Aller au contenu
  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

[résolu]Fenêtres intempestives " CiD "


Messages recommandés

Bonjour à tous !

 

Un ami habitant près de chez moi je relate ces problèmes, il est assailli de temps à autres de publicités intempestives nommés " CiD ", mon ami ayant quelques problèmes de connexion internet, nous sommes obligés d'utiliser mon ordinateur pour tenter de régler ces problèmes.Je vous fait parvenir un rapport hijackthis que voila :

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 00:13:34, on 29/06/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Program Files\Acer\Acer eConsole\MediaServerService.exe

C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\vk_service.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe

C:\Acer\Empowering Technology\eRecovery\Monitor.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\Acer\Acer eMode Management\AspireService.exe

C:\Program Files\Acer\Acer eConsole\MediaSync.exe

C:\PROGRA~1\PESTPA~1\PPControl.exe

C:\PROGRA~1\PESTPA~1\PPMemCheck.exe

C:\PROGRA~1\PESTPA~1\CookiePatrol.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe

C:\Program Files\Logitech\QuickCam\Quickcam.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\VirusKeeper.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe

C:\Documents and Settings\Johann Duchamp\Local Settings\Application Data\Google\Update\1.1.25.0\GoogleUpdate.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\Johann Duchamp\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe

C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Steam\Steam.exe

C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Windows Live\Messenger\usnsvc.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Seekmo /fleok=1D8A83A5C2E7127D9EA46C2A1FBB39BFE4976E26CAEDA120180A196D6093 - {07AA283A-43D7-4CBE-A064-32A21112D94D} - (no file)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: (no name) - {07AA283A-43D7-4CBE-A064-32A21112D94D} - (no file)

O4 - HKLM\..\Run: [LaunchApp] Alaunch

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [AspireService] C:\Program Files\Acer\Acer eMode Management\AspireService.exe

O4 - HKLM\..\Run: [MediaSync] C:\Program Files\Acer\Acer eConsole\MediaSync.exe

O4 - HKLM\..\Run: [PestPatrol Control Center] c:\PROGRA~1\PESTPA~1\PPControl.exe

O4 - HKLM\..\Run: [PPMemCheck] c:\PROGRA~1\PESTPA~1\PPMemCheck.exe

O4 - HKLM\..\Run: [CookiePatrol] c:\PROGRA~1\PESTPA~1\CookiePatrol.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"

O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [VirusKeeper] C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\VirusKeeper.exe

O4 - HKLM\..\Run: [seekmoSA] "C:\Program Files\Seekmo\bin\10.0.424.0\SeekmoSA.exe"

O4 - HKLM\..\Run: [DSS] C:\WINDOWS\BBSTORE\DSS\DSSAGENT.EXE

O4 - HKLM\..\Run: [NI.UGDC_0001_N122M2802] "c:\documents and settings\johann duchamp\application data\installer_en[1].exe"

O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [steam] "c:\program files\steam\steam.exe" -silent

O4 - HKCU\..\Run: [Gadwin PrintScreen] "C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe" /nosplash

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Johann Duchamp\Local Settings\Application Data\Google\Update\1.1.25.0\GoogleUpdate.exe" /lang en

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [AntiSpywareShield] C:\Program Files\AntiSpywareShield\AntiSpywareShield.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - S-1-5-18 Startup: YouTube Uploader.lnk = C:\Documents and Settings\Johann Duchamp\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe (User 'SYSTEM')

O4 - .DEFAULT Startup: YouTube Uploader.lnk = C:\Documents and Settings\Johann Duchamp\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe (User 'Default user')

O4 - Startup: YouTube Uploader.lnk = C:\Documents and Settings\Johann Duchamp\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://zhouyufrance.spaces.live.com//Photo...ad/MsnPUpld.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab55762.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{A44CC297-F641-42E6-B939-D2986F14B621}: NameServer = 208.67.220.220,208.67.222.222

O17 - HKLM\System\CCS\Services\Tcpip\..\{DF528F8A-064B-4655-9E4D-9DE9B8D27BDB}: NameServer = 208.67.220.220,208.67.222.222

O17 - HKLM\System\CCS\Services\Tcpip\..\{F6DE3E48-11BC-48FE-8748-893D0DAF0731}: NameServer = 208.67.220.220,208.67.222.222

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222

O22 - SharedTaskScheduler: dikage - {d4c51fa4-9192-4a9a-8d2a-a0690c92f171} - (no file)

O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe

O23 - Service: VirusKeeper antivirus/antispyware (vkservice) - AxBx - C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\vk_service.exe

 

--

End of file - 13667 bytes

 

 

En vous remerciant.

 

Bonne soirée

 

Amicalement

Modifié par TheGhostRider
Lien vers le commentaire
Partager sur d’autres sites

Bonsoir, il y a au moins 3 familles d'infections là dedans. :P

 

Désactive tes protections résidentes ( Antivirus , ... ) tu les réactiveras ensuite

 

Télécharge Lop S&D.exe sur ton bureau

 

  • Double-clique dessus pour lancer l'installation
  • Puis double-clique sur le raccourci Lop S&D présent sur ton bureau
  • Sélectionne la langue souhaitée, puis choisis l'Option 1 ( Recherche )
  • Patiente jusqu'à la fin du scan
  • Poste le rapport généré ( C:\lopR.txt )

 

( Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide).

Lien vers le commentaire
Partager sur d’autres sites

Vous arrivez à identifier 3 infections en à peine 3 minutes et donner une solution ? Quelle rapidité :P Ce doit être l'expérience qui vous rend si rapide :P

 

 

Le rapport S&D vous sera envoyé demain, merci de votre aide.

 

Amicalement

Lien vers le commentaire
Partager sur d’autres sites

En passant, un deuxième rapport (diagnostic seulement) sera nécessaire :

 

  • Télécharge SmitFraudFix de S!Ri sur le bureau :
    http://siri.urz.free.fr/Fix/SmitfraudFix.exe
  • Note: si tu as une version de SmitfraudFix, ne l'utilise pas, élimine là et télécharge la dernière version.
  • Double-clique sur smitfraudfix.exe
  • Choisis l'option 1 pour créer un rapport des fichiers responsables de l'infection.
  • Poste le rapport sur le forum dans ta prochaine réponse. (si tu ne le trouves pas, il est dans "C:\rapport.txt")

 

 

Si process.exe est détecté par ton antivirus ou un autre logiciel, n'en tiens pas compte (choisis d'ignorer) et ne bloque pas le fichier, il sert à terminer des processus, d'où l'alerte émise par ces antivirus qui y voient un danger potentiel. (doc).

Lien vers le commentaire
Partager sur d’autres sites

Bonsoir

 

Si joint respectivement les logs Lop S&D et Smifraudfix

 

 

-----------------------[ Lop S&D 4.2.1-8 XP/Vista ]---------------------

 

[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]

[ USER : Johann Duchamp ] [ "C:\Lop SD" ] [ Selection : 1 ]

[ 29/06/2008 | 19:53:05,12 ] [ PC : GOHAN ]

[ MAJ : 24-06-2008 | 11:00 ]

 

-------------[ Listing des dossiers dans Application Data ]------------

 

[12/01/2006|20:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe

[04/05/2008|10:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Audio 4 part browse

[24/05/2008|15:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\avg8

[01/04/2006|19:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink

[16/12/2005|04:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini

[29/08/2006|13:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\eConsole

[18/09/2006|19:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google

[14/02/2008|15:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logishrd

[14/02/2008|15:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logitech

[07/04/2008|12:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!

