Aller au contenu

cedre

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    3

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par cedre

  1. cedre
    Et voici les 2 log SDFix : SDFix: Version 1.86 Run by Karen - 05/06/2003 - 21:05:09,06 Microsoft Windows XP [version 5.1.2600] Running From: I:\SDFix Safe Mode: Checking Services: Name: NDnet1 runtime xpdx NDnet1 runtime xpdx ImagePath: NDnet1 - Deleted xpdx - Deleted Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting... Service runtime2 - Deleted after Reboot Normal Mode: Checking Files: Below files will be copied to Backups folder then removed: I:\WINDOWS\system32\5_exception.nls - Deleted I:\WINDOWS\system32\cmd.com - Deleted I:\WINDOWS\system32\ksys.sys - Deleted I:\WINDOWS\system32\netstat.com - Deleted I:\WINDOWS\system32\ping.com - Deleted I:\WINDOWS\system32\RunOnce2.t__ - Deleted I:\WINDOWS\system32\taskkill.com - Deleted I:\WINDOWS\system32\tasklist.com - Deleted I:\WINDOWS\system32\tracert.com - Deleted I:\WINDOWS\Temp\startdrv.exe - Deleted I:\WINDOWS\wr.txt - Deleted I:\WINDOWS\system32\drivers\runtime2.sys - Deleted I:\WINDOWS\system32\xpdx.sys - Deleted I:\WINDOWS\Temp\win*.tmp - Deleted I:\DOCUME~1\Karen\LOCALS~1\Temp\win*.tmp - Deleted Removing Temp Files... ADS Check: Checking if ADS is attached to system32 Folder I:\WINDOWS\system32 No streams found. Checking if ADS is attached to svchost.exe I:\WINDOWS\system32\svchost.exe No streams found. Checking if ADS is attached to ntoskrnl.exe I:\WINDOWS\system32\ntoskrnl.exe No streams found. Final Check: Remaining Services: ------------------ Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "I:\\WINDOWS\\Explorer.EXE"="I:\\WINDOWS\\Explorer.EXE:*:Enabled:Explorer" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] Remaining Files: --------------- Backups Folder: - I:\SDFix\backups\backups.zip Listing Files with Hidden Attributes: I:\Documents and Settings\Karen\Bureau\Recup MAXDATA\Recuperer en r‚seau\PSP\[PSP].Asterix.&.Obelix.XXL.2.[EUR-FIX]-[FULL].-.[www.ESPALPSP.com]\PSP\PHOTO\Mis Fondos\Thumbs.db I:\Program Files\Fichiers communs\Yazzle1396OinUninstaller.exe I:\Documents and Settings\Karen\Local Settings\Temp\EMULE585\Agnitum Outpost Pro v2.7.484.412 final serial keygen.zip Listing User Accounts: comptes d'utilisateurs de \\PRINCIPAL Administrateur ASPNET HelpAssistant Invit‚ Karen SUPPORT_388945a0 La commande s'est termin‚e correctement. Finished CATCHME : catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2003-06-05 21:12:14 Windows 5.1.2600 Service Pack 1 NTFS scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... scanning hidden files ... I:\WINDOWS\system32\Hnj47.sys I:\WINDOWS\system32\msvcrt64.dll scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 2 Et encore merci en attendant la suite.
  2. cedre
    Bonsoir, Voici les 2 log de vundofix et hijackthis: VUNDOFIX VundoFix V6.4.2 Checking Java version... Java version is 1.4.2.5 Old versions of java are exploitable and should be removed. Scan started at 20:11:33 05/06/2003 Listing files found while scanning.... VundoFix V6.4.2 Checking Java version... Java version is 1.4.2.5 Old versions of java are exploitable and should be removed. Scan started at 20:23:19 05/06/2003 Listing files found while scanning.... I:\WINDOWS\system32\bvputayp.dll I:\WINDOWS\system32\dcbeg.ini I:\WINDOWS\system32\gebcd.dll I:\WINDOWS\system32\ihkjkbah.dll I:\WINDOWS\system32\pkpkbhnr.dll I:\WINDOWS\system32\pyatupvb.ini I:\WINDOWS\system32\rnhbkpkp.ini I:\WINDOWS\system32\urqqoli.dll I:\WINDOWS\System32\vtutu.dll I:\WINDOWS\system32\yayvvts.dll I:\WINDOWS\System32\yayyvts.dll Beginning removal... Attempting to delete I:\WINDOWS\system32\bvputayp.dll I:\WINDOWS\system32\bvputayp.dll Has been deleted! Attempting to delete I:\WINDOWS\system32\dcbeg.ini I:\WINDOWS\system32\dcbeg.ini Has been deleted! Attempting to delete I:\WINDOWS\system32\gebcd.dll I:\WINDOWS\system32\gebcd.dll Has been deleted! Attempting to delete I:\WINDOWS\system32\ihkjkbah.dll I:\WINDOWS\system32\ihkjkbah.dll Could not be deleted. Attempting to delete I:\WINDOWS\system32\pkpkbhnr.dll I:\WINDOWS\system32\pkpkbhnr.dll Has been deleted! Attempting to delete I:\WINDOWS\system32\pyatupvb.ini I:\WINDOWS\system32\pyatupvb.ini Has been deleted! Attempting to delete I:\WINDOWS\system32\rnhbkpkp.ini I:\WINDOWS\system32\rnhbkpkp.ini Has been deleted! Attempting to delete I:\WINDOWS\system32\urqqoli.dll I:\WINDOWS\system32\urqqoli.dll Has been deleted! Attempting to delete I:\WINDOWS\system32\yayvvts.dll I:\WINDOWS\system32\yayvvts.dll Has been deleted! Performing Repairs to the registry. Done! HIJACKTHIS Logfile of HijackThis v1.99.1 Scan saved at 20:43:47, on 05/06/2003 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: I:\WINDOWS\System32\smss.exe I:\WINDOWS\system32\winlogon.exe I:\WINDOWS\system32\services.exe I:\WINDOWS\system32\lsass.exe I:\WINDOWS\system32\svchost.exe I:\WINDOWS\System32\svchost.exe I:\WINDOWS\system32\spoolsv.exe I:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe I:\WINDOWS\Explorer.EXE I:\WINDOWS\System32\wuauclt.exe I:\Program Files\Pando Networks\Pando\pando.exe I:\Documents and