Aller au contenu

philbern95

Membres
  • Compteur de contenus

    38
  • Inscription

  • Dernière visite

Profile Information

  • Sexe
    Male
  • Localisation
    Ezanville - 95
  • Intérêts
    cinéma blues bouquins naturo

Autres informations

  • Mes langues
    français; notions :anglais-espagnol-portugais Brésil

philbern95's Achievements

Member

Member (4/12)

0

Réputation sur la communauté

  1. Merci fifi29; c'est exactement ce que j'ai fait!!! Les grands esprits se rencontrent!! Ayant xp-Antispy V3.97-1, je viens d'installer Usb-set. Merci de la réactivité et excellente journée à toi. je réponds à Wullfk puis j'édite le premier message pour marquer "Résolu" Merci de la réactivité et excellente journée à toi. j'édite le premier message pour marquer "Résolu"
  2. Bonjour à tous et à toutes, je souhaite installer et utiliser "Usb-set" de Loup Blanc ,suite à la lecture, parfois un peu complexe pour moi, de l'excellent article de Gof. L'installation ne peut se faire car "windows script Host" est désactivé. Comment le réactiver? Je suis sous XP Pro SP3. Merci d'avance.
  3. De rien titeuf2487, ce n'est qu'une modeste participation en remerciement des fois où j'ai demandé et obtenu de l'aide ici. et merci à Falkra pour le lien sur son tuto. J'en ai tenu compte en rectifiant à l'instant l'intitulé de mon post! . @+
  4. Bonjour à tous et à toutes, Il semble que la mise à jour automatique rencontre quelques difficultés !! Vous pouvez effectuer une mise à jour manuelle en allant la récupérer à cette adresse [je vous conseille de la mettre dans vos favoris (ie), signets (Opera), marque page (FireFox)] : Avira Antivirus | Logiciel antivirus pour Windows et Unix Une fois sur cette page, en bas à droite, dans le pavé "VDF UPDATE" cliquez sur "En savoir plus sur VDF et IVDF". Vous arrivez sur une 2° page, le 2° paragraphe : "Mise à jour AntiVir VDF incrémentielle (IVDF) (Unicode)" est le bon!! Cliquez sur "Télécharger IVDF (unicode)" . Enregistrer ce fichier (où vous avez l'habitude de copier vos téléchargements ) Démarrez Avira Antivir, cliquez sur "Mise à jour" puis sur "Mise à jour manuelle..." Indiquez le dossier de téléchargement contenant le fichier "ivdf_fusebundle_nt_en.zip". Avira le décompresse, l'installe et vous êtes à nouveau à jour ! Bonne journée à tous et à toutes. @++
  5. bonsoir morron2 et merci des réponses. Après avoir suivi les différentes pistes, sans succès, c'est finalement "autofix" de Microsoft qui résolu mon soucis. Voici le lien : que pour Windows XP http://www.microsoft.com/downloads/details...mp;Hash=944HJC4 Encore merci, cordialement philippe
  6. salut fifi29! je n'ai pas besoin de le déclarer : carte sd automatiquement reconnu par windows c'est comme si, via le cable usb, la carte sd communique avec le pc.
  7. Bonjour à tous et à toutes Je fais de la photos numérique et quand je branche mon matos (Dimage Z3 de Konica-Minolta) sur mon ordi, l'assistant import de Windows (XP Pro SP3) se lance automatiquement. Or, sur l'ordi de ma compagne (win xp pro sp3) cette fonction ne se lance pas. Bien sur que je peux copier les photos et les renommer avec XnView, seulement c'est fastidieux!! Quelle (s) manip (s) faire pour que se soit automatique dès la connection de mon appareil? Merci de vos réponses.
  8. En effet il n'y a plus rien du tout! je vais faire un ghost après avoir défragmenté!!! Je vais mettre "résolu" en tête du message. Merci de ton aide et que ce début de soirée ainsi que la suite te soit doux et serein! Philippe
