Impossible d' enlever un cheval de troie !!
mira12
-
ep44 Messages postés 7432 Statut Contributeur -
ep44 Messages postés 7432 Statut Contributeur -
Bonjour,
Depuis quelques jours j'ai un cheval de troie (win32:Trat BHO(Tri)) dans mon système (windows XP sp 2). Mon antivirus (avast) le détecte toujours alors que j'ai essayé de le supprimer. J'ai donc fait un scan avec adware se, avast, spybot, a squared, c cleaner et trend micro. J'ai supprimé tout ce qui a été détecté mais le cheval de troie est toujours là!
J'ai donc analysé avec hijackthis et voici le rapport : Merci de votre aide!!!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:18:11, on 06/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\StkASv2K.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\QuickTime\qttask .exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\RocketDock\RocketDock .exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
C:\Program Files\Hercules\WiFi Station\WifiStation.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Documents and Settings\Rajaonarison Antsa\Bureau\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {00DC0058-A87E-4D19-9C26-F1AAC98AD4D7} - C:\WINDOWS\system32\cbxvwts.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: {81d1189b-3b25-54e8-6044-4d87bdfb6aaa} - {aaa6bfdb-78d4-4406-8e45-52b3b9811d18} - C:\WINDOWS\system32\ewrfqxdb.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [702d9afc] rundll32.exe "C:\WINDOWS\system32\exsenmud.dll",b
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock .exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ .exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: LUMIX Simple Viewer.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WiFi Station.lnk = ?
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.18\AMVConverter\grab.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O17 - HKLM\System\CCS\Services\Tcpip\..\{1D50A7C8-14D3-4217-93B9-25853380CF5C}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{3744FC3B-5FFC-4F32-98A2-D6C466621245}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{6C152234-2EA7-4ECE-9ED3-AF7F66262693}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{8E11A4C5-7F67-4870-96F6-8EB79FFD6EAF}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{A504A605-1DCA-4D50-875E-C3CAE75B60FF}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{C3579A8C-50F2-4179-8B40-CD6B754C8395}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{1D50A7C8-14D3-4217-93B9-25853380CF5C}: NameServer = 192.168.1.1
O20 - Winlogon Notify: cbxvwts - C:\WINDOWS\SYSTEM32\cbxvwts.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
O23 - Service: Syntek STK1160 Service (StkASSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkASv2K.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
Depuis quelques jours j'ai un cheval de troie (win32:Trat BHO(Tri)) dans mon système (windows XP sp 2). Mon antivirus (avast) le détecte toujours alors que j'ai essayé de le supprimer. J'ai donc fait un scan avec adware se, avast, spybot, a squared, c cleaner et trend micro. J'ai supprimé tout ce qui a été détecté mais le cheval de troie est toujours là!
J'ai donc analysé avec hijackthis et voici le rapport : Merci de votre aide!!!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:18:11, on 06/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\StkASv2K.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\QuickTime\qttask .exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\RocketDock\RocketDock .exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
C:\Program Files\Hercules\WiFi Station\WifiStation.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Documents and Settings\Rajaonarison Antsa\Bureau\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {00DC0058-A87E-4D19-9C26-F1AAC98AD4D7} - C:\WINDOWS\system32\cbxvwts.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: {81d1189b-3b25-54e8-6044-4d87bdfb6aaa} - {aaa6bfdb-78d4-4406-8e45-52b3b9811d18} - C:\WINDOWS\system32\ewrfqxdb.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [702d9afc] rundll32.exe "C:\WINDOWS\system32\exsenmud.dll",b
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock .exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ .exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: LUMIX Simple Viewer.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WiFi Station.lnk = ?
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.18\AMVConverter\grab.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O17 - HKLM\System\CCS\Services\Tcpip\..\{1D50A7C8-14D3-4217-93B9-25853380CF5C}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{3744FC3B-5FFC-4F32-98A2-D6C466621245}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{6C152234-2EA7-4ECE-9ED3-AF7F66262693}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{8E11A4C5-7F67-4870-96F6-8EB79FFD6EAF}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{A504A605-1DCA-4D50-875E-C3CAE75B60FF}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{C3579A8C-50F2-4179-8B40-CD6B754C8395}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{1D50A7C8-14D3-4217-93B9-25853380CF5C}: NameServer = 192.168.1.1
O20 - Winlogon Notify: cbxvwts - C:\WINDOWS\SYSTEM32\cbxvwts.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
O23 - Service: Syntek STK1160 Service (StkASSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkASv2K.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
A voir également:
- Impossible d' enlever un cheval de troie !!
- Enlever pub youtube - Accueil - Streaming
- Enlever mot de passe windows 10 - Guide
- Comment enlever un ami sur facebook - Guide
- Enlever confirmation de lecture whatsapp - Guide
- Comment enlever le rond bleu sur whatsapp - Guide
12 réponses
Bonjour mira12,
on va essayer de résoudre ton soucis en effet ton rapport montre plusieurs infections
Télécharge Combofix sUBs : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et sauvegarde le sur ton bureau et pas ailleurs!
Double-clic sur combofix,
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
on va essayer de résoudre ton soucis en effet ton rapport montre plusieurs infections
Télécharge Combofix sUBs : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et sauvegarde le sur ton bureau et pas ailleurs!
Double-clic sur combofix,
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
Voici le rapport de combofix
ComboFix 08-01-04.1 - Rajaonarison Antsa 2008-01-06 15:11:35.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.533 [GMT 1:00]
Running from: C:\Documents and Settings\Rajaonarison Antsa\Bureau\ComboFix.exe
* Created a new restore point
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\cbxvwts.dll
C:\WINDOWS\system32\cbxywus.dll
C:\WINDOWS\system32\dumnesxe.ini
C:\WINDOWS\system32\ewrfqxdb.dll
C:\WINDOWS\system32\exsenmud.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\qtutv.ini
C:\WINDOWS\system32\qtutv.ini2
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-06 to 2008-01-06 ))))))))))))))))))))))))))))))))))))
.
