Aller au contenu

valouuu

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    208

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par valouuu

  1. valouuu
    de retour mais ca ne va pas mieux pleins de fenetre intempestives et toujours mes satanes virus que dois je faire je te post un nouveau rapport hijac au cas ou Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:33:24, on 27/08/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\ibmpmsvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\OpiStat\OpiStat\OpiStat.exe C:\WINDOWS\system32\RunDll32.exe C:\WINDOWS\system32\tp4mon.exe C:\WINDOWS\VM_STI.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\MpcStar\Codecs\QuickTime\QTSystem\qttask.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\OLITEC\Common\RaUI.exe C:\Program Files\Philips\SPC 200NC PC Camera\TrayMin200.exe C:\WINDOWS\system32\cidaemon.exe C:\Program Files\TribalWeb.net\TribalWeb.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\User\LOCALS~1\Temp\Rar$EX01.139\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.fr.netscape.com/fr/home/winsearch200.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://localhost:6080;https=http://localhost:6080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.3.19.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O4 - HKLM\..\Run: [OpiStat] C:\Program Files\OpiStat\OpiStat\OpiStat.exe O4 - HKLM\..\Run: rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog O4 - HKLM\..\Run: [bMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor O4 - HKLM\..\Run: [bMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor O4 - HKLM\..\Run: [TrackPointSrv] tp4mon.exe O4 - HKLM\..\Run: [bMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE Philips SPC 200NC PC Camera O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\MpcStar\Codecs\QuickTime\QTSystem\qttask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [{39-95-59-97-ZN}] C:\Documents and Settings\User\Local Settings\Temp\TIP2D002.exe P2D002 O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\MSNMES~1\msnmsgr.exe" /background O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\WINSOS\WINSOS.EXE" MINI O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: TribalWeb.net.lnk = C:\Program Files\TribalWeb.net\tribalweb.exe O4 - Startup: TA_Start.lnk = C:\Documents and Settings\User\Local Settings\Temp\TIP2D002.exe O4 - Startup: TribalWeb.lnk = C:\Program Files\TribalWeb.net\tribalweb.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Moniteur reseau 802.11g OLITEC.lnk = C:\Program Files\OLITEC\Common\RaUI.exe O4 - Global Startup: TrayMin300.exe.lnk = ? O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O14 - IERESET.INF: START_PAGE_URL=www.tele2internet.ch O16 - DPF: Yahoo! MahJong Solitaire - http://download.games.yahoo.com/games/clients/y/mjst4_x.cab O16 - DPF: Yahoo! Poker - http://download2.games.yahoo.com/games/clients/y/pt3_x.cab O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/games/clients/y/pyt1_x.cab O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://s.tf1.fr/mmdia/static/rawflow/clien...1.0/Rawflow.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game11.zylom.com/activex/zylomgamesplayer.cab O20 - Winlogon Notify: unlase - C:\WINDOWS\SYSTEM32\unlase.dll O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Boonty Games - Unknown owner - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe (file missing) O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: DomainService - Unknown owner - C:\Documents and Settings\User\Application Data\tmp17F.tmp.exe (file missing) O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- End of file - 8643 bytes je compte sur toi j'en ai ras les bottes de ce probleme qui me gene beaucoup merci
  2. valouuu
    rapport vundo no infected files were found!!!! amicalement a plus
  3. valouuu
    pare vais m'absenter jusqu'a lundi ou mardi donc je me reconnecte et te tiens au courant des que je rentre merci
  4. valouuu
    non il n'y a rien d'ecrit
  5. valouuu
