[Résolu] Virus sur mon PC

[valouuu]

POUR VUNDO PAS DE RAPPORT RIEN DE TROUVE

MSN_Fix 1.469

 

C:\Documents and Settings\User\Bureau\MSNFix\MSNFix

Fix exécuté le 24/08/2007 - 12:28:44,21 By User

mode normal

 

************************ Recherche les fichiers présents

 

Aucun Fichier trouvé

 

************************ Recherche les dossiers présents

 

Aucun dossier trouvé

 

 

************************ Fichiers suspects

 

/!\ ces fichiers nécessitent un avis expérimenté avant toute intervention

 

[C:\WINDOWS\pbkinstall.dll.zip] A1BE5845E39062D8BBF6360E7D970E04

 

 

 

------------------------------------------------------------------------

Auteur : !aur3n7 Contact: http://changelog.fr

------------------------------------------------------------------------

 

--------------------------------------------- END ---------------------------------------------

AntiVir PersonalEdition Classic

Report file date: vendredi 24 août 2007 14:36

 

Scanning for 1033561 virus strains and unwanted programs.

 

Licensed to: Avira AntiVir PersonalEdition Classic

Serial number: 0000149996-ADJIE-0001

Platform: Windows XP

Windows version: (Service Pack 2) [5.1.2600]

Username: User

Computer name: USER-PWJAIWOHNU

 

Version information:

BUILD.DAT : 247 14437 Bytes 10/05/2007 11:55:00

AVSCAN.EXE : 7.0.4.15 282664 Bytes 20/04/2007 11:37:16

AVSCAN.DLL : 7.0.4.4 33832 Bytes 27/03/2007 11:31:56

LUKE.DLL : 7.0.4.11 143400 Bytes 27/03/2007 11:26:06

LUKERES.DLL : 7.0.4.0 10280 Bytes 19/03/2007 11:19:00

ANTIVIR0.VDF : 6.35.0.1 7371264 Bytes 31/05/2006 13:08:58

ANTIVIR1.VDF : 6.39.0.129 7251968 Bytes 10/07/2007 11:52:00

ANTIVIR2.VDF : 6.39.1.15 1451008 Bytes 17/08/2007 11:52:00

ANTIVIR3.VDF : 6.39.1.41 91136 Bytes 24/08/2007 11:52:00

AVEWIN32.DLL : 7.4.1.63 2724352 Bytes 24/08/2007 11:52:00

AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:28

AVPREF.DLL : 7.0.2.1 24616 Bytes 27/03/2007 11:31:52

AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24

AVPACK32.DLL : 7.3.0.15 360488 Bytes 24/08/2007 11:52:02

AVREG.DLL : 7.0.1.2 31784 Bytes 15/03/2007 08:05:10

AVEVTLOG.DLL : 7.0.0.18 86056 Bytes 27/03/2007 11:16:06

AVARKT.DLL : 1.0.0.17 278568 Bytes 02/05/2007 10:32:28

NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:44

RCIMAGE.DLL : 7.0.1.15 2228264 Bytes 13/03/2007 09:46:20

RCTEXT.DLL : 7.0.45.0 86056 Bytes 19/03/2007 11:42:44

 

Configuration settings for the scan:

Jobname..........................: Local Drives

Configuration file...............: C:\Program Files\AntiVir PersonalEdition Classic\alldrives.avp

Logging..........................: low

Primary action...................: interactive

Secondary action.................: ignore

Scan master boot sector..........: off

Scan boot sector.................: on

Boot sectors.....................: A:,

Scan memory......................: on

Process scan.....................: on

Scan registry....................: on

Search for rootkits..............: off

Scan all files...................: Intelligent file selection

Scan archives....................: on

Recursion depth..................: 20

Smart extensions.................: on

Macro heuristic..................: on

File heuristic...................: medium

 

Start of the scan: vendredi 24 août 2007 14:36

 

The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'avgnt.exe' - '1' Module(s) have been scanned