[29/06/2008|10:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft

[29/06/2008|10:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Prevx

[12/04/2006|08:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime

[29/06/2008|12:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy

[03/03/2007|10:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec

[29/06/2008|12:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP

[29/06/2008|10:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Webroot

[25/07/2006|09:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage

[12/12/2006|23:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar

[17/03/2008|20:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

[04/05/2006|21:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion

 

[16/12/2005|04:04] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini

[12/01/2006|20:10] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities

[12/01/2006|20:10] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[16/12/2005|03:23] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec

 

[26/11/2006|00:11] C:\DOCUME~1\JOHANN~1\APPLIC~1\Adobe

[04/05/2008|10:11] C:\DOCUME~1\JOHANN~1\APPLIC~1\AVGTOOLBAR

[01/04/2006|19:13] C:\DOCUME~1\JOHANN~1\APPLIC~1\CyberLink

[16/12/2005|04:04] C:\DOCUME~1\JOHANN~1\APPLIC~1\desktop.ini

[19/11/2007|19:25] C:\DOCUME~1\JOHANN~1\APPLIC~1\dvdcss

[08/06/2007|22:58] C:\DOCUME~1\JOHANN~1\APPLIC~1\Google

[29/08/2006|13:26] C:\DOCUME~1\JOHANN~1\APPLIC~1\Help

[12/01/2006|20:10] C:\DOCUME~1\JOHANN~1\APPLIC~1\Identities

[11/12/2006|20:42] C:\DOCUME~1\JOHANN~1\APPLIC~1\inifile41.ini

[26/06/2008|19:03] C:\DOCUME~1\JOHANN~1\APPLIC~1\InstallShield

[11/12/2006|20:42] C:\DOCUME~1\JOHANN~1\APPLIC~1\internaldb1942.dat

[08/02/2008|10:34] C:\DOCUME~1\JOHANN~1\APPLIC~1\La Bataille pour la Terre du Milieu T II

[29/06/2008|11:04] C:\DOCUME~1\JOHANN~1\APPLIC~1\Lavasoft

[03/05/2008|13:06] C:\DOCUME~1\JOHANN~1\APPLIC~1\LimeWire

[04/05/2006|21:40] C:\DOCUME~1\JOHANN~1\APPLIC~1\Macromedia

[24/05/2008|15:07] C:\DOCUME~1\JOHANN~1\APPLIC~1\Microsoft

[09/09/2006|21:18] C:\DOCUME~1\JOHANN~1\APPLIC~1\Microsoft Web Folders

[29/11/2007|10:36] C:\DOCUME~1\JOHANN~1\APPLIC~1\mIRC

[19/12/2006|20:22] C:\DOCUME~1\JOHANN~1\APPLIC~1\Mozilla

[13/05/2007|12:32] C:\DOCUME~1\JOHANN~1\APPLIC~1\Nvu

[29/06/2008|10:57] C:\DOCUME~1\JOHANN~1\APPLIC~1\PC Tools

[04/09/2007|20:27] C:\DOCUME~1\JOHANN~1\APPLIC~1\Shareaza

[04/06/2008|20:27] C:\DOCUME~1\JOHANN~1\APPLIC~1\ShoppingReport

[30/09/2006|18:46] C:\DOCUME~1\JOHANN~1\APPLIC~1\Sierra

[06/05/2006|14:16] C:\DOCUME~1\JOHANN~1\APPLIC~1\Sun

[01/04/2006|19:04] C:\DOCUME~1\JOHANN~1\APPLIC~1\Symantec

[15/10/2007|20:02] C:\DOCUME~1\JOHANN~1\APPLIC~1\teamspeak2

[04/05/2008|10:15] C:\DOCUME~1\JOHANN~1\APPLIC~1\Test pure each

[30/06/2007|15:00] C:\DOCUME~1\JOHANN~1\APPLIC~1\U3

[14/02/2008|17:52] C:\DOCUME~1\JOHANN~1\APPLIC~1\uTorrent

[09/09/2006|21:29] C:\DOCUME~1\JOHANN~1\APPLIC~1\vlc

[29/06/2008|10:55] C:\DOCUME~1\JOHANN~1\APPLIC~1\Webroot

[03/03/2007|10:36] C:\DOCUME~1\JOHANN~1\APPLIC~1\WinssCookie.txt

[06/11/2007|22:33] C:\DOCUME~1\JOHANN~1\APPLIC~1\X-Chat 2

[19/06/2008|16:52] C:\DOCUME~1\JOHANN~1\APPLIC~1\Xfire

 

[24/05/2008|15:07] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[29/06/2008|10:57] C:\DOCUME~1\LOCALS~1\APPLIC~1\Webroot

 

[24/05/2008|15:07] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

[07/05/2006|12:10] C:\DOCUME~1\NETWOR~1\APPLIC~1\Symantec

 

----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------

 

[29/06/2008 19:00][--ah-----] C:\WINDOWS\tasks\AF240B2291A78006.job

[29/06/2008 19:35][--a------] C:\WINDOWS\tasks\V‚rifier les mises … jour de Windows Live Toolbar.job

[28/06/2007 10:27][--ah-----] C:\WINDOWS\tasks\MP Scheduled Quick Scan.job

[29/06/2008 12:26][--ah-----] C:\WINDOWS\tasks\SA.DAT

[05/08/2004 07:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

 

AF240B2291A78006.job <--> c:\docume~1\johann~1\applic~1\testpu~1\PokeSecondFlap.exe

 

---------------[ Listing des dossiers dans C:\Program Files ]--------------

 

