Aller au contenu

peio64

Membres
  • Compteur de contenus

    18
  • Inscription

  • Dernière visite

Autres informations

  • Mes langues
    francais/anglais

peio64's Achievements

Junior Member

Junior Member (3/12)

0

Réputation sur la communauté

  1. bonjour, j'ai un problème de lenteur et surtout j'ai l'impression que je ne contrôle plus vraiment mon ordi ... j'ai donc suivi le protocole et voici mon rapport hijackthis. en particulier j'ai un fichier Systeme Volume Information ...RESTORE auquel je n'ai absolument pas accès ??? merci par avance de votre aide peio Logfile of HijackThis v1.99.1 Scan saved at 20:25:49, on 11/02/2008 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.free.fr/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange HSS\SearchURLHook\SearchPageURL.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [systrayORAHSS] "C:\Program Files\Orange HSS\Systray\SystrayApp.exe" O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange HSS\SessionManager\SessionManager.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - Startup: MRU-Blaster Scheduler.lnk = C:\Program Files\MRU-Blaster\scheduler.exe O4 - Startup: MRU-Blaster Silent Clean.lnk = C:\Program Files\MRU-Blaster\mrublaster.exe O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ? O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.zebulon.fr/outils/antivirus/kav...can_unicode.cab O16 - DPF: {127698E4-E730-4E5C-A2B1-21490A70C8A1} (CEnroll Class) - https://static.impots.gouv.fr/abos/securite/xenroll.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\FTRTSVC.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  2. salut, je suis pas vraiment un pro en faite j'ai eu des pbs depuis quelques temps avec des coupures d'ordi sans prévenir et surtout quand je commencais à mettre en oeuvre des mesures de sécurité ... exemple je lance ewido pour une analyse en mode normal il me détecte des trucs et avant la fin de l'analyse l'ordi s'arrête ... aujourd'hui ce que j'ai fait c'est formater le disque dur mais je ne suis pas entré dans le détail car je n'ai que quelques bases et j'ai réinstallé mon windows xp ... le résultat c'est que mon ordi à des problèmes d'affichage en particulier quand je vais sur internet tout se lance normalement par contre quand j'essaie de descendre avec la barre sur le côté de défilement la page descend très lentement ... je suis donc un peu paumé et je ne sais plus vraiment quoi faire ? une autre question sur mon rapport ewido des trucs sont détectés alors que je venais juste de formater l'ordi est ce que c'est normal ? quand j'ai reformaté j'ai voulu réinstaller windows 98, impossible pourquoi ?? en tout cas merci par avance de votre aide car moi je n'ai pas de solutions ...
  3. salut, oui j'ai eu kapersky un temps, j'ai essayé de voir au niveau du matériel et je vais réinstaller une autre version xp mais là mon ordi rame énormément ... voici mon rapport comme tu m'as demandé, je l'ai fait en mode normal ... merci encore StartupList report, 12/08/2007, 20:55:44 StartupList version: 1.52.2 Started from : C:\Program Files\hijackthis\HijackThis.EXE Detected: Windows XP (WinNT 5.01.2600) Detected: Internet Explorer v6.00 SP1 (6.00.2600.0000) * Using default options * Including empty and uninteresting sections * Showing rarely important sections ================================================== Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\rundll32.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\vsnpstd.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\System32\msiexec.exe C:\Program Files\hijackthis\HijackThis.exe -------------------------------------------------- Listing of startup folders: Shell folders Startup: [C:\Documents and Settings\peio\Menu Démarrer\Programmes\Démarrage] *No files* Shell folders AltStartup: *Folder not found* User shell folders Startup: *Folder not found* User shell folders AltStartup: *Folder not found* Shell folders Common Startup: [C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage] *No files* Shell folders Common AltStartup: *Folder not found* User shell folders Common Startup: *Folder not found* User shell folders Alternate Common Startup: *Folder not found* -------------------------------------------------- Checking Windows NT UserInit: [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINDOWS\system32\userinit.exe, [HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon] *Registry key not found* [HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] *Registry value not found* [HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon] *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run AdslTaskBar = rundll32.exe stmctrl.dll,TaskBar !AVG Anti-Spyware = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized ZoneAlarm Client = "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" avgnt = "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min snpstd = C:\WINDOWS\vsnpstd.exe SunJavaUpdateSched = "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" NeroCheck = C:\WINDOWS\System32\NeroCheck.exe -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce *No values found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *No values found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run CTFMON.EXE = C:\WINDOWS\System32\ctfmon.exe MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce *No values found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\Run *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\Run *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- File association entry for .EXE: HKEY_CLASSES_ROOT\exefile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .COM: HKEY_CLASSES_ROOT\comfile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .BAT: HKEY_CLASSES_ROOT\batfile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .PIF: HKEY_CLASSES_ROOT\piffile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .SCR: HKEY_CLASSES_ROOT\scrfile\shell\open\command (Default) = "%1" /S -------------------------------------------------- File association entry for .HTA: HKEY_CLASSES_ROOT\htafile\shell\open\command (Default) = C:\WINDOWS\System32\mshta.exe "%1" %* -------------------------------------------------- File association entry for .TXT: HKEY_CLASSES_ROOT\txtfile\shell\open\command (Default) = %SystemRoot%\system32\NOTEPAD.EXE %1 -------------------------------------------------- Enumerating Active Setup stub paths: HKLM\Software\Microsoft\Active Setup\Installed Components (* = disabled by HKCU twin) [>{F74FF722-E280-4F3F-86AD-8EFEF12C68D8}] * StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP [{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\mplayer2.inf,PerUserStub.NT [{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] * StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll [{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] * StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install [{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT [{5945c046-1e7d-11d1-bc44-00c04fd912be}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.Install.PerUser [{6BF52A52-394A-11d3-B153-00C04F79FAA6}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub [{7790769C-0471-11d2-AF11-00C04FA35D02}] * StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install [{89820200-ECBD-11cf-8B85-00AA005B4340}] * StubPath = regsvr32.exe /s /n /i:U shell32.dll [{89820200-ECBD-11cf-8B85-00AA005B4383}] * StubPath = %SystemRoot%\System32\ie4uinit.exe [{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}] * StubPath = %SystemRoot%\System32\updcrl.exe -e -u %SystemRoot%\System32\verisignpub1.crl [{ACC563BC-4266-43f0-B6ED-9D38C4202C7E}] * StubPath = rundll32 iesetup.dll,IEAccessUserInst -------------------------------------------------- Enumerating ICQ Agent Autostart apps: HKCU\Software\Mirabilis\ICQ\Agent\Apps *Registry key not found* -------------------------------------------------- Load/Run keys from C:\WINDOWS\WIN.INI: load=*INI section not found* run=*INI section not found* Load/Run keys from Registry: HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found* HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found* HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found* HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found* HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found* HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found* HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found* HKCU\..