HKLM\..\RunOnce: [d3zw32.exe] C:\WINDOWS\d3zw32.exe O4 - HKLM\..\RunOnce: [winnw32.exe] C:\WINDOWS\system32\winnw32.exe O4 - HKLM\..\RunOnce: [javasy.exe] C:\WINDOWS\system32\javasy.exe O4 - HKLM\..\RunOnce: [atlgv32.exe] C:\WINDOWS\system32\atlgv32.exe O4 - HKLM\..\RunOnce: [ielp.exe] C:\WINDOWS\system32\ielp.exe O4 - HKLM\..\RunOnce: [d3mx32.exe] C:\WINDOWS\d3mx32.exe O4 - HKLM\..\RunOnce: [ipzr.exe] C:\WINDOWS\ipzr.exe O4 - HKLM\..\RunOnce: [ipde32.exe] C:\WINDOWS\ipde32.exe O4 - HKLM\..\RunOnce: [msnb.exe] C:\WINDOWS\system32\msnb.exe O4 - HKLM\..\RunOnce: [addtg.exe] C:\WINDOWS\addtg.exe O4 - HKLM\..\RunOnce: [d3zi.exe] C:\WINDOWS\d3zi.exe O4 - HKLM\..\RunOnce: [mfcvd.exe] C:\WINDOWS\mfcvd.exe O4 - HKLM\..\RunOnce: [ieix32.exe] C:\WINDOWS\ieix32.exe O4 - HKLM\..\RunOnce: [mfcau.exe] C:\WINDOWS\mfcau.exe O4 - HKLM\..\RunOnce: [javazn.exe] C:\WINDOWS\system32\javazn.exe O4 - HKLM\..\RunOnce: [apieh32.exe] C:\WINDOWS\apieh32.exe O4 - HKLM\..\RunOnce: [ntco.exe] C:\WINDOWS\ntco.exe O4 - HKLM\..\RunOnce: [d3ys32.exe] C:\WINDOWS\d3ys32.exe O4 - HKLM\..\RunOnce: [ntrl.exe] C:\WINDOWS\system32\ntrl.exe O4 - HKLM\..\RunOnce: [javait.exe] C:\WINDOWS\javait.exe O4 - HKLM\..\RunOnce: [crvq32.exe] C:\WINDOWS\crvq32.exe O4 - HKLM\..\RunOnce: [javacm32.exe] C:\WINDOWS\system32\javacm32.exe O4 - HKLM\..\RunOnce: [mfchj32.exe] C:\WINDOWS\mfchj32.exe O4 - HKLM\..\RunOnce: [crku32.exe] C:\WINDOWS\system32\crku32.exe O4 - HKLM\..\RunOnce: [ieoz.exe] C:\WINDOWS\ieoz.exe O4 - HKLM\..\RunOnce: [appsd32.exe] C:\WINDOWS\system32\appsd32.exe O4 - HKLM\..\RunOnce: [d3xz32.exe] C:\WINDOWS\system32\d3xz32.exe O4 - HKCU\..\Run: [a-squared] "C:\Program Files\a2\a2guard.exe" O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\ieat.exe" /s (file missing) O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe j'ajoute que j'ai scanner avec antivir il a detecté 97 trojans il se trouvait en debut de scan et ensuite à la fin ds le dossier "system volume information/_restore". Ils se succedaient à l'adresse suivante A0033389, AA0033900 ect ... jusqu'à AA0033424. j'ai éffectué le log du scan d'antivir et voilà ce que ca donne Start of scan: dimanche 10 juillet 2005 18:29 Memory test OK Master boot record of hard disk HD0 OK Boot record of drive C: OK C:\ pagefile.sys Access denied! Error during file opening! This is a Windows swap file. This file is locked by Windows. Error code: 0x000D WARNING! Access error/file locked! C:\WINDOWS cwubby.txt [DETECTION] Is the Trojan horse TR/Agent.BI.3 WAS DELETED! sysyw.exe [DETECTION] Is the Trojan horse TR/Agent.BI.3 WAS DELETED! winhh32.exe [DETECTION] Is the Trojan horse TR/Agent.BI.3 WAS DELETED! d3wi.exe [DETECTION] Is the Trojan horse TR/Agent.BI.3 WAS DELETED! mfcpg32.exe [DETECTION] Is the Trojan horse TR/Agent.BI.3 WAS DELETED! sdkox32.exe [DETECTION] Is the Trojan horse TR/Agent.BI.3 WAS DELETED! javahh32.exe [DETECTION] Is the Trojan horse TR/Agent.BI.3 WAS DELETED! netae32.exe [DETECTION] Is the Trojan horse TR/Agent.BI.3 WAS DELETED! sdkzb.exe [DETECTION] Is the Trojan horse TR/Agent.BI.3 WAS DELETED! winsd.exe [DETECTION] Is the Trojan horse TR/Agent.BI.3 WAS DELETED! sysws.exe [DETECTION] Is the Trojan horse TR/Agent.BI.3 WAS DELETED! ipoa32.exe [DETECTION] Is the Trojan horse TR/Agent.BI.3 WAS DELETED! netfz32.exe [DETECTION] Is the Trojan horse TR/Agent.BI.3 WAS DELETED! mfcxf32.exe [DETECTION] Is the Trojan horse TR/Agent.BI.3 WAS DELETED! appfi32.exe [DETECTION] Is the Trojan horse TR/Agent.BI.3 WAS DELETED! netmv.exe [DETECTION] Is the Trojan horse TR/Agent.BI.3 WAS DELETED! crds.exe [DETECTION] Is the Trojan horse TR/Agent.BI.3 WAS DELETED! netni.exe [DETECTION] Is the Trojan horse TR/Agent.BI.3 WAS DELETED! mfcrv.exe [DETECTION] Is the Trojan horse TR/Agent.BI.3 WAS DELETED! winku32.exe [DETECTION] Is the Trojan horse TR/Agent.BI.3 WAS DELETED! sysnd32.exe [DETECTION] Is the Trojan horse TR/Agent.BI.3 WAS DELETED! zpmtm.dll [DETECTION] Is the Trojan horse TR/StartPa.DU.DLL.1 WAS DELETED! wnfenj.log [DETECTION] Is the Trojan horse TR/StartPa.DU.DLL.1 WAS DELETED! C:\WINDOWS\system32 appjy32.exe [DETECTION] Is the Trojan horse TR/Agent.BI.3 WAS DELETED! ntcz.exe [DETECTION] Is the Trojan horse TR/Agent.BI.3 WAS DELETED! d3uw32.exe [DETECTION] Is the Trojan horse TR/Agent.BI.3 WAS DELETED! apida32.exe [DETECTION] Is the Trojan horse TR/Agent.BI.3 WAS DELETED! javart32.exe [DETECTION] Is the Trojan horse TR/Agent.BI.3 WAS DELETED! winnq.exe [DETECTION] Is the Trojan horse TR/Agent.BI.3 WAS DELETED! winlz.exe [DETECTION] Is the Trojan horse TR/Agent.BI.3 WAS DELETED! mfcby.exe [DETECTION] Is the Trojan horse TR/Agent.BI.3 WAS DELETED! crlc32.exe [DETECTION] Is the Trojan horse TR/Agent.BI.3 WAS DELETED! d3tq.exe [DETECTION] Is the Trojan horse TR/Agent.BI.3 WAS DELETED! d3gw.exe [DETECTION] Is the Trojan horse TR/Agent.BI.3 WAS DELETED! appob32.exe [DETECTION] Is the Trojan horse TR/Agent.BI.3 WAS DELETED! nethy.exe [DETECTION] Is the Trojan horse TR/Agent.BI.3 WAS DELETED! javasp32.exe [DETECTION] Is the Trojan horse TR/Agent.BI.3 WAS DELETED! ieml.exe [DETECTION] Is the Trojan horse TR/Agent.BI.3 WAS DELETED! iptd.exe [DETECTION] Is the Trojan horse TR/Agent.BI.3 WAS DELETED! ipzr32.exe [DETECTION] Is the Trojan horse TR/Agent.BI.3 WAS DELETED! atlff32.exe [DETECTION] Is the Trojan horse