Aller au contenu

spectro

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    13

  • Inscription

  • Dernière visite

spectro's Achievements

Junior Member

Junior Member (3/12)

0

Réputation sur la communauté

  1. spectro
    Merci. Suppression réussie. @+
  2. spectro
    Bonsoir, Ce sujet est traité sur Google et sur Zebulon, donc je risque d'agacer quelques uns, mais vu les contradictions, je préfère mettre "un coup de sécurité". Après avoir réparé mon système d'exploitation, je constate en SET UP que j'ai 2 systèmes d'exploitation identiques "Windows XP Edition familiale". Je démarre avec le premier (le second est H.S faut d'un DL racine). Comment supprimer ce second ? Je vous fournis mon boot.ini afin que vous me disiez quelle ligne supprimer en toute sécurité. Mon système d'exploitation par défaut d'après le panneau "démarrage et récupération" est Microsoft windows XP edition familiale /fastdetect. Est-ce bien le premier sous lequel j'ai démarré ? Merci d'avance. [boot loader] timeout=30 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP �dition familiale" /fastdetect multi(0)disk(0)rdisk(0)partition(0)\WINDOWS="Microsoft Windows XP �dition familiale" /fastdetect /no Execute : optIn
  3. spectro

    PC qui s'emballe au démarrage

    spectro a répondu à un(e) sujet de spectro dans Software

    J'avais effectivement 1 doct en attente : 1 icone windows avec le titre "entretien". J'ai certainement effectué une mauvaise manip. Je réinstallerai mon pilote d'imprimante demain. Désormais tout devrait rentrer dans l'ordre. je vous remercie tous les 2. J'ai passé des heures à chercher et voilà que je découvre que c'est mon imprimante qui est concernée ! ZEBULON est un excellent site que je recommanderai vivement. Bonne nuit et encore merci.
  4. spectro

    PC qui s'emballe au démarrage

    spectro a répondu à un(e) sujet de spectro dans Software

    Je vais vérifier tout çà. Je vous tiens bien sûr au courant...
  5. spectro

    PC qui s'emballe au démarrage

    spectro a répondu à un(e) sujet de spectro dans Software

    speedweb 1 J'ai déjà fait tout çà comme je l'expliquai dans mon post d'entrée. J'ai bien envie de nettoyer le dossier imprimante et d'en réinstaller qu'une seule ?????
  6. spectro

    PC qui s'emballe au démarrage

    spectro a répondu à un(e) sujet de spectro dans Software

    Je crois que j'avais au moins 2 imprimantes différentes + imprimantes en "copie". Dont 2 en mode prêt. Je suis allé vérifié tout à l'heure lorsque tu m'as mis sur la piste. Mais je n'ai rien fait d'initiative. J'ai attendu tes instructions. Que faire donc ?
  7. spectro

    PC qui s'emballe au démarrage

    spectro a répondu à un(e) sujet de spectro dans Software

    YES Speedweb1 ! Ventilo stoppé. j'ai retrouvé le silence du "mode sans échec" même s'il a tendance à se rallumer plus rapidement qu'à l'accoutumée. Mais c'est que du bonheur. 33 processus UC 5 % Rubrique "Nom image" : "Processus inactif 98 %" Je te laisse me guider pour analyser ce fichu spooler. (de mémoire, c'était un peu le bins dans le panneau "imprimantes et télécopieurs).
  8. spectro

