Contrôle HJT SVP
cbauf
Messages postés
5337
Date d'inscription
Statut
Contributeur
Dernière intervention
-
cbauf Messages postés 5337 Date d'inscription Statut Contributeur Dernière intervention -
cbauf Messages postés 5337 Date d'inscription Statut Contributeur Dernière intervention -
Bonjour, ....HJT ▼ du topic
Suite au plantagede "Secunia" au démarrage
antivir plante quand il a fini de scanner un répertoire particulier
et quAND bit defender en ligne refuse de démarrer
après redémarrage bit defender veut bien s'executer
--------------------------------
voila le rapport :
Statistics
Time
02:28:01
Files
721475
Folders
18942
Boot Sectors
0
Archives
20693
Packed Files
62436
Results
Identified Viruses
4
Infected Files
13
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
11
Engines Info
Virus Definitions
2351186
Engine build
AVCORE v1.7 (build 8314.19) (i386) (Sep 29 2008 17:19:14)
Scan plugins
17
Archive plugins
45
Unpack plugins
7
E-mail plugins
6
System plugins
4
Scan Settings
First Action
Disinfect
Second Action
None
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
D:\000\HELP_TUTORIEL\Programation\RapidQ\RapidQ.zip=>RAPIDQCC.LIB
Infected with: Backdoor.Generic.109892
D:\000\HELP_TUTORIEL\Programation\RapidQ\RapidQ.zip=>RAPIDQCC.LIB
Deleted
D:\000\HELP_TUTORIEL\Programation\RapidQ\RapidQ.zip
Updated
D:\000\HELP_TUTORIEL\Programation\RapidQ\RAPIDQCC.LIB
Infected with: Backdoor.Generic.109892
D:\000\HELP_TUTORIEL\Programation\RapidQ\RAPIDQCC.LIB
Deleted
D:\Back\Back de ONE\Applik\ESO\AUTRES\Spiritisme\spiritismemulator.exe
Infected with: Trojan.Generic.771811
D:\Back\Back de ONE\Applik\ESO\AUTRES\Spiritisme\spiritismemulator.exe
Deleted
D:\Back\Back de ONE\Applik\ESO\TAROTs\RegTarot\Tarot.exe
Infected with: Trojan.Generic.771811
D:\Back\Back de ONE\Applik\ESO\TAROTs\RegTarot\Tarot.exe
Deleted
D:\Back\Back de ONE\Applik\Prog\RapidQ\Exemples\games\battle\BATTLE.exe
Infected with: Backdoor.Generic.109892
D:\Back\Back de ONE\Applik\Prog\RapidQ\Exemples\games\battle\BATTLE.exe
Deleted
D:\Back\Back de ONE\Applik\Prog\RapidQ\RAPIDQCC.LIB
Infected with: Backdoor.Generic.109892
D:\Back\Back de ONE\Applik\Prog\RapidQ\RAPIDQCC.LIB
Deleted
D:\Back\Back de ONE\Themes\OCBOL01.exe=>(ZIP Sfx 2o)=>tmscrsvr.scr
Infected with: Backdoor.Generic.129927
D:\Back\Back de ONE\Themes\OCBOL01.exe=>(ZIP Sfx 2o)=>tmscrsvr.scr
Deleted
D:\Back\Back de ONE\Themes\OCBOL01.exe=>(ZIP Sfx 2o)
Updated
D:\Back\Back de ONE\Themes\OCBOL01.exe
Update failed
D:\Back\Back de ONE\Themes\OCBOL01.exe=>(Dropped 1)=>tmscrsvr.scr
Infected with: Backdoor.Generic.129927
D:\Back\Back de ONE\Themes\OCBOL01.exe=>(Dropped 1)=>tmscrsvr.scr
Deleted
D:\Back\Back de ONE\Themes\OCBOL01.exe=>(Dropped 1)
Updated
D:\Back\Back de ONE\Themes\OCBOL01.exe
Update failed
D:\Back\New Install XP\Educatif\jargon informatique\jargoninformatique_1.3.6_setup.exe
Detected with: Application.Generic.14557
D:\Back\New Install XP\Educatif\jargon informatique\jargoninformatique_1.3.6_setup.exe
Disinfection failed
D:\Back\New Install XP\Help\jargoninformatique\jargoninformatique_1.3.6_setup.exe
Detected with: Application.Generic.14557
D:\Back\New Install XP\Help\jargoninformatique\jargoninformatique_1.3.6_setup.exe
Disinfection failed
D:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP526\A0246363.exe
Infected with: Trojan.Generic.771811
D:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP526\A0246363.exe
Deleted
D:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP526\A0246364.exe
Infected with: Trojan.Generic.771811
D:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP526\A0246364.exe
Deleted
D:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP526\A0246365.exe
Infected with: Backdoor.Generic.109892
D:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP526\A0246365.exe
Deleted
---------------------------------------------------------------------------------------------------
j'ai viré touts les DOSSIERS contenant les applications impliquées dans le chemin :d/Back
--------------------------------------------------------------------------------------------------
JE RENVOIE UN SCANN ANTIVIR >
ANTIVIR
Avira AntiVir Personal
Report file date: lundi, 15. décembre 2008 17:07
Scanning for 1087320 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 3) [5.1.2600]
Boot mode: Normally booted
Username: HP_Administrateur
Computer name: CH11
Version information:
BUILD.DAT : 8.2.0.337 16934 Bytes 18/11/2008 13:05:00
AVSCAN.EXE : 8.1.4.10 315649 Bytes 25/11/2008 22:15:44
AVSCAN.DLL : 8.1.4.0 40705 Bytes 18/07/2008 17:41:34
LUKE.DLL : 8.1.4.5 164097 Bytes 18/07/2008 17:41:34
LUKERES.DLL : 8.1.4.0 12033 Bytes 18/07/2008 17:41:34
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 04:29:12
ANTIVIR1.VDF : 7.1.0.197 1170432 Bytes 07/12/2008 00:39:08
ANTIVIR2.VDF : 7.1.0.230 156160 Bytes 14/12/2008 08:15:04
ANTIVIR3.VDF : 7.1.0.232 12288 Bytes 15/12/2008 08:15:05
Engineversion : 8.2.0.45
AEVDF.DLL : 8.1.0.6 102772 Bytes 15/10/2008 22:51:00
AESCRIPT.DLL : 8.1.1.19 336252 Bytes 12/12/2008 07:18:10
AESCN.DLL : 8.1.1.5 123251 Bytes 08/11/2008 14:23:43
AERDL.DLL : 8.1.1.3 438645 Bytes 06/11/2008 13:01:49
AEPACK.DLL : 8.1.3.4 393591 Bytes 11/11/2008 14:22:33
AEOFFICE.DLL : 8.1.0.33 196987 Bytes 12/12/2008 07:18:10
AEHEUR.DLL : 8.1.0.75 1524087 Bytes 12/12/2008 07:18:09
AEHELP.DLL : 8.1.2.0 119159 Bytes 18/11/2008 18:21:51
AEGEN.DLL : 8.1.1.8 323956 Bytes 12/12/2008 07:18:08
AEEMU.DLL : 8.1.0.9 393588 Bytes 15/10/2008 22:50:56
AECORE.DLL : 8.1.5.2 172405 Bytes 28/11/2008 23:01:02
AEBB.DLL : 8.1.0.3 53618 Bytes 15/10/2008 22:50:55
AVWINLL.DLL : 1.0.0.12 15105 Bytes 18/07/2008 17:41:34
AVPREF.DLL : 8.0.2.0 38657 Bytes 18/07/2008 17:41:34
AVREP.DLL : 8.0.0.2 98344 Bytes 31/07/2008 12:51:06
AVREG.DLL : 8.0.0.1 33537 Bytes 18/07/2008 17:41:34
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 18/07/2008 17:41:34
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 18/07/2008 17:41:34
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 18/07/2008 17:41:31
RCTEXT.DLL : 8.0.52.0 86273 Bytes 18/07/2008 17:41:31
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:, E:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: lundi, 15. décembre 2008 17:07
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'KatMouse.exe' - '1' Module(s) have been scanned
Scan process 'ExeGo.exe' - '1' Module(s) have been scanned
Scan process 'dllhost.exe' - '1' Module(s) have been scanned
Scan process 'ehmsas.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'WtSrv.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'issch.exe' - '1' Module(s) have been scanned
Scan process 'mcrdsvc.exe' - '1' Module(s) have been scanned
Scan process 'hpsysdrv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'StarWindService.exe' - '1' Module(s) have been scanned