    AntiVir PersonalEdition Classic Report file date: vendredi 24 août 2007 14:36 Scanning for 1033561 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Username: User Computer name: USER-PWJAIWOHNU Version information: BUILD.DAT : 247 14437 Bytes 10/05/2007 11:55:00 AVSCAN.EXE : 7.0.4.15 282664 Bytes 20/04/2007 11:37:16 AVSCAN.DLL : 7.0.4.4 33832 Bytes 27/03/2007 11:31:56 LUKE.DLL : 7.0.4.11 143400 Bytes 27/03/2007 11:26:06 LUKERES.DLL : 7.0.4.0 10280 Bytes 19/03/2007 11:19:00 ANTIVIR0.VDF : 6.35.0.1 7371264 Bytes 31/05/2006 13:08:58 ANTIVIR1.VDF : 6.39.0.129 7251968 Bytes 10/07/2007 11:52:00 ANTIVIR2.VDF : 6.39.1.15 1451008 Bytes 17/08/2007 11:52:00 ANTIVIR3.VDF : 6.39.1.41 91136 Bytes 24/08/2007 11:52:00 AVEWIN32.DLL : 7.4.1.63 2724352 Bytes 24/08/2007 11:52:00 AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:28 AVPREF.DLL : 7.0.2.1 24616 Bytes 27/03/2007 11:31:52 AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24 AVPACK32.DLL : 7.3.0.15 360488 Bytes 24/08/2007 11:52:02 AVREG.DLL : 7.0.1.2 31784 Bytes 15/03/2007 08:05:10 AVEVTLOG.DLL : 7.0.0.18 86056 Bytes 27/03/2007 11:16:06 AVARKT.DLL : 1.0.0.17 278568 Bytes 02/05/2007 10:32:28 NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:44 RCIMAGE.DLL : 7.0.1.15 2228264 Bytes 13/03/2007 09:46:20 RCTEXT.DLL : 7.0.45.0 86056 Bytes 19/03/2007 11:42:44 Configuration settings for the scan: Jobname..........................: Local Drives Configuration file...............: C:\Program Files\AntiVir PersonalEdition Classic\alldrives.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: off Scan boot sector.................: on Boot sectors.....................: A:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: vendredi 24 août 2007 14:36 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'BitComet.exe' - '1' Module(s) have been scanned Scan process 'iexplore.exe' - '1' Module(s) have been scanned Scan process 'cidaemon.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'tribalweb.exe' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'cisvc.exe' - '1' Module(s) have been scanned Scan process 'CDAC11BA.EXE' - '1' Module(s) have been scanned Scan process 'GUARD.EXE' - '0' Module(s) have been scanned Scan process 'SPOOLSV.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'IBMPMSVC.EXE' - '1' Module(s) have been scanned Scan process 'LSASS.EXE' - '1' Module(s) have been scanned Scan process 'SERVICES.EXE' - '1' Module(s) have been scanned Scan process 'WINLOGON.EXE' - '1' Module(s) have been scanned Scan process 'CSRSS.EXE' - '1' Module(s) have been scanned Scan process 'SMSS.EXE' - '1' Module(s) have been scanned 29 processes with 29 modules were scanned Start scanning boot sectors: Boot sector 'C:\' [NOTE] No virus was found! Boot sector 'A:\' [NOTE] In the drive 'A:\' no data medium is inserted! Starting to scan the registry. The registry was scanned ( '29' files ). Starting the file scan: Begin scan in 'C:\' C:\pagefile.sys [WARNING] The file could not be opened! C:\hiberfil.sys [WARNING] The file could not be opened! C:\WINDOWS\fcbbyv.dll [DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen [iNFO] The file was moved to '4730d155.qua'! C:\WINDOWS\system32\unlase.dll [DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen [WARNING] An error has occurred and the file was not deleted. ErrorID: 16003 [WARNING] The file could not be deleted! C:\WINDOWS\system32\drivers\sptd.sys [WARNING] The file could not be opened! C:\Documents and Settings\User\Local Settings\Temp\Setup(0).exe [DETECTION] Is the Trojan horse TR/Vundo.Gen [iNFO] The file was moved to '4742d623.qua'! C:\Documents and Settings\User\Local Settings\Temp\setup_rightonadz.exe [DETECTION] Contains signature of the dropper DR/Agent.141853.B [iNFO] The file was moved to '4742d624.qua'! C:\Documents and Settings\User\Application Data\tmp9.tmp.exe [DETECTION] Is the Trojan horse TR/Vundo.Gen [iNFO] The file was moved to '473ed6ca.qua'! C:\Documents and Settings\User\Application Data\tmpB.tmp.exe [DETECTION] Is the Trojan horse TR/Vundo.Gen [iNFO] The