\Windows NT\CurrentVersion\Windows: load= HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs= -------------------------------------------------- Shell & screensaver key from C:\WINDOWS\SYSTEM.INI: Shell=*INI section not found* SCRNSAVE.EXE=*INI section not found* drivers=*INI section not found* Shell & screensaver key from Registry: Shell=Explorer.exe SCRNSAVE.EXE=*Registry value not found* drivers=*Registry value not found* Policies Shell key: HKCU\..\Policies: Shell=*Registry value not found* HKLM\..\Policies: Shell=*Registry value not found* -------------------------------------------------- Checking for EXPLORER.EXE instances: C:\WINDOWS\Explorer.exe: PRESENT! C:\Explorer.exe: not present C:\WINDOWS\Explorer\Explorer.exe: not present C:\WINDOWS\System\Explorer.exe: not present C:\WINDOWS\System32\Explorer.exe: not present C:\WINDOWS\Command\Explorer.exe: not present C:\WINDOWS\Fonts\Explorer.exe: not present -------------------------------------------------- Checking for superhidden extensions: .lnk: HIDDEN! (arrow overlay: yes) .pif: HIDDEN! (arrow overlay: yes) .exe: not hidden .com: not hidden .bat: not hidden .hta: not hidden .scr: not hidden .shs: HIDDEN! .shb: HIDDEN! .vbs: not hidden .vbe: not hidden .wsh: not hidden .scf: HIDDEN! (arrow overlay: NO!) .url: HIDDEN! (arrow overlay: yes) .js: not hidden .jse: not hidden -------------------------------------------------- Verifying REGEDIT.EXE integrity: - Regedit.exe found in C:\WINDOWS - .reg open command is normal (regedit.exe %1) - Regedit.exe has no CompanyName property! It is either missing or named something else. - Regedit.exe has no OriginalFilename property! It is either missing or named something else. - Regedit.exe has no FileDescription property! It is either missing or named something else. Registry check failed! -------------------------------------------------- Enumerating Browser Helper Objects: (no name) - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (no name) - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -------------------------------------------------- Enumerating Task Scheduler jobs: *No jobs found* -------------------------------------------------- Enumerating Download Program Files: [Java Plug-in 1.6.0_02] InProcServer32 = C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll CODEBASE = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab [Java Plug-in 1.6.0_02] InProcServer32 = C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll CODEBASE = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab [Java Plug-in 1.6.0_02] InProcServer32 = C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll CODEBASE = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -------------------------------------------------- Enumerating Winsock LSP files: NameSpace #1: C:\WINDOWS\System32\mswsock.dll NameSpace #2: C:\WINDOWS\System32\winrnr.dll NameSpace #3: C:\WINDOWS\System32\mswsock.dll Protocol #1: C:\WINDOWS\system32\mswsock.dll Protocol #2: C:\WINDOWS\system32\mswsock.dll Protocol #3: C:\WINDOWS\system32\mswsock.dll Protocol #4: C:\WINDOWS\system32\rsvpsp.dll Protocol #5: C:\WINDOWS\system32\rsvpsp.dll Protocol #6: C:\WINDOWS\system32\mswsock.dll Protocol #7: C:\WINDOWS\system32\mswsock.dll Protocol #8: C:\WINDOWS\system32\mswsock.dll Protocol #9: C:\WINDOWS\system32\mswsock.dll Protocol #10: C:\WINDOWS\system32\mswsock.dll Protocol #11: C:\WINDOWS\system32\mswsock.dll Protocol #12: C:\WINDOWS\system32\mswsock.dll Protocol #13: C:\WINDOWS\system32\mswsock.dll Protocol #14: C:\WINDOWS\system32\mswsock.dll Protocol #15: C:\WINDOWS\system32\mswsock.dll -------------------------------------------------- Enumerating Windows NT/2000/XP services Pilote ACPI Microsoft: System32\DRIVERS\ACPI.sys (system) Suppresseur d'écho acoustique (Noyau Microsoft): system32\drivers\aec.sys (manual start) Environnement de prise en charge de réseau AFD: \SystemRoot\System32\drivers\afd.sys (autostart) Avertissement: %SystemRoot%\System32\svchost.exe -k LocalService (manual start) Service de la passerelle de la couche Application: %SystemRoot%\System32\alg.exe (manual start) AntiVir PersonalEdition Classic Scheduler: "C:\Program Files\AntiVir PersonalEdition Classic\sched.exe" (autostart) AntiVir PersonalEdition Classic Guard: "C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe" (autostart) Gestion d'applications: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start) Pilote de média asynchrone RAS: System32\DRIVERS\asyncmac.sys (manual start) Contrôleur de disque dur IDE/ESDI standard: System32\DRIVERS\atapi.sys (system) Protocole client ATM ARP: System32\DRIVERS\atmarpc.sys (manual start) Audio Windows: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Pilote audio Stub: System32\DRIVERS\audstub.sys (manual start) AVG Anti-Spyware Driver: \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys (system) AVG Anti-Spyware Guard: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (autostart) AVG Anti-Spyware Clean Driver: System32\DRIVERS\AvgAsCln.sys (system) avgntdd: SYSTEM32\DRIVERS\avgntdd.sys (system) avgntmgr: SYSTEM32\DRIVERS\avgntmgr.sys (system) avipbb: System32\DRIVERS\avipbb.sys (system) Service de transfert intelligent en arrière-plan: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Explorateur d'ordinateur: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Décodeur sous-titre fermé: System32\DRIVERS\CCDECODE.sys (manual start) Pilote de CD-ROM: System32\DRIVERS\cdrom.sys (system) Service d'indexation: C:\WINDOWS\System32\cisvc.exe (manual start) Gestionnaire de l'Album: %SystemRoot%\system32\clipsrv.exe (manual start) Application système COM+: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start) Services de cryptographie: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Client DHCP: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Pilote de disque: System32\DRIVERS\disk.sys (system) Service d'administration du Gestionnaire de disque logique: %SystemRoot%\System32\dmadmin.exe /com (manual start) dmboot: System32\drivers\dmboot.sys (disabled) Pilote de Gestionnaire de disque logique: System32\drivers\dmio.sys (system) dmload: System32\drivers\dmload.sys (system) Gestionnaire de disque logique: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Synthétiseur DLS du noyau Microsoft: system32\drivers\DMusic.sys (manual start) Client DNS: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart) Filtre de décodeur DRM (Noyau Microsoft): system32\drivers\drmkaud.sys (manual start) Service de rapport d'erreurs: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Journal des événements: %SystemRoot%\system32\services.exe (autostart) Système d'événements de COM+: C:\WINDOWS\System32\svchost.exe -k netsvcs (manual start) Compatibilité avec le Changement rapide d'utilisateur: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Pilote de contrôleur de lecteur de disquettes: System32\DRIVERS\fdc.sys (manual start) Pilote de lecteur de disquettes: System32\DRIVERS\flpydisk.sys (manual start) Pilote du Gestionnaire de volume: System32\DRIVERS\ftdisk.sys (system) Classificateur de paquets générique: System32\DRIVERS\msgpc.sys (manual start) Aide et support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Accès du périphérique d'interface utilisateur: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled) Pilote de classe HID Microsoft: System32\DRIVERS\hidusb.sys (manual start) Pilote pour clavier i8042 et souris sur port PS/2: System32\DRIVERS\i8042prt.sys (system) Service COM de gravage de CD IMAPI: C:\WINDOWS\System32\imapi.exe (manual start) Pilote de filtre de trafic IP: System32\DRIVERS\ipfltdrv.sys (manual start) Pilote de tunnelage IP dans IP: System32\DRIVERS\ipinip.sys (manual start) Traducteur d'adresses réseau IP: System32\DRIVERS\ipnat.sys (manual start) Pilote IPSEC: System32\DRIVERS\ipsec.sys (system) Service énumérateur IR: System32\DRIVERS\irenum.sys (manual start) Pilote de bus Plug-and-Play ISA/EISA: System32\DRIVERS\isapnp.sys (system) Pilote de la classe Clavier: System32\DRIVERS\kbdclass.sys (system) kl1: System32\DRIVERS\kl1.sys (system) KLIF: \??