Spyware à l'horizon
Dernière réponse : dans Sécurité
Bonjour à tous et à toutes.Voila depuis un jour maintenant j'ai un message d'alerte sur mon ordinateur qui indique ceci:
"Windows Security Alert
Warning!Potential Spyware Operation!
Your computer is making unauthorized copies of your system and Internet files.Run full scan now to pervent any unathorized acces to your files!Click YES to download spyware removed..."
"Windows Security Alert
Warning!Potential Spyware Operation!
Your computer is making unauthorized copies of your system and Internet files.Run full scan now to pervent any unathorized acces to your files!Click YES to download spyware removed..."
Autres pages sur : spyware horizon
Lassé par la pub ? Créez un compte
Bonjour,
Télécharge Smitfraudix
Enregistre le sur ton bureau et dézippe le.
Lance-le en double cliquant sur SmitfraudFix.exe
Exécute l’option 1, un rapport va apparaître, poste le
&
Télécharge Hijackthis
Dézippe le dans un dossier sur ton bureau.
Double clique sur celui-ci.
Puis "Do a system scan and save a logfile" et poste le rapport.
Télécharge Smitfraudix
Enregistre le sur ton bureau et dézippe le.
Lance-le en double cliquant sur SmitfraudFix.exe
Exécute l’option 1, un rapport va apparaître, poste le
&
Télécharge Hijackthis
Dézippe le dans un dossier sur ton bureau.
Double clique sur celui-ci.
Puis "Do a system scan and save a logfile" et poste le rapport.
Voicio donc les fameux rapport:
SmitFraudFix v2.227
Rapport fait à 13:32:23,10, 22/09/2007
Executé à partir de C:\Documents and Settings\DAMOUR JUNIOR\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est FAT32
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Securitoo\av_fw\fswsclds.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe
C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
C:\Program Files\Savvy TV\DTV Service.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
Fichier hosts corrompu !
127.0.0.1 www.legal-at-spybot.info
127.0.0.1 legal-at-spybot.info
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
C:\WINDOWS\system32\systems.txt PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\DAMOUR JUNIOR
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\DAMOUR JUNIOR\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\DAMOUR~1\FAVORIS
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="http://supervoyeur.free.fr/jumelles.jpg"
"SubscribedURL"="http://supervoyeur.free.fr/jumelles.jpg"
"FriendlyName"=""
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Miniport de pont MAC - Miniport d'ordonnancement de paquets
DNS Server Search Order: 82.216.111.124
DNS Server Search Order: 82.216.111.125
DNS Server Search Order: 82.216.111.121
DNS Server Search Order: 82.216.111.122
DNS Server Search Order: 82.216.111.123
Description: Miniport de pont MAC - Miniport d'ordonnancement de paquets
DNS Server Search Order: 82.216.111.125
DNS Server Search Order: 82.216.111.124
HKLM\SYSTEM\CCS\Services\Tcpip\..\{757895D2-3AA3-40CD-9783-875E7AD3E04D}: DhcpNameServer=82.216.111.125 82.216.111.124
HKLM\SYSTEM\CCS\Services\Tcpip\..\{F088DAED-0C7B-469B-95DD-EDBCB9F9C95A}: DhcpNameServer=82.216.111.124 82.216.111.125 82.216.111.121 82.216.111.122 82.216.111.123
HKLM\SYSTEM\CS1\Services\Tcpip\..\{757895D2-3AA3-40CD-9783-875E7AD3E04D}: DhcpNameServer=82.216.111.125 82.216.111.124
HKLM\SYSTEM\CS1\Services\Tcpip\..\{F088DAED-0C7B-469B-95DD-EDBCB9F9C95A}: DhcpNameServer=82.216.111.124 82.216.111.125 82.216.111.121 82.216.111.122 82.216.111.123
HKLM\SYSTEM\CS3\Services\Tcpip\..\{757895D2-3AA3-40CD-9783-875E7AD3E04D}: DhcpNameServer=82.216.111.125 82.216.111.124
HKLM\SYSTEM\CS3\Services\Tcpip\..\{F088DAED-0C7B-469B-95DD-EDBCB9F9C95A}: DhcpNameServer=82.216.111.124 82.216.111.125 82.216.111.121 82.216.111.122 82.216.111.123
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=82.216.111.124 82.216.111.125 82.216.111.121 82.216.111.122 82.216.111.123
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=82.216.111.124 82.216.111.125 82.216.111.121 82.216.111.122 82.216.111.123
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=82.216.111.124 82.216.111.125 82.216.111.121 82.216.111.122 82.216.111.123
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
Rapport hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 11:58:55, on 22/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Securitoo\av_fw\fswsclds.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe
C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
C:\Program Files\Savvy TV\DTV Service.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\Explorer.EXE
C:\DOCUME~1\DAMOUR~1\LOCALS~1\Temp\Répertoire temporaire 3 pour hijackthis.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/telecharger/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CNetscape_France.src"); (C:\Documents and Settings\DAMOUR JUNIOR\Application Data\Mozilla\Profiles\default\vtsn4qqg.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Disk Monitor] C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [Savvy DTV Service] C:\Program Files\Savvy TV\DTV Service.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {01347765-1965-426B-91A4-AA6BB342B9A3} (InstallerObj Class) - http://www.1-click.com/common/files/installer-hidden-te...
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Co...
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://www.securitoo.com/fra/pages/navol/fscax.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdown...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\fswsclds.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
SmitFraudFix v2.227
Rapport fait à 13:32:23,10, 22/09/2007
Executé à partir de C:\Documents and Settings\DAMOUR JUNIOR\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est FAT32
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Securitoo\av_fw\fswsclds.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe
C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
C:\Program Files\Savvy TV\DTV Service.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
Fichier hosts corrompu !
