kristin

Membres

Afficher le profil Afficher son activité

Compteur de contenus
16
Inscription
le 30 août 2008
Dernière visite
le 19 octobre 2008

Profile Information

Sexe
Female

Autres informations

Mes langues
francais , anglais

kristin's Achievements

Junior Member (3/12)

Réputation sur la communauté

analyse de rapport hijackthis suite a trojans et ralentissements MERCI

kristin a répondu à un(e) sujet de kristin dans Analyses et éradication malwares

bonjour apparement je n ai pas de dysfonctionnements c est simplement la detection de quelques trojan quand je faisais tourner pctools qui m interpellait, c est antivir qui m indiquait cela se peut il que ce soit des faux positfs? maintenant j ai desinstallé pc tools bises christine
- le 1 octobre 2008
- 7 réponses
analyse de rapport hijackthis suite a trojans et ralentissements MERCI

kristin a répondu à un(e) sujet de kristin dans Analyses et éradication malwares

Bonjour et merci j avais déjà cccleaner, mais pas installé avec seulement l option " 48heures"..comme je l avais déjà lancé ce weekend de nombreuses fois, je ne l ai pas désinstallé, j ai donc simplement relancé cccleaner en mode sans echec... je te poste ci dessous les rapports MBAM et hijackthis (j en ai fait deux, un en mode sans echec, et le dernier en mode normal) MERCI de ton aide et dis moi si je dois reinstallé cccleaner avec o^tion 48heures et le relancer (donc dans 48h !!) bises christine Rapport MBAM Malwarebytes' Anti-Malware 1.28 Version de la base de données: 1221 Windows 5.1.2600 Service Pack 2 28/09/2008 21:35:34 mbam-log-2008-09-28 (21-35-34).txt Type de recherche: Examen complet (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|) Eléments examinés: 141233 Temps écoulé: 15 minute(s), 7 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté) rapport hijackthis (en mode normal) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:48:06, on 28/09/2008 Platform: Windows XP SP2 MSIE: Internet Explorer v7.00 Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\acer\Acer eConsole\MediaServerService.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe C:\Program Files\Acer\eRecovery\Monitor.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Acer\Acer eMode Management\AspireService.exe C:\Program Files\Acer\Acer eConsole\MediaSync.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\PROGRA~1\FICHIE~1\PCSuite\Services\SERVIC~1.EXE C:\Program Files\GFI\LANguard Network Security Scanner 8.0\statusmonitor.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\WINDOWS\system32\wuauclt.exe C:\PROGRA~1\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" O4 - HKLM\..\Run: [eRecoveryService] C:\Program Files\Acer\eRecovery\Monitor.exe O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [AspireService] C:\Program Files\Acer\Acer eMode Management\AspireService.exe O4 - HKLM\..\Run: [MediaSync] C:\Program Files\Acer\Acer eConsole\MediaSync.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [bitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: LNSS Status Monitor.lnk = C:\Program Files\GFI\LANguard Network Security Scanner 8.0\statusmonitor.exe O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing) O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...029/mcfscan.cab O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\acer\Acer eConsole\MediaServerService.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe -- End of file - 10429 bytes Rapport hijackthis (en mode sans echec) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:41:35, on 28/09/2008 Platform: Windows XP SP2 MSIE: Internet Explorer v7.00 Boot mode: Safe mode Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" O4 - HKLM\..\Run: [eRecoveryService] C:\Program Files\Acer\eRecovery\Monitor.exe O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [AspireService] C:\Program Files\Acer\Acer eMode Management\AspireService.exe O4 - HKLM\..\Run: [MediaSync] C:\Program Files\Acer\Acer eConsole\MediaSync.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [bitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: LNSS Status Monitor.lnk = C:\Program Files\GFI\LANguard Network Security Scanner 8.0\statusmonitor.exe O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing) O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...029/mcfscan.cab O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\acer\Acer eConsole\MediaServerService.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe -- End of file - 8691 bytes
- le 29 septembre 2008
- 7 réponses
analyse de rapport hijackthis suite a trojans et ralentissements MERCI