[01/04/2006|18:48] C:\Program Files\Acer

[16/12/2005|03:18] C:\Program Files\Adobe

[30/06/2007|15:00] C:\Program Files\Alwil Software

[25/09/2007|13:40] C:\Program Files\Ankama Games

[29/04/2008|14:08] C:\Program Files\AntiSpyKit 5.3

[06/03/2008|14:29] C:\Program Files\AntiSpywareShield

[02/06/2008|10:43] C:\Program Files\AxBx

[20/12/2007|11:47] C:\Program Files\CamStudio

[29/06/2008|13:40] C:\Program Files\CCleaner

[04/05/2008|10:38] C:\Program Files\Circle Developement

[24/03/2008|20:36] C:\Program Files\Common Files

[16/12/2005|03:06] C:\Program Files\ComPlus Applications

[16/12/2005|03:22] C:\Program Files\CyberLink

[16/05/2007|19:56] C:\Program Files\Diablo II

[17/04/2008|18:36] C:\Program Files\Dofus

[07/04/2008|19:06] C:\Program Files\Dofus_Beta

[02/09/2007|14:05] C:\Program Files\Dofus-Arena

[04/01/2007|19:44] C:\Program Files\EA GAMES

[05/05/2008|20:32] C:\Program Files\Edmark

[03/09/2007|13:19] C:\Program Files\Electronic Arts

[02/04/2006|11:42] C:\Program Files\EPSON

[04/06/2008|19:38] C:\Program Files\Fichiers communs

[27/05/2007|14:01] C:\Program Files\Gadwin Systems

[26/04/2008|08:46] C:\Program Files\GameSpy Arcade

[08/06/2007|22:57] C:\Program Files\Google

[24/03/2008|17:33] C:\Program Files\Gpotato.eu

[18/12/2007|08:10] C:\Program Files\Gravity

[29/06/2008|12:10] C:\Program Files\Hitman Pro

[26/06/2008|19:13] C:\Program Files\InstallShield Installation Information

[18/06/2008|16:42] C:\Program Files\Internet Explorer

[29/06/2008|10:55] C:\Program Files\Lavasoft

[11/12/2007|18:34] C:\Program Files\LimeWire

[14/02/2008|15:16] C:\Program Files\Logitech

[12/01/2006|20:11] C:\Program Files\Messenger

[07/04/2008|12:28] C:\Program Files\Messenger Plus! Live

[09/06/2008|22:11] C:\Program Files\Microsoft CAPICOM 2.1.0.2

[09/09/2006|21:18] C:\Program Files\microsoft frontpage

[09/09/2006|21:18] C:\Program Files\Microsoft Office

[17/03/2008|20:45] C:\Program Files\Microsoft SQL Server Compact Edition

[09/09/2006|21:22] C:\Program Files\Microsoft Visual Studio

[12/01/2006|20:11] C:\Program Files\Movie Maker

[27/05/2007|21:32] C:\Program Files\Mozilla Firefox

[12/01/2006|20:11] C:\Program Files\MSN

[12/01/2006|20:11] C:\Program Files\MSN Gaming Zone

[12/01/2006|20:11] C:\Program Files\NetMeeting

[01/04/2006|18:47] C:\Program Files\NewTech Infosystems

[13/05/2007|12:32] C:\Program Files\Nvu

[12/01/2006|20:12] C:\Program Files\Online Services

[13/06/2007|14:51] C:\Program Files\Outlook Express

[29/06/2008|19:49] C:\Program Files\PestPatrol

[12/04/2006|08:36] C:\Program Files\QuickTime

[16/12/2005|03:14] C:\Program Files\Realtek

[12/01/2006|20:12] C:\Program Files\Services en ligne

[03/06/2008|17:58] C:\Program Files\ShoppingReport

[30/09/2006|18:24] C:\Program Files\Sierra

[06/03/2008|18:07] C:\Program Files\Spybot - Search & Destroy

[29/06/2008|11:31] C:\Program Files\Spyware Doctor

[29/06/2008|11:00] C:\Program Files\SpywareBlaster

[29/06/2008|19:42] C:\Program Files\Steam

[15/10/2007|20:02] C:\Program Files\Teamspeak2_RC2

[28/04/2008|19:06] C:\Program Files\Test pure each

[19/04/2008|18:06] C:\Program Files\The Learning Company

[26/06/2008|19:13] C:\Program Files\THQ

[29/06/2008|00:12] C:\Program Files\Trend Micro

[08/03/2008|19:07] C:\Program Files\UBISOFT

[16/12/2005|03:17] C:\Program Files\Uninstall Information

[06/11/2007|22:16] C:\Program Files\uTorrent

[09/09/2006|21:28] C:\Program Files\VideoLAN

[06/03/2008|19:41] C:\Program Files\VirusHeat 4.3

[29/06/2008|10:57] C:\Program Files\Webroot

[18/03/2008|21:01] C:\Program Files\Windows Journal Viewer

[04/06/2008|19:34] C:\Program Files\Windows Live

[29/06/2008|00:15] C:\Program Files\Windows Live Safety Center

[09/12/2007|09:58] C:\Program Files\Windows Live Toolbar

[26/06/2007|16:00] C:\Program Files\Windows Media Connect 2

[18/12/2006|21:50] C:\Program Files\Windows Media Player

[16/12/2005|03:06] C:\Program Files\Windows NT

[16/12/2005|03:07] C:\Program Files\WindowsUpdate

[19/03/2007|20:00] C:\Program Files\WinRAR

[06/03/2008|20:21] C:\Program Files\WinSpyKiller

[09/09/2006|21:32] C:\Program Files\WinZip

[26/04/2008|08:47] C:\Program Files\xchat

[12/01/2006|20:12] C:\Program Files\xerox

[19/06/2008|16:52] C:\Program Files\Xfire

[04/05/2006|21:40] C:\Program Files\Yahoo!

[19/04/2008|17:57] C:\Program Files\Zoombi32

 

------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------

 

[12/01/2006|20:11] C:\Program Files\Fichiers communs\Adobe

[01/04/2006|18:48] C:\Program Files\Fichiers communs\ArcSoft

[15/12/2007|17:37] C:\Program Files\Fichiers communs\Blizzard Entertainment

[09/09/2006|21:22] C:\Program Files\Fichiers communs\Designer

[12/01/2006|20:11] C:\Program Files\Fichiers communs\InstallShield

[14/02/2008|15:18] C:\Program Files\Fichiers communs\LogiShrd

[04/06/2008|19:33] C:\Program Files\Fichiers communs\Microsoft Shared

[12/01/2006|20:11] C:\Program Files\Fichiers communs\MSSoap

[16/12/2005|03:20] C:\Program Files\Fichiers communs\muvee Technologies

[16/12/2005|03:19] C:\Program Files\Fichiers communs\NewTech Infosystems

[12/01/2006|20:11] C:\Program Files\Fichiers communs\ODBC

[12/01/2006|20:11] C:\Program Files\Fichiers communs\Services

[12/01/2006|20:11] C:\Program Files\Fichiers communs\SpeechEngines

[13/06/2007|14:51] C:\Program Files\Fichiers communs\System

[17/03/2008|20:41] C:\Program Files\Fichiers communs\WindowsLiveInstaller

 

---------------------------[ Process ]--------------------------

 

... 55

 

iexplore.exe ~ [156]

iexplore.exe ~ [2508]

 

----------------------[ Recherche avec S_Lop ]---------------------

 

Aucun fichier / dossier Lop trouvé !

 

-----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------

 

C:\DOCUME~1\ALLUSE~1\APPLIC~1\Audio 4 part browse

C:\DOCUME~1\ALLUSE~1\APPLIC~1\Audio 4 part browse\Log lite.exe

C:\DOCUME~1\JOHANN~1\APPLIC~1\Test pure each

C:\DOCUME~1\JOHANN~1\APPLIC~1\Test pure each\MathMixGrimBeep.exe

C:\DOCUME~1\JOHANN~1\APPLIC~1\Test pure each\mqllcjlp.exe

C:\DOCUME~1\JOHANN~1\APPLIC~1\Test pure each\PokeSecondFlap.exe

C:\DOCUME~1\JOHANN~1\APPLIC~1\Test pure each\sectblah.exe

C:\Program Files\Test pure each

C:\DOCUME~1\JOHANN~1\APPLIC~1\testpu~1

C:\DOCUME~1\JOHANN~1\APPLIC~1\testpu~1\MathMixGrimBeep.exe

C:\DOCUME~1\JOHANN~1\APPLIC~1\testpu~1\mqllcjlp.exe

C:\DOCUME~1\JOHANN~1\APPLIC~1\testpu~1\PokeSecondFlap.exe

C:\DOCUME~1\JOHANN~1\APPLIC~1\testpu~1\sectblah.exe

C:\Program Files\testpu~1

C:\Program Files\Circle Developement

C:\WINDOWS\Prefetch\POKESECONDFLAP.EXE-0779B42D.pf

C:\DOCUME~1\JOHANN~1\Cookies\[email protected][1].txt

C:\DOCUME~1\JOHANN~1\Cookies\[email protected][1].txt

C:\WINDOWS\Tasks\AF240B2291A78006.job

 

----------------------[ Verification du Registre ]----------------------

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

 

..... OK !

