donc pour l’instant je suis un petit peu tranquille et si je t’ai bien suivi réviser le choix de mon antivirus. :sarcastic:
bonjour, ont est jamais tranquille avec un pc connecté au Net :d
profiter de la licence Norton que vous avez payé, ensuite rien vous oblige de reachter une boîte jaune.
ont peu revoir un .log de HijackThis ? [:siffle]
salut désolé mais je trouve que un pattern zippé, (qui correspond a l’autre pattern dézippé non)?
non non
tu peu retélécharger le zip, ila des mises à jour journalière donc vaut mieux avoir les dernieres definition;)
en gros si tu veu refaire le scan tu crée un nouveau dossier dans tes documents avec le nom que tu souhaite et dezipper http://antidote.ac-besancon.fr/prog/pattern.zip et glisser sysclean.com dans ce même dossier
en d’autre termes oui pour le .log mais je l’ai donné avant hier et je trouve pas d’autres patterns
ok :d
non je parle d’un log de HijackThis
lendemain difficile ou quoi :d ?
oui un peu et mes gosses sont un peu énervé ce matin.
et voilou 
Logfile of HijackThis v1.99.0
Scan saved at 10:29:10, on 30/01/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\WINDOWS\j.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\interMute\SpySubtract\SpySub.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\olivier&maryse\Mes documents\Mes fichiers reçus\hijackthis_199\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.neuf.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neuf.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - (no file)
O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM…\Run: [nwiz] nwiz.exe /install
O4 - HKLM…\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM…\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM…\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM…\Run: [Sepate Security Firewall] sepate.exe
O4 - HKLM…\Run: [Win32 USB2 Driver] winsnd32.exe
O4 - HKLM…\Run: [REGRUN] C:\WINDOWS\j.exe
O4 - HKLM…\Run: [Start Uppings] mssupdate.exe
O4 - HKLM…\Run: [ccApp] “C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe”
O4 - HKLM…\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM…\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM…\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM…\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 - HKLM…\RunServices: [Sepate Security Firewall] sepate.exe
O4 - HKLM…\RunServices: [Win32 USB2 Driver] winsnd32.exe
O4 - HKLM…\RunServices: [Start Uppings] mssupdate.exe
O4 - HKCU…\Run: [Sepate Security Firewall] sepate.exe
O4 - HKCU…\Run: [Win32 USB2 Driver] winsnd32.exe
O4 - HKCU…\Run: [Start Uppings] mssupdate.exe
O4 - HKCU…\RunServices: [Start Uppings] mssupdate.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab
O16 - DPF: {0585238B-9CA6-4CCB-A9B2-FE4BA495E880} (AXWebMon Control) - http://www.vivreaquebec.com/ezwebcam21/AXWebMonProj1.cab
O16 - DPF: {0F9B4CA4-A30F-480A-841D-69B45C50A8F8} (SekureL0gin.SekureKontrol) - http://secure2.comned.com/signuptemplates/AktiveSekurity.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/scanner/axscanner.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1102802114734
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://paris.tourismeville.wanadoo.fr/AxisCamControl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O17 - HKLM\System\CCS\Services\Tcpip…{BC95944B-0F8D-4B87-B0B1-DC2775428E30}: NameServer = 80.118.196.42 80.118.192.112
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Service d’administration du Gestionnaire de disque logique - Unknown - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements - Unknown - C:\WINDOWS\system32\services.exe
O23 - Service: Service COM de gravage de CD IMAPI - Unknown - C:\WINDOWS\System32\imapi.exe
O23 - Service: Partage de Bureau à distance NetMeeting - Unknown - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: Service Norton AntiVirus Auto-Protect - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Plug-and-Play - Unknown - C:\WINDOWS\system32\services.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Journaux et alertes de performance - Unknown - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume - Unknown - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI - Unknown - C:\WINDOWS\System32\wbem\wmiapsrv.exe
ok ok
redémarrer en mode sans échec et exécuter Hijack(Do a system scan only) ensuite cocher les cases suivantes:
C:\WINDOWS\j.exe
O2 - BHO: (no name) - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - (no file)
O4 - HKLM…\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM…\Run: [Sepate Security Firewall] sepate.exe
O4 - HKLM…\Run: [Win32 USB2 Driver] winsnd32.exe
O4 - HKLM…\Run: [REGRUN] C:\WINDOWS\j.exe
O4 - HKLM…\Run: [Start Uppings] mssupdate.exe
O4 - HKLM…\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 - HKLM…\RunServices: [Sepate Security Firewall] sepate.exe
O4 - HKLM…\RunServices: [Win32 USB2 Driver] winsnd32.exe
O4 - HKLM…\RunServices: [Start Uppings] mssupdate.exe
O4 - HKCU…\Run: [Sepate Security Firewall] sepate.exe
O4 - HKCU…\Run: [Win32 USB2 Driver] winsnd32.exe
O4 - HKCU…\Run: [Start Uppings] mssupdate.exe
O4 - HKCU…\RunServices: [Start Uppings] mssupdate.exe
O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab
O16 - DPF: {0F9B4CA4-A30F-480A-841D-69B45C50A8F8} (SekureL0gin.SekureKontrol) - http://secure2.comned.com/signuptemplates/AktiveSekurity.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/scanner/axscanner.cab
après avoir cocher les cases tu clique sur Fix checked
tu reboot tjr en mode sans échec et dans le dossier de Hijack ila un dossier backup que tu peu supprimer.