\C:\WINDOWS\system32\drivers\klif.sys (manual start) Mélangeur audio Wave de noyau Microsoft: system32\drivers\kmixer.sys (manual start) Serveur: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Station de travail: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Assistance TCP/IP NetBIOS: %SystemRoot%\System32\svchost.exe -k LocalService (autostart) Affichage des messages: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Partage de Bureau à distance NetMeeting: C:\WINDOWS\System32\mnmsrvc.exe (manual start) Pilote de la classe Souris: System32\DRIVERS\mouclass.sys (system) Pilote HID de souris: System32\DRIVERS\mouhid.sys (manual start) Redirecteur client WebDav: System32\DRIVERS\mrxdav.sys (manual start) MRXSMB: System32\DRIVERS\mrxsmb.sys (system) Distributed Transaction Coordinator: C:\WINDOWS\System32\msdtc.exe (manual start) Windows Installer: C:\WINDOWS\System32\msiexec.exe /V (manual start) Proxy de service de répartition Microsoft: system32\drivers\MSKSSRV.sys (manual start) Proxy d'horloge de répartition Microsoft: system32\drivers\MSPCLOCK.sys (manual start) Proxy de gestion de qualité de répartition Microsoft: system32\drivers\MSPQM.sys (manual start) Convertisseur en T/site-à-site de répartition Microsoft: system32\drivers\MSTEE.sys (manual start) Codec NABTS/FEC VBI: System32\DRIVERS\NABTSFEC.sys (manual start) Connection TV/vidéo Microsoft: System32\DRIVERS\NdisIP.sys (manual start) Pilote TAPI NDIS d'accès distant: System32\DRIVERS\ndistapi.sys (manual start) NDIS mode utilisateur E/S Protocole: System32\DRIVERS\ndisuio.sys (manual start) Pilote réseau étendu NDIS d'accès distant: System32\DRIVERS\ndiswan.sys (manual start) Interface NetBIOS: System32\DRIVERS\netbios.sys (system) NetBIOS sur TCP/IP: System32\DRIVERS\netbt.sys (system) DDE réseau: %SystemRoot%\system32\netdde.exe (manual start) DSDM DDE réseau: %SystemRoot%\system32\netdde.exe (manual start) Ouverture de session réseau: %SystemRoot%\System32\lsass.exe (manual start) Connexions réseau: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) NLA (Network Location Awareness): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Fournisseur de la prise en charge de sécurité LM NT: %SystemRoot%\System32\lsass.exe (manual start) Stockage amovible: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start) Pilote de filtre de trafic IPX: System32\DRIVERS\nwlnkflt.sys (manual start) Pilote de transfert de trafic IPX: System32\DRIVERS\nwlnkfwd.sys (manual start) Pilote de port parallèle: System32\DRIVERS\parport.sys (manual start) Pilote de bus PCI: System32\DRIVERS\pci.sys (system) PCIIde: System32\DRIVERS\pciide.sys (system) Padus ASPI Shell: system32\drivers\pfc.sys (manual start) Plug-and-Play: %SystemRoot%\system32\services.exe (autostart) Services IPSEC: %SystemRoot%\System32\lsass.exe (autostart) Miniport réseau étendu (PPTP): System32\DRIVERS\raspptp.sys (manual start) Pilote processeur: System32\DRIVERS\processr.sys (system) Emplacement protégé: %SystemRoot%\system32\lsass.exe (autostart) Planificateur de paquets QoS: System32\DRIVERS\psched.sys (manual start) Pilote de liaison parallèle directe: System32\DRIVERS\ptilink.sys (manual start) Pilote de connexion automatique d'accès distant: System32\DRIVERS\rasacd.sys (system) Gestionnaire de connexion automatique d'accès distant: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Miniport réseau étendu (L2TP): System32\DRIVERS\rasl2tp.sys (manual start) Gestionnaire de connexions d'accès distant: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Pilote PPPOE d'accès à distance: System32\DRIVERS\raspppoe.sys (manual start) Parallèle direct: System32\DRIVERS\raspti.sys (manual start) Rdbss: System32\DRIVERS\rdbss.sys (system) EDIROL UA-25: system32\Drivers\rdwm1046.sys (manual start) RDPCDD: System32\DRIVERS\RDPCDD.sys (system) Pilote de redirecteur de périphérique Terminal Server: System32\DRIVERS\rdpdr.sys (manual start) Gestionnaire de session d'aide sur le Bureau à distance: C:\WINDOWS\system32\sessmgr.exe (manual start) Pilote de filtre de lecture digitale de CD audio: System32\DRIVERS\redbook.sys (system) Routage et accès distant: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled) Accès à distance au Registre: %SystemRoot%\system32\svchost.exe -k LocalService (autostart) Localisateur d'appels de procédure distante (RPC): %SystemRoot%\System32\locator.exe (manual start) Appel de procédure distante (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart) QoS RSVP: %SystemRoot%\System32\rsvp.exe (manual start) Gestionnaire de comptes de sécurité: %SystemRoot%\system32\lsass.exe (autostart) Prise en charge des cartes à puces: %SystemRoot%\System32\SCardSvr.exe (manual start) Carte à puce: %SystemRoot%\System32\SCardSvr.exe (manual start) Planificateur de tâches: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Secdrv: System32\DRIVERS\secdrv.sys (manual start) Connexion secondaire: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Notification d'événement système: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Pilote de filtre Serenum: System32\DRIVERS\serenum.sys (manual start) Pilote de port série: System32\DRIVERS\serial.sys (system) Pare-feu de connexion Internet (ICF) / Partage de connexion Internet (ICS): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Détection matériel noyau: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Détrameur décalage BDA: System32\DRIVERS\SLIP.sys (manual start) USB PC Camera (SN9C102): System32\DRIVERS\snpstd.sys (manual start) Splitter audio du noyau Microsoft: system32\drivers\splitter.sys (manual start) Spouleur d'impression: %SystemRoot%\system32\spoolsv.exe (autostart) Pilote de filtre de restauration système: System32\DRIVERS\sr.sys (system) srescan: System32\ZoneLabs\srescan.sys (system) Service de restauration système: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Srv: System32\DRIVERS\srv.sys (manual start) Service de découvertes SSDP: %SystemRoot%\System32\svchost.exe -k LocalService (manual start) ssmdrv: System32\DRIVERS\ssmdrv.sys (system) Acquisition d'image Windows (WIA): %SystemRoot%\System32\svchost.exe -k imgsvc (autostart) ATM/ADSL miniport: System32\DRIVERS\stmatm.sys (manual start) BDA IPSink: System32\DRIVERS\StreamIP.sys (manual start) Pilote de bus logiciel: System32\DRIVERS\swenum.sys (manual start) Synthétiseur de table de sons GC noyau Microsoft: system32\drivers\swmidi.sys (manual start) MS Software Shadow Copy Provider: C:\WINDOWS\System32\dllhost.exe /Processid:{FC3C61D9-288B-4D8E-89C3-430EBBB2CC97} (manual start) Périphérique audio système du noyau Microsoft: system32\drivers\sysaudio.sys (manual start) Journaux et alertes de performance: %SystemRoot%\system32\smlogsvc.exe (manual start) Téléphonie: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) ADSL Modem USB Service: System32\DRIVERS\torususb.sys (manual start) Pilote du protocole TCP/IP: System32\DRIVERS\tcpip.sys (system) Pilote de périphérique terminal: System32\DRIVERS\termdd.sys (system) Services Terminal Server: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Thèmes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Telnet: C:\WINDOWS\System32\tlntsvr.exe (manual start) Client de suivi de lien