file was moved to '473ed6cb.qua'! C:\Documents and Settings\User\Application Data\tmp5.tmp.exe [DETECTION] Is the Trojan horse TR/Vundo.Gen [iNFO] The file was moved to '46b94e30.qua'! C:\Documents and Settings\User\Application Data\tmp6.tmp.exe [DETECTION] Is the Trojan horse TR/Vundo.Gen [iNFO] The file was moved to '473ed6cc.qua'! C:\Documents and Settings\User\Application Data\tmp8.tmp.exe [DETECTION] Is the Trojan horse TR/Vundo.Gen [iNFO] The file was moved to '46b94e31.qua'! C:\System Volume Information\_restore{0A32F3C0-5819-4E1D-AD65-5EDB45AF4539}\RP80\A0030812.dll [DETECTION] Contains signature of the dropper DR/Agent.141853.A [iNFO] The file was moved to '46feda74.qua'! C:\System Volume Information\_restore{0A32F3C0-5819-4E1D-AD65-5EDB45AF4539}\RP82\A0030963.dll [DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen [iNFO] The file was moved to '46feda91.qua'! C:\System Volume Information\_restore{0A32F3C0-5819-4E1D-AD65-5EDB45AF4539}\RP82\A0030965.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was moved to '46feda92.qua'! C:\System Volume Information\_restore{0A32F3C0-5819-4E1D-AD65-5EDB45AF4539}\RP82\A0030969.dll [DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen [iNFO] The file was moved to '4779426f.qua'! C:\System Volume Information\_restore{0A32F3C0-5819-4E1D-AD65-5EDB45AF4539}\RP84\A0031211.dll [DETECTION] Contains signature of the dropper DR/Agent.141853.A [iNFO] The file was moved to '46feda9f.qua'! C:\System Volume Information\_restore{0A32F3C0-5819-4E1D-AD65-5EDB45AF4539}\RP85\A0033613.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was moved to '46fedaaf.qua'! C:\System Volume Information\_restore{0A32F3C0-5819-4E1D-AD65-5EDB45AF4539}\RP88\A0033744.dll [DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen [iNFO] The file was moved to '46fedab8.qua'! C:\System Volume Information\_restore{0A32F3C0-5819-4E1D-AD65-5EDB45AF4539}\RP88\A0033746.exe [DETECTION] Is the Trojan horse TR/Vundo.Gen [iNFO] The file was moved to '46fedab9.qua'! C:\System Volume Information\_restore{0A32F3C0-5819-4E1D-AD65-5EDB45AF4539}\RP88\A0033747.exe [DETECTION] Is the Trojan horse TR/Vundo.Gen [iNFO] The file was moved to '47794246.qua'! C:\System Volume Information\_restore{0A32F3C0-5819-4E1D-AD65-5EDB45AF4539}\RP88\A0033749.exe [DETECTION] Is the Trojan horse TR/Vundo.Gen [iNFO] The file was moved to '46fedaba.qua'! Begin scan in 'A:\' Search path A:\ could not be opened! Le périphérique n'est pas prêt. End of the scan: vendredi 24 août 2007 15:19 Used time: 44:10 min The scan has been done completely. 4752 Scanning directories 162839 Files were scanned 19 viruses and/or unwanted programs were found 0 classified as suspicious: 0 files were deleted 0 files were repaired 18 files were moved to quarantine 0 files were renamed 3 Files cannot be scanned 162820 Files not concerned 792 Archives were scanned 4 Warnings 1 Notes 0 Hidden objects were found
  6. valouuu
    POUR VUNDO PAS DE RAPPORT RIEN DE TROUVE MSN_Fix 1.469 C:\Documents and Settings\User\Bureau\MSNFix\MSNFix Fix exécuté le 24/08/2007 - 12:28:44,21 By User mode normal ************************ Recherche les fichiers présents Aucun Fichier trouvé ************************ Recherche les dossiers présents Aucun dossier trouvé ************************ Fichiers suspects /!\ ces fichiers nécessitent un avis expérimenté avant toute intervention [C:\WINDOWS\pbkinstall.dll.zip] A1BE5845E39062D8BBF6360E7D970E04 ------------------------------------------------------------------------ Auteur : !aur3n7 Contact: http://changelog.fr ------------------------------------------------------------------------ --------------------------------------------- END ---------------------------------------------
  7. valouuu