quand c’est fait tu exécute sysclean;com et pour finir poster encore un .log de Hijack et le rapport(la fin) de sysclean.com
voilà
merci je ferai plus tard car ils deviennent ingérables merci beaucoup a plus.
bon ben j’espère que j’ai bon sinon a refaire :spamafote:
alors voilà tout , par contre sysclean en a deux ou alors je m’a trompé.
/--------------------------------------------------------------
| Trend Micro Sysclean Package |
| Copyright 2002, Trend Micro, Inc. |
| http://www.trendmicro.com |
--------------------------------------------------------------/
2005-01-30, 10:23:53, Auto-clean mode specified.
2005-01-30, 10:23:53, Running scanner “C:\Documents and Settings\olivier&maryse\Mes documents\Mes fichiers reçus\sysclean\TSC.BIN”…
2005-01-30, 10:24:03, Scanner “C:\Documents and Settings\olivier&maryse\Mes documents\Mes fichiers reçus\sysclean\TSC.BIN” has finished running.
2005-01-30, 10:24:03, TSC Log:
Damage Cleanup Engine (DCE) 3.9(Build 1020)
Windows XP(Build 2600: Service Pack 2)
Start time : dim. janv. 30 2005 10:23:54
Load Damage Cleanup Template (DCT) “C:\Documents and Settings\olivier&maryse\Mes documents\Mes fichiers reçus\sysclean\tsc.ptn” (version 495) [success]
Complete time : dim. janv. 30 2005 10:24:03
Execute pattern count(1795), Virus found count(0), Virus clean count(0), Clean failed count(0)
2005-01-30, 10:24:04, Could not set file for reading on “C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp”: Accès refusé.
2005-01-30, 10:24:31, An error occurred while scanning file “C:\Documents and Settings\LocalService\NTUSER.DAT”: Accès refusé.
2005-01-30, 10:24:31, An error occurred while scanning file “C:\Documents and Settings\LocalService\ntuser.dat.LOG”: Accès refusé.
2005-01-30, 10:24:31, An error occurred while scanning file “C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat”: Accès refusé.
2005-01-30, 10:24:31, An error occurred while scanning file “C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG”: Accès refusé.
2005-01-30, 10:24:32, An error occurred while scanning file “C:\Documents and Settings\NetworkService\NTUSER.DAT”: Accès refusé.
2005-01-30, 10:24:32, An error occurred while scanning file “C:\Documents and Settings\NetworkService\ntuser.dat.LOG”: Accès refusé.
2005-01-30, 10:24:32, An error occurred while scanning file “C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat”: Accès refusé.
2005-01-30, 10:24:32, An error occurred while scanning file “C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG”: Accès refusé.
2005-01-30, 10:24:32, An error occurred while scanning file “C:\Documents and Settings\olivier&maryse\NTUSER.DAT”: Accès refusé.
2005-01-30, 10:24:32, An error occurred while scanning file “C:\Documents and Settings\olivier&maryse\ntuser.dat.LOG”: Accès refusé.
2005-01-30, 10:24:35, An error occurred while scanning file “C:\Documents and Settings\olivier&maryse\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat”: Accès refusé.
2005-01-30, 10:24:35, An error occurred while scanning file “C:\Documents and Settings\olivier&maryse\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG”: Accès refusé.