127.0.0.1 www.legal-at-spybot.info
127.0.0.1 legal-at-spybot.info
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
C:\WINDOWS\system32\systems.txt PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\DAMOUR JUNIOR
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\DAMOUR JUNIOR\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\DAMOUR~1\FAVORIS
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="http://supervoyeur.free.fr/jumelles.jpg"
"SubscribedURL"="http://supervoyeur.free.fr/jumelles.jpg"
"FriendlyName"=""
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Miniport de pont MAC - Miniport d'ordonnancement de paquets
DNS Server Search Order: 82.216.111.124
DNS Server Search Order: 82.216.111.125
DNS Server Search Order: 82.216.111.121
DNS Server Search Order: 82.216.111.122
DNS Server Search Order: 82.216.111.123
Description: Miniport de pont MAC - Miniport d'ordonnancement de paquets
DNS Server Search Order: 82.216.111.125
DNS Server Search Order: 82.216.111.124
HKLM\SYSTEM\CCS\Services\Tcpip\..\{757895D2-3AA3-40CD-9783-875E7AD3E04D}: DhcpNameServer=82.216.111.125 82.216.111.124
HKLM\SYSTEM\CCS\Services\Tcpip\..\{F088DAED-0C7B-469B-95DD-EDBCB9F9C95A}: DhcpNameServer=82.216.111.124 82.216.111.125 82.216.111.121 82.216.111.122 82.216.111.123
HKLM\SYSTEM\CS1\Services\Tcpip\..\{757895D2-3AA3-40CD-9783-875E7AD3E04D}: DhcpNameServer=82.216.111.125 82.216.111.124
HKLM\SYSTEM\CS1\Services\Tcpip\..\{F088DAED-0C7B-469B-95DD-EDBCB9F9C95A}: DhcpNameServer=82.216.111.124 82.216.111.125 82.216.111.121 82.216.111.122 82.216.111.123
HKLM\SYSTEM\CS3\Services\Tcpip\..\{757895D2-3AA3-40CD-9783-875E7AD3E04D}: DhcpNameServer=82.216.111.125 82.216.111.124
HKLM\SYSTEM\CS3\Services\Tcpip\..\{F088DAED-0C7B-469B-95DD-EDBCB9F9C95A}: DhcpNameServer=82.216.111.124 82.216.111.125 82.216.111.121 82.216.111.122 82.216.111.123
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=82.216.111.124 82.216.111.125 82.216.111.121 82.216.111.122 82.216.111.123
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=82.216.111.124 82.216.111.125 82.216.111.121 82.216.111.122 82.216.111.123
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=82.216.111.124 82.216.111.125 82.216.111.121 82.216.111.122 82.216.111.123
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
Rapport hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 11:58:55, on 22/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Securitoo\av_fw\fswsclds.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe
C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
C:\Program Files\Savvy TV\DTV Service.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\Explorer.EXE
C:\DOCUME~1\DAMOUR~1\LOCALS~1\Temp\Répertoire temporaire 3 pour hijackthis.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/telecharger/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CNetscape_France.src"); (C:\Documents and Settings\DAMOUR JUNIOR\Application Data\Mozilla\Profiles\default\vtsn4qqg.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Disk Monitor] C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [Savvy DTV Service] C:\Program Files\Savvy TV\DTV Service.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {01347765-1965-426B-91A4-AA6BB342B9A3} (InstallerObj Class) - http://www.1-click.com/common/files/installer-hidden-te...
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Co...
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://www.securitoo.com/fra/pages/navol/fscax.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdown...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\fswsclds.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
1/ Télécharge R-Hosts
Lance R-host en double cliquant sur l%u2019exe, puis clique sur restaurer , puis ok.
2/ Redémarre en mode sans échec (tuto).
Relance Smitfraudix.
Prends cette fois l%u2019option 2. (Oui à toutes les questions)
Si tu dois redémarrer, ton ordi fais-le .
Poste le rapport qui se situe dans C:\rapport.txt .
Ainsi qu%u2019un nouveau rapport HiJackThis.
Je voudrais vérifier quelque chose en même temps :
Télécharge LopResearch.zip
Dézippe-le sur ton Bureau.
Lance le fichier Scan.bat
Poste le rapport ici.
Lance R-host en double cliquant sur l%u2019exe, puis clique sur restaurer , puis ok.
2/ Redémarre en mode sans échec (tuto).
Relance Smitfraudix.
Prends cette fois l%u2019option 2. (Oui à toutes les questions)
Si tu dois redémarrer, ton ordi fais-le .
Poste le rapport qui se situe dans C:\rapport.txt .
Ainsi qu%u2019un nouveau rapport HiJackThis.
Je voudrais vérifier quelque chose en même temps :
Télécharge LopResearch.zip
Dézippe-le sur ton Bureau.
Lance le fichier Scan.bat
Poste le rapport ici.