    VG Anti-Spyware - Rapport d'analyse --------------------------------------------------------- + Créé à: 00:43:36 24/08/2007 + Résultat de l'analyse: HKLM\SOFTWARE\Classes\WR -> Adware.Generic : Aucune action entreprise. C:\Documents and Settings\User\Cookies\user@cbs.112.2o7[1].txt -> TrackingCookie.2o7 : Aucune action entreprise. C:\Documents and Settings\User\Cookies\user@advertising[1].txt -> TrackingCookie.Advertising : Aucune action entreprise. C:\Documents and Settings\User\Cookies\user@atdmt[2].txt -> TrackingCookie.Atdmt : Aucune action entreprise. C:\Documents and Settings\User\Cookies\user@bluestreak[1].txt -> TrackingCookie.Bluestreak : Aucune action entreprise. C:\Documents and Settings\User\Cookies\user@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Aucune action entreprise. C:\Documents and Settings\User\Cookies\user@doubleclick[1].txt -> TrackingCookie.Doubleclick : Aucune action entreprise. C:\Documents and Settings\User\Cookies\user@findwhat[1].txt -> TrackingCookie.Findwhat : Aucune action entreprise. C:\Documents and Settings\User\Cookies\user@banner.goldenpalace[2].txt -> TrackingCookie.Goldenpalace : Aucune action entreprise. C:\Documents and Settings\User\Cookies\user@goldenpalace[1].txt -> TrackingCookie.Goldenpalace : Aucune action entreprise. C:\Documents and Settings\User\Cookies\user@mediaplex[1].txt -> TrackingCookie.Mediaplex : Aucune action entreprise. C:\Documents and Settings\User\Cookies\user@overture[1].txt -> TrackingCookie.Overture : Aucune action entreprise. C:\Documents and Settings\User\Cookies\user@smartadserver[2].txt -> TrackingCookie.Smartadserver : Aucune action entreprise. C:\Documents and Settings\User\Cookies\user@tacoda[2].txt -> TrackingCookie.Tacoda : Aucune action entreprise. C:\Documents and Settings\User\Cookies\user@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Aucune action entreprise. C:\Documents and Settings\User\Cookies\user@weborama[1].txt -> TrackingCookie.Weborama : Aucune action entreprise. C:\Documents and Settings\User\Cookies\user@zedo[2].txt -> TrackingCookie.Zedo : Aucune action entreprise. Fin du rapport merci de votre aide ca devient tres dur de faire quoi que ce soit sur le pc l'antivirus me note les virus cites precedement toutes les 10 Secondes et il m'afallu 8 heures pour faire le scan avg!!!!!!!!!!!!au secours!!!!
  8. valouuu
    cette a ction ne peux passe realiser .en mode sans echec explorer.exe ne tient pas et je ne peux pas acceder au bureau 5°) Tu redemarres en mode sans echec (F8 au démarrage) puis tu fais un scan complet en lancant ta session habituelle tu auras une icone sur ton bureau
  9. valouuu
    voici le rapport Otmoveit, AVG File/Folder C:\WINDOWS\system32\tmp8.tmp.dll not found. File/Folder C:\WINDOWS\hgdcay.dll not found. File/Folder C:\WINDOWS\system32\TNSClient.exe not found. DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\unlase.dll C:\WINDOWS\SYSTEM32\unlase.dll NOT unregistered. File move failed. C:\WINDOWS\SYSTEM32\unlase.dll scheduled to be moved on reboot. File/Folder not found. Created on 08/23/2007 15:38:54 je continue!!! merci a tout a l'heure
  10. valouuu
    bon alors voici une partie des virus qui me sont indiques TR/Dldr.conhook.gen TR/VUNDO.GEN TR/crypt.xpack.gen merci de votre bienveillance et desole champciaux mais je n'irais pas visiter ton site car je pense que mon virus est arrive suite a l'installation d'un jeu sur wanadoo!!
  11. valouuu
    voici mon rapport mais c'est un peu etrange car le mode sans echec ne fonctionne pas ni le m sans echec avec prise en charge ne fonctionne pas non plus depuis tout fonctionne bien !!!!! je te rassure je vais bien aussi je n'ai rien fume et n'ai pas d'hallucination seul bemol un trojan TR/Dldr.conhook.gen qui m'est signale tres regulierement par avira j'en fait quoi?????? Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:13:21, on 22/08/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\ibmpmsvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\Explorer.EXE C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\OpiStat\OpiStat\OpiStat.exe C:\WINDOWS\system32\RunDll32.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\tp4mon.exe C:\WINDOWS\VM_STI.EXE C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\MpcStar\Codecs\QuickTime\QTSystem\qttask.