kristin a répondu à un(e) sujet de kristin dans Analyses et éradication malwares

BONJOUR merci pour tout voici le résultat de mon rapport diaghelp...Merci de m indiquer la suite à effectuer..Bises Christine DiagHelp version v1.4 - http://www.malekal.com excute le 28/09/2008 à 3:37:17,84 Liste des derniers fichies modifies/crees dans windir\system32 et prefetch C:\WINDOWS\prefetch\AVWSC.EXE-21D2C1ED.pf -->28/09/2008 03:35:58 C:\WINDOWS\prefetch\CHCP.COM-17EDBDC9.pf -->28/09/2008 03:35:16 C:\WINDOWS\prefetch\FIREFOX.EXE-06188867.pf -->28/09/2008 03:34:26 C:\WINDOWS\prefetch\CMD.EXE-034B0549.pf -->28/09/2008 03:34:04 C:\WINDOWS\prefetch\EXPLORER.EXE-02121B1A.pf -->28/09/2008 03:33:32 C:\WINDOWS\prefetch\REALPLAY.EXE-05411014.pf -->28/09/2008 03:30:02 C:\WINDOWS\prefetch\VERCLSID.EXE-28F52AD2.pf -->28/09/2008 03:29:04 C:\WINDOWS\prefetch\WMIPRVSE.EXE-0D449B4F.pf -->28/09/2008 03:26:32 C:\WINDOWS\prefetch\WUAUCLT.EXE-1360D60A.pf -->28/09/2008 03:26:20 C:\WINDOWS\prefetch\LOGONUI.EXE-312BE1BF.pf -->28/09/2008 03:25:56 C:\WINDOWS\System32\drivers\mbamswissarmy.sys -->10/09/2008 00:04:02 C:\WINDOWS\System32\drivers\mbam.sys -->10/09/2008 00:03:56 C:\WINDOWS\System32\drivers\avipbb.sys -->31/08/2008 21:32:20 C:\WINDOWS\System32\drivers\tcpip.sys -->20/06/2008 06:45:14 C:\WINDOWS\System32\drivers\afd.sys -->20/06/2008 06:44:38 C:\WINDOWS\System32\drivers\tcpip6.sys -->20/06/2008 05:52:06 C:\WINDOWS\System32\drivers\pavboot.sys -->19/06/2008 17:24:30 C:\WINDOWS\System32\bdod.bin -->28/09/2008 03:37:18 C:\WINDOWS\System32\wpa.dbl -->27/09/2008 21:51:32 C:\WINDOWS\System32\eRLog.ini -->27/09/2008 21:51:30 C:\WINDOWS\System32\nvapps.xml -->27/09/2008 21:51:20 C:\WINDOWS\System32\amcompat.tlb -->24/09/2008 14:13:06 C:\WINDOWS\System32\nscompat.tlb -->24/09/2008 14:13:06 C:\WINDOWS\System32\spdwnwxp.log -->24/09/2008 13:57:06 C:\WINDOWS\System32\PerfStringBackup.INI -->01/09/2008 19:16:58 C:\WINDOWS\System32\perfh00C.dat -->01/09/2008 19:16:58 C:\WINDOWS\System32\perfc00C.dat -->01/09/2008 19:16:58 C:\WINDOWS\System32\perfh009.dat -->01/09/2008 19:16:58 C:\WINDOWS\System32\perfc009.dat -->01/09/2008 19:16:58 C:\WINDOWS\System32\CONFIG.NT -->30/08/2008 14:49:40 C:\WINDOWS\System32\MRT.exe -->26/08/2008 16:28:12 C:\WINDOWS\System32\TZLog.log -->13/08/2008 03:15:30 C:\WINDOWS\System32\cdm.dll -->18/07/2008 22:10:48 C:\WINDOWS\System32\wuauclt.exe -->18/07/2008 22:10:42 C:\WINDOWS\System32\wups2.dll -->18/07/2008 22:10:40 C:\WINDOWS\System32\wucltui.dll.mui -->18/07/2008 22:10:36 C:\WINDOWS\System32\wups.dll -->18/07/2008 22:10:20 C:\WINDOWS\System32\wuaucpl.cpl.mui -->18/07/2008 22:09:56 C:\WINDOWS\System32\wucltui.dll -->18/07/2008 22:09:46 C:\WINDOWS\System32\wuaucpl.cpl -->18/07/2008 22:09:46 C:\WINDOWS\System32\wuweb.dll -->18/07/2008 22:09:44 C:\WINDOWS\System32\wuapi.dll -->18/07/2008 22:09:44 C:\WINDOWS\0.log -->27/09/2008 21:51:14 C:\WINDOWS\wiadebug.log -->27/09/2008 21:50:30 C:\WINDOWS\bootstat.dat -->27/09/2008 21:50:26 C:\WINDOWS\SchedLgU.Txt -->27/09/2008 21:49:36 C:\WINDOWS\wiaservc.log -->27/09/2008 21:49:36 C:\WINDOWS\bdagent.INI -->27/09/2008 21:49:20 C:\WINDOWS\WindowsUpdate.log -->27/09/2008 21:49:08 C:\WINDOWS\QTFont.qfn -->27/09/2008 13:13:32 C:\WINDOWS\WMSysPr9.prx -->24/09/2008 14:13:22 C:\WINDOWS\ODBC.INI -->31/08/2008 23:53:40 C:\WINDOWS\WLXPGSS.SCR -->18/07/2008 14:39:16 C:\WINDOWS\cdplayer.ini -->11/07/2008 23:11:24 C:\WINDOWS\SET5A5.tmp -->13/04/2008 22:34:04 C:\WINDOWS\SET55C.tmp -->13/04/2008 22:34:04 C:\WINDOWS\QTFont.for -->23/03/2008 20:19:52 winlogon.exe svchost.exe ws2_32.dll user32.dll Verified: Signed tcpip.sys Verified: Signed ndis.sys Verified: Signed null.sys Verified: Signed ListDLLs v2.25 - DLL lister for Win9x/NT Copyright © 1997-2004 Mark Russinovich Sysinternals - www.sysinternals.com ------------------------------------------------------------------------------ EXPLORER.EXE pid: 252 Command line: C:\WINDOWS\Explorer.EXE Base Size Version Path 0x44080000 0xd0000 7.00.6000.16705 C:\WINDOWS\system32\WININET.dll 0x00400000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll 0x43e00000 0x45000 7.00.6000.16705 C:\WINDOWS\system32\iertutil.dll 0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\comctl32.dll 0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL 0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll 0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL 0x44360000 0x5cd000 7.00.6000.16705 C:\WINDOWS\system32\ieframe.dll 0x7d200000 0x2be000 3.01.4000.4039 C:\WINDOWS\system32\msi.dll 0x44160000 0x127000 7.00.6000.16705 C:\WINDOWS\system32\urlmon.dll 0x442b0000 0x3c000 7.00.6000.16705 C:\WINDOWS\system32\webcheck.dll 0x748f0000 0x113000 8.90.1101.0000 C:\WINDOWS\system32\msxml3.dll 0x02550000 0x187000 1.06.0000.0012 C:\Program Files\Spybot - Search & Destroy\SDHelper.dll 0x43ff0000 0xa000 7.00.6000.16705 C:\WINDOWS\system32\jsproxy.dll 0x10000000 0x27000 11.00.0000.0015 C:\Program Files\BitDefender\BitDefender 2008\bdshelxt.dll 0x01f40000 0x13000 11.00.0000.0012 C:\Program Files\BitDefender\BitDefender 2008\bdutils.dll 0x7c420000 0x87000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCP80.dll 0x78130000 0x9b000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll 0x01f70000 0x16000 11.00.0000.0001 C:\Program Files\BitDefender\BitDefender 2008\txmlx.dll 0x01fd0000 0x12000 7.00.0000.0015 C:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll 0x7c250000 0x102000 7.10.3077.0000 C:\Program Files\Avira\AntiVir PersonalEdition Classic\MFC71U.DLL 0x02b20000 0x56000 7.10.3052.0004 C:\Program Files\Avira\AntiVir PersonalEdition Classic\MSVCR71.dll 0x02000000 0x12000 1.01.0000.0000 C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll 0x02d00000 0x4f000 6.03.0051.0001 C:\Program Files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll 0x02fa0000 0x61000 6.03.0009.0001 C:\Program Files\Nokia\Nokia PC Suite 6\PCSCM.dll 0x76010000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll 0x02c80000 0x3b000 2.06.5000.5378 C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll 0x64000000 0x30000 2005.01.0001.0004 C:\PROGRA~1\YAHOO!\COMMON\ymmapi.dll 0x03110000 0x43000 2.06.5000.5378 C:\Program Files\Windows Desktop Search\dsWebAllow.dll 0x00b80000 0x3000 2.06.6000.5414 C:\Program Files\Windows Desktop Search\fr-fr\dsWebAllowRes.dll.mui 0x01b10000 0x5000 2.06.5000.5378 C:\Program Files\Windows Desktop Search\dsWebAllowRes.dll ListDLLs v2.25 - DLL lister for Win9x/NT Copyright © 1997-2004 Mark Russinovich Sysinternals - www.sysinternals.com ------------------------------------------------------------------------------ WINLOGON.EXE pid: 932 Command line: winlogon.exe Base Size Version Path 0x01000000 0x81000 \??\C:\WINDOWS\system32\winlogon.exe 0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\COMCTL32.dll 0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll 0x20000000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll 0x01320000 0x3b000 1.07.0018.0005 C:\WINDOWS\system32\WgaLogon.dll 0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL 0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll Répertoire de C:\WINDOWS\system 25/12/1998 09:15 345 983 RCDSETUP.EXE 1 fichier(s) 345 983 octets 0 Rép(s) 50 261 360 640 octets libres Répertoire de C:\WINDOWS\system32 05/08/2004 05:00 6 144 csrss.exe 1 fichier(s) 6 144 octets 0 Rép(s) 50 261 360 640 octets libres Contenu de Downloaded Program Files Répertoire de C:\WINDOWS\Downloaded Program Files 23/06/2005 23:00 <REP> . 23/06/2005 23:00 <REP> .. 23/06/2005 23:00 65 desktop.ini 02/11/2005 18:07 435 712 xscan53.ocx 02/11/2005 18:01 1 777 xscan.inf 13/11/2006 19:48 946 296 asquared.ocx 13/04/2007 15:27 367 LegitCheckControl.inf 18/12/2006 11:02 882 mcfscan.inf 27/03/2007 16:00 5 021 swflash.inf 14/03/2007 04:02 1 055 jinstall-6u1.inf 20/06/2006 15:44 117 560 PURen-us.dll 20/06/2006 15:44 379 704 MsnPUpld.dll 19/06/2006 14:40 393 MsnPUpld.inf 09/01/2007 08:30 110 592 PURfr-fr.dll 28/03/2007 10:06 541 ca.pub 07/05/2007 16:38 500 120 daas_s.dll 07/05/2007 16:39 192 920 fsauc.dll 07/05/2007 16:39 254 360 fscax.dll 13/04/2007 15:52 482 fscax.inf 02/05/2008 04:56 5 714 install.log 02/05/2008 04:56 38 428 unagiuninst.exe 23/01/2007 21:41 841 304 ampAx3.0.84.2.dll 22/03/2008 20:39 <REP> CONFLICT.1 20 fichier(s) 3 833 293 octets Répertoire de C:\WINDOWS\Downloaded Program Files\CONFLICT.1 22/03/2008 20:39 <REP> . 22/03/2008 20:39 <REP> .. 27/02/2008 15:59 588 392 gatelauncher.exe 27/02/2008 15:59 541 ca.pub 27/02/2008 15:59 495 616 daas_s.dll 27/02/2008 15:59 290 816 auc_lib.dll 27/02/2008 16:00 262 144 fscax.dll 27/02/2008 15:59 614 fscax.inf 6 fichier(s) 1 638 123 octets Total des fichiers listés : 26 fichier(s) 5 471 416 octets 5 Rép(s) 50 261 393 408 octets libres Recherche de rootkit! (Merci S!Ri) Recherche d'infections connues Export des clefs sensibles.. Liste des fichiers en exception sur le pare-feu XP SP2 "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\acer\\Acer eConsole\\MediaSync.exe"="C:\\Program Files\\acer\\Acer eConsole\\MediaSync.exe:LocalSubNet:Enabled:Media Synchoronizer" "C:\\Program Files\\acer\\Acer eConsole\\eConsole.exe"="C:\\Program Files\\acer\\Acer eConsole\\eConsole.exe:LocalSubNet:Enabled:eConsole" "C:\\Program Files\\acer\\Acer eConsole\\MediaServerService.exe"="C:\\Program Files\\acer\\Acer eConsole\\MediaServerService.exe:LocalSubNet:Enabled:Acer Media Server" "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger" "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\WINDOWS\\System32\\ZoneLabs\\vsmon.exe"="C:\\WINDOWS\\System32\\ZoneLabs\\vsmon.exe:*:Enabled:TrueVector Service" "C:\\Program Files\\WINSOS\\winsos.exe"="C:\\Program Files\\WINSOS\\winsos.exe:*:Enabled:Winsos" "C:\\Program Files\\WINSOS\\anti-spy.exe"="C:\\Program Files\\WINSOS\\anti-spy.exe:*:Enabled:anti-spy Winsos" "C:\\Program Files\\WINSOS\\help.exe"="C:\\Program Files\\WINSOS\\help.exe:*:Enabled:Winsos Help" "C:\\Program Files\\Messenger\\MSMSGS.EXE"="C:\\Program Files\\Messenger\\MSMSGS.EXE:*:Enabled:Windows Messenger" "C:\\Program Files\\ICQ6\\ICQ.exe"="C:\\Program Files\\ICQ6\\ICQ.exe:*:Enabled:ICQ6" "C:\\Program Files\\SecondLife\\SecondLife.exe"="C:\\Program Files\\SecondLife\\SecondLife.exe:*:Enabled:Second Life" "C:\\WINDOWS\\System32\\ZoneLabs\\avsys\\ScanningProcess.exe"="C:\\WINDOWS\\System32\\ZoneLabs\\avsys\\ScanningProcess.exe:*:Enabled:Kaspersky AV Scanner" "C:\\Program Files\\Fichiers communs\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Fichiers communs\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader" "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "C:\\Program Files\\SecondLife99\\SLVoice.exe"="C:\\Program Files\\SecondLife99\\SLVoice.exe:*:Enabled:SLVoice" "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" Export de la clef SharedTaskScheduler [sharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant" exports des policies REGEDIT4 [system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 Export des clefs sensibles.. Rechercher adresses sensibles dans le fichier HOSTS... catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-28 03:41:16 Windows 5.1.2600 Service Pack 2 FAT NTAPI scanning hidden services ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden services: 0 hidden files: 0 KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Process list by traversal of KiWaitListHead 4 - System 156 - VSSERV.EXE 252 - EXPLORER.EXE 492 - ASPIRESERVICE.E 576 - SVCHOST.EXE 588 - ALG.EXE 832 - MONITOR.EXE 908 - CSRSS.EXE 932 - WINLOGON.EXE 976 - SERVICES.EXE 988 - LSASS.EXE 1068 - MEDIASYNC.EXE 1132 - SVCHOST.EXE 1180 - SVCHOST.EXE 1216 - SVCHOST.EXE 1248 - firefox.exe 1276 - SVCHOST.EXE 1356 - SVCHOST.EXE 1516 - SPOOLSV.EXE 1588 - SCHED.EXE 1684 - MEDIASERVERSERV 1704 - AVGUARD.EXE 1768 - NVSVC32.EXE 1980 - XCOMMSVR.EXE 2028 - LIVESRV.EXE 2052 - E_S4I0F2.EXE 2092 - AVGNT.EXE 2180 - BDAGENT.EXE 2444 - MSNMSGR.EXE 2472 - TeaTimer.exe 2652 - statusmonitor.e 2672 - cmd.exe Total number of processes = 32 NOTE: Under WinXP, this will not show all processes. KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Driver/Module list by traversal of PsLoadedModuleList 804D7000 - \WINDOWS\system32\ntkrnlpa.exe 806CE000 - \WINDOWS\system32\hal.dll F7A1C000 - \WINDOWS\system32\KDCOM.DLL F792C000 - \WINDOWS\system32\BOOTVID.dll F73EC000 - ACPI.sys F7A1E000 - \WINDOWS\system32\DRIVERS\WMILIB.SYS F73DB000 - pci.sys F751C000 - isapnp.sys F752C000 - ohci1394.sys F753C000 - \WINDOWS\system32\DRIVERS\1394BUS.SYS F7AE4000 - PCIIde.sys F779C000 - \WINDOWS\System32\Drivers\PCIIDEX.SYS F754C000 - MountMgr.sys F73BC000 - ftdisk.sys F77A4000 - PartMgr.sys F77AC000 - pavboot.sys F755C000 - VolSnap.sys F73A4000 - atapi.sys F738E000 - nvatabus.sys F756C000 - disk.sys F757C000 - \WINDOWS\system32\DRIVERS\CLASSPNP.SYS F736E000 - fltMgr.sys F734B000 - Fastfat.sys F7334000 - KSecDD.sys F7307000 - NDIS.sys F77B4000 - nvcchflt.sys F72EC000 - Mup.sys F777C000 - \SystemRoot\system32\DRIVERS\nic1394.sys F0C81000 - \SystemRoot\system32\DRIVERS\AmdK8.sys F0154000 - \SystemRoot\system32\DRIVERS\usbohci.sys EDDAC000 - \SystemRoot\system32\DRIVERS\USBPORT.SYS F014C000 - \SystemRoot\system32\DRIVERS\usbehci.sys F0C71000 - \SystemRoot\system32\drivers\nvax.sys F05FC000 - \SystemRoot\system32\DRIVERS\imapi.sys EE869000 - \SystemRoot\system32\drivers\Afc.sys F1F0C000 - \SystemRoot\System32\Drivers\UBHelper.SYS F05EC000 - \SystemRoot\system32\DRIVERS\cdrom.sys F05DC000 - \SystemRoot\system32\DRIVERS\redbook.sys EDC71000 - \SystemRoot\system32\DRIVERS\ks.sys F7ABE000 - \SystemRoot\system32\DRIVERS\NTIDrvr.sys EE861000 - \SystemRoot\System32\Drivers\GEARAspiWDM.sys F1F04000 - \SystemRoot\system32\DRIVERS\nvnetbus.sys EDC2D000 - \SystemRoot\system32\DRIVERS\NVNRM.SYS EDBFA000 - \SystemRoot\system32\DRIVERS\NVSNPU.SYS ED8AE000 - \SystemRoot\system32\DRIVERS\nv4_mini.sys ED89A000 - \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS EE859000 - \SystemRoot\system32\DRIVERS\fdc.sys ED889000 - \SystemRoot\system32\DRIVERS\serial.sys F1F00000 - \SystemRoot\system32\DRIVERS\serenum.sys ED875000 - \SystemRoot\system32\DRIVERS\parport.sys F08AD000 - \SystemRoot\system32\DRIVERS\audstub.sys F05CC000 - \SystemRoot\system32\DRIVERS\rasl2tp.sys F1EFC000 - \SystemRoot\system32\DRIVERS\ndistapi.sys ED85E000 - \SystemRoot\system32\DRIVERS\ndiswan.sys F05BC000 - \SystemRoot\system32\DRIVERS\raspppoe.sys F05AC000 - \SystemRoot\system32\DRIVERS\raspptp.sys EE851000 - \SystemRoot\system32\DRIVERS\TDI.SYS ED84D000 - \SystemRoot\system32\DRIVERS\psched.sys F059C000 - \SystemRoot\system32\DRIVERS\msgpc.sys EE849000 - \SystemRoot\system32\DRIVERS\ptilink.sys EE841000 - \SystemRoot\system32\DRIVERS\raspti.sys F058C000 - \SystemRoot\system32\DRIVERS\termdd.sys EE839000 - \SystemRoot\system32\DRIVERS\kbdclass.sys EE831000 - \SystemRoot\system32\DRIVERS\mouclass.sys ED839000 - \SystemRoot\system32\DRIVERS\bdfndisf.sys F7AC0000 - \SystemRoot\system32\DRIVERS\swenum.sys ED805000 - \SystemRoot\system32\DRIVERS\update.sys F1EF0000 - \SystemRoot\system32\DRIVERS\mssmbios.sys F057C000 - \SystemRoot\system32\DRIVERS\usbhub.sys F7AC2000 - \SystemRoot\system32\DRIVERS\USBD.SYS F056C000 - \SystemRoot\System32\Drivers\NDProxy.SYS ED778000 - \SystemRoot\system32\drivers\nvapu.sys ED754000 - \SystemRoot\system32\drivers\portcls.sys EE7FF000 - \SystemRoot\system32\drivers\drmk.sys ED673000 - \SystemRoot\system32\drivers\nvmcp.sys ED662000 - \SystemRoot\system32\drivers\nvarm.sys EFE1B000 - \SystemRoot\system32\DRIVERS\NVENETFD.sys EF628000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS EE140000 - \SystemRoot\System32\Drivers\Null.SYS EF626000 - \SystemRoot\System32\Drivers\Beep.SYS F074A000 - \SystemRoot\system32\DRIVERS\HIDPARSE.SYS F0742000 - \SystemRoot\System32\drivers\vga.sys EF624000 - \SystemRoot\System32\Drivers\mnmdd.SYS EF622000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys F073A000 - \SystemRoot\System32\Drivers\Msfs.SYS F0732000 - \SystemRoot\System32\Drivers\Npfs.SYS EFD73000 - \SystemRoot\system32\DRIVERS\rasacd.sys EB1CD000 - \SystemRoot\system32\DRIVERS\ipsec.sys EB175000 - \SystemRoot\system32\DRIVERS\tcpip.sys EB150000 - \??\C:\Program Files\Fichiers communs\BitDefender\BitDefender Firewall\bdftdif.sys EB128000 - \SystemRoot\system32\DRIVERS\netbt.sys EB106000 - \SystemRoot\System32\drivers\afd.sys EFDFB000 - \SystemRoot\system32\DRIVERS\netbios.sys F072A000 - \SystemRoot\system32\DRIVERS\ssmdrv.sys EB0DB000 - \SystemRoot\system32\DRIVERS\rdbss.sys EB06C000 - \SystemRoot\system32\DRIVERS\mrxsmb.sys EFDDB000 - \SystemRoot\System32\Drivers\Fips.SYS EB04B000 - \SystemRoot\system32\DRIVERS\ipnat.sys EFDCB000 - \SystemRoot\system32\DRIVERS\wanarp.sys EFDBB000 - \SystemRoot\system32\DRIVERS\arp1394.sys EB03A000 - \SystemRoot\system32\DRIVERS\avipbb.sys EED5A000 - \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys EFD9B000 - \SystemRoot\System32\Drivers\Cdfs.SYS F015C000 - \SystemRoot\system32\DRIVERS\usbscan.sys F0188000 - \SystemRoot\system32\DRIVERS\hidusb.sys EF90E000 - \SystemRoot\system32\DRIVERS\HIDCLASS.SYS F064C000 - \SystemRoot\system32\DRIVERS\USBSTOR.SYS F0644000 - \SystemRoot\system32\DRIVERS\usbccgp.sys F0285000 - \SystemRoot\system32\DRIVERS\mouhid.sys F027D000 - \SystemRoot\system32\DRIVERS\kbdhid.sys F063C000 - \SystemRoot\system32\DRIVERS\usbprint.sys EB024000 - \SystemRoot\System32\Drivers\dump_nvatabus.sys EED52000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS BF800000 - \SystemRoot\System32\win32k.sys F09D5000 - \SystemRoot\System32\drivers\Dxapi.sys F0A4A000 - \SystemRoot\System32\watchdog.sys BF9C3000 - \SystemRoot\System32\drivers\dxg.sys F0983000 - \SystemRoot\System32\drivers\dxgthk.sys BF9D5000 - \SystemRoot\System32\nv4_disp.dll F79BC000 - \SystemRoot\system32\DRIVERS\ndisuio.sys EB3CE000 - \SystemRoot\system32\DRIVERS\mrxdav.sys EBA1D000 - \??\C:\Program Files\Acer\eRecovery\int15.sys EB9E1000 - \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys EB98F000 - \SystemRoot\system32\DRIVERS\srv.sys EB8CF000 - \??\C:\Program Files\BitDefender\BitDefender 2008\bdselfpr.sys EDF15000 - \SystemRoot\system32\drivers\bdfsfltr.sys EDE88000 - \SystemRoot\system32\drivers\wdmaud.sys F697E000 - \SystemRoot\system32\drivers\sysaudio.sys EE38C000 - \SystemRoot\System32\Drivers\HTTP.sys EB764000 - \SystemRoot\system32\drivers\kmixer.sys F7B0B000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys Total number of drivers = 131 Liste des programmes installes Acer eConsole Acer eMode Management Adobe Flash Player 9 ActiveX ArcSoft PhotoStudio 2000 Assistant de connexion Windows Live Athlon 64 Processor Driver Avira AntiVir Personal - Free Antivirus BitDefender Total Security 2008 Canon ScanGear Toolbox CS 2.2 Correctif pour Windows Internet Explorer 7 (KB947864) Correctif pour Windows XP (KB914440) Correctif pour Windows XP (KB952287) Correctif Windows XP - KB867282 Correctif Windows XP - KB873339 Correctif Windows XP - KB885250 Correctif Windows XP - KB885835 Correctif Windows XP - KB885836 Correctif Windows XP - KB885884 Correctif Windows XP - KB886185 Correctif Windows XP - KB887472 Correctif Windows XP - KB888113 Correctif Windows XP - KB888302 Correctif Windows XP - KB890047 Correctif Windows XP - KB890175 Correctif Windows XP - KB890859 Correctif Windows XP - KB890923 Correctif Windows XP - KB891781 Correctif Windows XP - KB893086 EPSON CardMonitor EPSON Logiciel imprimante EPSON PhotoQuicker3.5 EPSON PhotoStarter3.1 EPSON Print CD EPSON PRINT Image Framer Tool2.1 ESPR300 Guide de référence ESPR300 Guide des logiciels ESPR300 Guide du mode autonome Galerie de photos Windows Live GFI LANguard Network Security Scanner 8.0 Google Earth HijackThis 2.0.2 Hotfix for Windows XP (KB915865) ICQ6 iTunes J2SE Runtime Environment 5.0 Update 2 Java 6 Update 2 Java SE Runtime Environment 6 Update 1 Malwarebytes' Anti-Malware Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 French Language Pack Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft Age of Empires Microsoft Age of Empires Expansion Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office XP Professional Microsoft SQL Server 2005 Compact Edition [ENU] Mise à jour de sécurité pour Lecteur Windows Media (KB911564) Mise à jour de sécurité pour Lecteur Windows Media 6.4 (KB925398) Mise à jour de sécurité pour Lecteur Windows Media 9 (KB917734) Mise à jour de sécurité pour Lecteur Windows Media 9 (KB936782) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB928090) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB929969) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB931768) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB933566) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB937143) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838) Mise à jour de sécurité pour Windows XP (KB890046) Mise à jour de sécurité pour Windows XP (KB893756) Mise à jour de sécurité pour Windows XP (KB896358) Mise à jour de sécurité pour Windows XP (KB896423) Mise à jour de sécurité pour Windows XP (KB896424) Mise à jour de sécurité pour Windows XP (KB896428) Mise à jour de sécurité pour Windows XP (KB899587) Mise à jour de sécurité pour Windows XP (KB899591) Mise à jour de sécurité pour Windows XP (KB900725) Mise à jour de sécurité pour Windows XP (KB901017) Mise à jour de sécurité pour Windows XP (KB901190) Mise à jour de sécurité pour Windows XP (KB901214) Mise à jour de sécurité pour Windows XP (KB902400) Mise à jour de sécurité pour Windows XP (KB904706) Mise à jour de sécurité pour Windows XP (KB905414) Mise à jour de sécurité pour Windows XP (KB905749) Mise à jour de sécurité pour Windows XP (KB908519) Mise à jour de sécurité pour Windows XP (KB911562) Mise à jour de sécurité pour Windows XP (KB911567) Mise à jour de sécurité pour Windows XP (KB911927) Mise à jour de sécurité pour Windows XP (KB912919) Mise à jour de sécurité pour Windows XP (KB913433) Mise à jour de sécurité pour Windows XP (KB913580) Mise à jour de sécurité pour Windows XP (KB914388) Mise à jour de sécurité pour Windows XP (KB914389) Mise à jour de sécurité pour Windows XP (KB917344) Mise à jour de sécurité pour Windows XP (KB917422) Mise à jour de sécurité pour Windows XP (KB917953) Mise à jour de sécurité pour Windows XP (KB918118) Mise à jour de sécurité pour Windows XP (KB918439) Mise à jour de sécurité pour Windows XP (KB918899) Mise à jour de sécurité pour Windows XP (KB919007) Mise à jour de sécurité pour Windows XP (KB920213) Mise à jour de sécurité pour Windows XP (KB920214) Mise à jour de sécurité pour Windows XP (KB920670) Mise à jour de sécurité pour Windows XP (KB920683) Mise à jour de sécurité pour Windows XP (KB920685) Mise à jour de sécurité pour Windows XP (KB921398) Mise à jour de sécurité pour Windows XP (KB921503) Mise à jour de sécurité pour Windows XP (KB921883) Mise à jour de sécurité pour Windows XP (KB922616) Mise à jour de sécurité pour Windows XP (KB922819) Mise à jour de sécurité pour Windows XP (KB923191) Mise à jour de sécurité pour Windows XP (KB923414) Mise à jour de sécurité pour Windows XP (KB923689) Mise à jour de sécurité pour Windows XP (KB923694) Mise à jour de sécurité pour Windows XP (KB923980) Mise à jour de sécurité pour Windows XP (KB924191) Mise à jour de sécurité pour Windows XP (KB924270) Mise à jour de sécurité pour Windows XP (KB924496) Mise à jour de sécurité pour Windows XP (KB924667) Mise à jour de sécurité pour Windows XP (KB925454) Mise à jour de sécurité pour Windows XP (KB925486) Mise à jour de sécurité pour Windows XP (KB925902) Mise à jour de sécurité pour Windows XP (KB926255) Mise à jour de sécurité pour Windows XP (KB926436) Mise à jour de sécurité pour Windows XP (KB927779) Mise à jour de sécurité pour Windows XP (KB927802) Mise à jour de sécurité pour Windows XP (KB928255) Mise à jour de sécurité pour Windows XP (KB928843) Mise à jour de sécurité pour Windows XP (KB929123) Mise à jour de sécurité pour Windows XP (KB930178) Mise à jour de sécurité pour Windows XP (KB931261) Mise à jour de sécurité pour Windows XP (KB931784) Mise à jour de sécurité pour Windows XP (KB932168) Mise à jour de sécurité pour Windows XP (KB933729) Mise à jour de sécurité pour Windows XP (KB935839) Mise à jour de sécurité pour Windows XP (KB935840) Mise à jour de sécurité pour Windows XP (KB936021) Mise à jour de sécurité pour Windows XP (KB938464) Mise à jour de sécurité pour Windows XP (KB938829) Mise à jour de sécurité pour Windows XP (KB941202) Mise à jour de sécurité pour Windows XP (KB941568) Mise à jour de sécurité pour Windows XP (KB941569) Mise à jour de sécurité pour Windows XP (KB941644) Mise à jour de sécurité pour Windows XP (KB941693) Mise à jour de sécurité pour Windows XP (KB943055) Mise à jour de sécurité pour Windows XP (KB943460) Mise à jour de sécurité pour Windows XP (KB943485) Mise à jour de sécurité pour Windows XP (KB944653) Mise à jour de sécurité pour Windows XP (KB945553) Mise à jour de sécurité pour Windows XP (KB946026) Mise à jour de sécurité pour Windows XP (KB946648) Mise à jour de sécurité pour Windows XP (KB948590) Mise à jour de sécurité pour Windows XP (KB948881) Mise à jour de sécurité pour Windows XP (KB950749) Mise à jour de sécurité pour Windows XP (KB950760) Mise à jour de sécurité pour Windows XP (KB950762) Mise à jour de sécurité pour Windows XP (KB950974) Mise à jour de sécurité pour Windows XP (KB951066) Mise à jour de sécurité pour Windows XP (KB951376-v2) Mise à jour de sécurité pour Windows XP (KB951376) Mise à jour de sécurité pour Windows XP (KB951698) Mise à jour de sécurité pour Windows XP (KB951748) Mise à jour de sécurité pour Windows XP (KB952954) Mise à jour de sécurité pour Windows XP (KB953839) Mise à jour pour Windows XP (KB894391) Mise à jour pour Windows XP (KB898461) Mise à jour pour Windows XP (KB900485) Mise à jour pour Windows XP (KB904942) Mise à jour pour Windows XP (KB908531) Mise à jour pour Windows XP (KB910437) Mise à jour pour Windows XP (KB911280) Mise à jour pour Windows XP (KB916595) Mise à jour pour Windows XP (KB920872) Mise à jour pour Windows XP (KB922582) Mise à jour pour Windows XP (KB927891) Mise à jour pour Windows XP (KB930916) Mise à jour pour Windows XP (KB931836) Mise à jour pour Windows XP (KB932823-v3) Mise à jour pour Windows XP (KB933360) Mise à jour pour Windows XP (KB938828) Mise à jour pour Windows XP (KB942763) Mise à jour pour Windows XP (KB951072-v2) Mozilla Firefox (2.0.0.16) MSN MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) Multi Virus Cleaner 2008 Nokia Connectivity Cable Driver Nokia Connectivity Cable Driver Nokia PC Suite Nokia PC Suite NTI Backup NOW! 4 NTI Backup NOW! 4 NTI CD & DVD-Maker NTI CD & DVD-Maker NTI HomeVideo-Maker NVIDIA Drivers NvMixer OmniPage Pro 9.0 Panda ActiveScan 2.0 PowerDVD QuickTime RealPlayer Registry Mechanic 7.0 Scan Manager 5.2 ScanToWeb SecondLife (remove only) Security Update for CAPICOM (KB931906) Security Update for CAPICOM (KB931906) Spybot - Search & Destroy Spybot - Search & Destroy 1.4 Viewpoint Media Player WebFldrs XP Windows Desktop Search Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage Validation Tool (KB892130) Windows Genuine Advantage Validation Tool (KB892130) Windows Imaging Component Windows Installer 3.1 (KB893803) Windows Internet Explorer 7 Windows Live installer Windows Live Mail Windows Live Messenger Yahoo! Browser Services Yahoo! Mail Yahoo! Messenger Répertoire de C:\Program Files 23/06/2005 22:56 <REP> . 