    PC qui s'emballe au démarrage

    spectro a répondu à un(e) sujet de spectro dans Software

    Bonsoir, merci pour la prise en charge. 34 processus en cours UC : 100 % Rubrique "Nom de l'image" : spoolsv.exe utilise 98 % Voilà....
  9. spectro
    Bonsoir, Le forum sécurité de ZEBULON, après m'avoir pris en charge et interprété mes rapports Antivir, Hijackthis, et silentrunner, me dirige vers vous car mon problème relève selon leur diagnostic, davantage de votre domaine. Mon souci est le suivant. J'ai été infecté alors que j'étais sous Bitdefender aujourd'hui désintallé. Tout depuis a été nettoyé avec Kaspersky. Mais un problème majeur demeure: A partir du démarrage, mon ventilateur est constamment en route comme-ci d'autres applications sournoises sollicitaient ma machine. Pouvez-vous m'éclairer ? Merci d'avance.
  10. spectro
    Bonsoir Bruce Lee, Merci de me venir en aide. Le rapport est le suivant. @+ "Silent Runners.vbs", revision 47, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "DadApp" = "C:\Program Files\Dell\AccessDirect\dadapp.exe" [null data] "DVDSentry" = "C:\WINDOWS\System32\DSentry.exe" ["Dell - Advanced Desktop Engineering"] "CloneCDTray" = ""C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s" ["SlySoft, Inc."] "IMJPMIG8.1" = ""C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32" [MS] "IMEKRMIG6.1" = "C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [MS] "MSPY2002" = "C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC" [null data] "PHIME2002ASync" = "C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC" [MS] "PHIME2002A" = "C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName" [MS] "NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"] "ATIModeChange" = "Ati2mdxx.exe" ["ATI Technologies, Inc."] "ATIPTA" = "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" ["ATI Technologies, Inc."] "Gnetmous" = "C:\Program Files\Samsung\Samsung Optical Wheel Mouse\gnetmous.exe" [" "] "DTVRemote" = ""C:\Program Files\LifeView DTV\RemoteControl.exe"" [empty string] "iTunesHelper" = ""C:\Program Files\iTunes\iTunesHelper.exe"" ["Apple Computer, Inc."] "QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."] "kav" = ""C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"" ["Kaspersky Lab"] "XoftSpy" = "C:\Program Files\XoftSpy\XoftSpy.exe -s" ["ParetoLogic Inc."] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "AcroIEHlprObj Class" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"] {53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided) -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...CLSID} = "SSVHelper Class" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" = "OpenOffice.org Column Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll"" ["Sun Microsystems, Inc."] "{087B3AE3-E237-4467-B8DB-5A38AB959AC9}" = "OpenOffice.org Infotip Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll"" ["Sun Microsystems, Inc."] "{63542C48-9552-494A-84F7-73AA6A7C99C1}" = "OpenOffice.org Property Sheet Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll"" ["Sun Microsystems, Inc."] "{3B092F0C-7696-40E3-A80F-68D74DA84210}" = "OpenOffice.org Thumbnail Viewer" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll"" ["Sun Microsystems, Inc."] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler" -> {HKLM...CLSID} = "Outlook File Icon Extension" \InProcServer32\(Default) = "D:\FILES\PFILES\MSOFFICE\OFFICE10\OLKFSTUB.DLL" [file not found] "{e57ce731-33e8-4c51-8354-bb4de9d215d1}" = "Périphériques Plug and Play universels" -> {HKLM...CLSID} = "Périphériques Plug and Play universels" \InProcServer32\(Default) = "C:\WINDOWS\system32\upnpui.dll" [MS] "{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band" -> {HKLM...CLSID} = "Shell Search Band" \InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS] "{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes" -> {HKLM...CLSID} = "iTunes" \InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Computer, Inc."] "{26F05DD3-6EDC-48C8-B2D6-8754AB9B0F8B}" = "AntiSpywarePopMenu Shell Extension" -> {HKLM...CLSID} = "AntiSpywarePopMenu ContextMenu Shell Extension" \InProcServer32\(Default) = "C:\PROGRA~1\Defenza\ANTISP~1.DLL" [empty string] "{85E0B171-04FA-11D1-B7DA-00A0C90348D6}" = "Antivirus Internet" -> {HKLM...CLSID} = "Antivirus Internet" \InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll" ["Kaspersky Lab"] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ INFECTION WARNING! klogon\DLLName = "C:\WINDOWS\system32\klogon.dll" ["Kaspersky Lab"] HKLM\Software\Classes\PROTOCOLS\Filter\ INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\(Default) = "OpenOffice.org Column Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll"" ["Sun Microsystems, Inc."] {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."] HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ AntiSpywarePopMenu\(Default) = "{26F05DD3-6EDC-48C8-B2D6-8754AB9B0F8B}" -> {HKLM...CLSID} = "AntiSpywarePopMenu ContextMenu Shell Extension" \InProcServer32\(Default) = "C:\PROGRA~1\Defenza\ANTISP~1.DLL" [empty string] Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\shellex.dll" ["Kaspersky Lab"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ AntiSpywarePopMenu\(Default) = "{26F05DD3-6EDC-48C8-B2D6-8754AB9B0F8B}" -> {HKLM...CLSID} = "AntiSpywarePopMenu ContextMenu Shell Extension" \InProcServer32\(Default) = "C:\PROGRA~1\Defenza\ANTISP~1.DLL" [empty string] Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\shellex.dll" ["Kaspersky Lab"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] Active Desktop and Wallpaper: ----------------------------- Active Desktop is enabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ "Wallpaper" = "E:\DCIM\104CANON\IMG_0408.JPG" Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\0\ "SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS] Startup items in "ludwig" & "All Users" startup folders: -------------------------------------------------------- C:\Documents and Settings\ludwig\Menu Démarrer\Programmes\Démarrage "OpenOffice.org 2.0" -> shortcut to: "C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe" [null data] C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage "Digital Line Detect" -> shortcut to: "C:\Program Files\Digital Line Detect\DLG.exe" ["BVRP Software"] "Lancement rapide d'Adobe Reader" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"] Enabled Scheduled Tasks: ------------------------ "Symantec NetDetect" -> launches: "C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE" ["Symantec Corporation"] "XoftSpy" -> launches: "C:\Program Files\XoftSpy\XoftSpy.exe -t" ["ParetoLogic Inc."] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\nwprovau.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000004\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 26 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" -> {HKLM...CLSID} = "Yahoo! Toolbar" \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = (no title provided) -> {HKLM...CLSID} = "Yahoo! Toolbar" \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ "MenuText" = "Console Java (Sun)" "CLSIDExtension" = "{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}" -> {HKCU...CLSID} = "Java Plug-in" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."] -> {HKLM...CLSID} = "Java Plug-in 1.5.0_06" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll" ["Sun Microsystems, Inc."] {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}\ "ButtonText" = "Antivirus Internet" {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ "ButtonText" = "Recherche" {FB5F1910-F110-11D2-BB9E-00C04F795683}\ "ButtonText" = "Messenger" "MenuText" = "Windows Messenger" "Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS] Miscellaneous IE Hijack Points ------------------------------ C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings") Added lines (compared with English-language version): [strings]: START_PAGE_URL=http://www.aliceadsl.fr [strings]: SAFESITE_VALUE="http://home.microsoft.com/intl/fr/" Missing lines (compared with English-language version): [strings]: 2 lines Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Agent SAP, NwSapAgent, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\ipxsap.dll" [MS]} Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."] Casc'ADSL, CascSvc, "C:\WINDOWS\System32\CascSvc.exe" [null data] iPodService, iPodService, "C:\Program Files\iPod\bin\iPodService.exe" ["Apple Computer, Inc."] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ BJ Language Monitor2\Driver = "CNBJMON2.DLL" [MS] Canon BJ Language Monitor S200\Driver = "CNMLM3w.DLL" ["CANON INC."] Canon BJ Language Monitor S330\Driver = "CNMLM45.DLL" ["CANON INC."] Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS] ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points and all Registry CLSIDs for dormant Explorer Bars, use the -supp parameter or answer "No" at the first message box. ---------- (total run time: 193 seconds, including 4 seconds for message boxes)
  11. spectro
    Bonsoir, Suite à vos recommandations respectées scrupuleusement, je vous adresse comme convenu les résultats des rapports Hijackthis et Antivir. Merci d'avance. Logfile of HijackThis v1.99.1 Scan saved at 00:53:15, on 07/09/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe C:\WINDOWS\System32\CascSvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Dell\AccessDirect\dadapp.exe C:\WINDOWS\System32\DSentry.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Samsung\Samsung Optical Wheel Mouse\gnetmous.exe C:\Program Files\LifeView DTV\RemoteControl.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\OpenOffice.org 2.0\program\soffice.exe C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\hijackthis\spectro.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/fr/fra/gen/default.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aliceadsl.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aliceadsl.fr R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.aliceadsl.fr R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [iMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [Gnetmous] C:\Program Files\Samsung\Samsung Optical Wheel Mouse\gnetmous.exe O4 - HKLM\..\Run: [DTVRemote] "C:\Program Files\LifeView DTV\RemoteControl.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" O4 - HKLM\..\Run: [XoftSpy] C:\Program Files\XoftSpy\XoftSpy.exe -s O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Antivirus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.aliceadsl.fr O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure...teleir_cert.cab O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst_current.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://drivers1.free.fr/hardwaredetection.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup...er/imloader.