Voici les rapports:
SmitFraudFix v2.227
Rapport fait à 14:35:56,82, 22/09/2007
Executé à partir de C:\Documents and Settings\DAMOUR JUNIOR\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est FAT32
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Securitoo\av_fw\fswsclds.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe
C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
C:\Program Files\Savvy TV\DTV Service.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
C:\WINDOWS\system32\systems.txt PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\DAMOUR JUNIOR
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\DAMOUR JUNIOR\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\DAMOUR~1\FAVORIS
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="http://supervoyeur.free.fr/jumelles.jpg"
"SubscribedURL"="http://supervoyeur.free.fr/jumelles.jpg"
"FriendlyName"=""
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Miniport de pont MAC - Miniport d'ordonnancement de paquets
DNS Server Search Order: 82.216.111.124
DNS Server Search Order: 82.216.111.125
DNS Server Search Order: 82.216.111.121
DNS Server Search Order: 82.216.111.122
DNS Server Search Order: 82.216.111.123
Description: Miniport de pont MAC - Miniport d'ordonnancement de paquets
DNS Server Search Order: 82.216.111.125
DNS Server Search Order: 82.216.111.124
HKLM\SYSTEM\CCS\Services\Tcpip\..\{757895D2-3AA3-40CD-9783-875E7AD3E04D}: DhcpNameServer=82.216.111.125 82.216.111.124
HKLM\SYSTEM\CCS\Services\Tcpip\..\{F088DAED-0C7B-469B-95DD-EDBCB9F9C95A}: DhcpNameServer=82.216.111.124 82.216.111.125 82.216.111.121 82.216.111.122 82.216.111.123
HKLM\SYSTEM\CS1\Services\Tcpip\..\{757895D2-3AA3-40CD-9783-875E7AD3E04D}: DhcpNameServer=82.216.111.125 82.216.111.124
HKLM\SYSTEM\CS1\Services\Tcpip\..\{F088DAED-0C7B-469B-95DD-EDBCB9F9C95A}: DhcpNameServer=82.216.111.124 82.216.111.125 82.216.111.121 82.216.111.122 82.216.111.123
HKLM\SYSTEM\CS3\Services\Tcpip\..\{757895D2-3AA3-40CD-9783-875E7AD3E04D}: DhcpNameServer=82.216.111.125 82.216.111.124
HKLM\SYSTEM\CS3\Services\Tcpip\..\{F088DAED-0C7B-469B-95DD-EDBCB9F9C95A}: DhcpNameServer=82.216.111.124 82.216.111.125 82.216.111.121 82.216.111.122 82.216.111.123
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=82.216.111.124 82.216.111.125 82.216.111.121 82.216.111.122 82.216.111.123
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=82.216.111.124 82.216.111.125 82.216.111.121 82.216.111.122 82.216.111.123
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=82.216.111.124 82.216.111.125 82.216.111.121 82.216.111.122 82.216.111.123
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
Logfile of HijackThis v1.99.1
Scan saved at 14:37:06, on 22/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Securitoo\av_fw\fswsclds.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe
C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
C:\Program Files\Savvy TV\DTV Service.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\DOCUME~1\DAMOUR~1\LOCALS~1\Temp\Répertoire temporaire 4 pour hijackthis.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/telecharger/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CNetscape_France.src"); (C:\Documents and Settings\DAMOUR JUNIOR\Application Data\Mozilla\Profiles\default\vtsn4qqg.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Disk Monitor] C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [Savvy DTV Service] C:\Program Files\Savvy TV\DTV Service.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Co...
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdown...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\fswsclds.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
----------------------------[ LopResearch v3 ]----------------------------
Version : Microsoft Windows XP [version 5.1.2600] [ OS : Windows_NT ]
Lancé depuis : C:\Documents and Settings\DAMOUR JUNIOR\Bureau\LopResearchV3\LopResearch v3.1
Rapport crée : Le 22/09/2007 à 14:39:08,93 PC : CHEFMEMBE
! Faire analyser le rapport par un Helper avant intervention !
---------------------[ Listing des Applications Data ]--------------------
C:\Documents and Settings\Default User\Application Data\Sun
C:\Documents and Settings\Default User\Application Data\InterTrust
C:\Documents and Settings\Default User\Application Data\Adobe
C:\Documents and Settings\Default User\Application Data\Identities
C:\Documents and Settings\Default User\Application Data\desktop.ini
C:\Documents and Settings\Default User\Application Data\Microsoft
C:\Documents and Settings\All Users\Application Data\Apple
C:\Documents and Settings\All Users\Application Data\Adobe
C:\Documents and Settings\All Users\Application Data\Adobe(2)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
C:\Documents and Settings\All Users\Application Data\ConeXware
C:\Documents and Settings\All Users\Application Data\BOONTY
C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
C:\Documents and Settings\All Users\Application Data\TEMP
C:\Documents and Settings\All Users\Application Data\TuneUp Software
C:\Documents and Settings\All Users\Application Data\Google Updater
C:\Documents and Settings\All Users\Application Data\Google
C:\Documents and Settings\All Users\Application Data\MailFrontier
C:\Documents and Settings\All Users\Application Data\PC Suite
C:\Documents and Settings\All Users\Application Data\Downloaded Installations
C:\Documents and Settings\All Users\Application Data\DVD Shrink
C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
C:\Documents and Settings\All Users\Application Data\Apple Computer
C:\Documents and Settings\All Users\Application Data\Prism