TR/Agent.BI.3 WAS DELETED! ntpu32.exe [DETECTION] Is the Trojan horse TR/Agent.BI.3 WAS DELETED! atlmg32.exe [DETECTION] Is the Trojan horse TR/Agent.BI.3 WAS DELETED! javaei32.exe [DETECTION] Is the Trojan horse TR/Agent.BI.3 WAS DELETED! sysoh.exe [DETECTION] Is the Trojan horse TR/Agent.BI.3 WAS DELETED! addaq32.exe [DETECTION] Is the Trojan horse TR/Agent.BI.3 WAS DELETED! atluz32.exe [DETECTION] Is the Trojan horse TR/Agent.BI.3 WAS DELETED! msoy.exe [DETECTION] Is the Trojan horse TR/Agent.BI.3 WAS DELETED! syslw.exe [DETECTION] Is the Trojan horse TR/Agent.BI.3 WAS DELETED! C:\WINDOWS\system32\config system.LOG Access denied! Error during file opening! Error code: 0x000D WARNING! Access error/file locked! software.LOG Access denied! Error during file opening! Error code: 0x000D WARNING! Access error/file locked! default.LOG Access denied! Error during file opening! Error code: 0x000D WARNING! Access error/file locked! SAM.LOG Access denied! Error during file opening! Error code: 0x000D WARNING! Access error/file locked! SECURITY.LOG Access denied! Error during file opening! Error code: 0x000D WARNING! Access error/file locked! DEFAULT Access denied! Error during file opening! Error code: 0x000D WARNING! Access error/file locked! SECURITY Access denied! Error during file opening! Error code: 0x000D WARNING! Access error/file locked! SOFTWARE Access denied! Error during file opening! Error code: 0x000D WARNING! Access error/file locked! SYSTEM Access denied! Error during file opening! Error code: 0x000D WARNING! Access error/file locked! SAM Access denied! Error during file opening! Error code: 0x000D WARNING! Access error/file locked! C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery CoolWWWSearchAffWinshow.zip ArchiveType: ZIP NOTE! The whole archive is password protected CoolWWWSearchAffWinshow101.zip ArchiveType: ZIP NOTE! The whole archive is password protected CoolWWWSearchAffWinshow1.zip ArchiveType: ZIP NOTE! The whole archive is password protected CoolWWWSearchAffWinshow102.zip ArchiveType: ZIP NOTE! The whole archive is password protected CoolWWWSearchAffWinshow2.zip ArchiveType: ZIP NOTE! The whole archive is password protected TrekBlueErrorNuker10.zip ArchiveType: ZIP NOTE! The whole archive is password protected CoolWWWSearchAffWinshow3.zip ArchiveType: ZIP NOTE! The whole archive is password protected TrekBlueErrorNuker11.zip ArchiveType: ZIP NOTE! The whole archive is password protected CoolWWWSearchAffWinshow4.zip ArchiveType: ZIP NOTE! The whole archive is password protected TrekBlueErrorNuker12.zip ArchiveType: ZIP NOTE! The whole archive is password protected CoolWWWSearchAffWinshow5.zip ArchiveType: ZIP NOTE! The whole archive is password protected TrekBlueErrorNuker13.zip ArchiveType: ZIP NOTE! The whole archive is password protected CoolWWWSearchAffWinshow6.zip ArchiveType: ZIP NOTE! The whole archive is password protected TrekBlueErrorNuker14.zip ArchiveType: ZIP NOTE! The whole archive is password protected CoolWWWSearchAffWinshow7.zip ArchiveType: ZIP NOTE! The whole archive is password protected CoolWWWSearchAffWinshow103.zip ArchiveType: ZIP NOTE! The whole archive is password protected CoolWWWSearchAffWinshow8.zip ArchiveType: ZIP NOTE! The whole archive is password protected CoolWWWSearchAffWinshow104.zip ArchiveType: ZIP NOTE! The whole archive is password protected CoolWWWSearchAffWinshow9.zip ArchiveType: ZIP NOTE! The whole archive is password protected CoolWWWSearchAffWinshow105.zip ArchiveType: ZIP NOTE! The whole archive is password protected CoolWWWSearchAffWinshow10.zip ArchiveType: ZIP NOTE! The whole archive is password protected CoolWWWSearchAffWinshow106.zip ArchiveType: ZIP NOTE! The whole archive is password protected CoolWWWSearchAffWinshow11.zip ArchiveType: ZIP NOTE! The whole archive is password protected CoolWWWSearchAffWinshow107.zip ArchiveType: ZIP NOTE! The whole archive is password protected CoolWWWSearchAffWinshow12.zip ArchiveType: ZIP NOTE! The whole archive is password protected CoolWWWSearchAffWinshow108.zip ArchiveType: ZIP NOTE! The whole archive is password protected CoolWWWSearchAffWinshow13.zip ArchiveType: ZIP NOTE! The whole archive is password protected CoolWWWSearchAffWinshow109.zip ArchiveType: ZIP NOTE! The whole archive is password protected CoolWWWSearchAffWinshow14.zip ArchiveType: ZIP NOTE! The whole archive is password protected CoolWWWSearchAffWinshow110.zip ArchiveType: ZIP NOTE! The whole archive is password protected CoolWWWSearchAffWinshow15.zip ArchiveType: ZIP NOTE! The whole archive is password protected CoolWWWSearchAffWinshow111.zip ArchiveType: ZIP NOTE! The whole archive is password protected CoolWWWSearchAffWinshow16.zip ArchiveType: ZIP NOTE! The whole archive is password protected CoolWWWSearchAffWinshow112.zip ArchiveType: ZIP NOTE! The whole archive is password protected CoolWWWSearchAffWinshow17.zip ArchiveType: ZIP NOTE! The whole archive is password protected CoolWWWSearchAffWinshow113.zip ArchiveType: ZIP NOTE! The whole archive is password protected CoolWWWSearchAffWinshow18.zip ArchiveType: ZIP NOTE! The whole archive is password protected CoolWWWSearchAffWinshow114.zip ArchiveType: ZIP NOTE! The whole archive is password protected CoolWWWSearchAffWinshow19.zip ArchiveType: ZIP NOTE! The whole archive