Aller au contenu

ero-sennin

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    53

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par ero-sennin

  1. ero-sennin
    tout d'abord merci de ta réponse rapide! donc pour le 1/ il s'agit d'un fichier "connu" progress est une BDD dont on se sert au taf. voila le rapport du scan: Fichier AdmSrvc.exe reçu le 2009.10.16 08:10:17 (UTC) Antivirus Version Dernière mise à jour Résultat a-squared 4.5.0.41 2009.10.16 - AhnLab-V3 5.0.0.2 2009.10.15 - AntiVir 7.9.1.35 2009.10.16 - Antiy-AVL 2.0.3.7 2009.10.16 - Authentium 5.1.2.4 2009.10.16 - Avast 4.8.1351.0 2009.10.14 - AVG 8.5.0.420 2009.10.16 - BitDefender 7.2 2009.10.16 - CAT-QuickHeal 10.00 2009.10.16 - ClamAV 0.94.1 2009.10.16 - Comodo 2617 2009.10.16 - DrWeb 5.0.0.12182 2009.10.16 - eSafe 7.0.17.0 2009.10.15 - eTrust-Vet 35.1.7070 2009.10.15 - F-Prot 4.5.1.85 2009.10.15 - F-Secure 8.0.14470.0 2009.10.16 - Fortinet 3.120.0.0 2009.10.15 - GData 19 2009.10.16 - Ikarus T3.1.1.72.0 2009.10.16 - Jiangmin 11.0.800 2009.10.16 - K7AntiVirus 7.10.871 2009.10.15 - Kaspersky 7.0.0.125 2009.10.16 - McAfee 5772 2009.10.15 - McAfee+Artemis 5772 2009.10.15 - McAfee-GW-Edition 6.8.5 2009.10.15 - Microsoft 1.5101 2009.10.16 - NOD32 4512 2009.10.15 - Norman 6.03.02 2009.10.16 - nProtect 2009.1.8.0 2009.10.15 - Panda 10.0.2.2 2009.10.15 - PCTools 4.4.2.0 2009.10.15 - Prevx 3.0 2009.10.16 - Rising 21.51.41.00 2009.10.16 - Sophos 4.46.0 2009.10.16 - Sunbelt 3.2.1858.2 2009.10.15 - Symantec 1.4.4.12 2009.10.16 - TheHacker 6.5.0.2.043 2009.10.15 - TrendMicro 8.950.0.1094 2009.10.16 - VBA32 3.12.10.11 2009.10.15 - ViRobot 2009.10.16.1987 2009.10.16 - VirusBuster 4.6.5.0 2009.10.15 - Information additionnelle File size: 20480 bytes MD5...: 9e55be76fd60425608d6cf433eef7d5a SHA1..: e78e030f15635d3d189a5ca11d59e9cb5370698c SHA256: 43166e15bca0312980422b021bd429b69a5729b6f7c5ddda2f3e9e840daed93c ssdeep: 192:njjqtxyQQzMXSiP/xm9+ajOcprQAXTy0YraniP4oynE7iJ2W:njjqTvUMiGx<br>m9JaUT9M4C7p<br> PEiD..: - PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x2ae0<br>timedatestamp.....: 0x3cd71a4a (Tue May 07 00:05:30 2002)<br>machinetype.......: 0x14c (I386)<br><br>( 3 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x1d91 0x2000 5.76 a423c7a288da374135e1aef62e9eb6b0<br>.rdata 0x3000 0x882 0x1000 3.07 f30886cf422acfde44b7da18a5290433<br>.data 0x4000 0x510 0x1000 1.25 20ee41c641e0c35e2b8831530d5efc0c<br><br>( 6 imports ) <br>> EVNTLOG.dll: -, -, -, -, -, -, -<br>> MFC42.DLL: -, -, -, -, -, -, -, -, -, -, -, -, -, -<br>> MSVCRT.dll: _mbscmp, __dllonexit, _stricmp, printf, __CxxFrameHandler, _onexit, _exit, _XcptFilter, _initterm, __getmainargs, __setusermatherr, _adjust_fdiv, __p__commode, __p__fmode, __set_app_type, _except_handler3, _controlfp, exit, sprintf, strncpy, __p___initenv<br>> KERNEL32.dll: CloseHandle, TerminateThread, FormatMessageA, lstrlenA, LocalFree, GetModuleFileNameA, ResumeThread, SuspendThread, CreateProcessA, CreateThread, GetFileAttributesA, GetLastError, WaitForSingleObject, CreateEventA, SetEvent, TerminateProcess, Sleep<br>> USER32.dll: wsprintfA<br>> ADVAPI32.dll: RegConnectRegistryA, StartServiceCtrlDispatcherA, RegisterServiceCtrlHandlerA, SetServiceStatus, StartServiceA, CloseServiceHandle, CreateServiceA, RegCreateKeyExA, RegQueryInfoKeyA, RegEnumKeyA, RegEnumValueA, DeleteService, OpenSCManagerA, RegOpenKeyExA, RegCloseKey, OpenServiceA, ControlService, QueryServiceStatus<br><br>( 0 exports ) <br> RDS...: NSRL Reference Data Set<br>- pdfid.: - trid..: Win32 Executable Generic (42.3%)<br>Win32 Dynamic Link Library (generic) (37.6%)<br>Generic Win/DOS Executable (9.9%)<br>DOS Executable Generic (9.9%)<br>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) sigcheck:<br>publisher....: n/a<br>copyright....: n/a<br>product......: n/a<br>description..: n/a<br>original name: n/a<br>internal name: n/a<br>file version.: n/a<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br> Antivirus