Pb virus impossible à éradiquer

salut
sur ordi sain tu charges Stinger de McAfee
ou bien celci

* tu charges Sysclean Package là:
http://fr.trendmicro-europe.com/enterprise/support/tsc.php
et le fichier dernière version signatures virus « LTPxxx.ZIP » (xxx représente les chiffres indiquant la version ) là
http://fr.trendmicro-europe.com/enterprise/support/pattern.php
*tu décomprimes le ltpxxx.zip et place le fichier ltp$vpn.xxx dans le même répertoire que Sysclean
* tu redémarres en mode sans échec
*tu lances le scan en cliquant sur sysclean.com et il est créé un fichier sysclean.log dans ce répertoire ;

a+

Je sais pas si c'est sasser, mais si c'est sasser essaye ca:
http://www.01net.com/telecharger/windows/Utilitaire/antivirus/fiches/50071.html

Les problèmes reviennent !

J'ai fait plusieurs scans antivirus, notamment avec spybot et adaware. J'ai également installé le firewall ZoneAlarm (qui est effectivement assailli toutes les 3 secondes par des intrus...).
Cependant au redémarrage (mode sans échec) les virus reviennent toujours plus nombreux : DyFuca, SideFind, TopMoxie, CoolWebSearch...
En plus, je n'arrive toujours pas à démarrer en mode normal : le système reste figé.

J'ai essayé de mettre à jour Windows, mais c'est impossible (message d'erreur).

Que dois-je faire ? Est-il possible d'éviter le formatage ?

Merci pour votre aide

Vange

salut
refais HijackThis et copie/colle le rapport ici
a+

bonsoir bernie,

Voila le rapport hijackthis après "nettoyage" (spybot, adaware, kaspersky, trojanhunter) :
Logfile of HijackThis v1.98.2
Scan saved at 17:02:11, on 12/12/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\ZoneLabs\vsmon.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 5.0\Reader\AcroRd32.exe
C:\Documents and Settings\Vange\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://home.free.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG.exe -off
O4 - HKLM\..\Run: [DeltTray] DeltTray.exe
O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Windows TaskAd] C:\Program Files\Windows TaskAd\WinTaskAd.exe
O4 - HKLM\..\Run: [KAVPersonal50] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize
O4 - HKLM\..\Run: [sais] c:\program files\180solutions\sais.exe
O4 - HKLM\..\Run: [Sepate Security Firewall] sepate.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\McAfee.com\Agent\McAgent.exe
O4 - HKLM\..\Run: [McRegWiz] c:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun
O4 - HKLM\..\Run: [MSN service] msnmgr21.exe
O4 - HKLM\..\Run: [Software\Microsoft\Windows\CurrentVersion\RunServices] winauth.exe
O4 - HKLM\..\Run: [mod3] mod3.exe
O4 - HKLM\..\Run: [Microsoft Windows Security] spvsper.exe
O4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\ytphuv.exe
O4 - HKLM\..\Run: [Microsoft Windows Update] svcshost.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\RunServices: [Microsoft Update] wuampd.exe
O4 - HKLM\..\RunServices: [Sepate Security Firewall] sepate.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Security] spvsper.exe
O4 - HKLM\..\RunServices: [wvsvc] wvsvc.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Securety] wurguar.exe
O4 - HKLM\..\RunServices: [M1cr0s0ft S3rcurity] systemconfig.exe
O4 - HKLM\..\RunServices: [NvCplScan] nvsc32.exe
O4 - HKLM\..\RunServices: [MSN service] msnmgr21.exe
O4 - HKLM\..\RunServices: [Software\Microsoft\Windows\CurrentVersion\RunServices] winauth.exe
O4 - HKLM\..\RunServices: [mod3] mod3.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Update] svcshost.exe
O4 - HKLM\..\RunOnce: [Software\Microsoft\Windows\CurrentVersion\RunServices] winauth.exe
O4 - HKLM\..\RunOnce: [Microsoft Windows Security] spvsper.exe
O4 - HKLM\..\RunOnce: [Microsoft Windows Update] svcshost.exe
O4 - HKLM\..\RunOnce: [SpyBotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk.disabled
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkvMon.exe.lnk.disabled
O9 - Extra button: ICQ 4 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://encyclo.voila.fr/JS/tdserver.cab
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
O16 - DPF: {161A7465-FEEE-4B40-8A85-ED752B93F73E} - file://E:\IntraLaunch.CAB
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/17f2a22069b82a6db917/netzip/RdxIE601_fr.cab
O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - http://ftp.hp.com/pub/automatic/player/isetupML.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f002.mail.caramail.lycos.fr/app/uploader/FileUploader.cab
O16 - DPF: {FB48C7B0-EB66-4BE6-A1C5-9DDF3C37249A} (MCSendMessageHandler Class) - http://xtraz.icq.com/xtraz/activex/MISBH.cab
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll


A plus,

Vange

re salut
il y a du boulot, garde ton calme
Désintaller 180 solution par Démarrer/panneauConfig/ajoutSuppressionProgrammes
c:\program files\180solutions\sais.exe
sinon redémarrer mode sans échec et tout effacer dans ce répertoire

Vérifie ces pgm :
sepate.exe >>> rechercher et à effacer (mode sans échec)
mod3.exe >> rechercher et à checker propriétés si tu connais
Si pas sûr tu zip le fichier et efface le .EXE

Relances HijackThis et cocher toutes ces lignes, puis FIX :
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
O4 - HKLM\..\Run: [sais] c:\program files\180solutions\sais.exe
O4 - HKLM\..\Run: [Sepate Security Firewall] sepate.exe
O4 - HKLM\..\Run: [MSN service] msnmgr21.exe
O4 - HKLM\..\Run: [Software\Microsoft\Windows\CurrentVersion\RunServices] winauth.exe
O4 - HKLM\..\Run: [Microsoft Windows Security] spvsper.exe
O4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\ytphuv.exe
O4 - HKLM\..\Run: [Microsoft Windows Update] svcshost.exe
O4 - HKLM\..\RunServices: [Microsoft Update] wuampd.exe
O4 - HKLM\..\RunServices: [Sepate Security Firewall] sepate.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Security] spvsper.exe
O4 - HKLM\..\RunServices: [wvsvc] wvsvc.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Securety] wurguar.exe
O4 - HKLM\..\RunServices: [M1cr0s0ft S3rcurity] systemconfig.exe
O4 - HKLM\..\RunServices: [MSN service] msnmgr21.exe
O4 - HKLM\..\RunServices: [Software\Microsoft\Windows\CurrentVersion\RunServices] winauth.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Update] svcshost.exe
O4 - HKLM\..\RunOnce: [Software\Microsoft\Windows\CurrentVersion\RunServices] winauth.exe
O4 - HKLM\..\RunOnce: [Microsoft Windows Security] spvsper.exe
O4 - HKLM\..\RunOnce: [Microsoft Windows Update] svcshost.exe

