Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

Analyse de rapport Hijackthis

Yosra

Par Yosra
dans Analyses et éradication malwares

 Partager

Messages recommandés

Yosra Junior Member

Yosra

Posté(e)
Posté(e)

Bonsoir

 

Mon PC est très lent depuis un moment et je soupçonne des virus d'en être responsable. Pounve-vous m'aider à m'en assurer et à m'en débarrasser ?

 

Voici le rapport Hijackthis:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 00:33:32, on 09/09/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\WINDOWS\system32\drivers\CDAC11BA.EXE

C:\WINDOWS\system32\crypserv.exe

c:\altera\61\quartus\bin\jtagserver.exe

C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

c:\orant\bin\oracle73.exe

C:\ORANT\BIN\TNSLSNR.EXE

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe

C:\Program Files\HPQ\SHARED\HPQWMI.exe

C:\WINDOWS\AGRSMMSG.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\AGEIA Technologies\TrayIcon.exe

C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Program Files\USB Disk Security\USBGuard.exe

C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\eMule\emule.exe

C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe

C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

C:\Program Files\Windows Live\Messenger\usnsvc.exe

C:\Program Files\Winamp\winamp.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\YOYOOOTH\Bureau\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [soundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe

O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start

O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [system] C:\WINDOWS\system32\NetService.vbs

O4 - HKLM\..\Run: [uSB Antivirus] C:\Program Files\USB Disk Security\USBGuard.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [superCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe

O4 - HKCU\..\Run: [Noun pop] C:\DOCUME~1\YOYOOOTH\APPLIC~1\ACEMOR~1\trans proxy.exe

O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart

O4 - HKLM\..\Policies\Explorer\Run: [none] C:\Program Files\Key Generator\pmsngr.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com

O15 - Trusted Zone: *.line6.net

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE

O23 - Service: Crypkey License - Unknown owner - C:\WINDOWS\SYSTEM32\crypserv.exe

O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Altera JTAG Server (JTAGServer) - Unknown owner - c:\altera\61\quartus\bin\jtagserver.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe

O23 - Service: OracleServiceORCL - Oracle Corporation - c:\orant\bin\oracle73.exe

O23 - Service: OracleStartORCL - Unknown owner - c:\orant\bin\strtdb73.exe

O23 - Service: OracleTNSListener - Unknown owner - C:\ORANT\BIN\TNSLSNR.EXE

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

 

--

End of file - 11752 bytes

 

 

Merci

Falkra Devil Member !

Falkra

Posté(e)
Posté(e)

Bonjour :P

Il y a des bestioles.

 

Désactive tes protections résidentes (Antivirus, ...) tu les réactivera après le scan

 

Télécharge Lop S&D < ici

 

Double-clique sur Lop S&D.exe présent sur ton bureau

Séléctionne la langue souhaitée, puis choisis l'Option 1 (Recherche)

Patiente jusqu'à la fin du scan

Poste le rapport généré (C:\lopR.txt)

 

(Si le Bureau ne réapparaît pas presse Ctrl + Alt + Suppr, Onglet Fichier, Nouvelle tâche, tape explorer.exe et valide)

Yosra Junior Member

Yosra

Posté(e)
  • Auteur
Posté(e)

Merci Falkra

 

J'ai suivi tes instructions et voici le log obtenu:

 

 

--------------------\\ Lop S&D 4.2.4-2 XP/Vista

 

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2

X86-based PC ( Uniprocessor Free : Intel® Pentium® M processor 1.70GHz )

BIOS : Ver 1.00PARTTBLh

USER : YOYOOOTH ( Administrator )

BOOT : Normal boot

Antivirus : avast! antivirus 4.7.1098 [VPS 080908-0] 4.7.1098 (Not Activated)

 

"C:\Lop SD" ( MAJ : 08-09-2008|21:40 )

Option : [1] ( 09/09/2008|20:15 )

 

--------------------\\ Listing des dossiers dans APPLIC~1

 

[07/08/2005|22:09] C:\DOCUME~1\ADMINI~1\APPLIC~1\Apple Computer

[08/08/2005|05:32] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities

[08/08/2005|05:32] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft

[07/08/2005|22:11] C:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec

 

[15/06/2008|16:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe

[09/08/2006|15:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer

[24/06/2007|11:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Autodesk

[28/12/2007|00:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Bluetooth

[19/09/2006|22:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google

[08/06/2006|11:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP

[07/08/2005|22:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\hpqwmi

[07/08/2005|22:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield

[10/03/2008|23:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft

[02/06/2007|04:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Line 6

[19/06/2008|15:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ma-config.com

[07/06/2006|16:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Macrovision

[22/05/2006|02:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft

[06/09/2007|15:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PowerAMC 12

[10/05/2006|01:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime

[08/08/2005|05:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI

[18/07/2007|10:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype

[01/06/2007|01:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sonoma Wire Works

[01/08/2006|16:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec

[25/12/2006|23:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage

[14/04/2008|00:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

[04/07/2007|14:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo!

[04/07/2007|15:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion

 

[07/08/2005|22:09] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Apple Computer

[08/08/2005|05:32] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities

[08/08/2005|05:32] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[07/08/2005|22:11] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec

 

[08/08/2005|05:32] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

 

[08/08/2005|05:32] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

 

[29/07/2007|23:54] C:\DOCUME~1\YOYOOOTH\APPLIC~1\Ace More User

[15/06/2008|15:50] C:\DOCUME~1\YOYOOOTH\APPLIC~1\Adobe

[08/05/2008|13:32] C:\DOCUME~1\YOYOOOTH\APPLIC~1\AdobeUM

[10/12/2006|21:37] C:\DOCUME~1\YOYOOOTH\APPLIC~1\Ahead

[09/08/2006|15:19] C:\DOCUME~1\YOYOOOTH\APPLIC~1\Apple Computer

[28/01/2007|13:59] C:\DOCUME~1\YOYOOOTH\APPLIC~1\Autodesk

[10/07/2007|02:14] C:\DOCUME~1\YOYOOOTH\APPLIC~1\BitDownload

[21/08/2007|18:56] C:\DOCUME~1\YOYOOOTH\APPLIC~1\BitTorrent

[21/08/2007|03:43] C:\DOCUME~1\YOYOOOTH\APPLIC~1\bsplayer

[21/07/2007|15:44] C:\DOCUME~1\YOYOOOTH\APPLIC~1\dvdcss

[20/09/2006|23:12] C:\DOCUME~1\YOYOOOTH\APPLIC~1\Google

[08/05/2006|22:39] C:\DOCUME~1\YOYOOOTH\APPLIC~1\Help

[21/09/2006|23:32] C:\DOCUME~1\YOYOOOTH\APPLIC~1\HP

[08/08/2005|05:32] C:\DOCUME~1\YOYOOOTH\APPLIC~1\Identities

[01/11/2006|23:58] C:\DOCUME~1\YOYOOOTH\APPLIC~1\Image Zone Express

[08/05/2006|19:55] C:\DOCUME~1\YOYOOOTH\APPLIC~1\InterVideo

[19/11/2006|16:13] C:\DOCUME~1\YOYOOOTH\APPLIC~1\Leadertech

[02/06/2007|04:40] C:\DOCUME~1\YOYOOOTH\APPLIC~1\Line 6

[07/07/2006|18:14] C:\DOCUME~1\YOYOOOTH\APPLIC~1\Macromedia

[22/11/2006|21:40] C:\DOCUME~1\YOYOOOTH\APPLIC~1\Media Player Classic

[14/03/2008|00:20] C:\DOCUME~1\YOYOOOTH\APPLIC~1\Microsoft

[09/01/2007|00:31] C:\DOCUME~1\YOYOOOTH\APPLIC~1\Mozilla

[10/12/2006|18:43] C:\DOCUME~1\YOYOOOTH\APPLIC~1\NetMedia Providers

[10/07/2007|16:33] C:\DOCUME~1\YOYOOOTH\APPLIC~1\Notepad++

[01/02/2007|23:44] C:\DOCUME~1\YOYOOOTH\APPLIC~1\PLSQL Developer

[10/12/2006|18:43] C:\DOCUME~1\YOYOOOTH\APPLIC~1\Publish Providers

[20/03/2008|02:32] C:\DOCUME~1\YOYOOOTH\APPLIC~1\Real

[02/08/2007|23:42] C:\DOCUME~1\YOYOOOTH\APPLIC~1\Samsung

[20/08/2008|11:02] C:\DOCUME~1\YOYOOOTH\APPLIC~1\Skype

[19/11/2006|16:14] C:\DOCUME~1\YOYOOOTH\APPLIC~1\Sonic

[10/12/2006|18:42] C:\DOCUME~1\YOYOOOTH\APPLIC~1\Sony

[13/01/2007|18:26] C:\DOCUME~1\YOYOOOTH\APPLIC~1\Sun

[09/05/2006|18:18] C:\DOCUME~1\YOYOOOTH\APPLIC~1\Symantec

[25/11/2006|11:48] C:\DOCUME~1\YOYOOOTH\APPLIC~1\Syntrillium

[23/06/2007|09:34] C:\DOCUME~1\YOYOOOTH\APPLIC~1\Teleca

[09/05/2006|18:24] C:\DOCUME~1\YOYOOOTH\APPLIC~1\Template

[07/01/2007|02:59] C:\DOCUME~1\YOYOOOTH\APPLIC~1\Torrent101

[10/01/2008|13:49] C:\DOCUME~1\YOYOOOTH\APPLIC~1\U3

[18/02/2007|17:21] C:\DOCUME~1\YOYOOOTH\APPLIC~1\vlc

 

--------------------\\ Tâches planifiées dans %SystemRoot%\tasks

 

[09/09/2008 19:26][--ah-----] C:\WINDOWS\tasks\SA.DAT

[05/08/2004 10:00][-rah-----] C:\WINDOWS\tasks\desktop.ini

 

--------------------\\ Listing des dossiers dans C:\Program Files

 