is password protected CoolWWWSearchAffWinshow115.zip ArchiveType: ZIP NOTE! The whole archive is password protected CoolWWWSearchAffWinshow20.zip ArchiveType: ZIP NOTE! The whole archive is password protected CoolWWWSearchAffWinshow116.zip ArchiveType: ZIP NOTE! The whole archive is password protected CoolWWWSearchAffWinshow21.zip ArchiveType: ZIP NOTE! The whole archive is password protected CoolWWWSearchAffWinshow117.zip ArchiveType: ZIP NOTE! The whole archive is password protected CoolWWWSearchAffWinshow22.zip ArchiveType: ZIP NOTE! The whole archive is password protected CoolWWWSearchAffWinshow118.zip ArchiveType: ZIP NOTE! The whole archive is password protected CoolWWWSearchAffWinshow23.zip ArchiveType: ZIP NOTE! The whole archive is password protected CoolWWWSearchAffWinshow119.zip ArchiveType: ZIP NOTE! The whole archive is password protected CoolWWWSearchAffWinshow24.zip ArchiveType: ZIP NOTE! The whole archive is password protected CoolWWWSearchAffWinshow120.zip ArchiveType: ZIP NOTE! The whole archive is password protected CoolWWWSearchAffWinshow25.zip ArchiveType: ZIP NOTE! The whole archive is password protected CoolWWWSearchAffWinshow121.zip ArchiveType: ZIP NOTE! The whole archive is password protected CoolWWWSearchAffWinshow26.zip ArchiveType: ZIP NOTE! The whole archive is password protected CoolWWWSearchAffWinshow122.zip ArchiveType: ZIP NOTE! The whole archive is password protected CoolWWWSearchAffWinshow27.zip ArchiveType: ZIP NOTE! The whole archive is password protected CoolWWWSearchAffWinshow123.zip ArchiveType: ZIP NOTE! The whole archive is password protected CoolWWWSearchAffWinshow28.zip ArchiveType: ZIP NOTE! The whole archive is password protected CoolWWWSearchAffWinshow124.zip ArchiveType: ZIP NOTE! The whole archive is password protected CoolWWWSearchAffWinshow29.zip ArchiveType: ZIP NOTE! The whole archive is password protected CoolWWWSearchAffWinshow125.zip ArchiveType: ZIP NOTE! The whole archive is password protected CoolWWWSearchAffWinshow30.zip ArchiveType: ZIP NOTE! The whole archive is password protected CoolWWWSearchAffWinshow126.zip ArchiveType: ZIP NOTE! The whole archive is password protected CoolWWWSearchAffWinshow31.zip ArchiveType: ZIP NOTE! The whole archive is password protected CoolWWWSearchAffWinshow127.zip ArchiveType: ZIP NOTE! The whole archive is password protected CoolWWWSearchAffWinshow32.zip ArchiveType: ZIP NOTE! The whole archive is password protected CoolWWWSearchAffWinshow128.zip ArchiveType: ZIP NOTE! The whole archive is password protected CoolWWWSearchAffWinshow33.zip ArchiveType: ZIP NOTE! The whole archive is password protected CoolWWWSearchAffWinshow129.zip ArchiveType: ZIP NOTE! The whole archive is password protected CoolWWWSearchAffWinshow130.zip ArchiveType: ZIP NOTE! The whole archive is password protected TrekBlueErrorNuker.zip ArchiveType: ZIP NOTE! The whole archive is password protected CoolWWWSearchAffWinshow131.zip ArchiveType: ZIP NOTE! The whole archive is password protected CoolWWWSearchAffWinshow132.zip ArchiveType: ZIP NOTE! The whole archive is password protected TrekBlueErrorNuker1.zip ArchiveType: ZIP NOTE! The whole archive is password protected CoolWWWSearchAffWinshow133.zip ArchiveType: ZIP NOTE! The whole archive is password protected CoolWWWSearchAffWinshow134.zip ArchiveType: ZIP NOTE! The whole archive is password protected TrekBlueErrorNuker2.zip ArchiveType: ZIP NOTE! The whole archive is password protected CoolWWWSearchAffWinshow135.zip ArchiveType: ZIP NOTE! The whole archive is password protected TrekBlueErrorNuker3.zip ArchiveType: ZIP NOTE! The whole archive is password protected TrekBlueErrorNuker15.zip ArchiveType: ZIP NOTE! The whole archive is password protected TrekBlueErrorNuker16.zip ArchiveType: ZIP NOTE! The whole archive is password protected TrekBlueErrorNuker4.zip ArchiveType: ZIP NOTE! The whole archive is password protected TrekBlueErrorNuker17.zip ArchiveType: ZIP NOTE! The whole archive is password protected CoolWWWSearchAffWinshow34.zip ArchiveType: ZIP NOTE! The whole archive is password protected TrekBlueErrorNuker18.zip ArchiveType: ZIP NOTE! The whole archive is password protected CoolWWWSearchAffWinshow35.zip ArchiveType: ZIP NOTE! The whole archive is password protected TrekBlueErrorNuker19.zip ArchiveType: ZIP NOTE! The whole archive is password protected CoolWWWSearchAffWinshow36.zip ArchiveType: ZIP NOTE! The whole archive is password protected CoolWWWSearchAffWinshow37.zip ArchiveType: ZIP NOTE! The whole archive is password protected CoolWWWSearchAffWinshow38.zip ArchiveType: ZIP NOTE! The whole archive is password protected CoolWWWSearchAffWinshow39.zip ArchiveType: ZIP NOTE! The whole archive is password protected CoolWWWSearchAffWinshow40.zip ArchiveType: ZIP NOTE! The whole archive is password protected CoolWWWSearchAffWinshow41.zip ArchiveType: ZIP NOTE! The whole archive is password protected CoolWWWSearchAffWinshow42.zip ArchiveType: ZIP NOTE! The whole archive is password protected CoolWWWSearchAffWinshow43.zip ArchiveType: ZIP NOTE! The whole archive is password protected CoolWWWSearchAffWinshow44.zip ArchiveType: ZIP NOTE! The whole archive is password protected CoolWWWSearchAffWinshow45.zip ArchiveType: ZIP NOTE! The whole archive is password protected CoolWWWSearchAffWinshow46.zip