jamm

MERCI BEAUCOUP jam

Bonjour Charles, Voici le rapport ewido,Dois-je réactiver le restauration système ? --------------------------------------------------------- ewido security suite - Rapport de scan --------------------------------------------------------- + Créé le: 10:49:37, 16/09/2005 + Somme de contrôle: C2FB69D3 + Résultats du scan: C:\Documents and Settings\jam\Cookies\jam@atdmt[1].txt -> Spyware.Cookie.Atdmt : Nettoyer et sauvegarder C:\Documents and Settings\jam\Cookies\jam@bluestreak[2].txt -> Spyware.Cookie.Bluestreak : Nettoyer et sauvegarder C:\Documents and Settings\jam\Cookies\jam@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Nettoyer et sauvegarder C:\Documents and Settings\jam\Cookies\[email protected][1].txt -> Spyware.Cookie.Smartadserver : Nettoyer et sauvegarder ::Fin du rapport Pour info,alerte ANTIVIR de ce matin :\SYSTEM VOLUON\_RESTORE{BD314CB8-28CA-481F-A551-6E8D718BD284}\RP4\A0000108.SYS.VIR File has been deleted!

Salut Charles, C'est ok pour le son.j'attends tes directives pour désinfescter définitivement mon pc à plus tard... jam

Bonsoir Charles, Je veux que je n'est plus du tout de son audio et j'ai en plus un message après le démarage"YAMAHA AC-XG WDM Device' peut mettre Windows dans un état instable.Windows a interdit le chargement de ces pilotes" jam

Voici,le rapport a². je ne suis pas sure que la mise à jour de Antivir soit OK,et je n'est plus AUDIO depuis que j'ai installé SP2 a² Report Nom du fichier Diagnostic C:\Documents and Settings\jam\Cookies\jam@2o7[1].txt Trace.TrackingCookie C:\Documents and Settings\jam\Cookies\jam@adtech[2].txt Trace.TrackingCookie C:\Documents and Settings\jam\Cookies\jam@atdmt[2].txt Trace.TrackingCookie C:\Documents and Settings\jam\Cookies\jam@bluestreak[1].txt Trace.TrackingCookie C:\Documents and Settings\jam\Cookies\jam@doubleclick[1].txt Trace.TrackingCookie C:\Documents and Settings\jam\Cookies\jam@mediaplex[1].txt Trace.TrackingCookie C:\Documents and Settings\jam\Cookies\jam@serving-sys[1].txt Trace.TrackingCookie C:\Documents and Settings\jam\Cookies\jam@valueclick[1].txt Trace.TrackingCookie C:\Documents and Settings\jam\Cookies\jam@weborama[1].txt Trace.TrackingCookie