[23/06/2007|13:33] C:\Program Files\ACAD2000

[10/07/2007|02:14] C:\Program Files\Ace More User

[11/11/2007|00:50] C:\Program Files\Adobe

[17/12/2006|23:59] C:\Program Files\AGEIA Technologies

[01/08/2006|16:28] C:\Program Files\Alwil Software

[07/08/2005|21:41] C:\Program Files\Analog Devices

[21/05/2006|18:57] C:\Program Files\AngelPotion Video Codec V1

[24/06/2007|11:32] C:\Program Files\AnswerWorks 4.0

[23/06/2007|13:33] C:\Program Files\Apoint2K

[07/08/2005|21:41] C:\Program Files\ATI Technologies

[24/06/2007|12:43] C:\Program Files\AutoCAD 2004

[28/01/2007|13:56] C:\Program Files\Autodesk

[24/06/2007|11:22] C:\Program Files\Autodesk Architectural Desktop 2004

[10/07/2007|02:17] C:\Program Files\BitDownload

[03/11/2006|22:44] C:\Program Files\BitTorrent

[01/04/2008|15:35] C:\Program Files\Borland

[04/03/2007|15:26] C:\Program Files\Cain

[10/03/2008|22:21] C:\Program Files\CCleaner

[19/08/2006|18:18] C:\Program Files\Collectorz.com

[02/06/2007|04:42] C:\Program Files\Common Files

[08/08/2005|05:32] C:\Program Files\ComPlus Applications

[25/11/2006|11:54] C:\Program Files\coolpro2

[21/08/2007|03:50] C:\Program Files\DAEMON Tools

[01/06/2008|13:01] C:\Program Files\Design Explorer 99 SE

[24/02/2007|13:11] C:\Program Files\DFX

[21/08/2007|03:33] C:\Program Files\DivX

[21/05/2006|18:56] C:\Program Files\DivXCodec

[28/05/2006|21:14] C:\Program Files\Dolby

[03/11/2006|21:38] C:\Program Files\Easy Internet signup

[18/08/2006|00:34] C:\Program Files\EasyPHP1-8

[10/07/2007|02:09] C:\Program Files\Eidos

[09/09/2008|19:30] C:\Program Files\eMule

[01/06/2008|12:54] C:\Program Files\Fichiers communs

[17/12/2007|18:03] C:\Program Files\FLV Player

[28/07/2006|01:19] C:\Program Files\Foreignword

[14/10/2006|18:20] C:\Program Files\GetData

[01/11/2006|22:44] C:\Program Files\Google

[27/05/2006|14:39] C:\Program Files\Guitar Pro 3 Demo

[05/08/2008|18:26] C:\Program Files\Guitar Pro 5

[07/08/2005|22:06] C:\Program Files\Hewlett-Packard

[07/01/2007|17:26] C:\Program Files\Hijackthis

[08/06/2006|11:23] C:\Program Files\Hp

[23/12/2007|16:47] C:\Program Files\HPQ

[05/01/2007|18:20] C:\Program Files\Image-Line

[01/06/2008|12:54] C:\Program Files\InstallShield Installation Information

[24/12/2007|21:37] C:\Program Files\Intel

[15/08/2008|15:58] C:\Program Files\Internet Explorer

[24/12/2007|21:37] C:\Program Files\InterVideo

[07/08/2005|22:09] C:\Program Files\iPod

[07/08/2005|22:09] C:\Program Files\iTunes

[28/08/2007|23:15] C:\Program Files\IVT Corporation

[17/07/2008|12:13] C:\Program Files\Java

[21/08/2007|03:43] C:\Program Files\K-Lite Codec Pack

[10/03/2008|23:02] C:\Program Files\Lavasoft

[01/08/2006|18:10] C:\Program Files\LimeWire

[02/06/2007|04:39] C:\Program Files\Line6

[19/06/2008|15:52] C:\Program Files\ma-config.com

[18/07/2006|18:14] C:\Program Files\MapInfo MapX

[01/02/2008|13:30] C:\Program Files\Microsoft ActiveSync

[26/02/2008|12:13] C:\Program Files\Microsoft CAPICOM 2.1.0.2

[08/08/2005|05:32] C:\Program Files\microsoft frontpage

[14/03/2008|00:19] C:\Program Files\Microsoft Office

[18/07/2006|18:00] C:\Program Files\Microsoft Visual Studio

[07/08/2005|21:54] C:\Program Files\Microsoft Works

[22/05/2006|02:56] C:\Program Files\Microsoft.NET

[02/04/2008|19:10] C:\Program Files\Mikroelektronika

[15/09/2006|16:22] C:\Program Files\Monkey's Audio

[08/08/2005|05:32] C:\Program Files\Movie Maker

[09/09/2008|19:48] C:\Program Files\Mozilla Firefox

[14/03/2008|00:17] C:\Program Files\MSECache

[08/08/2005|05:32] C:\Program Files\MSN

[08/08/2005|05:32] C:\Program Files\MSN Gaming Zone

[17/11/2006|20:42] C:\Program Files\MSXML 4.0

[24/09/2006|15:57] C:\Program Files\Nero

[08/08/2005|05:32] C:\Program Files\NetMeeting

[10/07/2007|16:32] C:\Program Files\Notepad++

[08/08/2005|05:32] C:\Program Files\Online Services

[13/06/2007|03:36] C:\Program Files\Outlook Express

[07/05/2007|13:49] C:\Program Files\PDFCreator

[20/02/2008|23:23] C:\Program Files\PLSQL Developer

[17/10/2006|15:56] C:\Program Files\PowerQuest

[18/07/2006|18:00] C:\Program Files\Publication Web

[09/08/2006|15:18] C:\Program Files\QuickTime

[24/02/2007|13:13] C:\Program Files\Real

[24/12/2007|21:25] C:\Program Files\SAGEM

[24/12/2007|21:25] C:\Program Files\SAGEM(2)

[26/10/2006|22:08] C:\Program Files\SAIG

[02/08/2007|22:50] C:\Program Files\Samsung

[23/06/2007|13:32] C:\Program Files\Scan Hijack This

[18/07/2006|18:13] C:\Program Files\Seagate Software

[07/08/2005|22:08] C:\Program Files\Services en ligne

[29/06/2008|16:18] C:\Program Files\SHARE 1.0 EX2

[18/07/2007|10:40] C:\Program Files\Skype

[07/08/2005|22:01] C:\Program Files\Sonic

[01/06/2007|01:57] C:\Program Files\Sonoma Wire Works

[10/12/2006|05:24] C:\Program Files\Sony

[13/05/2008|13:13] C:\Program Files\Sun

[29/08/2008|13:20] C:\Program Files\SuperCopier2

[25/10/2006|23:19] C:\Program Files\SurfOffline

[06/05/2007|16:08] C:\Program Files\Sybase

[01/08/2006|16:13] C:\Program Files\Symantec

[21/05/2006|18:56] C:\Program Files\The Playa

[07/01/2007|03:00] C:\Program Files\Torrent101

[08/08/2005|05:32] C:\Program Files\Uninstall Information

[01/05/2008|14:11] C:\Program Files\USB Disk Security

[18/02/2007|17:19] C:\Program Files\VideoLAN

[27/05/2006|18:19] C:\Program Files\Volo View Express

[02/06/2007|04:40] C:\Program Files\Vstplugins

[27/05/2006|18:20] C:\Program Files\WexTech

[10/05/2006|14:39] C:\Program Files\WIDCOMM

[08/09/2006|15:38] C:\Program Files\Winamp

[14/04/2008|00:26] C:\Program Files\Windows Live

[10/07/2007|06:45] C:\Program Files\Windows Media Connect 2

[10/07/2007|06:45] C:\Program Files\Windows Media Player

[08/08/2005|05:32] C:\Program Files\Windows NT

[08/08/2005|05:32] C:\Program Files\WindowsUpdate

[22/02/2007|23:14] C:\Program Files\WinPcap

[09/07/2006|11:58] C:\Program Files\WinRAR

[08/08/2005|05:32] C:\Program Files\xerox

[24/03/2007|15:23] C:\Program Files\Xinox Software

[04/07/2007|14:35] C:\Program Files\Yahoo!

[09/05/2006|14:15] C:\Program Files\Zero G Registry

 

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

 

[18/06/2007|14:57] C:\Program Files\Fichiers communs\Adobe

[24/09/2006|15:57] C:\Program Files\Fichiers communs\Ahead

[24/06/2007|11:32] C:\Program Files\Fichiers communs\Autodesk Shared

[01/04/2008|15:34] C:\Program Files\Fichiers communs\Borland Shared

[24/06/2007|11:18] C:\Program Files\Fichiers communs\DESIGNER

[08/06/2006|11:19] C:\Program Files\Fichiers communs\Hewlett-Packard

[08/06/2006|11:23] C:\Program Files\Fichiers communs\HP

[07/08/2005|22:02] C:\Program Files\Fichiers communs\InstallShield

[01/06/2007|02:07] C:\Program Files\Fichiers communs\Java

[27/05/2006|18:20] C:\Program Files\Fichiers communs\LHSPF

[07/08/2005|22:09] C:\Program Files\Fichiers communs\LightScribe

[24/06/2007|11:34] C:\Program Files\Fichiers communs\Macrovision Shared

[05/07/2008|16:10] C:\Program Files\Fichiers communs\Microsoft Shared

[08/08/2005|05:32] C:\Program Files\Fichiers communs\MSSoap

[01/06/2008|12:54] C:\Program Files\Fichiers communs\Novell Shared

[08/08/2005|05:32] C:\Program Files\Fichiers communs\ODBC

[24/02/2007|13:13] C:\Program Files\Fichiers communs\Real

[08/08/2005|05:32] C:\Program Files\Fichiers communs\Services

[18/07/2007|10:40] C:\Program Files\Fichiers communs\Skype

[07/08/2005|22:01] C:\Program Files\Fichiers communs\Sonic Shared

[08/08/2005|05:32] C:\Program Files\Fichiers communs\SpeechEngines

[07/08/2005|22:01] C:\Program Files\Fichiers communs\SureThing Shared

[13/06/2007|03:45] C:\Program Files\Fichiers communs\System

[04/07/2007|16:23] C:\Program Files\Fichiers communs\Teleca Shared

[07/08/2005|22:01] C:\Program Files\Fichiers communs\TiVo Shared

[10/06/2006|22:51] C:\Program Files\Fichiers communs\Wextech Shared

[25/02/2008|00:40] C:\Program Files\Fichiers communs\WindowsLiveInstaller

[10/03/2008|23:02] C:\Program Files\Fichiers communs\Wise Installation Wizard

[24/02/2007|13:13] C:\Program Files\Fichiers communs\xing shared

 

--------------------\\ Process

 

( 56 Processes )

 

... OK !