C:\Documents and Settings\All Users\Application Data\Viewpoint
C:\Documents and Settings\All Users\Application Data\QuickTime
C:\Documents and Settings\All Users\Application Data\AOL
C:\Documents and Settings\All Users\Application Data\Symantec
C:\Documents and Settings\All Users\Application Data\MSN6
C:\Documents and Settings\All Users\Application Data\CyberLink
C:\Documents and Settings\All Users\Application Data\desktop.ini
C:\Documents and Settings\All Users\Application Data\Microsoft
C:\Documents and Settings\NetworkService\Application Data\Microsoft
C:\Documents and Settings\LocalService\Application Data\Microsoft
C:\Documents and Settings\DAMOUR JUNIOR\Application Data\CVitae
C:\Documents and Settings\DAMOUR JUNIOR\Application Data\Media Player Classic
C:\Documents and Settings\DAMOUR JUNIOR\Application Data\flightgear.org
C:\Documents and Settings\DAMOUR JUNIOR\Application Data\IDM
C:\Documents and Settings\DAMOUR JUNIOR\Application Data\DMCache
C:\Documents and Settings\DAMOUR JUNIOR\Application Data\TuneUp Software
C:\Documents and Settings\DAMOUR JUNIOR\Application Data\GetRightToGo
C:\Documents and Settings\DAMOUR JUNIOR\Application Data\Talkback
C:\Documents and Settings\DAMOUR JUNIOR\Application Data\Nokia Multimedia Player
C:\Documents and Settings\DAMOUR JUNIOR\Application Data\WinRAR
C:\Documents and Settings\DAMOUR JUNIOR\Application Data\3M
C:\Documents and Settings\DAMOUR JUNIOR\Application Data\Nero
C:\Documents and Settings\DAMOUR JUNIOR\Application Data\dvdcss
C:\Documents and Settings\DAMOUR JUNIOR\Application Data\Datalayer
C:\Documents and Settings\DAMOUR JUNIOR\Application Data\Nokia
C:\Documents and Settings\DAMOUR JUNIOR\Application Data\PC Suite
C:\Documents and Settings\DAMOUR JUNIOR\Application Data\Real
C:\Documents and Settings\DAMOUR JUNIOR\Application Data\LiteOn
C:\Documents and Settings\DAMOUR JUNIOR\Application Data\ArcSoft
C:\Documents and Settings\DAMOUR JUNIOR\Application Data\Lavasoft
C:\Documents and Settings\DAMOUR JUNIOR\Application Data\Mozilla
C:\Documents and Settings\DAMOUR JUNIOR\Application Data\Google
C:\Documents and Settings\DAMOUR JUNIOR\Application Data\Jasc
C:\Documents and Settings\DAMOUR JUNIOR\Application Data\Apple Computer
C:\Documents and Settings\DAMOUR JUNIOR\Application Data\Wannadoo
C:\Documents and Settings\DAMOUR JUNIOR\Application Data\AdobeUM
C:\Documents and Settings\DAMOUR JUNIOR\Application Data\Macromedia
C:\Documents and Settings\DAMOUR JUNIOR\Application Data\Template
C:\Documents and Settings\DAMOUR JUNIOR\Application Data\AOL
C:\Documents and Settings\DAMOUR JUNIOR\Application Data\Help
C:\Documents and Settings\DAMOUR JUNIOR\Application Data\Symantec
C:\Documents and Settings\DAMOUR JUNIOR\Application Data\MSN6
C:\Documents and Settings\DAMOUR JUNIOR\Application Data\Sun
C:\Documents and Settings\DAMOUR JUNIOR\Application Data\Adobe
C:\Documents and Settings\DAMOUR JUNIOR\Application Data\InterTrust
C:\Documents and Settings\DAMOUR JUNIOR\Application Data\Identities
C:\Documents and Settings\DAMOUR JUNIOR\Application Data\Microsoft
C:\Documents and Settings\Propri‚taire\Application Data\CVitae
C:\Documents and Settings\Propri‚taire\Application Data\Media Player Classic
C:\Documents and Settings\Propri‚taire\Application Data\flightgear.org
C:\Documents and Settings\Propri‚taire\Application Data\IDM
C:\Documents and Settings\Propri‚taire\Application Data\DMCache
C:\Documents and Settings\Propri‚taire\Application Data\TuneUp Software
C:\Documents and Settings\Propri‚taire\Application Data\GetRightToGo
C:\Documents and Settings\Propri‚taire\Application Data\Talkback
C:\Documents and Settings\Propri‚taire\Application Data\Nokia Multimedia Player
C:\Documents and Settings\Propri‚taire\Application Data\WinRAR
C:\Documents and Settings\Propri‚taire\Application Data\3M
C:\Documents and Settings\Propri‚taire\Application Data\Nero
C:\Documents and Settings\Propri‚taire\Application Data\dvdcss
C:\Documents and Settings\Propri‚taire\Application Data\Datalayer
C:\Documents and Settings\Propri‚taire\Application Data\Nokia
C:\Documents and Settings\Propri‚taire\Application Data\PC Suite
C:\Documents and Settings\Propri‚taire\Application Data\Real
C:\Documents and Settings\Propri‚taire\Application Data\LiteOn
C:\Documents and Settings\Propri‚taire\Application Data\ArcSoft
C:\Documents and Settings\Propri‚taire\Application Data\Lavasoft
C:\Documents and Settings\Propri‚taire\Application Data\Mozilla
C:\Documents and Settings\Propri‚taire\Application Data\Google
C:\Documents and Settings\Propri‚taire\Application Data\Jasc
C:\Documents and Settings\Propri‚taire\Application Data\Apple Computer
C:\Documents and Settings\Propri‚taire\Application Data\Wannadoo
C:\Documents and Settings\Propri‚taire\Application Data\AdobeUM
C:\Documents and Settings\Propri‚taire\Application Data\Macromedia
C:\Documents and Settings\Propri‚taire\Application Data\Template
C:\Documents and Settings\Propri‚taire\Application Data\AOL
C:\Documents and Settings\Propri‚taire\Application Data\Help
C:\Documents and Settings\Propri‚taire\Application Data\Symantec
C:\Documents and Settings\Propri‚taire\Application Data\MSN6
C:\Documents and Settings\Propri‚taire\Application Data\Sun
C:\Documents and Settings\Propri‚taire\Application Data\Adobe
C:\Documents and Settings\Propri‚taire\Application Data\InterTrust
C:\Documents and Settings\Propri‚taire\Application Data\Identities
C:\Documents and Settings\Propri‚taire\Application Data\Microsoft
C:\Documents and Settings\Invit‚\Application Data\Google
C:\Documents and Settings\Invit‚\Application Data\Mozilla
C:\Documents and Settings\Invit‚\Application Data\Real
C:\Documents and Settings\Invit‚\Application Data\ArcSoft