Scan process 'psi.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'TrayMenu.exe' - '1' Module(s) have been scanned
Scan process 'LedWallpaper.exe' - '1' Module(s) have been scanned
Scan process 'rapimgr.exe' - '1' Module(s) have been scanned
Scan process 'wcescomm.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'GoogleDesktop.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'NMBgMonitor.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'GoogleDesktop.exe' - '1' Module(s) have been scanned
Scan process 'ehSched.exe' - '1' Module(s) have been scanned
Scan process 'apdproxy.exe' - '1' Module(s) have been scanned
Scan process 'ehrecvr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'arservice.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'UnlockerAssistant.exe' - '1' Module(s) have been scanned
Scan process 'TypeIn.exe' - '1' Module(s) have been scanned
Scan process 'Panel.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'WService.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'RTHDCPL.EXE' - '1' Module(s) have been scanned
Scan process 'ehtray.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
61 processes with 61 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Master boot sector HD2
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
Master boot sector HD3
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
Master boot sector HD4
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
Master boot sector HD5
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Boot sector 'E:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '77' files ).
Starting the file scan:
Begin scan in 'C:\' <HP_PAVILION>
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\' <DONNEES>
D:\Back\Back de ONE\1erInstall 98\Alu\AvatarStud\Patchs\patch30.exe
[WARNING] No further files can be extracted from this archive. The archive will be closed
D:\Back\New Install XP\Graphisme\3D\Alu.zip
[0] Archive type: ZIP
--> Patchs/patch30.exe
[WARNING] No further files can be extracted from this archive. The archive will be closed
D:\Back\New Install XP\Graphisme\3D\Alu\Patchs\patch30.exe
[WARNING] No further files can be extracted from this archive. The archive will be closed
D:\Back\New Install XP\Graphisme\ADOBE\Premiere6\Adobepremiere60to.zip
[0] Archive type: ZIP
--> Premiere_6.0 Tryout Win/DXMedia/directx.cab
[1] Archive type: CAB (Microsoft)
--> msjstick.w95
[WARNING] No further files can be extracted from this archive. The archive will be closed
--> Premiere_6.0 Tryout Win/DXMedia/dxnt.cab
[1] Archive type: CAB (Microsoft)
--> d3dref.dll
[WARNING] No further files can be extracted from this archive. The archive will be closed
D:\Back\New Install XP\Graphisme\ADOBE\Premiere6\Premiere_6.0 Tryout Win\DXMedia\directx.cab
[0] Archive type: CAB (Microsoft)
--> msjstick.w95
[WARNING] No further files can be extracted from this archive. The archive will be closed
Begin scan in 'E:\' <HP_RECOVERY>
End of the scan: lundi, 15. décembre 2008 18:30
Used time: 1:22:32 Hour(s)
The scan has been done completely.
18619 Scanning directories
638479 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
3 Files cannot be scanned
638476 Files not concerned
17220 Archives were scanned
13 Warnings
0 Notes
????????????????????????????????????????????????????????????
je dépose à cet heure un hitjackthis
pour contrôle
Merci d'y jeter un coup d'oeil
????????????????????????????????????????????????????????????
