mingus

Merci pour la rapidite de la réponse. J'ai effectué les procédures indiquées. Voici le rapport de "désinfection" donné par antivir. Je ne comprends pas pourquoi il ne m'a pas supprimer les fichiers "infectés". Avant de refaire rapport HijackThis voici le rapport antivir. Qu'en pensez-vous? Merci. AntiVir PersonalEdition Classic Report file date: jeudi 1 juin 2006 00:15 Jobname: 'Manual Selection' Scanning for 397378 virus strains and unwanted programs. Licensed to: AntiVir PersonalEdition Classic Serial number: 0000149996-WURGE-0001 Platform: Windows XP Windows version: (Service Pack 1) [5.1.2600] Username: Franck Computer name: LACROIX-A2HBU2A Version informations: AVSCAN.EXE : 7.0.0.35 540712 21/04/2006 12:47:04 AVSCAN.DLL : 7.0.0.34 41000 05/04/2006 11:03:57 LUKE.DLL : 7.0.0.34 114728 05/04/2006 11:03:58 LUKERES.DLL : 7.0.0.34 25640 05/04/2006 11:03:58 ANTIVIR0.VDF : 6.32.0.60 4323840 02/05/2006 08:29:08 ANTIVIR1.VDF : 6.34.1.87 2215424 31/05/2006 21:46:51 ANTIVIR2.VDF : 6.34.1.148 146432 31/05/2006 21:46:52 ANTIVIR3.VDF : 6.34.1.174 73216 31/05/2006 21:46:52 AVEWIN32.DLL : 7.0.0.16 1229312 31/05/2006 21:46:57 AVPREF.DLL : 6.34.0.0 38440 18/01/2006 12:06:00 AVREP.DLL : 6.34.1.166 643112 31/05/2006 21:46:54 AVPACK32.DLL : 7.0.0.4 335912 29/03/2006 09:44:25 AVREG.DLL : 6.31.0.90 27688 28/07/2005 10:06:36 NETNT.DLL : 6.32.0.0 6696 27/09/2005 07:56:49 NETNW.DLL : 6.32.0.0 9768 27/09/2005 07:56:49 Start of the scan: jeudi 1 juin 2006 00:15 Start scanning boot sectors: Boot sector 'C:' [NOTE] No virus was found! Boot sector 'D:' [NOTE] No virus was found! Boot sector 'E:' [NOTE] No virus was found! Starting to scan the registry. The registry was scanned ( 33 files ). Starting the file scan: C:\pagefile.sys [WARNING] The file could not be opened! C:\Documents and Settings\Franck\ntuser.dat [WARNING] The file could not be opened! C:\Documents and Settings\Franck\ntuser.dat.LOG [WARNING] The file could not be opened! C:\Documents and Settings\Franck\Application Data\Thunderbird\Profiles\qah6r7eh.default\mail\local folders\inbox [0] Archive type: Netscape/Mozilla Mailbox --> Mailbox_[From: alias@mobistar.be ][subject: Re: Bad Request ].mim [1] Archive type: MIME --> message.pif [DETECTION] Contains signature of the worm WORM/NetSky.P --> Mailbox_[From: franck.lacroix2@free.fr ][subject: Mail Delivery (failure franck.lacroix2@free.fr) ].mim [1] Archive type: MIME --> file0.mim [2] Archive type: MIME --> file1.html [DETECTION] Contains signature of the worm WORM/NetSky.P.Expl --> message.scr [DETECTION] Contains signature of the worm WORM/NetSky.P --> Mailbox_[From: ardan.npdc@wanadoo.fr ][subject: corrected ].mim [1] Archive type: MIME --> website_franck.lacroix2.zip [DETECTION] Contains signature of the worm WORM/NetSky.P [2] Archive type: ZIP --> data.rtf .scr [DETECTION] Contains signature of the worm WORM/NetSky.P --> Mailbox_[From: premium-server@thawte.com ][subject: Mail Delivery (failure franck.lacroix2@free.fr) ].mim [1] Archive type: MIME --> file0.mim [2] Archive type: MIME --> file1.html [DETECTION] Contains signature of the worm WORM/NetSky.P.Expl --> message.scr [DETECTION] Contains signature of the worm WORM/NetSky.P --> Mailbox_[From: lients@wanadoo.fr ][subject: Re: Question ].mim [1] Archive type: MIME --> my_list01.zip [DETECTION] Contains signature of the worm WORM/NetSky.P [2] Archive type: ZIP --> data.rtf .scr [DETECTION] Contains signature of the worm WORM/NetSky.P --> Mailbox_[From: postman@wanadoo.fr ][subject: Registration Confirmation ].mim [1] Archive type: MIME --> reg_pass.zip [DETECTION] Contains signature of the worm WORM/Sober.Y [2] Archive type: ZIP --> File-packed_dataInfo.exe [DETECTION] Contains signature of the worm WORM/Sober.Y --> Mailbox_[From: daniel@zybar.net ][subject: Re: List ].mim [1] Archive type: MIME --> my_list01.pif [DETECTION] Contains signature of the worm WORM/NetSky.P --> Mailbox_[From: info@winzip.com ][subject: Mail Delivery (failure franck.lacroix2@free.fr) ].mim [1] Archive type: MIME --> file0.mim [2] Archive type: MIME --> file1.html [DETECTION] Contains signature of the worm WORM/NetSky.P.Expl --> message.scr [DETECTION] Contains signature of the worm WORM/NetSky.P --> Mailbox_[From: francoisgobert@yahoo.fr ][subject: Hello ].mim [1] Archive type: MIME --> patch3425_franck.lacroix2.pif [DETECTION] Contains signature of the worm WORM/NetSky.P C:\Documents and Settings\Franck\Application Data\Thunderbird\Profiles\qah6r7eh.default\mail\local folders\trash [0] Archive type: Netscape/Mozilla Mailbox --> Mailbox_[From: info@winzip.com ][subject: Mail Delivery (failure franck.lacroix2@free.fr) ].mim [1] Archive type: MIME --> file0.mim [2] Archive type: MIME --> file1.html [DETECTION] Contains signature of the worm WORM/NetSky.P.Expl C:\Documents and Settings\Franck\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat [WARNING] The file could not be opened! C:\Documents and Settings\Franck\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG [WARNING] The file could not be opened! C:\WINDOWS\update13.js [DETECTION] Contains signature of the Java script virus JS/Startpage.gen [iNFO] The file was moved to '44e21d1b.qua'! C:\WINDOWS\system32\config\default [WARNING] The file could not be opened! C:\WINDOWS\system32\config\default.LOG [WARNING] The file could not be opened! C:\WINDOWS\system32\config\SAM [WARNING] The file could not be opened! C:\WINDOWS\system32\config\SAM.LOG [WARNING] The file could not be opened! C:\WINDOWS\system32\config\SECURITY [WARNING] The file could not be opened! C:\WINDOWS\system32\config\SECURITY.LOG [WARNING] The file could not be opened! C:\WINDOWS\system32\config\software [WARNING] The file could not be opened! C:\WINDOWS\system32\config\software.LOG [WARNING] The file could not be opened! C:\WINDOWS\system32\config\system [WARNING] The file could not be opened! C:\WINDOWS\system32\config\system.LOG [WARNING] The file could not be opened! End of the scan: jeudi 1 juin 2006 04:25 Used time: 4:09:49 min The scan has been done completely. 5632 Scanning directories 272525 Files were scanned 17 viruses and/or unwanted programs was found 0 files were deleted 0 files were repaired 1 files were moved to quarantine 0 files were renamed 4553 Archives were scanned 17 Warnings 2 Notes