2008-01-06 15:07 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-06 14:07 . 2008-01-06 14:07 <REP> d-------- C:\Documents and Settings\Rajaonarison Antsa\Application Data\Grisoft
2008-01-06 14:03 . 2008-01-06 14:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-06 14:03 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-05 22:22 . 2008-01-06 00:06 <REP> d-------- C:\Documents and Settings\Rajaonarison Antsa\.housecall6.6
2008-01-04 20:35 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-01-04 20:35 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-01-04 20:35 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-01-04 20:35 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-01-04 20:35 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-01-04 20:34 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-01-04 20:34 . 2004-01-09 11:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-01-04 20:34 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AVASTSS.scr
2008-01-04 20:23 . 2008-01-04 21:09 <REP> d-------- C:\Program Files\a-squared Free
2008-01-04 14:41 . 2008-01-04 14:41 10 --a------ C:\WINDOWS\WININIT.INI
2008-01-04 14:18 . 2008-01-04 14:18 0 --a------ C:\WINDOWS\system32\atiicdxx.dat
2008-01-04 13:08 . 2008-01-04 14:17 <REP> d-------- C:\WINDOWS\tmp1671
2008-01-03 13:53 . 2005-02-04 19:25 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
2008-01-03 13:53 . 2005-02-04 19:25 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-01-03 13:53 . 2005-02-04 18:29 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
2008-01-03 13:53 . 2005-02-04 18:34 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents
2008-01-03 13:53 . 2005-02-04 19:25 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
2008-01-03 13:53 . 2005-02-04 18:34 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
2008-01-03 13:53 . 2006-08-03 21:05 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-01-02 18:56 . 2008-01-02 19:11 <REP> d-------- C:\Documents and Settings\Rajaonarison Antsa\.gimp-2.4
2008-01-02 18:55 . 2008-01-02 18:55 <REP> d-------- C:\Program Files\GIMP-2.0
2008-01-02 18:16 . 2008-01-02 18:16 <REP> d-------- C:\Program Files\Lavasoft
2008-01-02 18:16 . 2008-01-02 18:16 <REP> d-------- C:\Documents and Settings\Rajaonarison Antsa\Application Data\Lavasoft
2008-01-02 12:06 . 2008-01-05 12:40 221,184 --a------ C:\WINDOWS\system32\LVCOMSX .EXE
2008-01-02 12:06 . 2008-01-05 12:40 155,648 --a------ C:\WINDOWS\system32\NeroCheck .exe
2008-01-02 00:29 . 2007-11-05 05:34 118,520 --------- C:\WINDOWS\system32\pxinsi64.exe
2008-01-02 00:29 . 2007-11-05 05:34 118,056 --------- C:\WINDOWS\system32\pxcpyi64.exe
2007-12-15 13:26 . 1928-01-01 22:08 4,358,144 --a------ C:\WINDOWS\uncsetup.exe
2007-12-14 20:58 . 2007-12-14 22:06 <REP> d-------- C:\Documents and Settings\Rajaonarison Antsa\Application Data\Sierra
2007-12-14 20:49 . 2007-12-14 20:49 <REP> d-------- C:\Program Files\Sierra
2007-12-11 21:49 . 2007-12-11 21:49 <REP> d-------- C:\Temp
2007-12-11 21:48 . 2007-12-11 22:05 <REP> d-------- C:\Program Files\AirSnare
2007-12-11 21:28 . 2007-12-11 21:28 <REP> d-------- C:\Program Files\Camtech
2007-12-11 21:28 . 2000-12-06 00:00 109,248 --a------ C:\WINDOWS\system32\Mswinsck.ocx
2007-12-11 21:28 . 2001-09-03 07:52 766 --a------ C:\WINDOWS\win98Logo.ico
2007-12-11 21:20 . 2007-12-11 21:20 <REP> d-------- C:\Program Files\Look@LAN
2007-12-10 18:38 . 2007-12-20 11:41 <REP> d-------- C:\Program Files\Azureus
2007-12-07 18:49 . 2007-12-07 18:49 <REP> d-------- C:\Program Files\Ulead Systems
2007-12-07 18:49 . 2007-12-07 18:49 <REP> d-------- C:\Program Files\Fichiers communs\Ulead Systems
2007-12-07 18:00 . 2008-01-04 13:08 <REP> d-------- C:\WINDOWS\system32\windows media
2007-12-06 20:36 . 2007-12-06 20:37 <REP> d-------- C:\Documents and Settings\Rajaonarison Antsa\Praat
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-05 13:12 --------- d-----w C:\Program Files\RocketDock
2008-01-05 13:12 --------- d-----w C:\Program Files\QuickTime
2008-01-05 13:11 --------- d-----w C:\Program Files\Spyware Terminator
2008-01-05 13:11 --------- d-----w C:\Program Files\iTunes
2008-01-05 01:07 --------- d-----w C:\Program Files\Steam
2008-01-04 16:43 --------- d-----w C:\Program Files\eMule
2008-01-04 15:45 --------- d-----w C:\Documents and Settings\Rajaonarison Antsa\Application Data\Spyware Terminator
2008-01-04 13:16 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-04 13:16 --------- d-----w C:\Program Files\CONEXANT
2008-01-02 16:57 --------- d-----w C:\Documents and Settings\Rajaonarison Antsa\Application Data\Azureus
2007-12-22 17:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kodak
2007-12-20 14:31 --------- d-----w C:\Program Files\JP_système
2007-12-19 01:43 --------- d-----w C:\Program Files\Call of Duty Game of the Year Edition
2007-12-09 21:43 8,978 ----a-w C:\Documents and Settings\Rajaonarison Antsa\Application Data\wklnhst.dat
2007-12-07 17:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems
2007-12-05 20:29 --------- d-----w C:\Program Files\DivX
2007-12-05 19:35 --------- d-----w C:\Program Files\Pando Networks
2007-11-30 22:03 --------- d-----w C:\Documents and Settings\Rajaonarison Antsa\Application Data\dvdcss
2007-11-29 00:27 --------- d-----w C:\Program Files\MobeeSoft
2007-11-28 13:24 --------- d-----w C:\Documents and Settings\Rajaonarison Antsa\Application Data\STOIK
2007-11-28 11:37 --------- d-----w C:\Program Files\MP3 Player Utilities 4.18
2007-11-18 13:40 --------- d-----w C:\Program Files\IZArc
2007-11-16 15:10 --------- d-----w C:\Program Files\ATI Technologies
2007-11-15 19:56 --------- d-----w C:\Program Files\Empire Interactive
2007-11-14 22:21 --------- d-----w C:\Program Files\JoWooD
2007-11-14 21:54 65,276 -c--a-w C:\WINDOWS\BricoPackUninst.cmd
2007-11-14 21:54 5,806 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd
2007-11-14 20:25 --------- d-----w C:\Program Files\Warcraft III
2007-11-14 17:27 --------- d-----w C:\Program Files\Maxis
2007-11-14 14:59 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-06 09:46 --------- d-----w C:\Program Files\Windows Media Components
2007-11-06 09:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2007-11-06 09:40 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2005-08-15 16:03 854 -c--a-w C:\Program Files\INSTALL.LOG
.