  9. voici les logs demandés Pear : All processes killed ========== PROCESSES ========== No active process named explorer.exe was found! ========== FILES ========== File/Folder c:\windows\system32\ups.exe not found. ========== REGISTRY ========== Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UPS\ deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: aTinou ->Temp folder emptied: 32768 bytes ->Temporary Internet Files folder emptied: 3578276 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 27884389 bytes ->Opera cache emptied: 104647483 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: LocalService ->Temp folder emptied: 0 bytes File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. ->Temporary Internet Files folder emptied: 32902 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 2838207 bytes %systemroot%\System32 .tmp files removed: 3072 bytes File delete failed. C:\WINDOWS\temp\ZLT063a1.TMP scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\ZLT063a4.TMP scheduled to be deleted on reboot. Windows Temp folder emptied: 512 bytes RecycleBin emptied: 3120610 bytes Total Files Cleaned = 135,55 mb OTM by OldTimer - Version 3.0.0.5 log created on 07192009_191054 Files moved on Reboot... File C:\WINDOWS\temp\ZLT063a1.TMP not found! File C:\WINDOWS\temp\ZLT063a4.TMP not found! Registry entries deleted on Reboot... Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:39:54, on 19/07/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\wltrysvc.exe C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\notepad.exe C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Norton Ghost\Agent\VProTray.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\wltray.exe C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe C:\Program Files\SuperCopier2\SuperCopier2.exe C:\Program Files\RamBoost XP\rambxpfr.exe C:\Program Files\SpywareGuard\sgmain.exe C:\Program Files\SpywareGuard\sgbhp.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\CDBurnerXP\NMSAccessU.exe C:\Program Files\Norton Ghost\Agent\VProSvc.exe C:\Program Files\Spyware Terminator\sp_rsser.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Opera\opera.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_BAND_SEARCHBAR_HTML R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = ie8 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll O4 - HKLM\..\Run: [spywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [Norton Ghost 12.0] "C:\Program Files\Norton Ghost\Agent\VProTray.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [wltray.exe] C:\WINDOWS\system32\wltray.exe O4 - HKLM\..\Run: [smartDefrag] "C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /StartUp O4 - HKCU\..\Run: [superCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe O4 - HKCU\..\Run: [RamBoostXp] C:\Program Files\RamBoost XP\rambxpfr.exe O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O4 - Startup: SpywareBlaster.lnk = C:\Program Files\SpywareBlaster\spywareblaster.exe O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe -- End of file - 6842 bytes
  10. Bonjour Pear, merci encore une fois de votre célérité! voici le rapport demandé : SDFix: Version 1.240 Run by aTinou on 19/07/2009 at 18:32 Microsoft Windows XP [version 5.1.2600] Running From: C:\SDFix Checking Services : Restoring Default Security Values Restoring Default Hosts File Rebooting Checking Files : No Trojan Files Found Removing Temp Files ADS Check : Final Check : catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-07-19 18:39:25 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" Remaining Files : Files with Hidden Attributes : Thu 5 Jun 2003 24,576 A..H. --- "C:\Program Files\RamBoost XP\StopRam.exe" Mon 26 Jan 2009 1,740,632 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe" Mon 26 Jan 2009 5,365,592 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" Thu 5 Mar 2009 2,260,480 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" Mon 1 Dec 2008 124,416 ...H. --- "C:\Documents and Settings\aTinou\Application