ArchiveType: ZIP NOTE! The whole archive is password protected CoolWWWSearchAffWinshow47.zip ArchiveType: ZIP NOTE! The whole archive is password protected CoolWWWSearchAffWinshow48.zip ArchiveType: ZIP NOTE! The whole archive is password protected CoolWWWSearchAffWinshow49.zip ArchiveType: ZIP NOTE! The whole archive is password protected CoolWWWSearchAffWinshow50.zip ArchiveType: ZIP NOTE! The whole archive is password protected CoolWWWSearchAffWinshow51.zip ArchiveType: ZIP NOTE! The whole archive is password protected CoolWWWSearchAffWinshow52.zip ArchiveType: ZIP NOTE! The whole archive is password protected CoolWWWSearchAffWinshow53.zip ArchiveType: ZIP NOTE! The whole archive is password protected CoolWWWSearchAffWinshow54.zip ArchiveType: ZIP NOTE! The whole archive is password protected CoolWWWSearchAffWinshow55.zip ArchiveType: ZIP NOTE! The whole archive is password protected CoolWWWSearchAffWinshow56.zip ArchiveType: ZIP NOTE! The whole archive is password protected CoolWWWSearchAffWinshow57.zip ArchiveType: ZIP NOTE! The whole archive is password protected CoolWWWSearchAffWinshow58.zip ArchiveType: ZIP NOTE! The whole archive is password protected CoolWWWSearchAffWinshow59.zip ArchiveType: ZIP NOTE! The whole archive is password protected CoolWWWSearchAffWinshow60.zip ArchiveType: ZIP NOTE! The whole archive is password protected CoolWWWSearchAffWinshow61.zip ArchiveType: ZIP NOTE! The whole archive is password protected CoolWWWSearchAffWinshow62.zip ArchiveType: ZIP NOTE! The whole archive is password protected CoolWWWSearchAffWinshow63.zip ArchiveType: ZIP NOTE! The whole archive is password protected CoolWWWSearchAffWinshow64.zip ArchiveType: ZIP NOTE! The whole archive is password protected CoolWWWSearchAffWinshow65.zip ArchiveType: ZIP NOTE! The whole archive is password protected CoolWWWSearchAffWinshow66.zip ArchiveType: ZIP NOTE! The whole archive is password protected CoolWWWSearchAffWinshow67.zip ArchiveType: ZIP NOTE! The whole archive is password protected TrekBlueErrorNuker5.zip ArchiveType: ZIP NOTE! The whole archive is password protected TrekBlueErrorNuker6.zip ArchiveType: ZIP NOTE! The whole archive is password protected TrekBlueErrorNuker7.zip ArchiveType: ZIP NOTE! The whole archive is password protected TrekBlueErrorNuker8.zip ArchiveType: ZIP NOTE! The whole archive is password protected TrekBlueErrorNuker9.zip ArchiveType: ZIP NOTE! The whole archive is password protected CoolWWWSearchAffWinshow68.zip ArchiveType: ZIP NOTE! The whole archive is password protected CoolWWWSearchAffWinshow69.zip ArchiveType: ZIP NOTE! The whole archive is password protected CoolWWWSearchAffWinshow70.zip ArchiveType: ZIP NOTE! The whole archive is password protected CoolWWWSearchAffWinshow71.zip ArchiveType: ZIP NOTE! The whole archive is password protected CoolWWWSearchAffWinshow72.zip ArchiveType: ZIP NOTE! The whole archive is password protected CoolWWWSearchAffWinshow73.zip ArchiveType: ZIP NOTE! The whole archive is password protected CoolWWWSearchAffWinshow74.zip ArchiveType: ZIP NOTE! The whole archive is password protected CoolWWWSearchAffWinshow75.zip ArchiveType: ZIP NOTE! The whole archive is password protected CoolWWWSearchAffWinshow76.zip ArchiveType: ZIP NOTE! The whole archive is password protected CoolWWWSearchAffWinshow77.zip ArchiveType: ZIP NOTE! The whole archive is password protected CoolWWWSearchAffWinshow78.zip ArchiveType: ZIP NOTE! The whole archive is password protected CoolWWWSearchAffWinshow79.zip ArchiveType: ZIP NOTE! The whole archive is password protected CoolWWWSearchAffWinshow80.zip ArchiveType: ZIP NOTE! The whole archive is password protected CoolWWWSearchAffWinshow81.zip ArchiveType: ZIP NOTE! The whole archive is password protected CoolWWWSearchAffWinshow82.zip ArchiveType: ZIP NOTE! The whole archive is password protected CoolWWWSearchAffWinshow83.zip ArchiveType: ZIP NOTE! The whole archive is password protected CoolWWWSearchAffWinshow84.zip ArchiveType: ZIP NOTE! The whole archive is password protected CoolWWWSearchAffWinshow85.zip ArchiveType: ZIP NOTE! The whole archive is password protected CoolWWWSearchAffWinshow86.zip ArchiveType: ZIP NOTE! The whole archive is password protected CoolWWWSearchAffWinshow87.zip ArchiveType: ZIP NOTE! The whole archive is password protected CoolWWWSearchAffWinshow88.zip ArchiveType: ZIP NOTE! The whole archive is password protected CoolWWWSearchAffWinshow89.zip ArchiveType: ZIP NOTE! The whole archive is password protected CoolWWWSearchAffWinshow90.zip ArchiveType: ZIP NOTE! The whole archive is password protected CoolWWWSearchAffWinshow91.zip ArchiveType: ZIP NOTE! The whole archive is password protected CoolWWWSearchAffWinshow92.zip ArchiveType: ZIP NOTE! The whole archive is password protected CoolWWWSearchAffWinshow93.zip ArchiveType: ZIP NOTE! The whole archive is password protected CoolWWWSearchAffWinshow94.zip ArchiveType: ZIP NOTE! The whole archive is password protected CoolWWWSearchAffWinshow95.zip ArchiveType: ZIP NOTE! The whole archive is password protected CoolWWWSearchAffWinshow96.zip ArchiveType: ZIP NOTE! The whole archive is password protected CoolWWWSearchAffWinshow97.zip ArchiveType: ZIP NOTE! The whole archive is password protected CoolWWWSearchAffWinshow98.zip ArchiveType: ZIP NOTE! The whole archive