[code]<pre>
----a-w 344,064 2008-01-04 19:36:46 C:\ATI-CPanel\atiptaxx .exe
----a-w 61,440 2008-01-04 19:36:57 C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy .exe
----a-w 39,792 2008-01-05 11:40:33 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe
----a-w 1,957,888 2008-01-04 20:35:33 C:\Program Files\Ahead\Nero BackItUp\NBJ .exe
----a-w 49,152 2008-01-05 11:40:29 C:\Program Files\HP\HP Software Update\HPWuSchd2 .exe
----a-w 257,088 2008-01-05 11:40:37 C:\Program Files\iTunes\iTunesHelper .exe
----a-w 132,496 2008-01-05 11:40:33 C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
----a-w 1,694,208 2008-01-05 11:40:52 C:\Program Files\Messenger\msmsgs .exe
----a-w 5,207,368 2008-01-02 17:10:33 C:\Program Files\Pando Networks\Pando\Pando .exe
----a-w 282,624 2008-01-04 20:35:12 C:\Program Files\QuickTime\qttask .exe
----a-w 462,848 2008-01-04 20:35:25 C:\Program Files\RocketDock\RocketDock .exe
----a-w 2,776,576 2008-01-05 11:40:48 C:\Program Files\Spyware Terminator\SpywareTerminatorShield .exe
----a-w 36,864 2008-01-05 11:40:33 C:\Program Files\Ulead Systems\Ulead VideoStudio SE DVD\uvPL .exe
----a-w 221,184 2008-01-05 11:40:33 C:\WINDOWS\system32\LVCOMSX .EXE
----a-w 155,648 2008-01-05 11:40:30 C:\WINDOWS\system32\NeroCheck .exe
</pre>[/code]
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShedkoIconOverlay1 {340B93F0-409B-4FE1-A299-E51A9DBC15E8}]
@={340B93F0-409B-4FE1-A299-E51A9DBC15E8}
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShedkoIconOverlay10 {6BFB2A00-8527-4BF2-A0E8-CD9050681F04}]
@={6BFB2A00-8527-4BF2-A0E8-CD9050681F04}
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShedkoIconOverlay2 {E3938C98-7DD8-449B-8307-72BFAB5AD177}]
@={E3938C98-7DD8-449B-8307-72BFAB5AD177}
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShedkoIconOverlay3 {D2871DBF-4514-4F87-982C-33DC93EC49B5}]
@={D2871DBF-4514-4F87-982C-33DC93EC49B5}
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShedkoIconOverlay4 {6CC026B2-745A-414B-8D1B-31FEE8924274}]
@={6CC026B2-745A-414B-8D1B-31FEE8924274}
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShedkoIconOverlay5 {E871D3F2-4F71-4DC1-AD19-EA1CFD16DAB1}]
@={E871D3F2-4F71-4DC1-AD19-EA1CFD16DAB1}
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShedkoIconOverlay6 {5181ED65-D2CD-4C23-87B1-0EBFA9BD3B72}]
@={5181ED65-D2CD-4C23-87B1-0EBFA9BD3B72}
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShedkoIconOverlay7 {663AC8D3-A880-4AB8-8B89-BCEC3A4E51B1}]
@={663AC8D3-A880-4AB8-8B89-BCEC3A4E51B1}
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShedkoIconOverlay8 {1C011EDC-054A-485B-B815-EF612433EF7A}]
@={1C011EDC-054A-485B-B815-EF612433EF7A}
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShedkoIconOverlay9 {CC1B3A1B-6DBB-43ED-A142-6806736B90E2}]
@={CC1B3A1B-6DBB-43ED-A142-6806736B90E2}
[HKEY_CLASSES_ROOT\CLSID\{340B93F0-409B-4FE1-A299-E51A9DBC15E8}]
2007-02-02 03:11 338432 --a------ C:\PROGRA~1\BADGES~1.0\SHELL_~1.DLL
[HKEY_CLASSES_ROOT\CLSID\{6BFB2A00-8527-4BF2-A0E8-CD9050681F04}]
2007-02-02 03:11 338432 --a------ C:\PROGRA~1\BADGES~1.0\SHELL_~1.DLL
[HKEY_CLASSES_ROOT\CLSID\{E3938C98-7DD8-449B-8307-72BFAB5AD177}]
2007-02-02 03:11 338432 --a------ C:\PROGRA~1\BADGES~1.0\SHELL_~1.DLL
[HKEY_CLASSES_ROOT\CLSID\{D2871DBF-4514-4F87-982C-33DC93EC49B5}]