Version Dernière mise à jour Résultat a-squared 4.5.0.41 2009.10.16 - AhnLab-V3 5.0.0.2 2009.10.15 - AntiVir 7.9.1.35 2009.10.16 - Antiy-AVL 2.0.3.7 2009.10.16 - Authentium 5.1.2.4 2009.10.16 - Avast 4.8.1351.0 2009.10.14 - AVG 8.5.0.420 2009.10.16 - BitDefender 7.2 2009.10.16 - CAT-QuickHeal 10.00 2009.10.16 - ClamAV 0.94.1 2009.10.16 - Comodo 2617 2009.10.16 - DrWeb 5.0.0.12182 2009.10.16 - eSafe 7.0.17.0 2009.10.15 - eTrust-Vet 35.1.7070 2009.10.15 - F-Prot 4.5.1.85 2009.10.15 - F-Secure 8.0.14470.0 2009.10.16 - Fortinet 3.120.0.0 2009.10.15 - GData 19 2009.10.16 - Ikarus T3.1.1.72.0 2009.10.16 - Jiangmin 11.0.800 2009.10.16 - K7AntiVirus 7.10.871 2009.10.15 - Kaspersky 7.0.0.125 2009.10.16 - McAfee 5772 2009.10.15 - McAfee+Artemis 5772 2009.10.15 - McAfee-GW-Edition 6.8.5 2009.10.15 - Microsoft 1.5101 2009.10.16 - NOD32 4512 2009.10.15 - Norman 6.03.02 2009.10.16 - nProtect 2009.1.8.0 2009.10.15 - Panda 10.0.2.2 2009.10.15 - PCTools 4.4.2.0 2009.10.15 - Prevx 3.0 2009.10.16 - Rising 21.51.41.00 2009.10.16 - Sophos 4.46.0 2009.10.16 - Sunbelt 3.2.1858.2 2009.10.15 - Symantec 1.4.4.12 2009.10.16 - TheHacker 6.5.0.2.043 2009.10.15 - TrendMicro 8.950.0.1094 2009.10.16 - VBA32 3.12.10.11 2009.10.15 - ViRobot 2009.10.16.1987 2009.10.16 - VirusBuster 4.6.5.0 2009.10.15 - Information additionnelle File size: 20480 bytes MD5...: 9e55be76fd60425608d6cf433eef7d5a SHA1..: e78e030f15635d3d189a5ca11d59e9cb5370698c SHA256: 43166e15bca0312980422b021bd429b69a5729b6f7c5ddda2f3e9e840daed93c ssdeep: 192:njjqtxyQQzMXSiP/xm9+ajOcprQAXTy0YraniP4oynE7iJ2W:njjqTvUMiGx<br>m9JaUT9M4C7p<br> PEiD..: - PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x2ae0<br>timedatestamp.....: 0x3cd71a4a (Tue May 07 00:05:30 2002)<br>machinetype.......: 0x14c (I386)<br><br>( 3 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x1d91 0x2000 5.76 a423c7a288da374135e1aef62e9eb6b0<br>.rdata 0x3000 0x882 0x1000 3.07 f30886cf422acfde44b7da18a5290433<br>.data 0x4000 0x510 0x1000 1.25 20ee41c641e0c35e2b8831530d5efc0c<br><br>( 6 imports ) <br>> EVNTLOG.dll: -, -, -, -, -, -, -<br>> MFC42.DLL: -, -, -, -, -, -, -, -, -, -, -, -, -, -<br>> MSVCRT.dll: _mbscmp, __dllonexit, _stricmp, printf, __CxxFrameHandler, _onexit, _exit, _XcptFilter, _initterm, __getmainargs, __setusermatherr, _adjust_fdiv, __p__commode, __p__fmode, __set_app_type, _except_handler3, _controlfp, exit, sprintf, strncpy, __p___initenv<br>> KERNEL32.dll: CloseHandle, TerminateThread, FormatMessageA, lstrlenA, LocalFree, GetModuleFileNameA, ResumeThread, SuspendThread, CreateProcessA, CreateThread, GetFileAttributesA, GetLastError, WaitForSingleObject, CreateEventA, SetEvent, TerminateProcess, Sleep<br>> USER32.dll: wsprintfA<br>> ADVAPI32.dll: RegConnectRegistryA, StartServiceCtrlDispatcherA, RegisterServiceCtrlHandlerA, SetServiceStatus, StartServiceA, CloseServiceHandle, CreateServiceA, RegCreateKeyExA, RegQueryInfoKeyA, RegEnumKeyA, RegEnumValueA, DeleteService, OpenSCManagerA, RegOpenKeyExA, RegCloseKey, OpenServiceA, ControlService, QueryServiceStatus<br><br>( 0 exports ) <br> RDS...: NSRL Reference Data Set<br>- pdfid.: - trid..: Win32 Executable Generic (42.3%)<br>Win32 Dynamic Link Library (generic) (37.6%)<br>Generic Win/DOS Executable (9.9%)<br>DOS Executable Generic (9.9%)<br>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) sigcheck:<br>publisher....: n/a<br>copyright....: n/a<br>product......: n/a<br>description..: n/a<br>original name: n/a<br>internal name: n/a<br>file version.: n/a<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br> 2/ MAM était deja installer: Malwarebytes' Anti-Malware 1.41 Version de la base de données: 2970 Windows 5.1.2600 Service Pack 3 16/10/2009 10:31:01 mbam-log-2009-10-16 (10-31-01).txt Type de recherche: Examen rapide Eléments examinés: 103554 Temps écoulé: 13 minute(s), 35 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté) Pas de redémarrage.