 

--------------------\\ Recherche avec S_Lop

 

C:\DOCUME~1\YOYOOOTH\APPLIC~1\ACEMOR~1

 

--------------------\\ Recherche de Fichiers / Dossiers Lop

 

C:\DOCUME~1\YOYOOOTH\APPLIC~1\BitDownload

C:\DOCUME~1\YOYOOOTH\APPLIC~1\BitDownload\Data

C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\BitDownload

C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\BitDownload\BitDownload.lnk

C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\BitDownload\Uninstall BitDownload.lnk

C:\Program Files\BitDownload

C:\DOCUME~1\YOYOOOTH\APPLIC~1\Torrent101

C:\DOCUME~1\YOYOOOTH\APPLIC~1\Torrent101\Data

C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\Torrent101

C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\Torrent101\Torrent101.lnk

C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\Torrent101\Uninstall Torrent101.lnk

C:\Program Files\Torrent101

C:\Program Files\Torrent101\settings.ini

C:\Program Files\Torrent101\settings.stp

C:\Program Files\Torrent101\SkinCrafterDll.dll

C:\Program Files\Torrent101\Skins

C:\Program Files\Torrent101\Support

C:\Program Files\Torrent101\Torrent101.exe

C:\Program Files\Torrent101\Torrent101.TRC

C:\Program Files\Torrent101\Torrent101_1.TRC

C:\Program Files\Torrent101\TorrentManager.dll

C:\Program Files\Torrent101\unins000.dat

C:\Program Files\Torrent101\unins000.exe

C:\Program Files\Torrent101\ZM

C:\DOCUME~1\YOYOOOTH\Cookies\yoyoooth@advertstream[1].txt

C:\DOCUME~1\YOYOOOTH\Cookies\yoyoooth@advertising[1].txt

C:\DOCUME~1\YOYOOOTH\Cookies\yoyoooth@advertising[2].txt

 

--------------------\\ Verification du Registre

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\amenslowwma]

"DisplayName"="CiD Help"

"UninstallString"="C:\\DOCUME~1\\YOYOOOTH\\APPLIC~1\\ACEMOR~1\\trans proxy.exe -uninstall"

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Noun pop"="C:\\DOCUME~1\\YOYOOOTH\\APPLIC~1\\ACEMOR~1\\trans proxy.exe"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

 

--------------------\\ Verification du fichier Hosts

 

Fichier Hosts MODIFIE

 

127.0.0.1 bin.errorprotector.com ## added by CiD

127.0.0.1 br.errorsafe.com ## added by CiD

127.0.0.1 br.winantivirus.com ## added by CiD

127.0.0.1 br.winfixer.com ## added by CiD

127.0.0.1 cdn.drivecleaner.com ## added by CiD

127.0.0.1 cdn.errorsafe.com ## added by CiD

127.0.0.1 cdn.winsoftware.com ## added by CiD

127.0.0.1 de.errorsafe.com ## added by CiD

127.0.0.1 de.winantivirus.com ## added by CiD

127.0.0.1 download.cdn.drivecleaner.com ## added by CiD

127.0.0.1 download.cdn.errorsafe.com ## added by CiD

127.0.0.1 download.cdn.winsoftware.com ## added by CiD

127.0.0.1 download.errorsafe.com ## added by CiD

127.0.0.1 download.systemdoctor.com ## added by CiD

127.0.0.1 download.winantispyware.com ## added by CiD

127.0.0.1 download.windrivecleaner.com ## added by CiD

127.0.0.1 download.winfixer.com ## added by CiD

127.0.0.1 drivecleaner.com ## added by CiD

127.0.0.1 dynamique.drivecleaner.com ## added by CiD

127.0.0.1 errorprotector.com ## added by CiD

127.0.0.1 errorsafe.com ## added by CiD

127.0.0.1 es.winantivirus.com ## added by CiD

127.0.0.1 fr.winantivirus.com ## added by CiD

127.0.0.1 fr.winfixer.com ## added by CiD

127.0.0.1 go.drivecleaner.com ## added by CiD

127.0.0.1 go.errorsafe.com ## added by CiD

127.0.0.1 go.winantispyware.com ## added by CiD

127.0.0.1 go.winantivirus.com ## added by CiD

127.0.0.1 hk.winantivirus.com ## added by CiD

127.0.0.1 instlog.errorsafe.com ## added by CiD

127.0.0.1 instlog.winantivirus.com ## added by CiD

127.0.0.1 instlog.winfixer.com ## added by CiD

127.0.0.1 jsp.drivecleaner.com ## added by CiD

127.0.0.1 kb.errorsafe.com ## added by CiD

127.0.0.1 kb.winantivirus.com ## added by CiD

127.0.0.1 nl.errorsafe.com ## added by CiD

127.0.0.1 se.errorsafe.com ## added by CiD

127.0.0.1 secure.drivecleaner.com ## added by CiD

127.0.0.1 secure.errorsafe.com ## added by CiD

127.0.0.1 secure.winantispam.com ## added by CiD

127.0.0.1 secure.winantispy.com ## added by CiD

127.0.0.1 secure.winantivirus.com ## added by CiD

127.0.0.1 support.winantivirus.com ## added by CiD

127.0.0.1 trial.updates.winsoftware.com ## added by CiD

127.0.0.1 ulog.winantivirus.com ## added by CiD

127.0.0.1 utils.errorsafe.com ## added by CiD

127.0.0.1 utils.winantivirus.com ## added by CiD

127.0.0.1 utils.winfixer.com ## added by CiD

127.0.0.1 winantispyware.com ## added by CiD

127.0.0.1 winantivirus.com ## added by CiD

127.0.0.1 winfixer.com ## added by CiD

127.0.0.1 winfixer2006.com ## added by CiD

127.0.0.1 winsoftware.com ## added by CiD

127.0.0.1 www.drivecleaner.com ## added by CiD

127.0.0.1 www.errorprotector.com ## added by CiD

127.0.0.1 www.errorsafe.com ## added by CiD

127.0.0.1 www.systemdoctor.com ## added by CiD

127.0.0.1 www.utils.winfixer.com ## added by CiD

127.0.0.1 www.win-anti-virus-pro.com ## added by CiD

127.0.0.1 www.win-virus-pro.com ## added by CiD

127.0.0.1 www.winantispam.com ## added by CiD

127.0.0.1 www.winantispy.com ## added by CiD

127.0.0.1 www.winantispyware.com ## added by CiD

127.0.0.1 www.winantivirus.com ## added by CiD

127.0.0.1 www.winantiviruspro.com ## added by CiD

127.0.0.1 www.windrivecleaner.com ## added by CiD

127.0.0.1 www.windrivesafe.com ## added by CiD

127.0.0.1 www.winfixer.com ## added by CiD

127.0.0.1 www.winfixer2006.com ## added by CiD

127.0.0.1 www.winsoftware.com ## added by CiD

 

-> 71 [ 70 ## added by CiD ]

 

--------------------\\ Recherche de fichiers avec Catchme

 

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-09 20:17:41

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden files: 56

 

--------------------\\ Recherche d'autres infections

 

--------------------\\ Cracks & Keygens ..

 

C:\DOCUME~1\YOYOOOTH\Bureau\dali\circuit logique\PROTEL99\CRACK

C:\DOCUME~1\YOYOOOTH\Bureau\dali\circuit logique\PROTEL99\CRACK\PROTEL99_SERVICEPACK_6.EXE

C:\DOCUME~1\YOYOOOTH\Mes documents\IF5\tutorial-crack-wep-aircrack.php.htm

C:\DOCUME~1\YOYOOOTH\Mes documents\IF5\tutorial-crack-wep-aircrack.php_fichiers

C:\DOCUME~1\YOYOOOTH\Mes documents\IF5\rational rose\crack rationnal rose

C:\DOCUME~1\YOYOOOTH\Mes documents\IF5\rational rose\crack rationnal rose\rational_perm.txt

C:\DOCUME~1\YOYOOOTH\Mes documents\IF5\tutorial-crack-wep-aircrack.php_fichiers\acceuil-bt2-mini.png

C:\DOCUME~1\YOYOOOTH\Mes documents\IF5\tutorial-crack-wep-aircrack.php_fichiers\ads.htm

C:\DOCUME~1\YOYOOOTH\Mes documents\IF5\tutorial-crack-wep-aircrack.php_fichiers\ads_002.htm

C:\DOCUME~1\YOYOOOTH\Mes documents\IF5\tutorial-crack-wep-aircrack.php_fichiers\ads_data_002

C:\DOCUME~1\YOYOOOTH\Mes documents\IF5\tutorial-crack-wep-aircrack.php_fichiers\aircrack-crack-en-court.png

C:\DOCUME~1\YOYOOOTH\Mes documents\IF5\tutorial-crack-wep-aircrack.php_fichiers\aircrack-key-found.png

C:\DOCUME~1\YOYOOOTH\Mes documents\IF5\tutorial-crack-wep-aircrack.php_fichiers\aircrack-ptw-45k.png

C:\DOCUME~1\YOYOOOTH\Mes documents\IF5\tutorial-crack-wep-aircrack.php_fichiers\aircrack-selection-reseau.png