2007-02-02 03:11 338432 --a------ C:\PROGRA~1\BADGES~1.0\SHELL_~1.DLL
[HKEY_CLASSES_ROOT\CLSID\{6CC026B2-745A-414B-8D1B-31FEE8924274}]
2007-02-02 03:11 338432 --a------ C:\PROGRA~1\BADGES~1.0\SHELL_~1.DLL
[HKEY_CLASSES_ROOT\CLSID\{E871D3F2-4F71-4DC1-AD19-EA1CFD16DAB1}]
2007-02-02 03:11 338432 --a------ C:\PROGRA~1\BADGES~1.0\SHELL_~1.DLL
[HKEY_CLASSES_ROOT\CLSID\{5181ED65-D2CD-4C23-87B1-0EBFA9BD3B72}]
2007-02-02 03:11 338432 --a------ C:\PROGRA~1\BADGES~1.0\SHELL_~1.DLL
[HKEY_CLASSES_ROOT\CLSID\{663AC8D3-A880-4AB8-8B89-BCEC3A4E51B1}]
2007-02-02 03:11 338432 --a------ C:\PROGRA~1\BADGES~1.0\SHELL_~1.DLL
[HKEY_CLASSES_ROOT\CLSID\{1C011EDC-054A-485B-B815-EF612433EF7A}]
2007-02-02 03:11 338432 --a------ C:\PROGRA~1\BADGES~1.0\SHELL_~1.DLL
[HKEY_CLASSES_ROOT\CLSID\{CC1B3A1B-6DBB-43ED-A142-6806736B90E2}]
2007-02-02 03:11 338432 --a------ C:\PROGRA~1\BADGES~1.0\SHELL_~1.DLL
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="C:\Program Files\RocketDock\RocketDock .exe" [2008-01-04 21:35 462848]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [ ]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ .exe" [2008-01-04 21:35 1957888]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-11-02 14:53 77824 C:\WINDOWS\SOUNDMAN.EXE]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 15:21 61952 C:\WINDOWS\system32\HdAShCut.exe]
"AlcWzrd"="ALCWZRD.EXE" [2004-12-10 15:38 2749440 C:\WINDOWS\ALCWZRD.EXE]
"QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [2008-01-04 21:35 282624]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [ ]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [ ]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [ ]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [ ]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 49152]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2007-08-14 10:08]
R2 StkASSrv;Syntek STK1160 Service;C:\WINDOWS\System32\StkASv2K.exe [2006-05-23 23:49]
S3 krdpdre;krdpdre;C:\DOCUME~1\RAJAON~1\LOCALS~1\Temp\krdpdre.sys []
S3 StkAMini;Syntek STK1160;C:\WINDOWS\system32\Drivers\StkAMini.sys [2006-11-15 17:32]
S3 StkScan;Syntek STK1160 Still Image;C:\WINDOWS\system32\Drivers\StkScan.sys [2006-06-27 18:27]
*Newly Created Service* - AVGASCLN
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-12-18 11:07:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-06 15:25:08
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\Program Files\RocketDock\RocketDock.dll
.
Completion time: 2008-01-06 15:30:08 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-06 14:30:02
.
2007-12-21 15:18:12 --- E O F ---
ComboFix 08-01-04.1 - Rajaonarison Antsa 2008-01-06 15:11:35.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.533 [GMT 1:00]
Running from: C:\Documents and Settings\Rajaonarison Antsa\Bureau\ComboFix.exe
* Created a new restore point
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\cbxvwts.dll
C:\WINDOWS\system32\cbxywus.dll
C:\WINDOWS\system32\dumnesxe.ini
C:\WINDOWS\system32\ewrfqxdb.dll
C:\WINDOWS\system32\exsenmud.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\qtutv.ini
C:\WINDOWS\system32\qtutv.ini2
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-06 to 2008-01-06 ))))))))))))))))))))))))))))))))))))
.