A cocher et FIX si inconnu
O4 - HKLM\..\Run: [mod3] mod3.exe
O4 - HKLM\..\RunServices: [mod3] mod3.exe >> 2ème X bizar ça sent l’infection check bien

efface ensuite tous les temps
redémarre et refais HijackThis pour contrôle
a+

Re bonsoir,

Malheureusement les problèmes persistent ...
J'ai suivi tes conseils mais je n'ai pas trouvé sepate.exe ni mod3.exe dans la machine (j'ai fait une recherche sur tout l'ordinateur avec fichiers cachés).
J'ai supprimé les entrées dans hijackthis.
Je ne sais pas si ça a un rapport, mais 1 fichier tmp est impossible à supprimer : ~DF4B2E.tmp

Le redémarrage en mode normal est impossible. En mode sans échec, j'ai toujours dans le gestionnaire des tâches le svchost suspect (sa suppression provoque l'arret du système au bout de une minute sans la commande shutdown -a).

Voila le log de hijackthis :
Logfile of HijackThis v1.98.2
Scan saved at 20:11:01, on 12/12/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\ZoneLabs\vsmon.exe
C:\Documents and Settings\Vange\Bureau\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://home.free.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG.exe -off
O4 - HKLM\..\Run: [DeltTray] DeltTray.exe
O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Windows TaskAd] C:\Program Files\Windows TaskAd\WinTaskAd.exe
O4 - HKLM\..\Run: [KAVPersonal50] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\McAfee.com\Agent\McAgent.exe
O4 - HKLM\..\Run: [McRegWiz] c:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\RunServices: [NvCplScan] nvsc32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk.disabled
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkvMon.exe.lnk.disabled
O9 - Extra button: ICQ 4 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://encyclo.voila.fr/JS/tdserver.cab
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
O16 - DPF: {161A7465-FEEE-4B40-8A85-ED752B93F73E} - file://E:\IntraLaunch.CAB
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/17f2a22069b82a6db917/netzip/RdxIE601_fr.cab
O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - http://ftp.hp.com/pub/automatic/player/isetupML.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f002.mail.caramail.lycos.fr/app/uploader/FileUploader.cab
O16 - DPF: {FB48C7B0-EB66-4BE6-A1C5-9DDF3C37249A} (MCSendMessageHandler Class) - http://xtraz.icq.com/xtraz/activex/MISBH.cab
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll

Merci pour ton aide et pour ta patience !

Vange

re
applique ceci et fais nouvelle recherche
*Pour scan complet il faut pouvoir scanner tous les dossiers donc faire :
Démarrer/PanneauConfiguration/OptionsDossiers /ongletAffichage et là cocher les lignes
- afficher les fichiers et dossier cachés
- afficher contenu dossier système
décocher
- masquer fichiers protégés du dossier système
Puis cliquer APPLIQUER à TOUS les Dossiers
a+

re salut
Vérifie ces pgm :
c:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun >>>propriétés vérifie si McAfee
Si pas sûr tu zip le fichier et efface le .EXE

Relances HijackThis et cocher toutes ces lignes, puis FIX :
O4 - HKLM\..\RunServices: [NvCplScan] nvsc32.exe >>virus Sdbot

A cocher et Fix si inconnu
O4 - HKLM\..\Run: [McRegWiz] c:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun
O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) – http ://f002.mail.caramail.lycos.fr/app/uploader/FileUploader.cab
O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) – http ://ftp.hp.com/pub/automatic/player/isetupML.cab
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) – http ://encyclo.voila.fr/JS/tdserver.cab

fais une mise à jour Windows
efface à nouveau tous temp
et redémarre et relance HijackThis

a+

ça commence à aller mieux: windows démarre normalement !

Malheureusement, le virus lié à svchost est toujours là ... et windows update ne fonctionne plus du tout (message d'erreur à chaque fois que j'essaye de télécharger la mise à jour).

Voici le nouveau log de hijackthis :
Logfile of HijackThis v1.98.2
Scan saved at 23:02:30, on 12/12/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DeltTray.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Documents and Settings\Vange\Bureau\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG.exe -off
O4 - HKLM\..\Run: [DeltTray] DeltTray.exe
O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Windows TaskAd] C:\Program Files\Windows TaskAd\WinTaskAd.exe
O4 - HKLM\..\Run: [KAVPersonal50] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk.disabled
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkvMon.exe.lnk.disabled
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: ICQ 4 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
O16 - DPF: {161A7465-FEEE-4B40-8A85-ED752B93F73E} - file://E:\IntraLaunch.CAB
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/17f2a22069b82a6db917/netzip/RdxIE601_fr.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {FB48C7B0-EB66-4BE6-A1C5-9DDF3C37249A} (MCSendMessageHandler Class) - http://xtraz.icq.com/xtraz/activex/MISBH.cab
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll


Le fichier svchost.exe dans le gestionnaire des tâches est-il lié à SdBot ? Est-ce qu'il se peut qu'il désactive windows update ?

Merci pour ton aide précieuse !

Vange

re
non svchost est process normal

mais pour ton virus applique ceci
* tu charges Sysclean Package là:
http://fr.trendmicro-europe.com/enterprise/support/tsc.php
et le fichier dernière version signatures virus « LTPxxx.ZIP » (xxx représente les chiffres indiquant la version ) là
http://fr.trendmicro-europe.com/enterprise/support/pattern.php
*tu décomprimes le ltpxxx.zip et place le fichier ltp$vpn.xxx dans le même répertoire que Sysclean
* tu redémarres en mode sans échec
*tu lances le scan en cliquant sur sysclean.com et il est créé un fichier sysclean.log dans ce répertoire ;

et ensuite refais HijackThis pour voir
courage on va y arriver
a+

Bonsoir,

je viens de faire le scan avec sysclean, et le virus wootbot revient à chaque fois ...
Je pense qu'il supprime les clés correspondantes dans la base de registre mais il ne trouve pas les programmes dans le poste de travail...
Voila le log :

2004-12-13, 15:21:07, Auto-clean mode specified.
2004-12-13, 15:21:07, Running scanner "C:\Documents and Settings\Vange\Bureau\TSC.BIN"...
2004-12-13, 15:22:28, Scanner "C:\Documents and Settings\Vange\Bureau\TSC.BIN" has finished running.
2004-12-13, 15:22:28, TSC Log:

Damage Cleanup Engine (DCE) 3.8(Build 1019)
Windows XP(Build 2600: )