C:\DOCUME~1\YOYOOOTH\Mes documents\IF5\tutorial-crack-wep-aircrack.php_fichiers\aireplay-ng-3-millieu.png

C:\DOCUME~1\YOYOOOTH\Mes documents\IF5\tutorial-crack-wep-aircrack.php_fichiers\aireplay-ng-ARP-injection.png

C:\DOCUME~1\YOYOOOTH\Mes documents\IF5\tutorial-crack-wep-aircrack.php_fichiers\aireplay-ng-attente-ARP.png

C:\DOCUME~1\YOYOOOTH\Mes documents\IF5\tutorial-crack-wep-aircrack.php_fichiers\aireplay-ng-fakeauth-60s.png

C:\DOCUME~1\YOYOOOTH\Mes documents\IF5\tutorial-crack-wep-aircrack.php_fichiers\aireplay-sending-authtification-request.gif

C:\DOCUME~1\YOYOOOTH\Mes documents\IF5\tutorial-crack-wep-aircrack.php_fichiers\airmon-ng.png

C:\DOCUME~1\YOYOOOTH\Mes documents\IF5\tutorial-crack-wep-aircrack.php_fichiers\airmon-ng_002.png

C:\DOCUME~1\YOYOOOTH\Mes documents\IF5\tutorial-crack-wep-aircrack.php_fichiers\airodump-exemple-reseau-wifi-non-crypte.gif

C:\DOCUME~1\YOYOOOTH\Mes documents\IF5\tutorial-crack-wep-aircrack.php_fichiers\airodump-lien-pour-parametre-de-aireplay.gif

C:\DOCUME~1\YOYOOOTH\Mes documents\IF5\tutorial-crack-wep-aircrack.php_fichiers\airodump-ng-1.png

C:\DOCUME~1\YOYOOOTH\Mes documents\IF5\tutorial-crack-wep-aircrack.php_fichiers\airodump-ng-180k.png

C:\DOCUME~1\YOYOOOTH\Mes documents\IF5\tutorial-crack-wep-aircrack.php_fichiers\airodump-ng-channel2.png

C:\DOCUME~1\YOYOOOTH\Mes documents\IF5\tutorial-crack-wep-aircrack.php_fichiers\airodump-ng-injection-start.png

C:\DOCUME~1\YOYOOOTH\Mes documents\IF5\tutorial-crack-wep-aircrack.php_fichiers\console.png

C:\DOCUME~1\YOYOOOTH\Mes documents\IF5\tutorial-crack-wep-aircrack.php_fichiers\drapeau-en.gif

C:\DOCUME~1\YOYOOOTH\Mes documents\IF5\tutorial-crack-wep-aircrack.php_fichiers\ethereal-capture-paquets-en-cour.gif

C:\DOCUME~1\YOYOOOTH\Mes documents\IF5\tutorial-crack-wep-aircrack.php_fichiers\ethereal-config-clef-wep-pr-decrypter-paquets.gif

C:\DOCUME~1\YOYOOOTH\Mes documents\IF5\tutorial-crack-wep-aircrack.php_fichiers\ethereal-config-options-capture.gif

C:\DOCUME~1\YOYOOOTH\Mes documents\IF5\tutorial-crack-wep-aircrack.php_fichiers\ethereal-ip-trouver-plein.gif

C:\DOCUME~1\YOYOOOTH\Mes documents\IF5\tutorial-crack-wep-aircrack.php_fichiers\ethereal-paquet-decrypter-ip-trouve.gif

C:\DOCUME~1\YOYOOOTH\Mes documents\IF5\tutorial-crack-wep-aircrack.php_fichiers\flechefaq.gif

C:\DOCUME~1\YOYOOOTH\Mes documents\IF5\tutorial-crack-wep-aircrack.php_fichiers\header-tuto-fr.gif

C:\DOCUME~1\YOYOOOTH\Mes documents\IF5\tutorial-crack-wep-aircrack.php_fichiers\hit.gif

C:\DOCUME~1\YOYOOOTH\Mes documents\IF5\tutorial-crack-wep-aircrack.php_fichiers\ifconfig-airmon-ng.png

C:\DOCUME~1\YOYOOOTH\Mes documents\IF5\tutorial-crack-wep-aircrack.php_fichiers\ifconfig-changer-adresse-mac.gif

C:\DOCUME~1\YOYOOOTH\Mes documents\IF5\tutorial-crack-wep-aircrack.php_fichiers\install-ptw-2.png

C:\DOCUME~1\YOYOOOTH\Mes documents\IF5\tutorial-crack-wep-aircrack.php_fichiers\install-ptw-3.png

C:\DOCUME~1\YOYOOOTH\Mes documents\IF5\tutorial-crack-wep-aircrack.php_fichiers\install-ptw1.png

C:\DOCUME~1\YOYOOOTH\Mes documents\IF5\tutorial-crack-wep-aircrack.php_fichiers\iwconfig-ath0.gif

C:\DOCUME~1\YOYOOOTH\Mes documents\IF5\tutorial-crack-wep-aircrack.php_fichiers\iwconfig-changer-clef-wep2.gif

C:\DOCUME~1\YOYOOOTH\Mes documents\IF5\tutorial-crack-wep-aircrack.php_fichiers\iwconfig-passage-mode-managed.gif

C:\DOCUME~1\YOYOOOTH\Mes documents\IF5\tutorial-crack-wep-aircrack.php_fichiers\iwconfig.gif

C:\DOCUME~1\YOYOOOTH\Mes documents\IF5\tutorial-crack-wep-aircrack.php_fichiers\login-bt2.png

C:\DOCUME~1\YOYOOOTH\Mes documents\IF5\tutorial-crack-wep-aircrack.php_fichiers\pixel.gif

C:\DOCUME~1\YOYOOOTH\Mes documents\IF5\tutorial-crack-wep-aircrack.php_fichiers\show_ads.js

C:\DOCUME~1\YOYOOOTH\Mes documents\IF5\tutorial-crack-wep-aircrack.php_fichiers\style.css

C:\DOCUME~1\YOYOOOTH\Mes documents\IF5\tutorial-crack-wep-aircrack.php_fichiers\urchin.js

C:\DOCUME~1\YOYOOOTH\Mes documents\IF5\tutorial-crack-wep-aircrack.php_fichiers\x-click-but04.gif

C:\DOCUME~1\YOYOOOTH\Mes documents\IF5\tutorial-crack-wep-aircrack.php_fichiers\ads_data_002\abg-fr-100c-000000.png

 

 

[F:5100][D:381]-> C:\DOCUME~1\YOYOOOTH\LOCALS~1\Temp

[F:543][D:0]-> C:\DOCUME~1\YOYOOOTH\Cookies

[F:4648][D:100]-> C:\DOCUME~1\YOYOOOTH\LOCALS~1\TEMPOR~1\content.IE5

 

1 - "C:\Lop SD\LopR_1.txt" - 09/09/2008|20:12 - Option : [1]

2 - "C:\Lop SD\LopR_2.txt" - 09/09/2008|20:21 - Option : [1]

 

--------------------\\ Fin du rapport a 20:21:18

Falkra Devil Member !

Falkra

Posté(e)
Posté(e)

Infecté, jusqu'à la moelle. Oups des tutos... pas forcément clean.

 

Relance Lop S&D

 

Choisis cette fois ci l'Option 2 (Suppression)

Ne ferme pas la fenêtre lors de la suppression !

Poste le rapport généré (C:\lopR.txt) + un nouveau rapport HijackThis stp.

 

(Si le Bureau ne réapparaît pas presse Ctrl + Alt + Suppr, Onglet Fichier, Nouvelle tâche, tape explorer.exe et valide)

Yosra Junior Member

Yosra

Posté(e)
  • Auteur
Posté(e)

J'ai relancé Lop S&D, lancé la suppression et voila ce que ça donne :

 

 

--------------------\\ Lop S&D 4.2.4-2 XP/Vista

 

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2

X86-based PC ( Uniprocessor Free : Intel® Pentium® M processor 1.70GHz )

BIOS : Ver 1.00PARTTBLh

USER : YOYOOOTH ( Administrator )

BOOT : Normal boot

Antivirus : avast! antivirus 4.7.1098 [VPS 080910-0] 4.7.1098 (Activated)

 

"C:\Lop SD" ( MAJ : 08-09-2008|21:40 )

Option : [2] ( 11/09/2008| 1:50 )

 

 

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION

 

Supprime! - C:\DOCUME~1\YOYOOOTH\APPLIC~1\BitDownload\Data

Supprime! - C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\BitDownload\BitDownload.lnk

Supprime! - C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\BitDownload\Uninstall BitDownload.lnk

Supprime! - C:\DOCUME~1\YOYOOOTH\APPLIC~1\Torrent101\Data

Supprime! - C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\Torrent101\Torrent101.lnk

Supprime! - C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\Torrent101\Uninstall Torrent101.lnk

Supprime! - C:\Program Files\Torrent101\settings.ini

Supprime! - C:\Program Files\Torrent101\settings.stp

Supprime! - C:\Program Files\Torrent101\SkinCrafterDll.dll

Supprime! - C:\Program Files\Torrent101\Skins

Supprime! - C:\Program Files\Torrent101\Support

Supprime! - C:\Program Files\Torrent101\Torrent101.exe

Supprime! - C:\Program Files\Torrent101\Torrent101.TRC

Supprime! - C:\Program Files\Torrent101\Torrent101_1.TRC

Supprime! - C:\Program Files\Torrent101\TorrentManager.dll

Supprime! - C:\Program Files\Torrent101\unins000.dat

Supprime! - C:\Program Files\Torrent101\unins000.exe

Supprime! - C:\Program Files\Torrent101\ZM

Supprime! - C:\DOCUME~1\YOYOOOTH\Cookies\yoyoooth@advertstream[1].txt

Supprime! - C:\DOCUME~1\YOYOOOTH\Cookies\yoyoooth@advertising[2].txt

Supprime! - C:\DOCUME~1\YOYOOOTH\APPLIC~1\BitDownload

Supprime! - C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\BitDownload

Supprime! - C:\Program Files\BitDownload

Supprime! - C:\DOCUME~1\YOYOOOTH\APPLIC~1\Torrent101

Supprime! - C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\Torrent101

Supprime! - C:\Program Files\Torrent101

Supprime! - C:\DOCUME~1\YOYOOOTH\APPLIC~1\ACEMOR~1

Supprime! - C:\Program Files\ACEMOR~1

-

[ Fichier Hosts ] .. Restaure!