2005-01-30, 10:24:36, An error occurred while scanning file “C:\Documents and Settings\olivier&maryse\Local Settings\Temp\installer.exe”: Accès refusé.
2005-01-30, 10:24:36, An error occurred while scanning file “C:\Documents and Settings\olivier&maryse\Local Settings\Temp\JETC524.tmp”: Accès refusé.
/--------------------------------------------------------------
| Trend Micro Sysclean Package |
| Copyright 2002, Trend Micro, Inc. |
| http://www.trendmicro.com |
--------------------------------------------------------------/
2005-01-30, 10:24:52, Auto-clean mode specified.
2005-01-30, 10:24:52, Running scanner “C:\Documents and Settings\olivier&maryse\Mes documents\Mes fichiers reçus\sysclean\TSC.BIN”…
2005-01-30, 10:25:03, Scanner “C:\Documents and Settings\olivier&maryse\Mes documents\Mes fichiers reçus\sysclean\TSC.BIN” has finished running.
2005-01-30, 10:25:03, TSC Log:
Damage Cleanup Engine (DCE) 3.9(Build 1020)
Windows XP(Build 2600: Service Pack 2)
Start time : dim. janv. 30 2005 10:24:53
Load Damage Cleanup Template (DCT) “C:\Documents and Settings\olivier&maryse\Mes documents\Mes fichiers reçus\sysclean\tsc.ptn” (version 495) [success]
Complete time : dim. janv. 30 2005 10:25:03
Execute pattern count(1795), Virus found count(0), Virus clean count(0), Clean failed count(0)
2005-01-30, 10:25:04, Could not set file for reading on “C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp”: Accès refusé.
2005-01-30, 10:25:35, An error occurred while scanning file “C:\Documents and Settings\LocalService\NTUSER.DAT”: Accès refusé.
2005-01-30, 10:25:35, An error occurred while scanning file “C:\Documents and Settings\LocalService\ntuser.dat.LOG”: Accès refusé.
2005-01-30, 10:25:35, An error occurred while scanning file “C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat”: Accès refusé.
2005-01-30, 10:25:35, An error occurred while scanning file “C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG”: Accès refusé.
2005-01-30, 10:25:35, An error occurred while scanning file “C:\Documents and Settings\NetworkService\NTUSER.DAT”: Accès refusé.
2005-01-30, 10:25:35, An error occurred while scanning file “C:\Documents and Settings\NetworkService\ntuser.dat.LOG”: Accès refusé.
2005-01-30, 10:25:35, An error occurred while scanning file “C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat”: Accès refusé.
2005-01-30, 10:25:35, An error occurred while scanning file “C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG”: Accès refusé.
2005-01-30, 10:25:35, An error occurred while scanning file “C:\Documents and Settings\olivier&maryse\NTUSER.DAT”: Accès refusé.
2005-01-30, 10:25:35, An error occurred while scanning file “C:\Documents and Settings\olivier&maryse\ntuser.dat.LOG”: Accès refusé.
2005-01-30, 10:25:37, An error occurred while scanning file “C:\Documents and Settings\olivier&maryse\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat”: Accès refusé.
2005-01-30, 10:25:37, An error occurred while scanning file “C:\Documents and Settings\olivier&maryse\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG”: Accès refusé.
2005-01-30, 10:25:37, An error occurred while scanning file “C:\Documents and Settings\olivier&maryse\Local Settings\Temp\installer.exe”: Accès refusé.
2005-01-30, 10:25:37, An error occurred while scanning file “C:\Documents and Settings\olivier&maryse\Local Settings\Temp\JETC524.tmp”: Accès refusé.
2005-01-30, 10:27:24, The user stopped the operation.
/--------------------------------------------------------------
| Trend Micro Sysclean Package |
| Copyright 2002, Trend Micro, Inc. |
| http://www.trendmicro.com |
--------------------------------------------------------------/
2005-01-30, 14:27:10, Auto-clean mode specified.
2005-01-30, 14:27:10, Running scanner “C:\Documents and Settings\olivier&maryse\Mes documents\Mes fichiers reçus\sysclean\TSC.BIN”…
2005-01-30, 14:27:30, Scanner “C:\Documents and Settings\olivier&maryse\Mes documents\Mes fichiers reçus\sysclean\TSC.BIN” has finished running.