C:\Documents and Settings\Invit‚\Application Data\MSN6
C:\Documents and Settings\Invit‚\Application Data\Macromedia
C:\Documents and Settings\Invit‚\Application Data\Apple Computer
C:\Documents and Settings\Invit‚\Application Data\Wannadoo
C:\Documents and Settings\Invit‚\Application Data\AOL
C:\Documents and Settings\Invit‚\Application Data\Sun
C:\Documents and Settings\Invit‚\Application Data\InterTrust
C:\Documents and Settings\Invit‚\Application Data\Adobe
C:\Documents and Settings\Invit‚\Application Data\Identities
C:\Documents and Settings\Invit‚\Application Data\desktop.ini
C:\Documents and Settings\Invit‚\Application Data\Microsoft
C:\Documents and Settings\Administrateur\Application Data\Wannadoo
C:\Documents and Settings\Administrateur\Application Data\Sun
C:\Documents and Settings\Administrateur\Application Data\Adobe
C:\Documents and Settings\Administrateur\Application Data\InterTrust
C:\Documents and Settings\Administrateur\Application Data\Identities
C:\Documents and Settings\Administrateur\Application Data\desktop.ini
C:\Documents and Settings\Administrateur\Application Data\Microsoft
----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\V‚rifier les mises … jour de Windows Live Toolbar.job
C:\WINDOWS\tasks\Maintenance en 1 clic.job
C:\WINDOWS\tasks\{3918F697-A995-448A-B487-0739A001EC24}_CHEFMEMBE_DAMOUR JUNIOR.job
C:\WINDOWS\tasks\SA.DAT
C:\WINDOWS\tasks\desktop.ini
--------------[ Listing des dossiers dans C:\Program Files ]--------------
C:\Program Files\3M
C:\Program Files\Adobe
C:\Program Files\ADS Tech
C:\Program Files\Alwil Software
C:\Program Files\Antipub
C:\Program Files\AOL 9.0a
C:\Program Files\AOL Toolbar
C:\Program Files\Apple Software Update
C:\Program Files\AskTBar
C:\Program Files\a-squared Free
C:\Program Files\Audacity
C:\Program Files\AvRack
C:\Program Files\Boonty
C:\Program Files\BoontyGames
C:\Program Files\brikabnoid
C:\Program Files\Creative Zone
C:\Program Files\CVitae
C:\Program Files\CyberLink
C:\Program Files\Desksite
C:\Program Files\DIFX
C:\Program Files\DivX
C:\Program Files\DJ show
C:\Program Files\EA Games
C:\Program Files\EHMINSTALL
C:\Program Files\emf-emi control, Inc
C:\Program Files\Fichiers communs
C:\Program Files\FlightGear
C:\Program Files\FLV Player
C:\Program Files\FLV PlayerRCATSetup.exe
C:\Program Files\FLV PlayerRCSetup.exe
C:\Program Files\Generic
C:\Program Files\GetDiz
C:\Program Files\Google
C:\Program Files\GRETECH
C:\Program Files\i-Media
C:\Program Files\InterActual
C:\Program Files\Internet Explorer
C:\Program Files\Inventel
C:\Program Files\iTunes
C:\Program Files\Jasc Software Inc
C:\Program Files\Java
C:\Program Files\JavaSoft
C:\Program Files\khi3
C:\Program Files\KONAMI
C:\Program Files\Lavasoft
C:\Program Files\Learn2.com
C:\Program Files\Magicbit
C:\Program Files\Messenger
C:\Program Files\microsoft frontpage
C:\Program Files\Microsoft Office
C:\Program Files\Microsoft Works
C:\Program Files\MINITEL
C:\Program Files\Movie Maker
C:\Program Files\Mozilla Firefox
C:\Program Files\MSN
C:\Program Files\MSN Gaming Zone
C:\Program Files\MSN Messenger
C:\Program Files\MSXML 4.0
C:\Program Files\MyXOFT
C:\Program Files\NASA
C:\Program Files\Nero
C:\Program Files\NetMeeting
C:\Program Files\Netscape
C:\Program Files\NewTech Infosystems
C:\Program Files\Nokia
C:\Program Files\OneClick
C:\Program Files\Outlook Express
C:\Program Files\Panicware
C:\Program Files\PowerArchiver
C:\Program Files\QuickTime
C:\Program Files\Real
C:\Program Files\Replay Converter
C:\Program Files\Replay Media Catcher
C:\Program Files\Samsung
C:\Program Files\Satsuki Decoder Pack
C:\Program Files\Savvy TV
C:\Program Files\Scorched3D
C:\Program Files\Securitoo
C:\Program Files\SereneScreen
C:\Program Files\Services en ligne
C:\Program Files\Spybot - Search & Destroy
C:\Program Files\Steinberg
C:\Program Files\Super Mario Blue Twilight DX
C:\Program Files\TGTSoft
C:\Program Files\TuneUp Utilities 2007
C:\Program Files\VideoLAN
C:\Program Files\Viewpoint
C:\Program Files\Web TV
C:\Program Files\Windows Live Favorites
C:\Program Files\Windows Live Toolbar
C:\Program Files\Windows Media Connect 2
C:\Program Files\Windows Media Player
C:\Program Files\Windows NT
C:\Program Files\WinTV
C:\Program Files\WinZip
C:\Program Files\xerox
C:\Program Files\XviD
C:\Program Files\YouTUBE (TM) movie downloader
C:\Program Files\Zone Labs
------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]-----
C:\Program Files\Fichiers communs\Adobe
C:\Program Files\Fichiers communs\AOL
C:\Program Files\Fichiers communs\aolback
C:\Program Files\Fichiers communs\Apple
C:\Program Files\Fichiers communs\ArcSoft
C:\Program Files\Fichiers communs\DirectX
C:\Program Files\Fichiers communs\FDEUnInstaller.exe
C:\Program Files\Fichiers communs\InstallShield
C:\Program Files\Fichiers communs\Java
C:\Program Files\Fichiers communs\Microsoft Shared
C:\Program Files\Fichiers communs\MSSoap
C:\Program Files\Fichiers communs\ODBC
C:\Program Files\Fichiers communs\Real
C:\Program Files\Fichiers communs\Services
C:\Program Files\Fichiers communs\Simple Star Shared
C:\Program Files\Fichiers communs\SpeechEngines
C:\Program Files\Fichiers communs\System
C:\Program Files\Fichiers communs\Wise Installation Wizard
C:\Program Files\Fichiers communs\xing shared
----------------------[ Recherche dans le Registre ]----------------------
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
-----------------[ Recherche de Fichiers - Dossiers Lop ]-----------------
Aucun dossier Lop trouvé !
--------------------[ Vérification du fichier Hosts ]---------------------
Fichier Hosts : Propre
--------------------[ Recherche d'autres infections ]---------------------
C:\WINDOWS\pack.epk
! EGDACCESS Possible !