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\OLITEC\Common\RaUI.exe C:\Program Files\Philips\SPC 200NC PC Camera\TrayMin200.exe C:\Program Files\TribalWeb.net\tribalweb.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\User\LOCALS~1\Temp\Rar$EX00.827\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.fr.netscape.com/fr/home/winsearch200.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://localhost:6080;https=http://localhost:6080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.3.19.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\system32\tmp8.tmp.dll (file missing) O4 - HKLM\..\Run: [OpiStat] C:\Program Files\OpiStat\OpiStat\OpiStat.exe O4 - HKLM\..\Run: rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog O4 - HKLM\..\Run: [bMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor O4 - HKLM\..\Run: [bMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor O4 - HKLM\..\Run: [GsiFinal] rundll32 gspndll.dll,postInstall final O4 - HKLM\..\Run: [TrackPointSrv] tp4mon.exe O4 - HKLM\..\Run: [bMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE Philips SPC 200NC PC Camera O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\MpcStar\Codecs\QuickTime\QTSystem\qttask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [{39-95-59-97-ZN}] C:\Documents and Settings\User\Local Settings\Temp\TIP2D002.exe P2D002 O4 - HKLM\..\Run: [systemOptimizer] rundll32.exe "C:\WINDOWS\hgdcay.dll",forkonce O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\MSNMES~1\msnmsgr.exe" /background O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\WINSOS\WINSOS.EXE" MINI O4 - HKCU\..\Run: [sofres Ad Test] C:\WINDOWS\system32\TNSClient.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: TribalWeb.net.lnk = C:\Program Files\TribalWeb.net\tribalweb.exe O4 - Startup: TribalWeb.lnk = C:\Program Files\TribalWeb.net\tribalweb.exe O4 - Startup: TA_Start.lnk = C:\Documents and Settings\User\Local Settings\Temp\TIP2D002.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Moniteur reseau 802.11g OLITEC.lnk = C:\Program Files\OLITEC\Common\RaUI.exe O4 - Global Startup: TrayMin300.exe.lnk = ? O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: InterCasino France - {30C66393-FEF3-4758-BA00-803E3ABC88A2} - C:\Documents and Settings\User\Bureau\InterCasino France.lnk (file missing) (HKCU) O9 - Extra 'Tools' menuitem: InterCasino France - {30C66393-FEF3-4758-BA00-803E3ABC88A2} - C:\Documents and Settings\User\Bureau\InterCasino France.lnk (file missing) (HKCU) O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O14 - IERESET.INF: START_PAGE_URL=www.tele2internet.ch O16 - DPF: Yahoo! MahJong Solitaire - http://download.games.yahoo.com/games/clients/y/mjst4_x.cab O16 - DPF: Yahoo! Poker - http://download2.games.yahoo.com/games/clients/y/pt3_x.cab O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/games/clients/y/pyt1_x.cab O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://s.tf1.fr/mmdia/static/rawflow/clien...1.0/Rawflow.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game11.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxmultijoueurs-beta.jeu.orange.fr...ronGameHost.cab O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://register3.valueactive.com/314/webolr/OCX/FlashAX.cab O20 - Winlogon Notify: unlase - C:\WINDOWS\SYSTEM32\unlase.dll O21 - SSODL: rdihost - {D869272F-76E5-478C-AE03-8EF9126C5499} - rdihost.dll (file missing) O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Boonty Games - Unknown owner - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe (file missing) O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- End of file - 9511 bytes bonne reception et merci encore
  12. valouuu
    Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:27:21, on 22/08/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\ibmpmsvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\cidaemon.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\explorer.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\User\LOCALS~1\Temp\Rar$EX00.120\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.fr.netscape.com/fr/home/winsearch200.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://localhost:6080;https=http://localhost:6080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.3.19.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\system32\tmp8.tmp.dll (file missing) O4 - HKLM\..\Run: [OpiStat] C:\Program Files\OpiStat\OpiStat\OpiStat.exe O4 - HKLM\..\Run: rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog O4 - HKLM\..\Run: [bMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor O4 - HKLM\..\Run: [bMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor O4 - HKLM\..\Run: [GsiFinal] rundll32 gspndll.dll,postInstall final O4 - HKLM\..\Run: [TrackPointSrv] tp4mon.exe O4 - HKLM\..\Run: [bMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE Philips SPC 200NC PC Camera O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\MpcStar\Codecs\QuickTime\QTSystem\qttask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [{39-95-59-97-ZN}] C:\Documents and Settings\User\Local Settings\Temp\TIP2D002.exe P2D002 O4 - HKLM\..\Run: [systemOptimizer] rundll32.exe "C:\WINDOWS\hgdcay.dll",forkonce O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\MSNMES~1\msnmsgr.exe" /background O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\WINSOS\WINSOS.EXE" MINI O4 - HKCU\..\Run: [shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray O4 - HKCU\..\Run: [sofres Ad Test] C:\WINDOWS\system32\TNSClient.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: TribalWeb.net.lnk = C:\Program Files\TribalWeb.net\tribalweb.exe O4 - Startup: TribalWeb.lnk = C:\Program Files\TribalWeb.net\tribalweb.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Moniteur reseau 802.11g OLITEC.lnk = C:\Program Files\OLITEC\Common\RaUI.exe O4 - Global Startup: TrayMin300.exe.lnk = ? O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: InterCasino France - {30C66393-FEF3-4758-BA00-803E3ABC88A2} - C:\Documents and Settings\User\Bureau\InterCasino France.lnk (file missing) (HKCU) O9 - Extra 'Tools' menuitem: InterCasino France - {30C66393-FEF3-4758-BA00-803E3ABC88A2} - C:\Documents and Settings\User\Bureau\InterCasino France.lnk (file missing) (HKCU) O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O14 - IERESET.INF: START_PAGE_URL=www.tele2internet.ch O16 - DPF: Yahoo! MahJong Solitaire - http://download.games.yahoo.com/games/clients/y/mjst4_x.cab O16 - DPF: Yahoo! Poker - http://download2.games.yahoo.com/games/clients/y/pt3_x.cab O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/games/clients/y/pyt1_x.cab O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://s.tf1.fr/mmdia/static/rawflow/clien...1.0/Rawflow.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game11.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxmultijoueurs-beta.jeu.orange.fr...ronGameHost.cab O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://register3.valueactive.com/314/webolr/OCX/FlashAX.cab O20 - Winlogon Notify: unlase - C:\WINDOWS\SYSTEM32\unlase.dll O21 - SSODL: rdihost - {D869272F-76E5-478C-AE03-8EF9126C5499} - rdihost.dll (file missing) O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Boonty Games - Unknown owner - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe (file missing) O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- End of file - 9139 bytes c'est le rapport apres suppression des antivirus
  13. valouuu
    JE TE REMERCIE DE TA PRISE EN CHARGE!!!!!!!!!!!!!!!!!! je vais y aller doucement car je ne connais pas grand chose en pc je te tiens au courant de la suite encore un grand merci
  14. valouuu
    TU N'AS PAS UNE AUTRE SOLUTION PAR HASARD!!!!!!!!!!!!!!!!!!!!!!je sais pas faire la sauvegarde et n'ai pas non plus de graveur alors je suis un peu dans la mouise!!!!! les boites a jeux sont ou que je les desinstalle!!!lol quand aux antivirus apparement ca ne me sert pas a grand chose!!!! bon merci beaucoup quand meme
  15. valouuu