Start time : lun. déc. 13 2004 00:00:44

Load Damage Cleanup Template (DCT) "C:\Documents and Settings\Vange\Bureau\tsc.ptn" (version 465) [success]
WORM_WOOTBOT.BU[virus found]
-->delete registry data("HKEY_USERS",".DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run","svcshost.exe") success
-->delete registry data("HKEY_USERS",".DEFAULT\Software\Microsoft\Windows\CurrentVersion\Runonce","svcshost.exe") success
WORM_WOOTBOT.DV[virus found]
-->delete registry data("HKEY_USERS",".DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run","guardpc.exe") success
-->delete registry data("HKEY_USERS",".DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce","guardpc.exe") success

Complete time : lun. déc. 13 2004 00:01:08
Execute pattern count(1559), Virus found count(2), Virus clean count(2), Clean failed count(0)

Damage Cleanup Engine (DCE) 3.8(Build 1019)
Windows XP(Build 2600: )

Start time : lun. déc. 13 2004 15:21:07

Load Damage Cleanup Template (DCT) "C:\Documents and Settings\Vange\Bureau\tsc.ptn" (version 465) [success]

Complete time : lun. déc. 13 2004 15:22:28
Execute pattern count(1559), Virus found count(0), Virus clean count(0), Clean failed count(0)