Data\Microsoft\Word\~WRL0005.tmp" Fri 10 Apr 2009 29,696 ...H. --- "C:\Documents and Settings\aTinou\Application Data\Microsoft\Word\~WRL0432.tmp" Fri 10 Apr 2009 30,720 ...H. --- "C:\Documents and Settings\aTinou\Application Data\Microsoft\Word\~WRL0453.tmp" Mon 1 Dec 2008 124,416 ...H. --- "C:\Documents and Settings\aTinou\Application Data\Microsoft\Word\~WRL0573.tmp" Fri 10 Apr 2009 28,160 ...H. --- "C:\Documents and Settings\aTinou\Application Data\Microsoft\Word\~WRL0606.tmp" Fri 10 Apr 2009 31,744 ...H. --- "C:\Documents and Settings\aTinou\Application Data\Microsoft\Word\~WRL0620.tmp" Sat 14 Mar 2009 138,752 ...H. --- "C:\Documents and Settings\aTinou\Application Data\Microsoft\Word\~WRL0799.tmp" Fri 10 Apr 2009 31,232 ...H. --- "C:\Documents and Settings\aTinou\Application Data\Microsoft\Word\~WRL0943.tmp" Mon 1 Dec 2008 131,584 ...H. --- "C:\Documents and Settings\aTinou\Application Data\Microsoft\Word\~WRL1222.tmp" Fri 28 Nov 2008 84,480 ...H. --- "C:\Documents and Settings\aTinou\Application Data\Microsoft\Word\~WRL1399.tmp" Sat 14 Mar 2009 141,312 ...H. --- "C:\Documents and Settings\aTinou\Application Data\Microsoft\Word\~WRL1730.tmp" Fri 28 Nov 2008 84,992 ...H. --- "C:\Documents and Settings\aTinou\Application Data\Microsoft\Word\~WRL1867.tmp" Sat 14 Mar 2009 141,312 ...H. --- "C:\Documents and Settings\aTinou\Application Data\Microsoft\Word\~WRL2164.tmp" Fri 10 Apr 2009 29,696 ...H. --- "C:\Documents and Settings\aTinou\Application Data\Microsoft\Word\~WRL2240.tmp" Fri 10 Apr 2009 33,792 ...H. --- "C:\Documents and Settings\aTinou\Application Data\Microsoft\Word\~WRL2325.tmp" Fri 28 Nov 2008 84,992 ...H. --- "C:\Documents and Settings\aTinou\Application Data\Microsoft\Word\~WRL2447.tmp" Fri 10 Apr 2009 29,696 ...H. --- "C:\Documents and Settings\aTinou\Application Data\Microsoft\Word\~WRL2630.tmp" Fri 10 Apr 2009 29,696 ...H. --- "C:\Documents and Settings\aTinou\Application Data\Microsoft\Word\~WRL3404.tmp" Mon 1 Dec 2008 128,000 ...H. --- "C:\Documents and Settings\aTinou\Application Data\Microsoft\Word\~WRL3756.tmp" Fri 10 Apr 2009 31,232 ...H. --- "C:\Documents and Settings\aTinou\Application Data\Microsoft\Word\~WRL3757.tmp" Fri 10 Apr 2009 30,208 ...H. --- "C:\Documents and Settings\aTinou\Application Data\Microsoft\Word\~WRL3836.tmp" Fri 10 Apr 2009 27,648 ...H. --- "C:\Documents and Settings\aTinou\Application Data\Microsoft\Word\~WRL4042.tmp" Finished!
  11. Bonjour à tous et merci d'avance à celui ou celle qui m'aidera. J'ai lancé ZHP et HijackThis (versions à jour) et voici les log correspondants : Zeb Help Process 2 by Nicolas Coolman - Rapport de synthèse du 19/07/2009 17:48:09 INFORMATION NOTE : Toutes les lignes du rapport sont traitées INFECTION IDENTIFIEE Liste disponible seulement en version Helper PROCESSUS MALWARE (Rootkit, trojan, ver, spyware, adware,...) O23 - Service: UPS - Unknown owner - C:\WINDOWS\System32\ups.exe (file missing) SCRIPT DE DESINFECTION (Base de Registres) Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UPS] SCRIPT DE SUPPRESSION DE FICHIER c:\windows\system32\ups.exe MISE A JOUR DE PRODUIT O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') PROTECTION DU SYSTEME (Antivirus, FireWall, Anti-Malwares) ZoneLabs®ZoneAlarm Avira®AntiVir PersonalEdition Avira®AntiVir PersonalEdition/Desktop Crawler®Spyware Terminator Avira AntiVir PersonalEdition/Desktop Javacool®SpywareGuard Avira AntiVir Desktop RAPPORT SIMPLIFIE C:\WINDOWS\system32\csrss.exe O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O23 - Service: UPS - Unknown owner - C:\WINDOWS\System32\ups.exe (file missing) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:46:08, on 19/07/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\System32\wltrysvc.exe C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\CDBurnerXP\NMSAccessU.exe C:\Program Files\Norton Ghost\Agent\VProSvc.exe C:\Program Files\Spyware Terminator\sp_rsser.exe C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Norton Ghost\Agent\VProTray.