    VOICI MON RAPPORT CA J'AI UN PEU COMPRIS ENSUITE JE NE VOUS CACHE PAS QUE JE SUIS SUPER NOVICE EN PC ALORS JE COMPTE SUR VOTRE PATIENCE MERCI INFINIMENT Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:46:01, on 21/08/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\ibmpmsvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\WINDOWS\system32\taskmgr.exe C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\WINDOWS\system32\cidaemon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\explorer.exe C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\User\LOCALS~1\Temp\Rar$EX02.691\HijackThis.exe C:\WINDOWS\system32\NOTEPAD.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.fr.netscape.com/fr/home/winsearch200.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://localhost:6080;https=http://localhost:6080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.3.19.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\system32\tmp8.tmp.dll O4 - HKLM\..\Run: [OpiStat] C:\Program Files\OpiStat\OpiStat\OpiStat.exe O4 - HKLM\..\Run: rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog O4 - HKLM\..\Run: [bMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor O4 - HKLM\..\Run: [bMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor O4 - HKLM\..\Run: [GsiFinal] rundll32 gspndll.dll,postInstall final O4 - HKLM\..\Run: [TrackPointSrv] tp4mon.exe O4 - HKLM\..\Run: [bMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE Philips SPC 200NC PC Camera O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\MpcStar\Codecs\QuickTime\QTSystem\qttask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [{39-95-59-97-ZN}] C:\Documents and Settings\User\Local Settings\Temp\TIP2D002.exe P2D002 O4 - HKLM\..\Run: [systemOptimizer] rundll32.exe "C:\WINDOWS\hgdcay.dll",forkonce O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\MSNMES~1\msnmsgr.exe" /background O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\WINSOS\WINSOS.EXE" MINI O4 - HKCU\..\Run: [shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray O4 - HKCU\..\Run: [sofres Ad Test] C:\WINDOWS\system32\TNSClient.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: TribalWeb.net.lnk = C:\Program Files\TribalWeb.net\tribalweb.exe O4 - Startup: TribalWeb.lnk = C:\Program Files\TribalWeb.net\tribalweb.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Moniteur reseau 802.11g OLITEC.lnk = C:\Program Files\OLITEC\Common\RaUI.exe O4 - Global Startup: TrayMin300.exe.lnk = ? O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: InterCasino France - {30C66393-FEF3-4758-BA00-803E3ABC88A2} - C:\Documents and Settings\User\Bureau\InterCasino France.lnk (file missing) (HKCU) O9 - Extra 'Tools' menuitem: InterCasino France - {30C66393-FEF3-4758-BA00-803E3ABC88A2} - C:\Documents and Settings\User\Bureau\InterCasino France.lnk (file missing) (HKCU) O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O14 - IERESET.INF: START_PAGE_URL=www.tele2internet.ch O16 - DPF: Yahoo! MahJong Solitaire - http://download.games.yahoo.com/games/clients/y/mjst4_x.cab O16 - DPF: Yahoo! Poker - http://download2.games.yahoo.com/games/clients/y/pt3_x.cab O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/games/clients/y/pyt1_x.cab O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://s.tf1.fr/mmdia/static/rawflow/clien...1.0/Rawflow.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game11.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxmultijoueurs-beta.jeu.orange.fr...ronGameHost.cab O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://register3.valueactive.com/314/webolr/OCX/FlashAX.cab O20 - Winlogon Notify: unlase - C:\WINDOWS\SYSTEM32\unlase.dll O21 - SSODL: rdihost - {D869272F-76E5-478C-AE03-8EF9126C5499} - rdihost.dll (file missing) O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- End of file - 10001 bytes
  16. valouuu
    bon je retrouve mon bureau en refaisant la meme manip chaque demarrage a savoir ctrl alt supp et explorer.exe la mon bureau s'affiche et ca rame je tente d'ouvrir une feete et j'en ai 20 qui s'ouvrent avec erreur htt404 MERCI DE VOTRE AIDE JE COMPTE SUR VOUS
  17. valouuu