is password protected CoolWWWSearchAffWinshow99.zip ArchiveType: ZIP NOTE! The whole archive is password protected CoolWWWSearchAffWinshow100.zip ArchiveType: ZIP NOTE! The whole archive is password protected C:\Documents and Settings\NetworkService ntuser.dat.LOG Access denied! Error during file opening! Error code: 0x000D WARNING! Access error/file locked! NTUSER.DAT Access denied! Error during file opening! Error code: 0x000D WARNING! Access error/file locked! C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows UsrClass.dat.LOG Access denied! Error during file opening! Error code: 0x000D WARNING! Access error/file locked! UsrClass.dat Access denied! Error during file opening! Error code: 0x000D WARNING! Access error/file locked! C:\Documents and Settings\AA ntuser.dat.LOG Access denied! Error during file opening! Error code: 0x000D WARNING! Access error/file locked! ntuser.dat Access denied! Error during file opening! Error code: 0x000D WARNING! Access error/file locked! C:\Documents and Settings\AA\Local Settings\Application Data\Microsoft\Windows UsrClass.dat.LOG Access denied! Error during file opening! Error code: 0x000D WARNING! Access error/file locked! UsrClass.dat Access denied! Error during file opening! Error code: 0x000D WARNING! Access error/file locked! C:\Program Files\WinRAR rarnew.dat ArchiveType: RAR NOTE! The archive is created by multiple volumes C:\Program Files\eMule\Temp [Twis-rec.zip ArchiveType: ZIP NOTE! No files to extract. C:\System Volume Information\_restore{03C47B68-6C5E-4304-8F60-E58D92307C0E}\RP64 A0033138.exe [DETECTION] Is the Trojan horse TR/Agent.BI.3 WAS DELETED! A0033378.exe [DETECTION] Is the Trojan horse TR/Agent.BI.3 WAS DELETED! A0033379.exe [DETECTION] Is the Trojan horse TR/Agent.BI.3 WAS DELETED! A0033380.exe [DETECTION] Is the Trojan horse TR/Agent.BI.3 WAS DELETED! A0033381.exe [DETECTION] Is the Trojan horse TR/Agent.BI.3 WAS DELETED! A0033382.exe [DETECTION] Is the Trojan horse TR/Agent.BI.3 WAS DELETED! A0033383.exe [DETECTION] Is the Trojan horse TR/Agent.BI.3 WAS DELETED! A0033384.exe [DETECTION] Is the Trojan horse TR/Agent.BI.3 WAS DELETED! A0033385.exe [DETECTION] Is the Trojan horse TR/Agent.BI.3 WAS DELETED! A0033386.exe [DETECTION] Is the Trojan horse TR/Agent.BI.3 WAS DELETED! A0033387.exe [DETECTION] Is the Trojan horse TR/Agent.BI.3 WAS DELETED! A0033388.exe [DETECTION] Is the Trojan horse TR/Agent.BI.3 WAS DELETED! A0033389.exe [DETECTION] Is the Trojan horse TR/Agent.BI.3 WAS DELETED! A0033390.exe [DETECTION] Is the Trojan horse TR/Agent.BI.3 WAS DELETED! A0033391.exe [DETECTION] Is the Trojan horse TR/Agent.BI.3 WAS DELETED! A0033392.exe [DETECTION] Is the Trojan horse TR/Agent.BI.3 WAS DELETED! A0033393.exe [DETECTION] Is the Trojan horse TR/Agent.BI.3 WAS DELETED! A0033394.exe [DETECTION] Is the Trojan horse TR/Agent.BI.3 WAS DELETED! A0033395.exe [DETECTION] Is the Trojan horse TR/Agent.BI.3 WAS DELETED! A0033396.exe [DETECTION] Is the Trojan horse TR/Agent.BI.3 WAS DELETED! A0033397.exe [DETECTION] Is the Trojan horse TR/Agent.BI.3 WAS DELETED! A0033398.dll [DETECTION] Is the Trojan horse TR/StartPa.DU.DLL.1 WAS DELETED! A0033399.exe [DETECTION] Is the Trojan horse TR/Agent.BI.3 WAS DELETED! A0033400.exe [DETECTION] Is the Trojan horse TR/Agent.BI.3 WAS DELETED! A0033401.exe [DETECTION] Is the Trojan horse TR/Agent.BI.3 WAS DELETED! A0033402.exe [DETECTION] Is the Trojan horse TR/Agent.BI.3 WAS DELETED! A0033403.exe [DETECTION] Is the Trojan horse TR/Agent.BI.3 WAS DELETED! A0033404.exe [DETECTION] Is the Trojan horse TR/Agent.BI.3 WAS DELETED! A0033405.exe [DETECTION] Is the Trojan horse TR/Agent.BI.3 WAS DELETED! A0033406.exe [DETECTION] Is the Trojan horse TR/Agent.BI.3 WAS DELETED! A0033407.exe [DETECTION] Is the Trojan horse TR/Agent.BI.3 WAS DELETED! A0033408.exe [DETECTION] Is the Trojan horse TR/Agent.BI.3 WAS DELETED! A0033409.exe [DETECTION] Is the Trojan horse TR/Agent.BI.3 WAS DELETED! A0033410.exe [DETECTION] Is the Trojan horse TR/Agent.BI.3 WAS DELETED! A0033411.exe [DETECTION] Is the Trojan horse TR/Agent.BI.3 WAS DELETED! A0033412.exe [DETECTION] Is the Trojan horse TR/Agent.BI.3 WAS DELETED! A0033413.exe [DETECTION] Is the Trojan horse TR/Agent.BI.3 WAS DELETED! A0033414.exe [DETECTION] Is the Trojan horse TR/Agent.BI.3 WAS DELETED! A0033415.exe [DETECTION] Is the Trojan horse TR/Agent.BI.3 WAS DELETED! A0033416.exe [DETECTION] Is the Trojan horse TR/Agent.BI.3 WAS DELETED! A0033417.exe [DETECTION] Is the Trojan horse TR/Agent.BI.3 WAS DELETED! A0033418.exe [DETECTION] Is the Trojan horse TR/Agent.BI.3 WAS DELETED! A0033419.exe [DETECTION] Is the Trojan horse TR/Agent.BI.3 WAS DELETED! A0033420.exe [DETECTION] Is the Trojan horse TR/Agent.BI.3 WAS DELETED! A0033421.exe [DETECTION] Is the Trojan horse TR/Agent.BI.3 WAS DELETED! A0033422.exe [DETECTION] Is the Trojan horse TR/Agent.BI.3 WAS DELETED! A0033423.exe [DETECTION] Is the Trojan horse TR/Agent.BI.3 WAS DELETED! A0033424.exe [DETECTION] Is the Trojan horse TR/Agent.BI.3 WAS DELETED! End of scan: dimanche 10 juillet 2005 19:04 Time taken: 34:54 min 3904 directories were scanned 213926 files were scanned 19 warning messages were issued 97 files were deleted 0 files were repaired 97 detections voilà je ne sais pas quoi rajouter de plus car la bête est tjrs là a+