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\wltray.exe C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe C:\Program Files\SuperCopier2\SuperCopier2.exe C:\Program Files\RamBoost XP\rambxpfr.exe C:\WINDOWS\System32\alg.exe C:\Program Files\SpywareGuard\sgmain.exe C:\Program Files\SpywareGuard\sgbhp.exe C:\Program Files\Outlook Express\msimn.exe C:\Program Files\Opera\opera.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ZebHelpProcess\ZHP2.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_BAND_SEARCHBAR_HTML R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = ie8 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll O4 - HKLM\..\Run: [spywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [Norton Ghost 12.0] "C:\Program Files\Norton Ghost\Agent\VProTray.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [wltray.exe] C:\WINDOWS\system32\wltray.exe O4 - HKLM\..\Run: [smartDefrag] "C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /StartUp O4 - HKCU\..\Run: [superCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe O4 - HKCU\..\Run: [RamBoostXp] C:\Program Files\RamBoost XP\rambxpfr.exe O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O4 - Startup: SpywareBlaster.lnk = C:\Program Files\SpywareBlaster\spywareblaster.exe O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe O23 - Service: UPS - Unknown owner - C:\WINDOWS\System32\ups.exe (file missing) O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe -- End of file - 6977 bytes
  12. merci des liens! (lors de la désinfection effectuée avec Pear la restauration système et l'uac ont été désactivées: elles le sont toujours) ccleaner passé - 225 Mo environ supprimés (case fichiers temp de + de 48h décochée) et registre corrigé puis mise à jour antivir et scan. voici son rapport : Avira AntiVir Personal Report file date: samedi 25 avril 2009 20:03 Scanning for 1364969 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows Vista Windows version: (Service Pack 1) [6.0.6001] Boot mode: Normally booted Username: SYSTEM Computer name: PC-DE-JULIETTE Version information: BUILD.DAT : 8.2.0.347 16934 Bytes 16/03/2009 14:45:00 AVSCAN.EXE : 8.1.4.10 315649 Bytes 25/11/2008 19:58:48 AVSCAN.DLL : 8.1.4.0 40705 Bytes 17/07/2008 20:36:44 LUKE.DLL : 8.1.4.5 164097 Bytes 17/07/2008 20:36:47 LUKERES.DLL : 8.1.4.0 12033 Bytes 17/07/2008 20:36:47 ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 15:53:58 ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 11/02/2009 19:39:40 ANTIVIR2.VDF : 7.1.3.63 1588224 Bytes 16/04/2009 20:41:01 ANTIVIR3.VDF : 7.1.3.109 144896 Bytes 25/04/2009 17:46:21 Engineversion : 8.2.0.156 AEVDF.DLL : 8.1.1.0 106868 Bytes 30/01/2009 19:56:52 AESCRIPT.DLL : 8.1.1.77 381306 Bytes 24/04/2009 08:11:02 AESCN.DLL : 8.1.1.10 127348 Bytes 04/04/2009 17:02:12 AERDL.DLL : 8.1.1.3 438645 Bytes 06/11/2008 20:33:14 AEPACK.DLL : 8.1.3.14 397685 Bytes 17/04/2009 20:42:28 AEOFFICE.DLL : 8.1.0.36 196987 Bytes 27/02/2009 13:58:44 AEHEUR.DLL : 8.1.0.122 1737080 Bytes 25/04/2009 17:46:23 AEHELP.DLL : 8.1.2.2 119158 Bytes 27/02/2009 13:58:43 AEGEN.DLL : 8.1.1.39 348532 Bytes 24/04/2009 08:10:59 AEEMU.DLL : 8.1.0.9 393588 Bytes 15/10/2008 16:47:20 AECORE.DLL : 8.1.6.9 176500 Bytes 14/04/2009 20:40:52 AEBB.DLL : 8.1.0.3 53618 Bytes 15/10/2008 16:47:18 AVWINLL.DLL : 1.0.0.12 15105 Bytes 17/07/2008 20:36:45 AVPREF.DLL : 8.0.2.0 38657 Bytes 17/07/2008 20:36:44 AVREP.DLL : 8.0.0.3 155688 Bytes 20/04/2009 21:12:30 AVREG.DLL : 8.0.0.1 33537 Bytes 17/07/2008 20:36:44 AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23 AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 17/07/2008 20:36:44 SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02 SMTPLIB.DLL : 1.2.0.23 28929 Bytes 17/07/2008 20:36:47 NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10 RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 17/07/2008 20:36:37 RCTEXT.DLL : 8.0.52.0 86273 Bytes 17/07/2008 20:36:37 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, E:, Process scan.....................: on Scan registry....................: on Search for rootkits..............: on Scan all files...................: All files Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox, Macro heuristic..................: on File heuristic...................: high Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR, Start of the scan: samedi 25 avril 2009 20:03 Starting search for hidden objects. '87139' objects were checked, '0' hidden objects were found. The scan of running processes will be started Scan process 'SearchFilterHost.exe' - '1' Module(s) have been scanned Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'SearchProtocolHost.exe' - '1' Module(s) have been scanned Scan process 'SynTPHelper.exe' - '1' Module(s) have been scanned Scan process 'soffice.bin' - '1' Module(s) have been scanned Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned Scan process 'soffice.exe' - '1' Module(s) have been scanned Scan process 'CEC_MAIN.exe' - '1' Module(s) have been scanned Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned Scan process 'unsecapp.exe' - '1' Module(s) have been scanned Scan process 'ehmsas.exe' - '1' Module(s) have been scanned Scan process 'wmpnscfg.exe' - '1' Module(s) have been scanned Scan process 'ehtray.exe' - '1' Module(s) have been scanned Scan process 'TOSCDSPD.exe' - '1' Module(s) have been scanned Scan process 'jusched.exe' - '1' Module(s) have been scanned Scan process 'SpywareTerminatorShield.Exe' - '1' Module(s) have been scanned Scan process 'CloneCDTray.exe' - '1' Module(s) have been scanned Scan process 'zlclient.exe' - '0' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'TCrdMain.exe' - '1' Module(s) have been scanned Scan process 'TPwrMain.exe' - '1' Module(s) have been scanned Scan process 'XAudio.exe' - '1' Module(s) have been scanned Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'ULCDRSvr.exe' - '1' Module(s) have been scanned Scan process 'traybar.exe' - '1' Module(s) have been scanned Scan process 'TosIPCSrv.exe' - '1' Module(s) have been scanned Scan process 'TosCoSrv.exe' - '1' Module(s) have been scanned Scan process 'TODDSrv.exe' - '1' Module(s) have been scanned Scan process 'TNaviSrv.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'sp_rsser.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned Scan process 'taskeng.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'RtHDVCpl.exe' - '1' Module(s) have been scanned Scan process 'MSASCui.exe' - '1' Module(s) have been scanned Scan process 'CFSvcs.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'taskeng.exe' - '1' Module(s) have been scanned Scan process 'dwm.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'vsmon.exe' - '0' Module(s) have been scanned Scan process 'Ati2evxx.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'SLsvc.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'audiodg.exe' - '0' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'Ati2evxx.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'PresentationFontCache.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'lsm.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'wininit.