

BoBo
Membres-
Compteur de contenus
13 -
Inscription
-
Dernière visite
Type de contenu
Profils
Forums
Blogs
Tout ce qui a été posté par BoBo
-
Infectation per CATSRV.DLL
BoBo a répondu à un(e) sujet de BoBo dans Analyses et éradication malwares
Raport de mon ordie ... <html> <head> <title>KASPERSKY ONLINE SCANNER REPORT</title> <meta http-equiv='Content-Type' content='text/html; charset=utf-8'> </head> <style> .pagetitle { font-size:20px; color:#FFFFFF; font-family: Arial, Geneva, sans-serif; } .text { font-size:11px; font-family: Arial, Geneva, sans-serif; } TD { font-size:11px; font-family: Arial, Geneva, sans-serif; } </style> <body> <table width='100%' height='110' border='0'> <tr height='30' align='center' bgcolor='#005447'> <td colspan='2' height='30' class='pagetitle'> <b>KASPERSKY ONLINE SCANNER REPORT</b> </td> </tr> <tr height='70'> <td colspan='2' height='70'> Tuesday, July 18, 2006 4:36:08 PM<br> Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)<br> Kaspersky Online Scanner version: 5.0.83.0<br> Kaspersky Anti-Virus database last update: 18/07/2006<br> Kaspersky Anti-Virus database records: 195779<br> </td> </tr> <tr height='10'> <td colspan='2' height='10'> </td> </tr> </table> <table width='100%' height='145' border='0'> <tr height='20' bgcolor='#EFEBDE'> <td colspan='2' height='20'><b>Scan Settings</b></td> </tr> <tr height='15'> <td height='15' width='250'>Scan using the following antivirus database</td> <td>standard</td> </tr> <tr height='15'> <td height='15'>Scan Archives</td> <td>true</td> </tr> <tr height='15'> <td height='15'>Scan Mail Bases</td> <td>true</td> </tr> <tr height='10'> <td colspan='2' height='10'> </td> </tr> <tr height='20' bgcolor='#EFEBDE'> <td height='20'><b>Scan Target</b></td> <td>My Computer</td> </tr> <tr height='20'> <td colspan='2' height='20'> A:\<br> C:\<br> D:\<br> E:\<br> F:\<br> G:\ </td> </tr> <tr height='10'> <td colspan='2' height='10'> </td> </tr> <tr height='20' bgcolor='#EFEBDE'> <td colspan='2' height='20'><b>Scan Statistics</b></td> </tr> <tr height='15'> <td height='15'>Total number of scanned objects</td> <td>51025</td> </tr> <tr height='15'> <td height='15'>Number of viruses found</td> <td>3</td> </tr> <tr height='15'> <td height='15'>Number of infected objects</td> <td>5 / 0</td> </tr> <tr height='15'> <td height='15'>Number of suspicious objects</td> <td>0</td> </tr> <tr height='15'> <td height='15'>Duration of the scan process</td> <td>01:08:18</td> </tr> </table> <br> <table width='100%' border='0'> <tr height='20' bgcolor='#EFEBDE'> <td height='20'><b>Infected Object Name</b></td> <td width='200'><b>Virus Name</b></td> <td width='100'><b>Last Action</b></td> </tr> <tr height='20'> <td height='20'>C:\Documents and Settings\Airick Babineau\Cookies\index.dat </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\Documents and Settings\Airick Babineau\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\Documents and Settings\Airick Babineau\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\Documents and Settings\Airick Babineau\Local Settings\Historique\History.IE5\index.dat </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\Documents and Settings\Airick Babineau\Local Settings\Historique\History.IE5\MSHist012006071820060719\index.dat </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\Documents and Settings\Airick Babineau\Local Settings\Temporary Internet Files\Content.IE5\FFALLGLD\install[1].js </td> <td>Infected: Trojan-Downloader.JS.Agent.al </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\Documents and Settings\Airick Babineau\Local Settings\Temporary Internet Files\Content.IE5\index.dat </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\Documents and Settings\Airick Babineau\Local Settings\Temporary Internet Files\Content.IE5\TIJ8C44X\antivir-personal-edition-7_antivir_personal_edition_classic_7_6.35.00.47_anglais_10821[1].exe </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\Documents and Settings\Airick Babineau\NTUSER.DAT </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\Documents and Settings\Airick Babineau\NTUSER.DAT.LOG </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\Documents and Settings\LocalService\Cookies\index.dat </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\Documents and Settings\LocalService\NTUSER.DAT </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\Documents and Settings\LocalService\ntuser.dat.LOG </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\Documents and Settings\NetworkService\NTUSER.DAT </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\Documents and Settings\NetworkService\ntuser.dat.LOG </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\Program Files\Norton SystemWorks\Norton AntiVirus\AVApp.log </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\Program Files\Norton SystemWorks\Norton AntiVirus\AVError.log </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\Program Files\Norton SystemWorks\Norton AntiVirus\AVVirus.log </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\RECYCLER\NPROTECT\NPROTECT.LOG </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\System Volume Information\MountPointManagerRemoteDatabase </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\System Volume Information\_restore{824B791D-D3FB-4376-805C-06F8FC4C413B}\RP9\change.log </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\WINDOWS\Debug\PASSWD.LOG </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\WINDOWS\SchedLgU.Txt </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\WINDOWS\SoftwareDistribution\EventCache\{CE36FDFA-32EA-4797-878A-98B80BCC1A64}.bin </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\WINDOWS\SoftwareDistribution\ReportingEvents.log </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\WINDOWS\Sti_Trace.log </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\WINDOWS\system32\CatRoot2\edb.log </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\WINDOWS\system32\CatRoot2\tmp.edb </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\WINDOWS\system32\config\AppEvent.Evt </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\WINDOWS\system32\config\default </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\WINDOWS\system32\config\DEFAULT.LOG </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\WINDOWS\system32\config\sam </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\WINDOWS\system32\config\SAM.LOG </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\WINDOWS\system32\config\SecEvent.Evt </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\WINDOWS\system32\config\security </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\WINDOWS\system32\config\SECURITY.LOG </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\WINDOWS\system32\config\software </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\WINDOWS\system32\config\SOFTWARE.LOG </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\WINDOWS\system32\config\SysEvent.Evt </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\WINDOWS\system32\config\system </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\WINDOWS\system32\config\SYSTEM.LOG </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\WINDOWS\system32\h323log.txt </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\WINDOWS\wiadebug.log </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\WINDOWS\wiaservc.log </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\WINDOWS\WindowsUpdate.log </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\WINDOWS\{00000002-00000000-00000002-00001102-00000002-80661102}.CDF </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>D:\RECYCLER\NPROTECT\NPROTECT.LOG </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>D:\System Volume Information\MountPointManagerRemoteDatabase </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>D:\System Volume Information\_restore{824B791D-D3FB-4376-805C-06F8FC4C413B}\RP9\change.log </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>D:\System Volume Information\_restore{A5B808C6-E039-4D48-8261-D21FE4FF6938}\RP26\A0001991.exe/data0007 </td> <td>Infected: Trojan-Notifier.Win32.Zlob.a </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>D:\System Volume Information\_restore{A5B808C6-E039-4D48-8261-D21FE4FF6938}\RP26\A0001991.exe/data0008 </td> <td>Infected: Trojan-Downloader.Win32.Zlob.jq </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>D:\System Volume Information\_restore{A5B808C6-E039-4D48-8261-D21FE4FF6938}\RP26\A0001991.exe </td> <td>NSIS: infected - 2 </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>D:\System Volume Information\_restore{A5B808C6-E039-4D48-8261-D21FE4FF6938}\RP26\A0001991.exe </td> <td>UPX: infected - 2 </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>E:\RECYCLER\NPROTECT\00000005.exe </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>E:\RECYCLER\NPROTECT\00000006.exe </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>E:\RECYCLER\NPROTECT\NPROTECT.LOG </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>E:\System Volume Information\MountPointManagerRemoteDatabase </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>E:\System Volume Information\_restore{824B791D-D3FB-4376-805C-06F8FC4C413B}\RP9\change.log </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td colspan='3' height='20'><b>Scan process completed.</b></td> </tr> </table> </body> </html> -
