Rapport hijackthis
caganchou
-
g!rly Messages postés 18462 Statut Contributeur -
g!rly Messages postés 18462 Statut Contributeur -
Bonjour,
Ayant eu quelques soucis avec mon ordinateur recemment , jaurais voulu savoir si il y avait des problemes , j ai donc fai un rapport hijackthis jaurais voulu avoir vos reactions merci :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:49:51, on 08/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\System32\Ati2evxx.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
H:\Program Files\Alwil Software\Avast4\ashServ.exe
H:\WINDOWS\system32\spoolsv.exe
H:\WINDOWS\System32\FTRTSVC.exe
H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
H:\Program Files\Alwil Software\Avast4\ashWebSv.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\Explorer.EXE
H:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
H:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
H:\WINDOWS\SOUNDMAN.EXE
H:\Program Files\iTunes\iTunesHelper.exe
H:\Program Files\QuickTime\qttask.exe
H:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
H:\Program Files\MSN Messenger\msnmsgr.exe
H:\PROGRA~1\Wanadoo\TaskBarIcon.exe
H:\Program Files\iPod\bin\iPodService.exe
H:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
H:\PROGRA~1\Wanadoo\ComComp.exe
H:\PROGRA~1\Wanadoo\Toaster.exe
H:\PROGRA~1\Wanadoo\Inactivity.exe
H:\PROGRA~1\Wanadoo\PollingModule.exe
H:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
H:\WINDOWS\System32\svchost.exe
H:\Program Files\iTunes\iTunes.exe
H:\Program Files\Inventel\Gateway\wlancfg.exe
H:\Program Files\Mozilla Firefox\firefox.exe
H:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - H:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - H:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] H:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [WOOWATCH] H:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] H:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [ATIPTA] "H:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [avast!] H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [iTunesHelper] H:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "H:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "H:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [WOOKIT] H:\Program Files\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [msnmsgr] "H:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://H:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - H:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - H:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - H:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - H:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - H:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - H:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - H:\Program Files\Inventel\Gateway\wlancfg.exe
Ayant eu quelques soucis avec mon ordinateur recemment , jaurais voulu savoir si il y avait des problemes , j ai donc fai un rapport hijackthis jaurais voulu avoir vos reactions merci :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:49:51, on 08/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\System32\Ati2evxx.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
H:\Program Files\Alwil Software\Avast4\ashServ.exe
H:\WINDOWS\system32\spoolsv.exe
H:\WINDOWS\System32\FTRTSVC.exe
H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
H:\Program Files\Alwil Software\Avast4\ashWebSv.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\Explorer.EXE
H:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
H:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
H:\WINDOWS\SOUNDMAN.EXE
H:\Program Files\iTunes\iTunesHelper.exe
H:\Program Files\QuickTime\qttask.exe
H:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
H:\Program Files\MSN Messenger\msnmsgr.exe
H:\PROGRA~1\Wanadoo\TaskBarIcon.exe
H:\Program Files\iPod\bin\iPodService.exe
H:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
H:\PROGRA~1\Wanadoo\ComComp.exe
H:\PROGRA~1\Wanadoo\Toaster.exe
H:\PROGRA~1\Wanadoo\Inactivity.exe
H:\PROGRA~1\Wanadoo\PollingModule.exe
H:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
H:\WINDOWS\System32\svchost.exe
H:\Program Files\iTunes\iTunes.exe
H:\Program Files\Inventel\Gateway\wlancfg.exe
H:\Program Files\Mozilla Firefox\firefox.exe
H:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - H:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - H:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] H:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [WOOWATCH] H:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] H:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [ATIPTA] "H:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [avast!] H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [iTunesHelper] H:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "H:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "H:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [WOOKIT] H:\Program Files\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [msnmsgr] "H:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://H:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - H:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - H:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - H:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - H:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - H:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - H:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - H:\Program Files\Inventel\Gateway\wlancfg.exe