  2. ero-sennin
    Bonjour alors voila mon probleme j'ai été infecté par le virus win32.rootkit-gen rtk j'avais le processus herss qui se lançait au démarrage pense a avoir réussi a les viré (j'espere), j'ai donc viré avast et mis bitdefender par contre il ma trouver un autre virus : Gen:Rootkit.Heur.aG5@byCpbPk fichier: [system]=]C:\WINDOWS\system32\RNBOVDD.DLL [584] (memory dump) il me dit Aucune action possible, ca c'etait hier et je fais un scan aujourd'hui et plus rien, que dois je faire comment être sur de ne plus être infecté??? je vous poste le rapport hijackthis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 09:34:43, on 16/10/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SuperCopier2\SuperCopier2.exe C:\WINDOWS\system32\CNAB3RPK.EXE C:\Program Files\PROGRESS\bin\AdmSrvc.exe C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe C:\Program Files\PROGRESS\jre\bin\java.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Google\Update\GoogleUpdate.exe C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\CDBurnerXP\NMSAccessU.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\PROGRESS\bin\prowin32.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\ntvdm.exe C:\Documents and Settings\Administrateur\Bureau\FUVI.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [iMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [bitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [superCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1207725063500 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1211262261125 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shock...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{8C696093-235E-4402-ADA6-32B632AF437F}: NameServer = 212.27.54.252,212.27.53.252 O23 - Service: AdminService for PROGRESS 9.1D (AdminService9.1D) - Unknown owner - C:\Program Files\PROGRESS\bin\AdmSrvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe O23 - Service: Service Google Update (gupdate1c9a8607c225e66) (gupdate1c9a8607c225e66) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: ProService for 9.1D (ProService9.1D) - Progress Software - C:\Program Files\PROGRESS\bin\ProSrvc.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe -- End of file - 8006 bytes merci de votre aide.
  3. ero-sennin
    Bonjour, voila mon problème lorsque je veux ouvrir mozilla ou IE celui ci ne veut pas se lancer!!! lorsque je débranche ma prise Rj45(freebox) le logiciel se lance. je suspect un virus mais avast ne trouve rien, coté spyware j'ai éliminé ce qu'il y avait et toujours rien. je précise que suis sous XP. Je vous poste le rapport hijack: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:50:50, on 03/05/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16827) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Soft4Ever\looknstop\looknstop.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\vsnpstd2.exe C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\VoipDiscount.com\VoipDiscount\VoipDiscount.exe C:\Program Files\Internet Download Manager\IDMan.exe C:\Program Files\EXPERTool\TBPanel.exe C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe C:\Program Files\DNA\btdna.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\ATKKBService.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\IoctlSvc.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\system32\rundll32.exe C:\Documents and Settings\Administrateur\Bureau\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/ie R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Look 'n' Stop] "C:\Program Files\Soft4Ever\looknstop\looknstop.exe" -auto O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [sNPSTD2] C:\WINDOWS\vsnpstd2.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [VoipDiscount] "C:\Program Files\VoipDiscount.com\VoipDiscount\VoipDiscount.exe" -nosplash -minimized O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Documents and Settings\Administrateur\Mes documents\Downloads\Compressed\Al5429_Dancefloor\Al5429_Dancefloor\Alcohol 120% FR v1.9.6.5429 (XP_Vista) + Crack\Alcohol 120% FR v1.9.6.5429 (XP_Vista) + Crack\Alcohol 120% FR v1.9.6.5429 (Crack)\axcmd.exe" /automount O4 - HKCU\..\Run: [iDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot O4 - HKCU\..\Run: [GAINWARD] C:\Program Files\EXPERTool\TBPanel.exe /A O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe" O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user') O8 - Extra context menu item: Télécharger avec IDM - C:\Program Files\Internet Download Manager\IEExt.htm O8 - Extra context menu item: Télécharger le contenu de video FLV avec IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm O8 - Extra context menu item: Télécharger tous les liens avec IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wi [...] 8693264652 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe (file missing) O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- End of file - 8556 bytes Merci de votre aide.
×
×
  • Créer...