distribué: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Pilote de mise à jour microcode: System32\DRIVERS\update.sys (manual start) Gestionnaire de téléchargement: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Hôte de périphérique universel Plug-and-Play: %SystemRoot%\System32\svchost.exe -k LocalService (manual start) Onduleur: %SystemRoot%\System32\ups.exe (manual start) Concentrateur USB2: System32\DRIVERS\usbhub.sys (manual start) Pilote miniport de contrôleur hôte ouvert USB Microsoft: System32\DRIVERS\usbohci.sys (manual start) Pilote miniport de contrôleur hôte universel USB Microsoft: System32\DRIVERS\usbuhci.sys (manual start) VgaSave: \SystemRoot\System32\drivers\vga.sys (system) vsdatant: System32\vsdatant.sys (system) TrueVector Internet Monitor: C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service (autostart) Cliché instantané de volume: %SystemRoot%\System32\vssvc.exe (manual start) Horloge Windows: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Pilote ARP IP d'accès distant: System32\DRIVERS\wanarp.sys (manual start) Pilote WINMM de compatibilité audio WDM Microsoft: system32\drivers\wdmaud.sys (manual start) WebClient: %SystemRoot%\System32\svchost.exe -k LocalService (autostart) Infrastructure de gestion Windows: %systemroot%\system32\svchost.exe -k netsvcs (autostart) Numéro de série du média portable: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Extensions du pilote WMI: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Carte de performance WMI: C:\WINDOWS\System32\wbem\wmiapsrv.exe (manual start) Codec Teletext standard: System32\DRIVERS\WSTCODEC.SYS (manual start) Mises à jour automatiques: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Configuration automatique sans fil: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) -------------------------------------------------- Enumerating Windows NT logon/logoff scripts: *No scripts set to run* Windows NT checkdisk command: BootExecute = autocheck autochk * Windows NT 'Wininit.ini': PendingFileRenameOperations: *Registry value not found* -------------------------------------------------- Enumerating ShellServiceObjectDelayLoad items: PostBootReminder: C:\WINDOWS\system32\SHELL32.dll CDBurn: C:\WINDOWS\system32\SHELL32.dll WebCheck: C:\WINDOWS\System32\webcheck.dll SysTray: C:\WINDOWS\System32\stobject.dll -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run *Registry key not found* -------------------------------------------------- End of report, 31 318 bytes Report generated in 0,188 seconds Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only
  4. ok, les messages se sont affichés sans que je sois sur un site, et concernant la lenteur du défilement quand je suis sur le net je ne comprends pas vraiment ... je vais essayer de voir si c'est un pb matériel. merci en tout cas d'avoir passé du temps sur mon rapport, c'est vraiment un super site bonne soirée peio
  5. une dernière chose j'ai eu un message d'alerte suivant : "message de microsoft à alert registry cleaned recommended to fix system error please connet to www.regclean.com ....etc" voilà si ca peut aider merci encore
  6. salut, ci joint ce que tu m'as demandé : DiagHelp version v1.1.2 - http://www.malekal.com excute le 10/08/2007 à 22:12:06,31 Liste des derniers fichies modifies/crees dans windir\system32 C:\WINDOWS\System32/drivers\fidbox2.idx -->10/08/2007 19:56:09 C:\WINDOWS\System32/drivers\fidbox2.dat -->10/08/2007 19:56:09 C:\WINDOWS\System32/drivers\fidbox.idx -->10/08/2007 19:56:09 C:\WINDOWS\System32/drivers\fidbox.dat -->10/08/2007 19:56:09 C:\WINDOWS\System32/drivers\klin.dat -->10/08/2007 19:54:10 C:\WINDOWS\System32/drivers\klick.dat -->10/08/2007 19:54:10 C:\WINDOWS\System32/drivers\klif.sys -->31/05/2007 00:03:48 C:\WINDOWS\System32\vsconfig.xml -->10/08/2007 21:28:46 C:\WINDOWS\System32\zllictbl.dat -->10/08/2007 19:55:47 C:\WINDOWS\System32\PerfStringBackup.INI -->10/08/2007 19:33:00 C:\WINDOWS\System32\perfh00C.dat -->10/08/2007 19:33:00 C:\WINDOWS\System32\perfh009.dat -->10/08/2007 19:33:00 C:\WINDOWS\System32\perfc00C.dat -->10/08/2007 19:33:00 C:\WINDOWS\System32\perfc009.dat -->10/08/2007 19:33:00 C:\WINDOWS\System32\h323log.txt -->10/08/2007 18:42:24 C:\WINDOWS\System32\nscompat.tlb -->10/08/2007 18:01:37 C:\WINDOWS\System32\amcompat.tlb -->10/08/2007 18:01:37 C:\WINDOWS\System32\wmpscheme.xml -->10/08/2007 17:52:01 C:\WINDOWS\System32\wpa.dbl -->10/08/2007 17:51:47 C:\WINDOWS\System32\FNTCACHE.DAT -->10/08/2007 17:50:42 C:\WINDOWS\System32\$winnt$.inf -->10/08/2007 17:49:51 C:\WINDOWS\System32\CONFIG.NT -->10/08/2007 17:47:20 C:\WINDOWS\System32\WindowsLogon.manifest -->10/08/2007 17:46:15 C:\WINDOWS\System32\logonui.exe.manifest -->10/08/2007 17:46:15 C:\WINDOWS\System32\wuaucpl.cpl.manifest -->10/08/2007 17:46:09 C:\WINDOWS\System32\sapi.cpl.manifest -->10/08/2007 17:46:09 C:\WINDOWS\System32\nwc.cpl.manifest -->10/08/2007 17:46:09 C:\WINDOWS\System32\ncpa.cpl.manifest -->10/08/2007 17:46:09 C:\WINDOWS\System32\cdplayer.exe.manifest -->10/08/2007 17:46:09 C:\WINDOWS\System32\emptyregdb.dat -->10/08/2007 17:44:24 C:\WINDOWS\System32\vsutil_loc040c.dll -->21/06/2007 21:55:30 C:\WINDOWS\System32\imslsp_install_loc040c.dll -->21/06/2007 21:55:28 C:\WINDOWS\nsreg.dat -->10/08/2007 21:29:17 C:\WINDOWS.log -->10/08/2007 21:28:25 C:\WINDOWS\bootstat.dat -->10/08/2007 21:28:01 C:\WINDOWS\ntbtlog.txt -->10/08/2007 21:24:25 C:\WINDOWS\SchedLgU.Txt -->10/08/2007 20:22:04 C:\WINDOWS\setupapi.log -->10/08/2007 19:54:03 C:\WINDOWS\wiaservc.log -->10/08/2007 18:38:43 C:\WINDOWS\wiadebug.log -->10/08/2007 18:38:40 C:\WINDOWS\Sti_Trace.log -->10/08/2007 18:38:39 C:\WINDOWS\regopt.log -->10/08/2007 18:36:11 C:\WINDOWS\system.ini -->10/08/2007 18:36:10 C:\WINDOWS\Windows Update.log -->10/08/2007 18:06:25 C:\WINDOWS\OEWABLog.txt -->10/08/2007 18:03:32 C:\WINDOWS\Active Setup Log.txt -->10/08/2007 18:01:49 C:\WINDOWS\setuplog.txt -->10/08/2007 17:51:46 Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est B834-C5E5 Répertoire de C:\WINDOWS\system32 28/08/2001 14:00 4 096 csrss.exe 1 fichier(s) 4 096 octets 0 Rép(s) 77 272 252 416 octets libres Contenu de Downloaded Program Files Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est B834-C5E5 Répertoire de C:\WINDOWS\Downloaded Program Files 10/08/2007 17:46 <REP> . 10/08/2007 17:46 <REP> .. 10/08/2007 18:03 65 desktop.ini 1 fichier(s) 65 octets Total des fichiers listés : 1 fichier(s) 65 octets 2 Rép(s) 77 272 252 416 octets libres Recherche de rootkit! (Merci S!Ri) Recherche d'infections connues Export des clefs sensibles.. Liste des fichiers en exception sur le pare-feu XP SP2 Export de la clef SharedTaskScheduler [sharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant" Rechercher adresses sensibles dans le fichier HOSTS... catchme 0.3.1066 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-08-10 22:12:34 Windows 5.1.2600 NTFS scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden files: 0 KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Process list by traversal of KiWaitListHead 4 - System 516 - csrss.exe 540 - winlogon.exe 584 - services.exe 604 - lsass.exe 776 - svchost.exe 820 - svchost.exe 956 - vsmon.exe 1112 - explorer.exe 1272 - rundll32.exe 1284 - avgas.exe 1312 - zlclient.exe 1344 - avgnt.exe 1392 - ctfmon.exe 1484 - avguard.exe 1704 - guard.exe 2908 - firefox.exe 3156 - cmd.exe Total number of processes = 18 NOTE: Under WinXP, this will not show all processes. KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Driver/Module list by traversal of PsLoadedModuleList 804D0000 - \WINDOWS\system32\ntoskrnl.exe 806B5000 - \WINDOWS\system32\hal.dll F7A45000 - \WINDOWS\system32\KDCOM.DLL F7955000 - \WINDOWS\system32\BOOTVID.dll F74F8000 - ACPI.sys F7A47000 - \WINDOWS\System32\DRIVERS\WMILIB.SYS F7545000 - pci.sys F7555000 - isapnp.sys F7B0D000 - pciide.sys F77C5000 - \WINDOWS\System32\DRIVERS\PCIIDEX.SYS F7565000 - MountMgr.sys F74D9000 - ftdisk.sys F7A49000 - dmload.sys F74B5000 - dmio.sys F77CD000 - PartMgr.sys F7575000 - VolSnap.sys F749F000 - atapi.sys F7585000 - disk.sys F7595000 - \WINDOWS\System32\DRIVERS\CLASSPNP.SYS F748D000 - sr.sys F75A5000 - avgntmgr.sys F7479000 - KSecDD.sys F73F6000 - Ntfs.sys F73CE000 - NDIS.sys F73B2000 - kl1.sys F7959000 - \WINDOWS\System32\DRIVERS\TDI.SYS F739E000 - srescan.sys F7384000 - Mup.sys F75F5000 - \SystemRoot\System32\DRIVERS\processr.sys F7A0D000 - \SystemRoot\System32\DRIVERS\usbohci.sys F7306000 - \SystemRoot\System32\DRIVERS\USBPORT.SYS F780D000 - \SystemRoot\System32\DRIVERS\usbuhci.sys F7605000 - \SystemRoot\System32\Drivers\Imapi.SYS F7615000 - \SystemRoot\System32\DRIVERS\cdrom.sys F7625000 - \SystemRoot\System32\DRIVERS\redbook.sys F72E5000 - \SystemRoot\System32\DRIVERS\ks.sys F7815000 - \SystemRoot\System32\DRIVERS\fdc.sys F7635000 - \SystemRoot\System32\DRIVERS\serial.sys F7A15000 - \SystemRoot\System32\DRIVERS\serenum.sys F72D2000 - \SystemRoot\System32\DRIVERS\parport.sys F7645000 - \SystemRoot\System32\DRIVERS\i8042prt.sys F781D000 - \SystemRoot\System32\DRIVERS\kbdclass.sys F7C85000 - \SystemRoot\System32\DRIVERS\audstub.sys F7655000 - \SystemRoot\System32\DRIVERS\rasl2tp.sys F7A19000 - \SystemRoot\System32\DRIVERS\ndistapi.sys F7294000 - \SystemRoot\System32\DRIVERS\ndiswan.sys F7665000 - \SystemRoot\System32\DRIVERS\raspppoe.sys F7675000 - \SystemRoot\System32\DRIVERS\raspptp.sys F7283000 - \SystemRoot\System32\DRIVERS\psched.sys F7685000 - \SystemRoot\System32\DRIVERS\msgpc.sys F7825000 - \SystemRoot\System32\DRIVERS\ptilink.sys F782D000 - \SystemRoot\System32\DRIVERS\raspti.sys F71B6000 - \SystemRoot\System32\DRIVERS\rdpdr.sys F7695000 - \SystemRoot\System32\DRIVERS\termdd.sys F7835000 - \SystemRoot\System32\DRIVERS\mouclass.sys F76A5000 - \SystemRoot\System32\DRIVERS\stmatm.sys F7B47000 - \SystemRoot\System32\DRIVERS\swenum.sys F70F4000 - \SystemRoot\System32\DRIVERS\update.sys F76B5000 - \SystemRoot\System32\Drivers\NDProxy.SYS F76C5000 - \SystemRoot\System32\DRIVERS\usbhub.sys F7A75000 - \SystemRoot\System32\DRIVERS\USBD.SYS F7350000 - \SystemRoot\System32\DRIVERS\hidusb.sys F76D5000 - \SystemRoot\System32\DRIVERS\HIDCLASS.SYS F783D000 - \SystemRoot\System32\DRIVERS\HIDPARSE.SYS F734C000 - \SystemRoot\System32\DRIVERS\mouhid.sys F6E59000 - \SystemRoot\System32\DRIVERS\torususb.sys F7845000 - \SystemRoot\System32\DRIVERS\flpydisk.sys F76F5000 - \SystemRoot\SYSTEM32\DRIVERS\avgntdd.sys F7A79000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS F7B84000 - \SystemRoot\System32\Drivers\Null.SYS F7A7B000 - \SystemRoot\System32\Drivers\Beep.SYS F7B85000 - \SystemRoot\System32\DRIVERS\AvgAsCln.sys F7855000 - \SystemRoot\System32\drivers\vga.sys F7705000 - \SystemRoot\System32\drivers\VIDEOPRT.SYS F7A7D000 - \SystemRoot\System32\Drivers\mnmdd.SYS F7A7F000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys F785D000 - \SystemRoot\System32\Drivers\Msfs.SYS F7865000 - \SystemRoot\System32\Drivers\Npfs.SYS F79E9000 - \SystemRoot\System32\DRIVERS\rasacd.sys F7715000 - \SystemRoot\System32\DRIVERS\ipsec.sys F6DC1000 - \SystemRoot\System32\DRIVERS\tcpip.sys F6D9C000 - \SystemRoot\System32\DRIVERS\netbt.sys F6D3C000 - \SystemRoot\System32\vsdatant.sys F7725000 - \SystemRoot\System32\DRIVERS\netbios.sys F7875000 - \SystemRoot\System32\DRIVERS\ssmdrv.sys F7735000 - \SystemRoot\System32\DRIVERS\wanarp.sys F6D14000 - \SystemRoot\System32\DRIVERS\rdbss.sys F6C88000 - \SystemRoot\System32\DRIVERS\mrxsmb.sys F7745000 - \SystemRoot\System32\Drivers\Fips.SYS F7755000 - \SystemRoot\System32\DRIVERS\avipbb.sys F7B94000 - \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys F7765000 - \SystemRoot\System32\Drivers\Cdfs.SYS F6BD2000 - \SystemRoot\System32\Drivers\dump_atapi.sys F7ACD000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS BF800000 - \??\C:\WINDOWS\system32\win32k.sys F70E0000 - \??\C:\WINDOWS\system32\watchdog.sys BFF80000 - \SystemRoot\System32\drivers\dxg.sys F7C86000 - \SystemRoot\System32\drivers\dxgthk.sys BFF70000 - \SystemRoot\System32\framebuf.dll B2EA0000 - \SystemRoot\System32\drivers\afd.sys B2F30000 - \SystemRoot\System32\DRIVERS\ndisuio.sys B2C9C000 - \SystemRoot\System32\Drivers\Fastfat.SYS B29A1000 - \SystemRoot\System32\DRIVERS\mrxdav.sys F7AA1000 - \SystemRoot\System32\Drivers\ParVdm.SYS B2860000 - \SystemRoot\System32\DRIVERS\srv.sys F7C3D000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys Total number of drivers = 106 Liste des programmes installes AVG Anti-Spyware 7.5 Avira AntiVir PersonalEdition Classic BeWAN ADSL modem HijackThis 1.99.1 Microsoft Internet Explorer 6 SP1 Mozilla Firefox (2.0.0.6) WebFldrs XP ZoneAlarm Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est B834-C5E5 Répertoire de C:\Program Files 10/08/2007 21:29 <REP> . 10/08/2007 21:29 <REP> .. 10/08/2007 20:04 <REP> AntiVir PersonalEdition Classic 10/08/2007 18:00 <REP> BeWAN ADSL V1.9.0.3 10/08/2007 17:44 <REP> ComPlus Applications 10/08/2007 18:03 <REP> Fichiers communs 10/08/2007 19:46 <REP> Grisoft 10/08/2007 22:09 <REP> hijackthis 10/08/2007 18:01 <REP> Internet Explorer 10/08/2007 17:52 <REP> Messenger 10/08/2007 17:47 <REP> microsoft frontpage 10/08/2007 17:45 <REP> Movie Maker 10/08/2007 21:29 <REP> Mozilla Firefox 10/08/2007 17:44 <REP> MSN 10/08/2007 17:43 <REP> MSN Gaming Zone 10/08/2007 17:45 <REP> NetMeeting 10/08/2007 18:03 <REP> Outlook Express 10/08/2007 17:44 <REP> Services en ligne 10/08/2007 17:52 <REP> Windows Media Player 10/08/2007 17:43 <REP> Windows NT 10/08/2007 17:47 <REP> xerox 10/08/2007 19:53 <REP> Zone Labs 0 fichier(s) 0 octets 22 Rép(s) 77 270 462 464 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est B834-C5E5 Répertoire de C:\Program Files\fichiers communs 10/08/2007 18:03 <REP> . 10/08/2007 18:03 <REP> .. 10/08/2007 18:03 <REP> Microsoft Shared 10/08/2007 17:44 <REP> MSSoap 10/08/2007 18:36 <REP> ODBC 10/08/2007 18:03 <REP> Services 10/08/2007 18:36 <REP> SpeechEngines 10/08/2007 18:03 <REP> System 0 fichier(s) 0 octets 8 Rép(s) 77 270 458 368 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est B834-C5E5 Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders 10/08/2007 17:52 <REP> . 10/08/2007 17:52 <REP> .. 18/05/2001 17:57 561 209 MSONSEXT.DLL 03/06/1999 14:09 122 937 MSOWS409.DLL 07/03/2001 09:00 127 033 MSOWS40c.DLL 3 fichier(s) 811 179 octets 2 Rép(s) 77 270 458 368 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est B834-C5E5 Répertoire de C:\ 12/05/2007 18:22 68 096 diff.exe 12/05/2007 18:22 103 424 grep.exe 2 fichier(s) 171 520 octets 0 Rép(s) 77 270 458 368 octets libres c:\Documents and Settings\peio\Bureau\antivir_workstation_win7u_en_h.exe c:\Documents and Settings\peio\Bureau\avgas-setup-7.5.1.43.exe c:\Documents and Settings\peio\Bureau\Firefox Setup 2.0.0.6.exe c:\Documents and Settings\peio\Bureau\zaSetup_fr.exe c:\Documents and Settings\peio\Bureau\DiagHelp\DiagHelp\catchme.exe c:\Documents and Settings\peio\Bureau\DiagHelp\DiagHelp\diff.exe c:\Documents and Settings\peio\Bureau\DiagHelp\DiagHelp\dumphive.exe c:\Documents and Settings\peio\Bureau\DiagHelp\DiagHelp\FilesInfoCmd.exe c:\Documents and Settings\peio\Bureau\DiagHelp\DiagHelp\find2.exe c:\Documents and Settings\peio\Bureau\DiagHelp\DiagHelp\Fport.exe c:\Documents and Settings\peio\Bureau\DiagHelp\DiagHelp\grep.exe c:\Documents and Settings\peio\Bureau\DiagHelp\DiagHelp\KProcCheck.exe c:\Documents and Settings\peio\Bureau\DiagHelp\DiagHelp\LFiles.exe c:\Documents and Settings\peio\Bureau\DiagHelp\DiagHelp\LISTDLLS.exe c:\Documents and Settings\peio\Bureau\DiagHelp\DiagHelp\pslist.exe c:\Documents and Settings\peio\Bureau\DiagHelp\DiagHelp\streams.exe c:\Documents and Settings\peio\Bureau\DiagHelp\DiagHelp\swreg.exe c:\Documents and Settings\peio\Local Settings\Temporary Internet Files\Content.IE5\CP2R4HIJ\zlsSetup_70_362_000_fr[1].exe c:\Documents and Settings\All Users\Application Data\Grisoft\AVG Anti-Spyware 7.5\Downloads\help.dll ****** Fin du rapport DiagHelp HIJACKTHIS - MODE NORMAL Logfile of HijackThis v1.99.1 Scan saved at 22:09:46, on 10/08/2007 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\rundll32.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tele2.fr/startpage/adsl/fr/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O17 - HKLM\System\CCS\Services\Tcpip\..\{F31A2A83-9732-4FFF-BB5D-6B16EF767AED}: NameServer = 212.151.136.242 212.151.137.166 O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe merci d'avance pour ton aide car là je sais plus quoi faire ... peio