2008-01-06 15:07 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-06 14:07 . 2008-01-06 14:07 <REP> d-------- C:\Documents and Settings\Rajaonarison Antsa\Application Data\Grisoft
2008-01-06 14:03 . 2008-01-06 14:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-06 14:03 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-05 22:22 . 2008-01-06 00:06 <REP> d-------- C:\Documents and Settings\Rajaonarison Antsa\.housecall6.6
2008-01-04 20:35 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-01-04 20:35 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-01-04 20:35 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-01-04 20:35 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-01-04 20:35 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-01-04 20:34 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-01-04 20:34 . 2004-01-09 11:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-01-04 20:34 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AVASTSS.scr
2008-01-04 20:23 . 2008-01-04 21:09 <REP> d-------- C:\Program Files\a-squared Free
2008-01-04 14:41 . 2008-01-04 14:41 10 --a------ C:\WINDOWS\WININIT.INI
2008-01-04 14:18 . 2008-01-04 14:18 0 --a------ C:\WINDOWS\system32\atiicdxx.dat
2008-01-04 13:08 . 2008-01-04 14:17 <REP> d-------- C:\WINDOWS\tmp1671
2008-01-03 13:53 . 2005-02-04 19:25 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
2008-01-03 13:53 . 2005-02-04 19:25 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-01-03 13:53 . 2005-02-04 18:29 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
2008-01-03 13:53 . 2005-02-04 18:34 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents
2008-01-03 13:53 . 2005-02-04 19:25 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
2008-01-03 13:53 . 2005-02-04 18:34 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
2008-01-03 13:53 . 2006-08-03 21:05 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-01-02 18:56 . 2008-01-02 19:11 <REP> d-------- C:\Documents and Settings\Rajaonarison Antsa\.gimp-2.4
2008-01-02 18:55 . 2008-01-02 18:55 <REP> d-------- C:\Program Files\GIMP-2.0
2008-01-02 18:16 . 2008-01-02 18:16 <REP> d-------- C:\Program Files\Lavasoft
2008-01-02 18:16 . 2008-01-02 18:16 <REP> d-------- C:\Documents and Settings\Rajaonarison Antsa\Application Data\Lavasoft
2008-01-02 12:06 . 2008-01-05 12:40 221,184 --a------ C:\WINDOWS\system32\LVCOMSX .EXE
2008-01-02 12:06 . 2008-01-05 12:40 155,648 --a------ C:\WINDOWS\system32\NeroCheck .exe
2008-01-02 00:29 . 2007-11-05 05:34 118,520 --------- C:\WINDOWS\system32\pxinsi64.exe
2008-01-02 00:29 . 2007-11-05 05:34 118,056 --------- C:\WINDOWS\system32\pxcpyi64.exe
2007-12-15 13:26 . 1928-01-01 22:08 4,358,144 --a------ C:\WINDOWS\uncsetup.exe
2007-12-14 20:58 . 2007-12-14 22:06 <REP> d-------- C:\Documents and Settings\Rajaonarison Antsa\Application Data\Sierra
2007-12-14 20:49 . 2007-12-14 20:49 <REP> d-------- C:\Program Files\Sierra
2007-12-11 21:49 . 2007-12-11 21:49 <REP> d-------- C:\Temp
2007-12-11 21:48 . 2007-12-11 22:05 <REP> d-------- C:\Program Files\AirSnare
2007-12-11 21:28 . 2007-12-11 21:28 <REP> d-------- C:\Program Files\Camtech
2007-12-11 21:28 . 2000-12-06 00:00 109,248 --a------ C:\WINDOWS\system32\Mswinsck.ocx
2007-12-11 21:28 . 2001-09-03 07:52 766 --a------ C:\WINDOWS\win98Logo.ico
2007-12-11 21:20 . 2007-12-11 21:20 <REP> d-------- C:\Program Files\Look@LAN
2007-12-10 18:38 . 2007-12-20 11:41 <REP> d-------- C:\Program Files\Azureus
2007-12-07 18:49 . 2007-12-07 18:49 <REP> d-------- C:\Program Files\Ulead Systems
2007-12-07 18:49 . 2007-12-07 18:49 <REP> d-------- C:\Program Files\Fichiers communs\Ulead Systems
2007-12-07 18:00 . 2008-01-04 13:08 <REP> d-------- C:\WINDOWS\system32\windows media
2007-12-06 20:36 . 2007-12-06 20:37 <REP> d-------- C:\Documents and Settings\Rajaonarison Antsa\Praat
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-05 13:12 --------- d-----w C:\Program Files\RocketDock
2008-01-05 13:12 --------- d-----w C:\Program Files\QuickTime
2008-01-05 13:11 --------- d-----w C:\Program Files\Spyware Terminator
2008-01-05 13:11 --------- d-----w C:\Program Files\iTunes
2008-01-05 01:07 --------- d-----w C:\Program Files\Steam
2008-01-04 16:43 --------- d-----w C:\Program Files\eMule
2008-01-04 15:45 --------- d-----w C:\Documents and Settings\Rajaonarison Antsa\Application Data\Spyware Terminator
2008-01-04 13:16 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-04 13:16 --------- d-----w C:\Program Files\CONEXANT
2008-01-02 16:57 --------- d-----w C:\Documents and Settings\Rajaonarison Antsa\Application Data\Azureus
2007-12-22 17:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kodak
2007-12-20 14:31 --------- d-----w C:\Program Files\JP_système
2007-12-19 01:43 --------- d-----w C:\Program Files\Call of Duty Game of the Year Edition
2007-12-09 21:43 8,978 ----a-w C:\Documents and Settings\Rajaonarison Antsa\Application Data\wklnhst.dat
2007-12-07 17:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems
2007-12-05 20:29 --------- d-----w C:\Program Files\DivX
2007-12-05 19:35 --------- d-----w C:\Program Files\Pando Networks
2007-11-30 22:03 --------- d-----w C:\Documents and Settings\Rajaonarison Antsa\Application Data\dvdcss
2007-11-29 00:27 --------- d-----w C:\Program Files\MobeeSoft
2007-11-28 13:24 --------- d-----w C:\Documents and Settings\Rajaonarison Antsa\Application Data\STOIK
2007-11-28 11:37 --------- d-----w C:\Program Files\MP3 Player Utilities 4.18
2007-11-18 13:40 --------- d-----w C:\Program Files\IZArc
2007-11-16 15:10 --------- d-----w C:\Program Files\ATI Technologies
2007-11-15 19:56 --------- d-----w C:\Program Files\Empire Interactive
2007-11-14 22:21 --------- d-----w C:\Program Files\JoWooD
2007-11-14 21:54 65,276 -c--a-w C:\WINDOWS\BricoPackUninst.cmd
2007-11-14 21:54 5,806 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd
2007-11-14 20:25 --------- d-----w C:\Program Files\Warcraft III
2007-11-14 17:27 --------- d-----w C:\Program Files\Maxis
2007-11-14 14:59 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-06 09:46 --------- d-----w C:\Program Files\Windows Media Components
2007-11-06 09:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2007-11-06 09:40 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2005-08-15 16:03 854 -c--a-w C:\Program Files\INSTALL.LOG
.