2004-12-13, 15:23:19, An error occurred while scanning file "C:\Documents and Settings\Administrateur\NTUSER.DAT": Accès refusé.
2004-12-13, 15:23:19, An error occurred while scanning file "C:\Documents and Settings\Administrateur\NTUSER.DAT.LOG": Accès refusé.
2004-12-13, 15:23:30, An error occurred while scanning file "C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat": Accès refusé.
2004-12-13, 15:23:30, An error occurred while scanning file "C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG": Accès refusé.
2004-12-13, 15:24:19, Could not set file for reading on "C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp": Accès refusé.
2004-12-13, 16:17:40, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB824141$\sysmain.sdb": Accès refusé.
2004-12-13, 16:17:40, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB824141$\user32.dll": Accès refusé.
2004-12-13, 16:17:40, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB824141$\win32k.sys": Accès refusé.
2004-12-13, 16:17:41, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB828035$\msgsvc.dll": Accès refusé.
2004-12-13, 16:17:41, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB828035$\wkssvc.dll": Accès refusé.
2004-12-13, 16:17:41, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB828741$\catsrv.dll": Accès refusé.
2004-12-13, 16:17:41, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB828741$\catsrvut.dll": Accès refusé.
2004-12-13, 16:17:41, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB828741$\clbcatex.dll": Accès refusé.
2004-12-13, 16:17:41, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB828741$\clbcatq.dll": Accès refusé.
2004-12-13, 16:17:41, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB828741$\colbact.dll": Accès refusé.
2004-12-13, 16:17:41, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB828741$\comadmin.dll": Accès refusé.
2004-12-13, 16:17:41, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB828741$\comrepl.exe": Accès refusé.
2004-12-13, 16:17:41, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB828741$\comsvcs.dll": Accès refusé.
2004-12-13, 16:17:41, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB828741$\comuid.dll": Accès refusé.
2004-12-13, 16:17:41, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB828741$\es.dll": Accès refusé.
2004-12-13, 16:17:41, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB828741$\migregdb.exe": Accès refusé.
2004-12-13, 16:17:41, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB828741$\msdtcprx.dll": Accès refusé.
2004-12-13, 16:17:41, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB828741$\msdtctm.dll": Accès refusé.
2004-12-13, 16:17:41, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB828741$\msdtcuiu.dll": Accès refusé.
2004-12-13, 16:17:41, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB828741$\mtxclu.dll": Accès refusé.
2004-12-13, 16:17:41, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB828741$\mtxoci.dll": Accès refusé.
2004-12-13, 16:17:41, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB828741$\ole32.dll": Accès refusé.
2004-12-13, 16:17:41, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dll": Accès refusé.
2004-12-13, 16:17:41, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB828741$\rpcss.dll": Accès refusé.
2004-12-13, 16:17:41, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB828741$\txflog.dll": Accès refusé.
2004-12-13, 16:17:41, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB833987$\sxs.dll": Accès refusé.
2004-12-13, 16:17:43, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB835732$\browser.dll": Accès refusé.
2004-12-13, 16:17:43, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB835732$\callcont.dll": Accès refusé.
2004-12-13, 16:17:43, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB835732$\cmdevtgprov.dll": Accès refusé.
2004-12-13, 16:17:43, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB835732$\evtgprov.dll": Accès refusé.
2004-12-13, 16:17:43, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB835732$\gdi32.dll": Accès refusé.
2004-12-13, 16:17:43, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB835732$\h323.tsp": Accès refusé.
2004-12-13, 16:17:43, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll": Accès refusé.
2004-12-13, 16:17:43, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB835732$\helpctr.exe": Accès refusé.
2004-12-13, 16:17:43, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll": Accès refusé.
2004-12-13, 16:17:43, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll": Accès refusé.
2004-12-13, 16:17:43, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB835732$\mf3216.dll": Accès refusé.
2004-12-13, 16:17:43, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll": Accès refusé.
2004-12-13, 16:17:43, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB835732$\msgina.dll": Accès refusé.
2004-12-13, 16:17:43, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB835732$\mst120.dll": Accès refusé.
2004-12-13, 16:17:43, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB835732$\netapi32.dll": Accès refusé.
2004-12-13, 16:17:43, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll": Accès refusé.
2004-12-13, 16:17:43, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll": Accès refusé.
2004-12-13, 16:17:43, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB835732$\schannel.dll": Accès refusé.
2004-12-13, 16:17:43, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB837001$\dao360.dll": Accès refusé.
2004-12-13, 16:17:43, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB837001$\expsrv.dll": Accès refusé.
2004-12-13, 16:17:43, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB837001$\msexch40.dll": Accès refusé.
2004-12-13, 16:17:43, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB837001$\msexcl40.dll": Accès refusé.
2004-12-13, 16:17:43, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB837001$\msjet40.dll": Accès refusé.
2004-12-13, 16:17:43, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB837001$\msjetol1.dll": Accès refusé.
2004-12-13, 16:17:43, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB837001$\msjetoledb40.dll": Accès refusé.
2004-12-13, 16:17:43, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB837001$\msjint40.dll": Accès refusé.
2004-12-13, 16:17:43, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB837001$\msjter40.dll": Accès refusé.
2004-12-13, 16:17:43, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB837001$\msjtes40.dll": Accès refusé.
2004-12-13, 16:17:43, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB837001$\msltus40.dll": Accès refusé.
2004-12-13, 16:17:43, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB837001$\mspbde40.dll": Accès refusé.
2004-12-13, 16:17:43, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB837001$\msrd2x40.dll": Accès refusé.
2004-12-13, 16:17:43, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB837001$\msrd3x40.dll": Accès refusé.
2004-12-13, 16:17:43, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB837001$\msrepl40.dll": Accès refusé.
2004-12-13, 16:17:43, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB837001$\mstext40.dll": Accès refusé.
2004-12-13, 16:17:43, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB837001$\mswdat10.dll": Accès refusé.
2004-12-13, 16:17:43, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB837001$\mswstr10.dll": Accès refusé.
2004-12-13, 16:17:43, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB837001$\msxbde40.dll": Accès refusé.
2004-12-13, 16:17:43, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB837001$\vbajet32.dll": Accès refusé.
2004-12-13, 16:17:43, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB839645$\shell32.dll": Accès refusé.
2004-12-13, 16:18:09, Could not set file for reading on "C:\WINDOWS\$NtUninstallQ309521$\dxmasf.dll": Accès refusé.
2004-12-13, 16:18:09, Could not set file for reading on "C:\WINDOWS\$NtUninstallQ309521$\httpod51.dll": Accès refusé.
2004-12-13, 16:18:09, Could not set file for reading on "C:\WINDOWS\$NtUninstallQ309521$\sfcfiles.dll": Accès refusé.
2004-12-13, 16:18:09, Could not set file for reading on "C:\WINDOWS\$NtUninstallQ309521$\ssinc51.dll": Accès refusé.
2004-12-13, 16:18:09, Could not set file for reading on "C:\WINDOWS\$NtUninstallQ309521$\spuninst\spuninst.exe": Accès refusé.
2004-12-13, 16:18:09, Could not set file for reading on "C:\WINDOWS\$NtUninstallQ309521$\spuninst\spuninst.inf": Accès refusé.
2004-12-13, 16:18:09, Could not set file for reading on "C:\WINDOWS\$NtUninstallQ314862$\qmgr.dll": Accès refusé.
2004-12-13, 16:18:09, Could not set file for reading on "C:\WINDOWS\$NtUninstallQ314862$\spuninst\spuninst.exe": Accès refusé.
2004-12-13, 16:18:09, Could not set file for reading on "C:\WINDOWS\$NtUninstallQ314862$\spuninst\spuninst.inf": Accès refusé.
2004-12-13, 16:18:09, Could not set file for reading on "C:\WINDOWS\$NtUninstallQ315000$\netsetup.exe": Accès refusé.
2004-12-13, 16:18:09, Could not set file for reading on "C:\WINDOWS\$NtUninstallQ315000$\ssdpapi.dll": Accès refusé.
2004-12-13, 16:18:09, Could not set file for reading on "C:\WINDOWS\$NtUninstallQ315000$\ssdpsrv.dll": Accès refusé.
2004-12-13, 16:18:09, Could not set file for reading on "C:\WINDOWS\$NtUninstallQ315000$\upnp.dll": Accès refusé.
2004-12-13, 16:18:09, Could not set file for reading on "C:\WINDOWS\$NtUninstallQ315000$\spuninst\spuninst.exe": Accès refusé.
2004-12-13, 16:18:09, Could not set file for reading on "C:\WINDOWS\$NtUninstallQ315000$\spuninst\spuninst.inf": Accès refusé.
2004-12-13, 16:18:12, Could not set file for reading on "C:\WINDOWS\$NtUninstallQ323172$\reg00003": Accès refusé.
2004-12-13, 16:18:12, Could not set file for reading on "C:\WINDOWS\$NtUninstallQ323172$\reg00005": Accès refusé.
2004-12-13, 16:18:12, Could not set file for reading on "C:\WINDOWS\$NtUninstallQ323172$\reg00008": Accès refusé.
2004-12-13, 16:18:12, Could not set file for reading on "C:\WINDOWS\$NtUninstallQ323172$\reg00009": Accès refusé.
2004-12-13, 16:18:12, Could not set file for reading on "C:\WINDOWS\$NtUninstallQ323172$\reg00010": Accès refusé.
2004-12-13, 16:18:12, Could not set file for reading on "C:\WINDOWS\$NtUninstallQ323172$\reg00011": Accès refusé.
2004-12-13, 16:18:14, Could not set file for reading on "C:\WINDOWS\$NtUninstallQ328940$\reg00003": Accès refusé.
2004-12-13, 16:18:19, Could not set file for reading on "C:\WINDOWS\$NtUninstallQ828026$\msdxm.ocx": Accès refusé.
2004-12-13, 16:18:19, Could not set file for reading on "C:\WINDOWS\$NtUninstallQ828026$\wmpcore.dll": Accès refusé.
2004-12-13, 16:22:52, Could not set file for reading on "C:\WINDOWS\Prefetch\101_45095.EXE-084C89C1.pf": Accès refusé.
2004-12-13, 16:22:52, Could not set file for reading on "C:\WINDOWS\Prefetch\ACRORD32.EXE-0781811F.pf": Accès refusé.
2004-12-13, 16:22:52, Could not set file for reading on "C:\WINDOWS\Prefetch\AGENTSVR.EXE-002E45AB.pf": Accès refusé.
2004-12-13, 16:22:52, Could not set file for reading on "C:\WINDOWS\Prefetch\AGOBTGUI.COM-24905603.pf": Accès refusé.
2004-12-13, 16:22:52, Could not set file for reading on "C:\WINDOWS\Prefetch\AUPDATE.EXE-2253CB60.pf": Accès refusé.
2004-12-13, 16:22:52, Could not set file for reading on "C:\WINDOWS\Prefetch\AUTORUN.EXE-223CD859.pf": Accès refusé.
2004-12-13, 16:22:52, Could not set file for reading on "C:\WINDOWS\Prefetch\AVDAT.EXE-06933A3A.pf": Accès refusé.
2004-12-13, 16:22:52, Could not set file for reading on "C:\WINDOWS\Prefetch\AVDAT.EXE-0792C2BE.pf": Accès refusé.
2004-12-13, 16:22:52, Could not set file for reading on "C:\WINDOWS\Prefetch\AVP32.EXE-0CB2B8AF.pf": Accès refusé.
2004-12-13, 16:22:52, Could not set file for reading on "C:\WINDOWS\Prefetch\AVPCC.EXE-18FA9A5D.pf": Accès refusé.
2004-12-13, 16:22:52, Could not set file for reading on "C:\WINDOWS\Prefetch\AVPUPD.EXE-0D87FF20.pf": Accès refusé.
2004-12-13, 16:22:52, Could not set file for reading on "C:\WINDOWS\Prefetch\AVPVLIST.EXE-389074A2.pf": Accès refusé.
2004-12-13, 16:22:52, Could not set file for reading on "C:\WINDOWS\Prefetch\CCPWDSVC.EXE-17E7D8E4.pf": Accès refusé.
2004-12-13, 16:22:52, Could not set file for reading on "C:\WINDOWS\Prefetch\CONNECT.EXE-00FB7A5C.pf": Accès refusé.
2004-12-13, 16:22:52, Could not set file for reading on "C:\WINDOWS\Prefetch\CUBASESX.EXE-11F9695D.pf": Accès refusé.
2004-12-13, 16:22:52, Could not set file for reading on "C:\WINDOWS\Prefetch\DEFRAG.EXE-273F131E.pf": Accès refusé.
2004-12-13, 16:22:52, Could not set file for reading on "C:\WINDOWS\Prefetch\DFRGNTFS.EXE-269967DF.pf": Accès refusé.
2004-12-13, 16:22:52, Could not set file for reading on "C:\WINDOWS\Prefetch\DRWTSN32.EXE-2B4B52AC.pf": Accès refusé.
2004-12-13, 16:22:52, Could not set file for reading on "C:\WINDOWS\Prefetch\DUMPREP.EXE-1B46F901.pf": Accès refusé.
2004-12-13, 16:22:52, Could not set file for reading on "C:\WINDOWS\Prefetch\DWWIN.EXE-30875ADC.pf": Accès refusé.
2004-12-13, 16:22:52, Could not set file for reading on "C:\WINDOWS\Prefetch\EMULE.EXE-2A971BEB.pf": Accès refusé.
2004-12-13, 16:22:52, Could not set file for reading on "C:\WINDOWS\Prefetch\EULA.EXE-00FBAD16.pf": Accès refusé.
2004-12-13, 16:22:52, Could not set file for reading on "C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf": Accès refusé.
2004-12-13, 16:22:52, Could not set file for reading on "C:\WINDOWS\Prefetch\F-SASSER.EXE-3ABC5137.pf": Accès refusé.
2004-12-13, 16:22:52, Could not set file for reading on "C:\WINDOWS\Prefetch\FIXBLAST.EXE-127B527C.pf": Accès refusé.
2004-12-13, 16:22:52, Could not set file for reading on "C:\WINDOWS\Prefetch\FIX_EXPLOREZIP.EXE-02050707.pf": Accès refusé.
2004-12-13, 16:22:52, Could not set file for reading on "C:\WINDOWS\Prefetch\FIX_IWORM.COM-1A649A01.pf": Accès refusé.
2004-12-13, 16:22:52, Could not set file for reading on "C:\WINDOWS\Prefetch\FIX_KLEZ.COM-2827AA78.pf": Accès refusé.
2004-12-13, 16:22:52, Could not set file for reading on "C:\WINDOWS\Prefetch\GLB3.TMP-2CC81CBB.pf": Accès refusé.
2004-12-13, 16:22:52, Could not set file for reading on "C:\WINDOWS\Prefetch\GLB72.TMP-27F1212D.pf": Accès refusé.
2004-12-13, 16:22:52, Could not set file for reading on "C:\WINDOWS\Prefetch\GLJC.TMP-059E3EA3.pf": Accès refusé.
2004-12-13, 16:22:52, Could not set file for reading on "C:\WINDOWS\Prefetch\HELPCTR.EXE-3862B6F5.pf": Accès refusé.
2004-12-13, 16:22:52, Could not set file for reading on "C:\WINDOWS\Prefetch\HELPSVC.EXE-2878DDA2.pf": Accès refusé.
2004-12-13, 16:22:52, Could not set file for reading on "C:\WINDOWS\Prefetch\HIJACKTHIS.EXE-124928B8.pf": Accès refusé.
2004-12-13, 16:22:52, Could not set file for reading on "C:\WINDOWS\Prefetch\HPDARC.EXE-18B11979.pf": Accès refusé.
2004-12-13, 16:22:52, Could not set file for reading on "C:\WINDOWS\Prefetch\HPOSM.EXE-0770134B.pf": Accès refusé.
2004-12-13, 16:22:52, Could not set file for reading on "C:\WINDOWS\Prefetch\HPTSKMGR.EXE-32EF71D7.pf": Accès refusé.
2004-12-13, 16:22:52, Could not set file for reading on "C:\WINDOWS\Prefetch\HPZENG09.EXE-21FF5F4F.pf": Accès refusé.
2004-12-13, 16:22:52, Could not set file for reading on "C:\WINDOWS\Prefetch\HPZIPM12.EXE-145E7369.pf": Accès refusé.
2004-12-13, 16:22:52, Could not set file for reading on "C:\WINDOWS\Prefetch\HPZSTC09.EXE-3AFDDA16.pf": Accès refusé.
2004-12-13, 16:22:52, Could not set file for reading on "C:\WINDOWS\Prefetch\ICQLITE.EXE-2D093781.pf": Accès refusé.
2004-12-13, 16:22:52, Could not set file for reading on "C:\WINDOWS\Prefetch\ICQLSRP.EXE-35D37486.pf": Accès refusé.
2004-12-13, 16:22:52, Could not set file for reading on "C:\WINDOWS\Prefetch\IEXPLORE.EXE-27122324.pf": Accès refusé.
2004-12-13, 16:22:52, Could not set file for reading on "C:\WINDOWS\Prefetch\IKERNEL.EXE-048903CE.pf": Accès refusé.
2004-12-13, 16:22:52, Could not set file for reading on "C:\WINDOWS\Prefetch\IKERNEL.EXE-0F497BD1.pf": Accès refusé.
2004-12-13, 16:22:52, Could not set file for reading on "C:\WINDOWS\Prefetch\KAV.EXE-11323A12.pf": Accès refusé.
2004-12-13, 16:22:53, Could not set file for reading on "C:\WINDOWS\Prefetch\KAVPERSPRO4.5.0.94FRE.EXE-159172E9.pf": Accès refusé.
2004-12-13, 16:22:53, Could not set file for reading on "C:\WINDOWS\Prefetch\KAVSS.EXE-08175788.pf": Accès refusé.
2004-12-13, 16:22:53, Could not set file for reading on "C:\WINDOWS\Prefetch\KLAV.EXE-1441B99C.pf": Accès refusé.
2004-12-13, 16:22:53, Could not set file for reading on "C:\WINDOWS\Prefetch\Layout.ini": Accès refusé.
2004-12-13, 16:22:53, Could not set file for reading on "C:\WINDOWS\Prefetch\LIVEUPDATE.EXE-03B6C2F9.pf": Accès refusé.
2004-12-13, 16:22:53, Could not set file for reading on "C:\WINDOWS\Prefetch\LOGON.SCR-151EFAEA.pf": Accès refusé.
2004-12-13, 16:22:53, Could not set file for reading on "C:\WINDOWS\Prefetch\LOGONUI.EXE-0AF22957.pf": Accès refusé.
2004-12-13, 16:22:53, Could not set file for reading on "C:\WINDOWS\Prefetch\LUCOMS~1.EXE-02DB5950.pf": Accès refusé.
2004-12-13, 16:22:53, Could not set file for reading on "C:\WINDOWS\Prefetch\MCAGENT.EXE-168D195B.pf": Accès refusé.
2004-12-13, 16:22:53, Could not set file for reading on "C:\WINDOWS\Prefetch\MCAPPINS.EXE-0CD4D2C0.pf": Accès refusé.
2004-12-13, 16:22:53, Could not set file for reading on "C:\WINDOWS\Prefetch\MCAPPINS.EXE-10638A3A.pf": Accès refusé.
2004-12-13, 16:22:53, Could not set file for reading on "C:\WINDOWS\Prefetch\MCAPPINS.EXE-292B1244.pf": Accès refusé.
2004-12-13, 16:22:53, Could not set file for reading on "C:\WINDOWS\Prefetch\MCAPPINS.EXE-2C8E3169.pf": Accès refusé.
2004-12-13, 16:22:53, Could not set file for reading on "C:\WINDOWS\Prefetch\MCAPPINS.EXE-3AD75A65.pf": Accès refusé.
2004-12-13, 16:22:53, Could not set file for reading on "C:\WINDOWS\Prefetch\MCDASH.EXE-26506D96.pf": Accès refusé.