  7. bonsoir, j'ai eu pas mal de problème ces derniers temps et j'ai décidé de formater le disque dur de mon ordi mais j'ai l'impression que j'ai toujours quelque chose. surtout mon ordinateur s'éteint de façon intempestive j'ai d'ailleurs eu pas mal de difficultés à faire toutes les opérations. Autre info le défilement de ma page internet est très très lent ??? voici donc mon analyse antivirus, mon analyse avec ewido et le rapport hijack this. j'ai mis à jour les antivirus et ewido et j'ai fait tout ca en mode sans echec. merci de votre analyse. car là je me sens un peu dépassé ... ANALYSE ANTIVIR AntiVir PersonalEdition Classic Report file date: vendredi 10 août 2007 20:26 Scanning for 1014788 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (plain) [5.1.2600] Username: peio Computer name: PIERRE Version information: BUILD.DAT : 247 14437 Bytes 10/05/2007 11:55:00 AVSCAN.EXE : 7.0.4.15 282664 Bytes 20/04/2007 11:37:14 AVSCAN.DLL : 7.0.4.4 33832 Bytes 27/03/2007 11:31:54 LUKE.DLL : 7.0.4.11 143400 Bytes 27/03/2007 11:26:04 LUKERES.DLL : 7.0.4.0 10280 Bytes 19/03/2007 11:18:59 ANTIVIR0.VDF : 6.35.0.1 7371264 Bytes 31/05/2006 13:08:58 ANTIVIR1.VDF : 6.39.0.129 7251968 Bytes 10/07/2007 18:19:34 ANTIVIR2.VDF : 6.39.0.226 1223680 Bytes 10/08/2007 18:19:34 ANTIVIR3.VDF : 6.39.0.230 86016 Bytes 10/08/2007 18:19:34 AVEWIN32.DLL : 7.4.0.60 2716160 Bytes 10/08/2007 18:19:34 AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:26 AVPREF.DLL : 7.0.2.1 24616 Bytes 27/03/2007 11:31:50 AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24 AVPACK32.DLL : 7.3.0.15 360488 Bytes 10/08/2007 18:19:35 AVREG.DLL : 7.0.1.2 31784 Bytes 15/03/2007 08:05:08 AVEVTLOG.DLL : 7.0.0.18 86056 Bytes 27/03/2007 11:16:05 AVARKT.DLL : 1.0.0.17 278568 Bytes 02/05/2007 10:32:26 NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:42 RCIMAGE.DLL : 7.0.1.15 2228264 Bytes 13/03/2007 09:46:18 RCTEXT.DLL : 7.0.45.0 86056 Bytes 19/03/2007 11:42:42 Configuration settings for the scan: Jobname..........................: Local Hard Disks Configuration file...............: C:\Program Files\AntiVir PersonalEdition Classic\alldiscs.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: All files Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: vendredi 10 août 2007 20:26 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'guard.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'savedump.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 12 processes with 12 modules were scanned Starting master boot sector scan: Master boot sector HD0 [NOTE] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [NOTE] No virus was found! Starting to scan the registry. The registry was scanned ( '11' files ). Starting the file scan: Begin scan in 'C:\' C:\pagefile.sys [WARNING] The file could not be opened! End of the scan: vendredi 10 août 2007 20:34 Used time: 08:51 min The scan has been done completely. 635 Scanning directories 31451 Files were scanned 0 viruses and/or unwanted programs were found 0 classified as suspicious: 0 files were deleted 0 files were repaired 0 files were moved to quarantine 0 files were renamed 1 Files cannot be scanned 31451 Files not concerned 318 Archives were scanned 1 Warnings 2 Notes 0 Hidden objects were found ANALYSE EWIDO --------------------------------------------------------- AVG Anti-Spyware - Rapport d'analyse --------------------------------------------------------- + Créé à: 21:22:06 10/08/2007 + Résultat de l'analyse: HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Adware.Generic : Aucune action entreprise. HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Adware.Generic : Aucune action entreprise. HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Adware.Generic : Aucune action entreprise. HKU\S-1-5-21-1417001333-920026266-839522115-1003\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Adware.Generic : Aucune action entreprise. C:\Documents and Settings\peio\Cookies\peio@advertising[2].txt -> TrackingCookie.Advertising : Aucune action entreprise. C:\Documents and Settings\peio\Cookies\peio@bluestreak[1].txt -> TrackingCookie.Bluestreak : Aucune action entreprise. C:\Documents and Settings\peio\Cookies\peio@doubleclick[1].txt -> TrackingCookie.Doubleclick : Aucune action entreprise. C:\Documents and Settings\peio\Cookies\[email protected][1].txt -> TrackingCookie.Netflame : Aucune action entreprise. C:\Documents and Settings\peio\Cookies\[email protected][1].txt -> TrackingCookie.Overture : Aucune action entreprise. C:\Documents and Settings\peio\Cookies\[email protected][1].txt -> TrackingCookie.Overture : Aucune action entreprise. C:\Documents and Settings\peio\Cookies\peio@realmedia[1].txt -> TrackingCookie.Realmedia : Aucune action entreprise. C:\Documents and Settings\peio\Cookies\peio@smartadserver[1].txt -> TrackingCookie.Smartadserver : Aucune action entreprise. C:\Documents and Settings\peio\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : Aucune action entreprise. Fin du rapport RAPPORT HIJACKTHIS Logfile of HijackThis v1.99.1 Scan saved at 21:23:17, on 10/08/2007 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tele2.fr/startpage/adsl/fr/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  8. salut, j'ai eu pas mal de taf donc je n'ai pas trop pu bosser sur l'ordi mais voilà j'ai fait tous ce que tu m'as dit voilà le résultat : HIJACK this Logfile of HijackThis v1.99.1 Scan saved at 18:04:16, on 14/05/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\ewido anti-malware\ewidoguard.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\LXSUPMON.EXE C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\MSI\Live Update 3\LMonitor.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\CursorXP\CursorXP.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\MSI\PC Alert 4\PCAlert4.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS02 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://free.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: PC Alert 4.lnk = C:\Program Files\MSI\PC Alert 4\PCAlert4.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - http://tw.msi.com.tw/autobios/client/iftwclix.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1129670088468 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{637F1EA8-EF08-4B7E-A5D2-961B8DB72D6B}: NameServer = 212.151.136.246 212.151.137.166 O17 - HKLM\System\CS1\Services\Tcpip\..\{637F1EA8-EF08-4B7E-A5D2-961B8DB72D6B}: NameServer = 212.151.136.246 212.151.137.166 O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe EWIDO ewido anti-malware - Rapport de scan --------------------------------------------------------- + Créé le: 14:13:31, 14/05/2006 + Somme de contrôle: 23809DFC + Résultats du scan: Pas de fichiers infectés trouvés! ::Fin du rapport
  9. mon fournisseur est bien tele2 ... je n'aime pas du tout ce delus.exe ... voilà le résultat de panda ... Incident Statut Analyse Spyware:Cookie/Doubleclick No Désinfecté C:\Documents and Settings\Pierre&Ln\Application Data\Mozilla\Firefox\Profiles\z1a6634v.default\cookies.txt[.doubleclick.net/] Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\Pierre&Ln\Application Data\Mozilla\Firefox\Profiles\z1a6634v.default\cookies.txt[.xiti.com/] Spyware:Cookie/fe.lea.lycos No Désinfecté C:\Documents and Settings\Pierre&Ln\Application Data\Mozilla\Firefox\Profiles\z1a6634v.default\cookies.txt[fe.lea.lycos.fr/] Spyware:Cookie/Advertising No Désinfecté C:\Documents and Settings\Pierre&Ln\Application Data\Mozilla\Firefox\Profiles\z1a6634v.default\cookies.txt[.advertising.com/] Spyware:Cookie/Weborama No Désinfecté C:\Documents and Settings\Pierre&Ln\Application Data\Mozilla\Firefox\Profiles\z1a6634v.default\cookies.txt[.weborama.fr/] Spyware:Cookie/Weborama No Désinfecté C:\Documents and Settings\Pierre&Ln\Cookies\pierre&ln@weborama[2].txt Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\Pierre&Ln\Cookies\pierre&ln@xiti[1].txt