Settings\Karen\Bureau\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - I:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - I:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - I:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {79F65CEF-2F29-4AF5-A04E-7F070F58788B} - I:\WINDOWS\System32\vtutu.dll (file missing) O2 - BHO: Internet Security Class - {A75E294E-C047-4D29-B07E-37B792881BEF} - I:\WINDOWS\SecureWin31.dll (file missing) O2 - BHO: (no name) - {B6293E48-DFA9-EB2F-DF0A-8FADAB9020B3} - I:\WINDOWS\System32\pzlvpa.dll (file missing) O2 - BHO: (no name) - {C379481C-8CF6-EE48-DD0A-8FADAB9023EE} - I:\WINDOWS\System32\xvbzb.dll (file missing) O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - I:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll O2 - BHO: (no name) - {C8294F4B-DFA0-EB1F-DF0A-8FADAB9020B3} - I:\WINDOWS\System32\pzlvpa.dll (file missing) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - I:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - I:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\RunServices: [winlog] winlog.exe O4 - Startup: Adobe Gamma.lnk = I:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://I:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\WINDOWS\System32\msjava.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://gamenextfr.oberon-media.com/online/...mjolauncher.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game01.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {E1342154-4889-42B5-BEF6-19237577048F} (OberongamesLoader Object) - http://www.gamenext.fr/online/online2/zuma...gamesloader.cab O20 - Winlogon Notify: vtutu - I:\WINDOWS\System32\vtutu.dll (file missing) O20 - Winlogon Notify: wintfj32 - I:\WINDOWS\SYSTEM32\wintfj32.dll O20 - Winlogon Notify: yayyvts - yayyvts.dll (file missing) O23 - Service: Adobe LM Service - Adobe Systems - I:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - I:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe Je continue tout de suite avec SDFix et encore Merci pour ton aide
  3. cedre
    Bonjours a tous, voici plusieur jour que mon pc redemarre toute les 1 minutes. J'ai obtenus une amelioration de ce delais depuis que j'ai mis ma freebox en USB et non Plus en ethernet. Je me permet de vous communiquer le log hijackthis car je ne sais pas trop l'interpreter. Logfile of HijackThis v1.99.1 Scan saved at 19:23:44, on 05/06/2003 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: I:\WINDOWS\System32\smss.exe I:\WINDOWS\system32\winlogon.exe I:\WINDOWS\system32\services.exe I:\WINDOWS\system32\lsass.exe I:\WINDOWS\system32\svchost.exe I:\WINDOWS\System32\svchost.exe I:\WINDOWS\system32\spoolsv.exe I:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe I:\WINDOWS\Explorer.EXE I:\Program Files\Mozilla Firefox\firefox.exe I:\Program Files\Pando Networks\Pando\pando.exe I:\Documents and Settings\Karen\Bureau\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - I:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - I:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll O2 - BHO: (no name) - {4B646AFB-9341-4330-8FD1-C32485AEE619} - I:\WINDOWS\System32\ihkjkbah.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - I:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {79F65CEF-2F29-4AF5-A04E-7F070F58788B} - I:\WINDOWS\System32\vtutu.dll (file missing) O2 - BHO: Internet Security Class - {A75E294E-C047-4D29-B07E-37B792881BEF} - I:\WINDOWS\SecureWin31.dll (file missing) O2 - BHO: (no name) - {B6293E48-DFA9-EB2F-DF0A-8FADAB9020B3} - I:\WINDOWS\System32\pzlvpa.dll (file missing) O2 - BHO: (no name) - {B71FA585-B351-4E48-8DA8-22F6F705EC73} - I:\WINDOWS\System32\yayyvts.dll (file missing) O2 - BHO: (no name) - {C379481C-8CF6-EE48-DD0A-8FADAB9023EE} - I:\WINDOWS\System32\xvbzb.dll (file missing) O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - I:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll O2 - BHO: (no name) - {C8294F4B-DFA0-EB1F-DF0A-8FADAB9020B3} - I:\WINDOWS\System32\pzlvpa.dll (file missing) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - I:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - I:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\RunServices: [winlog] winlog.exe O4 - Startup: Adobe Gamma.lnk = I:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://I:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\WINDOWS\System32\msjava.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://gamenextfr.oberon-media.com/online/...mjolauncher.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game01.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {E1342154-4889-42B5-BEF6-19237577048F} (OberongamesLoader Object) - http://www.gamenext.fr/online/online2/zuma...gamesloader.cab O20 - Winlogon Notify: vtutu - I:\WINDOWS\System32\vtutu.dll (file missing) O20 - Winlogon Notify: wintfj32 - I:\WINDOWS\SYSTEM32\wintfj32.dll O20 - Winlogon Notify: yayyvts - yayyvts.dll (file missing) O23 - Service: Adobe LM Service - Adobe Systems - I:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - I:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe En esperant que cela ne vous derange pas. Je vous remercie beaucoup pour votre aide.
×
×
  • Créer...