 

--------------------[ Verification du fichier Hosts ]---------------------

 

Fichier Hosts MODIFIE

 

127.0.0.1 bin.errorprotector.com ## added by CiD

127.0.0.1 br.errorsafe.com ## added by CiD

127.0.0.1 br.winantivirus.com ## added by CiD

127.0.0.1 br.winfixer.com ## added by CiD

127.0.0.1 cdn.drivecleaner.com ## added by CiD

127.0.0.1 cdn.errorsafe.com ## added by CiD

127.0.0.1 cdn.winsoftware.com ## added by CiD

127.0.0.1 de.errorsafe.com ## added by CiD

127.0.0.1 de.winantivirus.com ## added by CiD

127.0.0.1 download.cdn.drivecleaner.com ## added by CiD

127.0.0.1 download.cdn.errorsafe.com ## added by CiD

127.0.0.1 download.cdn.winsoftware.com ## added by CiD

127.0.0.1 download.errorsafe.com ## added by CiD

127.0.0.1 download.systemdoctor.com ## added by CiD

127.0.0.1 download.winantispyware.com ## added by CiD

127.0.0.1 download.windrivecleaner.com ## added by CiD

127.0.0.1 download.winfixer.com ## added by CiD

127.0.0.1 drivecleaner.com ## added by CiD

127.0.0.1 dynamique.drivecleaner.com ## added by CiD

127.0.0.1 errorprotector.com ## added by CiD

127.0.0.1 errorsafe.com ## added by CiD

127.0.0.1 es.winantivirus.com ## added by CiD

127.0.0.1 fr.winantivirus.com ## added by CiD

127.0.0.1 fr.winfixer.com ## added by CiD

127.0.0.1 go.drivecleaner.com ## added by CiD

127.0.0.1 go.errorsafe.com ## added by CiD

127.0.0.1 go.winantispyware.com ## added by CiD

127.0.0.1 go.winantivirus.com ## added by CiD

127.0.0.1 hk.winantivirus.com ## added by CiD

127.0.0.1 instlog.errorsafe.com ## added by CiD

127.0.0.1 instlog.winantivirus.com ## added by CiD

127.0.0.1 instlog.winfixer.com ## added by CiD

127.0.0.1 jsp.drivecleaner.com ## added by CiD

127.0.0.1 kb.errorsafe.com ## added by CiD

127.0.0.1 kb.winantivirus.com ## added by CiD

127.0.0.1 nl.errorsafe.com ## added by CiD

127.0.0.1 se.errorsafe.com ## added by CiD

127.0.0.1 secure.drivecleaner.com ## added by CiD

127.0.0.1 secure.errorsafe.com ## added by CiD

127.0.0.1 secure.winantispam.com ## added by CiD

127.0.0.1 secure.winantispy.com ## added by CiD

127.0.0.1 secure.winantivirus.com ## added by CiD

127.0.0.1 support.winantivirus.com ## added by CiD

127.0.0.1 trial.updates.winsoftware.com ## added by CiD

127.0.0.1 ulog.winantivirus.com ## added by CiD

127.0.0.1 utils.errorsafe.com ## added by CiD

127.0.0.1 utils.winantivirus.com ## added by CiD

127.0.0.1 utils.winfixer.com ## added by CiD

127.0.0.1 winantispyware.com ## added by CiD

127.0.0.1 winantivirus.com ## added by CiD

127.0.0.1 winfixer.com ## added by CiD

127.0.0.1 winfixer2006.com ## added by CiD

127.0.0.1 winsoftware.com ## added by CiD

127.0.0.1 www.drivecleaner.com ## added by CiD

127.0.0.1 www.errorprotector.com ## added by CiD

127.0.0.1 www.errorsafe.com ## added by CiD

127.0.0.1 www.systemdoctor.com ## added by CiD

127.0.0.1 www.utils.winfixer.com ## added by CiD

127.0.0.1 www.win-anti-virus-pro.com ## added by CiD

127.0.0.1 www.win-virus-pro.com ## added by CiD

127.0.0.1 www.winantispam.com ## added by CiD

127.0.0.1 www.winantispy.com ## added by CiD

127.0.0.1 www.winantispyware.com ## added by CiD

127.0.0.1 www.winantivirus.com ## added by CiD

127.0.0.1 www.winantiviruspro.com ## added by CiD

127.0.0.1 www.windrivecleaner.com ## added by CiD

127.0.0.1 www.windrivesafe.com ## added by CiD

127.0.0.1 www.winfixer.com ## added by CiD

127.0.0.1 www.winfixer2006.com ## added by CiD

127.0.0.1 www.winsoftware.com ## added by CiD

 

-> 72 ( 70 ## added by CiD )

 

/!\ 1 Not 127.0.0.1 !!

 

----------------[ Recherche de fichiers avec Catchme ]-----------------

 

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-06-29 19:55:57

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden files: 0

 

--------------------[ Recherche d'autres infections ]---------------------

 

C:\DOCUME~1\JOHANN~1\LOCALS~1\APPLIC~1\cgailnrfo_navps.dat

C:\DOCUME~1\JOHANN~1\LOCALS~1\APPLIC~1\cgailnrfo_nav.dat

C:\DOCUME~1\JOHANN~1\LOCALS~1\APPLIC~1\cgailnrfo.dat

! EGDACCESS !

 

=> C:\Documents and Settings\Johann Duchamp\Mes documents\Downloads\LimeWire Pro\Limewire Lime Wire Pro v.4.10.0.1 Cracked with Java Runtime Environment

=> C:\Documents and Settings\Johann Duchamp\Mes documents\Downloads\LimeWire Pro\Limewire Lime Wire Pro v.4.10.0.1 Cracked with Java Runtime Environment\Java Runtime Environment.exe

=> C:\Documents and Settings\Johann Duchamp\Mes documents\Downloads\LimeWire Pro\Limewire Lime Wire Pro v.4.10.0.1 Cracked with Java Runtime Environment\LimeWireWin.exe

 

 

[F:23][D:1]-> C:\DOCUME~1\JOHANN~1\LOCALS~1\Temp

[F:20][D:0]-> C:\DOCUME~1\JOHANN~1\Cookies

[F:408][D:4]-> C:\DOCUME~1\JOHANN~1\LOCALS~1\TEMPOR~1\content.IE5

 

--------------------[ Fin du rapport a 19:56:42,79 ]----------------------

 

 

 

________________________________________________________________________________

_

 

 

 

SmitFraudFix v2.328

 

Rapport fait à 20:02:05,65, 29/06/2008

Executé à partir de C:\Documents and Settings\Johann Duchamp\Bureau\SmitfraudFix

OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT

Le type du système de fichiers est NTFS

Fix executé en mode normal

 

»»»»»»»»»»»»»»»»»»»»»»»» Process

 

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Program Files\Acer\Acer eConsole\MediaServerService.exe

C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Acer\Empowering Technology\eRecovery\Monitor.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\Acer\Acer eMode Management\AspireService.exe

C:\Program Files\Acer\Acer eConsole\MediaSync.exe

C:\PROGRA~1\PESTPA~1\PPControl.exe

C:\PROGRA~1\PESTPA~1\PPMemCheck.exe

C:\PROGRA~1\PESTPA~1\CookiePatrol.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe

C:\Program Files\Logitech\QuickCam\Quickcam.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\program files\steam\steam.exe

C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe

C:\Documents and Settings\Johann Duchamp\Local Settings\Application Data\Google\Update\1.1.25.0\GoogleUpdate.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Documents and Settings\Johann Duchamp\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe

C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Windows Live\Messenger\usnsvc.exe

C:\WINDOWS\system32\rsvp.exe

C:\WINDOWS\explorer.exe

C:\Documents and Settings\Johann Duchamp\Bureau\SmitfraudFix\Policies.exe

C:\WINDOWS\system32\cmd.exe

 

»»»»»»»»»»»»»»»»»»»»»»»» hosts

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Johann Duchamp

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Johann Duchamp\Application Data

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\JOHANN~1\Favoris

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Bureau

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

 

C:\Program Files\VirusHeat 4.3\ PRESENT !