Infectation per CATSRV.DLL
BoBo a répondu à un(e) sujet de BoBo dans Analyses et éradication malwares
ceci nes pas tout ces juste un scane area ... jai un scanne de mon ordie qui sans vien -
Infectation per CATSRV.DLL
BoBo a répondu à un(e) sujet de BoBo dans Analyses et éradication malwares
<html> <head> <title>KASPERSKY ONLINE SCANNER REPORT</title> <meta http-equiv='Content-Type' content='text/html; charset=utf-8'> </head> <style> .pagetitle { font-size:20px; color:#FFFFFF; font-family: Arial, Geneva, sans-serif; } .text { font-size:11px; font-family: Arial, Geneva, sans-serif; } TD { font-size:11px; font-family: Arial, Geneva, sans-serif; } </style> <body> <table width='100%' height='110' border='0'> <tr height='30' align='center' bgcolor='#005447'> <td colspan='2' height='30' class='pagetitle'> <b>KASPERSKY ONLINE SCANNER REPORT</b> </td> </tr> <tr height='70'> <td colspan='2' height='70'> Tuesday, July 18, 2006 3:26:43 PM<br> Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)<br> Kaspersky Online Scanner version: 5.0.83.0<br> Kaspersky Anti-Virus database last update: 18/07/2006<br> Kaspersky Anti-Virus database records: 195779<br> </td> </tr> <tr height='10'> <td colspan='2' height='10'> </td> </tr> </table> <table width='100%' height='145' border='0'> <tr height='20' bgcolor='#EFEBDE'> <td colspan='2' height='20'><b>Scan Settings</b></td> </tr> <tr height='15'> <td height='15' width='250'>Scan using the following antivirus database</td> <td>standard</td> </tr> <tr height='15'> <td height='15'>Scan Archives</td> <td>true</td> </tr> <tr height='15'> <td height='15'>Scan Mail Bases</td> <td>true</td> </tr> <tr height='10'> <td colspan='2' height='10'> </td> </tr> <tr height='20' bgcolor='#EFEBDE'> <td height='20'><b>Scan Target</b></td> <td>Critical Areas</td> </tr> <tr height='20'> <td colspan='2' height='20'> C:\WINDOWS<br> C:\DOCUME~1\AIRICK~1\LOCALS~1\Temp\ </td> </tr> <tr height='10'> <td colspan='2' height='10'> </td> </tr> <tr height='20' bgcolor='#EFEBDE'> <td colspan='2' height='20'><b>Scan Statistics</b></td> </tr> <tr height='15'> <td height='15'>Total number of scanned objects</td> <td>14066</td> </tr> <tr height='15'> <td height='15'>Number of viruses found</td> <td>0</td> </tr> <tr height='15'> <td height='15'>Number of infected objects</td> <td>0 / 0</td> </tr> <tr height='15'> <td height='15'>Number of suspicious objects</td> <td>0</td> </tr> <tr height='15'> <td height='15'>Duration of the scan process</td> <td>00:09:11</td> </tr> </table> <br> <table width='100%' border='0'> <tr height='20' bgcolor='#EFEBDE'> <td height='20'><b>Infected Object Name</b></td> <td width='200'><b>Virus Name</b></td> <td width='100'><b>Last Action</b></td> </tr> <tr height='20'> <td height='20'>C:\WINDOWS\Debug\PASSWD.LOG </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\WINDOWS\SchedLgU.Txt </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\WINDOWS\SoftwareDistribution\EventCache\{CE36FDFA-32EA-4797-878A-98B80BCC1A64}.bin </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\WINDOWS\SoftwareDistribution\ReportingEvents.log </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\WINDOWS\Sti_Trace.log </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\WINDOWS\system32\CatRoot2\edb.log </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\WINDOWS\system32\CatRoot2\tmp.edb </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\WINDOWS\system32\config\AppEvent.Evt </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\WINDOWS\system32\config\default </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\WINDOWS\system32\config\DEFAULT.LOG </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\WINDOWS\system32\config\sam </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\WINDOWS\system32\config\SAM.LOG </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\WINDOWS\system32\config\SecEvent.Evt </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\WINDOWS\system32\config\security </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\WINDOWS\system32\config\SECURITY.LOG </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\WINDOWS\system32\config\software </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\WINDOWS\system32\config\SOFTWARE.LOG </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\WINDOWS\system32\config\SysEvent.Evt </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\WINDOWS\system32\config\system </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\WINDOWS\system32\config\SYSTEM.LOG </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\WINDOWS\system32\h323log.txt </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\WINDOWS\wiadebug.log </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\WINDOWS\wiaservc.log </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\WINDOWS\WindowsUpdate.log </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\WINDOWS\{00000002-00000000-00000002-00001102-00000002-80661102}.CDF </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td colspan='3' height='20'><b>Scan process completed.</b></td> </tr> </table> </body> </html> je ne ces pas commen metre un raport dsl....... -
Infectation per CATSRV.DLL
BoBo a répondu à un(e) sujet de BoBo dans Analyses et éradication malwares
commen on fait pour metre un raport dans un ms.......... -
Infectation per CATSRV.DLL
BoBo a répondu à un(e) sujet de BoBo dans Analyses et éradication malwares
j'aimerais savoir quest-que veux dire ....... CATSRV.DLL ....... es-ce un fichier manquand ou une infection .... merci. -
Infectation per CATSRV.DLL
BoBo a répondu à un(e) sujet de BoBo dans Analyses et éradication malwares
merci....... -
Infectation per CATSRV.DLL
BoBo a répondu à un(e) sujet de BoBo dans Analyses et éradication malwares
je suis entraind de le faire mes comprend pas bien ... il faut que je scanne un a la foie -
Infectation per CATSRV.DLL
BoBo a répondu à un(e) sujet de BoBo dans Analyses et éradication malwares
AntiVir PersonalEdition Classic Report file date: mardi 18 juillet 2006 13:10 Scanning for 457247 virus strains and unwanted programs. Licensed to: AntiVir PersonalEdition Classic Serial number: 0000149996-WURGE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Username: Airick Babineau Computer name: NA-B41DFABF4956 Version informations: AVSCAN.EXE : 7.0.0.42 557096 18/07/2006 17:05:54 AVSCAN.DLL : 7.0.0.42 53288 18/07/2006 17:05:54 LUKE.DLL : 7.0.0.42 118824 18/07/2006 17:05:55 LUKERES.DLL : 7.0.0.42 25640 18/07/2006 17:05:55 ANTIVIR0.VDF : 6.35.0.1 7371264 18/07/2006 17:05:54 ANTIVIR1.VDF : 6.35.0.168 730112 18/07/2006 17:05:54 ANTIVIR2.VDF : 6.35.0.214 147968 18/07/2006 17:05:54 ANTIVIR3.VDF : 6.35.0.220 16384 18/07/2006 17:05:54 AVEWIN32.DLL : 7.1.0.21 1552896 18/07/2006 17:05:54 AVPREF.DLL : 7.0.0.1 49192 18/07/2006 17:05:54 AVREP.DLL : 6.35.0.154 708648 18/07/2006 17:05:54 AVRPBASE.DLL : 7.0.0.0 2162728 18/07/2006 17:05:54 AVPACK32.DLL : 7.1.0.1 335912 18/07/2006 17:05:54 AVREG.DLL : 6.31.0.90 27688 18/07/2006 17:05:54 NETNT.DLL : 6.32.0.0 6696 18/07/2006 17:05:55 NETNW.DLL : 6.32.0.0 9768 18/07/2006 17:05:55 RCIMAGE.DLL : 7.0.0.71 1642536 18/07/2006 17:05:57 RCTEXT.DLL : 7.0.0.75 77864 18/07/2006 17:05:57 Configuration settings for the scan: Jobname: '%s'.................: ShlExt Configuration file............: C:\DOCUME~1\AIRICK~1\LOCALS~1\Temp\5158696c.avp Boot sectors..................: C Scan memory...................: 1 Process scan..................: 0 Scan all files................: 2 Scan archives.................: 1 Recursion depth...............: 20 Smart extensions..............: 1 Macro heuristic...............: 1 File heuristic................: -1 Primary action................: 1 Secondary action..............: 0 Start of the scan: mardi 18 juillet 2006 13:10 Start scanning boot sectors: Boot sector 'C:\' [NOTE] No virus was found! Starting the file scan: C:\hiberfil.sys [WARNING] The file could not be opened! C:\pagefile.sys [WARNING] The file could not be opened! C:\Documents and Settings\Airick Babineau\NTUSER.DAT [WARNING] The file could not be opened! C:\Documents and Settings\Airick Babineau\NTUSER.DAT.LOG [WARNING] The file could not be opened! C:\Documents and Settings\Airick Babineau\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat [WARNING] The file could not be opened! C:\Documents and Settings\Airick Babineau\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG [WARNING] The file could not be opened! C:\Documents and Settings\Airick Babineau\Local Settings\Temporary Internet Files\Content.IE5\QAD6IWR1\RegCure%20v1.0.0.43_crack_keygen_serial[1].htm [DETECTION] Contains signature of the exploits EXP/DialogArg [iNFO] The file was moved to '45241712.qua'! C:\Documents and Settings\Airick Babineau\Local Settings\Temporary Internet Files\Content.IE5\XGQCS4CY\popup[1].htm [DETECTION] Contains signature of the exploits EXP/Agent.B [iNFO] The file was moved to '452d1742.qua'! C:\Documents and Settings\LocalService\NTUSER.DAT [WARNING] The file could not be opened! C:\Documents and Settings\LocalService\ntuser.dat.LOG [WARNING] The file could not be opened! C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat [WARNING] The file could not be opened! C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG [WARNING] The file could not be opened! C:\Documents and Settings\NetworkService\NTUSER.DAT [WARNING] The file could not be opened! C:\Documents and Settings\NetworkService\ntuser.dat.LOG [WARNING] The file could not be opened! C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat [WARNING] The file could not be opened! C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG [WARNING] The file could not be opened! C:\Program Files\Instant Access\Multi\20060718000742\instant access.exe [DETECTION] Contains signature of the dial-up program DIAL/302385 [iNFO] The file was moved to '453018c2.qua'! C:\RECYCLER\NPROTECT\00000543.EXE [DETECTION] Contains signature of the dial-up program DIAL/302385 [iNFO] The file was moved to '44ed2f07.qua'! C:\RECYCLER\NPROTECT\NPROTECT.LOG [WARNING] The file could not be opened! C:\WINDOWS\SoftwareDistribution\EventCache\{CE36FDFA-32EA-4797-878A-98B80BCC1A64}.bin [WARNING] The file could not be opened! C:\WINDOWS\system32\procia.exe [DETECTION] Contains signature of the dial-up program DIAL/302385 [iNFO] The file was moved to '452c31a7.qua'! C:\WINDOWS\system32\CatRoot2\edb.log [WARNING] The file could not be opened! C:\WINDOWS\system32\CatRoot2\tmp.edb [WARNING] The file could not be opened! C:\WINDOWS\system32\config\default [WARNING] The file could not be opened! C:\WINDOWS\system32\config\DEFAULT.LOG [WARNING] The file could not be opened! C:\WINDOWS\system32\config\sam [WARNING] The file could not be opened! C:\WINDOWS\system32\config\SAM.LOG [WARNING] The file could not be opened! C:\WINDOWS\system32\config\security [WARNING] The file could not be opened! C:\WINDOWS\system32\config\SECURITY.LOG [WARNING] The file could not be opened! C:\WINDOWS\system32\config\software [WARNING] The file could not be opened! C:\WINDOWS\system32\config\SOFTWARE.LOG [WARNING] The file could not be opened! C:\WINDOWS\system32\config\system [WARNING] The file could not be opened! C:\WINDOWS\system32\config\SYSTEM.LOG [WARNING] The file could not be opened! End of the scan: mardi 18 juillet 2006 15:09 Used time: 1:59:20 min The scan has been done completely. 3658 Scanning directories 140501 Files were scanned 5 viruses and/or unwanted programs was found 0 files were deleted 0 files were repaired 5 files were moved to quarantine 0 files were renamed 1118 Archives were scanned 28 Warnings 0 Notes -
Infectation per CATSRV.DLL
BoBo a répondu à un(e) sujet de BoBo dans Analyses et éradication malwares
dsl ... pour moi ces du sharabia je ne comprend rien mes je ces que sharaza ... bestiol ... ou localiser la source de mon probleme je ces pas dsl . -
Infectation per CATSRV.DLL
BoBo a répondu à un(e) sujet de BoBo dans Analyses et éradication malwares
Logfile of HijackThis v1.99.1 Scan saved at 12:39:44, on 18/07/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\system32\CTHELPER.EXE C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Ahead\InCD\InCD.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE C:\Program Files\CyberLink\Shared files\RichVideo.exe C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Symantec\LiveUpdate\ALUNOTIFY.EXE C:\Program Files\Fichiers communs\Symantec Shared\Nmain.exe C:\PROGRA~1\NORTON~1\NORTON~1\navw32.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Messenger\msmsgs.exe D:\Utilitaire Executables\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files\Shareaza\Plugins\RazaWebHook.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [ccApp] C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files\Shareaza\Plugins\RazaWebHook.dll/3000 O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1153197073640 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe -
Infectation per CATSRV.DLL
BoBo a répondu à un(e) sujet de BoBo dans Analyses et éradication malwares
je fais qoui pour ce la -
bonjour a tous jai un probleme de pc je suis infecter ou encore je ne connais pas le probleme ... mon prob est ... CATSRV.DLL ces quoi ca ... merci
-
Bonjour comme je suis nouveau jai de gros probleme avec mon pc peut-etre infecter ou encore je ne connais pa le probleme .... a l'aide merci....