--------------------[ Fin du rapport à 14:39:47,59 ]----------------------
SmitFraudFix v2.227
Rapport fait à 14:35:56,82, 22/09/2007
Executé à partir de C:\Documents and Settings\DAMOUR JUNIOR\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est FAT32
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Securitoo\av_fw\fswsclds.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe
C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
C:\Program Files\Savvy TV\DTV Service.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
C:\WINDOWS\system32\systems.txt PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\DAMOUR JUNIOR
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\DAMOUR JUNIOR\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\DAMOUR~1\FAVORIS
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="http://supervoyeur.free.fr/jumelles.jpg"
"SubscribedURL"="http://supervoyeur.free.fr/jumelles.jpg"
"FriendlyName"=""
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Miniport de pont MAC - Miniport d'ordonnancement de paquets
DNS Server Search Order: 82.216.111.124
DNS Server Search Order: 82.216.111.125
DNS Server Search Order: 82.216.111.121
DNS Server Search Order: 82.216.111.122
DNS Server Search Order: 82.216.111.123
Description: Miniport de pont MAC - Miniport d'ordonnancement de paquets
DNS Server Search Order: 82.216.111.125
DNS Server Search Order: 82.216.111.124
HKLM\SYSTEM\CCS\Services\Tcpip\..\{757895D2-3AA3-40CD-9783-875E7AD3E04D}: DhcpNameServer=82.216.111.125 82.216.111.124
HKLM\SYSTEM\CCS\Services\Tcpip\..\{F088DAED-0C7B-469B-95DD-EDBCB9F9C95A}: DhcpNameServer=82.216.111.124 82.216.111.125 82.216.111.121 82.216.111.122 82.216.111.123
HKLM\SYSTEM\CS1\Services\Tcpip\..\{757895D2-3AA3-40CD-9783-875E7AD3E04D}: DhcpNameServer=82.216.111.125 82.216.111.124
HKLM\SYSTEM\CS1\Services\Tcpip\..\{F088DAED-0C7B-469B-95DD-EDBCB9F9C95A}: DhcpNameServer=82.216.111.124 82.216.111.125 82.216.111.121 82.216.111.122 82.216.111.123
HKLM\SYSTEM\CS3\Services\Tcpip\..\{757895D2-3AA3-40CD-9783-875E7AD3E04D}: DhcpNameServer=82.216.111.125 82.216.111.124
HKLM\SYSTEM\CS3\Services\Tcpip\..\{F088DAED-0C7B-469B-95DD-EDBCB9F9C95A}: DhcpNameServer=82.216.111.124 82.216.111.125 82.216.111.121 82.216.111.122 82.216.111.123
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=82.216.111.124 82.216.111.125 82.216.111.121 82.216.111.122 82.216.111.123
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=82.216.111.124 82.216.111.125 82.216.111.121 82.216.111.122 82.216.111.123
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=82.216.111.124 82.216.111.125 82.216.111.121 82.216.111.122 82.216.111.123
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
Logfile of HijackThis v1.99.1
Scan saved at 14:37:06, on 22/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Securitoo\av_fw\fswsclds.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe
C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
C:\Program Files\Savvy TV\DTV Service.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\DOCUME~1\DAMOUR~1\LOCALS~1\Temp\Répertoire temporaire 4 pour hijackthis.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/telecharger/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CNetscape_France.src"); (C:\Documents and Settings\DAMOUR JUNIOR\Application Data\Mozilla\Profiles\default\vtsn4qqg.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Disk Monitor] C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [Savvy DTV Service] C:\Program Files\Savvy TV\DTV Service.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Co...
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdown...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\fswsclds.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
----------------------------[ LopResearch v3 ]----------------------------
Version : Microsoft Windows XP [version 5.1.2600] [ OS : Windows_NT ]
Lancé depuis : C:\Documents and Settings\DAMOUR JUNIOR\Bureau\LopResearchV3\LopResearch v3.1
Rapport crée : Le 22/09/2007 à 14:39:08,93 PC : CHEFMEMBE
! Faire analyser le rapport par un Helper avant intervention !
---------------------[ Listing des Applications Data ]--------------------
C:\Documents and Settings\Default User\Application Data\Sun
C:\Documents and Settings\Default User\Application Data\InterTrust
C:\Documents and Settings\Default User\Application Data\Adobe
C:\Documents and Settings\Default User\Application Data\Identities
C:\Documents and Settings\Default User\Application Data\desktop.ini
C:\Documents and Settings\Default User\Application Data\Microsoft
C:\Documents and Settings\All Users\Application Data\Apple
C:\Documents and Settings\All Users\Application Data\Adobe
C:\Documents and Settings\All Users\Application Data\Adobe(2)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
C:\Documents and Settings\All Users\Application Data\ConeXware
C:\Documents and Settings\All Users\Application Data\BOONTY
C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
C:\Documents and Settings\All Users\Application Data\TEMP
C:\Documents and Settings\All Users\Application Data\TuneUp Software
C:\Documents and Settings\All Users\Application Data\Google Updater
C:\Documents and Settings\All Users\Application Data\Google
C:\Documents and Settings\All Users\Application Data\MailFrontier
C:\Documents and Settings\All Users\Application Data\PC Suite
C:\Documents and Settings\All Users\Application Data\Downloaded Installations