 

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

 

 

--------------------\\ Listing des dossiers dans APPLIC~1

 

[07/08/2005|22:09] C:\DOCUME~1\ADMINI~1\APPLIC~1\Apple Computer

[08/08/2005|05:32] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities

[08/08/2005|05:32] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft

[07/08/2005|22:11] C:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec

 

[15/06/2008|16:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe

[09/08/2006|15:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer

[24/06/2007|11:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Autodesk

[28/12/2007|00:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Bluetooth

[19/09/2006|22:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google

[08/06/2006|11:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP

[07/08/2005|22:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\hpqwmi

[07/08/2005|22:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield

[10/03/2008|23:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft

[02/06/2007|04:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Line 6

[19/06/2008|15:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ma-config.com

[07/06/2006|16:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Macrovision

[22/05/2006|02:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft

[06/09/2007|15:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PowerAMC 12

[10/05/2006|01:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime

[08/08/2005|05:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI

[18/07/2007|10:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype

[01/06/2007|01:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sonoma Wire Works

[01/08/2006|16:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec

[25/12/2006|23:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage

[14/04/2008|00:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

[04/07/2007|14:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo!

[04/07/2007|15:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion

 

[07/08/2005|22:09] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Apple Computer

[08/08/2005|05:32] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities

[08/08/2005|05:32] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[07/08/2005|22:11] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec

 

[08/08/2005|05:32] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

 

[08/08/2005|05:32] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

 

[15/06/2008|15:50] C:\DOCUME~1\YOYOOOTH\APPLIC~1\Adobe

[08/05/2008|13:32] C:\DOCUME~1\YOYOOOTH\APPLIC~1\AdobeUM

[10/12/2006|21:37] C:\DOCUME~1\YOYOOOTH\APPLIC~1\Ahead

[09/08/2006|15:19] C:\DOCUME~1\YOYOOOTH\APPLIC~1\Apple Computer

[28/01/2007|13:59] C:\DOCUME~1\YOYOOOTH\APPLIC~1\Autodesk

[21/08/2007|18:56] C:\DOCUME~1\YOYOOOTH\APPLIC~1\BitTorrent

[21/08/2007|03:43] C:\DOCUME~1\YOYOOOTH\APPLIC~1\bsplayer

[21/07/2007|15:44] C:\DOCUME~1\YOYOOOTH\APPLIC~1\dvdcss

[20/09/2006|23:12] C:\DOCUME~1\YOYOOOTH\APPLIC~1\Google

[08/05/2006|22:39] C:\DOCUME~1\YOYOOOTH\APPLIC~1\Help

[21/09/2006|23:32] C:\DOCUME~1\YOYOOOTH\APPLIC~1\HP

[08/08/2005|05:32] C:\DOCUME~1\YOYOOOTH\APPLIC~1\Identities

[01/11/2006|23:58] C:\DOCUME~1\YOYOOOTH\APPLIC~1\Image Zone Express

[08/05/2006|19:55] C:\DOCUME~1\YOYOOOTH\APPLIC~1\InterVideo

[19/11/2006|16:13] C:\DOCUME~1\YOYOOOTH\APPLIC~1\Leadertech

[02/06/2007|04:40] C:\DOCUME~1\YOYOOOTH\APPLIC~1\Line 6

[07/07/2006|18:14] C:\DOCUME~1\YOYOOOTH\APPLIC~1\Macromedia

[22/11/2006|21:40] C:\DOCUME~1\YOYOOOTH\APPLIC~1\Media Player Classic

[14/03/2008|00:20] C:\DOCUME~1\YOYOOOTH\APPLIC~1\Microsoft

[09/01/2007|00:31] C:\DOCUME~1\YOYOOOTH\APPLIC~1\Mozilla

[10/12/2006|18:43] C:\DOCUME~1\YOYOOOTH\APPLIC~1\NetMedia Providers

[10/07/2007|16:33] C:\DOCUME~1\YOYOOOTH\APPLIC~1\Notepad++

[01/02/2007|23:44] C:\DOCUME~1\YOYOOOTH\APPLIC~1\PLSQL Developer

[10/12/2006|18:43] C:\DOCUME~1\YOYOOOTH\APPLIC~1\Publish Providers

[20/03/2008|02:32] C:\DOCUME~1\YOYOOOTH\APPLIC~1\Real

[02/08/2007|23:42] C:\DOCUME~1\YOYOOOTH\APPLIC~1\Samsung

[20/08/2008|11:02] C:\DOCUME~1\YOYOOOTH\APPLIC~1\Skype

[19/11/2006|16:14] C:\DOCUME~1\YOYOOOTH\APPLIC~1\Sonic

[10/12/2006|18:42] C:\DOCUME~1\YOYOOOTH\APPLIC~1\Sony

[13/01/2007|18:26] C:\DOCUME~1\YOYOOOTH\APPLIC~1\Sun

[09/05/2006|18:18] C:\DOCUME~1\YOYOOOTH\APPLIC~1\Symantec

[25/11/2006|11:48] C:\DOCUME~1\YOYOOOTH\APPLIC~1\Syntrillium

[23/06/2007|09:34] C:\DOCUME~1\YOYOOOTH\APPLIC~1\Teleca

[09/05/2006|18:24] C:\DOCUME~1\YOYOOOTH\APPLIC~1\Template

[10/01/2008|13:49] C:\DOCUME~1\YOYOOOTH\APPLIC~1\U3

[18/02/2007|17:21] C:\DOCUME~1\YOYOOOTH\APPLIC~1\vlc

 

--------------------\\ Tâches planifiées dans %SystemRoot%\tasks

 

[11/09/2008 01:40][--ah-----] C:\WINDOWS\tasks\SA.DAT

[05/08/2004 10:00][-rah-----] C:\WINDOWS\tasks\desktop.ini

 

--------------------\\ Listing des dossiers dans C:\Program Files

 