[code]<pre>
----a-w 344,064 2008-01-04 19:36:46 C:\ATI-CPanel\atiptaxx .exe
----a-w 61,440 2008-01-04 19:36:57 C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy .exe
----a-w 39,792 2008-01-05 11:40:33 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe
----a-w 1,957,888 2008-01-04 20:35:33 C:\Program Files\Ahead\Nero BackItUp\NBJ .exe
----a-w 49,152 2008-01-05 11:40:29 C:\Program Files\HP\HP Software Update\HPWuSchd2 .exe
----a-w 257,088 2008-01-05 11:40:37 C:\Program Files\iTunes\iTunesHelper .exe
----a-w 132,496 2008-01-05 11:40:33 C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
----a-w 1,694,208 2008-01-05 11:40:52 C:\Program Files\Messenger\msmsgs .exe
----a-w 5,207,368 2008-01-02 17:10:33 C:\Program Files\Pando Networks\Pando\Pando .exe
----a-w 282,624 2008-01-04 20:35:12 C:\Program Files\QuickTime\qttask .exe
----a-w 462,848 2008-01-04 20:35:25 C:\Program Files\RocketDock\RocketDock .exe
----a-w 2,776,576 2008-01-05 11:40:48 C:\Program Files\Spyware Terminator\SpywareTerminatorShield .exe
----a-w 36,864 2008-01-05 11:40:33 C:\Program Files\Ulead Systems\Ulead VideoStudio SE DVD\uvPL .exe
----a-w 221,184 2008-01-05 11:40:33 C:\WINDOWS\system32\LVCOMSX .EXE
----a-w 155,648 2008-01-05 11:40:30 C:\WINDOWS\system32\NeroCheck .exe
</pre>[/code]
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShedkoIconOverlay1 {340B93F0-409B-4FE1-A299-E51A9DBC15E8}]
@={340B93F0-409B-4FE1-A299-E51A9DBC15E8}
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShedkoIconOverlay10 {6BFB2A00-8527-4BF2-A0E8-CD9050681F04}]
@={6BFB2A00-8527-4BF2-A0E8-CD9050681F04}
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShedkoIconOverlay2 {E3938C98-7DD8-449B-8307-72BFAB5AD177}]
@={E3938C98-7DD8-449B-8307-72BFAB5AD177}
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShedkoIconOverlay3 {D2871DBF-4514-4F87-982C-33DC93EC49B5}]
@={D2871DBF-4514-4F87-982C-33DC93EC49B5}
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShedkoIconOverlay4 {6CC026B2-745A-414B-8D1B-31FEE8924274}]
@={6CC026B2-745A-414B-8D1B-31FEE8924274}
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShedkoIconOverlay5 {E871D3F2-4F71-4DC1-AD19-EA1CFD16DAB1}]
@={E871D3F2-4F71-4DC1-AD19-EA1CFD16DAB1}
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShedkoIconOverlay6 {5181ED65-D2CD-4C23-87B1-0EBFA9BD3B72}]
@={5181ED65-D2CD-4C23-87B1-0EBFA9BD3B72}
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShedkoIconOverlay7 {663AC8D3-A880-4AB8-8B89-BCEC3A4E51B1}]
@={663AC8D3-A880-4AB8-8B89-BCEC3A4E51B1}
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShedkoIconOverlay8 {1C011EDC-054A-485B-B815-EF612433EF7A}]
@={1C011EDC-054A-485B-B815-EF612433EF7A}
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShedkoIconOverlay9 {CC1B3A1B-6DBB-43ED-A142-6806736B90E2}]
@={CC1B3A1B-6DBB-43ED-A142-6806736B90E2}
[HKEY_CLASSES_ROOT\CLSID\{340B93F0-409B-4FE1-A299-E51A9DBC15E8}]
2007-02-02 03:11 338432 --a------ C:\PROGRA~1\BADGES~1.0\SHELL_~1.DLL
[HKEY_CLASSES_ROOT\CLSID\{6BFB2A00-8527-4BF2-A0E8-CD9050681F04}]
2007-02-02 03:11 338432 --a------ C:\PROGRA~1\BADGES~1.0\SHELL_~1.DLL
[HKEY_CLASSES_ROOT\CLSID\{E3938C98-7DD8-449B-8307-72BFAB5AD177}]
2007-02-02 03:11 338432 --a------ C:\PROGRA~1\BADGES~1.0\SHELL_~1.DLL
[HKEY_CLASSES_ROOT\CLSID\{D2871DBF-4514-4F87-982C-33DC93EC49B5}]
2007-02-02 03:11 338432 --a------ C:\PROGRA~1\BADGES~1.0\SHELL_~1.DLL
[HKEY_CLASSES_ROOT\CLSID\{6CC026B2-745A-414B-8D1B-31FEE8924274}]
2007-02-02 03:11 338432 --a------ C:\PROGRA~1\BADGES~1.0\SHELL_~1.DLL
[HKEY_CLASSES_ROOT\CLSID\{E871D3F2-4F71-4DC1-AD19-EA1CFD16DAB1}]
2007-02-02 03:11 338432 --a------ C:\PROGRA~1\BADGES~1.0\SHELL_~1.DLL
[HKEY_CLASSES_ROOT\CLSID\{5181ED65-D2CD-4C23-87B1-0EBFA9BD3B72}]
2007-02-02 03:11 338432 --a------ C:\PROGRA~1\BADGES~1.0\SHELL_~1.DLL
[HKEY_CLASSES_ROOT\CLSID\{663AC8D3-A880-4AB8-8B89-BCEC3A4E51B1}]
2007-02-02 03:11 338432 --a------ C:\PROGRA~1\BADGES~1.0\SHELL_~1.DLL
[HKEY_CLASSES_ROOT\CLSID\{1C011EDC-054A-485B-B815-EF612433EF7A}]
2007-02-02 03:11 338432 --a------ C:\PROGRA~1\BADGES~1.0\SHELL_~1.DLL
[HKEY_CLASSES_ROOT\CLSID\{CC1B3A1B-6DBB-43ED-A142-6806736B90E2}]
2007-02-02 03:11 338432 --a------ C:\PROGRA~1\BADGES~1.0\SHELL_~1.DLL
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="C:\Program Files\RocketDock\RocketDock .exe" [2008-01-04 21:35 462848]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [ ]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ .exe" [2008-01-04 21:35 1957888]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-11-02 14:53 77824 C:\WINDOWS\SOUNDMAN.EXE]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 15:21 61952 C:\WINDOWS\system32\HdAShCut.exe]
"AlcWzrd"="ALCWZRD.EXE" [2004-12-10 15:38 2749440 C:\WINDOWS\ALCWZRD.EXE]
"QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [2008-01-04 21:35 282624]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [ ]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [ ]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [ ]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [ ]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 49152]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2007-08-14 10:08]
R2 StkASSrv;Syntek STK1160 Service;C:\WINDOWS\System32\StkASv2K.exe [2006-05-23 23:49]
S3 krdpdre;krdpdre;C:\DOCUME~1\RAJAON~1\LOCALS~1\Temp\krdpdre.sys []