    plus de bureau presque resolu

    valouuu a répondu à un(e) sujet de valouuu dans Software

    bouhhhhhhhhhhhhhhhh j'ai ete trop vite a dire merci!!!lol des que j'eteins l'ordi et que je le rallume ca recommence que faire?
  18. valouuu

    HELP

    valouuu a répondu à un(e) sujet de valouuu dans Analyses et éradication malwares

    bouhhhhhhhhhhhhhhhh j'ai ete trop vite a dire merci!!!lol des que j'eteins l'ordi et que je le rallume ca recommence que faire?
  19. valouuu

    HELP

    valouuu a répondu à un(e) sujet de valouuu dans Analyses et éradication malwares

    merci merci merci beaucoup!!!!!!!!!!!! par contre ca rame !!!!!!!!!!!!!!! ne pourriez vous pas m'aider a faire un rapport hijac...........................merci d'avance
  20. valouuu

    plus de bureau presque resolu

    valouuu a répondu à un(e) sujet de valouuu dans Software

    CITATION(Speed1Kiss @ mardi 21 août 2007 à 17h19) bonjour, salut, avé, bonsoir, hello, hi, l'explorer n'a pas démarré ? tapotte une fois mais ensemble les touches magiques " ctrl + alt + suppr " puis si dans la liste il y a EXPLORER.EXE alors faire un clic dessus et fin de tache , après/et si il n'y est pas faut faire exécuter "explorer.exe" sinon si c'est juste les icons qui ont disparu il faut faire un clic droit (souris) sur le bureau (papier peint) et dans le menu qui s'affiche choisir AFFICHAGE et la clic gauche sur AFFICHER LES ICONS DU BUREAU @+ merci beaucoup ta premiere option etait la bonne en esperant que cela tienne!!!! encore merci
  21. valouuu

    HELP

    valouuu a répondu à un(e) sujet de valouuu dans Analyses et éradication malwares

    par contre je ne sais pas comment le marquer comme resolu!
  22. valouuu

    HELP

    valouuu a répondu à un(e) sujet de valouuu dans Analyses et éradication malwares

    merci beaucoup ta premiere option etait la bonne en esperant que cela tienne!!!! encore merci
  23. valouuu

    plus de bureau presque resolu

    valouuu a répondu à un(e) sujet de valouuu dans Software

    j'ai essaye aussi mais sans succes ca je suis pas sure d'etre capable!!!!!!!!!!!!!!!!!!!!
  24. valouuu

    plus de bureau presque resolu

    valouuu a répondu à un(e) sujet de valouuu dans Software

    bon j'ai fait tout ce que tu m'a dit et sur shell il y avait deja explorer .exe donc ca ne change rien mais je te remercie quand meme d'avoir essaye
  25. valouuu

    plus de bureau presque resolu

    valouuu a répondu à un(e) sujet de valouuu dans Software

    j'ai essaye ta deuxieme solution sans resultat quand a la premiere je n'arrive pas a trouver comment creer un point de restauration sans passer par le bureau merci de toutes vos reponses que j'essaie
×
×
  • Créer...