23/06/2005 22:56 <REP> .. 23/06/2005 23:11 <REP> acer 08/02/2008 21:54 <REP> AIM6 14/08/2006 11:30 <REP> Alwil Software 23/06/2005 23:12 <REP> AMD 06/07/2007 20:36 <REP> Apple Software Update 14/09/2008 07:08 <REP> Applications 23/10/2006 20:46 <REP> ArcSoft 02/01/2007 20:11 <REP> a-squared Anti-Malware 17/08/2008 09:55 <REP> Avira 26/08/2008 22:14 <REP> AxBx 16/09/2007 17:38 <REP> BitDefender 23/10/2006 20:47 <REP> Caere 23/10/2006 20:49 <REP> Canon 05/09/2008 17:22 <REP> CCleaner 11/09/2007 19:04 <REP> COD4 23/06/2005 23:00 <REP> ComPlus Applications 23/06/2005 23:11 <REP> CyberLink 26/02/2007 19:15 <REP> EPSON 26/02/2007 19:17 <REP> EPSON Print CD 23/06/2005 22:56 <REP> Fichiers communs 02/09/2007 07:16 <REP> F-Secure Internet Security 15/09/2008 15:47 <REP> GFI 19/08/2006 00:23 <REP> Google 12/05/2007 18:59 <REP> icq 12/05/2007 19:03 <REP> ICQ6 12/05/2007 19:11 <REP> ICQToolbar 23/06/2005 23:00 <REP> Internet Explorer 05/03/2008 21:09 <REP> iPod 05/03/2008 21:09 <REP> iTunes 17/10/2006 10:54 <REP> Java 30/08/2008 15:59 <REP> Malwarebytes' Anti-Malware 19/08/2006 12:39 <REP> McAfee 23/06/2005 22:59 <REP> Messenger 11/05/2007 03:09 <REP> Microsoft CAPICOM 2.1.0.2 23/06/2005 23:01 <REP> microsoft frontpage 28/01/2007 16:33 <REP> Microsoft Games 28/12/2006 10:50 <REP> Microsoft Office 05/04/2008 12:29 <REP> Microsoft SQL Server Compact Edition 23/06/2005 23:00 <REP> Movie Maker 14/08/2006 11:16 <REP> Mozilla Firefox 14/05/2007 20:30 <REP> MSBuild 23/06/2005 22:59 <REP> MSN 23/06/2005 22:59 <REP> MSN Gaming Zone 19/08/2006 20:58 <REP> MSN Messenger 01/01/2007 00:57 <REP> MSXML 4.0 14/05/2007 20:31 <REP> MSXML 6.0 23/06/2005 23:00 <REP> NetMeeting 23/06/2005 23:11 <REP> NewTech Infosystems 06/11/2006 00:07 <REP> Nokia 08/11/2006 02:27 <REP> NTVIDIA view 23/06/2005 23:06 <REP> NVIDIA Corporation 23/06/2005 22:59 <REP> Online Services 23/06/2005 23:00 <REP> Outlook Express 30/08/2008 17:43 <REP> Panda Security 19/08/2006 00:25 <REP> Picasa2 06/07/2007 20:35 <REP> quick time 06/07/2007 20:36 <REP> QuickTime 11/05/2007 13:38 <REP> Real 14/05/2007 20:27 <REP> Reference Assemblies 02/04/2008 23:32 <REP> Registry Mechanic 12/08/2008 19:44 <REP> SecondLife99 01/01/2007 00:55 <REP> secure 23/06/2005 23:00 <REP> Services en ligne 27/09/2008 21:02 <REP> Spybot - Search & Destroy 27/09/2008 21:07 <REP> TeaTimer (Spybot - Search & Destroy) 02/01/2007 20:12 <REP> ToniArts 08/02/2008 21:58 <REP> Viewpoint 19/08/2006 21:01 <REP> Windows Desktop Search 05/04/2008 12:24 <REP> Windows Live 23/06/2005 22:59 <REP> Windows Media Player 23/06/2005 22:59 <REP> Windows NT 01/01/2007 16:18 <REP> Winsos 23/06/2005 23:01 <REP> xerox 01/01/2007 00:43 <REP> Yahoo! 0 fichier(s) 0 octets 76 Rép(s) 50 259 099 648 octets libres Répertoire de C:\Program Files\fichiers communs 23/06/2005 22:56 <REP> . 23/06/2005 22:56 <REP> .. 23/06/2005 22:56 <REP> Microsoft Shared 23/06/2005 22:56 <REP> SpeechEngines 23/06/2005 22:56 <REP> ODBC 23/06/2005 23:00 <REP> System 23/06/2005 23:00 <REP> MSSoap 23/06/2005 23:00 <REP> Services 23/06/2005 23:06 <REP> InstallShield 23/06/2005 23:06 <REP> NVIDIA Shared 23/06/2005 23:11 <REP> NewTech Infosystems 23/06/2005 23:11 <REP> muvee Technologies 23/06/2005 23:13 <REP> Symantec Shared 23/06/2005 23:16 <REP> ArcSoft 17/10/2006 10:54 <REP> Java 23/10/2006 20:47 <REP> Caere 06/11/2006 00:08 <REP> Nokia 06/11/2006 00:08 <REP> PCSuite 28/12/2006 10:50 <REP> Designer 11/05/2007 13:38 <REP> Real 15/05/2007 01:19 <REP> Panda Software 17/09/2007 06:20 <REP> BitDefender 08/02/2008 21:57 <REP> AOL 21/04/2008 08:53 <REP> xing shared 0 fichier(s) 0 octets 24 Rép(s) 50 260 115 456 octets libres Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders 21/09/2005 15:54 <REP> . 21/09/2005 15:54 <REP> .. 07/03/2001 07:00 127 033 MSOWS40c.DLL 03/06/1999 12:09 122 937 MSOWS409.DLL 28/12/2006 18:11 <REP> 1036 28/12/2006 18:11 <REP> 1033 13/02/2001 08:23 58 784 MSOSV.DLL 06/08/2000 09:04 401 462 MSVCP60.DLL 22/01/2001 03:25 40 960 PKMTEMPL.DLL 29/01/2004 07:08 86 016 PKMWS.DLL 29/01/2004 07:38 634 880 PKMRES.DLL 29/01/2004 07:08 28 672 PKMSSTLB.DLL 29/01/2004 07:08 1 277 952 MSONSEXT.DLL 29/01/2004 07:08 69 632 PKMAXCTL.DLL 29/01/2004 07:08 868 352 PKMCDO.DLL 29/01/2004 07:08 53 248 PKMCORE.DLL 29/01/2004 07:08 102 400 PKMFORMS.DLL 29/01/2004 07:08 24 576 PKMTRACE.DLL 29/01/2004 07:08 237 568 PROMDEMO.DLL 29/01/2004 07:08 184 320 SECMGR.DLL 29/01/2004 07:08 315 392 VAIDDMGR.DLL 29/01/2004 07:08 32 768 VAIMEM.DLL 18 fichier(s) 4 666 952 octets 4 Rép(s) 50 260 115 456 octets libres c:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.6.1.9\iTunesSetupAdmin.exe c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_fr\6.1.31.1\AIMinst.exe c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_fr\6.1.31.1\AIMLang.exe c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_fr\6.1.31.1\aimlang_fr.exe c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_fr\6.1.31.1\alsetup.exe c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_fr\6.1.31.1\aoldlmgr.exe c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_fr\6.1.31.1\migrator.exe c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_fr\6.1.31.1\ocpinst.exe c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_fr\6.1.31.1\postproc.exe c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_fr\6.1.31.1\setup.exe c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_fr\6.1.31.1\tbsetup.exe c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_fr\6.1.31.1\unagi3.exe c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_fr\6.1.31.1\Vwpt.exe c:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe c:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\JFRZOA8X\iTunesSetupAdmin[1].exe c:\Documents and Settings\LocalService\Application Data\Adobe\Acrobat\7.0\Updater\AdbeRdr710_en_US.exe c:\Documents and Settings\usser\Mes documents\Google_Updater.exe c:\Documents and Settings\usser\Bureau\activescan2_fr.exe c:\Documents and Settings\usser\Bureau\antivir_workstation_winu_en_h.exe c:\Documents and Settings\usser\Bureau\HiJackThis.exe c:\Documents and Settings\usser\Bureau\jre-6u3-windows-i586-p-iftw.exe c:\Documents and Settings\usser\Bureau\languardnss8.exe c:\Documents and Settings\usser\Bureau\mbam-setup.exe c:\Documents and Settings\usser\Bureau\sdsetup.exe c:\Documents and Settings\usser\Bureau\spybotsd160.exe c:\Documents and Settings\usser\Bureau\DiagHelp\DiagHelp\catchme.exe c:\Documents and Settings\usser\Bureau\DiagHelp\DiagHelp\diff.exe c:\Documents and Settings\usser\Bureau\DiagHelp\DiagHelp\dumphive.exe c:\Documents and Settings\usser\Bureau\DiagHelp\DiagHelp\FilesInfoCmd.exe c:\Documents and Settings\usser\Bureau\DiagHelp\DiagHelp\find2.exe c:\Documents and Settings\usser\Bureau\DiagHelp\DiagHelp\Fport.exe c:\Documents and Settings\usser\Bureau\DiagHelp\DiagHelp\grep.exe c:\Documents and Settings\usser\Bureau\DiagHelp\DiagHelp\gzip.exe c:\Documents and Settings\usser\Bureau\DiagHelp\DiagHelp\KProcCheck.exe c:\Documents and Settings\usser\Bureau\DiagHelp\DiagHelp\LFiles.exe c:\Documents and Settings\usser\Bureau\DiagHelp\DiagHelp\LISTDLLS.exe c:\Documents and Settings\usser\Bureau\DiagHelp\DiagHelp\md5sums.exe c:\Documents and Settings\usser\Bureau\DiagHelp\DiagHelp\pslist.exe c:\Documents and Settings\usser\Bureau\DiagHelp\DiagHelp\sigcheck.exe c:\Documents and Settings\usser\Bureau\DiagHelp\DiagHelp\streams.exe c:\Documents and Settings\usser\Bureau\DiagHelp\DiagHelp\swreg.exe c:\Documents and Settings\usser\Bureau\DiagHelp\DiagHelp\tar.exe c:\Documents and Settings\usser\Application Data\Adobe\Acrobat\7.0\Updater\AdbeRdr709_en_US.exe c:\Documents and Settings\usser\Application Data\SecondLife\logs\SecondLife.exec_marker c:\Documents and Settings\usser\.housecall6.6\getMac.exe c:\Documents and Settings\usser\.housecall6.6\patch.exe c:\Documents and Settings\usser\.housecall6.6\tsc.exe c:\Documents and Settings\usser\.housecall6.6\TAV15.1\Setup\setup.exe c:\Documents and Settings\usser\.housecall6.6\TAV15.1\Setup\setup_w32.exe c:\Documents and Settings\usser\.housecall6.6\TAV15.1\Setup\Program Files\Trend Micro\32bit\RESNDMSG.exe c:\Documents and Settings\usser\.housecall6.6\TAV15.1\Setup\Program Files\Trend Micro\32bit\svc_au32.exe c:\Documents and Settings\usser\.housecall6.6\TAV15.1\Setup\Program Files\Trend Micro\32bit\TAVBrows.exe c:\Documents and Settings\usser\.housecall6.6\TAV15.1\Setup\Program Files\Trend Micro\32bit\TAVCtrl.exe c:\Documents and Settings\usser\.housecall6.6\TAV15.1\Setup\Program Files\Trend Micro\32bit\TavLog.exe c:\Documents and Settings\usser\.housecall6.6\TAV15.1\Setup\Program Files\Trend Micro\32bit\TAVScan.exe c:\Documents and Settings\usser\.housecall6.6\TAV15.1\Setup\Program Files\Trend Micro\32bit\tavsvc.exe c:\Documents and Settings\usser\.housecall6.6\TAV15.1\Setup\Program Files\Trend Micro\32bit\TAVTool.exe c:\Documents and Settings\usser\.housecall6.6\TAV15.1\Setup\Program Files\Trend Micro\32bit\tavui.exe c:\Documents and Settings\usser\.housecall6.6\TAV15.1\Setup\Program Files\Trend Micro\32bit\TavUpdUi.exe c:\Documents and Settings\usser\.housecall6.6\TAV15.1\Setup\Program Files\Trend Micro\32bit\TavWsc.exe c:\Documents and Settings\usser\.housecall6.6\TAV15.1\Setup\Program Files\Trend Micro\32bit\TRIALMSG.exe c:\Documents and Settings\usser\.housecall6.6\TAV15.1\Setup\Program Files\Trend Micro\32bit\components\Patch.exe c:\Documents and Settings\usser\.housecall6.6\TAV15.1\Setup\Program Files\Trend Micro\32bit\components\TmLspIns.exe c:\Documents and Settings\usser\.housecall6.6\TAV15.1\Setup\Program Files\Trend Micro\32bit\components\TmProxy.exe c:\Documents and Settings\usser\.housecall6.6\TAV15.1\Setup\Program Files\Trend Micro\32bit\components\TSC.EXE c:\Documents and Settings\usser\.housecall6.6\TAV15.1\Setup\Program Files\Trend Micro\32bit\components\vsapiins.exe c:\Documents and Settings\usser\.housecall6.6\TAV15.1\Tools\ncfg.exe c:\Documents and Settings\usser\.housecall6.6\TAV15.1\Tools\TAVTool.exe c:\Documents and Settings\poitiers\Bureau\AdbeRdr90_fr_FR.exe c:\Documents and Settings\poitiers\Bureau\sdsetup.exe c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_fr\6.1.31.1\AOLFirewallMgr.dll c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_fr\6.1.31.1\gui.dll c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_fr\6.1.31.1\imappver.dll c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_fr\6.1.31.1\instSup.dll c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_fr\6.1.31.1\ocpchk.dll c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_fr\6.1.31.1\ProgUpd.dll c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_fr\6.1.31.1\tbinst.dll c:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aebb.dll c:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aecore.dll c:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aeemu.dll c:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aegen.dll c:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aehelp.dll c:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aeheur.dll c:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aeoffice.dll c:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aepack.dll c:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aerdl.dll c:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aescn.dll c:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aescript.dll c:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aevdf.dll c:\Documents and Settings\usser\Local Settings\Application Data\Trend Micro\HCMS\dll\TmHCMSMgr.dll c:\Documents and Settings\usser\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll c:\Documents and Settings\usser\Application Data\Mozilla\Firefox\Profiles\v1lj2bi8.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll c:\Documents and Settings\usser\Application Data\Mozilla\Firefox\Profiles\v1lj2bi8.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll c:\Documents and Settings\usser\Application Data\Mozilla\Firefox\Profiles\v1lj2bi8.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\metrics-ff2.dll c:\Documents and Settings\usser\Application Data\Mozilla\Firefox\Profiles\v1lj2bi8.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\metrics-ff3.dll c:\Documents and Settings\usser\Application Data\Mozilla\Firefox\Profiles\v1lj2bi8.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll c:\Documents and Settings\usser\Application Data\Mozilla\Firefox\Profiles\v1lj2bi8.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metricsloader.dll ****** Fin du rapport DiagHelp
- le 28 septembre 2008
- 7 réponses
analyse de rapport hijackthis suite a trojans et ralentissements MERCI