Scan process 'avguard.exe' - '1' Module(s) have been scanned

Scan process 'sched.exe' - '1' Module(s) have been scanned

Scan process 'BitComet.exe' - '1' Module(s) have been scanned

Scan process 'iexplore.exe' - '1' Module(s) have been scanned

Scan process 'cidaemon.exe' - '1' Module(s) have been scanned

Scan process 'ctfmon.exe' - '1' Module(s) have been scanned

Scan process 'tribalweb.exe' - '1' Module(s) have been scanned

Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned

Scan process 'explorer.exe' - '1' Module(s) have been scanned

Scan process 'alg.exe' - '1' Module(s) have been scanned

Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned

Scan process 'cisvc.exe' - '1' Module(s) have been scanned

Scan process 'CDAC11BA.EXE' - '1' Module(s) have been scanned

Scan process 'GUARD.EXE' - '0' Module(s) have been scanned

Scan process 'SPOOLSV.EXE' - '1' Module(s) have been scanned

Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned

Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned

Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned

Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned

Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned

Scan process 'IBMPMSVC.EXE' - '1' Module(s) have been scanned

Scan process 'LSASS.EXE' - '1' Module(s) have been scanned

Scan process 'SERVICES.EXE' - '1' Module(s) have been scanned

Scan process 'WINLOGON.EXE' - '1' Module(s) have been scanned

Scan process 'CSRSS.EXE' - '1' Module(s) have been scanned

Scan process 'SMSS.EXE' - '1' Module(s) have been scanned

29 processes with 29 modules were scanned

 

Start scanning boot sectors:

Boot sector 'C:\'

[NOTE] No virus was found!

Boot sector 'A:\'

[NOTE] In the drive 'A:\' no data medium is inserted!

 

Starting to scan the registry.

The registry was scanned ( '29' files ).

 

 

Starting the file scan:

 

Begin scan in 'C:\'

C:\pagefile.sys

[WARNING] The file could not be opened!

C:\hiberfil.sys

[WARNING] The file could not be opened!

C:\WINDOWS\fcbbyv.dll

[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen

[iNFO] The file was moved to '4730d155.qua'!

C:\WINDOWS\system32\unlase.dll

[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen

[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003

[WARNING] The file could not be deleted!

C:\WINDOWS\system32\drivers\sptd.sys

[WARNING] The file could not be opened!

C:\Documents and Settings\User\Local Settings\Temp\Setup(0).exe

[DETECTION] Is the Trojan horse TR/Vundo.Gen

[iNFO] The file was moved to '4742d623.qua'!

C:\Documents and Settings\User\Local Settings\Temp\setup_rightonadz.exe

[DETECTION] Contains signature of the dropper DR/Agent.141853.B

[iNFO] The file was moved to '4742d624.qua'!

C:\Documents and Settings\User\Application Data\tmp9.tmp.exe

[DETECTION] Is the Trojan horse TR/Vundo.Gen

[iNFO] The file was moved to '473ed6ca.qua'!

C:\Documents and Settings\User\Application Data\tmpB.tmp.exe

[DETECTION] Is the Trojan horse TR/Vundo.Gen

[iNFO] The file was moved to '473ed6cb.qua'!

C:\Documents and Settings\User\Application Data\tmp5.tmp.exe

[DETECTION] Is the Trojan horse TR/Vundo.Gen

[iNFO] The file was moved to '46b94e30.qua'!

C:\Documents and Settings\User\Application Data\tmp6.tmp.exe

[DETECTION] Is the Trojan horse TR/Vundo.Gen

[iNFO] The file was moved to '473ed6cc.qua'!

C:\Documents and Settings\User\Application Data\tmp8.tmp.exe

[DETECTION] Is the Trojan horse TR/Vundo.Gen

[iNFO] The file was moved to '46b94e31.qua'!

C:\System Volume Information\_restore{0A32F3C0-5819-4E1D-AD65-5EDB45AF4539}\RP80\A0030812.dll

[DETECTION] Contains signature of the dropper DR/Agent.141853.A

[iNFO] The file was moved to '46feda74.qua'!

C:\System Volume Information\_restore{0A32F3C0-5819-4E1D-AD65-5EDB45AF4539}\RP82\A0030963.dll

[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen

[iNFO] The file was moved to '46feda91.qua'!

C:\System Volume Information\_restore{0A32F3C0-5819-4E1D-AD65-5EDB45AF4539}\RP82\A0030965.exe

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

[iNFO] The file was moved to '46feda92.qua'!

C:\System Volume Information\_restore{0A32F3C0-5819-4E1D-AD65-5EDB45AF4539}\RP82\A0030969.dll

[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen

[iNFO] The file was moved to '4779426f.qua'!

C:\System Volume Information\_restore{0A32F3C0-5819-4E1D-AD65-5EDB45AF4539}\RP84\A0031211.dll

[DETECTION] Contains signature of the dropper DR/Agent.141853.A

[iNFO] The file was moved to '46feda9f.qua'!

C:\System Volume Information\_restore{0A32F3C0-5819-4E1D-AD65-5EDB45AF4539}\RP85\A0033613.exe

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

[iNFO] The file was moved to '46fedaaf.qua'!

C:\System Volume Information\_restore{0A32F3C0-5819-4E1D-AD65-5EDB45AF4539}\RP88\A0033744.dll

[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen

[iNFO] The file was moved to '46fedab8.qua'!