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{D174DCEF-4922-41F0-9514-F66BBC74CCE3}: NameServer = 213.36.80.1 O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing) O23 - Service: Casc'ADSL (CascSvc) - Unknown owner - C:\WINDOWS\System32\CascSvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe AntiVir PersonalEdition Classic Report file date: mercredi 6 septembre 2006 23:04 Scanning for 495303 virus strains and unwanted programs. Licensed to: AntiVir PersonalEdition Classic Serial number: 0000149996-WURGE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Username: XXX Computer name: XXX Version informations: AVSCAN.EXE : 7.0.0.42 557096 06/09/2006 20:28:11 AVSCAN.DLL : 7.0.0.42 53288 06/09/2006 20:28:11 LUKE.DLL : 7.0.0.42 118824 06/09/2006 20:28:12 LUKERES.DLL : 7.0.0.42 25640 06/09/2006 20:28:12 ANTIVIR0.VDF : 6.35.0.1 7371264 06/09/2006 20:28:09 ANTIVIR1.VDF : 6.35.1.122 1270784 06/09/2006 20:28:10 ANTIVIR2.VDF : 6.35.1.175 144896 06/09/2006 20:28:10 ANTIVIR3.VDF : 6.35.1.194 32256 06/09/2006 20:28:10 AVEWIN32.DLL : 7.1.1.14 1835520 06/09/2006 20:28:10 AVPREF.DLL : 7.0.0.1 49192 06/09/2006 20:28:10 AVREP.DLL : 6.35.1.191 794664 06/09/2006 20:28:11 AVRPBASE.DLL : 7.0.0.0 2162728 06/09/2006 20:28:11 AVPACK32.DLL : 7.1.0.1 335912 06/09/2006 20:28:10 AVREG.DLL : 6.31.0.90 27688 06/09/2006 20:28:11 NETNT.DLL : 6.32.0.0 6696 06/09/2006 20:28:12 NETNW.DLL : 6.32.0.0 9768 06/09/2006 20:28:12 RCIMAGE.DLL : 7.0.0.71 1642536 06/09/2006 20:28:13 RCTEXT.DLL : 7.0.0.75 77864 06/09/2006 20:28:13 Configuration settings for the scan: Jobname: '%s'.................: Manual Selection Configuration file............: C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\PROFILES\folder.avp Boot sectors..................: C,D Scan memory...................: 1 Process scan..................: 1 Scan all files................: 1 Scan archives.................: 1 Recursion depth...............: 20 Smart extensions..............: 1 Skipped archive types.........: 1000,1001,1002,1003,1004, Macro heuristic...............: 1 File heuristic................: 2 Primary action................: 1 Secondary action..............: 0 Start of the scan: mercredi 6 septembre 2006 23:04 The scan over running processes will be started 14 Processes was scanned Start scanning boot sectors: Boot sector 'C:\' [NOTE] No virus was found! Starting to scan the registry. The registry was scanned ( 27 files ). Starting the file scan: C:\pagefile.sys [WARNING] The file could not be opened! C:\Documents and Settings\ludwig\ntuser.dat [WARNING] The file could not be opened! C:\Documents and Settings\ludwig\ntuser.dat.LOG [WARNING] The file could not be opened! C:\Documents and Settings\ludwig\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat [WARNING] The file could not be opened! C:\Documents and Settings\ludwig\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG [WARNING] The file could not be opened! C:\Documents and Settings\NetworkService\NTUSER.DAT [WARNING] The file could not be opened! C:\Documents and Settings\NetworkService\ntuser.dat.LOG [WARNING] The file could not be opened! C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat [WARNING] The file could not be opened! C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG [WARNING] The file could not be opened! C:\WINDOWS\SYSTEM32\ActiveScan\imscan.dll [DETECTION] Contains signature of the Micro-128 © virus [iNFO] The file was deleted! C:\WINDOWS\SYSTEM32\CONFIG\default [WARNING] The file could not be opened! C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG [WARNING] The file could not be opened! C:\WINDOWS\SYSTEM32\CONFIG\sam [WARNING] The file could not be opened! C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG [WARNING] The file could not be opened! C:\WINDOWS\SYSTEM32\CONFIG\security [WARNING] The file could not be opened! C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG [WARNING] The file could not be opened! C:\WINDOWS\SYSTEM32\CONFIG\software [WARNING] The file could not be opened! C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG [WARNING] The file could not be opened! C:\WINDOWS\SYSTEM32\CONFIG\system [WARNING] The file could not be opened! C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG [WARNING] The file could not be opened! The path D:\ could not be found! Le périphérique n'est pas prêt. End of the scan: jeudi 7 septembre 2006 00:30 Used time: 1:25:20 min The scan has been done completely. 4324 Scanning directories 208304 Files were scanned 1 viruses and/or unwanted programs was found 1 files were deleted 0 files were repaired 0 files were moved to quarantine 0 files were renamed 3679 Archives were scanned 19 Warnings 2 Notes Pour info, le nom du virus supprimé est MICRO-128 C trouvé dans C /WINDOWS/sytem 32/active scan/im scan .dll
  12. spectro
    Merci. C'est Kaspersky qui m'a permis de nettoyer le PC. Je l'ai installé après avoir rencontré ces problèmes sous bitdefender. Il n'est donc pas à l'origine de mes malheurs. Dois-je par conséquent faire un scan avec antivir ? Pour infos, a-squared n'a rien trouvé. Merci
  13. spectro
    Bonsoir, Des programmes multiples semblent sournoisement s'activer lors du démarrage de mon PC. Le ventilo tourne constamment. Après un scan antivirus Kaspersky, j'ai éradiqué pas mal de trojan, mais le ventilo tourne toujours. Qui veut bien analyser mon log hijackthis ? Merci d'avance.
×
×
  • Créer...