[23/06/2007|13:33] C:\Program Files\ACAD2000

[11/11/2007|00:50] C:\Program Files\Adobe

[17/12/2006|23:59] C:\Program Files\AGEIA Technologies

[01/08/2006|16:28] C:\Program Files\Alwil Software

[07/08/2005|21:41] C:\Program Files\Analog Devices

[21/05/2006|18:57] C:\Program Files\AngelPotion Video Codec V1

[24/06/2007|11:32] C:\Program Files\AnswerWorks 4.0

[23/06/2007|13:33] C:\Program Files\Apoint2K

[07/08/2005|21:41] C:\Program Files\ATI Technologies

[24/06/2007|12:43] C:\Program Files\AutoCAD 2004

[28/01/2007|13:56] C:\Program Files\Autodesk

[24/06/2007|11:22] C:\Program Files\Autodesk Architectural Desktop 2004

[03/11/2006|22:44] C:\Program Files\BitTorrent

[01/04/2008|15:35] C:\Program Files\Borland

[04/03/2007|15:26] C:\Program Files\Cain

[10/03/2008|22:21] C:\Program Files\CCleaner

[19/08/2006|18:18] C:\Program Files\Collectorz.com

[02/06/2007|04:42] C:\Program Files\Common Files

[08/08/2005|05:32] C:\Program Files\ComPlus Applications

[25/11/2006|11:54] C:\Program Files\coolpro2

[21/08/2007|03:50] C:\Program Files\DAEMON Tools

[01/06/2008|13:01] C:\Program Files\Design Explorer 99 SE

[24/02/2007|13:11] C:\Program Files\DFX

[21/08/2007|03:33] C:\Program Files\DivX

[21/05/2006|18:56] C:\Program Files\DivXCodec

[28/05/2006|21:14] C:\Program Files\Dolby

[03/11/2006|21:38] C:\Program Files\Easy Internet signup

[18/08/2006|00:34] C:\Program Files\EasyPHP1-8

[10/07/2007|02:09] C:\Program Files\Eidos

[11/09/2008|01:43] C:\Program Files\eMule

[01/06/2008|12:54] C:\Program Files\Fichiers communs

[17/12/2007|18:03] C:\Program Files\FLV Player

[28/07/2006|01:19] C:\Program Files\Foreignword

[14/10/2006|18:20] C:\Program Files\GetData

[01/11/2006|22:44] C:\Program Files\Google

[27/05/2006|14:39] C:\Program Files\Guitar Pro 3 Demo

[05/08/2008|18:26] C:\Program Files\Guitar Pro 5

[07/08/2005|22:06] C:\Program Files\Hewlett-Packard

[07/01/2007|17:26] C:\Program Files\Hijackthis

[08/06/2006|11:23] C:\Program Files\Hp

[23/12/2007|16:47] C:\Program Files\HPQ

[05/01/2007|18:20] C:\Program Files\Image-Line

[01/06/2008|12:54] C:\Program Files\InstallShield Installation Information

[24/12/2007|21:37] C:\Program Files\Intel

[15/08/2008|15:58] C:\Program Files\Internet Explorer

[24/12/2007|21:37] C:\Program Files\InterVideo

[07/08/2005|22:09] C:\Program Files\iPod

[07/08/2005|22:09] C:\Program Files\iTunes

[28/08/2007|23:15] C:\Program Files\IVT Corporation

[17/07/2008|12:13] C:\Program Files\Java

[21/08/2007|03:43] C:\Program Files\K-Lite Codec Pack

[10/03/2008|23:02] C:\Program Files\Lavasoft

[01/08/2006|18:10] C:\Program Files\LimeWire

[02/06/2007|04:39] C:\Program Files\Line6

[19/06/2008|15:52] C:\Program Files\ma-config.com

[18/07/2006|18:14] C:\Program Files\MapInfo MapX

[01/02/2008|13:30] C:\Program Files\Microsoft ActiveSync

[26/02/2008|12:13] C:\Program Files\Microsoft CAPICOM 2.1.0.2

[08/08/2005|05:32] C:\Program Files\microsoft frontpage

[14/03/2008|00:19] C:\Program Files\Microsoft Office

[18/07/2006|18:00] C:\Program Files\Microsoft Visual Studio

[07/08/2005|21:54] C:\Program Files\Microsoft Works

[22/05/2006|02:56] C:\Program Files\Microsoft.NET

[02/04/2008|19:10] C:\Program Files\Mikroelektronika

[15/09/2006|16:22] C:\Program Files\Monkey's Audio

[08/08/2005|05:32] C:\Program Files\Movie Maker

[11/09/2008|01:47] C:\Program Files\Mozilla Firefox

[14/03/2008|00:17] C:\Program Files\MSECache

[08/08/2005|05:32] C:\Program Files\MSN

[08/08/2005|05:32] C:\Program Files\MSN Gaming Zone

[17/11/2006|20:42] C:\Program Files\MSXML 4.0

[24/09/2006|15:57] C:\Program Files\Nero

[08/08/2005|05:32] C:\Program Files\NetMeeting

[10/07/2007|16:32] C:\Program Files\Notepad++

[08/08/2005|05:32] C:\Program Files\Online Services

[13/06/2007|03:36] C:\Program Files\Outlook Express

[07/05/2007|13:49] C:\Program Files\PDFCreator

[20/02/2008|23:23] C:\Program Files\PLSQL Developer

[17/10/2006|15:56] C:\Program Files\PowerQuest

[18/07/2006|18:00] C:\Program Files\Publication Web

[09/08/2006|15:18] C:\Program Files\QuickTime

[24/02/2007|13:13] C:\Program Files\Real

[24/12/2007|21:25] C:\Program Files\SAGEM

[24/12/2007|21:25] C:\Program Files\SAGEM(2)

[26/10/2006|22:08] C:\Program Files\SAIG

[02/08/2007|22:50] C:\Program Files\Samsung

[23/06/2007|13:32] C:\Program Files\Scan Hijack This

[18/07/2006|18:13] C:\Program Files\Seagate Software

[07/08/2005|22:08] C:\Program Files\Services en ligne

[29/06/2008|16:18] C:\Program Files\SHARE 1.0 EX2

[18/07/2007|10:40] C:\Program Files\Skype

[07/08/2005|22:01] C:\Program Files\Sonic

[01/06/2007|01:57] C:\Program Files\Sonoma Wire Works

[10/12/2006|05:24] C:\Program Files\Sony

[13/05/2008|13:13] C:\Program Files\Sun

[29/08/2008|13:20] C:\Program Files\SuperCopier2

[25/10/2006|23:19] C:\Program Files\SurfOffline

[06/05/2007|16:08] C:\Program Files\Sybase

[01/08/2006|16:13] C:\Program Files\Symantec

[21/05/2006|18:56] C:\Program Files\The Playa

[08/08/2005|05:32] C:\Program Files\Uninstall Information

[01/05/2008|14:11] C:\Program Files\USB Disk Security

[18/02/2007|17:19] C:\Program Files\VideoLAN

[27/05/2006|18:19] C:\Program Files\Volo View Express

[02/06/2007|04:40] C:\Program Files\Vstplugins

[27/05/2006|18:20] C:\Program Files\WexTech

[10/05/2006|14:39] C:\Program Files\WIDCOMM

[08/09/2006|15:38] C:\Program Files\Winamp

[14/04/2008|00:26] C:\Program Files\Windows Live

[10/07/2007|06:45] C:\Program Files\Windows Media Connect 2

[10/07/2007|06:45] C:\Program Files\Windows Media Player

[08/08/2005|05:32] C:\Program Files\Windows NT

[08/08/2005|05:32] C:\Program Files\WindowsUpdate

[22/02/2007|23:14] C:\Program Files\WinPcap

[09/07/2006|11:58] C:\Program Files\WinRAR

[08/08/2005|05:32] C:\Program Files\xerox

[24/03/2007|15:23] C:\Program Files\Xinox Software

[04/07/2007|14:35] C:\Program Files\Yahoo!

[09/05/2006|14:15] C:\Program Files\Zero G Registry

 

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

 

[18/06/2007|14:57] C:\Program Files\Fichiers communs\Adobe

[24/09/2006|15:57] C:\Program Files\Fichiers communs\Ahead

[24/06/2007|11:32] C:\Program Files\Fichiers communs\Autodesk Shared

[01/04/2008|15:34] C:\Program Files\Fichiers communs\Borland Shared

[24/06/2007|11:18] C:\Program Files\Fichiers communs\DESIGNER

[08/06/2006|11:19] C:\Program Files\Fichiers communs\Hewlett-Packard

[08/06/2006|11:23] C:\Program Files\Fichiers communs\HP

[07/08/2005|22:02] C:\Program Files\Fichiers communs\InstallShield

[01/06/2007|02:07] C:\Program Files\Fichiers communs\Java

[27/05/2006|18:20] C:\Program Files\Fichiers communs\LHSPF

[07/08/2005|22:09] C:\Program Files\Fichiers communs\LightScribe

[24/06/2007|11:34] C:\Program Files\Fichiers communs\Macrovision Shared

[05/07/2008|16:10] C:\Program Files\Fichiers communs\Microsoft Shared

[08/08/2005|05:32] C:\Program Files\Fichiers communs\MSSoap

[01/06/2008|12:54] C:\Program Files\Fichiers communs\Novell Shared

[08/08/2005|05:32] C:\Program Files\Fichiers communs\ODBC

[24/02/2007|13:13] C:\Program Files\Fichiers communs\Real

[08/08/2005|05:32] C:\Program Files\Fichiers communs\Services

[18/07/2007|10:40] C:\Program Files\Fichiers communs\Skype

[07/08/2005|22:01] C:\Program Files\Fichiers communs\Sonic Shared

[08/08/2005|05:32] C:\Program Files\Fichiers communs\SpeechEngines

[07/08/2005|22:01] C:\Program Files\Fichiers communs\SureThing Shared

[13/06/2007|03:45] C:\Program Files\Fichiers communs\System

[04/07/2007|16:23] C:\Program Files\Fichiers communs\Teleca Shared

[07/08/2005|22:01] C:\Program Files\Fichiers communs\TiVo Shared

[10/06/2006|22:51] C:\Program Files\Fichiers communs\Wextech Shared

[25/02/2008|00:40] C:\Program Files\Fichiers communs\WindowsLiveInstaller

[10/03/2008|23:02] C:\Program Files\Fichiers communs\Wise Installation Wizard

[24/02/2007|13:13] C:\Program Files\Fichiers communs\xing shared

 

--------------------\\ Process

 

( 59 Processes )

 

... OK !

 

--------------------\\ Recherche avec S_Lop

 

Aucun fichier / dossier Lop trouvé !

 

--------------------\\ Recherche de Fichiers / Dossiers Lop

 

C:\DOCUME~1\YOYOOOTH\Cookies\yoyoooth@advertising[3].txt

 

--------------------\\ Verification du Registre

 

..... OK !

 

--------------------\\ Verification du fichier Hosts

 

Fichier Hosts MODIFIE

 