A voir également:
- Rapport hijackthis
- Hijackthis - Télécharger - Antivirus & Antimalwares
- Plan rapport de stage - Guide
- Rapport de crash windows - Guide
- Impression rapport de stage ✓ - Forum Word
- Modifier rapport d'échelle pdf xchange viewer ✓ - Forum PDF
7 réponses
bonjour,
coche et fix ceci a l´aide de hiack this
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - H:\WINDOWS\System32\FTRTSVC.exe
comment fixer :
Tutoriel d´utilisation (video) :
-> http://pageperso.aol.fr/balltrap34/demohijack.htm
puis fais ceci :
demarrer / executer tape sc stop FTRTSVC puis valide par ok
demarrer/ executer tape sc delete FTRTSVC puis valide par ok" ( respecte les espace entre delete et sc et entre FTRTSVC et delete
explication:
http://komun.chez-alice.fr/Repertoire/Repertoire-F.html
java n´est pas a jour :
appuie simultanement sur la touche windows a droit de la barre d´espace (drapeau windows) et sur "e" ->une fois dans le post de travail click sur le disk c > program files >java ouvre le fichier java et click sur le fichier jre1.5.0_09 pour l´ouvrir puis ouvre le fichier bin et dedans tu recherche ceci : jucheck.exe tu double click dessus et effectue la mise a jour de java> tu veux la version 1.6.0_03
une fois la mise a jour effectuée tu va dans ajoute/suppression de program et tu supprime toutes les autres update de java, il ne doit te rester que celle que tu viens de faire : 1.6.0_03
tu n´as pas de par feu :
par feu : kerio
http://www.malekal.com/kerio_firewall.php#mozTocId721480
https://www.vulgarisation-informatique.com/kerio.php
ou zone alarm plus facil a configurer mais moins performant
http://www.kachouri.com/tuto/tuto-143-zonealarm-installation-du-firewall--pare-feu.html
regarde ceci concernat avast :
Antivir vs Avast :
->http://forum.malekal.com/ftopic3528.php
alors desinstal avast et remplace le par antivir :
https://www.avira.com/en/prime
http://mickael.barroux.free.fr/securite/antivir.php <- tutoriel configuration du scanner...
une fois antivir ouvert click sur l´onglet scanner dans la fenetre du dessous tu va voir : rootkit search click sur le petit + pour deployer et coche la case a coté de ton disk dur
puis click sur configuration en haut a droite puis dans la nouvelle fenetre a gauche >scanner > scan all files et en dessous >scanner priority = High
toujours a gauche > scan > deploie > heuristique > macrovirus heuristic = coché et en dessous > win32 heuristic la case coché et high detection level
une fois antivir installé fais un scn complet de ta machine en mode sans echec et post le rapport ici :
Comment redémarrer en mode sans echec?
Tu redemarre le pc et tapote la touche F8 des le début de l allumage sans t´arrêter.
Une fenêtre sur fond noir va s’ouvrir, tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
capture d´ecran : http://www.coupdepoucepc.com/images_cdppc4/fichespratiques/windowsxp/modese/modese2.jpg
Une fois sur le bureau si il n y a pas toutes les couleurs et autres c´est normal!
Ps : si F8 ne marche pas utilise la touche F5.
@+
coche et fix ceci a l´aide de hiack this
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - H:\WINDOWS\System32\FTRTSVC.exe
comment fixer :
Tutoriel d´utilisation (video) :
-> http://pageperso.aol.fr/balltrap34/demohijack.htm
puis fais ceci :
demarrer / executer tape sc stop FTRTSVC puis valide par ok
demarrer/ executer tape sc delete FTRTSVC puis valide par ok" ( respecte les espace entre delete et sc et entre FTRTSVC et delete
explication:
http://komun.chez-alice.fr/Repertoire/Repertoire-F.html
java n´est pas a jour :
appuie simultanement sur la touche windows a droit de la barre d´espace (drapeau windows) et sur "e" ->une fois dans le post de travail click sur le disk c > program files >java ouvre le fichier java et click sur le fichier jre1.5.0_09 pour l´ouvrir puis ouvre le fichier bin et dedans tu recherche ceci : jucheck.exe tu double click dessus et effectue la mise a jour de java> tu veux la version 1.6.0_03
une fois la mise a jour effectuée tu va dans ajoute/suppression de program et tu supprime toutes les autres update de java, il ne doit te rester que celle que tu viens de faire : 1.6.0_03
tu n´as pas de par feu :
par feu : kerio
http://www.malekal.com/kerio_firewall.php#mozTocId721480
https://www.vulgarisation-informatique.com/kerio.php
ou zone alarm plus facil a configurer mais moins performant
http://www.kachouri.com/tuto/tuto-143-zonealarm-installation-du-firewall--pare-feu.html
regarde ceci concernat avast :
Antivir vs Avast :
->http://forum.malekal.com/ftopic3528.php
alors desinstal avast et remplace le par antivir :
https://www.avira.com/en/prime
http://mickael.barroux.free.fr/securite/antivir.php <- tutoriel configuration du scanner...
