Quelqu'un pour analyser mon hijackthis svp
Résolu/Fermé
leelooworld
Messages postés
168
Date d'inscription
dimanche 13 juillet 2008
Statut
Membre
Dernière intervention
10 août 2015
-
13 juil. 2008 à 20:15
rafik75018 Messages postés 4 Date d'inscription samedi 27 septembre 2008 Statut Membre Dernière intervention 29 septembre 2008 - 27 sept. 2008 à 02:56
rafik75018 Messages postés 4 Date d'inscription samedi 27 septembre 2008 Statut Membre Dernière intervention 29 septembre 2008 - 27 sept. 2008 à 02:56
A voir également:
- Quelqu'un pour analyser mon hijackthis svp
- Hijackthis windows 10 - Télécharger - Antivirus & Antimalwares
- Analyser performance pc - Guide
- Svp analyse ✓ - Forum Virus / Sécurité
- Disk analyser - Télécharger - Divers Utilitaires
- Sidify impossible d'analyser le contenu de spotify - Forum Audio
2 réponses
storn
Messages postés
278
Date d'inscription
jeudi 24 avril 2008
Statut
Membre
Dernière intervention
15 juillet 2010
15
13 juil. 2008 à 20:19
13 juil. 2008 à 20:19
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb125\SearchSettings.dll
Suprime sa et sa sera bon
Suprime sa et sa sera bon
rafik75018
Messages postés
4
Date d'inscription
samedi 27 septembre 2008
Statut
Membre
Dernière intervention
29 septembre 2008
27 sept. 2008 à 02:56
27 sept. 2008 à 02:56
salut mon pc etè lent alors je lè passe a atf cleaner et c cleaner et sur avg anti virus et sur hijackthis et voila le raport de avg anti virus
---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 01:07:55 27/09/2008
+ Résultat de l'analyse:
HKLM\SOFTWARE\Gator.com -> Adware.Gator : Nettoyé.
HKLM\SOFTWARE\Gator.com\Gator -> Adware.Gator : Nettoyé.
HKLM\SOFTWARE\Gator.com\Gator\dyn -> Adware.Gator : Nettoyé.
HKLM\SOFTWARE\Gator.com\Gator\stat -> Adware.Gator : Nettoyé.
HKLM\SOFTWARE\Gator.com\Trickler -> Adware.Gator : Nettoyé.
HKLM\SOFTWARE\Gator.com\Trickler\EventCache -> Adware.Gator : Nettoyé.
HKLM\SOFTWARE\Gator.com\Trickler\EventCache\483E910F.0000 -> Adware.Gator : Nettoyé.
HKLM\SOFTWARE\Gator.com\Trickler\EventCache\483E910F.0001 -> Adware.Gator : Nettoyé.
HKLM\SOFTWARE\Gator.com\Trickler\EventCache\483E910F.0002 -> Adware.Gator : Nettoyé.
HKLM\SOFTWARE\Gator.com\Trickler\EventCache\483E910F.0003 -> Adware.Gator : Nettoyé.
HKLM\SOFTWARE\Gator.com\Trickler\EventCache\483E910F.0004 -> Adware.Gator : Nettoyé.
HKLM\SOFTWARE\Gator.com\Trickler\EventCache\483E910F.0005 -> Adware.Gator : Nettoyé.
HKLM\SOFTWARE\Gator.com\Trickler\EventCache\483EE640.0000 -> Adware.Gator : Nettoyé.
HKLM\SOFTWARE\Gator.com\Trickler\EventCache\483EE640.0001 -> Adware.Gator : Nettoyé.
HKLM\SOFTWARE\Gator.com\Trickler\EventCache\483EE640.0002 -> Adware.Gator : Nettoyé.
HKLM\SOFTWARE\Gator.com\Trickler\EventCache\483F31EE.0000 -> Adware.Gator : Nettoyé.
HKLM\SOFTWARE\Gator.com\Trickler\EventCache\483F31EE.0001 -> Adware.Gator : Nettoyé.
HKLM\SOFTWARE\Gator.com\Trickler\EventCache\483F31EE.0002 -> Adware.Gator : Nettoyé.
HKLM\SOFTWARE\Gator.com\Trickler\EventCache\483F331B.0000 -> Adware.Gator : Nettoyé.
HKLM\SOFTWARE\Gator.com\Trickler\EventCache\483F331B.0001 -> Adware.Gator : Nettoyé.