C:\System Volume Information\_restore{0A32F3C0-5819-4E1D-AD65-5EDB45AF4539}\RP88\A0033746.exe

[DETECTION] Is the Trojan horse TR/Vundo.Gen

[iNFO] The file was moved to '46fedab9.qua'!

C:\System Volume Information\_restore{0A32F3C0-5819-4E1D-AD65-5EDB45AF4539}\RP88\A0033747.exe

[DETECTION] Is the Trojan horse TR/Vundo.Gen

[iNFO] The file was moved to '47794246.qua'!

C:\System Volume Information\_restore{0A32F3C0-5819-4E1D-AD65-5EDB45AF4539}\RP88\A0033749.exe

[DETECTION] Is the Trojan horse TR/Vundo.Gen

[iNFO] The file was moved to '46fedaba.qua'!

Begin scan in 'A:\'

Search path A:\ could not be opened!

Le périphérique n'est pas prêt.

 

 

 

End of the scan: vendredi 24 août 2007 15:19

Used time: 44:10 min

 

The scan has been done completely.

 

4752 Scanning directories

162839 Files were scanned

19 viruses and/or unwanted programs were found

0 classified as suspicious:

0 files were deleted

0 files were repaired

18 files were moved to quarantine

0 files were renamed

3 Files cannot be scanned

162820 Files not concerned

792 Archives were scanned

4 Warnings

1 Notes

0 Hidden objects were found

[eclypse]

salut,

 

lance vundofix et dis moi sil ya quelque chose decrit dans la fenetre au milieu une fois le fix fini ?

 

Amicalement

 

Eclypse

[valouuu]

salut,

 

lance vundofix et dis moi sil ya quelque chose decrit dans la fenetre au milieu une fois le fix fini ?

 

Amicalement

 

Eclypse

non il n'y a rien d'ecrit

[valouuu]

non il n'y a rien d'ecrit

pare vais m'absenter jusqu'a lundi ou mardi donc je me reconnecte et te tiens au courant des que je rentre

merci

[valouuu]

par contre je vais m'absenter jusqu'a lundi ou mardi donc je me reconnecte et te tiens au courant des que je rentre

merci

rapport vundo

no infected files were found!!!!

amicalement a plus

[valouuu]

rapport vundo

no infected files were found!!!!

amicalement a plus

de retour mais ca ne va pas mieux pleins de fenetre intempestives et toujours mes satanes virus que dois je faire je te post un nouveau rapport hijac au cas ou

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:33:24, on 27/08/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\ibmpmsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\drivers\CDAC11BA.EXE

C:\WINDOWS\system32\cisvc.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\OpiStat\OpiStat\OpiStat.exe

C:\WINDOWS\system32\RunDll32.exe

C:\WINDOWS\system32\tp4mon.exe

C:\WINDOWS\VM_STI.EXE

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

C:\Program Files\MpcStar\Codecs\QuickTime\QTSystem\qttask.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\OLITEC\Common\RaUI.exe

C:\Program Files\Philips\SPC 200NC PC Camera\TrayMin200.exe

C:\WINDOWS\system32\cidaemon.exe

C:\Program Files\TribalWeb.net\TribalWeb.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\WinRAR\WinRAR.exe

C:\DOCUME~1\User\LOCALS~1\Temp\Rar$EX01.139\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.fr.netscape.com/fr/home/winsearch200.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://localhost:6080;https=http://localhost:6080

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.3.19.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O4 - HKLM\..\Run: [OpiStat] C:\Program Files\OpiStat\OpiStat\OpiStat.exe

O4 - HKLM\..\Run: rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog

O4 - HKLM\..\Run: [bMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor

O4 - HKLM\..\Run: [bMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor

O4 - HKLM\..\Run: [TrackPointSrv] tp4mon.exe

O4 - HKLM\..\Run: [bMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE

O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE Philips SPC 200NC PC Camera

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\MpcStar\Codecs\QuickTime\QTSystem\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [{39-95-59-97-ZN}] C:\Documents and Settings\User\Local Settings\Temp\TIP2D002.exe P2D002

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\MSNMES~1\msnmsgr.exe" /background

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\WINSOS\WINSOS.EXE" MINI

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Startup: TribalWeb.net.lnk = C:\Program Files\TribalWeb.net\tribalweb.exe

O4 - Startup: TA_Start.lnk = C:\Documents and Settings\User\Local Settings\Temp\TIP2D002.exe

O4 - Startup: TribalWeb.lnk = C:\Program Files\TribalWeb.net\tribalweb.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: Moniteur reseau 802.11g OLITEC.lnk = C:\Program Files\OLITEC\Common\RaUI.exe

O4 - Global Startup: TrayMin300.exe.lnk = ?