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 66 processes with 66 modules were scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Boot sector 'E:\' [iNFO] No virus was found! Starting to scan the registry. The registry was scanned ( '45' files ). Starting the file scan: Begin scan in 'C:\' <Vista> C:\pagefile.sys [WARNING] The file could not be opened! Begin scan in 'E:\' <Data> End of the scan: samedi 25 avril 2009 20:46 Used time: 42:17 Minute(s) The scan has been done completely. 18414 Scanning directories 333485 Files were scanned 0 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 0 files were moved to quarantine 0 files were renamed 1 Files cannot be scanned 333484 Files not concerned 2108 Archives were scanned 1 Warnings 0 Notes 87139 Objects were scanned with rootkit scan 0 Hidden objects were found
  13. je viens d'essayer en désactivant za et st : cela ne change strictement rien désolé
  14. merci, j'ai trouvé ceci : 1 : Erreur 25/04/2009 12:03:53 CodeIntegrity 3002 (1) Nom du journal :Microsoft-Windows-CodeIntegrity/Operational Source : Microsoft-Windows-CodeIntegrity Date : 25/04/2009 12:03:53 ID de l'événement :3002 Catégorie de la tâche :(1) Niveau : Erreur Mots clés : Utilisateur : PC-de-juliette\juliette Ordinateur : PC-de-juliette Description : Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys car le jeu de hachages d’images par page n’a pas été trouvé sur le système. XML de l’événement : <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">'>http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Microsoft-Windows-CodeIntegrity" Guid="{4ee76bd8-3cf4-44a0-a0ac-3937643e37a3}" /> <EventID>3002</EventID> <Version>0</Version> <Level>2</Level> <Task>1</Task> <Opcode>102</Opcode> <Keywords>0x8000000000000000</Keywords> <TimeCreated SystemTime="2009-04-25T10:03:53.064Z" /> <EventRecordID>4302</EventRecordID> <Correlation /> <Execution ProcessID="2484" ThreadID="3480" /> <Channel>Microsoft-Windows-CodeIntegrity/Operational</Channel> <Computer>PC-de-juliette</Computer> <Security UserID="S-1-5-21-595826208-618481487-2886095050-1000" /> </System> <EventData> <Data Name="FileNameLength">58</Data> <Data Name="FileNameBuffer">\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys</Data> </EventData> </Event> 2 : Échec de l'audit 25/04/2009 12:03:52 Microsoft Windows security auditing. 5038 Intégrité du système Nom du journal :Security Source : Microsoft-Windows-Security-Auditing Date : 25/04/2009 12:03:52 ID de l'événement :5038 Catégorie de la tâche :Intégrité du système Niveau : Information Mots clés : Échec de l'audit Utilisateur : N/A Ordinateur : PC-de-juliette Description : L’intégrité du code a déterminé que le hachage de l’image d’un fichier n’est pas valide. Le fichier peut être endommagé en raison d’une modification non autorisée ou le hachage non valide peut indiquer une erreur d’unité de disque potentielle. Nom du fichier : \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys XML de l’événement : <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-a5ba-3e3b0328c30d}" /> <EventID>5038</EventID> <Version>0</Version> <Level>0</Level> <Task>12290</Task> <Opcode>0</Opcode> <Keywords>0x8010000000000000</Keywords> <TimeCreated SystemTime="2009-04-25T10:03:52.908Z" /> <EventRecordID>29113</EventRecordID> <Correlation /> <Execution ProcessID="4" ThreadID="3156" /> <Channel>Security</Channel> <Computer>PC-de-juliette</Computer> <Security /> </System> <EventData> <Data Name="param1">\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys</Data> </EventData> </Event>
  15. Bonjour fifi29, merci de la réponse, le (les) problème (s) était (aient ! ) déjà présent (s) avant l'installation de spyware terminator . Ceci dit je peux le désactiver si vous l'estimez utile et nécessaire. Merci de vos conseils et n'oubliez pas que je ne maitrise pas vista étant sous xp sp3
×
×
  • Créer...