HKLM\SOFTWARE\Gator.com\Trickler\EventCache\483F331B.0002 -> Adware.Gator : Nettoyé.
HKLM\SOFTWARE\Gator.com\Trickler\EventCache\483F55BD.0000 -> Adware.Gator : Nettoyé.
HKLM\SOFTWARE\Gator.com\Trickler\EventCache\483F55BD.0001 -> Adware.Gator : Nettoyé.
HKLM\SOFTWARE\Gator.com\Trickler\EventCache\483F55BD.0002 -> Adware.Gator : Nettoyé.
HKLM\SOFTWARE\Gator.com\Trickler\EventCache\483FC270.0000 -> Adware.Gator : Nettoyé.
HKLM\SOFTWARE\Gator.com\Trickler\EventCache\483FC270.0001 -> Adware.Gator : Nettoyé.
HKLM\SOFTWARE\Gator.com\Trickler\EventCache\483FC270.0002 -> Adware.Gator : Nettoyé.
HKLM\SOFTWARE\Gator.com\Trickler\EventCache\483FC5EB.0000 -> Adware.Gator : Nettoyé.
HKLM\SOFTWARE\Gator.com\Trickler\EventCache\483FC5EB.0001 -> Adware.Gator : Nettoyé.
HKLM\SOFTWARE\Gator.com\Trickler\EventCache\483FC5EB.0002 -> Adware.Gator : Nettoyé.
HKLM\SOFTWARE\Gator.com\Trickler\EventCache\483FFEA0.0000 -> Adware.Gator : Nettoyé.
HKLM\SOFTWARE\Gator.com\Trickler\EventCache\483FFEA0.0001 -> Adware.Gator : Nettoyé.
HKLM\SOFTWARE\Gator.com\Trickler\EventCache\483FFEA0.0002 -> Adware.Gator : Nettoyé.
HKLM\SOFTWARE\Gator.com\Trickler\EventCache\484028C9.0000 -> Adware.Gator : Nettoyé.
HKLM\SOFTWARE\Gator.com\Trickler\EventCache\484028C9.0001 -> Adware.Gator : Nettoyé.
HKLM\SOFTWARE\Gator.com\Trickler\EventCache\484028C9.0002 -> Adware.Gator : Nettoyé.
HKLM\SOFTWARE\Gator.com\Trickler\EventCache\48403AFE.0000 -> Adware.Gator : Nettoyé.
HKLM\SOFTWARE\Gator.com\Trickler\EventCache\48403AFE.0001 -> Adware.Gator : Nettoyé.
HKLM\SOFTWARE\Gator.com\Trickler\EventCache\48403AFE.0002 -> Adware.Gator : Nettoyé.
HKLM\SOFTWARE\Gator.com\Trickler\EventCache\48405AB3.0000 -> Adware.Gator : Nettoyé.
HKLM\SOFTWARE\Gator.com\Trickler\EventCache\48405AB3.0001 -> Adware.Gator : Nettoyé.
HKLM\SOFTWARE\Gator.com\Trickler\EventCache\48405AB3.0002 -> Adware.Gator : Nettoyé.
HKLM\SOFTWARE\Gator.com\Trickler\Files -> Adware.Gator : Nettoyé.
HKLM\SOFTWARE\Gator.com\Trickler\Files\Bundle -> Adware.Gator : Nettoyé.
HKLM\SOFTWARE\Gator.com\Trickler\Files\Bundle\chk -> Adware.Gator : Nettoyé.
HKLM\SOFTWARE\Gator.com\Trickler\Files\Bundle\dl -> Adware.Gator : Nettoyé.
HKLM\SOFTWARE\Gator.com\Trickler\Files\OemResDll -> Adware.Gator : Nettoyé.
HKLM\SOFTWARE\Gator.com\Trickler\Files\OemResDll\chk -> Adware.Gator : Nettoyé.
HKLM\SOFTWARE\Gator.com\Trickler\Files\OemResDll\dl -> Adware.Gator : Nettoyé.
HKLM\SOFTWARE\Gator.com\Trickler\Files\SilentSetup -> Adware.Gator : Nettoyé.
HKLM\SOFTWARE\Gator.com\Trickler\Files\SilentSetup\chk -> Adware.Gator : Nettoyé.
HKLM\SOFTWARE\Gator.com\Trickler\Files\SilentSetup\dl -> Adware.Gator : Nettoyé.