C:\Documents and Settings\All Users\Application Data\DVD Shrink
C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
C:\Documents and Settings\All Users\Application Data\Apple Computer
C:\Documents and Settings\All Users\Application Data\Prism
C:\Documents and Settings\All Users\Application Data\Viewpoint
C:\Documents and Settings\All Users\Application Data\QuickTime
C:\Documents and Settings\All Users\Application Data\AOL
C:\Documents and Settings\All Users\Application Data\Symantec
C:\Documents and Settings\All Users\Application Data\MSN6
C:\Documents and Settings\All Users\Application Data\CyberLink
C:\Documents and Settings\All Users\Application Data\desktop.ini
C:\Documents and Settings\All Users\Application Data\Microsoft
C:\Documents and Settings\NetworkService\Application Data\Microsoft
C:\Documents and Settings\LocalService\Application Data\Microsoft
C:\Documents and Settings\DAMOUR JUNIOR\Application Data\CVitae
C:\Documents and Settings\DAMOUR JUNIOR\Application Data\Media Player Classic
C:\Documents and Settings\DAMOUR JUNIOR\Application Data\flightgear.org
C:\Documents and Settings\DAMOUR JUNIOR\Application Data\IDM
C:\Documents and Settings\DAMOUR JUNIOR\Application Data\DMCache
C:\Documents and Settings\DAMOUR JUNIOR\Application Data\TuneUp Software
C:\Documents and Settings\DAMOUR JUNIOR\Application Data\GetRightToGo
C:\Documents and Settings\DAMOUR JUNIOR\Application Data\Talkback
C:\Documents and Settings\DAMOUR JUNIOR\Application Data\Nokia Multimedia Player
C:\Documents and Settings\DAMOUR JUNIOR\Application Data\WinRAR
C:\Documents and Settings\DAMOUR JUNIOR\Application Data\3M
C:\Documents and Settings\DAMOUR JUNIOR\Application Data\Nero
C:\Documents and Settings\DAMOUR JUNIOR\Application Data\dvdcss
C:\Documents and Settings\DAMOUR JUNIOR\Application Data\Datalayer
C:\Documents and Settings\DAMOUR JUNIOR\Application Data\Nokia
C:\Documents and Settings\DAMOUR JUNIOR\Application Data\PC Suite
C:\Documents and Settings\DAMOUR JUNIOR\Application Data\Real
C:\Documents and Settings\DAMOUR JUNIOR\Application Data\LiteOn
C:\Documents and Settings\DAMOUR JUNIOR\Application Data\ArcSoft
C:\Documents and Settings\DAMOUR JUNIOR\Application Data\Lavasoft
C:\Documents and Settings\DAMOUR JUNIOR\Application Data\Mozilla
C:\Documents and Settings\DAMOUR JUNIOR\Application Data\Google
C:\Documents and Settings\DAMOUR JUNIOR\Application Data\Jasc
C:\Documents and Settings\DAMOUR JUNIOR\Application Data\Apple Computer
C:\Documents and Settings\DAMOUR JUNIOR\Application Data\Wannadoo
C:\Documents and Settings\DAMOUR JUNIOR\Application Data\AdobeUM
C:\Documents and Settings\DAMOUR JUNIOR\Application Data\Macromedia
C:\Documents and Settings\DAMOUR JUNIOR\Application Data\Template
C:\Documents and Settings\DAMOUR JUNIOR\Application Data\AOL
C:\Documents and Settings\DAMOUR JUNIOR\Application Data\Help
C:\Documents and Settings\DAMOUR JUNIOR\Application Data\Symantec
C:\Documents and Settings\DAMOUR JUNIOR\Application Data\MSN6
C:\Documents and Settings\DAMOUR JUNIOR\Application Data\Sun
C:\Documents and Settings\DAMOUR JUNIOR\Application Data\Adobe
C:\Documents and Settings\DAMOUR JUNIOR\Application Data\InterTrust
C:\Documents and Settings\DAMOUR JUNIOR\Application Data\Identities
C:\Documents and Settings\DAMOUR JUNIOR\Application Data\Microsoft
C:\Documents and Settings\Propri‚taire\Application Data\CVitae
C:\Documents and Settings\Propri‚taire\Application Data\Media Player Classic
C:\Documents and Settings\Propri‚taire\Application Data\flightgear.org
C:\Documents and Settings\Propri‚taire\Application Data\IDM
C:\Documents and Settings\Propri‚taire\Application Data\DMCache
C:\Documents and Settings\Propri‚taire\Application Data\TuneUp Software
C:\Documents and Settings\Propri‚taire\Application Data\GetRightToGo
C:\Documents and Settings\Propri‚taire\Application Data\Talkback
C:\Documents and Settings\Propri‚taire\Application Data\Nokia Multimedia Player
C:\Documents and Settings\Propri‚taire\Application Data\WinRAR
C:\Documents and Settings\Propri‚taire\Application Data\3M
C:\Documents and Settings\Propri‚taire\Application Data\Nero
C:\Documents and Settings\Propri‚taire\Application Data\dvdcss
C:\Documents and Settings\Propri‚taire\Application Data\Datalayer
C:\Documents and Settings\Propri‚taire\Application Data\Nokia
C:\Documents and Settings\Propri‚taire\Application Data\PC Suite
C:\Documents and Settings\Propri‚taire\Application Data\Real
C:\Documents and Settings\Propri‚taire\Application Data\LiteOn
C:\Documents and Settings\Propri‚taire\Application Data\ArcSoft
C:\Documents and Settings\Propri‚taire\Application Data\Lavasoft
C:\Documents and Settings\Propri‚taire\Application Data\Mozilla
C:\Documents and Settings\Propri‚taire\Application Data\Google
C:\Documents and Settings\Propri‚taire\Application Data\Jasc
C:\Documents and Settings\Propri‚taire\Application Data\Apple Computer
C:\Documents and Settings\Propri‚taire\Application Data\Wannadoo
C:\Documents and Settings\Propri‚taire\Application Data\AdobeUM
C:\Documents and Settings\Propri‚taire\Application Data\Macromedia
C:\Documents and Settings\Propri‚taire\Application Data\Template
C:\Documents and Settings\Propri‚taire\Application Data\AOL
C:\Documents and Settings\Propri‚taire\Application Data\Help
C:\Documents and Settings\Propri‚taire\Application Data\Symantec
C:\Documents and Settings\Propri‚taire\Application Data\MSN6
C:\Documents and Settings\Propri‚taire\Application Data\Sun
C:\Documents and Settings\Propri‚taire\Application Data\Adobe