Suite à un message laissé dans la section internet et réseau en rapport avec de grosses lenteurs de connection avec firefox et IE, sazaki7 m'a proposé de poster un log Hijackthis le voici. Qui peut m'aider à le décoder, car je n'y entends rien, merci. Logfile of HijackThis v1.99.1 Scan saved at 18:57:37, on 31/05/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\drivers\CDAC11BA.EXE C:\WINDOWS\System32\CTsvcCDA.EXE C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE E:\Programmes\RunSC.exe C:\PROGRA~1\PESTPA~1\PPMemCheck.exe C:\PROGRA~1\PESTPA~1\PPControl.exe C:\PROGRA~1\PESTPA~1\CookiePatrol.exe C:\WINDOWS\System32\devldr32.exe C:\WINDOWS\System32\CTHELPER.EXE C:\Program Files\Softwin\BitDefender9\bdoesrv.exe C:\progra~1\softwin\bitdef~2\bdnagent.exe C:\WINDOWS\System32\nvsvc32.exe E:\Programmes\PCtl.exe C:\progra~1\softwin\bitdef~2\bdswitch.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\system32\fxssvc.exe E:\programmes\WCESCOMM.EXE E:\Programmes\BIL.EXE E:\Programmes\Toolbar\EPSIBar.exe E:\Programmes\CILRS232.EXE C:\WINDOWS\System32\GRVSA.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe C:\Program Files\Softwin\BitDefender9\vsserv.exe c:\progra~1\softwin\bitdef~2\bdmcon.exe D:\Programmes\acrobat\Reader\AcroRd32.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE E:\Programmes téléchargés\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.meteofrance.com/FR/mameteo/prev...p?LIEUID=DEPT78 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.free.fr:3128 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O1 - Hosts: 207.68.172.246 msn.com O2 - BHO: (no name) - AutorunsDisabled - (no file) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~2\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE O4 - HKLM\..\Run: [bDMCon] c:\progra~1\softwin\bitdef~2\bdmcon.exe O4 - HKLM\..\Run: [bDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe" O4 - HKLM\..\Run: [sSBkgdUpdate] C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot O4 - HKLM\..\Run: [bDNewsAgent] "c:\progra~1\softwin\bitdef~2\bdnagent.exe" O4 - HKLM\..\Run: [bDSwitchAgent] "c:\progra~1\softwin\bitdef~2\bdswitch.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "E:\programmes\WCESCOMM.EXE" O4 - Startup: PPControl.lnk = ? O4 - Global Startup: EPSI ToolBar.lnk = E:\Programmes\Toolbar\EPSIBar.exe O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar3.dll/cmwordtrans.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - e:\PROGRA~2\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - e:\PROGRA~2\INetRepl.dll O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - e:\PROGRA~2\INetRepl.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/026e925e38cd61...RdxIE601_fr.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1113575854685 O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://www.touslesdrivers.com/hardwaredetection.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{7CE0940D-2D96-40AA-BA1B-64EFA72BE4B7}: NameServer = 212.27.33.176,212.27.32.177 O17 - HKLM\System\CS1\Services\Tcpip\..\{7CE0940D-2D96-40AA-BA1B-64EFA72BE4B7}: NameServer = 212.27.33.176,212.27.32.177 O17 - HKLM\System\CS2\Services\Tcpip\..\{7CE0940D-2D96-40AA-BA1B-64EFA72BE4B7}: NameServer = 212.27.33.176,212.27.32.177 O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file) O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing) O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing) O23 - Service: MGE Service module - Unknown owner - E:\Programmes\RunSC.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: Onduleur (UPS) - Unknown owner - C:\WINDOWS\System32\ups2.exe (file missing) O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing) O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

OK j'ai trouvé merci je le fais de suite.

Merci, mais je ne comprends pas.

Tes adresses IP sont elles cohérentes?

Bonjour, Depuis quelques jours, j'ai un pb de navigation avec Firefox et IE. Parfois la navigation se passe très bien et d'autres fois, je suis obligé d'attendre plusieurs minutes avant d'avoir la page du site demandé qui s'affiche à l'écran. J'ai parfois (et de plus en plus souvent) le message ( par exemple) : site www.ebay.fr introuvable. Dans ces cas là, il n'y a généralement que Google qui fonctionne. Je tourne avec Win XP pro sans sp2 et mon fournisseur d'accès est free. Si il pouvait y avoir un zébulonien ou nienne qui puisse me dépanner merci d'avance. Merci à tous