HKLM\SOFTWARE\Gator.com\Trickler\Files\TricklerInf -> Adware.Gator : Nettoyé.
C:\Downloads\Sub7 v1.1.zip/Server/SubSeven v1.1.exe -> Backdoor.SubSeven.11 : Nettoyé.
C:\Downloads\Sub7 Apocalypse.zip/EditServer/EditServer.exe -> Backdoor.SubSeven.19 : Nettoyé.
C:\Downloads\Sub7 Apocalypse.zip/Server/SubSeven Apocalypse.exe -> Backdoor.SubSeven.19 : Nettoyé.
F:\mm\Documents and Settings\LocalService\Cookies\system@2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
Fin du rapport
et voila le raport de hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:17:42, on 27/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
F:\lang\aswUpdSv.exe
F:\lang\ashServ.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\Explorer.EXE
F:\lang\ashDisp.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
D:\WINDOWS\system32\ctfmon.exe
F:\ADSL Autoconnect.exe
D:\WINDOWS\system32\taskmgr.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
D:\Program Files\Bonjour\mDNSResponder.exe
E:\Video Converter 3\spd.exe
D:\Program Files\OneStep\onestep.exe
D:\WINDOWS\system32\svchost.exe
F:\ADSL Autoconnect.exe
F:\lang\ashMaiSv.exe
F:\lang\ashWebSv.exe
D:\Program Files\OneStep\onestep.exe
D:\Program Files\Windows Live\Messenger\msnmsgr.exe
D:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Windows Live\Messenger\usnsvc.exe
F:\Alien IP\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*https://fr.search.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.search.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - D:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O1 - Hosts: 66.98.148.65 auto.search.msn.com
O1 - Hosts: 66.98.148.65 auto.search.msn.es
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Free Download Manager\iefdm2.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - D:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - D:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: (no name) - {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - (no file)
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - D:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [avast!] F:\lang\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: .vbs
O8 - Extra context menu item: &Windows Live Search - res://D:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Free Download Manager\dlall.htm
O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Free Download Manager\dllink.htm
O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Free Download Manager\dlfvideo.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: d:\windows\system32\nwprovau.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O14 - IERESET.INF: START_PAGE_URL=https://www.google.fr/?gws_rd=ssl
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - D:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O17 - HKLM\System\CCS\Services\Tcpip\..\{0B148486-9345-42B3-9417-9943A835545D}: NameServer = 41.221.20.4 208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\..\{0B148486-9345-42B3-9417-9943A835545D}: NameServer = 41.221.20.4 208.67.222.222
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Deskscapes - {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - F:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\deskscapes.dll
O23 - Service: ADSLAutoconnect - Unknown owner - F:\ADSL Autoconnect.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - E:\bin\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - F:\lang\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - F:\lang\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - F:\lang\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - F:\lang\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - D:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - E:\Video Converter 3\spd.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - D:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Unknown owner - D:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - D:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
O23 - Service: OneStepSearch Service - OneStepSearch.net, Inc. - D:\Program Files\OneStep\onestep.exe
---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 01:07:55 27/09/2008
+ Résultat de l'analyse:
HKLM\SOFTWARE\Gator.com -> Adware.Gator : Nettoyé.
HKLM\SOFTWARE\Gator.com\Gator -> Adware.Gator : Nettoyé.
HKLM\SOFTWARE\Gator.com\Gator\dyn -> Adware.Gator : Nettoyé.
HKLM\SOFTWARE\Gator.com\Gator\stat -> Adware.Gator : Nettoyé.
HKLM\SOFTWARE\Gator.com\Trickler -> Adware.Gator : Nettoyé.
HKLM\SOFTWARE\Gator.com\Trickler\EventCache -> Adware.Gator : Nettoyé.
HKLM\SOFTWARE\Gator.com\Trickler\EventCache\483E910F.0000 -> Adware.Gator : Nettoyé.
HKLM\SOFTWARE\Gator.com\Trickler\EventCache\483E910F.0001 -> Adware.Gator : Nettoyé.
HKLM\SOFTWARE\Gator.com\Trickler\EventCache\483E910F.0002 -> Adware.Gator : Nettoyé.
HKLM\SOFTWARE\Gator.com\Trickler\EventCache\483E910F.0003 -> Adware.Gator : Nettoyé.
HKLM\SOFTWARE\Gator.com\Trickler\EventCache\483E910F.0004 -> Adware.Gator : Nettoyé.
