probleme fermeture xp ( log hijackhis ) et redemarrage du Pc seul
probleme fermeture xp ( log hijackhis ) et redemarrage du Pc seul - Sécurité - Windows & Software
Marsh Posté le 08-07-2006 à 15:42:23
hmm, OK, mets à jour antivir et scan avvec, poste ensuite le log
Marsh Posté le 10-07-2006 à 18:08:21
voila :
AntiVir PersonalEdition Classic
Report file date: samedi 8 juillet 2006 13:07
Scanning for 447455 virus strains and unwanted programs.
Licensed to: AntiVir PersonalEdition Classic
Serial number: 0000149996-WURGE-0001
Platform: Windows XP
Windows version: (plain) [5.1.2600]
Username: papito
Computer name: PAPITO-2PW09AS4
Version informations:
AVSCAN.EXE : 7.0.0.42 557096 31/03/2006 09:14:09
AVSCAN.DLL : 7.0.0.42 53288 31/03/2006 09:14:09
LUKE.DLL : 7.0.0.42 118824 31/03/2006 09:14:09
LUKERES.DLL : 7.0.0.42 25640 31/03/2006 09:14:09
ANTIVIR0.VDF : 6.35.0.1 7371264 31/03/2006 09:14:09
ANTIVIR1.VDF : 6.35.0.168 730112 31/03/2006 09:14:09
ANTIVIR2.VDF : 6.35.0.169 2048 31/03/2006 09:14:09
ANTIVIR3.VDF : 6.35.0.175 8192 31/03/2006 09:14:09
AVEWIN32.DLL : 7.1.0.21 1552896 31/03/2006 09:14:09
AVPREF.DLL : 7.0.0.1 49192 31/03/2006 09:14:09
AVREP.DLL : 6.35.0.154 708648 31/03/2006 09:14:09
AVRPBASE.DLL : 7.0.0.0 2162728 04/05/2006 19:59:28
AVPACK32.DLL : 7.1.0.1 335912 31/03/2006 09:14:09
AVREG.DLL : 6.31.0.90 27688 31/03/2006 09:14:09
NETNT.DLL : 6.32.0.0 6696 31/03/2006 09:14:09
NETNW.DLL : 6.32.0.0 9768 31/03/2006 09:14:09
RCIMAGE.DLL : 7.0.0.71 1642536 31/03/2006 09:14:10
RCTEXT.DLL : 7.0.0.75 77864 31/03/2006 09:14:10
Configuration settings for the scan:
Jobname: '%s'.................: Local Drives
Configuration file............: C:\Program Files\AntiVir PersonalEdition Classic\alldrives.avp
Boot sectors..................: C,A,D,E,F,G,H
Scan memory...................: 1
Process scan..................: 1
Scan all files................: 2
Scan archives.................: 1
Recursion depth...............: 20
Smart extensions..............: 1
Macro heuristic...............: 1
File heuristic................: -1
Primary action................: 1
Secondary action..............: 0
Start of the scan: samedi 8 juillet 2006 13:07
The scan over running processes will be started
47 Processes was scanned
Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'A:\'
[NOTE] In the drive 'A:\' no data medium is inserted!
Starting to scan the registry.
C:\WINDOWS\system32\hivkr.exe
[WARNING] The file could not be opened!
The registry was scanned ( 27 files ).
Starting the file scan:
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\t1ao
[WARNING] The file could not be opened!
C:\Documents and Settings\LocalService\NTUSER.DAT
[WARNING] The file could not be opened!
C:\Documents and Settings\LocalService\ntuser.dat.LOG
[WARNING] The file could not be opened!
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
[WARNING] The file could not be opened!
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG
[WARNING] The file could not be opened!
C:\Documents and Settings\NetworkService\NTUSER.DAT
[WARNING] The file could not be opened!
C:\Documents and Settings\NetworkService\ntuser.dat.LOG
[WARNING] The file could not be opened!
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
[WARNING] The file could not be opened!
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG
[WARNING] The file could not be opened!
C:\Documents and Settings\papito\ntuser.dat
[WARNING] The file could not be opened!
C:\Documents and Settings\papito\ntuser.dat.LOG
[WARNING] The file could not be opened!
C:\Documents and Settings\papito\Application Data\Skype\papito95\index.dat
[WARNING] The file could not be opened!
C:\Documents and Settings\papito\Application Data\Skype\papito95\profile256.dbb
[WARNING] The file could not be opened!
C:\Documents and Settings\papito\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
[WARNING] The file could not be opened!
C:\Documents and Settings\papito\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG
[WARNING] The file could not be opened!
C:\Documents and Settings\papito\Local Settings\Temp\Perflib_Perfdata_208.dat
[WARNING] The file could not be opened!
C:\Documents and Settings\papito\Local Settings\Temp\Perflib_Perfdata_48c.dat
[WARNING] The file could not be opened!
C:\Documents and Settings\papito\Local Settings\Temp\Perflib_Perfdata_e60.dat
[WARNING] The file could not be opened!
C:\Documents and Settings\papito\Local Settings\Temp\Perflib_Perfdata_e68.dat
[WARNING] The file could not be opened!
C:\WINDOWS\SoftwareDistribution\EventCache\{177692FC-B1D5-4214-BB06-F50060718E2F}.bin
[WARNING] The file could not be opened!
C:\WINDOWS\system32\hivkr.exe
[WARNING] The file could not be opened!
C:\WINDOWS\system32\config\default
[WARNING] The file could not be opened!
C:\WINDOWS\system32\config\default.LOG
[WARNING] The file could not be opened!
C:\WINDOWS\system32\config\SAM
[WARNING] The file could not be opened!