salut Charles, voici déjà le rapport Antivir. je t'envoie le rapport A2 après son installation et le scan. a plus tard jamm 13/09/2005,08:28:18 WARNING: Is the Trojan horse TR/RKit.Agent.AE! C:\SYSTEM VOLUME INFORMATION\_RESTORE{BD314CB8-28CA-481F-A551-6E8D718BD284}\RP4\A0000108.SYS.VIR File has been deleted! 13/09/2005,08:36:45 [iNFO] Stop Filter Device. 13/09/2005,08:36:46 AVGuard service has been stopped! 13/09/2005,08:37:31 --------------------------------------------------------- 13/09/2005,08:37:31 [iNIT] The AVGuard Service is starting. 13/09/2005,08:37:32 [iNIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version! 13/09/2005,08:37:48 [LOGON] Connection request by remote computer. Establishing secure communication channel. 13/09/2005,08:37:48 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaa1d3f. 13/09/2005,08:37:56 [iNFO] Start Filter Device. 13/09/2005,08:37:56 AntiVirService Version: 6.31.00.01 AVE Version 6.31.1.0 VDF Version: 6.31.1.237 13/09/2005,08:37:57 AVGuard has been started successfully! 13/09/2005,09:19:50 [iNFO] Stop Filter Device. 13/09/2005,09:19:58 AVGuard service has been stopped! 13/09/2005,09:20:42 --------------------------------------------------------- 13/09/2005,09:20:42 [iNIT] The AVGuard Service is starting. 13/09/2005,09:20:43 [iNIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version! 13/09/2005,09:20:51 [iNFO] Start Filter Device. 13/09/2005,09:20:51 AntiVirService Version: 6.31.00.01 AVE Version 6.31.1.0 VDF Version: 6.31.1.237 13/09/2005,09:20:51 AVGuard has been started successfully! 13/09/2005,09:22:25 [LOGON] Connection request by remote computer. Establishing secure communication channel. 13/09/2005,09:22:25 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaa8a15e. 13/09/2005,09:49:10 [iNFO] Stop Filter Device. 13/09/2005,09:49:12 AVGuard service has been stopped! 13/09/2005,18:12:18 --------------------------------------------------------- 13/09/2005,18:12:18 [iNIT] The AVGuard Service is starting. 13/09/2005,18:12:19 [iNIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version! 13/09/2005,18:12:26 [iNFO] Start Filter Device. 13/09/2005,18:12:26 AntiVirService Version: 6.31.00.01 AVE Version 6.31.1.0 VDF Version: 6.31.1.237 13/09/2005,18:12:26 AVGuard has been started successfully! 13/09/2005,18:12:45 [LOGON] Connection request by remote computer. Establishing secure communication channel. 13/09/2005,18:12:45 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaa4074. 13/09/2005,18:14:43 [iNFO] Stop Filter Device. 13/09/2005,18:14:48 [iNFO] Start Filter Device. 13/09/2005,18:19:27 [iNFO] Stop Filter Device. 13/09/2005,18:19:28 AVGuard service has been stopped! 13/09/2005,18:19:30 --------------------------------------------------------- 13/09/2005,18:19:30 [iNIT] The AVGuard Service is starting. 13/09/2005,18:19:31 [iNIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version! 13/09/2005,18:19:31 [LOGON] Connection request by remote computer. Establishing secure communication channel. 13/09/2005,18:19:31 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaadb4c6. 13/09/2005,18:19:32 [iNFO] Start Filter Device. 13/09/2005,18:19:32 AntiVirService Version: 6.31.00.01 AVE Version 6.32.0.3 VDF Version: 6.32.0.9 13/09/2005,18:19:32 AVGuard has been started successfully! 13/09/2005,18:20:23 [iNFO] Stop Filter Device. 13/09/2005,18:20:23 AVGuard service has been stopped! 13/09/2005,18:47:06 --------------------------------------------------------- 13/09/2005,18:47:06 [iNIT] The AVGuard Service is starting. 13/09/2005,18:47:07 [iNIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version! 13/09/2005,18:47:42 [iNFO] Start Filter Device. 13/09/2005,18:47:42 AntiVirService Version: 6.32.00.06 AVE Version 6.32.0.3 VDF Version: 6.32.0.9 13/09/2005,18:47:42 AVGuard has been started successfully! 13/09/2005,18:47:49 [LOGON] Connection request by remote computer. Establishing secure communication channel. 13/09/2005,18:47:49 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaa8bade2. 13/09/2005,19:25:32 [iNFO] Stop Filter Device. 13/09/2005,19:26:36 --------------------------------------------------------- 13/09/2005,19:26:36 [iNIT] The AVGuard Service is starting. 13/09/2005,19:26:38 [iNIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version! 13/09/2005,19:26:44 [iNFO] Start Filter Device. 13/09/2005,19:26:44 AntiVirService Version: 6.32.00.06 AVE Version 6.32.0.3 VDF Version: 6.32.0.9 13/09/2005,19:26:44 AVGuard has been started successfully! 13/09/2005,19:36:39 [LOGON] Connection request by remote computer. Establishing secure communication channel. 13/09/2005,19:36:39 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaa3632e. 13/09/2005,19:59:54 WARNING: Contains signature of the worm WORM/IRCBot.64000.D! C:\SYSTEM VOLUME INFORMATION\_RESTORE{BD314CB8-28CA-481F-A551-6E8D718BD284}\RP4\A0000120.EXE 13/09/2005,21:35:36 WARNING: Contains signature of the worm WORM/IRCBot.64000.D! C:\SYSTEM VOLUME INFORMATION\_RESTORE{BD314CB8-28CA-481F-A551-6E8D718BD284}\RP4\A0000120.EXE