2004-12-13, 16:22:53, Could not set file for reading on "C:\WINDOWS\Prefetch\MCINFO.EXE-35A0A279.pf": Accès refusé.
2004-12-13, 16:22:53, Could not set file for reading on "C:\WINDOWS\Prefetch\MCMNHDLR.EXE-1D1F2FA0.pf": Accès refusé.
2004-12-13, 16:22:53, Could not set file for reading on "C:\WINDOWS\Prefetch\MCMNHDLR.EXE-25682BF9.pf": Accès refusé.
2004-12-13, 16:22:53, Could not set file for reading on "C:\WINDOWS\Prefetch\MCREGWIZ.EXE-20498823.pf": Accès refusé.
2004-12-13, 16:22:53, Could not set file for reading on "C:\WINDOWS\Prefetch\MCSHIELD.EXE-15F93AD5.pf": Accès refusé.
2004-12-13, 16:22:53, Could not set file for reading on "C:\WINDOWS\Prefetch\MCUPDATE.EXE-19916285.pf": Accès refusé.
2004-12-13, 16:22:53, Could not set file for reading on "C:\WINDOWS\Prefetch\MCUPDMGR.EXE-21452C82.pf": Accès refusé.
2004-12-13, 16:22:53, Could not set file for reading on "C:\WINDOWS\Prefetch\MCUPDMGR.EXE-2963FAB2.pf": Accès refusé.
2004-12-13, 16:22:53, Could not set file for reading on "C:\WINDOWS\Prefetch\MCUPDUI.EXE-27129637.pf": Accès refusé.
2004-12-13, 16:22:53, Could not set file for reading on "C:\WINDOWS\Prefetch\MCVSESCN.EXE-00F61003.pf": Accès refusé.
2004-12-13, 16:22:53, Could not set file for reading on "C:\WINDOWS\Prefetch\MCVSFTSN.EXE-28693C17.pf": Accès refusé.
2004-12-13, 16:22:53, Could not set file for reading on "C:\WINDOWS\Prefetch\MCVSMAP.EXE-155ED7D3.pf": Accès refusé.
2004-12-13, 16:22:53, Could not set file for reading on "C:\WINDOWS\Prefetch\MCVSRTE.EXE-0CAB2150.pf": Accès refusé.
2004-12-13, 16:22:53, Could not set file for reading on "C:\WINDOWS\Prefetch\MCVSSHLD.EXE-251E55A0.pf": Accès refusé.
2004-12-13, 16:22:53, Could not set file for reading on "C:\WINDOWS\Prefetch\MGHTML.EXE-31D79FA5.pf": Accès refusé.
2004-12-13, 16:22:53, Could not set file for reading on "C:\WINDOWS\Prefetch\MSI2F.TMP-39C87B51.pf": Accès refusé.
2004-12-13, 16:22:53, Could not set file for reading on "C:\WINDOWS\Prefetch\MSI31.TMP-20191AC5.pf": Accès refusé.
2004-12-13, 16:22:53, Could not set file for reading on "C:\WINDOWS\Prefetch\MSIEXEC.EXE-2F8A8CAE.pf": Accès refusé.
2004-12-13, 16:22:53, Could not set file for reading on "C:\WINDOWS\Prefetch\MSINFO32.EXE-002AF0E6.pf": Accès refusé.
2004-12-13, 16:22:53, Could not set file for reading on "C:\WINDOWS\Prefetch\MWAV.EXE-1B9DAE10.pf": Accès refusé.
2004-12-13, 16:22:53, Could not set file for reading on "C:\WINDOWS\Prefetch\MWAVSCAN.COM-11EA0875.pf": Accès refusé.
2004-12-13, 16:22:53, Could not set file for reading on "C:\WINDOWS\Prefetch\NAVAPSVC.EXE-2F1BA240.pf": Accès refusé.
2004-12-13, 16:22:53, Could not set file for reading on "C:\WINDOWS\Prefetch\NAVW32.EXE-24F56911.pf": Accès refusé.
2004-12-13, 16:22:53, Could not set file for reading on "C:\WINDOWS\Prefetch\NAVW32.EXE-2F9B64D1.pf": Accès refusé.
2004-12-13, 16:22:53, Could not set file for reading on "C:\WINDOWS\Prefetch\NDETECT.EXE-16E64095.pf": Accès refusé.
2004-12-13, 16:22:53, Could not set file for reading on "C:\WINDOWS\Prefetch\NMAIN.EXE-34D44D63.pf": Accès refusé.
2004-12-13, 16:22:53, Could not set file for reading on "C:\WINDOWS\Prefetch\NOTEPAD.EXE-336351A9.pf": Accès refusé.
2004-12-13, 16:22:53, Could not set file for reading on "C:\WINDOWS\Prefetch\NTOSBOOT-B00DFAAD.pf": Accès refusé.
2004-12-13, 16:22:53, Could not set file for reading on "C:\WINDOWS\Prefetch\POWERPNT.EXE-0CAC7674.pf": Accès refusé.
2004-12-13, 16:22:53, Could not set file for reading on "C:\WINDOWS\Prefetch\RASAUTOU.EXE-18B88A68.pf": Accès refusé.
2004-12-13, 16:22:53, Could not set file for reading on "C:\WINDOWS\Prefetch\REALEVENT.EXE-34F30ACA.pf": Accès refusé.
2004-12-13, 16:22:53, Could not set file for reading on "C:\WINDOWS\Prefetch\REGEDIT.EXE-1B606482.pf": Accès refusé.
2004-12-13, 16:22:53, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-13791507.pf": Accès refusé.
2004-12-13, 16:22:53, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-207199BC.pf": Accès refusé.
2004-12-13, 16:22:53, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-2406F4A4.pf": Accès refusé.
2004-12-13, 16:22:53, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-268BFF96.pf": Accès refusé.
2004-12-13, 16:22:53, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-26DA8C9B.pf": Accès refusé.
2004-12-13, 16:22:53, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-42C4EDF2.pf": Accès refusé.
2004-12-13, 16:22:53, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-451FC2C0.pf": Accès refusé.
2004-12-13, 16:22:53, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-4A5A9D78.pf": Accès refusé.
2004-12-13, 16:22:53, Could not set file for reading on "C:\WINDOWS\Prefetch\SBSERV.EXE-2B0326DC.pf": Accès refusé.
2004-12-13, 16:22:53, Could not set file for reading on "C:\WINDOWS\Prefetch\SETA.TMP-32BB8605.pf": Accès refusé.
2004-12-13, 16:22:53, Could not set file for reading on "C:\WINDOWS\Prefetch\SETF.TMP-0685AB5A.pf": Accès refusé.
2004-12-13, 16:22:53, Could not set file for reading on "C:\WINDOWS\Prefetch\SETUP.EXE-003973A6.pf": Accès refusé.
2004-12-13, 16:22:53, Could not set file for reading on "C:\WINDOWS\Prefetch\SETUP.EXE-0A51177F.pf": Accès refusé.
2004-12-13, 16:22:53, Could not set file for reading on "C:\WINDOWS\Prefetch\SETUP.EXE-13CD5199.pf": Accès refusé.
2004-12-13, 16:22:53, Could not set file for reading on "C:\WINDOWS\Prefetch\SETUP.EXE-21285811.pf": Accès refusé.
2004-12-13, 16:22:53, Could not set file for reading on "C:\WINDOWS\Prefetch\SETUP.EXE-3363FC93.pf": Accès refusé.
2004-12-13, 16:22:53, Could not set file for reading on "C:\WINDOWS\Prefetch\SETUP.EXE-380A66EA.pf": Accès refusé.
2004-12-13, 16:22:53, Could not set file for reading on "C:\WINDOWS\Prefetch\SEVINST.EXE-02F8F64B.pf": Accès refusé.
2004-12-13, 16:22:53, Could not set file for reading on "C:\WINDOWS\Prefetch\SEVINST.EXE-3B278953.pf": Accès refusé.
2004-12-13, 16:22:53, Could not set file for reading on "C:\WINDOWS\Prefetch\SHUTDOWN.EXE-12DAD820.pf": Accès refusé.
2004-12-13, 16:22:53, Could not set file for reading on "C:\WINDOWS\Prefetch\SPYBOTSD.EXE-1344276B.pf": Accès refusé.
2004-12-13, 16:22:53, Could not set file for reading on "C:\WINDOWS\Prefetch\SVCHOST.EXE-3530F672.pf": Accès refusé.
2004-12-13, 16:22:53, Could not set file for reading on "C:\WINDOWS\Prefetch\SYSCLEAN.COM-1CE6D8BC.pf": Accès refusé.
2004-12-13, 16:22:53, Could not set file for reading on "C:\WINDOWS\Prefetch\SYSCLEAN.EXE-076A33F2.pf": Accès refusé.
2004-12-13, 16:22:53, Could not set file for reading on "C:\WINDOWS\Prefetch\TASKMGR.EXE-20256C55.pf": Accès refusé.
2004-12-13, 16:22:53, Could not set file for reading on "C:\WINDOWS\Prefetch\TROJANHUNTER.EXE-37AF8485.pf": Accès refusé.
2004-12-13, 16:22:53, Could not set file for reading on "C:\WINDOWS\Prefetch\TSC.BIN-1C972E68.pf": Accès refusé.
2004-12-13, 16:22:53, Could not set file for reading on "C:\WINDOWS\Prefetch\WINAMP.EXE-0D0189CA.pf": Accès refusé.
2004-12-13, 16:22:53, Could not set file for reading on "C:\WINDOWS\Prefetch\WINRAR.EXE-39C6DAD9.pf": Accès refusé.
2004-12-13, 16:22:53, Could not set file for reading on "C:\WINDOWS\Prefetch\WINWORD.EXE-29F5CB89.pf": Accès refusé.
2004-12-13, 16:22:53, Could not set file for reading on "C:\WINDOWS\Prefetch\WMIPRVSE.EXE-28F301A9.pf": Accès refusé.
2004-12-13, 16:22:53, Could not set file for reading on "C:\WINDOWS\Prefetch\WUPDMGR.EXE-2F30BEAB.pf": Accès refusé.
2004-12-13, 16:30:20, An error occurred while scanning file "C:\WINDOWS\system32\config\default": Accès refusé.
2004-12-13, 16:30:20, An error occurred while scanning file "C:\WINDOWS\system32\config\default.LOG": Accès refusé.
2004-12-13, 16:30:20, An error occurred while scanning file "C:\WINDOWS\system32\config\SAM": Accès refusé.
2004-12-13, 16:30:20, An error occurred while scanning file "C:\WINDOWS\system32\config\SAM.LOG": Accès refusé.
2004-12-13, 16:30:20, An error occurred while scanning file "C:\WINDOWS\system32\config\SECURITY": Accès refusé.
2004-12-13, 16:30:20, An error occurred while scanning file "C:\WINDOWS\system32\config\SECURITY.LOG": Accès refusé.
2004-12-13, 16:30:20, An error occurred while scanning file "C:\WINDOWS\system32\config\software": Accès refusé.
2004-12-13, 16:30:20, An error occurred while scanning file "C:\WINDOWS\system32\config\software.LOG": Accès refusé.
2004-12-13, 16:30:21, An error occurred while scanning file "C:\WINDOWS\system32\config\system": Accès refusé.
2004-12-13, 16:30:21, An error occurred while scanning file "C:\WINDOWS\system32\config\system.LOG": Accès refusé.
2004-12-13, 16:33:52, Running scanner "C:\Documents and Settings\Vange\Bureau\VSCANTM.BIN"...
2004-12-13, 17:01:44, Files Detected:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 12/13/2004 16:33:53
VSAPI Engine Version : 7.000-1004
VSCANTM Version : 1.1-1001
Virus Pattern Version : 291 (80706 Patterns) (2004/12/12) (229100)
Command Line: C:\Documents and Settings\Vange\Bureau\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\Vange\Bureau