 

»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]

"Source"="About:Home"

"SubscribedURL"="About:Home"

"FriendlyName"="Ma page d'accueil"

 

 

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 

IEDFix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

 

 

 

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 

VACFix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

 

 

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 

404Fix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]

"{d4c51fa4-9192-4a9a-8d2a-a0690c92f171}"="dikage"

 

 

 

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=""

"LoadAppInit_DLLs"=dword:00000001

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

"System"=""

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Rustock

 

 

 

»»»»»»»»»»»»»»»»»»»»»»»» DNS

 

Description: Marvell Yukon 88E8001/8003/8010 PCI Gigabit Ethernet Controller - Miniport d'ordonnancement de paquets

DNS Server Search Order: 208.67.220.220

DNS Server Search Order: 208.67.222.222

 

HKLM\SYSTEM\CCS\Services\Tcpip\..\{97A33348-701B-47CC-9653-F8EDB26F81F8}: DhcpNameServer=208.67.220.220,208.67.222.222

HKLM\SYSTEM\CCS\Services\Tcpip\..\{A44CC297-F641-42E6-B939-D2986F14B621}: DhcpNameServer=208.67.220.220,208.67.222.222

HKLM\SYSTEM\CCS\Services\Tcpip\..\{A44CC297-F641-42E6-B939-D2986F14B621}: NameServer=208.67.220.220,208.67.222.222

HKLM\SYSTEM\CCS\Services\Tcpip\..\{DF528F8A-064B-4655-9E4D-9DE9B8D27BDB}: NameServer=208.67.220.220,208.67.222.222

HKLM\SYSTEM\CCS\Services\Tcpip\..\{F6DE3E48-11BC-48FE-8748-893D0DAF0731}: DhcpNameServer=212.27.54.252 212.27.53.252

HKLM\SYSTEM\CCS\Services\Tcpip\..\{F6DE3E48-11BC-48FE-8748-893D0DAF0731}: NameServer=208.67.220.220,208.67.222.222

HKLM\SYSTEM\CS1\Services\Tcpip\..\{97A33348-701B-47CC-9653-F8EDB26F81F8}: DhcpNameServer=208.67.220.220,208.67.222.222

HKLM\SYSTEM\CS1\Services\Tcpip\..\{A44CC297-F641-42E6-B939-D2986F14B621}: DhcpNameServer=208.67.220.220,208.67.222.222

HKLM\SYSTEM\CS1\Services\Tcpip\..\{A44CC297-F641-42E6-B939-D2986F14B621}: NameServer=208.67.220.220,208.67.222.222

HKLM\SYSTEM\CS1\Services\Tcpip\..\{DF528F8A-064B-4655-9E4D-9DE9B8D27BDB}: NameServer=208.67.220.220,208.67.222.222

HKLM\SYSTEM\CS1\Services\Tcpip\..\{F6DE3E48-11BC-48FE-8748-893D0DAF0731}: DhcpNameServer=212.27.54.252 212.27.53.252

HKLM\SYSTEM\CS1\Services\Tcpip\..\{F6DE3E48-11BC-48FE-8748-893D0DAF0731}: NameServer=208.67.220.220,208.67.222.222

HKLM\SYSTEM\CS3\Services\Tcpip\..\{97A33348-701B-47CC-9653-F8EDB26F81F8}: DhcpNameServer=208.67.220.220,208.67.222.222

HKLM\SYSTEM\CS3\Services\Tcpip\..\{A44CC297-F641-42E6-B939-D2986F14B621}: DhcpNameServer=208.67.220.220,208.67.222.222

HKLM\SYSTEM\CS3\Services\Tcpip\..\{A44CC297-F641-42E6-B939-D2986F14B621}: NameServer=208.67.220.220,208.67.222.222

HKLM\SYSTEM\CS3\Services\Tcpip\..\{DF528F8A-064B-4655-9E4D-9DE9B8D27BDB}: NameServer=208.67.220.220,208.67.222.222

HKLM\SYSTEM\CS3\Services\Tcpip\..\{F6DE3E48-11BC-48FE-8748-893D0DAF0731}: DhcpNameServer=212.27.54.252 212.27.53.252

HKLM\SYSTEM\CS3\Services\Tcpip\..\{F6DE3E48-11BC-48FE-8748-893D0DAF0731}: NameServer=208.67.220.220,208.67.222.222

HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252

HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer=208.67.220.220,208.67.222.222

HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252

HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: NameServer=208.67.220.220,208.67.222.222

HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252

HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: NameServer=208.67.220.220,208.67.222.222

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Fin

 

 

En vous remerciant

Modifié par TheGhostRider
Lien vers le commentaire
Partager sur d’autres sites

Ok, on y va :

 

Relance Lop S&D

 

  • Choisis cette fois ci l'Option 2 ( Suppression )
  • Ne ferme pas la fenêtre lors de la suppression !
  • Poste le rapport généré ( C:\lopR.txt )

 

(Si le Bureau ne réapparaît pas presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide)

 

 

Ensuite,

 

  • Double-clique sur smitfraudfix.exe
  • Choisis l'option 2 pour créer un rapport des fichiers responsables de l'infection.
  • Aux questions posées par le programme répondre O (oui) pour effectuer les nettoyages et désinfections proposées.
  • Le fond d'écran peut être supprimé.
     
  • Poste le rapport sur le forum dans ta prochaine réponse.

 

 

Poste un rapport HijackThis après les deux autres, ça en fera donc 3 en tout.