S3 StkAMini;Syntek STK1160;C:\WINDOWS\system32\Drivers\StkAMini.sys [2006-11-15 17:32]
S3 StkScan;Syntek STK1160 Still Image;C:\WINDOWS\system32\Drivers\StkScan.sys [2006-06-27 18:27]
*Newly Created Service* - AVGASCLN
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-12-18 11:07:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-06 15:25:08
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\Program Files\RocketDock\RocketDock.dll
.
Completion time: 2008-01-06 15:30:08 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-06 14:30:02
.
2007-12-21 15:18:12 --- E O F ---
voici le rapport de hijack:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:32:35, on 06/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\StkASv2K.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\QuickTime\qttask .exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\RocketDock\RocketDock .exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
C:\Program Files\Hercules\WiFi Station\WifiStation.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Rajaonarison Antsa\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock .exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ .exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: LUMIX Simple Viewer.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WiFi Station.lnk = ?
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.18\AMVConverter\grab.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O17 - HKLM\System\CCS\Services\Tcpip\..\{1D50A7C8-14D3-4217-93B9-25853380CF5C}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{3744FC3B-5FFC-4F32-98A2-D6C466621245}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{6C152234-2EA7-4ECE-9ED3-AF7F66262693}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{8E11A4C5-7F67-4870-96F6-8EB79FFD6EAF}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{A504A605-1DCA-4D50-875E-C3CAE75B60FF}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{C3579A8C-50F2-4179-8B40-CD6B754C8395}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{1D50A7C8-14D3-4217-93B9-25853380CF5C}: NameServer = 192.168.1.1
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
O23 - Service: Syntek STK1160 Service (StkASSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkASv2K.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:32:35, on 06/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\StkASv2K.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\QuickTime\qttask .exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\RocketDock\RocketDock .exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
C:\Program Files\Hercules\WiFi Station\WifiStation.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Rajaonarison Antsa\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock .exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ .exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: LUMIX Simple Viewer.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WiFi Station.lnk = ?
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.18\AMVConverter\grab.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O17 - HKLM\System\CCS\Services\Tcpip\..\{1D50A7C8-14D3-4217-93B9-25853380CF5C}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{3744FC3B-5FFC-4F32-98A2-D6C466621245}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{6C152234-2EA7-4ECE-9ED3-AF7F66262693}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{8E11A4C5-7F67-4870-96F6-8EB79FFD6EAF}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{A504A605-1DCA-4D50-875E-C3CAE75B60FF}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{C3579A8C-50F2-4179-8B40-CD6B754C8395}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{1D50A7C8-14D3-4217-93B9-25853380CF5C}: NameServer = 192.168.1.1
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
O23 - Service: Syntek STK1160 Service (StkASSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkASv2K.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
peut tu faire analyser ceci
C:\WINDOWS\System32\StkASv2K.exe
ici
https://www.virustotal.com/gui/
et poste le compte rendu
@+;-)
C:\WINDOWS\System32\StkASv2K.exe
ici
https://www.virustotal.com/gui/
et poste le compte rendu
@+;-)
Apres analyse:
MD5: 5ccfe3b03f97005d221ba897c9a20b38
Date 2007.10.17 02:05:47 (CET) [>81D]
Résultats 1/32
Permalink: analisis/ff5d931a79a0455cde64de73c87cc317
Rapport:
Fichier StkASv2K.exe reçu le 2007.10.17 02:05:47 (CET)
Situation actuelle: terminé
Résultat: 1/32 (3.12%)
Formaté Formaté
Impression des résultats Impression des résultats
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 - - -
AntiVir - - -
Authentium - - -
Avast - - -
AVG - - -
BitDefender - - -
CAT-QuickHeal - - -
ClamAV - - -
DrWeb - - -
eSafe - - -
eTrust-Vet - - -
Ewido - - -
FileAdvisor - - -
Fortinet - - -
F-Prot - - -
F-Secure - - -
Ikarus - - -
Kaspersky - - -
McAfee - - -
Microsoft - - -
NOD32v2 - - -
Norman - - -
Panda - - -
Prevx1 - - Heuristic: Suspicious Self Modifying File
Rising - - -
Sophos - - -
Sunbelt - - -
Symantec - - -
TheHacker - - -
VBA32 - - -
VirusBuster - - -
Webwasher-Gateway - - -
Information additionnelle
MD5: 5ccfe3b03f97005d221ba897c9a20b38
MD5: 5ccfe3b03f97005d221ba897c9a20b38