kristin a posté un sujet dans Analyses et éradication malwares

Bonjour, Merci de bien vouloir analyser les rapports ci-dessous que j’ai effectués suite à l’apparition sur « antivir » de trojans comme TR/dropper.gen ou TR/Unpacked.gen qui étaient détectés lorsque je lançais une analyse de PC Tools que j ai depuis désinstallé. Auparavant j ai eu aussi TR/Zlob.2.Gen316 et Tr/Fraudpack.LK qui étaient dans Systeme Volume Information /_restore. A noter que depuis j ai désactivé la restauration du système. Je précise enfin que je n’utilise Bitdefender que comme parefeu, même si j ai lancé son analyse antivirus cette fois ci A noter qu’auparavant mon rapport antivir était « propre » et que maintenant j ai une annonce de 40 objets cachés. Avant de lancer ces rapports, j’avais également réinstallé Bitdefender Pouvez vous me dire s’il y a lieu de faire quelque chose, soit pour les trojans (que j’ai mis en quarantaine), soit pour les objets cachés. MERCI Christine Rapport Hijackthis : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:51:45, on 27/09/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\Explorer.EXE C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe C:\Program Files\Acer\eRecovery\Monitor.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Acer\Acer eMode Management\AspireService.exe C:\Program Files\Acer\Acer eConsole\MediaSync.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\acer\Acer eConsole\MediaServerService.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\FICHIE~1\PCSuite\Services\SERVIC~1.EXE C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\SecondLife99\SecondLife.exe C:\Program Files\SecondLife99\SLVoice.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\WINDOWS\system32\DllHost.exe C:\Program Files\BitDefender\BitDefender 2008\seccenter.exe C:\WINDOWS\system32\notepad.exe C:\Documents and Settings\usser\Bureau\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" O4 - HKLM\..\Run: [eRecoveryService] C:\Program Files\Acer\eRecovery\Monitor.exe O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [AspireService] C:\Program Files\Acer\Acer eMode Management\AspireService.exe O4 - HKLM\..\Run: [MediaSync] C:\Program Files\Acer\Acer eConsole\MediaSync.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [bitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: LNSS Status Monitor.lnk = C:\Program Files\GFI\LANguard Network Security Scanner 8.0\statusmonitor.exe O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing) O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...029/mcfscan.cab O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\acer\Acer eConsole\MediaServerService.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe -- End of file - 9960 bytes Rapport MBAM Malwarebytes' Anti-Malware 1.28 Version de la base de données: 1210 Windows 5.1.2600 Service Pack 2 27/09/2008 20:31:54 mbam-log-2008-09-27 (20-31-54).txt Type de recherche: Examen complet (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|) Eléments examinés: 142005 Temps écoulé: 34 minute(s), 23 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté) rapport antivir Avira AntiVir Personal Report file date: samedi 27 septembre 2008 18:47 Scanning for 1645581 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Boot mode: Normally booted Username: SYSTEM Version information: BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00 AVSCAN.EXE : 8.1.4.7 315649 Bytes 01/09/2008 01:32:20 AVSCAN.DLL : 8.1.4.0 40705 Bytes 01/09/2008 01:32:20 LUKE.DLL : 8.1.4.5 164097 Bytes 01/09/2008 01:32:20 LUKERES.DLL : 8.1.4.0 12033 Bytes 01/09/2008 01:32:20 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 16:33:34 ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:56:34 ANTIVIR2.VDF : 7.0.6.217 3773440 Bytes 26/09/2008 19:48:42 ANTIVIR3.VDF : 7.0.6.218 2048 Bytes 26/09/2008 19:48:42 Engineversion : 8.1.1.35 AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 15:58:22 AESCRIPT.DLL : 8.1.0.76 319867 Bytes 22/09/2008 20:13:18 AESCN.DLL : 8.1.0.23 119156 Bytes 17/08/2008 13:56:44 AERDL.DLL : 8.1.1.2 438644 Bytes 22/09/2008 20:13:18 AEPACK.DLL : 8.1.2.3 364918 Bytes 24/09/2008 18:53:56 AEOFFICE.DLL : 8.1.0.25 196986 Bytes 22/09/2008 20:13:18 AEHEUR.DLL : 8.1.0.59 1438071 Bytes 22/09/2008 20:13:16 AEHELP.DLL : 8.1.0.15 115063 Bytes 17/08/2008 13:56:40 AEGEN.DLL : 8.1.0.36 315764 Bytes 20/08/2008 01:31:40 AEEMU.DLL : 8.1.0.7 430452 Bytes 17/08/2008 13:56:40 AECORE.DLL : 8.1.1.11 172406 Bytes 05/09/2008 18:25:26 AEBB.DLL : 8.1.0.1 53617 Bytes 17/08/2008 13:56:38 AVWINLL.DLL : 1.0.0.12 15105 Bytes 01/09/2008 01:32:20 AVPREF.DLL : 8.0.2.0 38657 Bytes 01/09/2008 01:32:20 AVREP.DLL : 8.0.0.2 98344 Bytes 17/08/2008 13:56:38 AVREG.DLL : 8.0.0.1 33537 Bytes 01/09/2008 01:32:20 AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 14:29:24 AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 01/09/2008 01:32:20 SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 23:28:04 SMTPLIB.DLL : 1.2.0.23 28929 Bytes 01/09/2008 01:32:20 NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 18:05:12 RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 01/09/2008 01:32:18 RCTEXT.DLL : 8.0.52.0 86273 Bytes 01/09/2008 01:32:18 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, D:, Process scan.....................: on Scan registry....................: on Search for rootkits..............: on Scan all files...................: All files Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox, Macro heuristic..................: on File heuristic...................: medium Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR, Start of the scan: samedi 27 septembre 2008 18:47 Starting search for hidden objects. HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Bdfndisf\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123 [iNFO] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Bdfndisf\parameters [iNFO] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Bdfndisf\security [iNFO] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Bdfndisf\Parameters\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123 [iNFO] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Bdfndisf\Parameters\adapters [iNFO] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet001\Services\bdfsfltr\Instances\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123 [iNFO] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet001\Services\bdfsfltr\Instances\bdfsfltr instance [iNFO] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet001\Services\bdftdif\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123 [iNFO] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet001\Services\bdftdif\security [iNFO] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BDSelfPr\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123 [iNFO] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BDSelfPr\security [iNFO] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LIVESRV\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123 [iNFO] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LIVESRV\security [iNFO] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet001\Services\scan\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123 [iNFO] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet001\Services\scan\parameters [iNFO] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet001\Services\scan\security [iNFO] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VSSERV\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123 [iNFO] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VSSERV\security [iNFO] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet001\Services\XCOMM\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123 [iNFO] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet001\Services\XCOMM\security [iNFO] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Bdfndisf\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123 [iNFO] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Bdfndisf\parameters [iNFO] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Bdfndisf\security [iNFO] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Bdfndisf\Parameters\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123 [iNFO] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Bdfndisf\Parameters\adapters [iNFO] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet001\Services\bdfsfltr\Instances\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123 [iNFO] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet001\Services\bdfsfltr\Instances\bdfsfltr instance [iNFO] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet001\Services\bdftdif\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123 [iNFO] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet001\Services\bdftdif\security [iNFO] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BDSelfPr\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123 [iNFO] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BDSelfPr\security [iNFO] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LIVESRV\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123 [iNFO] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LIVESRV\security [iNFO] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet001\Services\scan\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123 [iNFO] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet001\Services\scan\parameters [iNFO] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet001\Services\scan\security [iNFO] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VSSERV\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123 [iNFO] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VSSERV\security [iNFO] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet001\Services\XCOMM\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123 [iNFO] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet001\Services\XCOMM\security [iNFO] The registry entry is invisible. '72594' objects were checked, '40' hidden objects were found. The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'seccenter.exe' - '1' Module(s) have been scanned Scan process 'DllHost.exe' - '1' Module(s) have been scanned Scan process 'mbam.exe' - '1' Module(s) have been scanned Scan process 'SLVoice.exe' - '1' Module(s) have been scanned Scan process 'SecondLife.exe' - '1' Module(s) have been scanned Scan process 'ALG.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '0' Module(s) have been scanned Scan process 'WSCNTFY.EXE' - '1' Module(s) have been scanned Scan process 'Ymsgr_tray.exe' - '1' Module(s) have been scanned Scan process 'VSSERV.EXE' - '0' Module(s) have been scanned Scan process 'LIVESRV.EXE' - '0' Module(s) have been scanned Scan process 'XCOMMSVR.EXE' - '0' Module(s) have been scanned Scan process 'SERVIC~1.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'NVSVC32.EXE' - '1' Module(s) have been scanned Scan process 'AVGUARD.EXE' - '1' Module(s) have been scanned Scan process 'MediaServerService.exe' - '1' Module(s) have been scanned Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned Scan process 'bdagent.exe' - '1' Module(s) have been scanned Scan process 'realsched.exe' - '1' Module(s) have been scanned Scan process 'AVGNT.EXE' - '1' Module(s) have been scanned Scan process 'E_S4I0F2.EXE' - '1' Module(s) have been scanned Scan process 'TrayApplication.exe' - '1' Module(s) have been scanned Scan process 'DataLayer.exe' - '1' Module(s) have been scanned Scan process 'JUSCHED.EXE' - '1' Module(s) have been scanned Scan process 'RUNDLL32.EXE' - '1' Module(s) have been scanned Scan process 'MediaSync.exe' - '1' Module(s) have been scanned Scan process 'AspireService.exe' - '1' Module(s) have been scanned Scan process 'PDVDServ.exe' - '1' Module(s) have been scanned Scan process 'Monitor.exe' - '1' Module(s) have been scanned Scan process 'NvMixerTray.exe' - '1' Module(s) have been scanned Scan process 'EXPLORER.EXE' - '1' Module(s) have been scanned Scan process 'SCHED.EXE' - '1' Module(s) have been scanned Scan process 'SPOOLSV.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'LSASS.EXE' - '1' Module(s) have been scanned Scan process 'SERVICES.EXE' - '1' Module(s) have been scanned Scan process 'WINLOGON.EXE' - '1' Module(s) have been scanned Scan process 'CSRSS.EXE' - '1' Module(s) have been scanned Scan process 'SMSS.EXE' - '1' Module(s) have been scanned 42 processes with 42 modules were scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Master boot sector HD1 [iNFO] No virus was found! [WARNING] System error [21]: Le périphérique n'est pas prêt. Master boot sector HD2 [iNFO] No virus was found! [WARNING] System error [21]: Le périphérique n'est pas prêt. Master boot sector HD3 [iNFO] No virus was found! [WARNING] System error [21]: Le périphérique n'est pas prêt. Master boot sector HD4 [iNFO] No virus was found! [WARNING] System error [21]: Le périphérique n'est pas prêt. Master boot sector HD5 [iNFO] No virus was found! [WARNING] System error [21]: Le périphérique n'est pas prêt. Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Boot sector 'D:\' [iNFO] No virus was found! Starting to scan the registry. The registry was scanned ( '69' files ). Starting the file scan: Begin scan in 'C:\' <ACER> C:\hiberfil.sys [WARNING] The file could not be opened! C:\pagefile.sys [WARNING] The file could not be opened! Begin scan in 'D:\' <ACERDATA> End of the scan: samedi 27 septembre 2008 19:23 Used time: 36:32 Minute(s) The scan has been done completely. 7093 Scanning directories 259552 Files were scanned 0 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 0 files were moved to quarantine 0 files were renamed 2 Files cannot be scanned 259550 Files not concerned 6743 Archives were scanned 7 Warnings 0 Notes 72594 Objects were scanned with rootkit scan 40 Hidden objects were found rapport Bitdefender Fichier journal de BitDefender Produit : BitDefender Total Security 2008 Version : BitDefender UIScanner V.11 Date du journal : 16:19:55 27/09/2008 Chemin du journal : C:\Documents and Settings\All Users\Application Data\BitDefender\Desktop\Profiles\Logs\deep_scan\1222546795_1_00.xml Analyse des chemins : Chemin0000: C:\ Chemin0001: D:\ Options d’analyse : Analyse contre les virus : Oui Détecter les adwares : Oui Analyse contre les spywares : Oui Analyse des applications : Oui Détecter les numéroteurs : Oui Analyse contre les Rootkits : Oui Options de sélection de cible : Analyse les clés du registre : Oui Analyse des cookies : Oui Analyser le secteur de boot : Oui Analyse des processus mémoire : Oui Analyser les archives : Oui Analyser les fichiers enpaquetés : Oui Analyser les emails : Oui Analyser tous les fichiers : Oui Analyse heuristique : Oui Extensions analysées : Extensions exclues : Traitement cible Action par défaut pour les objets infectés : Désinfecter Action par défaut pour les objets suspects : Aucun Action par défaut pour les objets camouflés : Aucun Résumé de l'analyse Nombre de signatures de virus : 1818975 Plugins archives : 43 Plug-ins messagerie : 6 Plugins d'analyse : 12 Plugins archives : 43 Plug-ins système : 5 Plug-ins décompression : 7 Résumé de l'analyse générale Eléments analysés : 233907 Eléments infectés : 0 Eléments suspects : 0 Eléments résolus : 0 Virus individuels trouvés : 0 Répertoires analysés : 7092 Secteur de boot analysés : 8 Archives analysés : 7424 Erreurs I/O : 29 Temps d'analyse : 00:00:54:51 Fichiers par seconde : 70 Résumé des processus analysés Analysé(s) : 46 Infecté(s) : 0 Résumé des clés de registre analysées Analysé(s) : 306 Infecté(s) : 0 Résumé des cookies analysés Analysé(s) : 1 Infecté(s) : 0 Problèmes non résolus : Nom de l'objet Nom de la menace Etat final Problèmes résolus Nom de l'objet Nom de la menace Etat final Objets non scannés : Nom de l'objet Raison Etat final
- le 28 septembre 2008
- 7 réponses
trojan TR/Dropper.Gen trouvé par antivir