2005-01-30, 14:27:30, TSC Log:
Damage Cleanup Engine (DCE) 3.9(Build 1020)
Windows XP(Build 2600: Service Pack 2)
Start time : dim. janv. 30 2005 14:27:10
Load Damage Cleanup Template (DCT) “C:\Documents and Settings\olivier&maryse\Mes documents\Mes fichiers reçus\sysclean\tsc.ptn” (version 495) [success]
Complete time : dim. janv. 30 2005 14:27:30
Execute pattern count(1795), Virus found count(0), Virus clean count(0), Clean failed count(0)
2005-01-30, 14:27:33, Could not set file for reading on “C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp”: Accès refusé.
/--------------------------------------------------------------
| Trend Micro Sysclean Package |
| Copyright 2002, Trend Micro, Inc. |
| http://www.trendmicro.com |
--------------------------------------------------------------/
2005-01-30, 14:28:53, Auto-clean mode specified.
2005-01-30, 14:28:53, Running scanner “C:\Documents and Settings\olivier&maryse\Mes documents\Mes fichiers reçus\sysclean\TSC.BIN”…
2005-01-30, 14:29:23, Scanner “C:\Documents and Settings\olivier&maryse\Mes documents\Mes fichiers reçus\sysclean\TSC.BIN” has finished running.
2005-01-30, 14:29:23, TSC Log:
Damage Cleanup Engine (DCE) 3.9(Build 1020)
Windows XP(Build 2600: Service Pack 2)
Start time : dim. janv. 30 2005 14:28:54
Load Damage Cleanup Template (DCT) “C:\Documents and Settings\olivier&maryse\Mes documents\Mes fichiers reçus\sysclean\tsc.ptn” (version 495) [success]
Complete time : dim. janv. 30 2005 14:29:23
Execute pattern count(1795), Virus found count(0), Virus clean count(0), Clean failed count(0)
2005-01-30, 14:29:23, Could not set file for reading on “C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp”: Accès refusé.
2005-01-30, 14:29:32, An error occurred while scanning file “C:\Documents and Settings\NetworkService\NTUSER.DAT”: Accès refusé.
2005-01-30, 14:29:32, An error occurred while scanning file “C:\Documents and Settings\NetworkService\ntuser.dat.LOG”: Accès refusé.
2005-01-30, 14:29:32, An error occurred while scanning file “C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat”: Accès refusé.
2005-01-30, 14:29:32, An error occurred while scanning file “C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG”: Accès refusé.
2005-01-30, 14:29:32, An error occurred while scanning file “C:\Documents and Settings\olivier&maryse\NTUSER.DAT”: Accès refusé.
2005-01-30, 14:29:32, An error occurred while scanning file “C:\Documents and Settings\olivier&maryse\ntuser.dat.LOG”: Accès refusé.
2005-01-30, 14:29:37, An error occurred while scanning file “C:\Documents and Settings\olivier&maryse\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat”: Accès refusé.
2005-01-30, 14:29:37, An error occurred while scanning file “C:\Documents and Settings\olivier&maryse\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG”: Accès refusé.
2005-01-30, 14:38:37, An error was detected on "C:\System Volume Information*.": Accès refusé.
2005-01-30, 14:44:20, Could not set file for reading on “C:\WINDOWS\Prefetch\AD-AWARE.EXE-2ED3360E.pf”: Accès refusé.
2005-01-30, 14:44:20, Could not set file for reading on “C:\WINDOWS\Prefetch\AUPDATE.EXE-2253CB60.pf”: Accès refusé.
2005-01-30, 14:44:20, Could not set file for reading on “C:\WINDOWS\Prefetch\CMD.EXE-087B4001.pf”: Accès refusé.
2005-01-30, 14:44:20, Could not set file for reading on “C:\WINDOWS\Prefetch\DEFRAG.EXE-273F131E.pf”: Accès refusé.
2005-01-30, 14:44:20, Could not set file for reading on “C:\WINDOWS\Prefetch\DFRGNTFS.EXE-269967DF.pf”: Accès refusé.
2005-01-30, 14:44:20, Could not set file for reading on “C:\WINDOWS\Prefetch\DRWTSN32.EXE-2B4B52AC.pf”: Accès refusé.
2005-01-30, 14:44:20, Could not set file for reading on “C:\WINDOWS\Prefetch\DUMPREP.EXE-1B46F901.pf”: Accès refusé.
2005-01-30, 14:44:20, Could not set file for reading on “C:\WINDOWS\Prefetch\DWWIN.EXE-30875ADC.pf”: Accès refusé.