une fois antivir ouvert click sur l´onglet scanner dans la fenetre du dessous tu va voir : rootkit search click sur le petit + pour deployer et coche la case a coté de ton disk dur
puis click sur configuration en haut a droite puis dans la nouvelle fenetre a gauche >scanner > scan all files et en dessous >scanner priority = High
toujours a gauche > scan > deploie > heuristique > macrovirus heuristic = coché et en dessous > win32 heuristic la case coché et high detection level
une fois antivir installé fais un scn complet de ta machine en mode sans echec et post le rapport ici :
Comment redémarrer en mode sans echec?
Tu redemarre le pc et tapote la touche F8 des le début de l allumage sans t´arrêter.
Une fenêtre sur fond noir va s’ouvrir, tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
capture d´ecran : http://www.coupdepoucepc.com/images_cdppc4/fichespratiques/windowsxp/modese/modese2.jpg
Une fois sur le bureau si il n y a pas toutes les couleurs et autres c´est normal!
Ps : si F8 ne marche pas utilise la touche F5.
@+
Voila jai mis kerio et antivir et jai dc fait un scan mai pa en mode sans echec en effet impossible de demarrer avec ce mode que ce soit en faisant f8 ou f5 ca marche pas, jai dc fai un scan normal et voici mon rapport :
AntiVir PersonalEdition Classic
Report file date: samedi 8 décembre 2007 19:36
Scanning for 963523 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: PERSO
Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 14:26:55
ANTIVIR2.VDF : 7.0.1.30 1575424 Bytes 30/11/2007 18:21:44
ANTIVIR3.VDF : 7.0.1.60 112128 Bytes 07/12/2007 18:21:44
AVEWIN32.DLL : 7.6.0.40 3064320 Bytes 08/12/2007 18:21:44
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 08:46:00
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: h:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: H:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: samedi 8 décembre 2007 19:36
The scan of running processes will be started
Scan process 'wuauclt.exe' - '0' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'Watch.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'AlertModule.exe' - '1' Module(s) have been scanned
Scan process 'PollingModule.exe' - '1' Module(s) have been scanned
Scan process 'Inactivity.exe' - '1' Module(s) have been scanned
Scan process 'Toaster.exe' - '1' Module(s) have been scanned
Scan process 'ComComp.exe' - '1' Module(s) have been scanned
Scan process 'EspaceWanadoo.exe' - '1' Module(s) have been scanned
Scan process 'kpf4gui.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'TaskBarIcon.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'reader_sl.exe' - '1' Module(s) have been scanned
Scan process 'apdproxy.exe' - '1' Module(s) have been scanned
Scan process 'qttask.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'SOUNDMAN.EXE' - '1' Module(s) have been scanned
Scan process 'atiptaxx.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'kpf4gui.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'WLANCFG.EXE' - '1' Module(s) have been scanned
Scan process 'kpf4ss.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
43 processes with 43 modules were scanned
Start scanning boot sectors:
Boot sector 'H:\'
[NOTE] No virus was found!
Starting to scan the registry.
The registry was scanned ( '29' files ).
Starting the file scan:
Begin scan in 'H:\'
H:\pagefile.sys
[WARNING] The file could not be opened!
End of the scan: samedi 8 décembre 2007 20:10
Used time: 34:22 min
The scan has been done completely.
3237 Scanning directories
231368 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
231368 Files not concerned
1070 Archives were scanned
1 Warnings
0 Notes
AntiVir PersonalEdition Classic
Report file date: samedi 8 décembre 2007 19:36
Scanning for 963523 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: PERSO
Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 14:26:55
ANTIVIR2.VDF : 7.0.1.30 1575424 Bytes 30/11/2007 18:21:44
ANTIVIR3.VDF : 7.0.1.60 112128 Bytes 07/12/2007 18:21:44
AVEWIN32.DLL : 7.6.0.40 3064320 Bytes 08/12/2007 18:21:44
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 08:46:00
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: h:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: H:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: samedi 8 décembre 2007 19:36
The scan of running processes will be started
Scan process 'wuauclt.exe' - '0' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'Watch.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'AlertModule.exe' - '1' Module(s) have been scanned
Scan process 'PollingModule.exe' - '1' Module(s) have been scanned
Scan process 'Inactivity.exe' - '1' Module(s) have been scanned
Scan process 'Toaster.exe' - '1' Module(s) have been scanned
Scan process 'ComComp.exe' - '1' Module(s) have been scanned
Scan process 'EspaceWanadoo.exe' - '1' Module(s) have been scanned
Scan process 'kpf4gui.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'TaskBarIcon.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'reader_sl.exe' - '1' Module(s) have been scanned
Scan process 'apdproxy.exe' - '1' Module(s) have been scanned
Scan process 'qttask.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'SOUNDMAN.EXE' - '1' Module(s) have been scanned
Scan process 'atiptaxx.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'kpf4gui.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'WLANCFG.EXE' - '1' Module(s) have been scanned
Scan process 'kpf4ss.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
43 processes with 43 modules were scanned
Start scanning boot sectors:
Boot sector 'H:\'
[NOTE] No virus was found!