bonsoir stonangel, bonsoir à tous, je ne suis tjrs pas chez moi mais j'ai oublié d'indiquer un détail dont je ne connais pas l'importance. De tps en tps il apparait ds la barre des taches une icone qui m'invite à installer un programme antiviral ???? je ne l'ai pas éxécuter et il me semble que ce programme est lié à l'invite figurant sur mon bureau. Voilà dès demain je vais éxécuter ta manip. Encore merci à bientôt

re bonsoir stonangel, je ne suis pas actuellement chez moi et je n'ai pas pu faire la manip que tu m'as indiqué. Je la ferais des que je rentre demain ou dimanche au plus tard; je te tiens au courant ds ts les cas. Merci pour ton aide et merci à tous

je suis allé ds la br et network security service n'y est pas

voila le log de silent runners il est long.... Silent Runners.vbs", revision 39, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "(Default)" = (empty string) "IntelWireless" = "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless" ["Intel Corporation"] "EOUApp" = "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" ["Intel Corporation"] "AVGCtrl" = "C:\Program Files\AVPersonal\AVGNT.EXE /min" ["H+BEDV Datentechnik GmbH"] "netpr32.exe" = "C:\WINDOWS\system32\netpr32.exe" [null data] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ {++} "ieat.exe" = "C:\WINDOWS\system32\ieat.exe" [null data] "apifj32.exe" = "C:\WINDOWS\system32\apifj32.exe" [null data] "mfcbl32.exe" = "C:\WINDOWS\system32\mfcbl32.exe" [null data] "iegn.exe" = "C:\WINDOWS\iegn.exe" [null data] "appkr32.exe" = "C:\WINDOWS\appkr32.exe" [null data] "mspl.exe" = "C:\WINDOWS\system32\mspl.exe" [null data] "javafb.exe" = "C:\WINDOWS\system32\javafb.exe" [null data] "apisv32.exe" = "C:\WINDOWS\system32\apisv32.exe" [null data] "mssd32.exe" = "C:\WINDOWS\mssd32.exe" [null data] "ntxx.exe" = "C:\WINDOWS\system32\ntxx.exe" [null data] "mfcbj.exe" = "C:\WINDOWS\mfcbj.exe" [null data] "sysgd32.exe" = "C:\WINDOWS\sysgd32.exe" [null data] "applh.exe" = "C:\WINDOWS\applh.exe" [null data] "winui32.exe" = "C:\WINDOWS\winui32.exe" [null data] "winif.exe" = "C:\WINDOWS\winif.exe" [null data] "addob.exe" = "C:\WINDOWS\addob.exe" [null data] "sysjf32.exe" = "C:\WINDOWS\sysjf32.exe" [null data] "iefu32.exe" = "C:\WINDOWS\system32\iefu32.exe" [null data] "javauy.exe" = "C:\WINDOWS\system32\javauy.exe" [null data] "addoj.exe" = "C:\WINDOWS\addoj.exe" [null data] "sdkjs32.exe" = "C:\WINDOWS\sdkjs32.exe" [null data] "appqa.exe" = "C:\WINDOWS\system32\appqa.exe" [null data] "iemm.exe" = "C:\WINDOWS\iemm.exe" [null data] "mfckc32.exe" = "C:\WINDOWS\mfckc32.exe" [null data] "ipaj32.exe" = "C:\WINDOWS\ipaj32.exe" [null data] "apivn.exe" = "C:\WINDOWS\apivn.exe" [null data] "winuc32.exe" = "C:\WINDOWS\winuc32.exe" [null data] "d3ss32.exe" = "C:\WINDOWS\system32\d3ss32.exe" [null data] "mssa.exe" = "C:\WINDOWS\system32\mssa.exe" [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx" [empty string] {28F322DD-9910-4EFE-1C53-52037148150A}\(Default) = "Class" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\atlgu32.dll" [null data] {AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = "Google Toolbar Helper" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration" -> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."] "{2F603045-309F-11CF-9774-0020AFD0CFF6}" = "Synaptics Control Panel" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Synaptics\SynTP\SynTPCpl.dll" ["Synaptics, Inc."] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office\OLKFSTUB.DLL" [MS] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] "{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS] "{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS] "{6B19FEC2-A45B-11CF-9045-00A0C9039735}" = "Registered ActiveX Controls" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Visual Studio\Common\MSDev98\Bin\IDE\DEVXPGL.DLL" [MS] "{D545EBD1-BD92-11CF-8772-00A0C9039735}" = "Developer Studio Components" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Visual Studio\Common\MSDev98\Bin\IDE\DEVXPGL.DLL" [MS] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ INFECTION WARNING! AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."] INFECTION WARNING! IntelWireless\DLLName = "C:\Program Files\Intel\Wireless\Bin\LgNotify.dll" ["Intel Corporation"] HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ AntiVir/Win\(Default) = "{a7cda720-84ee-11d0-b5c0-00001b3ca278}" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\AVPersonal\AVShlExt.DLL" ["H+BEDV Datentechnik GmbH"] AVP\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\AntiViral Toolkit Pro\avpshlex.dll" [null data] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ AntiVir/Win\(Default) = "{a7cda720-84ee-11d0-b5c0-00001b3ca278}" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\AVPersonal\AVShlExt.DLL" ["H+BEDV Datentechnik GmbH"] AVP\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\AntiViral Toolkit Pro\avpshlex.dll" [null data] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] Active Desktop and Wallpaper: ----------------------------- Active Desktop is disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ "SCRNSAVE.EXE" = "C:\WINDOWS\system32\logon.scr" [MS] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 04, 07 - 18 %SystemRoot%\system32\rsvpsp.dll [MS], 05 - 06 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."] "{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" = "MSN" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll" [MS] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ "{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" = "0" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll" [MS] "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ "MenuText" = "Console Java (Sun)" "CLSIDExtension" = "{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBC}" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll" ["Sun Microsystems, Inc."] {FB5F1910-F110-11D2-BB9E-00C04F795683}\ "ButtonText" = "Messenger" "MenuText" = "Windows Messenger" "Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS] Miscellaneous IE Hijack Points ------------------------------ C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings") Added lines (compared with English-language version): [strings]: START_PAGE_URL=http://www.asus.com [strings]: SAFESITE_VALUE="http://home.microsoft.com/intl/fr/" Missing lines (compared with English-language version): [strings]: 2 lines Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ INFECTION WARNING! The running services cannot be counted. Presence of a spyware service is suspected. The script has been forced to exit. ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 7 seconds. + The search for all Registry CLSIDs containing dormant Explorer Bars took 7 seconds. ---------- (total run time: 26 seconds)

re, le service n'apparait plus dans les services.msc alors que je n'ai fait que le desactiver. est ce normal ? Qd à mon fds d'écran j'ai fait les modifs comme tu m'as dit mais le fds d'ecran choisi n'apparait pas ttefois l'ecran n'est plus noir mais bleu et l'incitation à utiliser l'antivirus source de mes problemes, je pense, n'apparait plus sur le bureau mais il doit etre caché. je vais donc faire la manip que tu me dis il faut noter que ds hj j'ai fait un scan et que les 04 sont revenus à+

bonsoir stonangel, bonsoir à tous, et la bete est tjrs là. Qd je suis en mode sans echec et ds easycleaner je n'arrive pas à supprimer 5 fichiers qui sont : c:\documents and settings\AA\local settings\historique\history.IE5 c:\documents and settings\AA\local settings\temporary internet files\contents.IE5 c:\documents and settings\AA\local settings\historique\history.IE5\index.dat c:\documents and settings\AA\local settings\temp\perflib_perfdata_4C4.dat c:\documents and settings\AA\local settings\temprary internet files\content.IE5_index.dat voici mon scan hj trs en mode sans echec ogfile of HijackThis v1.99.1 Scan saved at 17:53:18, on 08/07/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [intelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll O23 - Service: Network Security Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\ieat.exe O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe il est à noter que j'ai effectue ltte la procedure que j'ai utilise aussi bien killbox, que A.B je suis quelque peu inquiet j'espere sur ton aide merci à+