59983 files have been read.
59983 files have been checked.
42429 files have been scanned.
63950 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 12/13/2004 17:01:44
---------*---------*---------*---------*---------*---------*---------*---------*
2004-12-13, 17:01:44, Files Clean:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 12/13/2004 16:33:53
VSAPI Engine Version : 7.000-1004
VSCANTM Version : 1.1-1001
Virus Pattern Version : 291 (80706 Patterns) (2004/12/12) (229100)
Command Line: C:\Documents and Settings\Vange\Bureau\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\Vange\Bureau

59983 files have been read.
59983 files have been checked.
42429 files have been scanned.
63950 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 12/13/2004 17:01:44 27 minutes 45 seconds (1665.05 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2004-12-13, 17:01:44, Clean Fail:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 12/13/2004 16:33:53
VSAPI Engine Version : 7.000-1004
VSCANTM Version : 1.1-1001
Virus Pattern Version : 291 (80706 Patterns) (2004/12/12) (229100)
Command Line: C:\Documents and Settings\Vange\Bureau\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\Vange\Bureau

59983 files have been read.
59983 files have been checked.
42429 files have been scanned.
63950 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 12/13/2004 17:01:44 27 minutes 45 seconds (1665.05 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2004-12-13, 17:01:44, Scanner "C:\Documents and Settings\Vange\Bureau\VSCANTM.BIN" has finished running.
2004-12-13, 20:36:09, An error was detected on "D:\System Volume Information\*.*": Accès refusé.
2004-12-13, 20:49:31, Running scanner "C:\Documents and Settings\Vange\Bureau\VSCANTM.BIN"...
2004-12-13, 21:12:13, Files Detected:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 12/13/2004 20:49:32
VSAPI Engine Version : 7.000-1004
VSCANTM Version : 1.1-1001
Virus Pattern Version : 291 (80706 Patterns) (2004/12/12) (229100)
Command Line: C:\Documents and Settings\Vange\Bureau\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 D:\*.* /P=C:\Documents and Settings\Vange\Bureau