Date 2007.10.17 02:05:47 (CET) [>81D]
Résultats 1/32
Permalink: analisis/ff5d931a79a0455cde64de73c87cc317
Rapport:
Fichier StkASv2K.exe reçu le 2007.10.17 02:05:47 (CET)
Situation actuelle: terminé
Résultat: 1/32 (3.12%)
Formaté Formaté
Impression des résultats Impression des résultats
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 - - -
AntiVir - - -
Authentium - - -
Avast - - -
AVG - - -
BitDefender - - -
CAT-QuickHeal - - -
ClamAV - - -
DrWeb - - -
eSafe - - -
eTrust-Vet - - -
Ewido - - -
FileAdvisor - - -
Fortinet - - -
F-Prot - - -
F-Secure - - -
Ikarus - - -
Kaspersky - - -
McAfee - - -
Microsoft - - -
NOD32v2 - - -
Norman - - -
Panda - - -
Prevx1 - - Heuristic: Suspicious Self Modifying File
Rising - - -
Sophos - - -
Sunbelt - - -
Symantec - - -
TheHacker - - -
VBA32 - - -
VirusBuster - - -
Webwasher-Gateway - - -
Information additionnelle
MD5: 5ccfe3b03f97005d221ba897c9a20b38
pour vérif fait ceci
Télécharge sur le bureau : [url=http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe]navilog.exe[/url]
=> installe le
=> Double-Clic navilog1 qui est sur le bureau
=> Appuyer sur une touche jusqu' arriver aux options
=> Choisir option 1 ( = taper 1 )
ne pas utiliser les autres sans avis , il peut y avoir des processus légitimes
le rapport se trouve dans c: fixnavi.txt
tu postes ce rapport.
---------------------
Télecharge http://www.malekal.com/download/clean.zip sur le bureau
=> Dézippe sur le bureau.
=> ouvrir le dossier clean
=> clique sur le symbole roue dentée avec le nom clean
=> choisir l'option 1 et laisser clean travailler jusqu'à l'apparition du texte "appuyer sur une touche pour continuer"
=> ensuite colle le rapport
Télécharge sur le bureau : [url=http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe]navilog.exe[/url]
=> installe le
=> Double-Clic navilog1 qui est sur le bureau
=> Appuyer sur une touche jusqu' arriver aux options
=> Choisir option 1 ( = taper 1 )
ne pas utiliser les autres sans avis , il peut y avoir des processus légitimes
le rapport se trouve dans c: fixnavi.txt
tu postes ce rapport.
---------------------
Télecharge http://www.malekal.com/download/clean.zip sur le bureau
=> Dézippe sur le bureau.
=> ouvrir le dossier clean
=> clique sur le symbole roue dentée avec le nom clean
=> choisir l'option 1 et laisser clean travailler jusqu'à l'apparition du texte "appuyer sur une touche pour continuer"
=> ensuite colle le rapport
Rapport de navilog:
Search Navipromo version 3.3.8 commencé le 06/01/2008 à 17:36:31,29
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!
Outil exécuté depuis C:\Program Files\navilog1
Mise à jour le 11.12.2007 à 18h00 par IL-MAFIOSO
Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 6.0.2900.2180
Système de fichiers : NTFS
Executé en mode normal
*** Recherche Programmes installés ***
*** Recherche dossiers dans C:\WINDOWS ***
*** Recherche dossiers dans C:\Program Files ***
*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\APPLIC~1 ***
*** Recherche dossiers dans "C:\Documents and Settings\Rajaonarison Antsa\application data" ***
*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1 ***
*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net
Aucun Fichier trouvé
*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!
* Recherche dans C:\WINDOWS\system32 *
* Recherche dans "C:\Documents and Settings\Rajaonarison Antsa\local settings\application data" *
*** Recherche fichiers ***
*** Recherche clés spécifiques dans le Registre ***
*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Recherche nouveaux fichiers Instant Access :
2)Recherche Heuristique :
* Dans C:\WINDOWS\system32 :
* Dans "C:\Documents and Settings\Rajaonarison Antsa\local settings\application data" :
3)Recherche Certificats :
Certificat Egroup absent !
4)Recherche fichiers connus :
*** Analyse terminée le 06/01/2008 à 17:41:44,14 ***
Search Navipromo version 3.3.8 commencé le 06/01/2008 à 17:36:31,29
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!
Outil exécuté depuis C:\Program Files\navilog1
Mise à jour le 11.12.2007 à 18h00 par IL-MAFIOSO
Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 6.0.2900.2180
Système de fichiers : NTFS
Executé en mode normal
*** Recherche Programmes installés ***
*** Recherche dossiers dans C:\WINDOWS ***
*** Recherche dossiers dans C:\Program Files ***
*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\APPLIC~1 ***
*** Recherche dossiers dans "C:\Documents and Settings\Rajaonarison Antsa\application data" ***
*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1 ***
*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net
Aucun Fichier trouvé
*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!
* Recherche dans C:\WINDOWS\system32 *
* Recherche dans "C:\Documents and Settings\Rajaonarison Antsa\local settings\application data" *
*** Recherche fichiers ***
*** Recherche clés spécifiques dans le Registre ***
*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Recherche nouveaux fichiers Instant Access :
2)Recherche Heuristique :
* Dans C:\WINDOWS\system32 :
* Dans "C:\Documents and Settings\Rajaonarison Antsa\local settings\application data" :
3)Recherche Certificats :
Certificat Egroup absent !
4)Recherche fichiers connus :
*** Analyse terminée le 06/01/2008 à 17:41:44,14 ***