(il restera des choses à faire)

Lien vers le commentaire
Partager sur d’autres sites

Bonsoir

 

Voici les deux rapports

 

 

-----------------------[ Lop S&D 4.2.1-8 XP/Vista ]---------------------

 

[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]

[ USER : Johann Duchamp ] [ "C:\Lop SD" ] [ Selection : 2 ]

[ 30/06/2008 | 23:24:32,70 ] [ PC : GOHAN ]

[ MAJ : 24-06-2008 | 11:00 ]

 

 

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION /////////////////////////////

 

Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Audio 4 part browse\Log lite.exe

Supprime! - C:\DOCUME~1\JOHANN~1\APPLIC~1\Test pure each\MathMixGrimBeep.exe

Supprime! - C:\DOCUME~1\JOHANN~1\APPLIC~1\Test pure each\mqllcjlp.exe

Supprime! - C:\DOCUME~1\JOHANN~1\APPLIC~1\Test pure each\PokeSecondFlap.exe

Supprime! - C:\DOCUME~1\JOHANN~1\APPLIC~1\Test pure each\sectblah.exe

Supprime! - C:\WINDOWS\Prefetch\POKESECONDFLAP.EXE-0779B42D.pf

Supprime! - C:\WINDOWS\Tasks\AF240B2291A78006.job

Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Audio 4 part browse

Supprime! - C:\DOCUME~1\JOHANN~1\APPLIC~1\Test pure each

Supprime! - C:\Program Files\Test pure each

Supprime! - C:\Program Files\Circle Developement

RestaurÚ! - Fichier Hosts

 

//////////////////////////////////////-\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

 

 

-------------[ Listing des dossiers dans APPLIC~1 ]------------

 

[12/01/2006|20:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe

[24/05/2008|15:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\avg8

[01/04/2006|19:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink

[16/12/2005|04:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini

[29/08/2006|13:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\eConsole

[18/09/2006|19:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google

[29/06/2008|20:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft

[14/02/2008|15:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logishrd

[14/02/2008|15:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logitech

[07/04/2008|12:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!

[29/06/2008|20:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft

[29/06/2008|10:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Prevx

[12/04/2006|08:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime

[29/06/2008|20:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy

[03/03/2007|10:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec

[29/06/2008|12:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP

[29/06/2008|10:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Webroot

[25/07/2006|09:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage

[12/12/2006|23:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar

[17/03/2008|20:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

[04/05/2006|21:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion

 

[16/12/2005|04:04] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini

[12/01/2006|20:10] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities

[12/01/2006|20:10] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[16/12/2005|03:23] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec

 

[26/11/2006|00:11] C:\DOCUME~1\JOHANN~1\APPLIC~1\Adobe

[04/05/2008|10:11] C:\DOCUME~1\JOHANN~1\APPLIC~1\AVGTOOLBAR

[01/04/2006|19:13] C:\DOCUME~1\JOHANN~1\APPLIC~1\CyberLink

[16/12/2005|04:04] C:\DOCUME~1\JOHANN~1\APPLIC~1\desktop.ini

[19/11/2007|19:25] C:\DOCUME~1\JOHANN~1\APPLIC~1\dvdcss

[08/06/2007|22:58] C:\DOCUME~1\JOHANN~1\APPLIC~1\Google

[29/08/2006|13:26] C:\DOCUME~1\JOHANN~1\APPLIC~1\Help

[12/01/2006|20:10] C:\DOCUME~1\JOHANN~1\APPLIC~1\Identities

[11/12/2006|20:42] C:\DOCUME~1\JOHANN~1\APPLIC~1\inifile41.ini

[26/06/2008|19:03] C:\DOCUME~1\JOHANN~1\APPLIC~1\InstallShield

[11/12/2006|20:42] C:\DOCUME~1\JOHANN~1\APPLIC~1\internaldb1942.dat

[08/02/2008|10:34] C:\DOCUME~1\JOHANN~1\APPLIC~1\La Bataille pour la Terre du Milieu T II

[29/06/2008|20:30] C:\DOCUME~1\JOHANN~1\APPLIC~1\Lavasoft

[03/05/2008|13:06] C:\DOCUME~1\JOHANN~1\APPLIC~1\LimeWire

[04/05/2006|21:40] C:\DOCUME~1\JOHANN~1\APPLIC~1\Macromedia

[24/05/2008|15:07] C:\DOCUME~1\JOHANN~1\APPLIC~1\Microsoft

[09/09/2006|21:18] C:\DOCUME~1\JOHANN~1\APPLIC~1\Microsoft Web Folders

[29/11/2007|10:36] C:\DOCUME~1\JOHANN~1\APPLIC~1\mIRC

[19/12/2006|20:22] C:\DOCUME~1\JOHANN~1\APPLIC~1\Mozilla

[13/05/2007|12:32] C:\DOCUME~1\JOHANN~1\APPLIC~1\Nvu

[29/06/2008|10:57] C:\DOCUME~1\JOHANN~1\APPLIC~1\PC Tools

[04/09/2007|20:27] C:\DOCUME~1\JOHANN~1\APPLIC~1\Shareaza

[30/09/2006|18:46] C:\DOCUME~1\JOHANN~1\APPLIC~1\Sierra

[06/05/2006|14:16] C:\DOCUME~1\JOHANN~1\APPLIC~1\Sun

[01/04/2006|19:04] C:\DOCUME~1\JOHANN~1\APPLIC~1\Symantec

[15/10/2007|20:02] C:\DOCUME~1\JOHANN~1\APPLIC~1\teamspeak2

[30/06/2007|15:00] C:\DOCUME~1\JOHANN~1\APPLIC~1\U3

[14/02/2008|17:52] C:\DOCUME~1\JOHANN~1\APPLIC~1\uTorrent

[09/09/2006|21:29] C:\DOCUME~1\JOHANN~1\APPLIC~1\vlc

[29/06/2008|10:55] C:\DOCUME~1\JOHANN~1\APPLIC~1\Webroot

[03/03/2007|10:36] C:\DOCUME~1\JOHANN~1\APPLIC~1\WinssCookie.txt

[06/11/2007|22:33] C:\DOCUME~1\JOHANN~1\APPLIC~1\X-Chat 2

[19/06/2008|16:52] C:\DOCUME~1\JOHANN~1\APPLIC~1\Xfire

 

[24/05/2008|15:07] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[29/06/2008|10:57] C:\DOCUME~1\LOCALS~1\APPLIC~1\Webroot

 

[24/05/2008|15:07] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

[07/05/2006|12:10] C:\DOCUME~1\NETWOR~1\APPLIC~1\Symantec

 

----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------

 

[30/06/2008 22:35][--a------] C:\WINDOWS\tasks\V‚rifier les mises … jour de Windows Live Toolbar.job

[28/06/2007 10:27][--ah-----] C:\WINDOWS\tasks\MP Scheduled Quick Scan.job

[29/06/2008 12:26][--ah-----] C:\WINDOWS\tasks\SA.DAT

[05/08/2004 07:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

 

---------------[ Listing des dossiers dans C:\Program Files ]--------------

 