127.0.0.1 bin.errorprotector.com ## added by CiD

127.0.0.1 br.errorsafe.com ## added by CiD

127.0.0.1 br.winantivirus.com ## added by CiD

127.0.0.1 br.winfixer.com ## added by CiD

127.0.0.1 cdn.drivecleaner.com ## added by CiD

127.0.0.1 cdn.errorsafe.com ## added by CiD

127.0.0.1 cdn.winsoftware.com ## added by CiD

127.0.0.1 de.errorsafe.com ## added by CiD

127.0.0.1 de.winantivirus.com ## added by CiD

127.0.0.1 download.cdn.drivecleaner.com ## added by CiD

127.0.0.1 download.cdn.errorsafe.com ## added by CiD

127.0.0.1 download.cdn.winsoftware.com ## added by CiD

127.0.0.1 download.errorsafe.com ## added by CiD

127.0.0.1 download.systemdoctor.com ## added by CiD

127.0.0.1 download.winantispyware.com ## added by CiD

127.0.0.1 download.windrivecleaner.com ## added by CiD

127.0.0.1 download.winfixer.com ## added by CiD

127.0.0.1 drivecleaner.com ## added by CiD

127.0.0.1 dynamique.drivecleaner.com ## added by CiD

127.0.0.1 errorprotector.com ## added by CiD

127.0.0.1 errorsafe.com ## added by CiD

127.0.0.1 es.winantivirus.com ## added by CiD

127.0.0.1 fr.winantivirus.com ## added by CiD

127.0.0.1 fr.winfixer.com ## added by CiD

127.0.0.1 go.drivecleaner.com ## added by CiD

127.0.0.1 go.errorsafe.com ## added by CiD

127.0.0.1 go.winantispyware.com ## added by CiD

127.0.0.1 go.winantivirus.com ## added by CiD

127.0.0.1 hk.winantivirus.com ## added by CiD

127.0.0.1 instlog.errorsafe.com ## added by CiD

127.0.0.1 instlog.winantivirus.com ## added by CiD

127.0.0.1 instlog.winfixer.com ## added by CiD

127.0.0.1 jsp.drivecleaner.com ## added by CiD

127.0.0.1 kb.errorsafe.com ## added by CiD

127.0.0.1 kb.winantivirus.com ## added by CiD

127.0.0.1 nl.errorsafe.com ## added by CiD

127.0.0.1 se.errorsafe.com ## added by CiD

127.0.0.1 secure.drivecleaner.com ## added by CiD

127.0.0.1 secure.errorsafe.com ## added by CiD

127.0.0.1 secure.winantispam.com ## added by CiD

127.0.0.1 secure.winantispy.com ## added by CiD

127.0.0.1 secure.winantivirus.com ## added by CiD

127.0.0.1 support.winantivirus.com ## added by CiD

127.0.0.1 trial.updates.winsoftware.com ## added by CiD

127.0.0.1 ulog.winantivirus.com ## added by CiD

127.0.0.1 utils.errorsafe.com ## added by CiD

127.0.0.1 utils.winantivirus.com ## added by CiD

127.0.0.1 utils.winfixer.com ## added by CiD

127.0.0.1 winantispyware.com ## added by CiD

127.0.0.1 winantivirus.com ## added by CiD

127.0.0.1 winfixer.com ## added by CiD

127.0.0.1 winfixer2006.com ## added by CiD

127.0.0.1 winsoftware.com ## added by CiD

127.0.0.1 www.drivecleaner.com ## added by CiD

127.0.0.1 www.errorprotector.com ## added by CiD

127.0.0.1 www.errorsafe.com ## added by CiD

127.0.0.1 www.systemdoctor.com ## added by CiD

127.0.0.1 www.utils.winfixer.com ## added by CiD

127.0.0.1 www.win-anti-virus-pro.com ## added by CiD

127.0.0.1 www.win-virus-pro.com ## added by CiD

127.0.0.1 www.winantispam.com ## added by CiD

127.0.0.1 www.winantispy.com ## added by CiD

127.0.0.1 www.winantispyware.com ## added by CiD

127.0.0.1 www.winantivirus.com ## added by CiD

127.0.0.1 www.winantiviruspro.com ## added by CiD

127.0.0.1 www.windrivecleaner.com ## added by CiD

127.0.0.1 www.windrivesafe.com ## added by CiD

127.0.0.1 www.winfixer.com ## added by CiD

127.0.0.1 www.winfixer2006.com ## added by CiD

127.0.0.1 www.winsoftware.com ## added by CiD

 

-> 71 [ 70 ## added by CiD ]

 

--------------------\\ Recherche de fichiers avec Catchme

 

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-11 01:52:37

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden files: 56

 

--------------------\\ Recherche d'autres infections

 

--------------------\\ Cracks & Keygens ..

 

C:\DOCUME~1\YOYOOOTH\Bureau\dali\circuit logique\PROTEL99\CRACK

C:\DOCUME~1\YOYOOOTH\Bureau\dali\circuit logique\PROTEL99\CRACK\PROTEL99_SERVICEPACK_6.EXE

C:\DOCUME~1\YOYOOOTH\Mes documents\IF5\tutorial-crack-wep-aircrack.php.htm

C:\DOCUME~1\YOYOOOTH\Mes documents\IF5\tutorial-crack-wep-aircrack.php_fichiers

C:\DOCUME~1\YOYOOOTH\Mes documents\IF5\rational rose\crack rationnal rose

C:\DOCUME~1\YOYOOOTH\Mes documents\IF5\rational rose\crack rationnal rose\rational_perm.txt

C:\DOCUME~1\YOYOOOTH\Mes documents\IF5\tutorial-crack-wep-aircrack.php_fichiers\acceuil-bt2-mini.png

C:\DOCUME~1\YOYOOOTH\Mes documents\IF5\tutorial-crack-wep-aircrack.php_fichiers\ads.htm

C:\DOCUME~1\YOYOOOTH\Mes documents\IF5\tutorial-crack-wep-aircrack.php_fichiers\ads_002.htm

C:\DOCUME~1\YOYOOOTH\Mes documents\IF5\tutorial-crack-wep-aircrack.php_fichiers\ads_data_002

C:\DOCUME~1\YOYOOOTH\Mes documents\IF5\tutorial-crack-wep-aircrack.php_fichiers\aircrack-crack-en-court.png

C:\DOCUME~1\YOYOOOTH\Mes documents\IF5\tutorial-crack-wep-aircrack.php_fichiers\aircrack-key-found.png

C:\DOCUME~1\YOYOOOTH\Mes documents\IF5\tutorial-crack-wep-aircrack.php_fichiers\aircrack-ptw-45k.png

C:\DOCUME~1\YOYOOOTH\Mes documents\IF5\tutorial-crack-wep-aircrack.php_fichiers\aircrack-selection-reseau.png

C:\DOCUME~1\YOYOOOTH\Mes documents\IF5\tutorial-crack-wep-aircrack.php_fichiers\aireplay-ng-3-millieu.png

C:\DOCUME~1\YOYOOOTH\Mes documents\IF5\tutorial-crack-wep-aircrack.php_fichiers\aireplay-ng-ARP-injection.png

C:\DOCUME~1\YOYOOOTH\Mes documents\IF5\tutorial-crack-wep-aircrack.php_fichiers\aireplay-ng-attente-ARP.png

C:\DOCUME~1\YOYOOOTH\Mes documents\IF5\tutorial-crack-wep-aircrack.php_fichiers\aireplay-ng-fakeauth-60s.png

C:\DOCUME~1\YOYOOOTH\Mes documents\IF5\tutorial-crack-wep-aircrack.php_fichiers\aireplay-sending-authtification-request.gif

C:\DOCUME~1\YOYOOOTH\Mes documents\IF5\tutorial-crack-wep-aircrack.php_fichiers\airmon-ng.png

C:\DOCUME~1\YOYOOOTH\Mes documents\IF5\tutorial-crack-wep-aircrack.php_fichiers\airmon-ng_002.png

C:\DOCUME~1\YOYOOOTH\Mes documents\IF5\tutorial-crack-wep-aircrack.php_fichiers\airodump-exemple-reseau-wifi-non-crypte.gif

C:\DOCUME~1\YOYOOOTH\Mes documents\IF5\tutorial-crack-wep-aircrack.php_fichiers\airodump-lien-pour-parametre-de-aireplay.gif

C:\DOCUME~1\YOYOOOTH\Mes documents\IF5\tutorial-crack-wep-aircrack.php_fichiers\airodump-ng-1.png

C:\DOCUME~1\YOYOOOTH\Mes documents\IF5\tutorial-crack-wep-aircrack.php_fichiers\airodump-ng-180k.png

C:\DOCUME~1\YOYOOOTH\Mes documents\IF5\tutorial-crack-wep-aircrack.php_fichiers\airodump-ng-channel2.png

C:\DOCUME~1\YOYOOOTH\Mes documents\IF5\tutorial-crack-wep-aircrack.php_fichiers\airodump-ng-injection-start.png

C:\DOCUME~1\YOYOOOTH\Mes documents\IF5\tutorial-crack-wep-aircrack.php_fichiers\console.png

C:\DOCUME~1\YOYOOOTH\Mes documents\IF5\tutorial-crack-wep-aircrack.php_fichiers\drapeau-en.gif

C:\DOCUME~1\YOYOOOTH\Mes documents\IF5\tutorial-crack-wep-aircrack.php_fichiers\ethereal-capture-paquets-en-cour.gif

C:\DOCUME~1\YOYOOOTH\Mes documents\IF5\tutorial-crack-wep-aircrack.php_fichiers\ethereal-config-clef-wep-pr-decrypter-paquets.gif

C:\DOCUME~1\YOYOOOTH\Mes documents\IF5\tutorial-crack-wep-aircrack.php_fichiers\ethereal-config-options-capture.gif

C:\DOCUME~1\YOYOOOTH\Mes documents\IF5\tutorial-crack-wep-aircrack.php_fichiers\ethereal-ip-trouver-plein.gif

C:\DOCUME~1\YOYOOOTH\Mes documents\IF5\tutorial-crack-wep-aircrack.php_fichiers\ethereal-paquet-decrypter-ip-trouve.gif

C:\DOCUME~1\YOYOOOTH\Mes documents\IF5\tutorial-crack-wep-aircrack.php_fichiers\flechefaq.gif

C:\DOCUME~1\YOYOOOTH\Mes documents\IF5\tutorial-crack-wep-aircrack.php_fichiers\header-tuto-fr.gif

C:\DOCUME~1\YOYOOOTH\Mes documents\IF5\tutorial-crack-wep-aircrack.php_fichiers\hit.gif

C:\DOCUME~1\YOYOOOTH\Mes documents\IF5\tutorial-crack-wep-aircrack.php_fichiers\ifconfig-airmon-ng.png

C:\DOCUME~1\YOYOOOTH\Mes documents\IF5\tutorial-crack-wep-aircrack.php_fichiers\ifconfig-changer-adresse-mac.gif

C:\DOCUME~1\YOYOOOTH\Mes documents\IF5\tutorial-crack-wep-aircrack.php_fichiers\install-ptw-2.png

C:\DOCUME~1\YOYOOOTH\Mes documents\IF5\tutorial-crack-wep-aircrack.php_fichiers\install-ptw-3.png

C:\DOCUME~1\YOYOOOTH\Mes documents\IF5\tutorial-crack-wep-aircrack.php_fichiers\install-ptw1.png

C:\DOCUME~1\YOYOOOTH\Mes documents\IF5\tutorial-crack-wep-aircrack.php_fichiers\iwconfig-ath0.gif

C:\DOCUME~1\YOYOOOTH\Mes documents\IF5\tutorial-crack-wep-aircrack.php_fichiers\iwconfig-changer-clef-wep2.gif

C:\DOCUME~1\YOYOOOTH\Mes documents\IF5\tutorial-crack-wep-aircrack.php_fichiers\iwconfig-passage-mode-managed.gif

C:\DOCUME~1\YOYOOOTH\Mes documents\IF5\tutorial-crack-wep-aircrack.php_fichiers\iwconfig.gif

C:\DOCUME~1\YOYOOOTH\Mes documents\IF5\tutorial-crack-wep-aircrack.php_fichiers\login-bt2.png