bonjour stonangel, j'ai telecharge killbox mais je ne sais pas comment il fonctionne car ce ver continue de m'infester et il est tjrs present sur le bureau. Tu penses que l'on peut le delete. je vais refaire une nelle fois tte la manip mais j'aimerai que tu me dises qd doit on utiliser killbox. Ce ver m'introduit des trojans chque fois que je me connecte sur ie. Heureusement que j'ai installe antivir car kaspersky ne fonctionne pas des masses apparemment. Merci à tous pour votre aide j'espere que l'on va aboutir je suis tenace à+

re, je viens de constater que des que je me connecte à internet antivir intervient pour bolquer des trojans. J' en ai notè un : c:\windows\ECACR.DLL is the trojan horse TR/start pa.Du.DLL.1 Je pense que le message se trouvant sur mon bureau est un trojan ou une application m'infestant de trojan que faire ? à + et merci pour votre prècieuse aide

re bonsoir, je pense avoir fait la procedure comme il se doit mais le message est tjrs present sur le bureau et le fds d'ecran est tjrs noir. Comment puis je retablir ma situation. voici mon nouveao log hj gfile of HijackThis v1.99.1 Scan saved at 00:19:55, on 08/07/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AVPersonal\AVGUARD.EXE C:\Program Files\AVPersonal\AVWUPSRV.EXE C:\WINDOWS\system32\dllhost.exe C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe C:\Program Files\AVPersonal\AVGNT.EXE C:\Program Files\AntiViral Toolkit Pro\avpm.exe C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\AA\Bureau\SpSeHjfix112.exe C:\Program Files\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Class - {07DD92D4-CC5A-5DAA-B7C4-DEC0B6D55959} - C:\WINDOWS\atlzt.dll O2 - BHO: Class - {07F54D26-6DD1-1746-CC42-EC74F8DBE04C} - C:\WINDOWS\system32\iefn32.dll O2 - BHO: Class - {2005B9B5-C183-DBA7-D764-F4CD01F0DAA3} - C:\WINDOWS\sdkmq32.dll O2 - BHO: Class - {7B79D3C0-5BA6-4760-51E7-D201FEA013C7} - C:\WINDOWS\system32\javacu32.dll O2 - BHO: Class - {8CBAAF48-7FE8-39B9-CD03-FE0CF7DEE5BB} - C:\WINDOWS\system32\iehw32.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Class - {D30FD21A-58EE-A738-E2D6-65F036BF9ACB} - C:\WINDOWS\system32\sdkkp.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [intelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min O4 - Global Startup: AVP Monitor.lnk = C:\Program Files\AntiViral Toolkit Pro\avpm.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\ieat.exe" /s (file missing) O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe merci pour votre aide

bonsoir à tous, j'ai eefectue la procedure indique point par point. Cependant qd je redemarre un mode normal le fs d'ecran noir reapparait avec l'incitation à utiliser l'antiviral proposé en grand âu centre de mon bureau ( voir la teneur du message sur envoi precedent). J'ai fait un scan hj dont je vous soumets le log gfile of HijackThis v1.99.1 Scan saved at 21:25:10, on 07/07/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AVPersonal\AVGUARD.EXE C:\Program Files\AVPersonal\AVWUPSRV.EXE C:\WINDOWS\system32\dllhost.exe C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe C:\WINDOWS\system32\ipus32.exe C:\Program Files\AVPersonal\AVGNT.EXE C:\Program Files\AntiViral Toolkit Pro\avpm.exe C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\xugdu.dll/sp.html#37049 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\xugdu.dll/sp.html#37049 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\xugdu.dll/sp.html#37049 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\xugdu.dll/sp.html#37049 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\xugdu.dll/sp.html#37049 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\xugdu.dll/sp.html#37049 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - Default URLSearchHook is missing O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Class - {4F9A4F6D-CA0E-3F49-D4C7-79FE3EB7E433} - C:\WINDOWS\appar32.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [intelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe O4 - HKLM\..\Run: [ipus32.exe] C:\WINDOWS\system32\ipus32.exe O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min O4 - HKLM\..\RunOnce: [ieat.exe] C:\WINDOWS\system32\ieat.exe O4 - HKLM\..\RunOnce: [netjn32.exe] C:\WINDOWS\netjn32.exe O4 - HKLM\..\RunOnce: [syswj32.exe] C:\WINDOWS\system32\syswj32.exe O4 - HKLM\..\RunOnce: [mfcpg32.exe] C:\WINDOWS\mfcpg32.exe O4 - HKLM\..\RunOnce: [iejv.exe] C:\WINDOWS\system32\iejv.exe O4 - HKLM\..\RunOnce: [sdkox32.exe] C:\WINDOWS\sdkox32.exe O4 - HKLM\..\RunOnce: [appro32.exe] C:\WINDOWS\appro32.exe O4 - HKLM\..\RunOnce: [appjy32.exe] C:\WINDOWS\system32\appjy32.exe O4 - HKLM\..\RunOnce: [winnq.exe] C:\WINDOWS\system32\winnq.exe O4 - HKLM\..\RunOnce: [winlz.exe] C:\WINDOWS\system32\winlz.exe O4 - HKLM\..\RunOnce: [winyn32.exe] C:\WINDOWS\system32\winyn32.exe O4 - HKLM\..\RunOnce: [winfk32.exe] C:\WINDOWS\winfk32.exe O4 - HKLM\..\RunOnce: [ntdr32.exe] C:\WINDOWS\ntdr32.exe O4 - HKLM\..\RunOnce: [mshj32.exe] C:\WINDOWS\mshj32.exe O4 - HKLM\..\RunOnce: [sdkfr32.exe] C:\WINDOWS\system32\sdkfr32.exe O4 - HKLM\..\RunOnce: [javafh.exe] C:\WINDOWS\system32\javafh.exe O4 - HKLM\..\RunOnce: [sdkoh.exe] C:\WINDOWS\sdkoh.exe O4 - HKLM\..\RunOnce: [iedw32.exe] C:\WINDOWS\system32\iedw32.exe O4 - HKLM\..\RunOnce: [appte32.exe] C:\WINDOWS\system32\appte32.exe O4 - HKLM\..\RunOnce: [winpp.exe] C:\WINDOWS\winpp.exe O4 - HKLM\..\RunOnce: [javaof32.exe] C:\WINDOWS\javaof32.exe O4 - HKLM\..\RunOnce: [netmm32.exe] C:\WINDOWS\system32\netmm32.exe O4 - HKLM\..\RunOnce: [ipmc.exe] C:\WINDOWS\ipmc.exe O4 - HKLM\..\RunOnce: [netud.exe] C:\WINDOWS\system32\netud.exe O4 - HKLM\..\RunOnce: [d3gw.exe] C:\WINDOWS\system32\d3gw.exe O4 - Global Startup: AVP Monitor.lnk = C:\Program Files\AntiViral Toolkit Pro\avpm.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\ieat.exe" /s (file missing) O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe Mais j'ai l'impression qu'a chque fois que je desinfecte et que je redemarre en mode normal les virus se reinstallent car il faudrait que j'arrive à supprimer cet incitation à utiliser cet antivirus dont je ne sais d'ou il vient. De tps en tps il se connecte sur internet et antivir reagit en me signalant une alerte. AIDEZ MOI A SUPPRIMER CETTE SALOPERIE Merci d'avance