Starting to scan the registry.
The registry was scanned ( '29' files ).
Starting the file scan:
Begin scan in 'H:\'
H:\pagefile.sys
[WARNING] The file could not be opened!
End of the scan: samedi 8 décembre 2007 20:10
Used time: 34:22 min
The scan has been done completely.
3237 Scanning directories
231368 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
231368 Files not concerned
1070 Archives were scanned
1 Warnings
0 Notes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:17:48, on 08/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\System32\Ati2evxx.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\spoolsv.exe
H:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
H:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
H:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
H:\Program Files\Inventel\Gateway\wlancfg.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\Explorer.EXE
H:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
H:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
H:\WINDOWS\SOUNDMAN.EXE
H:\Program Files\iTunes\iTunesHelper.exe
H:\Program Files\QuickTime\qttask.exe
H:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
H:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
H:\PROGRA~1\Wanadoo\TaskBarIcon.exe
H:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
H:\Program Files\iPod\bin\iPodService.exe
H:\Program Files\MSN Messenger\msnmsgr.exe
H:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
H:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
H:\PROGRA~1\Wanadoo\ComComp.exe
H:\PROGRA~1\Wanadoo\Toaster.exe
H:\PROGRA~1\Wanadoo\Inactivity.exe
H:\PROGRA~1\Wanadoo\PollingModule.exe
H:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
H:\WINDOWS\System32\svchost.exe
H:\PROGRA~1\Wanadoo\Watch.exe
H:\WINDOWS\System32\svchost.exe
H:\Program Files\Mozilla Firefox\firefox.exe
H:\Program Files\MSN Messenger\usnsvc.exe
H:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - H:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [WOOWATCH] H:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] H:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [ATIPTA] "H:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [iTunesHelper] H:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "H:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "H:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] H:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [avgnt] "H:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [WOOKIT] H:\Program Files\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [msnmsgr] "H:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://H:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\WINDOWS\System32\msjava.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - H:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - H:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - H:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - H:\WINDOWS\system32\ati2sgag.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - H:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - H:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - H:\Program Files\Inventel\Gateway\wlancfg.exe
Scan saved at 20:17:48, on 08/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\System32\Ati2evxx.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\spoolsv.exe
H:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
H:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
H:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
H:\Program Files\Inventel\Gateway\wlancfg.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\Explorer.EXE
H:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
H:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
H:\WINDOWS\SOUNDMAN.EXE
H:\Program Files\iTunes\iTunesHelper.exe
H:\Program Files\QuickTime\qttask.exe
H:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
H:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
H:\PROGRA~1\Wanadoo\TaskBarIcon.exe
H:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
H:\Program Files\iPod\bin\iPodService.exe
H:\Program Files\MSN Messenger\msnmsgr.exe
H:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
H:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
H:\PROGRA~1\Wanadoo\ComComp.exe
H:\PROGRA~1\Wanadoo\Toaster.exe
H:\PROGRA~1\Wanadoo\Inactivity.exe
H:\PROGRA~1\Wanadoo\PollingModule.exe
H:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