Le rapport
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:39:57, on 15.12.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\WService.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Trust\GM-4200 Gamer Mouse Optical\Panel.exe
C:\Program Files\Ka Type In\TypeIn.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\LED\LedWallpaper\LedWallpaper.exe
C:\Applik\TrayMenu\TrayMenu.exe
C:\Program Files\Secunia\PSI\psi.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\Drivers\WTSRV.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\Applik\Gest Fichiers\exego3\ExeGo.exe
C:\Program Files\KatMouse\KatMouse.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\notepad.exe
C:\Applik\Bureautique\EditPad\EditPad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ch/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66017
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://fr.search.yahoo.com/?fr=cb-hp06
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WService] WService.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Trust Gaming mouse] "C:\Program Files\Trust\GM-4200 Gamer Mouse Optical\Panel.exe"
O4 - HKLM\..\Run: [Ka Type In] C:\Program Files\Ka Type In\TypeIn.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Startup: Mount Virtual Drive.lnk = C:\Program Files\Walker Brothers\MountVD\MountVD.exe
O4 - Startup: Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: LedWallpaper.lnk = C:\Program Files\LED\LedWallpaper\LedWallpaper.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: TrayMenu.exe.lnk = C:\Applik\TrayMenu\TrayMenu.exe
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.ch/s/v/35.09/uploader2.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\ISO Recorder\ImapiHelper.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP1\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP1\RpcSandraSrv.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\System32\Drivers\WTSRV.EXE
Suite au plantagede "Secunia" au démarrage
antivir plante quand il a fini de scanner un répertoire particulier
et quAND bit defender en ligne refuse de démarrer
après redémarrage bit defender veut bien s'executer
--------------------------------
voila le rapport :
Statistics
Time
02:28:01
Files
721475
Folders
18942
Boot Sectors
0
Archives
20693
Packed Files
62436
Results
Identified Viruses
4
Infected Files
13
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
11
Engines Info
Virus Definitions
2351186
Engine build
AVCORE v1.7 (build 8314.19) (i386) (Sep 29 2008 17:19:14)
Scan plugins
17
Archive plugins
45
Unpack plugins
7
E-mail plugins
6
System plugins
4
Scan Settings
First Action
Disinfect
Second Action
None
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
D:\000\HELP_TUTORIEL\Programation\RapidQ\RapidQ.zip=>RAPIDQCC.LIB
Infected with: Backdoor.Generic.109892
D:\000\HELP_TUTORIEL\Programation\RapidQ\RapidQ.zip=>RAPIDQCC.LIB
Deleted
D:\000\HELP_TUTORIEL\Programation\RapidQ\RapidQ.zip
Updated
D:\000\HELP_TUTORIEL\Programation\RapidQ\RAPIDQCC.LIB
Infected with: Backdoor.Generic.109892
D:\000\HELP_TUTORIEL\Programation\RapidQ\RAPIDQCC.LIB
Deleted
D:\Back\Back de ONE\Applik\ESO\AUTRES\Spiritisme\spiritismemulator.exe
Infected with: Trojan.Generic.771811
D:\Back\Back de ONE\Applik\ESO\AUTRES\Spiritisme\spiritismemulator.exe
Deleted
D:\Back\Back de ONE\Applik\ESO\TAROTs\RegTarot\Tarot.exe