kristin a répondu à un(e) sujet de kristin dans Analyses et éradication malwares

merci beaucoup Chrifleur je vais effectuer tout ce que tu m as dit je ne suis pas très douée en informatique, mais je pense y arriver merci pour tout bises christine !!
- le 5 septembre 2008
- 4 réponses
trojan TR/Dropper.Gen trouvé par antivir

kristin a répondu à un(e) sujet de kristin dans Analyses et éradication malwares

Bonjour et merci Chrisfleur j ai relancé les deux scan antivir ( qu est ce que cela veut dire que les fichiers pagefile et hiberfil signalés à la fin du rapport n ont pas pu etre ouverts???) et hijackthis et fait un scan MBAM, je les poste ci-dessous merci de ton avis bises Christine MBAM Malwarebytes' Anti-Malware 1.25 Database version: 1103 Windows 5.1.2600 Service Pack 2 15:41:16 04/09/2008 mbam-log-09-04-2008 (15-41-16).txt Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|) Objects scanned: 130383 Time elapsed: 26 minute(s), 19 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) ANTIVIR Avira AntiVir Personal Report file date: jeudi 4 septembre 2008 15:42 Scanning for 1594576 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Boot mode: Normally booted Version information: BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00 AVSCAN.EXE : 8.1.4.7 315649 Bytes 01/09/2008 01:32:20 AVSCAN.DLL : 8.1.4.0 40705 Bytes 01/09/2008 01:32:20 LUKE.DLL : 8.1.4.5 164097 Bytes 01/09/2008 01:32:20 LUKERES.DLL : 8.1.4.0 12033 Bytes 01/09/2008 01:32:20 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 16:33:34 ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:56:34 ANTIVIR2.VDF : 7.0.6.94 2998784 Bytes 31/08/2008 01:32:20 ANTIVIR3.VDF : 7.0.6.106 129024 Bytes 02/09/2008 06:45:52 Engineversion : 8.1.1.23 AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 15:58:22 AESCRIPT.DLL : 8.1.0.68 315770 Bytes 20/08/2008 01:31:50 AESCN.DLL : 8.1.0.23 119156 Bytes 17/08/2008 13:56:44 AERDL.DLL : 8.1.0.20 418165 Bytes 17/08/2008 13:56:44 AEPACK.DLL : 8.1.2.1 364917 Bytes 17/08/2008 13:56:42 AEOFFICE.DLL : 8.1.0.22 192890 Bytes 20/08/2008 01:31:48 AEHEUR.DLL : 8.1.0.50 1388918 Bytes 20/08/2008 01:31:42 AEHELP.DLL : 8.1.0.15 115063 Bytes 17/08/2008 13:56:40 AEGEN.DLL : 8.1.0.36 315764 Bytes 20/08/2008 01:31:40 AEEMU.DLL : 8.1.0.7 430452 Bytes 17/08/2008 13:56:40 AECORE.DLL : 8.1.1.8 172406 Bytes 17/08/2008 13:56:38 AEBB.DLL : 8.1.0.1 53617 Bytes 17/08/2008 13:56:38 AVWINLL.DLL : 1.0.0.12 15105 Bytes 01/09/2008 01:32:20 AVPREF.DLL : 8.0.2.0 38657 Bytes 01/09/2008 01:32:20 AVREP.DLL : 8.0.0.2 98344 Bytes 17/08/2008 13:56:38 AVREG.DLL : 8.0.0.1 33537 Bytes 01/09/2008 01:32:20 AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 14:29:24 AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 01/09/2008 01:32:20 SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 23:28:04 SMTPLIB.DLL : 1.2.0.23 28929 Bytes 01/09/2008 01:32:20 NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 18:05:12 RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 01/09/2008 01:32:18 RCTEXT.DLL : 8.0.52.0 86273 Bytes 01/09/2008 01:32:18 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, D:, Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: All files Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox, Macro heuristic..................: on File heuristic...................: medium Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR, Start of the scan: jeudi 4 septembre 2008 15:42 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'NOTEPAD.EXE' - '1' Module(s) have been scanned Scan process 'realsched.exe' - '1' Module(s) have been scanned Scan process 'iPodService.exe' - '1' Module(s) have been scanned Scan process 'SERVIC~1.EXE' - '1' Module(s) have been scanned Scan process 'msmsgs.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'pctsTray.exe' - '1' Module(s) have been scanned Scan process 'bdagent.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'E_S4I0F2.EXE' - '1' Module(s) have been scanned Scan process 'TRAYAP~1.EXE' - '1' Module(s) have been scanned Scan process 'DATALA~1.EXE' - '1' Module(s) have been scanned Scan process 'RUNDLL32.EXE' - '1' Module(s) have been scanned Scan process 'MediaSync.exe' - '1' Module(s) have been scanned Scan process 'AspireService.exe' - '1' Module(s) have been scanned Scan process 'PDVDServ.exe' - '1' Module(s) have been scanned Scan process 'NvMixerTray.exe' - '1' Module(s) have been scanned Scan process 'EXPLORER.EXE' - '1' Module(s) have been scanned Scan process 'WINLOGON.EXE' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'ALG.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '0' Module(s) have been scanned Scan process 'vsserv.exe' - '0' Module(s) have been scanned Scan process 'livesrv.exe' - '0' Module(s) have been scanned Scan process 'xcommsvr.exe' - '0' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'pctsSvc.exe' - '1' Module(s) have been scanned Scan process 'pctsAuxs.exe' - '1' Module(s) have been scanned Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned Scan process 'SERVIC~1.EXE' - '1' Module(s) have been scanned Scan process 'AVGUARD.EXE' - '1' Module(s) have been scanned Scan process 'bdagent.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'E_S4I0F2.EXE' - '1' Module(s) have been scanned Scan process 'TRAYAP~1.EXE' - '1' Module(s) have been scanned Scan process 'DATALA~1.EXE' - '1' Module(s) have been scanned Scan process 'jusched.exe' - '1' Module(s) have been scanned Scan process 'RUNDLL32.EXE' - '1' Module(s) have been scanned Scan process 'MediaSync.exe' - '1' Module(s) have been scanned Scan process 'AspireService.exe' - '1' Module(s) have been scanned Scan process 'PDVDServ.exe' - '1' Module(s) have been scanned Scan process 'Monitor.exe' - '1' Module(s) have been scanned Scan process 'NvMixerTray.exe' - '1' Module(s) have been scanned Scan process 'MediaServerService.exe' - '1' Module(s) have been scanned Scan process 'EXPLORER.EXE' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'LSASS.EXE' - '1' Module(s) have been scanned Scan process 'SERVICES.EXE' - '1' Module(s) have been scanned Scan process 'WINLOGON.EXE' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'SMSS.EXE' - '1' Module(s) have been scanned 55 processes with 55 modules were scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Master boot sector HD1 [iNFO] No virus was found! [WARNING] System error [21]: Le périphérique n'est pas prêt. Master boot sector HD2 [iNFO] No virus was found! [WARNING] System error [21]: Le périphérique n'est pas prêt. Master boot sector HD3 [iNFO] No virus was found! [WARNING] System error [21]: Le périphérique n'est pas prêt. Master boot sector HD4 [iNFO] No virus was found! [WARNING] System error [21]: Le périphérique n'est pas prêt. Master boot sector HD5 [iNFO] No virus was found! [WARNING] System error [21]: Le périphérique n'est pas prêt. Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Boot sector 'D:\' [iNFO] No virus was found! Starting to scan the registry. The registry was scanned ( '67' files ). Starting the file scan: Begin scan in 'C:\' <ACER> C:\hiberfil.sys [WARNING] The file could not be opened! C:\pagefile.sys [WARNING] The file could not be opened! Begin scan in 'D:\' <ACERDATA> End of the scan: jeudi 4 septembre 2008 16:10 Used time: 28:13 Minute(s) The scan has been done completely. 7836 Scanning directories 247178 Files were scanned 0 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 0 files were moved to quarantine 0 files were renamed 2 Files cannot be scanned 247176 Files not concerned 6771 Archives were scanned 7 Warnings 0 Notes HIJACKTHIS Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:51:21, on 04/09/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 Boot mode: Normal Running processes: C:\WINDOWS\Explorer.EXE C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Acer\Acer eMode Management\AspireService.exe C:\Program Files\Acer\Acer eConsole\MediaSync.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\PROGRA~1\FICHIE~1\PCSuite\Services\SERVIC~1.EXE C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\notepad.exe C:\Documents and Settings\usser\Bureau\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://global.acer.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" O4 - HKLM\..\Run: [eRecoveryService] C:\Program Files\Acer\eRecovery\Monitor.exe O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [AspireService] C:\Program Files\Acer\Acer eMode Management\AspireService.exe O4 - HKLM\..\Run: [MediaSync] C:\Program Files\Acer\Acer eConsole\MediaSync.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing) O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...029/mcfscan.cab O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\acer\Acer eConsole\MediaServerService.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe -- End of file - 8161 bytes
- le 4 septembre 2008
- 4 réponses
trojan TR/Dropper.Gen trouvé par antivir