  10. voilà le travail ... Logfile of HijackThis v1.99.1 Scan saved at 18:59:14, on 08/05/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\LXSUPMON.EXE C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\MSI\Live Update 3\LMonitor.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\CursorXP\CursorXP.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\MSI\PC Alert 4\PCAlert4.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS02 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://free.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: PC Alert 4.lnk = C:\Program Files\MSI\PC Alert 4\PCAlert4.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - http://tw.msi.com.tw/autobios/client/iftwclix.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1129670088468 O17 - HKLM\System\CCS\Services\Tcpip\..\{637F1EA8-EF08-4B7E-A5D2-961B8DB72D6B}: NameServer = 212.151.137.166 212.151.136.242 O17 - HKLM\System\CS1\Services\Tcpip\..\{637F1EA8-EF08-4B7E-A5D2-961B8DB72D6B}: NameServer = 212.151.137.166 212.151.136.242 O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  11. voilà le résultat ... (je vais désinstaller kapersky pour ne laisser que antivir ?) Logfile of HijackThis v1.99.1 Scan saved at 18:45:33, on 08/05/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\LXSUPMON.EXE C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\MSI\Live Update 3\LMonitor.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\CursorXP\CursorXP.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\MSI\PC Alert 4\PCAlert4.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS02 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://free.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: PC Alert 4.lnk = C:\Program Files\MSI\PC Alert 4\PCAlert4.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.zebulon.fr/outils/antivirus/kav...can_unicode.cab O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - http://tw.msi.com.tw/autobios/client/iftwclix.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1129670088468 O17 - HKLM\System\CCS\Services\Tcpip\..\{637F1EA8-EF08-4B7E-A5D2-961B8DB72D6B}: NameServer = 212.151.137.166 212.151.136.242 O17 - HKLM\System\CS1\Services\Tcpip\..\{637F1EA8-EF08-4B7E-A5D2-961B8DB72D6B}: NameServer = 212.151.137.166 212.151.136.242 O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  12. salut j'ai donc repris à 0 et voilà le résultat ... je n'arrive pas à enlever la restauration systeme ce qui est vraiment embêtant car les virus peuvent du coup revenir à chaque fois ... sur le log hijackthis les lignes suivantes me posent problème : O4 - HKLM\..\RunOnce: [delus] C:\DOCUME~1\PIERRE~1\LOCALS~1\Temp\delus.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll mais bon je ne suis pas un pro et il ya aussi 2 fichiers système volume information et recycler qui sont sur c:/ et sur f:/et que je ne peux absoluemnt pas enlever .... HIJACK THIS Logfile of HijackThis v1.99.1 Scan saved at 18:04:36, on 08/05/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Documents and Settings\Pierre&Ln\Bureau\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS02 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://free.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\RunOnce: [delus] C:\DOCUME~1\PIERRE~1\LOCALS~1\Temp\delus.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: PC Alert 4.lnk = C:\Program Files\MSI\PC Alert 4\PCAlert4.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.zebulon.fr/outils/antivirus/kav...can_unicode.cab O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - http://tw.msi.com.tw/autobios/client/iftwclix.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1129670088468 O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe ANTIVIR AntiVir PersonalEdition Classic Report file date: lundi 8 mai 2006 14:46 Jobname: 'Manual Selection' Scanning for 376461 virus strains and unwanted programs. Licensed to: AntiVir PersonalEdition Classic Serial number: 0000149996-WURGE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Username: Pierre&Ln Computer name: PIERRE-HELENE Version informations: AVSCAN.EXE : 7.0.0.35 540712 21/04/2006 12:47:04 AVSCAN.DLL : 7.0.0.34 41000 05/04/2006 11:03:57 LUKE.DLL : 7.0.0.34 114728 05/04/2006 11:03:58 LUKERES.DLL : 7.0.0.34 25640 05/04/2006 11:03:58 ANTIVIR0.VDF : 6.32.0.60 4323840 02/05/2006 08:29:08 ANTIVIR1.VDF : 6.34.0.209 1930240 02/05/2006 08:29:09 ANTIVIR2.VDF : 6.34.1.42 197632 08/05/2006 12:34:23 ANTIVIR3.VDF : 6.34.1.50 15872 08/05/2006 12:34:23 AVEWIN32.DLL : 7.0.0.8 1171968 21/04/2006 15:40:14 AVPREF.DLL : 6.34.0.0 38440 18/01/2006 12:06:00 AVREP.DLL : 6.34.1.40 2400296 08/05/2006 12:34:23 AVPACK32.DLL : 7.0.0.4 335912 29/03/2006 09:44:25 AVREG.DLL : 6.31.0.90 27688 28/07/2005 10:06:36 NETNT.DLL : 6.32.0.0 6696 27/09/2005 07:56:49 NETNW.DLL : 6.32.0.0 9768 27/09/2005 07:56:49 Start of the scan: lundi 8 mai 2006 14:46 Start scanning boot sectors: Boot sector 'C:' [NOTE] No virus was found! Boot sector 'F:' [NOTE] No virus was found! Starting to scan the registry. The registry was scanned ( 55 files ). Starting the file scan: C:\pagefile.sys [WARNING] The file could not be opened! C:\Documents and Settings\NetworkService\NTUSER.DAT [WARNING] The file could not be opened! C:\Documents and Settings\NetworkService\ntuser.dat.LOG [WARNING] The file could not be opened! C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat [WARNING] The file could not be opened! C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG [WARNING] The file could not be opened! C:\Documents and Settings\Pierre&Ln\NTUSER.DAT [WARNING] The file could not be opened! C:\Documents and Settings\Pierre&Ln\ntuser.dat.LOG [WARNING] The file could not be opened! C:\Documents and Settings\Pierre&Ln\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat [WARNING] The file could not be opened! C:\Documents and Settings\Pierre&Ln\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG [WARNING] The file could not be opened! C:\Program Files\Microsoft Games\Flight Simulator 9\Scenery\Eurw\texture\LDM_rome_cityblock.bmp [WARNING] The file could not be opened! C:\WINDOWS\system32\config\default [WARNING] The file could not be opened! C:\WINDOWS\system32\config\default.LOG [WARNING] The file could not be opened! C:\WINDOWS\system32\config\SAM [WARNING] The file could not be opened! C:\WINDOWS\system32\config\SAM.LOG [WARNING] The file could not be opened! C:\WINDOWS\system32\config\SECURITY [WARNING] The file could not be opened! C:\WINDOWS\system32\config\SECURITY.LOG [WARNING] The file could not be opened! C:\WINDOWS\system32\config\software [WARNING] The file could not be opened! C:\WINDOWS\system32\config\software.LOG [WARNING] The file could not be opened! C:\WINDOWS\system32\config\system [WARNING] The file could not be opened! C:\WINDOWS\system32\config\system.LOG [WARNING] The file could not be opened! End of the scan: lundi 8 mai 2006 16:55 Used time: 2:09:43 min The scan has been done completely. 4750 Scanning directories 395778 Files were scanned 0 viruses and/or unwanted programs was found 0 files were deleted 0 files were repaired 0 files were moved to quarantine 0 files were renamed 1226 Archives were scanned 20 Warnings 0 Notes