47606 files have been read.
47606 files have been checked.
41530 files have been scanned.
42308 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 12/13/2004 21:12:13
---------*---------*---------*---------*---------*---------*---------*---------*
2004-12-13, 21:12:13, Files Clean:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 12/13/2004 20:49:32
VSAPI Engine Version : 7.000-1004
VSCANTM Version : 1.1-1001
Virus Pattern Version : 291 (80706 Patterns) (2004/12/12) (229100)
Command Line: C:\Documents and Settings\Vange\Bureau\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 D:\*.* /P=C:\Documents and Settings\Vange\Bureau

47606 files have been read.
47606 files have been checked.
41530 files have been scanned.
42308 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 12/13/2004 21:12:13 22 minutes 35 seconds (1355.16 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2004-12-13, 21:12:13, Clean Fail:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 12/13/2004 20:49:32
VSAPI Engine Version : 7.000-1004
VSCANTM Version : 1.1-1001
Virus Pattern Version : 291 (80706 Patterns) (2004/12/12) (229100)
Command Line: C:\Documents and Settings\Vange\Bureau\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 D:\*.* /P=C:\Documents and Settings\Vange\Bureau

47606 files have been read.
47606 files have been checked.
41530 files have been scanned.
42308 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 12/13/2004 21:12:13 22 minutes 35 seconds (1355.16 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2004-12-13, 21:12:13, Scanner "C:\Documents and Settings\Vange\Bureau\VSCANTM.BIN" has finished running.


Et le log de hijackthis :

Logfile of HijackThis v1.98.2
Scan saved at 21:26:37, on 13/12/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DeltTray.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Vange\Bureau\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG.exe -off
O4 - HKLM\..\Run: [DeltTray] DeltTray.exe
O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Windows TaskAd] C:\Program Files\Windows TaskAd\WinTaskAd.exe
O4 - HKLM\..\Run: [KAVPersonal50] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk.disabled
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkvMon.exe.lnk.disabled
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: ICQ 4 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
O16 - DPF: {161A7465-FEEE-4B40-8A85-ED752B93F73E} - file://E:\IntraLaunch.CAB
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/17f2a22069b82a6db917/netzip/RdxIE601_fr.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {FB48C7B0-EB66-4BE6-A1C5-9DDF3C37249A} (MCSendMessageHandler Class) - http://xtraz.icq.com/xtraz/activex/MISBH.cab
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll


Comment supprimer wootbot ?

Merci, et à bientôt

Vange

salut
le virus qui revien est wootbot.DV et non l'autre .DU à mon avis s'est une nouvelle infection, pas l'ancienne
N'OUVRE PAS les fichiers/email que tu connais pas

et installe A2free antitrojan
http://www.emsisoft.com/en/

a+

re suite
Tu dois mettre à jour WINdows Urgent

O4 - HKLM\..\Run: [KAVPersonal50] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize >> ! minimize = configure Kaspersky moyen ou haute protection

Vérifie ces pgm :
C:\Program Files\Windows TaskAd\WinTaskAd.exe >> tu connais ??
Si pas sûr tu zip le fichier et efface le .EXE

Relances HijackThis et cocher toutes ces lignes, puis FIX :
Si inconnu à cocher et FIX
O4 - HKLM\..\Run: [Windows TaskAd] C:\Program Files\Windows TaskAd\WinTaskAd.exe

a+

Re,

J'ai déjà essayé de mettre à jour, mais ça ne fonctionne pas : sur le site de windows update j'ai un message d'erreur. Pourtant, jusqu'ici les mises à jours se faisaient sans pbs...

D'où peut venir ce problème ?

a +

Vange

re
vérifie si c'est configuré comme indiqué ci dessous
ACTIVE_X et SCRIPT
Tu fais Démarrer/PanneauConfiguration/optionInternet/Sécurité et là avec icône Internet « Personnaliser le niveau », tu a des lignes « Contrôle ActiveX et Plugin »à cocher AUTORISER

a+

re
les lignes contrôle ActiveX et Plugin sont bien cochées autoriser mais cela ne fonctionne toujours pas.

a+

Vange

re
les autres sites fonctionnent??
alors regardes un peu là
Démarrer/PanneauConfig/optionInternet/ onglet sécurité/siteSensible et là le bouton SITE tu cliq et passe en revue les nom si WINdows ni serait pas?

sinon aussi Démarer/panneauConfig/système onglet MiseàJour
et coche MàJ automatique, redémarre

a+

re
non, ce n'est pas un site sensible, et j'ai vérifié la m à j automatique : elle est sensée se faire automatiquement tous les jours (sauf que là elle ne se fait plus...).

Merci pour ta disponibilité et ta patience, j'avoue que là je n'y comprends plus rien !

Vange

re
tu peux installer a2free (poste 16 ci dessus) ?
A=