re bonjour, j'ai effectue le scan avec antivir et demarré en mode sans echec. Cependant, figure tjrs sur mon bureau en grand les elements suivants WARNING! YOU'RE IN DANGER Secure yourself right now! Remove all spyware from your pc! Removal instruction Par ailleurs mon fds d'ecran a changé et il apparait en noir. Merci de m'aider

bonjour, depuis quelques instants mon portable affiche que mon pc ets infecte et un antivirus s'est installé automatiquement alors que je ne l'ai pas demande il s'agit d'antiviral gold et je n'aarive pas à le supprimer. Par ailleurs je constate sur le log de hijathis un accroissemnt des processus ouvez vous me dire les processus que je peux fixer avant que mpn portable plante completement. voici le log Logfile of HijackThis v1.99.1 Scan saved at 09:40:50, on 07/07/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe C:\Program Files\AntiViral Toolkit Pro\avpm.exe C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\msnappau.exe C:\WINDOWS\netck.exe C:\DOCUME~1\AA\LOCALS~1\Temp\cjck.exe C:\Documents and Settings\AA\Bureau\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\adetc.dll/sp.html#83556 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\adetc.dll/sp.html#83556 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\adetc.dll/sp.html#83556 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\adetc.dll/sp.html#83556 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\adetc.dll/sp.html#83556 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\adetc.dll/sp.html#83556 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - Default URLSearchHook is missing O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Class - {4F9A4F6D-CA0E-3F49-D4C7-79FE3EB7E433} - C:\WINDOWS\appar32.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [intelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe O4 - HKLM\..\Run: [netck.exe] C:\WINDOWS\netck.exe O4 - HKLM\..\Run: [NAVNet] "C:\DOCUME~1\AA\LOCALS~1\Temp\7.tmp" /m O4 - HKLM\..\RunOnce: [crzz32.exe] C:\WINDOWS\crzz32.exe O4 - HKLM\..\RunOnce: [addzk.exe] C:\WINDOWS\addzk.exe O4 - HKLM\..\RunOnce: [ntef32.exe] C:\WINDOWS\system32\ntef32.exe O4 - HKLM\..\RunOnce: [crdm32.exe] C:\WINDOWS\crdm32.exe O4 - HKLM\..\RunOnce: [apihf.exe] C:\WINDOWS\apihf.exe O4 - HKLM\..\RunOnce: [ipgl32.exe] C:\WINDOWS\system32\ipgl32.exe O4 - HKLM\..\RunOnce: [d3yj.exe] C:\WINDOWS\d3yj.exe O4 - HKLM\..\RunOnce: [javaoe.exe] C:\WINDOWS\javaoe.exe O4 - HKLM\..\RunOnce: [syssg.exe] C:\WINDOWS\syssg.exe O4 - HKLM\..\RunOnce: [crtx32.exe] C:\WINDOWS\crtx32.exe O4 - HKCU\..\Run: [intel system tool] C:\WINDOWS\system32\hookdump.exe O4 - Global Startup: AVP Monitor.lnk = C:\Program Files\AntiViral Toolkit Pro\avpm.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll O23 - Service: Network Security Service (NSS) ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\crzz32.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe merci d'avance

bonjour, depuis quelques instants mon portable affiche que mon pc ets infecte et un antivirus s'est installé automatiquement alors que je ne l'ai pas demande il s'agit d'antiviral gold et je n'aarive pas à le supprimer. Par ailleurs je constate sur le log de hijathis un accroissemnt des processus ouvez vous me dire les processus que je peux fixer avant que mpn portable plante completement. merci d'avance

bonjour à tous, merci pour vos réponses j'ai carrément désactiver le menu ds la BDR. Est ce une bonne solution merci encore pour votre aide qui est précieuse

bonjour à tous, mon pc vient d'afficher le fameux écran bleu. Je suis allé ds le journal des évènements pour savoir le type d'erreur et voila la teneur de ce message : "erreur source: disk catégorie: aucun évènement : 11 utilisateur : N/A ordinateur : packard" je ne sais pas si celà est suffisant pour apprécier la nature de l'erreur et la solutionner. merci pour vos réponses

bonjour à tous, je voudrais savoir s'il est possible de supprimer "documents" ds le menu démarrer. Attention, je dis bien documents et pas le fichier "mes documents". document retranscrit ts les fichiers que l'on a ouvert or je n'en vois pas trop l'interet. merci pour touts vos réponses

bonsoir à tous, est il possible de savoir au travers le systeme d'exploitation le nombre de disques durs physiques contenus par l'ordinateur sachant que l'os n'affiche qu'un seul disque virtuel ( ex : c ) Je ne sais pas si je suis assez explicite mais il s'agit de la technologie raid dont le but est de raasembler plusieurs DD en une seule unité logique. merci pour vos réponses

bonsoir, merci à tous pour vos reponses. J'ai supprimé ts les fichiers de ce dossier et mon pc fonctionne encore ..... à bientot

bonjour à tous, j'ai lu ds la base de connaissances que pour entretenir notre pc il etait necessaire de "vider" le dossier prefetch. Ds ce dossier il apparait plusieurs fichiers notamment LSASS.EXE, LOGON.SCR,SVCHOST.EXE ect.... Faut il supprimer ts ces fichiers alors meme qu'ils sont indispensables au fonctionnement de l'ordinateur ? Peut on m'expliquer l'utilité du dossier Prefetch ? Merci à tous

re, est il possible de trouver des liens qui puissent m'eclairer pleinement sur tor et privoxy merci

bonsoir Antoniolav, bonsoir à tous, merci pr ta réponse. Je pensais en fait que qd je passais par un proxy ma requete allait tt d'abord vers le server du fai puis vers le proxy mais tu m'as éclairé puisque tu me dis que ma requete va vers le proxy puis du proxy vers le fai. Je vais essayer les outils que tu m'as indiqué merci beaucoup

pardon j'ai oublié une question, est ce que 1 seul pirate peut il à lui tt seul corrompre plusieurs milliers d'ordinateurs et ainsi constituer un botnet ? si oui comment le pirate synchronise t'il toutes ces machines ? merci