C:\WINDOWS\system32\config\SAM.LOG
[WARNING] The file could not be opened!
C:\WINDOWS\system32\config\SECURITY
[WARNING] The file could not be opened!
C:\WINDOWS\system32\config\SECURITY.LOG
[WARNING] The file could not be opened!
C:\WINDOWS\system32\config\software
[WARNING] The file could not be opened!
C:\WINDOWS\system32\config\software.LOG
[WARNING] The file could not be opened!
C:\WINDOWS\system32\config\system
[WARNING] The file could not be opened!
C:\WINDOWS\system32\config\system.LOG
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\dtscsi.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\sptd2797.sys
[WARNING] The file could not be opened!
C:\WINDOWS\Temp\ZLT06a4b.TMP
[WARNING] The file could not be opened!
The path A:\ could not be found!
Le périphérique n'est pas prêt.
The path E:\ could not be found!
Le périphérique n'est pas prêt.
The path G:\ could not be found!
Le périphérique n'est pas prêt.
End of the scan: samedi 8 juillet 2006 13:35
Used time: 28:19 min
The scan has been done completely.
3645 Scanning directories
276475 Files were scanned
0 viruses and/or unwanted programs was found
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
1328 Archives were scanned
37 Warnings
0 Notes
Marsh Posté le 11-07-2006 à 08:31:05
Bonjour, 
c'est quoi wareout ?
Je vais regarder sur google !!
ce qui est chiant c'est que j'eteins le pc, mais apres impossible de le rallumer via la bouton "on" du PC, il y a rien qui se passe, par contre 10 minutes apres, le pc s'allume tout seul !! 
Message édité par simbba95 le 11-07-2006 à 08:31:30
Marsh Posté le 11-07-2006 à 19:26:22
Bonjour, wareout est un faux antispy, fait ceci :
1/ Fixe :
| Citation : |
2/ Télécharges pocketkillbox : http://bleepingcomputer.com/killbox.php, lance la killbox, copies les lignes C:\WINDOWS\SYSTEM32\WgaLogon.dll
C:\WINDOWS\System32\dfiya.exe
déroule le menu file de la killbox et choisi "Paste from clipboard" etchoisi "delete on reboot", appui sur la croix blanche et reboot.
3/ Lance hijackthis, va dans la "misc tools section" séléctionne "open un install manager" puis "save list " et copies la liste
4/ Boot en mode sans échecs et supprime à la main :
C:\WINDOWS\wotmp.tmp ou wotmp11.tmp
C:\WINDOWS\System32\wosys.dll ou wosysdll.dll
Message édité par med365 le 11-07-2006 à 19:33:05
Marsh Posté le 12-07-2006 à 08:36:52
Bonjour,
Merci pour ton aide med365, je ferais cette manip ce soir apres avoir surement changer d'alim, lol car hier elle m'a laché , par contre ce que tu dis reglera surement le fait que mon PC rame a la fermeture d' XP, ça fait un an que j'ai le PC, j'ai jamais fait de defragmentation, vous pensez que cela peut etre utile ?
Merci de vos conseils 
Marsh Posté le 12-07-2006 à 20:04:54
Oui, en plus ca t'évitera les problèmes d'acces aux fichiers 
Marsh Posté le 12-07-2006 à 22:42:46
Hello,
WgaLogon.dll: Status L
Description Windows Genuine Advantage
FixWareout:
http://downloads.subratam.org/Fixwareout.exe
http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe
Sujets relatifs:
- Problème de configue réseau entre PC et portable
- Problème config wag354g
- Problème Windows 2003 - ODBC
- Probleme d'installation Win XP pro... Encore
- Probleme installation win98 se
- memoire virtuelle et 2 GO ram ! probleme
- Probleme SPyware
- [LiveBox] Problème de réinitialisation et Wifi
- Probleme de deconnexion Linksys ADSL2MUE
- Problème de synchro : que faire ?
Marsh Posté le 08-07-2006 à 11:54:53
Bonjour, pouvez vous me dire svp si dans mon log il ya un soucis
Mon probleme est qu'une fois que j'ai fermé XP, je ne peux plus redemarrer le pc a la main, et au bout de 10 minutes le pc s'allume tout seul
Merci de votre aide :
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe
C:\Program Files\PyGrenouille\pygrenouille.exe
C:\Program Files\SpeedFan\speedfan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\papito\Mes documents\Logiciel\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 219.34.121.3:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 -noicon
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dfiya.exe] C:\WINDOWS\System32\dfiya.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [AtiTrayTools] "C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe"
O4 - Startup: SpeedFan.lnk = C:\Program Files\SpeedFan\speedfan.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: PyGrenouille.lnk = C:\Program Files\PyGrenouille\pygrenouille.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?li [...] lcid=0x409
O16 - DPF: {5554A026-7282-4C11-A8F1-652D0599CD02} (NMInstall Control) - http://a14.g.akamai.net/f/14/7141/ [...] SILENT.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft. [...] 9005084076
O17 - HKLM\System\CCS\Services\Tcpip\..\{8D7349FE-A047-4F09-9504-BAC3C6626932}: NameServer = 85.255.114.19,85.255.112.158
O17 - HKLM\System\CCS\Services\Tcpip\..\{B21BB74F-518E-46DE-89B9-FE035D45327D}: NameServer = 85.255.114.19,85.255.112.158
O17 - HKLM\System\CCS\Services\Tcpip\..\{E1678B21-28F0-4F7C-9B9D-6D9329F66E65}: NameServer = 85.255.114.19,85.255.112.158
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.19 85.255.112.158
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.19 85.255.112.158
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.19 85.255.112.158
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Message édité par simbba95 le 08-07-2006 à 13:49:07