2005-01-30, 14:44:20, Could not set file for reading on “C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf”: Accès refusé.
2005-01-30, 14:44:20, Could not set file for reading on “C:\WINDOWS\Prefetch\HIJACKTHIS.EXE-380DB667.pf”: Accès refusé.
2005-01-30, 14:44:20, Could not set file for reading on “C:\WINDOWS\Prefetch\IEXPLORE.EXE-27122324.pf”: Accès refusé.
2005-01-30, 14:44:20, Could not set file for reading on “C:\WINDOWS\Prefetch\IMAPI.EXE-0BF740A4.pf”: Accès refusé.
2005-01-30, 14:44:20, Could not set file for reading on “C:\WINDOWS\Prefetch\Layout.ini”: Accès refusé.
2005-01-30, 14:44:20, Could not set file for reading on “C:\WINDOWS\Prefetch\LOGONUI.EXE-0AF22957.pf”: Accès refusé.
2005-01-30, 14:44:20, Could not set file for reading on “C:\WINDOWS\Prefetch\LUALL.EXE-30AC8E48.pf”: Accès refusé.
2005-01-30, 14:44:20, Could not set file for reading on “C:\WINDOWS\Prefetch\LUCOMS~1.EXE-02DB5950.pf”: Accès refusé.
2005-01-30, 14:44:20, Could not set file for reading on “C:\WINDOWS\Prefetch\MSMSGS.EXE-2B6052DE.pf”: Accès refusé.
2005-01-30, 14:44:20, Could not set file for reading on “C:\WINDOWS\Prefetch\NAVW32.EXE-0E3FE09C.pf”: Accès refusé.
2005-01-30, 14:44:20, Could not set file for reading on “C:\WINDOWS\Prefetch\NAVW32.EXE-15E66405.pf”: Accès refusé.
2005-01-30, 14:44:20, Could not set file for reading on “C:\WINDOWS\Prefetch\NDETECT.EXE-16E64095.pf”: Accès refusé.
2005-01-30, 14:44:20, Could not set file for reading on “C:\WINDOWS\Prefetch\NMAIN.EXE-34D44D63.pf”: Accès refusé.
2005-01-30, 14:44:20, Could not set file for reading on “C:\WINDOWS\Prefetch\NOTEPAD.EXE-189578DA.pf”: Accès refusé.
2005-01-30, 14:44:20, Could not set file for reading on “C:\WINDOWS\Prefetch\NOTEPAD.EXE-336351A9.pf”: Accès refusé.
2005-01-30, 14:44:20, Could not set file for reading on “C:\WINDOWS\Prefetch\NTOSBOOT-B00DFAAD.pf”: Accès refusé.
2005-01-30, 14:44:20, Could not set file for reading on “C:\WINDOWS\Prefetch\POWERDVD.EXE-13FC7432.pf”: Accès refusé.
2005-01-30, 14:44:20, Could not set file for reading on “C:\WINDOWS\Prefetch\REGEDIT.EXE-1B606482.pf”: Accès refusé.
2005-01-30, 14:44:20, Could not set file for reading on “C:\WINDOWS\Prefetch\REGSVR32.EXE-25EEFE2F.pf”: Accès refusé.
2005-01-30, 14:44:20, Could not set file for reading on “C:\WINDOWS\Prefetch\RUNDLL32.EXE-147710F4.pf”: Accès refusé.
2005-01-30, 14:44:20, Could not set file for reading on “C:\WINDOWS\Prefetch\RUNDLL32.EXE-29486132.pf”: Accès refusé.
2005-01-30, 14:44:20, Could not set file for reading on “C:\WINDOWS\Prefetch\RUNDLL32.EXE-4489B61B.pf”: Accès refusé.
2005-01-30, 14:44:20, Could not set file for reading on “C:\WINDOWS\Prefetch\SELFHELPER.EXE-0D9D39FF.pf”: Accès refusé.
2005-01-30, 14:44:20, Could not set file for reading on “C:\WINDOWS\Prefetch\SPYBOTSD.EXE-1344276B.pf”: Accès refusé.
2005-01-30, 14:44:20, Could not set file for reading on “C:\WINDOWS\Prefetch\SSPIPES.SCR-151C97BA.pf”: Accès refusé.