H:\WINDOWS\System32\svchost.exe
H:\PROGRA~1\Wanadoo\Watch.exe
H:\WINDOWS\System32\svchost.exe
H:\Program Files\Mozilla Firefox\firefox.exe
H:\Program Files\MSN Messenger\usnsvc.exe
H:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - H:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [WOOWATCH] H:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] H:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [ATIPTA] "H:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [iTunesHelper] H:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "H:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "H:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] H:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [avgnt] "H:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [WOOKIT] H:\Program Files\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [msnmsgr] "H:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://H:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\WINDOWS\System32\msjava.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - H:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - H:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - H:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - H:\WINDOWS\system32\ati2sgag.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - H:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - H:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - H:\Program Files\Inventel\Gateway\wlancfg.exe
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
en fait javais des souci de Boot failure en efet quan je demarrais l ordi ca me mettais ca jai donc verifier les branchement tt etai brancher niquel je me sui dc tourner vers l hypothese d un virus je ne sai pa si c est en effet ca .... jai deja pu le rallumer miraculeusemen pr poster ce pb .. est-ce qui cetait un virus ou ca pourai provenir de quelque chose d exterieur style un ipod ? (quan je le branche ca me fai planter lordi la plupart du temps) en tt ca merci pr ce que tu ma deja aider ca lui fera tjs du bien d etre "clean" et avec de nouvelle protections
fais ceci
en branchant ton ipod
Ouvre le bloc notes (Démarrer >> exécuter et tape notepad), et copie tout ce qui est ci-dessous:
@ echo off
if exist \BELHIMER.TXT del \BELHIMER.TXT
FOR %%A in (C D E F G H I J K L M N O P Q R S T U V W X Y Z) DO IF EXIST %%A: (
IF EXIST %%A:\autorun.inf ECHO %%A:\autorun.inf Présent>>\BELHIMER.TXT
IF NOT EXIST %%A:\autorun.inf ECHO %%A:\autorun.inf Non trouvé>>\BELHIMER.TXT
IF EXIST %%A:\MS32DLL.dll.vbs ECHO %%A:\MS32DLL.dll.vbs Présent>>\NOUSDEUX.TXT
IF NOT EXIST %%A:\MS32DLL.dll.vbs ECHO %%A:\MS32DLL.dll.vbs Non trouvé>>\BELHIMER.TXT
)
IF EXIST %WINDIR%\MS32DLL.dll.vbs (
ECHO %WINDIR%\MS32DLL.dll.vbs Présent>>\BELHIMER.TXT) else (
ECHO %WINDIR%\MS32DLL.dll.vbs non trouvé >>\BELHIMER.TXT)
REG QUERY "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run" >>\BELHIMER.TXT
REG QUERY "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" >>\BELHIMER.TXT
notepad \BELHIMER.TXT
exit
Puis une fois fait, double clic sur le fichier nousdeux.bat.
Une fenêtre noire va s'ouvrir et se refermer rapidement, c'est normal.
Le bloc note va s'ouvrir ensuite avec le listing des fichiers que le script aura détecté.
Copie et colle ici le contenu de ce rapport.
@+
en branchant ton ipod
Ouvre le bloc notes (Démarrer >> exécuter et tape notepad), et copie tout ce qui est ci-dessous:
@ echo off
if exist \BELHIMER.TXT del \BELHIMER.TXT
FOR %%A in (C D E F G H I J K L M N O P Q R S T U V W X Y Z) DO IF EXIST %%A: (
IF EXIST %%A:\autorun.inf ECHO %%A:\autorun.inf Présent>>\BELHIMER.TXT
IF NOT EXIST %%A:\autorun.inf ECHO %%A:\autorun.inf Non trouvé>>\BELHIMER.TXT
IF EXIST %%A:\MS32DLL.dll.vbs ECHO %%A:\MS32DLL.dll.vbs Présent>>\NOUSDEUX.TXT
IF NOT EXIST %%A:\MS32DLL.dll.vbs ECHO %%A:\MS32DLL.dll.vbs Non trouvé>>\BELHIMER.TXT
)
IF EXIST %WINDIR%\MS32DLL.dll.vbs (
ECHO %WINDIR%\MS32DLL.dll.vbs Présent>>\BELHIMER.TXT) else (
ECHO %WINDIR%\MS32DLL.dll.vbs non trouvé >>\BELHIMER.TXT)
REG QUERY "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run" >>\BELHIMER.TXT
REG QUERY "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" >>\BELHIMER.TXT
notepad \BELHIMER.TXT
exit
Puis une fois fait, double clic sur le fichier nousdeux.bat.
Une fenêtre noire va s'ouvrir et se refermer rapidement, c'est normal.
Le bloc note va s'ouvrir ensuite avec le listing des fichiers que le script aura détecté.
Copie et colle ici le contenu de ce rapport.
@+