HKLM\SOFTWARE\Gator.com\Trickler\EventCache\483E910F.0005 -> Adware.Gator : Nettoyé.
HKLM\SOFTWARE\Gator.com\Trickler\EventCache\483EE640.0000 -> Adware.Gator : Nettoyé.
HKLM\SOFTWARE\Gator.com\Trickler\EventCache\483EE640.0001 -> Adware.Gator : Nettoyé.
HKLM\SOFTWARE\Gator.com\Trickler\EventCache\483EE640.0002 -> Adware.Gator : Nettoyé.
HKLM\SOFTWARE\Gator.com\Trickler\EventCache\483F31EE.0000 -> Adware.Gator : Nettoyé.
HKLM\SOFTWARE\Gator.com\Trickler\EventCache\483F31EE.0001 -> Adware.Gator : Nettoyé.
HKLM\SOFTWARE\Gator.com\Trickler\EventCache\483F31EE.0002 -> Adware.Gator : Nettoyé.
HKLM\SOFTWARE\Gator.com\Trickler\EventCache\483F331B.0000 -> Adware.Gator : Nettoyé.
HKLM\SOFTWARE\Gator.com\Trickler\EventCache\483F331B.0001 -> Adware.Gator : Nettoyé.
HKLM\SOFTWARE\Gator.com\Trickler\EventCache\483F331B.0002 -> Adware.Gator : Nettoyé.
HKLM\SOFTWARE\Gator.com\Trickler\EventCache\483F55BD.0000 -> Adware.Gator : Nettoyé.
HKLM\SOFTWARE\Gator.com\Trickler\EventCache\483F55BD.0001 -> Adware.Gator : Nettoyé.
HKLM\SOFTWARE\Gator.com\Trickler\EventCache\483F55BD.0002 -> Adware.Gator : Nettoyé.
HKLM\SOFTWARE\Gator.com\Trickler\EventCache\483FC270.0000 -> Adware.Gator : Nettoyé.
HKLM\SOFTWARE\Gator.com\Trickler\EventCache\483FC270.0001 -> Adware.Gator : Nettoyé.
HKLM\SOFTWARE\Gator.com\Trickler\EventCache\483FC270.0002 -> Adware.Gator : Nettoyé.
HKLM\SOFTWARE\Gator.com\Trickler\EventCache\483FC5EB.0000 -> Adware.Gator : Nettoyé.
HKLM\SOFTWARE\Gator.com\Trickler\EventCache\483FC5EB.0001 -> Adware.Gator : Nettoyé.
HKLM\SOFTWARE\Gator.com\Trickler\EventCache\483FC5EB.0002 -> Adware.Gator : Nettoyé.
HKLM\SOFTWARE\Gator.com\Trickler\EventCache\483FFEA0.0000 -> Adware.Gator : Nettoyé.
HKLM\SOFTWARE\Gator.com\Trickler\EventCache\483FFEA0.0001 -> Adware.Gator : Nettoyé.
HKLM\SOFTWARE\Gator.com\Trickler\EventCache\483FFEA0.0002 -> Adware.Gator : Nettoyé.
HKLM\SOFTWARE\Gator.com\Trickler\EventCache\484028C9.0000 -> Adware.Gator : Nettoyé.
HKLM\SOFTWARE\Gator.com\Trickler\EventCache\484028C9.0001 -> Adware.Gator : Nettoyé.
HKLM\SOFTWARE\Gator.com\Trickler\EventCache\484028C9.0002 -> Adware.Gator : Nettoyé.
HKLM\SOFTWARE\Gator.com\Trickler\EventCache\48403AFE.0000 -> Adware.Gator : Nettoyé.
HKLM\SOFTWARE\Gator.com\Trickler\EventCache\48403AFE.0001 -> Adware.Gator : Nettoyé.
HKLM\SOFTWARE\Gator.com\Trickler\EventCache\48403AFE.0002 -> Adware.Gator : Nettoyé.
HKLM\SOFTWARE\Gator.com\Trickler\EventCache\48405AB3.0000 -> Adware.Gator : Nettoyé.
HKLM\SOFTWARE\Gator.com\Trickler\EventCache\48405AB3.0001 -> Adware.Gator : Nettoyé.
HKLM\SOFTWARE\Gator.com\Trickler\EventCache\48405AB3.0002 -> Adware.Gator : Nettoyé.
