martfinder

martfinder - Sécurité - Windows & Software

Marsh Posté le 04-08-2005 à 15:21:37    

Je crois que j'ai gagné un "martfinder":
ma page de démarrage de internet explorer est remplacée par "http://www.martfinder.com/2/"
 
et de plus, je ne peux plus rien mettre dans mon repertoire de démarrage de windows...tout s'efface donc je dois lancer mes logiciels un par un ???
 
Voici le log de hijack
 
Logfile of HijackThis v1.99.1
Scan saved at 15:14:55, on 04/08/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
 
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\PROGRAM FILES\SAFEGUARD\SGEASY\SGECTL.EXE
C:\WINNT\system32\ibmpmsvc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Connected\CBRegCap.EXE
C:\Program Files\Connected\CBlaunch.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Symantec\Ghost\ngctw32.exe
C:\OfficeScan NT\ntrtscan.exe
C:\OfficeScan NT\OfcPfwSvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\OfficeScan NT\tmlisten.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\TEMP\NW860F.EXE
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\inetsrv\inetinfo.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54CFG.exe
C:\Program Files\Zone Labs\Integrity Client\iclient.exe
C:\OfficeScan NT\PccNTMon.exe
C:\Program Files\Connected\CBSysTray.exe
C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
C:\Program Files\Cisco Systems\VPN Client\ipseclog.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\leo\Bureau\HijackThis.exe
 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = dkproxy01.global.leo-group.net:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) - http://go.microsoft.com/fwlink/?li [...] lcid=0x409
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/window [...] 2723946496
O17 - HKLM\System\CCS\Services\Tcpip\..\{C74E5FB0-8AAA-43FA-AA21-8F43AB2F7570}: Domain = global.leo-group.net
O17 - HKLM\System\CCS\Services\Tcpip\..\{C74E5FB0-8AAA-43FA-AA21-8F43AB2F7570}: NameServer = 155.137.65.112,155.137.65.109
O17 - HKLM\System\CS2\Services\Tcpip\..\{0F118069-753F-41CA-99EF-B05DB3F2DF0D}: NameServer = 192.168.0.1
O19 - User stylesheet: C:\WINNT\windows.dat
O20 - Winlogon Notify: nwprovau - C:\WINNT\SYSTEM32\nwprovau.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Connected RegCap (CBRegCap) - Connected Corporation - C:\Program Files\Connected\CBRegCap.EXE
O23 - Service: Lanceur de Connected (ConnectedLauncher) - Connected Corporation - C:\Program Files\Connected\CBlaunch.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Fonction Commande à distance de Client Access Express (Cwbrxd) - IBM Corporation - C:\WINNT\CWBRXD.EXE
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINNT\system32\ibmpmsvc.exe
O23 - Service: Agent client Symantec Ghost (NGClient) - Symantec Corporation - C:\Program Files\Symantec\Ghost\ngctw32.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\OfficeScan NT\ntrtscan.exe
O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\OfficeScan NT\OfcPfwSvc.exe
O23 - Service: SgeCtl - Utimaco Safeware AG - C:\PROGRAM FILES\SAFEGUARD\SGEASY\SGECTL.EXE
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\OfficeScan NT\tmlisten.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe
 
 
Pouvez vous m'aider?
Merci !

Reply

Marsh Posté le 04-08-2005 à 15:21:37   

Reply

Marsh Posté le 04-08-2005 à 15:36:14    

salut
 
Telecharge ESS3remove.zip
http://users.telenet.be/marcvn/tools/ESS3remove.zip
et ceci :
http://users.telenet.be/marcvn/regfiles/martfinder.zip
 
Dezippe ces 2 programmes (clic droit dessus > extraire tout)
 
ensuite redemarre en mode sans echec:
Redemarre le pc, laisse passer l'écran du bios, puis tapote sur la touche F8 avant qu'apparaisse l'écran de chargement de windows.  
Choisis le mode sans échec dans les options et valide avec entrée.
 