2005-01-30, 14:44:20, Could not set file for reading on “C:\WINDOWS\Prefetch\SYSCLEAN.COM-0D23FA2B.pf”: Accès refusé.
2005-01-30, 14:44:20, Could not set file for reading on “C:\WINDOWS\Prefetch\SYSCLEAN.EXE-1FE02EF5.pf”: Accès refusé.
2005-01-30, 14:44:20, Could not set file for reading on “C:\WINDOWS\Prefetch\TASKMGR.EXE-20256C55.pf”: Accès refusé.
2005-01-30, 14:44:20, Could not set file for reading on “C:\WINDOWS\Prefetch\TSC.BIN-3B6D21ED.pf”: Accès refusé.
2005-01-30, 14:44:20, Could not set file for reading on “C:\WINDOWS\Prefetch\WMIPRVSE.EXE-28F301A9.pf”: Accès refusé.
2005-01-30, 14:44:20, Could not set file for reading on “C:\WINDOWS\Prefetch\WUAUCLT.EXE-399A8E72.pf”: Accès refusé.
2005-01-30, 14:44:20, Could not set file for reading on “C:\WINDOWS\Prefetch\WUPDMGR.EXE-2F30BEAB.pf”: Accès refusé.
2005-01-30, 14:48:45, An error occurred while scanning file “C:\WINDOWS\system32\Lzwvc11n.dll”: Accès refusé.
2005-01-30, 14:49:33, An error occurred while scanning file “C:\WINDOWS\system32\q2rq0c95ef.dll”: Accès refusé.
2005-01-30, 14:49:35, An error occurred while scanning file “C:\WINDOWS\system32\r86ulij918o.dll”: Accès refusé.
2005-01-30, 14:50:24, An error occurred while scanning file “C:\WINDOWS\system32\config\default”: Accès refusé.
2005-01-30, 14:50:24, An error occurred while scanning file “C:\WINDOWS\system32\config\default.LOG”: Accès refusé.
2005-01-30, 14:50:24, An error occurred while scanning file “C:\WINDOWS\system32\config\SAM”: Accès refusé.
2005-01-30, 14:50:24, An error occurred while scanning file “C:\WINDOWS\system32\config\SAM.LOG”: Accès refusé.
2005-01-30, 14:50:24, An error occurred while scanning file “C:\WINDOWS\system32\config\SECURITY”: Accès refusé.
2005-01-30, 14:50:24, An error occurred while scanning file “C:\WINDOWS\system32\config\SECURITY.LOG”: Accès refusé.
2005-01-30, 14:50:24, An error occurred while scanning file “C:\WINDOWS\system32\config\software”: Accès refusé.
2005-01-30, 14:50:24, An error occurred while scanning file “C:\WINDOWS\system32\config\software.LOG”: Accès refusé.
2005-01-30, 14:50:24, An error occurred while scanning file “C:\WINDOWS\system32\config\system”: Accès refusé.
2005-01-30, 14:50:24, An error occurred while scanning file “C:\WINDOWS\system32\config\system.LOG”: Accès refusé.
2005-01-30, 14:52:03, Running scanner “C:\Documents and Settings\olivier&maryse\Mes documents\Mes fichiers reçus\sysclean\VSCANTM.BIN”…
2005-01-30, 14:52:04, Files Detected:
Copyright © 1990 - 2004 Trend Micro Inc.
Report Date : 1/30/2005 14:52:04
VSAPI Engine Version : 7.000-1004
VSCANTM Version : 1.1-1001
Command Line: C:\Documents and Settings\olivier&maryse\Mes documents\Mes fichiers reçus\sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:*.
2005-01-30, 14:52:04, Files Clean:
Copyright © 1990 - 2004 Trend Micro Inc.
Report Date : 1/30/2005 14:52:03
VSAPI Engine Version : 7.000-1004
VSCANTM Version : 1.1-1001
Command Line: C:\Documents and Settings\olivier&maryse\Mes documents\Mes fichiers reçus\sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:*.*
2005-01-30, 14:52:04, Clean Fail:
Copyright © 1990 - 2004 Trend Micro Inc.
Report Date : 1/30/2005 14:52:03
VSAPI Engine Version : 7.000-1004
VSCANTM Version : 1.1-1001
Command Line: C:\Documents and Settings\olivier&maryse\Mes documents\Mes fichiers reçus\sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:*.*
2005-01-30, 14:52:04, Scanner “C:\Documents and Settings\olivier&maryse\Mes documents\Mes fichiers reçus\sysclean\VSCANTM.BIN” has finished running.