kristin a posté un sujet dans Analyses et éradication malwares

bonjour, mon antivirus antivir me signale la présence de TR/Dropper.gen que j ai mis en quarantaine. Apparement, il est même signalé deux fois...cela proviendrait de spyware doctor je vous poste mes derniers rapports de scan antivir et hijackthis pouvez vous me dire si l infection est réelle ou pas? et si désormais tout va bien apparemment j ai en quarantaine également TR/unpacked.gen et TR/CryptXPAXK.Gen ces deux là venant d'avast que j ai depuis désinstallé Pour info bitdefender anti virus est désactivé, je n ai laissé que le pare feu, ayant déjà antivir MERCI d avance christine antivir: Avira AntiVir Personal Report file date: mercredi 3 septembre 2008 02:47 Scanning for 1594576 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Boot mode: Normally booted Version information: BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00 AVSCAN.EXE : 8.1.4.7 315649 Bytes 01/09/2008 01:32:20 AVSCAN.DLL : 8.1.4.0 40705 Bytes 01/09/2008 01:32:20 LUKE.DLL : 8.1.4.5 164097 Bytes 01/09/2008 01:32:20 LUKERES.DLL : 8.1.4.0 12033 Bytes 01/09/2008 01:32:20 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 16:33:34 ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:56:34 ANTIVIR2.VDF : 7.0.6.94 2998784 Bytes 31/08/2008 01:32:20 ANTIVIR3.VDF : 7.0.6.106 129024 Bytes 02/09/2008 06:45:52 Engineversion : 8.1.1.23 AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 15:58:22 AESCRIPT.DLL : 8.1.0.68 315770 Bytes 20/08/2008 01:31:50 AESCN.DLL : 8.1.0.23 119156 Bytes 17/08/2008 13:56:44 AERDL.DLL : 8.1.0.20 418165 Bytes 17/08/2008 13:56:44 AEPACK.DLL : 8.1.2.1 364917 Bytes 17/08/2008 13:56:42 AEOFFICE.DLL : 8.1.0.22 192890 Bytes 20/08/2008 01:31:48 AEHEUR.DLL : 8.1.0.50 1388918 Bytes 20/08/2008 01:31:42 AEHELP.DLL : 8.1.0.15 115063 Bytes 17/08/2008 13:56:40 AEGEN.DLL : 8.1.0.36 315764 Bytes 20/08/2008 01:31:40 AEEMU.DLL : 8.1.0.7 430452 Bytes 17/08/2008 13:56:40 AECORE.DLL : 8.1.1.8 172406 Bytes 17/08/2008 13:56:38 AEBB.DLL : 8.1.0.1 53617 Bytes 17/08/2008 13:56:38 AVWINLL.DLL : 1.0.0.12 15105 Bytes 01/09/2008 01:32:20 AVPREF.DLL : 8.0.2.0 38657 Bytes 01/09/2008 01:32:20 AVREP.DLL : 8.0.0.2 98344 Bytes 17/08/2008 13:56:38 AVREG.DLL : 8.0.0.1 33537 Bytes 01/09/2008 01:32:20 AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 14:29:24 AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 01/09/2008 01:32:20 SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 23:28:04 SMTPLIB.DLL : 1.2.0.23 28929 Bytes 01/09/2008 01:32:20 NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 18:05:12 RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 01/09/2008 01:32:18 RCTEXT.DLL : 8.0.52.0 86273 Bytes 01/09/2008 01:32:18 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: C:\Program Files\Avira\AntiVir PersonalEdition Classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, D:, Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: All files Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox, Macro heuristic..................: on File heuristic...................: medium Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR, Start of the scan: mercredi 3 septembre 2008 02:47 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'wuauclt.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'realsched.exe' - '1' Module(s) have been scanned Scan process 'FIREFOX.EXE' - '1' Module(s) have been scanned Scan process 'iPodService.exe' - '1' Module(s) have been scanned Scan process 'SERVIC~1.EXE' - '1' Module(s) have been scanned Scan process 'msmsgs.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'pctsTray.exe' - '1' Module(s) have been scanned Scan process 'bdagent.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'E_S4I0F2.EXE' - '1' Module(s) have been scanned Scan process 'TRAYAP~1.EXE' - '1' Module(s) have been scanned Scan process 'DATALA~1.EXE' - '1' Module(s) have been scanned Scan process 'RUNDLL32.EXE' - '1' Module(s) have been scanned Scan process 'MediaSync.exe' - '1' Module(s) have been scanned Scan process 'AspireService.exe' - '1' Module(s) have been scanned Scan process 'PDVDServ.exe' - '1' Module(s) have been scanned Scan process 'NvMixerTray.exe' - '1' Module(s) have been scanned Scan process 'EXPLORER.EXE' - '1' Module(s) have been scanned Scan process 'WINLOGON.EXE' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'ALG.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '0' Module(s) have been scanned Scan process 'vsserv.exe' - '0' Module(s) have been scanned Scan process 'livesrv.exe' - '0' Module(s) have been scanned Scan process 'xcommsvr.exe' - '0' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'pctsSvc.exe' - '1' Module(s) have been scanned Scan process 'pctsAuxs.exe' - '1' Module(s) have been scanned Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned Scan process 'SERVIC~1.EXE' - '1' Module(s) have been scanned Scan process 'AVGUARD.EXE' - '1' Module(s) have been scanned Scan process 'bdagent.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'E_S4I0F2.EXE' - '1' Module(s) have been scanned Scan process 'TRAYAP~1.EXE' - '1' Module(s) have been scanned Scan process 'DATALA~1.EXE' - '1' Module(s) have been scanned Scan process 'jusched.exe' - '1' Module(s) have been scanned Scan process 'RUNDLL32.EXE' - '1' Module(s) have been scanned Scan process 'MediaSync.exe' - '1' Module(s) have been scanned Scan process 'AspireService.exe' - '1' Module(s) have been scanned Scan process 'PDVDServ.exe' - '1' Module(s) have been scanned Scan process 'Monitor.exe' - '1' Module(s) have been scanned Scan process 'NvMixerTray.exe' - '1' Module(s) have been scanned Scan process 'MediaServerService.exe' - '1' Module(s) have been scanned Scan process 'EXPLORER.EXE' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'LSASS.EXE' - '1' Module(s) have been scanned Scan process 'SERVICES.EXE' - '1' Module(s) have been scanned Scan process 'WINLOGON.EXE' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'SMSS.EXE' - '1' Module(s) have been scanned 56 processes with 56 modules were scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Master boot sector HD1 [iNFO] No virus was found! [WARNING] System error [21]: Le périphérique n'est pas prêt. Master boot sector HD2 [iNFO] No virus was found! [WARNING] System error [21]: Le périphérique n'est pas prêt. Master boot sector HD3 [iNFO] No virus was found! [WARNING] System error [21]: Le périphérique n'est pas prêt. Master boot sector HD4 [iNFO] No virus was found! [WARNING] System error [21]: Le périphérique n'est pas prêt. Master boot sector HD5 [iNFO] No virus was found! [WARNING] System error [21]: Le périphérique n'est pas prêt. Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Boot sector 'D:\' [iNFO] No virus was found! Starting to scan the registry. The registry was scanned ( '67' files ). Starting the file scan: Begin scan in 'C:\' <ACER> C:\hiberfil.sys [WARNING] The file could not be opened! C:\pagefile.sys [WARNING] The file could not be opened! Begin scan in 'D:\' <ACERDATA> End of the scan: mercredi 3 septembre 2008 03:18 Used time: 31:06 Minute(s) The scan has been done completely. 7828 Scanning directories 244987 Files were scanned 0 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 0 files were moved to quarantine 0 files were renamed 2 Files cannot be scanned 244985 Files not concerned 6764 Archives were scanned 7 Warnings 0 Notes rapport hijackthis : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:48:20, on 03/09/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\Explorer.EXE C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Acer\Acer eMode Management\AspireService.exe C:\Program Files\Acer\Acer eConsole\MediaSync.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\PROGRA~1\FICHIE~1\PCSuite\Services\SERVIC~1.EXE C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\SecondLife99\SecondLife.exe C:\Documents and Settings\usser\Bureau\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://global.acer.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" O4 - HKLM\..\Run: [eRecoveryService] C:\Program Files\Acer\eRecovery\Monitor.exe O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [AspireService] C:\Program Files\Acer\Acer eMode Management\AspireService.exe O4 - HKLM\..\Run: [MediaSync] C:\Program Files\Acer\Acer eConsole\MediaSync.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing) O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...029/mcfscan.cab O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\acer\Acer eConsole\MediaServerService.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe -- End of file - 8175 bytes
- le 4 septembre 2008
- 4 réponses
pouvez vous analyser ce rapport , merci

kristin a répondu à un(e) sujet de kristin dans Analyses et éradication malwares

bonsoir et merci de votre réponse a priori désormais tout va bien, il y avait juste ce "unpacked.gen" qui apparaissait 4 ou 5 fois lors des scan d avast je ne peux plus egalement restaurer mon ordi a des dates anterieures..y a t il un moyen de detruire les fichiers liés a ces restaurations desormais impossibles? comment faire le nettoyage dont vous parlez suite a hijackthis? enfin bitdefender en pare feu ( antivirus désactivé) + antivir : est ce suffisant pour une protection temps reel?? merci kisses christine
- le 31 août 2008
- 14 réponses
pouvez vous analyser ce rapport , merci