Une fois en mode sans echec:
 Lance hijackthis et clic sur [do a system scan only]
cocher la case au début des lignes suivantes:
 
O19 - User stylesheet: C:\WINNT\windows.dat
 
valider en cliquant sur <gras>[fix checked]
 
lance ESS3remove.bat
puis lance martfinder.reg (accepte de fusionner)
 
redemarre le pc et reposte un hijack
 
N'oublie pas de remettre au demarrage ton antivirus et firewall
 
a+

Reply

Marsh Posté le 04-08-2005 à 16:03:53    

:hello: moe, bienvenue sur Hardware. A bientôt.

Reply

Marsh Posté le 05-08-2005 à 14:23:52    

Génial...il semble que ça ait marché.
 
Un grand merci à toi !
 
Logfile of HijackThis v1.99.1
Scan saved at 14:23:57, on 05/08/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
 
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\PROGRAM FILES\SAFEGUARD\SGEASY\SGECTL.EXE
C:\WINNT\system32\ibmpmsvc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Connected\CBRegCap.EXE
C:\Program Files\Connected\CBlaunch.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Symantec\Ghost\ngctw32.exe
C:\OfficeScan NT\ntrtscan.exe
C:\OfficeScan NT\OfcPfwSvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\OfficeScan NT\tmlisten.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\TEMP\WK2E38.EXE
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\inetsrv\inetinfo.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Connected\CBSysTray.exe
C:\Program Files\Zone Labs\Integrity Client\iclient.exe
C:\OfficeScan NT\PccNTMon.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54CFG.exe
C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
C:\Program Files\Cisco Systems\VPN Client\ipseclog.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Lotus\Notes\NLNOTES.EXE
C:\Lotus\Notes\nhldaemn.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Lotus\Notes\nupdate.EXE
C:\Documents and Settings\leo\Bureau\HijackThis.exe
 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = dkproxy01.global.leo-group.net:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\OfficeScan NT\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Icône de Barre des tâches de Connected.LNK = C:\Program Files\Connected\CBSysTray.exe
O4 - Global Startup: Connected TLM.lnk = C:\Program Files\Connected\COBackup.exe
O4 - Global Startup: Integrity Client.lnk = C:\Program Files\Zone Labs\Integrity Client\iclient.exe
O4 - Global Startup: OfficeScan Client.lnk = C:\OfficeScan NT\PccNTMon.exe
O4 - Global Startup: Wireless-G Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54CFG.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) - http://go.microsoft.com/fwlink/?li [...] lcid=0x409
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/window [...] 2723946496
O17 - HKLM\System\CCS\Services\Tcpip\..\{C74E5FB0-8AAA-43FA-AA21-8F43AB2F7570}: Domain = global.leo-group.net
O17 - HKLM\System\CCS\Services\Tcpip\..\{C74E5FB0-8AAA-43FA-AA21-8F43AB2F7570}: NameServer = 155.137.65.112,155.137.65.109
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = global.leo-group.net
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = global.leo-group.net
O20 - Winlogon Notify: nwprovau - C:\WINNT\SYSTEM32\nwprovau.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Connected RegCap (CBRegCap) - Connected Corporation - C:\Program Files\Connected\CBRegCap.EXE
O23 - Service: Lanceur de Connected (ConnectedLauncher) - Connected Corporation - C:\Program Files\Connected\CBlaunch.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Fonction Commande à distance de Client Access Express (Cwbrxd) - IBM Corporation - C:\WINNT\CWBRXD.EXE
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINNT\system32\ibmpmsvc.exe
O23 - Service: Agent client Symantec Ghost (NGClient) - Symantec Corporation - C:\Program Files\Symantec\Ghost\ngctw32.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\OfficeScan NT\ntrtscan.exe
O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\OfficeScan NT\OfcPfwSvc.exe
O23 - Service: SgeCtl - Utimaco Safeware AG - C:\PROGRAM FILES\SAFEGUARD\SGEASY\SGECTL.EXE
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\OfficeScan NT\tmlisten.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe
 

Reply

Marsh Posté le 06-08-2005 à 00:59:09    

salut brexinjo
 
hello stonangel  :hello:  
 
Apparement ce fichier mérite d'etre analysé ici:
http://virusscan.jotti.org/
 
C:\WINNT\TEMP\WK2E38.EXE
 
Une fois fait, fais un copier/coller du resultat ici.
 
a+
 

Reply

Marsh Posté le 08-08-2005 à 10:18:40    

il s'agissait d'un fichier temporaire...il n'existe plus sur le DD...il est remplacé par XZ6CAO.EXE
 