[01/04/2006|18:48] C:\Program Files\Acer

[16/12/2005|03:18] C:\Program Files\Adobe

[30/06/2007|15:00] C:\Program Files\Alwil Software

[25/09/2007|13:40] C:\Program Files\Ankama Games

[29/04/2008|14:08] C:\Program Files\AntiSpyKit 5.3

[06/03/2008|14:29] C:\Program Files\AntiSpywareShield

[02/06/2008|10:43] C:\Program Files\AxBx

[20/12/2007|11:47] C:\Program Files\CamStudio

[29/06/2008|13:40] C:\Program Files\CCleaner

[24/03/2008|20:36] C:\Program Files\Common Files

[16/12/2005|03:06] C:\Program Files\ComPlus Applications

[16/12/2005|03:22] C:\Program Files\CyberLink

[16/05/2007|19:56] C:\Program Files\Diablo II

[17/04/2008|18:36] C:\Program Files\Dofus

[07/04/2008|19:06] C:\Program Files\Dofus_Beta

[02/09/2007|14:05] C:\Program Files\Dofus-Arena

[04/01/2007|19:44] C:\Program Files\EA GAMES

[05/05/2008|20:32] C:\Program Files\Edmark

[03/09/2007|13:19] C:\Program Files\Electronic Arts

[02/04/2006|11:42] C:\Program Files\EPSON

[29/06/2008|20:29] C:\Program Files\Fichiers communs

[27/05/2007|14:01] C:\Program Files\Gadwin Systems

[26/04/2008|08:46] C:\Program Files\GameSpy Arcade

[08/06/2007|22:57] C:\Program Files\Google

[24/03/2008|17:33] C:\Program Files\Gpotato.eu

[18/12/2007|08:10] C:\Program Files\Gravity

[29/06/2008|12:10] C:\Program Files\Hitman Pro

[26/06/2008|19:13] C:\Program Files\InstallShield Installation Information

[18/06/2008|16:42] C:\Program Files\Internet Explorer

[29/06/2008|20:30] C:\Program Files\Lavasoft

[11/12/2007|18:34] C:\Program Files\LimeWire

[14/02/2008|15:16] C:\Program Files\Logitech

[12/01/2006|20:11] C:\Program Files\Messenger

[07/04/2008|12:28] C:\Program Files\Messenger Plus! Live

[09/06/2008|22:11] C:\Program Files\Microsoft CAPICOM 2.1.0.2

[09/09/2006|21:18] C:\Program Files\microsoft frontpage

[09/09/2006|21:18] C:\Program Files\Microsoft Office

[17/03/2008|20:45] C:\Program Files\Microsoft SQL Server Compact Edition

[09/09/2006|21:22] C:\Program Files\Microsoft Visual Studio

[12/01/2006|20:11] C:\Program Files\Movie Maker

[27/05/2007|21:32] C:\Program Files\Mozilla Firefox

[12/01/2006|20:11] C:\Program Files\MSN

[12/01/2006|20:11] C:\Program Files\MSN Gaming Zone

[12/01/2006|20:11] C:\Program Files\NetMeeting

[01/04/2006|18:47] C:\Program Files\NewTech Infosystems

[13/05/2007|12:32] C:\Program Files\Nvu

[12/01/2006|20:12] C:\Program Files\Online Services

[13/06/2007|14:51] C:\Program Files\Outlook Express

[30/06/2008|16:42] C:\Program Files\PestPatrol

[12/04/2006|08:36] C:\Program Files\QuickTime

[16/12/2005|03:14] C:\Program Files\Realtek

[12/01/2006|20:12] C:\Program Files\Services en ligne

[30/09/2006|18:24] C:\Program Files\Sierra

[29/06/2008|20:38] C:\Program Files\Spybot - Search & Destroy

[29/06/2008|11:31] C:\Program Files\Spyware Doctor

[29/06/2008|11:00] C:\Program Files\SpywareBlaster

[30/06/2008|23:20] C:\Program Files\Steam

[15/10/2007|20:02] C:\Program Files\Teamspeak2_RC2

[19/04/2008|18:06] C:\Program Files\The Learning Company

[26/06/2008|19:13] C:\Program Files\THQ

[29/06/2008|00:12] C:\Program Files\Trend Micro

[08/03/2008|19:07] C:\Program Files\UBISOFT

[16/12/2005|03:17] C:\Program Files\Uninstall Information

[06/11/2007|22:16] C:\Program Files\uTorrent

[09/09/2006|21:28] C:\Program Files\VideoLAN

[06/03/2008|19:41] C:\Program Files\VirusHeat 4.3

[29/06/2008|10:57] C:\Program Files\Webroot

[18/03/2008|21:01] C:\Program Files\Windows Journal Viewer

[04/06/2008|19:34] C:\Program Files\Windows Live

[29/06/2008|00:15] C:\Program Files\Windows Live Safety Center

[09/12/2007|09:58] C:\Program Files\Windows Live Toolbar

[26/06/2007|16:00] C:\Program Files\Windows Media Connect 2

[18/12/2006|21:50] C:\Program Files\Windows Media Player

[16/12/2005|03:06] C:\Program Files\Windows NT

[16/12/2005|03:07] C:\Program Files\WindowsUpdate

[19/03/2007|20:00] C:\Program Files\WinRAR

[06/03/2008|20:21] C:\Program Files\WinSpyKiller

[09/09/2006|21:32] C:\Program Files\WinZip

[26/04/2008|08:47] C:\Program Files\xchat

[12/01/2006|20:12] C:\Program Files\xerox

[19/06/2008|16:52] C:\Program Files\Xfire

[04/05/2006|21:40] C:\Program Files\Yahoo!

[19/04/2008|17:57] C:\Program Files\Zoombi32

 

------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------

 

[12/01/2006|20:11] C:\Program Files\Fichiers communs\Adobe

[01/04/2006|18:48] C:\Program Files\Fichiers communs\ArcSoft

[15/12/2007|17:37] C:\Program Files\Fichiers communs\Blizzard Entertainment

[09/09/2006|21:22] C:\Program Files\Fichiers communs\Designer

[12/01/2006|20:11] C:\Program Files\Fichiers communs\InstallShield

[14/02/2008|15:18] C:\Program Files\Fichiers communs\LogiShrd

[04/06/2008|19:33] C:\Program Files\Fichiers communs\Microsoft Shared

[12/01/2006|20:11] C:\Program Files\Fichiers communs\MSSoap

[16/12/2005|03:20] C:\Program Files\Fichiers communs\muvee Technologies

[16/12/2005|03:19] C:\Program Files\Fichiers communs\NewTech Infosystems

[12/01/2006|20:11] C:\Program Files\Fichiers communs\ODBC

[12/01/2006|20:11] C:\Program Files\Fichiers communs\Services

[12/01/2006|20:11] C:\Program Files\Fichiers communs\SpeechEngines

[13/06/2007|14:51] C:\Program Files\Fichiers communs\System

[17/03/2008|20:41] C:\Program Files\Fichiers communs\WindowsLiveInstaller

[29/06/2008|20:29] C:\Program Files\Fichiers communs\Wise Installation Wizard

 

---------------------------[ Process ]--------------------------

 

... 55

 

... OK !

 

----------------------[ Recherche avec S_Lop ]---------------------

 

Aucun fichier / dossier Lop trouvé !

 

-----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------

 

C:\DOCUME~1\JOHANN~1\Cookies\[email protected][2].txt

C:\DOCUME~1\JOHANN~1\Cookies\[email protected][2].txt

C:\DOCUME~1\JOHANN~1\Cookies\[email protected][1].txt

C:\DOCUME~1\JOHANN~1\Cookies\[email protected][2].txt

 

----------------------[ Verification du Registre ]----------------------

 

..... OK !

 

--------------------[ Verification du fichier Hosts ]---------------------

 

Fichier Hosts PROPRE

 

 

----------------[ Recherche de fichiers avec Catchme ]-----------------

 

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-06-30 23:27:07

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden files: 0

 

--------------------[ Recherche d'autres infections ]---------------------

 

C:\DOCUME~1\JOHANN~1\LOCALS~1\APPLIC~1\cgailnrfo_navps.dat

C:\DOCUME~1\JOHANN~1\LOCALS~1\APPLIC~1\cgailnrfo_nav.dat

C:\DOCUME~1\JOHANN~1\LOCALS~1\APPLIC~1\cgailnrfo.dat

! EGDACCESS !

 

=> C:\Documents and Settings\Johann Duchamp\Mes documents\Downloads\LimeWire Pro\Limewire Lime Wire Pro v.4.10.0.1 Cracked with Java Runtime Environment

=> C:\Documents and Settings\Johann Duchamp\Mes documents\Downloads\LimeWire Pro\Limewire Lime Wire Pro v.4.10.0.1 Cracked with Java Runtime Environment\Java Runtime Environment.exe

=> C:\Documents and Settings\Johann Duchamp\Mes documents\Downloads\LimeWire Pro\Limewire Lime Wire Pro v.4.10.0.1 Cracked with Java Runtime Environment\LimeWireWin.exe

 

 

[F:30][D:2]-> C:\DOCUME~1\JOHANN~1\LOCALS~1\Temp

[F:60][D:0]-> C:\DOCUME~1\JOHANN~1\Cookies

[F:2484][D:4]-> C:\DOCUME~1\JOHANN~1\LOCALS~1\TEMPOR~1\content.IE5

 

--------------------[ Fin du rapport a 23:27:52,75 ]----------------------

 

 

 

 

 

 

 

SmitFraudFix v2.328

 

Rapport fait à 23:52:22,64, 30/06/2008

Executé à partir de C:\Documents and Settings\Johann Duchamp\Bureau\SmitfraudFix

OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT

Le type du système de fichiers est NTFS

Fix executé en mode normal

 

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]

"{d4c51fa4-9192-4a9a-8d2a-a0690c92f171}"="dikage"

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus

 

 

»»»»»»»»»»»»»»»»»»»»»»»» hosts

 

127.0.0.1 localhost

 

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

 

VACFix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

 

S!Ri's WS2Fix: LSP not Found.

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

 

GenericRenosFix by S!Ri

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

 

 

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

 

IEDFix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

 

 

 

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

 

404Fix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

 

 

»»»»»»»»»»»»»»»»»»»»»»»» DNS

 

Description: Marvell Yukon 88E8001/8003/8010 PCI Gigabit Ethernet Controller - Miniport d'ordonnancement de paquets

DNS Server Search Order: 208.67.220.220

DNS Server Search Order: 208.67.222.222

 

HKLM\SYSTEM\CCS\Services\Tcpip\..\{97A33348-701B-47CC-9653-F8EDB26F81F8}: DhcpNameServer=208.67.220.220,208.67.222.222

HKLM\SYSTEM\CCS\Services\Tcpip\..\{A44CC297-F641-42E6-B939-D2986F14B621}: DhcpNameServer=208.67.220.220,208.67.222.222

HKLM\SYSTEM\CCS\Services\Tcpip\..\{A44CC297-F641-42E6-B939-D2986F14B621}: NameServer=208.67.220.220,208.67.222.222

HKLM\SYSTEM\CCS\Services\Tcpip\..\{DF528F8A-064B-4655-9E4D-9DE9B8D27BDB}: NameServer=208.67.220.220,208.67.222.222

HKLM\SYSTEM\CCS\Services\Tcpip\..\{F6DE3E48-11BC-48FE-8748-893D0DAF0731}: DhcpNameServer=212.27.54.252 212.27.53.252

HKLM\SYSTEM\CCS\Services\Tcpip\..\{F6DE3E48-11BC-48FE-8748-893D0DAF0731}: NameServer=208.67.220.220,208.67.222.222

HKLM\SYSTEM\CS1\Services\Tcpip\..\{97A33348-701B-47CC-9653-F8EDB26F81F8}: DhcpNameServer=208.67.220.220,208.67.222.222

HKLM\SYSTEM\CS1\Services\Tcpip\..\{A44CC297-F641-42E6-B939-D2986F14B621}: DhcpNameServer=208.67.220.220,208.67.222.222

HKLM\SYSTEM\CS1\Services\Tcpip\..\{A44CC297-F641-42E6-B939-D2986F14B621}: NameServer=208.67.220.220,208.67.222.222

HKLM\SYSTEM\CS1\Services\Tcpip\..\{DF528F8A-064B-4655-9E4D-9DE9B8D27BDB}: NameServer=208.67.220.220,208.67.222.222

HKLM\SYSTEM\CS1\Services\Tcpip\..\{F6DE3E48-11BC-48FE-8748-893D0DAF0731}: DhcpNameServer=212.27.54.252 212.27.53.252

HKLM\SYSTEM\CS1\Services\Tcpip\..\{F6DE3E48-11BC-48FE-8748-893D0DAF0731}: NameServer=208.67.220.220,208.67.222.222

HKLM\SYSTEM\CS3\Services\Tcpip\..\{97A33348-701B-47CC-9653-F8EDB26F81F8}: DhcpNameServer=208.67.220.220,208.67.222.222

HKLM\SYSTEM\CS3\Services\Tcpip\..\{A44CC297-F641-42E6-B939-D2986F14B621}: DhcpNameServer=208.67.220.220,208.67.222.222

HKLM\SYSTEM\CS3\Services\Tcpip\..\{A44CC297-F641-42E6-B939-D2986F14B621}: NameServer=208.67.220.220,208.67.222.222

HKLM\SYSTEM\CS3\Services\Tcpip\..\{DF528F8A-064B-4655-9E4D-9DE9B8D27BDB}: NameServer=208.67.220.220,208.67.222.222

HKLM\SYSTEM\CS3\Services\Tcpip\..\{F6DE3E48-11BC-48FE-8748-893D0DAF0731}: DhcpNameServer=212.27.54.252 212.27.53.252

HKLM\SYSTEM\CS3\Services\Tcpip\..\{F6DE3E48-11BC-48FE-8748-893D0DAF0731}: NameServer=208.67.220.220,208.67.222.222

HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252

HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer=208.67.220.220,208.67.222.222

HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252

HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: NameServer=208.67.220.220,208.67.222.222

HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252

HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: NameServer=208.67.220.220,208.67.222.222

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"System"=""

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

 

Nettoyage terminé.

 

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]

"{d4c51fa4-9192-4a9a-8d2a-a0690c92f171}"="dikage"

 

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Fin

 

En vous remerciant

Modifié par TheGhostRider
Lien vers le commentaire
Partager sur d’autres sites

Ok, suite ! :P

De toute façon, tout ça, ça a été choppé par des cracks, (il faudra en tirer les conclusions qui s'imposent, ce sont les cracks qui sont infectés).

 

 

  • Clique sur ce lien de navilog1 de IL-MAFIOSO :
    http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe
  • Enregistre le fichier sur ton bureau.
  • Ensuite double clique sur navilog1.exe pour lancer l'installation.
  • Une fois l'installation terminée, le fix s'exécutera automatiquement.
    (Si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau).
  • Laisse-toi guider. Au menu principal, choisis 1 et valide.
    (ne fais pas le choix 2,3 ou 4 sans accord)
  • Cela dure un moment, attends le message :
    *** Analyse Termine le ..... ***
  • Appuie sur une touche comme demandé, le Bloc-notes va s'ouvrir.
  • Copie-colle l'intégralité du rapport dans ton prochain post. Referme le bloc note.

 

Note :

Le rapport est aussi sauvegardé à la racine du disque (fixnavi.txt)

Si ton antivirus se plaint de fichiers de Navilog1, dis lui d'ignorer les fichiers.

Lien vers le commentaire
Partager sur d’autres sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

 Share

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...