C:\DOCUME~1\YOYOOOTH\Mes documents\IF5\tutorial-crack-wep-aircrack.php_fichiers\pixel.gif

C:\DOCUME~1\YOYOOOTH\Mes documents\IF5\tutorial-crack-wep-aircrack.php_fichiers\show_ads.js

C:\DOCUME~1\YOYOOOTH\Mes documents\IF5\tutorial-crack-wep-aircrack.php_fichiers\style.css

C:\DOCUME~1\YOYOOOTH\Mes documents\IF5\tutorial-crack-wep-aircrack.php_fichiers\urchin.js

C:\DOCUME~1\YOYOOOTH\Mes documents\IF5\tutorial-crack-wep-aircrack.php_fichiers\x-click-but04.gif

C:\DOCUME~1\YOYOOOTH\Mes documents\IF5\tutorial-crack-wep-aircrack.php_fichiers\ads_data_002\abg-fr-100c-000000.png

 

 

[F:5115][D:382]-> C:\DOCUME~1\YOYOOOTH\LOCALS~1\Temp

[F:545][D:0]-> C:\DOCUME~1\YOYOOOTH\Cookies

[F:6848][D:104]-> C:\DOCUME~1\YOYOOOTH\LOCALS~1\TEMPOR~1\content.IE5

 

1 - "C:\Lop SD\LopR_1.txt" - 09/09/2008|20:12 - Option : [1]

2 - "C:\Lop SD\LopR_2.txt" - 09/09/2008|20:21 - Option : [1]

3 - "C:\Lop SD\LopR_3.txt" - 11/09/2008| 1:57 - Option : [2]

 

--------------------\\ Fin du rapport a 1:57:04

 

 

 

Et voici le log Hijackthis:

 

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 02:00:16, on 11/09/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\WINDOWS\system32\drivers\CDAC11BA.EXE

C:\WINDOWS\system32\crypserv.exe

c:\altera\61\quartus\bin\jtagserver.exe

C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

c:\orant\bin\oracle73.exe

C:\ORANT\BIN\TNSLSNR.EXE

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe

C:\Program Files\HPQ\SHARED\HPQWMI.exe

C:\WINDOWS\AGRSMMSG.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\AGEIA Technologies\TrayIcon.exe

C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\eMule\emule.exe

C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe

C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\YOYOOOTH\Bureau\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [soundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe

O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start

O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [system] C:\WINDOWS\system32\NetService.vbs

O4 - HKLM\..\Run: [uSB Antivirus] C:\Program Files\USB Disk Security\USBGuard.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [superCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe

O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart

O4 - HKLM\..\Policies\Explorer\Run: [none] C:\Program Files\Key Generator\pmsngr.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com

O15 - Trusted Zone: *.line6.net

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE

O23 - Service: Crypkey License - Unknown owner - C:\WINDOWS\SYSTEM32\crypserv.exe

O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Altera JTAG Server (JTAGServer) - Unknown owner - c:\altera\61\quartus\bin\jtagserver.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe

O23 - Service: OracleServiceORCL - Oracle Corporation - c:\orant\bin\oracle73.exe

O23 - Service: OracleStartORCL - Unknown owner - c:\orant\bin\strtdb73.exe

O23 - Service: OracleTNSListener - Unknown owner - C:\ORANT\BIN\TNSLSNR.EXE

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

 

--

End of file - 11391 bytes

 

 

Merci

Falkra Devil Member !

Falkra

Posté(e)
Posté(e)

Je vais maintenant te demander 2 rapports.

 

  • Télécharge SmitFraudFix de S!Ri sur le bureau :
    http://siri.urz.free.fr/Fix/SmitfraudFix.exe
  • Note: si tu as une version de SmitfraudFix, ne l'utilise pas, élimine là et télécharge la dernière version.
  • Double-clique sur smitfraudfix.exe
  • Choisis l'option 1 pour créer un rapport des fichiers responsables de l'infection.
  • Poste le rapport sur le forum dans ta prochaine réponse. (si tu ne le trouves pas, il est dans "C:\rapport.txt")

 

Si un virus est détecté par ton antivirus ou un autre logiciel (genre riskTool.win32.reboot), n'en tiens pas compte (choisis d'ignorer) et ne bloque pas le fichier, il faut partie de l'outil et des antivirus qui y voient un danger potentiel.

 

 

-----------

 

 

Télécharge Gmer.

Dézippe le dans un dossier ou sur ton bureau.

 

Double-clique sur Gmer.exe.

 

NB : Si une alerte de ton antivirus apparaît pour le fichier gmer.sys ou gmer.exe, laisse le s'exécuter.

 

Clique sur l'onglet rootkit/malware (déjà actif).

A droite, coche Files et Services uniquement.

Clique maintenant sur Scan.

 

Lorsque le scan est terminé, clique sur Copy.

 

Ouvre le Bloc-notes puis clique sur le Menu Edition / Coller.

Le rapport doit alors apparaître.

Enregistre le fichier sur ton bureau et copie/colle son contenu dans ta prochaine réponse.

Yosra Junior Member

Yosra

Posté(e)
  • Auteur
Posté(e)

Salut Falkra

 

J'ai effectué le scan avec SmitFraudFix mais lors de la recherche des fichiers infectés il y a eu plusieurs lignes disant que le chemin d'accès aux fichiers était incorrect, et le scan s'est terminé avec l'apparition d'une fenêtre disant que "Windowsne trouve pas '%systemRoot%\notepad.exe'...

 

Voici le rapport:

 

SmitFraudFix v2.349

 

Rapport fait à 14:21:21,87, 13/09/2008

Executé à partir de C:\Documents and Settings\YOYOOOTH\Bureau\SmitfraudFix

OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT

Le type du système de fichiers est NTFS

Fix executé en mode normal

 

»»»»»»»»»»»»»»»»»»»»»»»» Process

 

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\WINDOWS\system32\drivers\CDAC11BA.EXE

C:\WINDOWS\system32\crypserv.exe

c:\altera\61\quartus\bin\jtagserver.exe

C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

c:\orant\bin\oracle73.exe

C:\ORANT\BIN\TNSLSNR.EXE

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\HPQ\SHARED\HPQWMI.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\AGEIA Technologies\TrayIcon.exe

C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Program Files\USB Disk Security\USBGuard.exe

C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\eMule\emule.exe

C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe

C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\YOYOOOTH\Bureau\SmitfraudFix\Policies.exe

C:\WINDOWS\system32\cmd.exe

 

»»»»»»»»»»»»»»»»»»»»»»»» hosts

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\

 

 

»»»»»»»»»»»»»»»»»»»»»»»» %SystemRoot%

 

 

»»»»»»»»»»»»»»»»»»»»»»»» %SystemRoot%\system

 

 

»»»»»»»»»»»»»»»»»»»»»»»» %SystemRoot%\Web

 

 

»»»»»»»»»»»»»»»»»»»»»»»» %SystemRoot%\system32

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\YOYOOOTH

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\YOYOOOTH\Application Data

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\YOYOOOTH\Favoris

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Bureau

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

 

 

 

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 

IEDFix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

 

 

 

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 

VACFix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

 

 

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 

404Fix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

 

 

»»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 

AntiXPVSTFix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

 

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

 

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=""

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

"System"=""

 

 

»»»»»»»»»»»»»»»»»»»»»»»» RK

 

 

 

»»»»»»»»»»»»»»»»»»»»»»»» DNS

 

Description: Intel® PRO/Wireless 2200BG Network Connection - Miniport d'ordonnancement de paquets

DNS Server Search Order: 192.168.2.1

 

HKLM\SYSTEM\CCS\Services\Tcpip\..\{07438F6C-C55E-4C6E-A284-3C62F814A410}: DhcpNameServer=192.168.2.1

HKLM\SYSTEM\CS1\Services\Tcpip\..\{07438F6C-C55E-4C6E-A284-3C62F814A410}: DhcpNameServer=192.168.2.1

HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1

HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Fin

 

 

Le problème c'est que Gmer après avoir effectué le scan ne veut pas générer de rapport. Je ne comprends pas où est le pb.

Falkra Devil Member !

Falkra

Posté(e)
Posté(e)

Vérifie l'existence du fichier : c:\windows\notepad.exe

 

Télécharge OTMoveIt2 par OldTimer.

  • Enregistre ce fichier sur le Bureau.
  • Fais un double clic sur OTMoveIt2.exe pour lancer l'exécution de l'outil. (Note: Si tu utilises Vista, fais un clic droit sur le fichier puis choisir Exécuter en tant qu'administrateur).
  • Copie les lignes de la zone "Code" ci-dessous dans le Presse-papiers en les sélectionnant toutes puis en appuyant simultanément sur les touches CTRL et C (ou, après les avoir sélectionnées, en faisant un clic droit puis en choisissant Copier):
    C:\Program Files\Key Generator


  • Retourne dans la fenêtre de OTMoveIt2, fais un clic droit dans la zone de gauche intitulée "Paste List Of Files/Folders to Move" (sous la barre jaune) puis choisir Coller.
  • Clique sur le bouton rouge Moveit!.
  • Ferme OTMoveIt2
  • Poste dans ta prochaine réponse le rapport de OTMoveIt2 (contenu du fichier C:\_OTMoveIt\MovedFiles\********_******.log - les *** sont des chiffres représentant la date [moisjourannée] et l'heure)

Note: Si un fichier ou un dossier ne peut pas être déplacé immédiatement, un redémarrage sera peut-être nécessaire pour permettre de terminer le processus de déplacement. Si le redémarrage de la machine vous est demandé, choisir Oui/Yes.

Yosra Junior Member

Yosra

Posté(e)
  • Auteur
Posté(e)

Le fichier NOTEPAD.exe existe bien sous C:\WINDOWS, quant à OTMoveIt2, il donne le résultat suivant:

 

File/Folder C:\Program Files\Key Generator not found.

 

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 09142008_182915

 

 

J'ai cherché Key Generator sous C:\Program Files mais il n'existe effectivement pas :P

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...