  13. voila le rapport antivir, pour la lenteur je crois que c'est lié aux 2 antivirus ... j'installe le pare feu maintenant antivir a d'ailleurs relevé les 2 fichiers que je n'arrive pas à enlever et que je trouve suspicieux "systeme volume information " .... et recycler Creation date of the report file: lundi 8 mai 2006 11:01 AntiVir®/XP (2000 + NT) PersonalEdition Classic Build 1047 vom 07.06.2005 Mainprogram 6.31.00.03 of 10.05.2005 VDF file 6.31.1.45 (0) of 01.08.2005 This program is for PERSONAL USE only. Any other use is PROHIBITED. Informations regarding commercial versions of AntiVir may be obtained from: www.hbedv.com. Scanning for 196646 virus strains and unwanted programs. Licensed for: AntiVir Personal Edition Serial number: 0000149996-WURGE-0001 Please enter the workstation and contact name with phone number in this form: Name ___________________________________________ Street ___________________________________________ Town ___________________________________________ Phone/Fax ___________________________________________ Email ___________________________________________ Platform: Windows NT Workstation Windows version: 5.1 Build 2600 (Service Pack 2) Username: Pierre&Ln Processor: Pentium Working memory: 523764 KB free Version information: AVWIN.DLL : 6.31.00.03 561192 10.05.2005 16:50:16 AVEWIN32.DLL : 6.31.1.0 823808 19.07.2005 17:54:12 AVGNT.EXE : 6.31.00.01 168039 10.05.2005 16:50:16 AVGUARD.EXE : 6.31.00.01 238120 29.04.2005 08:07:12 GUARDMSG.DLL : 6.30.00.02 94248 01.02.2005 11:24:10 AVGCMSG.DLL : 6.31.00.00 295029 29.04.2005 08:07:16 AVGNTDW.SYS : 6.31.00.01 32896 29.04.2005 08:07:16 AVPACK32.DLL : 6.31.00.03 323664 25.05.2005 10:43:02 AVGETVER.DLL : 6.30.00.00 24576 28.01.2005 18:10:20 AVWIN.DLL : 6.31.00.03 561192 10.05.2005 16:50:16 AVSHLEXT.DLL : 6.30.00.01 40960 28.01.2005 18:10:22 AVSched32.EXE : 6.30.00.00 110632 01.02.2005 11:24:10 AVSched32.DLL : 6.30.00.00 122880 01.02.2005 11:24:10 AVREG.DLL : 6.30.00.03 41000 10.02.2005 18:47:48 AVRep.DLL : 6.31.01.40 1257512 01.08.2005 09:17:18 INETUPD.EXE : 6.31.00.02 249915 29.04.2005 08:07:14 INETUPD.DLL : 6.31.00.02 143360 29.04.2005 08:07:14 CTL3D32.DLL : 2.31.000 27136 28.08.2001 14:00:00 MFC42.DLL : 6.02.4131.0 1028096 20.08.2004 01:09:30 MSVCRT.DLL : 7.0.2600.2180 (xpsp_sp2_rtm.0408 MSVCRT.DLL : 7.0.2600.2180 343040 20.08.2004 01:09:34 CTL3DV2.DLL : No information Configuration file: Name of configuration file: C:\Program Files\AVPersonal\AVWIN.INI Name of report file: C:\Program Files\AVPersonal\LOGFILES\AVWIN.LOG Start path: C:\Program Files\AVPersonal Command line: Start mode: unknown Mode of report file: [ ] Do not create report [X] Overwrite report [ ] Append new report Data in report file: [X] Infected files [ ] Infected files with paths [ ] All scanned files [ ] Full information Abridge report file: [ ] Abridge report file Warnings in report: [X] Access denied/file locked [X] Wrong file size in directory [X] Wrong creation time in directory [ ] COM file is too large [X] Invalid start address [X] Invalid EXE header [X] Possibly damaged Summary report: [X] Create summary report Output file: AVWIN.ACT Maximum number of entries: 100 Where to search: [X] Memory [X] Boot record of selected drives [ ] Report unknown boot sectors [ ] All files [X] Program files Extensions: .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SPL .SWF .SYS .TLB .TMP .TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP Response in case of a detection: [X] Repair with prompt [ ] Repair without prompt [ ] Delete with prompt [ ] Delete without prompt [ ] Write in report file only [X] Acoustic alarm Response in case of destroyed files: [X] Delete with prompt [ ] Delete without prompt [ ] Ignore Response in case of destroyed files: [X] No change [ ] Current system time [ ] Correct date Drag&drop settings: [X] Scan subdirectories Profile settings: [X] Scan subdirectories Archive options [X] Search archive [X] All archive types Miscellaneous options: Temporary path: %TEMP% -> C:\Program Files\AVPersonal\BUILD.DAT [X] Overwrite infected files [ ] Detect idle time [X] Allow interruptions of scan [X] Load AVWin®/NT Guard on System start General settings: [X] Save options on exiting AntiVir Priority: medium Drives: A: Floppy drive C: Hard disk D: CD-ROM F: Hard disk Start of scan: lundi 8 mai 2006 11:01 Memory test OK Master boot record of hard disk HD0 OK Master boot record of hard disk HD1 OK Boot record of drive C: OK Boot record of drive F: OK C:\ pagefile.sys Access denied! Error during file opening! This is a Windows swap file. This file is locked by Windows. Error code: 0x000D WARNING! Access error/file locked! C:\Program Files\Macromedia\Flash 5\Lecteurs Flash 5 Player Installer.hqx ArchiveType: BinHex (Mac) NOTE! No files to extract. C:\Program Files\Macromedia\Flash 5\Lecteurs\Debug Flash 5 Player Installer.hqx ArchiveType: BinHex (Mac) NOTE! No files to extract. C:\Program Files\Macromedia\Flash 5\Lecteurs\Release Flash 5 Player Installer.hqx ArchiveType: BinHex (Mac) NOTE! No files to extract. C:\Program Files\WinRAR rarnew.dat ArchiveType: RAR NOTE! The archive is created by multiple volumes Error! Could not change directory: System Volume Information C:\WINDOWS\system32\config default Access denied! Error during file opening! Error code: 0x000D WARNING! Access error/file locked! SAM Access denied! Error during file opening! Error code: 0x000D WARNING! Access error/file locked! SECURITY Access denied! Error during file opening! Error code: 0x000D WARNING! Access error/file locked! software Access denied! Error during file opening! Error code: 0x000D WARNING! Access error/file locked! system Access denied! Error during file opening! Error code: 0x000D WARNING! Access error/file locked! Error! Could not change directory: System Volume Information End of scan: lundi 8 mai 2006 11:39 Time taken: 38:09 min 4806 directories were scanned 82893 files were scanned 6 warning messages were issued 0 files were deleted 0 files were repaired 0 detections
  14. bonjour, voici le rapport ewido, pour la restauration du syqtème je ne peux pas l'effectuer ni en mode sans echec ni en mode normal il me dit qu'il a un pb de lecteur .... merci de ton aide car la mon ordi il rame grave ... -------------------------------------------------------- ewido anti-malware - Rapport de scan --------------------------------------------------------- + Créé le: 23:22:06, 07/05/2006 + Somme de contrôle: 4360243 + Résultats du scan: HKLM\SOFTWARE\Classes\CLSID\{8E13DDE1-E013-47ec-9C4C-27C2F78BDD26} -> Trojan.Conhook.c : Nettoyer et sauvegarder C:\WINDOWS\NDNuninstall7_22.exe -> Adware.NewDotNet : Nettoyer et sauvegarder ::Fin du rapport
  15. bonjour à tous, malgrès un antivirus à jour, je crois que la lenteur de mon ordinateur ne pouvez pas s'expliquer uniquement par son age et la quantité d'information. J'ai donc après avoir suivi le cheminement classique édité un rapport hijackthis pour analyse. Mon antivirus kapersky ne trouvait rien, c'est pourquoi j'ai installé ewido qui m'a trouvé trojan conhooh.c . il a été supprimé mais j'ai un problème je ne peux pas désactiver la restauration de mon système ??? et 2 fichiers SYteme volume et recyclers quise situe sur un disque externe et sur c ne sont pas enlevable et me paraissent suspicieux ... merci donc de votre aide car j'ai un peu du mal à m'en sortir tout seul, n'étant pas un informaticien aguérrit ... peio Logfile of HijackThis v1.99.1 Scan saved at 23:36:20, on 07/05/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Documents and Settings\Pierre&Ln\Bureau\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS02 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://free.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: PC Alert 4.lnk = C:\Program Files\MSI\PC Alert 4\PCAlert4.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.zebulon.fr/outils/antivirus/kav...can_unicode.cab O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - http://tw.msi.com.tw/autobios/client/iftwclix.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1129670088468 O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
×
×
  • Créer...