O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O14 - IERESET.INF: START_PAGE_URL=www.tele2internet.ch

O16 - DPF: Yahoo! MahJong Solitaire - http://download.games.yahoo.com/games/clients/y/mjst4_x.cab

O16 - DPF: Yahoo! Poker - http://download2.games.yahoo.com/games/clients/y/pt3_x.cab

O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/games/clients/y/pyt1_x.cab

O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://s.tf1.fr/mmdia/static/rawflow/clien...1.0/Rawflow.cab

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game11.zylom.com/activex/zylomgamesplayer.cab

O20 - Winlogon Notify: unlase - C:\WINDOWS\SYSTEM32\unlase.dll

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Boonty Games - Unknown owner - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe (file missing)

O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE

O23 - Service: DomainService - Unknown owner - C:\Documents and Settings\User\Application Data\tmp17F.tmp.exe (file missing)

O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe

O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

 

--

End of file - 8643 bytes

 

 

je compte sur toi j'en ai ras les bottes de ce probleme qui me gene beaucoup

merci

[eclypse]

Salut,

 

1°) Télécharge VundoFix

2°) Lance le sur ton bureau

3°) Poste le rapport

4°) Télécharge Atf-Cleaner

5°) Suis ce tuto et coche comme c indiqué

6°) Fais Ceci

7°) Choisis Full scan

 

8°) Poste moi les 2 rapports

 

Amicalement

 

Eclypse

Modifié le 28 août 2007 par eclypse

[eclypse]

Re

 

Demarre en mode sans echec F8 au démarrage puis supprime le contenu du repertoire suivant

C:\Documents and Settings\User\Local Settings\Temp\

 

Supprime le fichier en gras

 

C:\WINDOWS\SYSTEM32\unlase.dll

 

 

 

Redemarre normalement puis fais

 

Démarrer > Exécuter et taper Services.msc puis OK

 

Essaye de voir si tu trouves :

Service: Boonty Games

Service: DomainService

 

Si oui suis la procedure suivante

• Tu cliques droit dessus
  
• Tu fais arreter
  
• Cliques sur"Propriétés"
  
• Dans la liste déroulante de "type de démarrage"
  
• Cliques sur "désactiver".
  
• Fermes la fenêtre des services.
  

Reouvre hijackthis et coche

O4 - HKLM\..\Run: [{39-95-59-97-ZN}] C:\Documents and Settings\User\Local Settings\Temp\TIP2D002.exe P2D002

O20 - Winlogon Notify: unlase - C:\WINDOWS\SYSTEM32\unlase.dll

O23 - Service: Boonty Games - Unknown owner - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe (file missing)

O23 - Service: DomainService - Unknown owner - C:\Documents and Settings\User\Application Data\tmp17F.tmp.exe (file missing)

 

Ferme tout tes logiciels ouvert puis clique sur FIX checked

 

Reposte un log hijackthis une fois tout cela fait

 

Amicalement

 

Eclypse

[valouuu]

Salut,

 

1°) Télécharge VundoFix

2°) Lance le sur ton bureau

3°) Poste le rapport

4°) Télécharge Atf-Cleaner

5°) Suis ce tuto et coche comme c indiqué

6°) Fais Ceci

7°) Choisis Full scan

 

8°) Poste moi les 2 rapports

 

Amicalement

 

Eclypse

rapport vundo

done searching for files

no infected files were found!!!!

 

ensuite je lance le nano scan mais impossible d'aller jusqu'au bout antivir me montre une fenetre avec tous mes virus et la le scan s'arrete et me marque erreur 20 j'ai recommence une dizaine de fois mais rien n'y fait!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

[valouuu]

rapport vundo

done searching for files

no infected files were found!!!!

 

ensuite je lance le nano scan mais impossible d'aller jusqu'au bout antivir me montre une fenetre avec tous mes virus et la le scan s'arrete et me marque erreur 20 j'ai recommence une dizaine de fois mais rien n'y fait!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

 

 

 

This action will cancel the download

Are you sure you want to cancel the download?

 

 

To load TotalScan, you have to agree to the installation of an ActiveX control.

 

Click on the yellow bar and select the option Install ActiveX control

If a security warning appears, click on Install to load TotalScan

 

If a security warning appears, click on Install to load TotalScan

 

Español | English Sign in | Sign up | My account | Sign out Home| What is TotalScan?| We love feedback!| FAQ

Loading TotalScan: Loading Error

Sorry, loading is incomplete due to an error. Please try again. Error -20.

 

« Return to the start of TotalScan

 

Loading (100%)

 

 

 

Use of TotalScan is subject to acceptance of the Terms and conditions of use

This is a Panda project