Logfile of HijackThis v1.99.1
Scan saved at 10:16:16, on 08/08/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
 
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\PROGRAM FILES\SAFEGUARD\SGEASY\SGECTL.EXE
C:\WINNT\system32\ibmpmsvc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Connected\CBRegCap.EXE
C:\Program Files\Connected\CBlaunch.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Symantec\Ghost\ngctw32.exe
C:\OfficeScan NT\ntrtscan.exe
C:\OfficeScan NT\OfcPfwSvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\OfficeScan NT\tmlisten.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\OfficeScan NT\pccntmon.exe
C:\WINNT\system32\inetsrv\inetinfo.exe
C:\WINNT\TEMP\XZ6CA0.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\OfficeScan NT\pccntupd.exe
C:\Program Files\Zone Labs\Integrity Client\iclient.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54CFG.exe
C:\Program Files\Connected\CBSysTray.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
C:\Program Files\Cisco Systems\VPN Client\ipseclog.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\leo\Bureau\HijackThis.exe
 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = dkproxy01.global.leo-group.net:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\OfficeScan NT\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Icône de Barre des tâches de Connected.LNK = C:\Program Files\Connected\CBSysTray.exe
O4 - Global Startup: Connected TLM.lnk = C:\Program Files\Connected\COBackup.exe
O4 - Global Startup: Integrity Client.lnk = C:\Program Files\Zone Labs\Integrity Client\iclient.exe
O4 - Global Startup: OfficeScan Client.lnk = C:\OfficeScan NT\PccNTMon.exe
O4 - Global Startup: Wireless-G Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54CFG.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) - http://go.microsoft.com/fwlink/?li [...] lcid=0x409
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/window [...] 2723946496
O17 - HKLM\System\CCS\Services\Tcpip\..\{C74E5FB0-8AAA-43FA-AA21-8F43AB2F7570}: Domain = global.leo-group.net
O17 - HKLM\System\CCS\Services\Tcpip\..\{C74E5FB0-8AAA-43FA-AA21-8F43AB2F7570}: NameServer = 155.137.65.112,155.137.65.109
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = global.leo-group.net
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = global.leo-group.net
O20 - Winlogon Notify: nwprovau - C:\WINNT\SYSTEM32\nwprovau.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Connected RegCap (CBRegCap) - Connected Corporation - C:\Program Files\Connected\CBRegCap.EXE
O23 - Service: Lanceur de Connected (ConnectedLauncher) - Connected Corporation - C:\Program Files\Connected\CBlaunch.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Fonction Commande à distance de Client Access Express (Cwbrxd) - IBM Corporation - C:\WINNT\CWBRXD.EXE
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINNT\system32\ibmpmsvc.exe
O23 - Service: Agent client Symantec Ghost (NGClient) - Symantec Corporation - C:\Program Files\Symantec\Ghost\ngctw32.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\OfficeScan NT\ntrtscan.exe
O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\OfficeScan NT\OfcPfwSvc.exe
O23 - Service: SgeCtl - Utimaco Safeware AG - C:\PROGRAM FILES\SAFEGUARD\SGEASY\SGECTL.EXE
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\OfficeScan NT\tmlisten.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe
 
et ça donne ça :
Jotti's malware scan 2.99-TRANSITION_TO_3.00  
 
File to upload & scan:            
Service  
Service load:  0%        100%  
 
File:  XZ6CA0.EXE  
Status:  OK  
MD5  77d787f875d9a646411699641203af08  
Packers detected:  -  
Scanner results  
AntiVir  Found nothing  
ArcaVir  Found nothing  
Avast  Found nothing  
AVG Antivirus  Found nothing  
BitDefender  Found nothing  
ClamAV  Found nothing  
Dr.Web  Found nothing  
F-Prot Antivirus  Found nothing  
Fortinet  Found nothing  
Kaspersky Anti-Virus  Found nothing  
NOD32  Found nothing  
Norman Virus Control  Found nothing  
UNA  Found nothing  
VBA32  Found nothing  
   
Powered by  
            Tout semble ok maintenant  
Merci de ton aide

Reply

Sujets relatifs:

Leave a Replay

Make sure you enter the(*)required information where indicate.HTML code is not allowed