ET PUIS VOILA LE 2ème
Debug Information Level=0
ET MAINTENANT le dernier
Logfile of HijackThis v1.99.0
Scan saved at 14:53:53, on 30/01/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\olivier&maryse\Mes documents\Mes fichiers reçus\hijackthis_199\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.neuf.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neuf.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM…\Run: [nwiz] nwiz.exe /install
O4 - HKLM…\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM…\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM…\Run: [ccApp] “C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe”
O4 - HKLM…\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM…\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM…\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM…\RunServices: [Sepate Security Firewall] sepate.exe
O4 - HKLM…\RunServices: [Win32 USB2 Driver] winsnd32.exe
O4 - HKLM…\RunServices: [Start Uppings] mssupdate.exe
O4 - HKCU…\Run: [Start Uppings] mssupdate.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0585238B-9CA6-4CCB-A9B2-FE4BA495E880} (AXWebMon Control) - http://www.vivreaquebec.com/ezwebcam21/AXWebMonProj1.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1102802114734
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://paris.tourismeville.wanadoo.fr/AxisCamControl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Service d’administration du Gestionnaire de disque logique - Unknown - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements - Unknown - C:\WINDOWS\system32\services.exe
O23 - Service: Service COM de gravage de CD IMAPI - Unknown - C:\WINDOWS\System32\imapi.exe
O23 - Service: Partage de Bureau à distance NetMeeting - Unknown - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: Service Norton AntiVirus Auto-Protect - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Plug-and-Play - Unknown - C:\WINDOWS\system32\services.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Journaux et alertes de performance - Unknown - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume - Unknown - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI - Unknown - C:\WINDOWS\System32\wbem\wmiapsrv.exe
et voilà tout bon ben voilà 
salut keeper…euh, heureusement il à “norton antivirus”…lol…@+
O2 - BHO: (no name) - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - (no file)
celui d’en haut à viré aussi…
O4 - HKLM…\RunServices: [Sepate Security Firewall] sepate.exe
O4 - HKLM…\RunServices: [Win32 USB2 Driver] winsnd32.exe
O4 - HKLM…\RunServices: [Start Uppings] mssupdate.exe
O4 - HKCU…\Run: [Start Uppings] mssupdate.exe
refaire les scan en mode sans echec…(enlevé la restosysteme avant…)
je suis le seul sur ce forum a rien capter a ces “textes”???
désolé stin07 mais un scan avec les deux (et si oui on peut en meme temps)???
pour le mssupdate.exe… voir la procedure ici…
http://es.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=WORM_RBOT.AIG
sinon oui passe ton antivirus et “spybot” ou autre en mode sans echec…;euh, chaque scan les uns après l’autre…lol
@+
stin
oui heuresement [:austindangerpowers]
a mon avis tu n’est pas le seul, voici un lien qui explique quesque nous faison http://www.zebulon.fr/articles/HijackThis.php , ton .log commence a être bon mais spa encore gagner.
tu peux supprimer les fichiers que tu a télécharger (plus besoin de tsc et sysclean.com) et exécuter ce logiciel pour nettoyer les fichiers temporaires http://www.ccleaner.com/
sans être connecté al’internet :aller a la clé [fixed]HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run[/fixed] et supprimer l’entrée [Start Uppings] mssupdate.exe (clic droit)
[fixed]HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run[/fixed] et supprimer les entrées [Start Uppings] mssupdate.exe , [Win32 USB2 Driver] winsnd32.exe , [Sepate Security Firewall] sepate.exe(clic droit)
[fixed]HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce[/fixed] verifier si ila des entrées(les mêmes précédées) aussi et les supprimer.
[fixed]HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx[/fixed]pareil verifier si ila des entrées et les supprimer.
après reboot de la machine aller faire encore un scan enligne mais à cette adresse et voir un rapport http://fr.trendmicro-europe.com/consumer/products/housecall_launch.php de HijackThis aussi.
bon couragehttp://forum.clubic.com/mesimages/249088/flex.gif
tout le monde pour vérifier toutes les hkey en mode sans échec ou pas désolé chui au radar gé la grippe :vomi:
en mode normal (il me semble)…après avoir enlevés tous cela, fait un nettoyage de ton pc…fichiers “temp” et internet…puis nettoyage du DD puis 1 defrag…@+