Infected with: Trojan.Generic.771811
D:\Back\Back de ONE\Applik\ESO\TAROTs\RegTarot\Tarot.exe
Deleted
D:\Back\Back de ONE\Applik\Prog\RapidQ\Exemples\games\battle\BATTLE.exe
Infected with: Backdoor.Generic.109892
D:\Back\Back de ONE\Applik\Prog\RapidQ\Exemples\games\battle\BATTLE.exe
Deleted
D:\Back\Back de ONE\Applik\Prog\RapidQ\RAPIDQCC.LIB
Infected with: Backdoor.Generic.109892
D:\Back\Back de ONE\Applik\Prog\RapidQ\RAPIDQCC.LIB
Deleted
D:\Back\Back de ONE\Themes\OCBOL01.exe=>(ZIP Sfx 2o)=>tmscrsvr.scr
Infected with: Backdoor.Generic.129927
D:\Back\Back de ONE\Themes\OCBOL01.exe=>(ZIP Sfx 2o)=>tmscrsvr.scr
Deleted
D:\Back\Back de ONE\Themes\OCBOL01.exe=>(ZIP Sfx 2o)
Updated
D:\Back\Back de ONE\Themes\OCBOL01.exe
Update failed
D:\Back\Back de ONE\Themes\OCBOL01.exe=>(Dropped 1)=>tmscrsvr.scr
Infected with: Backdoor.Generic.129927
D:\Back\Back de ONE\Themes\OCBOL01.exe=>(Dropped 1)=>tmscrsvr.scr
Deleted
D:\Back\Back de ONE\Themes\OCBOL01.exe=>(Dropped 1)
Updated
D:\Back\Back de ONE\Themes\OCBOL01.exe
Update failed
D:\Back\New Install XP\Educatif\jargon informatique\jargoninformatique_1.3.6_setup.exe
Detected with: Application.Generic.14557
D:\Back\New Install XP\Educatif\jargon informatique\jargoninformatique_1.3.6_setup.exe
Disinfection failed
D:\Back\New Install XP\Help\jargoninformatique\jargoninformatique_1.3.6_setup.exe
Detected with: Application.Generic.14557
D:\Back\New Install XP\Help\jargoninformatique\jargoninformatique_1.3.6_setup.exe
Disinfection failed
D:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP526\A0246363.exe
Infected with: Trojan.Generic.771811
D:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP526\A0246363.exe
Deleted
D:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP526\A0246364.exe
Infected with: Trojan.Generic.771811
D:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP526\A0246364.exe
Deleted
D:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP526\A0246365.exe
Infected with: Backdoor.Generic.109892
D:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP526\A0246365.exe
Deleted
---------------------------------------------------------------------------------------------------
j'ai viré touts les DOSSIERS contenant les applications impliquées dans le chemin :d/Back
--------------------------------------------------------------------------------------------------
JE RENVOIE UN SCANN ANTIVIR >
ANTIVIR
Avira AntiVir Personal
Report file date: lundi, 15. décembre 2008 17:07
Scanning for 1087320 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 3) [5.1.2600]
Boot mode: Normally booted
Username: HP_Administrateur
Computer name: CH11
Version information:
BUILD.DAT : 8.2.0.337 16934 Bytes 18/11/2008 13:05:00
AVSCAN.EXE : 8.1.4.10 315649 Bytes 25/11/2008 22:15:44
AVSCAN.DLL : 8.1.4.0 40705 Bytes 18/07/2008 17:41:34
LUKE.DLL : 8.1.4.5 164097 Bytes 18/07/2008 17:41:34
LUKERES.DLL : 8.1.4.0 12033 Bytes 18/07/2008 17:41:34
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 04:29:12
ANTIVIR1.VDF : 7.1.0.197 1170432 Bytes 07/12/2008 00:39:08
ANTIVIR2.VDF : 7.1.0.230 156160 Bytes 14/12/2008 08:15:04
ANTIVIR3.VDF : 7.1.0.232 12288 Bytes 15/12/2008 08:15:05
Engineversion : 8.2.0.45
AEVDF.DLL : 8.1.0.6 102772 Bytes 15/10/2008 22:51:00
AESCRIPT.DLL : 8.1.1.19 336252 Bytes 12/12/2008 07:18:10
AESCN.DLL : 8.1.1.5 123251 Bytes 08/11/2008 14:23:43
AERDL.DLL : 8.1.1.3 438645 Bytes 06/11/2008 13:01:49
AEPACK.DLL : 8.1.3.4 393591 Bytes 11/11/2008 14:22:33
AEOFFICE.DLL : 8.1.0.33 196987 Bytes 12/12/2008 07:18:10
AEHEUR.DLL : 8.1.0.75 1524087 Bytes 12/12/2008 07:18:09
AEHELP.DLL : 8.1.2.0 119159 Bytes 18/11/2008 18:21:51
AEGEN.DLL : 8.1.1.8 323956 Bytes 12/12/2008 07:18:08
AEEMU.DLL : 8.1.0.9 393588 Bytes 15/10/2008 22:50:56
AECORE.DLL : 8.1.5.2 172405 Bytes 28/11/2008 23:01:02
AEBB.DLL : 8.1.0.3 53618 Bytes 15/10/2008 22:50:55
AVWINLL.DLL : 1.0.0.12 15105 Bytes 18/07/2008 17:41:34
AVPREF.DLL : 8.0.2.0 38657 Bytes 18/07/2008 17:41:34
AVREP.DLL : 8.0.0.2 98344 Bytes 31/07/2008 12:51:06
AVREG.DLL : 8.0.0.1 33537 Bytes 18/07/2008 17:41:34
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 18/07/2008 17:41:34
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 18/07/2008 17:41:34
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 18/07/2008 17:41:31
RCTEXT.DLL : 8.0.52.0 86273 Bytes 18/07/2008 17:41:31
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:, E:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: lundi, 15. décembre 2008 17:07
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'KatMouse.exe' - '1' Module(s) have been scanned
Scan process 'ExeGo.exe' - '1' Module(s) have been scanned
Scan process 'dllhost.exe' - '1' Module(s) have been scanned
Scan process 'ehmsas.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'WtSrv.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'issch.exe' - '1' Module(s) have been scanned
Scan process 'mcrdsvc.exe' - '1' Module(s) have been scanned
Scan process 'hpsysdrv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'StarWindService.exe' - '1' Module(s) have been scanned
Scan process 'psi.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'TrayMenu.exe' - '1' Module(s) have been scanned
Scan process 'LedWallpaper.exe' - '1' Module(s) have been scanned
Scan process 'rapimgr.exe' - '1' Module(s) have been scanned
Scan process 'wcescomm.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'GoogleDesktop.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'NMBgMonitor.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'GoogleDesktop.exe' - '1' Module(s) have been scanned
Scan process 'ehSched.exe' - '1' Module(s) have been scanned
Scan process 'apdproxy.exe' - '1' Module(s) have been scanned
Scan process 'ehrecvr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'arservice.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'UnlockerAssistant.exe' - '1' Module(s) have been scanned
Scan process 'TypeIn.exe' - '1' Module(s) have been scanned
Scan process 'Panel.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'WService.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'RTHDCPL.EXE' - '1' Module(s) have been scanned
Scan process 'ehtray.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
61 processes with 61 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Master boot sector HD2
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
Master boot sector HD3
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
Master boot sector HD4
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
Master boot sector HD5
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Boot sector 'E:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '77' files ).
Starting the file scan:
Begin scan in 'C:\' <HP_PAVILION>
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\' <DONNEES>
D:\Back\Back de ONE\1erInstall 98\Alu\AvatarStud\Patchs\patch30.exe
[WARNING] No further files can be extracted from this archive. The archive will be closed
D:\Back\New Install XP\Graphisme\3D\Alu.zip
[0] Archive type: ZIP
--> Patchs/patch30.exe
[WARNING] No further files can be extracted from this archive. The archive will be closed
D:\Back\New Install XP\Graphisme\3D\Alu\Patchs\patch30.exe
[WARNING] No further files can be extracted from this archive. The archive will be closed
D:\Back\New Install XP\Graphisme\ADOBE\Premiere6\Adobepremiere60to.zip
[0] Archive type: ZIP
--> Premiere_6.0 Tryout Win/DXMedia/directx.cab
[1] Archive type: CAB (Microsoft)
--> msjstick.w95
[WARNING] No further files can be extracted from this archive. The archive will be closed
--> Premiere_6.0 Tryout Win/DXMedia/dxnt.cab
[1] Archive type: CAB (Microsoft)
--> d3dref.dll
[WARNING] No further files can be extracted from this archive. The archive will be closed
D:\Back\New Install XP\Graphisme\ADOBE\Premiere6\Premiere_6.0 Tryout Win\DXMedia\directx.cab
[0] Archive type: CAB (Microsoft)
--> msjstick.w95
[WARNING] No further files can be extracted from this archive. The archive will be closed
Begin scan in 'E:\' <HP_RECOVERY>
End of the scan: lundi, 15. décembre 2008 18:30
Used time: 1:22:32 Hour(s)
The scan has been done completely.
18619 Scanning directories
638479 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
3 Files cannot be scanned
638476 Files not concerned
17220 Archives were scanned
13 Warnings
0 Notes
????????????????????????????????????????????????????????????
je dépose à cet heure un hitjackthis
pour contrôle
Merci d'y jeter un coup d'oeil
????????????????????????????????????????????????????????????
Le rapport
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:39:57, on 15.12.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\WService.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Trust\GM-4200 Gamer Mouse Optical\Panel.exe
C:\Program Files\Ka Type In\TypeIn.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\LED\LedWallpaper\LedWallpaper.exe
C:\Applik\TrayMenu\TrayMenu.exe
C:\Program Files\Secunia\PSI\psi.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\Drivers\WTSRV.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\Applik\Gest Fichiers\exego3\ExeGo.exe
C:\Program Files\KatMouse\KatMouse.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\notepad.exe
C:\Applik\Bureautique\EditPad\EditPad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ch/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66017
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://fr.search.yahoo.com/?fr=cb-hp06
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WService] WService.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Trust Gaming mouse] "C:\Program Files\Trust\GM-4200 Gamer Mouse Optical\Panel.exe"
O4 - HKLM\..\Run: [Ka Type In] C:\Program Files\Ka Type In\TypeIn.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Startup: Mount Virtual Drive.lnk = C:\Program Files\Walker Brothers\MountVD\MountVD.exe
O4 - Startup: Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: LedWallpaper.lnk = C:\Program Files\LED\LedWallpaper\LedWallpaper.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: TrayMenu.exe.lnk = C:\Applik\TrayMenu\TrayMenu.exe
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.ch/s/v/35.09/uploader2.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\ISO Recorder\ImapiHelper.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP1\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP1\RpcSandraSrv.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\System32\Drivers\WTSRV.EXE
A voir également:
- Contrôle HJT SVP
- Fan controle - Télécharger - Optimisation
- Controle parental disney plus - Guide
- Contrôle parental snapchat family link - Guide
- Teamviewer controle à distance - Guide
- Controle temperature pc - Guide
1 réponse
je me réponds
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
Inscription superflue (car sans effet) qui peut donc être effacée ! jp2ssv.dll - Sun_Java, https://www.oracle.com/java/technologies/ ex.jsp browser plugin
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
Cette inscription Winamp Search a été identifiée comme étant méchante.
J'ai supprimé ces 2 occurences analisée par un robot
( http://hijackthis.de/index.php?langselect=french )
j'aurais voulu avoir une confirmation...! ►UP
même tardive Merci
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
Inscription superflue (car sans effet) qui peut donc être effacée ! jp2ssv.dll - Sun_Java, https://www.oracle.com/java/technologies/ ex.jsp browser plugin
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
Cette inscription Winamp Search a été identifiée comme étant méchante.
J'ai supprimé ces 2 occurences analisée par un robot
( http://hijackthis.de/index.php?langselect=french )
j'aurais voulu avoir une confirmation...! ►UP
même tardive Merci