kristin a répondu à un(e) sujet de kristin dans Analyses et éradication malwares

.
- le 31 août 2008
- 14 réponses
pouvez vous analyser ce rapport , merci

kristin a répondu à un(e) sujet de kristin dans Analyses et éradication malwares

Bonjour, Suite à quelques alertes de mon (mes) anti virus : antivir, avast qui m'ont trouvé des trojan "unpacked.gen et TRCryptXPACKgen" et après aide ici de Wullfl, je vous poste le résultat des trois rapports antivir, MBAM et hijackthis Ceci après avoir désinstallé avast , spybot et toolbar de yahoo et windows.. je précise que je n ai pas installé Ccleaner, car antivir me signale "BDS small Fxa" à chaque tentative de téléchargement (j ai fait delete du virus) le rapport d'antivir est antérieur à la tentative d intall de Ccleeaner, et donc à l apparition du message de BDS Small Fxa ayant désinstallé avast, je n ai plus de firewall, donc j ai reinstallé depuis bitdefender, en neutralisant l antivirus et laissant seuls le parefeu et les mises a jour. Ai je bien fait? Est ce que tout est normal dans les rapports ci-dessous? Merci d avance et spécial Merci à Wullfk !!!! kisses Rapport antivir : Avira AntiVir Personal Report file date: samedi 30 août 2008 15:12 Scanning for 1583963 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Boot mode: Save mode Version information: BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00 AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 15:02:58 AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 14:43:38 LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 14:41:24 LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 14:28:42 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 16:33:34 ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:56:34 ANTIVIR2.VDF : 7.0.6.60 2802176 Bytes 24/08/2008 17:17:30 ANTIVIR3.VDF : 7.0.6.93 209920 Bytes 30/08/2008 15:47:36 Engineversion : 8.1.1.23 AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 15:58:22 AESCRIPT.DLL : 8.1.0.68 315770 Bytes 20/08/2008 01:31:50 AESCN.DLL : 8.1.0.23 119156 Bytes 17/08/2008 13:56:44 AERDL.DLL : 8.1.0.20 418165 Bytes 17/08/2008 13:56:44 AEPACK.DLL : 8.1.2.1 364917 Bytes 17/08/2008 13:56:42 AEOFFICE.DLL : 8.1.0.22 192890 Bytes 20/08/2008 01:31:48 AEHEUR.DLL : 8.1.0.50 1388918 Bytes 20/08/2008 01:31:42 AEHELP.DLL : 8.1.0.15 115063 Bytes 17/08/2008 13:56:40 AEGEN.DLL : 8.1.0.36 315764 Bytes 20/08/2008 01:31:40 AEEMU.DLL : 8.1.0.7 430452 Bytes 17/08/2008 13:56:40 AECORE.DLL : 8.1.1.8 172406 Bytes 17/08/2008 13:56:38 AEBB.DLL : 8.1.0.1 53617 Bytes 17/08/2008 13:56:38 AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 23:07:54 AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 16:37:52 AVREP.DLL : 8.0.0.2 98344 Bytes 17/08/2008 13:56:38 AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 23:07:50 AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 14:29:24 AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 14:31:32 SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 23:28:04 SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 23:08:40 NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 18:05:12 RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 20:37:26 RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 18:02:12 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, D:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: All files Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox, Macro heuristic..................: on File heuristic...................: medium Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR, Start of the scan: samedi 30 août 2008 15:12 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'Explorer.EXE' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 11 processes with 11 modules were scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Master boot sector HD1 [iNFO] No virus was found! [WARNING] Le périphérique n'est pas prêt. Master boot sector HD2 [iNFO] No virus was found! [WARNING] Le périphérique n'est pas prêt. Master boot sector HD3 [iNFO] No virus was found! [WARNING] Le périphérique n'est pas prêt. Master boot sector HD4 [iNFO] No virus was found! [WARNING] Le périphérique n'est pas prêt. Master boot sector HD5 [iNFO] No virus was found! [WARNING] Le périphérique n'est pas prêt. Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Boot sector 'D:\' [iNFO] No virus was found! Starting to scan the registry. The registry was scanned ( '49' files ). Starting the file scan: Begin scan in 'C:\' <ACER> C:\pagefile.sys [WARNING] The file could not be opened! Begin scan in 'D:\' <ACERDATA> End of the scan: samedi 30 août 2008 15:41 Used time: 29:21 min The scan has been done completely. 7931 Scanning directories 253882 Files were scanned 0 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 0 files were moved to quarantine 0 files were renamed 1 Files cannot be scanned 253882 Files not concerned 6765 Archives were scanned 6 Warnings 0 Notes rapport de MBAM: Malwarebytes' Anti-Malware 1.25 Version de la base de données: 1099 Windows 5.1.2600 Service Pack 2 16:24:45 30/08/2008 mbam-log-08-30-2008 (16-24-45).txt Type de recherche: Examen complet (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|) Eléments examinés: 133587 Temps écoulé: 16 minute(s), 52 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté) dernier rapport de Hijackthis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:42:49, on 30/08/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\Explorer.EXE C:\Program Files\acer\Acer eConsole\MediaServerService.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe C:\Program Files\Acer\eRecovery\Monitor.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Acer\Acer eMode Management\AspireService.exe C:\Program Files\Acer\Acer eConsole\MediaSync.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\PROGRA~1\FICHIE~1\PCSuite\Services\SERVIC~1.EXE C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe C:\Program Files\iPod\bin\iPodService.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Windows Desktop Search\WindowsSearchFilter.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\usser\Bureau\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file) O3 - Toolbar: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file) O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" O4 - HKLM\..\Run: [eRecoveryService] C:\Program Files\Acer\eRecovery\Monitor.exe O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [AspireService] C:\Program Files\Acer\Acer eMode Management\AspireService.exe O4 - HKLM\..\Run: [MediaSync] C:\Program Files\Acer\Acer eConsole\MediaSync.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300" O4 - HKLM\..\Run: [softPerfect Personal Firewall] "C:\Program Files\SoftPerfect Personal Firewall\fw.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing) O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...029/mcfscan.cab O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\acer\Acer eConsole\MediaServerService.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 10823 bytes
- le 31 août 2008
- 14 réponses
pouvez vous analyser ce rapport , merci

kristin a répondu à un(e) sujet de kristin dans Analyses et éradication malwares

voici les trois rapports que j ai de antivir, MBAM et hijackthis après avoir désinstallé avast et spybot et toolbar de yahoo et windows je resignale que je n ai pas installé Ccleaner, car antivir me signale "BDS small Fxa" (j ai fait delete) le rapport d antivir est antérieur à l apparition du message de BDS Small Fxa Est ce que tout est normal ? Merci d avance et spécial Merci à Wullfk !!!! kisses Rapport antivir : Avira AntiVir Personal Report file date: samedi 30 août 2008 15:12 Scanning for 1583963 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Boot mode: Save mode Version information: BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00 AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 15:02:58 AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 14:43:38 LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 14:41:24 LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 14:28:42 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 16:33:34 ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:56:34 ANTIVIR2.VDF : 7.0.6.60 2802176 Bytes 24/08/2008 17:17:30 ANTIVIR3.VDF : 7.0.6.93 209920 Bytes 30/08/2008 15:47:36 Engineversion : 8.1.1.23 AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 15:58:22 AESCRIPT.DLL : 8.1.0.68 315770 Bytes 20/08/2008 01:31:50 AESCN.DLL : 8.1.0.23 119156 Bytes 17/08/2008 13:56:44 AERDL.DLL : 8.1.0.20 418165 Bytes 17/08/2008 13:56:44 AEPACK.DLL : 8.1.2.1 364917 Bytes 17/08/2008 13:56:42 AEOFFICE.DLL : 8.1.0.22 192890 Bytes 20/08/2008 01:31:48 AEHEUR.DLL : 8.1.0.50 1388918 Bytes 20/08/2008 01:31:42 AEHELP.DLL : 8.1.0.15 115063 Bytes 17/08/2008 13:56:40 AEGEN.DLL : 8.1.0.36 315764 Bytes 20/08/2008 01:31:40 AEEMU.DLL : 8.1.0.7 430452 Bytes 17/08/2008 13:56:40 AECORE.DLL : 8.1.1.8 172406 Bytes 17/08/2008 13:56:38 AEBB.DLL : 8.1.0.1 53617 Bytes 17/08/2008 13:56:38 AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 23:07:54 AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 16:37:52 AVREP.DLL : 8.0.0.2 98344 Bytes 17/08/2008 13:56:38 AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 23:07:50 AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 14:29:24 AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 14:31:32 SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 23:28:04 SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 23:08:40 NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 18:05:12 RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 20:37:26 RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 18:02:12 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, D:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: All files Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox, Macro heuristic..................: on File heuristic...................: medium Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR, Start of the scan: samedi 30 août 2008 15:12 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'Explorer.EXE' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 11 processes with 11 modules were scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Master boot sector HD1 [iNFO] No virus was found! [WARNING] Le périphérique n'est pas prêt. Master boot sector HD2 [iNFO] No virus was found! [WARNING] Le périphérique n'est pas prêt. Master boot sector HD3 [iNFO] No virus was found! [WARNING] Le périphérique n'est pas prêt. Master boot sector HD4 [iNFO] No virus was found! [WARNING] Le périphérique n'est pas prêt. Master boot sector HD5 [iNFO] No virus was found! [WARNING] Le périphérique n'est pas prêt. Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Boot sector 'D:\' [iNFO] No virus was found! Starting to scan the registry. The registry was scanned ( '49' files ). Starting the file scan: Begin scan in 'C:\' <ACER> C:\pagefile.sys [WARNING] The file could not be opened! Begin scan in 'D:\' <ACERDATA> End of the scan: samedi 30 août 2008 15:41 Used time: 29:21 min The scan has been done completely. 7931 Scanning directories 253882 Files were scanned 0 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 0 files were moved to quarantine 0 files were renamed 1 Files cannot be scanned 253882 Files not concerned 6765 Archives were scanned 6 Warnings 0 Notes rapport de MBAM: Malwarebytes' Anti-Malware 1.25 Version de la base de données: 1099 Windows 5.1.2600 Service Pack 2 16:24:45 30/08/2008 mbam-log-08-30-2008 (16-24-45).txt Type de recherche: Examen complet (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|) Eléments examinés: 133587 Temps écoulé: 16 minute(s), 52 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté) dernier rapport de Hijackthis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:42:49, on 30/08/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\Explorer.EXE C:\Program Files\acer\Acer eConsole\MediaServerService.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe C:\Program Files\Acer\eRecovery\Monitor.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Acer\Acer eMode Management\AspireService.exe C:\Program Files\Acer\Acer eConsole\MediaSync.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\PROGRA~1\FICHIE~1\PCSuite\Services\SERVIC~1.EXE C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe C:\Program Files\iPod\bin\iPodService.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Windows Desktop Search\WindowsSearchFilter.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\usser\Bureau\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file) O3 - Toolbar: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file) O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" O4 - HKLM\..\Run: [eRecoveryService] C:\Program Files\Acer\eRecovery\Monitor.exe O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [AspireService] C:\Program Files\Acer\Acer eMode Management\AspireService.exe O4 - HKLM\..\Run: [MediaSync] C:\Program Files\Acer\Acer eConsole\MediaSync.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300" O4 - HKLM\..\Run: [softPerfect Personal Firewall] "C:\Program Files\SoftPerfect Personal Firewall\fw.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing) O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...029/mcfscan.cab O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\acer\Acer eConsole\MediaServerService.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 10823 bytes
- le 30 août 2008
- 14 réponses
pouvez vous analyser ce rapport , merci

kristin a répondu à un(e) sujet de kristin dans Analyses et éradication malwares

A peine je dis que ca va bien, j essaye de telecharger CCleaner, et antivir me signale au même moment un probleme avec" BDS small Fxa " back door... (je delete , je dois le faire deux fois) je n ai donc pas continué a installer cccleaner car j ai réessayé et même virus !! ps je suis passé par le lien de votre message pour arriver sur http://www.cleanersoft.net/fr/ je fais donc l impasse sur ccleaner et je vais installer MBAM
- le 30 août 2008
- 14 réponses
pouvez vous analyser ce rapport , merci

kristin a répondu à un(e) sujet de kristin dans Analyses et éradication malwares

merci pour l'instant ça va ( je pense) c est quoi un "helpeur" par rapport a vous? quel statut avez vous ici? a bientot
- le 30 août 2008
- 14 réponses
pouvez vous analyser ce rapport , merci

kristin a répondu à un(e) sujet de kristin dans Analyses et éradication malwares

merci beaucoup je savais que je ne devais pas faire cohabiter plusieurs anti virus au debut je n avais que bit defender, mais apparement il se "désactivait" bizarement tout seul, et j ai donc eu un doute , sur ma protection antivirus et trojan donc j ai desinstallé, puis mis avast ensuite j ai lu que avast était depassé, j ai mis antivir, mais apparement les deux ne trouvent pas les memes virus, et il m a semblé mieux de les mettre en complément bref je vais faire ce que vous m avez dit, j imprime pour tout faire dans l ordre...et je prends sans doute une semaine de vacances pour executer tout, douée comme je suis !!!! je vous tiens au courant merci déjà pour tout ca
- le 30 août 2008
- 14 réponses
pouvez vous analyser ce rapport , merci

kristin a répondu à un(e) sujet de kristin dans Analyses et éradication malwares
- le 30 août 2008
- 14 réponses

Connexion

kristin

Compteur de contenus

Inscription

Dernière visite

Profile Information

Autres informations

kristin's Achievements

Junior Member (3/12)

Réputation sur la communauté

analyse de rapport hijackthis suite a trojans et ralentissements MERCI

analyse de rapport hijackthis suite a trojans et ralentissements MERCI

analyse de rapport hijackthis suite a trojans et ralentissements MERCI

analyse de rapport hijackthis suite a trojans et ralentissements MERCI

trojan TR/Dropper.Gen trouvé par antivir

trojan TR/Dropper.Gen trouvé par antivir

trojan TR/Dropper.Gen trouvé par antivir

pouvez vous analyser ce rapport , merci

pouvez vous analyser ce rapport , merci

pouvez vous analyser ce rapport , merci

pouvez vous analyser ce rapport , merci

pouvez vous analyser ce rapport , merci

pouvez vous analyser ce rapport , merci

pouvez vous analyser ce rapport , merci

pouvez vous analyser ce rapport , merci

Zebulon

Outils en ligne

Naviguer