HKLM\SOFTWARE\Gator.com\Trickler\Files -> Adware.Gator : Nettoyé.
HKLM\SOFTWARE\Gator.com\Trickler\Files\Bundle -> Adware.Gator : Nettoyé.
HKLM\SOFTWARE\Gator.com\Trickler\Files\Bundle\chk -> Adware.Gator : Nettoyé.
HKLM\SOFTWARE\Gator.com\Trickler\Files\Bundle\dl -> Adware.Gator : Nettoyé.
HKLM\SOFTWARE\Gator.com\Trickler\Files\OemResDll -> Adware.Gator : Nettoyé.
HKLM\SOFTWARE\Gator.com\Trickler\Files\OemResDll\chk -> Adware.Gator : Nettoyé.
HKLM\SOFTWARE\Gator.com\Trickler\Files\OemResDll\dl -> Adware.Gator : Nettoyé.
HKLM\SOFTWARE\Gator.com\Trickler\Files\SilentSetup -> Adware.Gator : Nettoyé.
HKLM\SOFTWARE\Gator.com\Trickler\Files\SilentSetup\chk -> Adware.Gator : Nettoyé.
HKLM\SOFTWARE\Gator.com\Trickler\Files\SilentSetup\dl -> Adware.Gator : Nettoyé.
HKLM\SOFTWARE\Gator.com\Trickler\Files\TricklerInf -> Adware.Gator : Nettoyé.
C:\Downloads\Sub7 v1.1.zip/Server/SubSeven v1.1.exe -> Backdoor.SubSeven.11 : Nettoyé.
C:\Downloads\Sub7 Apocalypse.zip/EditServer/EditServer.exe -> Backdoor.SubSeven.19 : Nettoyé.
C:\Downloads\Sub7 Apocalypse.zip/Server/SubSeven Apocalypse.exe -> Backdoor.SubSeven.19 : Nettoyé.
F:\mm\Documents and Settings\LocalService\Cookies\system@2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
Fin du rapport
et voila le raport de hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:17:42, on 27/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
F:\lang\aswUpdSv.exe
F:\lang\ashServ.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\Explorer.EXE
F:\lang\ashDisp.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
D:\WINDOWS\system32\ctfmon.exe
F:\ADSL Autoconnect.exe
D:\WINDOWS\system32\taskmgr.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
D:\Program Files\Bonjour\mDNSResponder.exe
E:\Video Converter 3\spd.exe
D:\Program Files\OneStep\onestep.exe
D:\WINDOWS\system32\svchost.exe
F:\ADSL Autoconnect.exe
F:\lang\ashMaiSv.exe
F:\lang\ashWebSv.exe
D:\Program Files\OneStep\onestep.exe
D:\Program Files\Windows Live\Messenger\msnmsgr.exe
D:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Windows Live\Messenger\usnsvc.exe
F:\Alien IP\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*https://fr.search.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.search.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - D:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O1 - Hosts: 66.98.148.65 auto.search.msn.com
O1 - Hosts: 66.98.148.65 auto.search.msn.es
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Free Download Manager\iefdm2.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - D:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - D:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: (no name) - {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - (no file)
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - D:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [avast!] F:\lang\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: .vbs
O8 - Extra context menu item: &Windows Live Search - res://D:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Free Download Manager\dlall.htm
O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Free Download Manager\dllink.htm
O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Free Download Manager\dlfvideo.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: d:\windows\system32\nwprovau.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O14 - IERESET.INF: START_PAGE_URL=https://www.google.fr/?gws_rd=ssl
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - D:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O17 - HKLM\System\CCS\Services\Tcpip\..\{0B148486-9345-42B3-9417-9943A835545D}: NameServer = 41.221.20.4 208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\..\{0B148486-9345-42B3-9417-9943A835545D}: NameServer = 41.221.20.4 208.67.222.222
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Deskscapes - {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - F:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\deskscapes.dll
O23 - Service: ADSLAutoconnect - Unknown owner - F:\ADSL Autoconnect.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - E:\bin\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - F:\lang\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - F:\lang\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - F:\lang\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - F:\lang\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - D:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - E:\Video Converter 3\spd.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - D:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Unknown owner - D:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - D:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
O23 - Service: OneStepSearch Service - OneStepSearch.net, Inc. - D:\Program Files\OneStep\onestep.exe
13 juil. 2008 à 20:41