Bonjour Charles, Mauvaise nouvelle,Antivir vient de détecter le même trojan.Il est toujours présent.Que dois-faire svp ? merci d'avance

voici mon nouveau log hijackthis Logfile of HijackThis v1.99.1 Scan saved at 21:52:52, on 12/09/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AVPersonal\AVGUARD.EXE C:\Program Files\AVPersonal\AVWUPSRV.EXE C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Apoint\Apoint.exe C:\WINDOWS\system32\ICO.EXE C:\Program Files\Sony\10Key Utility\va10key.exe C:\Program Files\Sony\Jog Dial Navigator\JogServ2.exe C:\WINDOWS\System32\ezSP_PxEngine.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\AVPersonal\AVGNT.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\DOCUME~1\jam\LOCALS~1\Temp\Répertoire temporaire 2 pour hijackthis.zip\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.sony-europe.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE O4 - HKLM\..\Run: [va10key] C:\Program Files\Sony\10Key Utility\va10key.exe O4 - HKLM\..\Run: [JOGSERV2.EXE] C:\Program Files\Sony\Jog Dial Navigator\JogServ2.exe O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_PxEngine.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com O15 - Trusted Zone: *.Sony-europe.com O15 - Trusted Zone: *.Sonystyle-europe.com O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1126548381702 O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE O23 - Service: Application Control Software (ApplicationGroup) - Unknown owner - C:\WINDOWS\AppControl.exe (file missing) O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe

bonjour Charles Désolé,je reprends la main seulement aujourd'hui car je n'avais plus de connexion,à cause d'un problème local chez numéricable. Pour répondre aus différents points que tu as soulevés: 1-j'ai installé Pack SP2 (ou SP1) je ne sais pas... 2-www.puresight.com,je ne sais pas ce que c'est... 3-je n'ai plus que antivir en antivirus 4-J'ai coché les cases demandés,enfin je crois... jam

Bonjours à tous et merci pour ce que vous faites et pour la clarté de vos explications Je suis un néophyte,mais j'essaie d'apprendre à travers votre site. J'ai été infecté par trojan Rootkit et j'ai,je l'espère,suivi votre procédure et voilà mon rapport HijackThis Logfile of HijackThis v1.99.1 Scan saved at 14:04:27, on 09/09/2005 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\HijackThis\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.sony-europe.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE O4 - HKLM\..\Run: [va10key] C:\Program Files\Sony\10Key Utility\va10key.exe O4 - HKLM\..\Run: [JOGSERV2.EXE] C:\Program Files\Sony\Jog Dial Navigator\JogServ2.exe O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_PxEngine.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\PACK SECURITE\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\PACK SECURITE\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\PACK SECURITE\FSGUI\FSSW.EXE" /reboot O4 - HKLM\..\Run: [News Service] "C:\Program Files\PACK SECURITE\FSGUI\ispnews.exe" O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min O4 - HKLM\..\Run: [AVSCHED32] C:\Program Files\AVPersonal\AVSCHED32.EXE /min O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O9 - Extra button: Filtre Web - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\PACK SECURITE\FSPC\fspcmsie.dll O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\PACK SECURITE\FSPC\fspcmsie.dll O9 - Extra 'Tools' menuitem: Afficher la &liste des sites Web - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\PACK SECURITE\FSPC\fspcmsie.dll O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F02} - C:\Program Files\PACK SECURITE\FSPC\fspcmsie.dll O9 - Extra 'Tools' menuitem: &Interrompre le filtre de la page Web - {200DB664-75B5-47c0-8B45-A44ACCF73F02} - C:\Program Files\PACK SECURITE\FSPC\fspcmsie.dll O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F03} - C:\Program Files\PACK SECURITE\FSPC\fspcmsie.dll O9 - Extra 'Tools' menuitem: &Refuser ce site Web - {200DB664-75B5-47c0-8B45-A44ACCF73F03} - C:\Program Files\PACK SECURITE\FSPC\fspcmsie.dll O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F04} - C:\Program Files\PACK SECURITE\FSPC\fspcmsie.dll O9 - Extra 'Tools' menuitem: &Autoriser ce site Web - {200DB664-75B5-47c0-8B45-A44ACCF73F04} - C:\Program Files\PACK SECURITE\FSPC\fspcmsie.dll O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com O15 - Trusted Zone: *.Sony-europe.com O15 - Trusted Zone: *.Sonystyle-europe.com O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1125958308204 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE O23 - Service: Application Control Software (ApplicationGroup) - Unknown owner - C:\WINDOWS\AppControl.exe (file missing) O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE O23 - Service: PACK SECURITE (BackWeb Plug-in - 542802) - Unknown owner - C:\PROGRA~1\PACKSE~1\backweb\542802\Program\SERVIC~1.EXE O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\PACK SECURITE\Anti-Virus\fsgk32st.exe O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\PACK SECURITE\backweb\542802\program\fsbwsys.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\PACK SECURITE\FWES\Program\fsdfwd.exe O23 - Service: F-Secure HTTP Server (fshttps) - Unknown owner - C:\Program Files\PACK SECURITE\FSPC\fshttps\fshttps.exe (file missing) O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\PACK SECURITE\Common\FSMA32.EXE O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe