Aller au contenu

gunbee

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    48

  • Inscription

  • Dernière visite

  • Jours gagnés

    1

 Type de contenu 

Tout ce qui a été posté par gunbee

  1. gunbee
    piges pas, je n'arrive a copier coller l'image de mon ecran
  2. gunbee
    toujours pareil cdt.
  3. gunbee
    Bonsoir tonton les voici. http://cjoint.com/?3LuwXphyQEs http://cjoint.com/?3Luw2n6kfAB cdt.
  4. gunbee
    Bonsoir tonton c'est fait. cdt.
  5. gunbee
    bonsoir tonton j'ai le meme soucis pas de pare feu après avoir fait la manip. cdt.
  6. gunbee
    bonjour je remonte le topic
  7. gunbee
    j'ai juste partage de connexion internet en manuel pas de pare feu windows
  8. gunbee
    Voici le rapport Pierre13 Rapport Pare Feu du 30/11/2014 à 19:33:57 (Version 2.0) Machine : PC-DE-ORDI Utilisateur : ordi Windows Vista Service Pack 2 (32 bits) Exécution En tant qu'administrateur en Mode normal Pare feu activé. Registre Ok. UAC est activé. Fin du rapport. Le rapport se trouve sur le Bureau (PareFeu.txt) c'est normal que j'ai toujours le message d'erreur suivant Un pb non identifié empêche windows d'afficher les paramêtres du paramêtre windows dans pare feu windows en fait je n'ai pas le centre de sécurité vista dans outils administration cdt.
  9. gunbee
    Bonsoir Tonton merci de maider j'ai lancer le programme ça planté ci dessous le rapport Description : Stopped working Signature du problème : Nom d’événement de problème: CLR20r3 Signature du problème 01: matsboot.exe Signature du problème 02: 4.5.0.0 Signature du problème 03: 54091d37 Signature du problème 04: mscorlib Signature du problème 05: 2.0.0.0 Signature du problème 06: 53a124a5 Signature du problème 07: 20a8 Signature du problème 08: 7 Signature du problème 09: N3CTRYE2KN3C34SGL4ZQYRBFTE4M13NB Version du système: 6.0.6002.2.2.0.768.3 Identificateur de paramètres régionaux: 1036 Lire notre déclaration de confidentialité : http://go.microsoft.com/fwlink/?linkid=50163&clcid=0x040c
  10. gunbee
    Bonjour J'ai le message d'erreur suivant Un pb non identifié empêche windows d'afficher les paramêtres du paramêtre windows j'ai lancé les antivirus et mal ware mais rien trouvé pouvez vous s'il vous plait m'aider. cdt.
  11. gunbee
    ca y est apres 20 DVD a la poubelle j'ai enfin trouver la solution c'était un probleme de driver avec le controleur ide j'avais pourtant installé les drivers du constructeur en fait j'ai tout simplement mis les drivers standard windows et tout est rentré dans l'ordre ce n'etait donc pas une hisoire de nero , de dvd decrypter ou de dvd defectueux encore moins mon graveur qui aurait été fatigué. Sur ce je tiens a remercier kewlcat pour toute son aide. En espérant que la solution a mon problème pourra dépanner certaines personnes @+
  12. gunbee
    pour l'executable c'etait juste pour te filer le lien(tu ne trouvais pas la mise a jour) le trojan avait affecté tous mes fichiers exe le firmware nétait pas en cause comme je l'ai dit ,j'ai du faire une reinstall complete je suis donc aller sur le site du constructeur (pas le choix) c'est un notebook en faisant une recherche par google avec "PIONEER DVD-RW DVR-K14L" j'ai vu que des personnes avec le mem probleme mais je n'ai toujours pas solutionné le pb. le pb c'est que c'est depuis cette mise a jour que j'ai ce pb et ce n'est pas une question de compatibilité de marque de dvd je cherche la version 1.0 mais je ne la trouve pas
  13. gunbee
    Où as-tu trouvé ton firmware actuel ?? Peut-on savoir pourquoi tu as mis à jour ton firmware ? Tu avais des soucis avant ? ben non en fait j'avais eu un trojan j'ai du faire une reinstall complete je suis donc allez sur le site du constructeur driver
  14. gunbee

    les fichiers exe ne s'ouvrent plus

    gunbee a répondu à un(e) sujet de riri1969 dans Software

    salut j'ai eu le meme probleme et ça venait d'un trojan lorsque je l'ai effacé tou les fichiers .exe étaient inutilisables lorsque tu démares windows, as tu un message comme quoi windows n'arrive pas a trouver le fichier qui a été effacé. dans mon cas j'ai du faire une reinstall complete tiens nous au courant pour la reparation javais essayé et c'était resté bloqué
  15. gunbee
    c'est la reférence du graveur
  16. gunbee
    bonsoir bon apres 7 tentatives et autant de dvdr a la poubelle j'ai besoin d'aide (oui je sais encore un) en fait j'ai installé les driver aspi comme y faut lorque je veux graver un dvdr Ver...tim j'ai ce message d'erreur a la fin de la gravure I/O error device:[1:0:0] pioneer dvd-rw DVR-K14KL 1.10(F:) ATA scsi status:0x02 interpretation check condition cdb:25 00 00 00 00 00 00 00 00 00 interpretation: read capacity sense area:70 03 00 00 00 00 0E 00 00 00 00 57 00 00 00 00 00 00 00 00 00 interpretation:unable to recover toc je tiens a preciser que je peux graver cdr ,cdrw, dvdrw je peux lire les cdr cdrw dvdr dvdrw en fait j'ai ce probleme depuis la mise a jour de mon firmware dvd si quelqu'un peut me trouver un firmware antérieur et m'expliquer le fond du pb merci d'avance de votre aide PS::je vais essayer avec d'autre marque mais je n'en ai pas sous la main pe ce w.E.
  17. gunbee
    bonjour AntiVir PersonalEdition Classic Report file date: mercredi 12 juillet 2006 17:28 Scanning for 453057 virus strains and unwanted programs. Licensed to: AntiVir PersonalEdition Classic Serial number: 0000149996-WURGE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Username: Computer name: -58A8D3 Version informations: AVSCAN.EXE : 7.0.0.42 376872 12/07/2006 15:25:52 AVSCAN.DLL : 7.0.0.42 53288 12/07/2006 15:25:52 LUKE.DLL : 7.0.0.42 110632 12/07/2006 15:25:55 LUKERES.DLL : 7.0.0.42 25640 12/07/2006 15:25:55 ANTIVIR0.VDF : 6.35.0.1 7371264 12/07/2006 15:25:49 ANTIVIR1.VDF : 6.35.0.168 730112 12/07/2006 15:25:49 ANTIVIR2.VDF : 6.35.0.181 78336 12/07/2006 15:25:49 ANTIVIR3.VDF : 6.35.0.194 22016 12/07/2006 15:25:49 AVEWIN32.DLL : 7.1.0.21 1552896 12/07/2006 15:25:50 AVPREF.DLL : 7.0.0.1 33832 12/07/2006 15:25:51 AVREP.DLL : 6.35.0.154 487464 12/07/2006 15:25:51 AVRPBASE.DLL : 7.0.0.0 1544232 12/07/2006 15:25:52 AVPACK32.DLL : 7.1.0.1 331816 12/07/2006 15:25:51 AVREG.DLL : 6.31.0.90 25128 12/07/2006 15:25:51 NETNT.DLL : 6.32.0.0 6696 12/07/2006 15:25:56 NETNW.DLL : 6.32.0.0 9768 12/07/2006 15:25:56 RCIMAGE.DLL : 7.0.0.71 1642536 12/07/2006 15:26:01 RCTEXT.DLL : 7.0.0.75 77864 12/07/2006 15:26:01 Configuration settings for the scan: Jobname: '%s'.................: Manual Selection Configuration file............: D:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\PROFILES\folder.avp Boot sectors..................: C,D,E Scan memory...................: 1 Process scan..................: 1 Scan all files................: 2 Scan archives.................: 1 Recursion depth...............: 20 Smart extensions..............: 1 Macro heuristic...............: 1 File heuristic................: -1 Primary action................: 1 Secondary action..............: 0 Start of the scan: mercredi 12 juillet 2006 17:28 The scan over running processes will be started 41 Processes was scanned Start scanning boot sectors: Boot sector 'C:\' [NOTE] No virus was found! Boot sector 'D:\' [NOTE] No virus was found! Boot sector 'E:\' [NOTE] No virus was found! Starting to scan the registry. The registry was scanned ( 25 files ). Starting the file scan: C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp [WARNING] The file could not be opened! C:\Documents and Settings\All Users\Application Data\muvee Technologies\030625\0237\0192\values [WARNING] The file could not be opened! C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Dr Watson\user.dmp [WARNING] The file could not be opened! D:\pagefile.sys [WARNING] The file could not be opened! D:\Documents and Settings\LocalService\NTUSER.DAT [WARNING] The file could not be opened! D:\Documents and Settings\LocalService\ntuser.dat.LOG [WARNING] The file could not be opened! D:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat [WARNING] The file could not be opened! D:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG [WARNING] The file could not be opened! D:\Documents and Settings\NetworkService\NTUSER.DAT [WARNING] The file could not be opened! D:\Documents and Settings\NetworkService\ntuser.dat.LOG [WARNING] The file could not be opened! D:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat [WARNING] The file could not be opened! D:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG [WARNING] The file could not be opened! D:\Documents and Settings\NTUSER.DAT [WARNING] The file could not be opened! D:\Documents and Settings\ntuser.dat.LOG [WARNING] The file could not be opened! D:\Documents and Settings\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat [WARNING] The file could not be opened! D:\Documents and Settings\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG [WARNING] The file could not be opened! D:\PALM\Flipchart.Express.v5.4.PalmOS.Cracked-BLZPDA\b-fegg54.zip [0] Archive type: ZIP --> cracktro.exe [DETECTION] Contains signature of the Windows virus W32/Zmist [iNFO] The file was moved to 'ac1a846a.qua'! D:\WINDOWS\system32\CatRoot2\edb.log [WARNING] The file could not be opened! D:\WINDOWS\system32\CatRoot2\tmp.edb [WARNING] The file could not be opened! D:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb [WARNING] The file could not be opened! D:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb [WARNING] The file could not be opened! D:\WINDOWS\system32\config\default [WARNING] The file could not be opened! D:\WINDOWS\system32\config\default.LOG [WARNING] The file could not be opened! D:\WINDOWS\system32\config\SAM [WARNING] The file could not be opened! D:\WINDOWS\system32\config\SAM.LOG [WARNING] The file could not be opened! D:\WINDOWS\system32\config\SECURITY [WARNING] The file could not be opened! D:\WINDOWS\system32\config\SECURITY.LOG [WARNING] The file could not be opened! D:\WINDOWS\system32\config\software [WARNING] The file could not be opened! D:\WINDOWS\system32\config\software.LOG [WARNING] The file could not be opened! D:\WINDOWS\system32\config\system [WARNING] The file could not be opened! D:\WINDOWS\system32\config\system.LOG [WARNING] The file could not be opened! D:\WINDOWS\Temp\win112.tmp.exe [DETECTION] Is the Trojan horse TR/PCK.Klone.G.10 [iNFO] The file was moved to '75e6926d.qua'! D:\WINDOWS\Temp\win115.tmp.exe [DETECTION] Is the Trojan horse TR/PCK.Klone.G.10 [iNFO] The file was moved to '75e69270.qua'! D:\WINDOWS\Temp\ZLT006a0.TMP [WARNING] The file could not be opened! D:\WINDOWS\Temp\ZLT006a3.TMP [WARNING] The file could not be opened! End of the scan: mercredi 12 juillet 2006 18:32 Used time: 1:04:01 min The scan has been done completely. 9164 Scanning directories 295508 Files were scanned 3 viruses and/or unwanted programs was found 0 files were deleted 0 files were repaired 3 files were moved to quarantine 0 files were renamed 6243 Archives were scanned 32 Warnings 1 Notes Logfile of HijackThis v1.99.1 Scan saved at 18:46:14, on 12/07/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\Ati2evxx.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\Ati2evxx.exe D:\WINDOWS\Explorer.EXE D:\WINDOWS\system32\spoolsv.exe D:\WINDOWS\SOUNDMAN.EXE D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe D:\Program Files\Launch Manager\LaunchAp.exe D:\Program Files\Launch Manager\HotkeyApp.exe D:\Program Files\Launch Manager\OSD.exe D:\Program Files\Launch Manager\Wbutton.exe D:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\ewido anti-spyware 4.0\ewido.exe C:\Program Files\iTunes\iTunesHelper.exe c:\Program Files\ewido anti-spyware 4.0\guard.exe D:\WINDOWS\system32\ctfmon.exe D:\Program Files\Tapwave\HOTSYNC.EXE D:\WINDOWS\system32\ZoneLabs\vsmon.exe D:\Program Files\iPod\bin\iPodService.exe D:\Program Files\AntiVir PersonalEdition Classic\avguard.exe D:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe D:\Program Files\AntiVir PersonalEdition Classic\sched.exe D:\Program Files\AntiVir PersonalEdition Classic\avcenter.exe C:\Program Files\Satsuki Decoder Pack\mpc\mplayerc.exe C:\Program Files\firefox.exe C:\Program Files\hijackthis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.fra.chello.fr/ssi/welcome/welc...home&src=ie R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = prosearching.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par chello broadband n.v. R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.chello.fr:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ATIPTA] "D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [LaunchAp] D:\Program Files\Launch Manager\LaunchAp.exe O4 - HKLM\..\Run: [HotkeyApp] D:\Program Files\Launch Manager\HotkeyApp.exe O4 - HKLM\..\Run: [CtrlVol] D:\Program Files\Launch Manager\CtrlVol.exe O4 - HKLM\..\Run: [LMgrOSD] D:\Program Files\Launch Manager\OSD.exe O4 - HKLM\..\Run: [Wbutton] "D:\Program Files\Launch Manager\Wbutton.exe" O4 - HKLM\..\Run: [NeroCheck] D:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [iSUSPM Startup] D:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "D:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [Zone Labs Client] "c:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [avgnt] "D:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background O4 - Startup: HotSync Manager.lnk = D:\Program Files\Tapwave\HOTSYNC.EXE O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://home.fra.chello.fr/ssi/welcome/welcome.php?url=home&src=ie O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - D:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - D:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - c:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - D:\WINDOWS\system32\ZoneLabs\vsmon.exe
  18. gunbee
    Voci les rapprts C:\ D:\ E:\ F:\ H:\ Statistiques de l'analyse Total d'objets analysés : 88876 Nombre de virus trouvés 2 Nombre d'objets infectés 12 Nombre d'objets suspects 0 Durée de l'analyse 01:16:47 Nom de l'objet infecté Nom du virus Dernière action D:\Documents and Settings\\Quarantine\firefox.exe.bac_a02992/data0002 Infecté: Trojan-Downloader.Win32.PurityScan.cq ignoré D:\Documents and Settings\.housecall\Quarantine\firefox.exe.bac_a02992 NSIS: infecté - 1 ignoré D:\Documents and Settings\.housecall\Quarantine\firefox.exe.bac_a02992 CryptFF.b: infecté - 1 ignoré D:\Documents and Settings\.housecall\Quarantine\OA.exe.bac_a02992 Infecté: Trojan-Downloader.Win32.PurityScan.cq ignoré D:\Documents and Settings\.housecall\Quarantine\yb[1].exe.bac_a02992/data0002 Infecté: Trojan-Downloader.Win32.PurityScan.cq ignoré D:\Documents and Settings\.housecall\Quarantine\yb[1].exe.bac_a02992 NSIS: infecté - 1 ignoré D:\Documents and Settings\.housecall\Quarantine\yb[1].exe.bac_a02992 CryptFF.b: infecté - 1 ignoré D:\WINDOWS\Temp\win10A.tmp.exe Infecté: Packed.Win32.Klone.g ignoré D:\WINDOWS\Temp\win10C.tmp.exe Infecté: Packed.Win32.Klone.g ignoré D:\WINDOWS\Temp\win10E.tmp.exe Infecté: Packed.Win32.Klone.g ignoré D:\WINDOWS\Temp\win112.tmp.exe Infecté: Packed.Win32.Klone.g ignoré D:\WINDOWS\Temp\win115.tmp.exe Logfile of HijackThis v1.99.1 Scan saved at 22:26:29, on 11/07/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\Ati2evxx.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\spoolsv.exe D:\WINDOWS\system32\Ati2evxx.exe D:\WINDOWS\Explorer.EXE D:\WINDOWS\SOUNDMAN.EXE D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe D:\Program Files\Launch Manager\LaunchAp.exe D:\Program Files\Launch Manager\HotkeyApp.exe D:\Program Files\Launch Manager\OSD.exe D:\Program Files\Launch Manager\Wbutton.exe D:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\ewido anti-spyware 4.0\ewido.exe C:\Program Files\iTunes\iTunesHelper.exe c:\Program Files\ewido anti-spyware 4.0\guard.exe D:\WINDOWS\system32\ctfmon.exe D:\Program Files\Tapwave\HOTSYNC.EXE D:\WINDOWS\system32\ZoneLabs\vsmon.exe D:\WINDOWS\system32\wscntfy.exe D:\Program Files\iPod\bin\iPodService.exe D:\WINDOWS\system32\notepad.exe D:\Program Files\Internet Explorer\iexplore.exe D:\WINDOWS\system32\rundll32.exe C:\Program Files\firefox.exe C:\Program Files\hijackthis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.fra.chello.fr/ssi/welcome/welc...home&src=ie R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = prosearching.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par chello broadband n.v. R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.chello.fr:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ATIPTA] "D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [LaunchAp] D:\Program Files\Launch Manager\LaunchAp.exe O4 - HKLM\..\Run: [HotkeyApp] D:\Program Files\Launch Manager\HotkeyApp.exe O4 - HKLM\..\Run: [CtrlVol] D:\Program Files\Launch Manager\CtrlVol.exe O4 - HKLM\..\Run: [LMgrOSD] D:\Program Files\Launch Manager\OSD.exe O4 - HKLM\..\Run: [Wbutton] "D:\Program Files\Launch Manager\Wbutton.exe" O4 - HKLM\..\Run: [NeroCheck] D:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [iSUSPM Startup] D:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "D:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [Zone Labs Client] "c:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background O4 - Startup: HotSync Manager.lnk = D:\Program Files\Tapwave\HOTSYNC.EXE O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://home.fra.chello.fr/ssi/welcome/welcome.php?url=home&src=ie O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - c:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - D:\WINDOWS\system32\ZoneLabs\vsmon.exe
  19. gunbee
    bonjour voici les rapport Logfile of HijackThis v1.99.1 Scan saved at 17:48:24, on 10/07/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\csrss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\Ati2evxx.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\system32\Ati2evxx.exe D:\WINDOWS\Explorer.EXE D:\WINDOWS\system32\spoolsv.exe c:\Program Files\ewido anti-spyware 4.0\guard.exe D:\WINDOWS\SOUNDMAN.EXE D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe D:\Program Files\Launch Manager\LaunchAp.exe D:\Program Files\Launch Manager\HotkeyApp.exe D:\Program Files\Launch Manager\OSD.exe D:\Program Files\Launch Manager\Wbutton.exe D:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\ewido anti-spyware 4.0\ewido.exe D:\WINDOWS\system32\ctfmon.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe c:\Program Files\Spyware Doctor\sdhelp.exe D:\Program Files\Tapwave\HOTSYNC.EXE D:\WINDOWS\system32\ZoneLabs\vsmon.exe D:\WINDOWS\system32\wscntfy.exe D:\WINDOWS\system32\wbem\wmiprvse.exe D:\WINDOWS\system32\wbem\wmiprvse.exe D:\WINDOWS\System32\alg.exe D:\WINDOWS\system32\wuauclt.exe C:\Program Files\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.fra.chello.fr/ssi/welcome/welc...home&src=ie R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = prosearching.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par chello broadband n.v. R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.chello.fr:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ATIPTA] "D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [LaunchAp] D:\Program Files\Launch Manager\LaunchAp.exe O4 - HKLM\..\Run: [HotkeyApp] D:\Program Files\Launch Manager\HotkeyApp.exe O4 - HKLM\..\Run: [CtrlVol] D:\Program Files\Launch Manager\CtrlVol.exe O4 - HKLM\..\Run: [LMgrOSD] D:\Program Files\Launch Manager\OSD.exe O4 - HKLM\..\Run: [Wbutton] "D:\Program Files\Launch Manager\Wbutton.exe" O4 - HKLM\..\Run: [NeroCheck] D:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [iSUSPM Startup] D:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "D:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [Zone Labs Client] "c:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background O4 - Startup: HotSync Manager.lnk = D:\Program Files\Tapwave\HOTSYNC.EXE O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://home.fra.chello.fr/ssi/welcome/welcome.php?url=home&src=ie O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O20 - AppInit_DLLs: , O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - c:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - c:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - D:\WINDOWS\system32\ZoneLabs\vsmon.exe -------------------------------------------------------- ewido anti-spyware - Scan Report --------------------------------------------------------- + Created at: 17:44:10 10/07/2006 + Scan result: D:\WINDOWS\system32\scanregw.dll -> Adware.PurityScan : Cleaned with backup (quarantined). D:\WINDOWS\system32\gebbaby.dll -> Adware.Virtumonde : Cleaned with backup (quarantined). D:\WINDOWS\system32\khfdcaa.dll -> Adware.Virtumonde : Cleaned with backup (quarantined). D:\WINDOWS\system32\ljjhefg.dll -> Adware.Virtumonde : Cleaned with backup (quarantined). C:\Documents and Settings\sophanassy\Local Settings\Temp\Répertoire temporaire 1 pour Act_of_War++_Direct_Action-Reloaded.zip\ACTOFWAR.EXE -> Heuristic.Win32.Backdoor.IrcBot : Cleaned. D:\Act_of_War++_Direct_Action-Reloaded.zip/ACTOFWAR.EXE -> Heuristic.Win32.Backdoor.IrcBot : Cleaned. D:\Act_of_War++_Direct_Action-Reloaded\ACTOFWAR.EXE -> Heuristic.Win32.Backdoor.IrcBot : Cleaned. D:\rld-aow.rar/ACTOFWAR.EXE -> Heuristic.Win32.Backdoor.IrcBot : Cleaned.
  20. gunbee
    le voila le rapport antivir AntiVir PersonalEdition Classic Report file date: vendredi 30 juin 2006 23:10 Scanning for 428889 virus strains and unwanted programs. Licensed to: AntiVir PersonalEdition Classic Serial number: 0000149996-WURGE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Version informations: AVSCAN.EXE : 7.0.0.42 557096 30/06/2006 20:36:28 AVSCAN.DLL : 7.0.0.42 53288 30/06/2006 20:36:28 LUKE.DLL : 7.0.0.42 118824 30/06/2006 20:36:28 LUKERES.DLL : 7.0.0.42 25640 30/06/2006 20:36:28 ANTIVIR0.VDF : 6.35.0.1 7371264 30/06/2006 20:36:28 ANTIVIR1.VDF : 6.35.0.122 445440 30/06/2006 20:36:28 ANTIVIR2.VDF : 6.35.0.123 2048 30/06/2006 20:36:28 ANTIVIR3.VDF : 6.35.0.127 35840 30/06/2006 20:36:28 AVEWIN32.DLL : 7.1.0.19 1544704 30/06/2006 20:36:28 AVPREF.DLL : 7.0.0.1 49192 30/06/2006 20:36:28 AVREP.DLL : 6.35.0.85 696360 30/06/2006 20:36:28 AVRPBASE.DLL : 7.0.0.0 2162728 30/06/2006 20:36:28 AVPACK32.DLL : 7.1.0.1 335912 30/06/2006 20:36:28 AVREG.DLL : 6.31.0.90 27688 30/06/2006 20:36:28 NETNT.DLL : 6.32.0.0 6696 30/06/2006 20:36:28 NETNW.DLL : 6.32.0.0 9768 30/06/2006 20:36:28 RCIMAGE.DLL : 7.0.0.71 1642536 30/06/2006 20:36:30 RCTEXT.DLL : 7.0.0.75 77864 30/06/2006 20:36:30 Configuration settings for the scan: Jobname: '%s'.................: Local Drives Configuration file............: D:\Program Files\AntiVir PersonalEdition Classic\alldrives.avp Boot sectors..................: C,D,E,F Scan memory...................: 1 Process scan..................: 1 Scan all files................: 1 Scan archives.................: 1 Recursion depth...............: 20 Smart extensions..............: 1 Skipped archive types.........: 1000,1001,1002,1003,1004, Macro heuristic...............: 1 File heuristic................: 3 Primary action................: 1 Secondary action..............: 0 Start of the scan: vendredi 30 juin 2006 23:10 The scan over running processes will be started 17 Processes was scanned Start scanning boot sectors: Boot sector 'C:\' [NOTE] No virus was found! Boot sector 'D:\' [NOTE] No virus was found! Boot sector 'E:\' [NOTE] No virus was found! Starting to scan the registry. The registry was scanned ( 24 files ). Starting the file scan: C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp [WARNING] The file could not be opened! C:\Documents and Settings\All Users\Application Data\muvee Technologies\030625\0237\0192\values [WARNING] The file could not be opened! C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Dr Watson\user.dmp [WARNING] The file could not be opened! C:\Documents and Settings\sophanassy\Local Settings\Temp\Répertoire temporaire 1 pour LordOfTheRingsTheReturnOfTheKingsv1.0NoCDFixedexeEng.zip\rotk.exe [DETECTION] Contains suspicious code HEUR/Virus.Win32 [iNFO] The file was deleted! D:\pagefile.sys [WARNING] The file could not be opened! D:\Documents and Settings\NetworkService\NTUSER.DAT [WARNING] The file could not be opened! D:\Documents and Settings\NetworkService\ntuser.dat.LOG [WARNING] The file could not be opened! D:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat [WARNING] The file could not be opened! D:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG [WARNING] The file could not be opened! D:\Documents and Settings\sophannasy\NTUSER.DAT [WARNING] The file could not be opened! D:\Documents and Settings\sophannasy\ntuser.dat.LOG [WARNING] The file could not be opened! D:\Documents and Settings\sophannasy\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat [WARNING] The file could not be opened! D:\Documents and Settings\sophannasy\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG [WARNING] The file could not be opened! D:\Documents and Settings\sophannasy\Local Settings\Temp\mst1A.tmp [DETECTION] Is the Trojan horse TR/Agent.VG.2 [iNFO] The file was deleted! D:\Documents and Settings\sophannasy\Local Settings\Temp\mst2E.tmp [DETECTION] Is the Trojan horse TR/Agent.VG.2 [iNFO] The file was deleted! D:\Documents and Settings\sophannasy\Local Settings\Temp\win1E.tmp.exe [DETECTION] Is the Trojan horse TR/Dldr.VB.abm.7 [iNFO] The file was deleted! D:\Program Files\Fichiers communs\Y1123OA.exe [DETECTION] Is the Trojan horse TR/Dldr.PurityScan.CQ [iNFO] The file was deleted! D:\Program Files\ѕеcurity\javaw.exe [DETECTION] Is the Trojan horse TR/Dldr.PurityScan.CQ.1 [iNFO] The file was deleted! D:\WINDOWS\system32\winhwc32.dll [DETECTION] Is the Trojan horse TR/Agent.VG.2 [WARNING] The file could not be deleted! D:\WINDOWS\system32\config\default [WARNING] The file could not be opened! D:\WINDOWS\system32\config\default.LOG [WARNING] The file could not be opened! D:\WINDOWS\system32\config\SAM [WARNING] The file could not be opened! D:\WINDOWS\system32\config\SAM.LOG [WARNING] The file could not be opened! D:\WINDOWS\system32\config\SECURITY [WARNING] The file could not be opened! D:\WINDOWS\system32\config\SECURITY.LOG [WARNING] The file could not be opened! D:\WINDOWS\system32\config\software [WARNING] The file could not be opened! D:\WINDOWS\system32\config\software.LOG [WARNING] The file could not be opened! D:\WINDOWS\system32\config\system [WARNING] The file could not be opened! D:\WINDOWS\system32\config\system.LOG [WARNING] The file could not be opened! The path F:\ could not be found! Le périphérique n'est pas prêt. End of the scan: samedi 1 juillet 2006 00:59 Used time: 1:49:17 min The scan has been done completely. 8651 Scanning directories 272757 Files were scanned 7 viruses and/or unwanted programs was found 6 files were deleted 0 files were repaired 0 files were moved to quarantine 0 files were renamed 5757 Archives were scanned 23 Warnings 1 Notes
  21. gunbee
    voila le rapport apres avoir utilisé antivir Logfile of HijackThis v1.99.1 Scan saved at 01:08:22, on 01/07/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\csrss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\Ati2evxx.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\system32\spoolsv.exe D:\WINDOWS\system32\Ati2evxx.exe D:\WINDOWS\Explorer.EXE D:\WINDOWS\SOUNDMAN.EXE D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe D:\Program Files\Launch Manager\LaunchAp.exe D:\Program Files\Launch Manager\HotkeyApp.exe D:\Program Files\Launch Manager\OSD.exe D:\Program Files\Launch Manager\Wbutton.exe D:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe D:\WINDOWS\system32\ctfmon.exe c:\Program Files\Spyware Doctor\sdhelp.exe D:\Documents and Settings\Mes documents\s?stem32\??plorer.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe D:\Program Files\Tapwave\HOTSYNC.EXE D:\WINDOWS\system32\ZoneLabs\vsmon.exe D:\WINDOWS\system32\wscntfy.exe D:\WINDOWS\system32\wbem\wmiprvse.exe D:\WINDOWS\system32\wbem\wmiprvse.exe D:\WINDOWS\System32\alg.exe D:\WINDOWS\system32\wuauclt.exe C:\Program Files\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.fra.chello.fr/ssi/welcome/welc...home&src=ie R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = prosearching.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par chello broadband n.v. R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.chello.fr:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - Default URLSearchHook is missing O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ATIPTA] "D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [LaunchAp] D:\Program Files\Launch Manager\LaunchAp.exe O4 - HKLM\..\Run: [HotkeyApp] D:\Program Files\Launch Manager\HotkeyApp.exe O4 - HKLM\..\Run: [CtrlVol] D:\Program Files\Launch Manager\CtrlVol.exe O4 - HKLM\..\Run: [LMgrOSD] D:\Program Files\Launch Manager\OSD.exe O4 - HKLM\..\Run: [Wbutton] "D:\Program Files\Launch Manager\Wbutton.exe" O4 - HKLM\..\Run: [NeroCheck] D:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [iSUSPM Startup] D:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "D:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [Zone Labs Client] "c:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Hgwz] D:\Documents and Settings\Mes documents\s?stem32\??plorer.exe O4 - Startup: HotSync Manager.lnk = D:\Program Files\Tapwave\HOTSYNC.EXE O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://home.fra.chello.fr/ssi/welcome/welcome.php?url=home&src=ie O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O20 - AppInit_DLLs: , O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - c:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - D:\WINDOWS\system32\ZoneLabs\vsmon.exe
  22. gunbee
    bonjour je sais c'est mon premier message mais la j'en peux plus j'ai ce trojan et j'arive pas a m'en débarasser voici mon log Logfile of HijackThis v1.99.1 Scan saved at 21:45:21, on 30/06/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\csrss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\Ati2evxx.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\system32\spoolsv.exe D:\WINDOWS\system32\Ati2evxx.exe D:\WINDOWS\Explorer.EXE D:\WINDOWS\SOUNDMAN.EXE D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe D:\Program Files\Launch Manager\LaunchAp.exe D:\Program Files\Launch Manager\HotkeyApp.exe D:\Program Files\Launch Manager\OSD.exe D:\Program Files\Launch Manager\Wbutton.exe D:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe D:\WINDOWS\system32\ctfmon.exe c:\Program Files\Spyware Doctor\sdhelp.exe D:\Documents and Settings\\Mes documents\s?stem32\??plorer.exe D:\Program Files\Tapwave\HOTSYNC.EXE D:\WINDOWS\system32\ZoneLabs\vsmon.exe D:\WINDOWS\system32\wscntfy.exe D:\WINDOWS\system32\wbem\wmiprvse.exe D:\WINDOWS\system32\rundll32.exe D:\WINDOWS\System32\alg.exe C:\Program Files\firefox.exe C:\Program Files\Spyware Doctor\swdoctor.exe C:\Program Files\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.fra.chello.fr/ssi/welcome/welc...home&src=ie R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = prosearching.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par chello broadband n.v. R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.chello.fr:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - Default URLSearchHook is missing O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ATIPTA] "D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [LaunchAp] D:\Program Files\Launch Manager\LaunchAp.exe O4 - HKLM\..\Run: [HotkeyApp] D:\Program Files\Launch Manager\HotkeyApp.exe O4 - HKLM\..\Run: [CtrlVol] D:\Program Files\Launch Manager\CtrlVol.exe O4 - HKLM\..\Run: [LMgrOSD] D:\Program Files\Launch Manager\OSD.exe O4 - HKLM\..\Run: [Wbutton] "D:\Program Files\Launch Manager\Wbutton.exe" O4 - HKLM\..\Run: [NeroCheck] D:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [iSUSPM Startup] D:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "D:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [Zone Labs Client] "c:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Hgwz] D:\Documents and Settings\Mes documents\s?stem32\??plorer.exe O4 - Startup: HotSync Manager.lnk = D:\Program Files\Tapwave\HOTSYNC.EXE O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://home.fra.chello.fr/ssi/welcome/welcome.php?url=home&src=ie O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O20 - AppInit_DLLs: , O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - c:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - D:\WINDOWS\system32\ZoneLabs\vsmon.exe merci de filer un coup de main
×
×
  • Créer...