C:\Documents and Settings\Propri‚taire\Application Data\InterTrust
C:\Documents and Settings\Propri‚taire\Application Data\Identities
C:\Documents and Settings\Propri‚taire\Application Data\Microsoft
C:\Documents and Settings\Invit‚\Application Data\Google
C:\Documents and Settings\Invit‚\Application Data\Mozilla
C:\Documents and Settings\Invit‚\Application Data\Real
C:\Documents and Settings\Invit‚\Application Data\ArcSoft
C:\Documents and Settings\Invit‚\Application Data\MSN6
C:\Documents and Settings\Invit‚\Application Data\Macromedia
C:\Documents and Settings\Invit‚\Application Data\Apple Computer
C:\Documents and Settings\Invit‚\Application Data\Wannadoo
C:\Documents and Settings\Invit‚\Application Data\AOL
C:\Documents and Settings\Invit‚\Application Data\Sun
C:\Documents and Settings\Invit‚\Application Data\InterTrust
C:\Documents and Settings\Invit‚\Application Data\Adobe
C:\Documents and Settings\Invit‚\Application Data\Identities
C:\Documents and Settings\Invit‚\Application Data\desktop.ini
C:\Documents and Settings\Invit‚\Application Data\Microsoft
C:\Documents and Settings\Administrateur\Application Data\Wannadoo
C:\Documents and Settings\Administrateur\Application Data\Sun
C:\Documents and Settings\Administrateur\Application Data\Adobe
C:\Documents and Settings\Administrateur\Application Data\InterTrust
C:\Documents and Settings\Administrateur\Application Data\Identities
C:\Documents and Settings\Administrateur\Application Data\desktop.ini
C:\Documents and Settings\Administrateur\Application Data\Microsoft
----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\V‚rifier les mises … jour de Windows Live Toolbar.job
C:\WINDOWS\tasks\Maintenance en 1 clic.job
C:\WINDOWS\tasks\{3918F697-A995-448A-B487-0739A001EC24}_CHEFMEMBE_DAMOUR JUNIOR.job
C:\WINDOWS\tasks\SA.DAT
C:\WINDOWS\tasks\desktop.ini
--------------[ Listing des dossiers dans C:\Program Files ]--------------
C:\Program Files\3M
C:\Program Files\Adobe
C:\Program Files\ADS Tech
C:\Program Files\Alwil Software
C:\Program Files\Antipub
C:\Program Files\AOL 9.0a
C:\Program Files\AOL Toolbar
C:\Program Files\Apple Software Update
C:\Program Files\AskTBar
C:\Program Files\a-squared Free
C:\Program Files\Audacity
C:\Program Files\AvRack
C:\Program Files\Boonty
C:\Program Files\BoontyGames
C:\Program Files\brikabnoid
C:\Program Files\Creative Zone
C:\Program Files\CVitae
C:\Program Files\CyberLink
C:\Program Files\Desksite
C:\Program Files\DIFX
C:\Program Files\DivX
C:\Program Files\DJ show
C:\Program Files\EA Games
C:\Program Files\EHMINSTALL
C:\Program Files\emf-emi control, Inc
C:\Program Files\Fichiers communs
C:\Program Files\FlightGear
C:\Program Files\FLV Player
C:\Program Files\FLV PlayerRCATSetup.exe
C:\Program Files\FLV PlayerRCSetup.exe
C:\Program Files\Generic
C:\Program Files\GetDiz
C:\Program Files\Google
C:\Program Files\GRETECH
C:\Program Files\i-Media
C:\Program Files\InterActual
C:\Program Files\Internet Explorer
C:\Program Files\Inventel
C:\Program Files\iTunes
C:\Program Files\Jasc Software Inc
C:\Program Files\Java
C:\Program Files\JavaSoft
C:\Program Files\khi3
C:\Program Files\KONAMI
C:\Program Files\Lavasoft
C:\Program Files\Learn2.com
C:\Program Files\Magicbit
C:\Program Files\Messenger
C:\Program Files\microsoft frontpage
C:\Program Files\Microsoft Office
C:\Program Files\Microsoft Works
C:\Program Files\MINITEL
C:\Program Files\Movie Maker
C:\Program Files\Mozilla Firefox
C:\Program Files\MSN
C:\Program Files\MSN Gaming Zone
C:\Program Files\MSN Messenger
C:\Program Files\MSXML 4.0
C:\Program Files\MyXOFT
C:\Program Files\NASA
C:\Program Files\Nero
C:\Program Files\NetMeeting
C:\Program Files\Netscape
C:\Program Files\NewTech Infosystems
C:\Program Files\Nokia
C:\Program Files\OneClick
C:\Program Files\Outlook Express
C:\Program Files\Panicware
C:\Program Files\PowerArchiver
C:\Program Files\QuickTime
C:\Program Files\Real
C:\Program Files\Replay Converter
C:\Program Files\Replay Media Catcher
C:\Program Files\Samsung
C:\Program Files\Satsuki Decoder Pack
C:\Program Files\Savvy TV
C:\Program Files\Scorched3D
C:\Program Files\Securitoo
C:\Program Files\SereneScreen
C:\Program Files\Services en ligne
C:\Program Files\Spybot - Search & Destroy
C:\Program Files\Steinberg
C:\Program Files\Super Mario Blue Twilight DX
C:\Program Files\TGTSoft
C:\Program Files\TuneUp Utilities 2007
C:\Program Files\VideoLAN
C:\Program Files\Viewpoint
C:\Program Files\Web TV
C:\Program Files\Windows Live Favorites
C:\Program Files\Windows Live Toolbar
C:\Program Files\Windows Media Connect 2
C:\Program Files\Windows Media Player
C:\Program Files\Windows NT
C:\Program Files\WinTV
C:\Program Files\WinZip
C:\Program Files\xerox
C:\Program Files\XviD
C:\Program Files\YouTUBE (TM) movie downloader
C:\Program Files\Zone Labs
------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]-----
C:\Program Files\Fichiers communs\Adobe
C:\Program Files\Fichiers communs\AOL
C:\Program Files\Fichiers communs\aolback
C:\Program Files\Fichiers communs\Apple
C:\Program Files\Fichiers communs\ArcSoft
C:\Program Files\Fichiers communs\DirectX
C:\Program Files\Fichiers communs\FDEUnInstaller.exe
C:\Program Files\Fichiers communs\InstallShield
C:\Program Files\Fichiers communs\Java
C:\Program Files\Fichiers communs\Microsoft Shared
C:\Program Files\Fichiers communs\MSSoap
C:\Program Files\Fichiers communs\ODBC
C:\Program Files\Fichiers communs\Real
C:\Program Files\Fichiers communs\Services
C:\Program Files\Fichiers communs\Simple Star Shared
C:\Program Files\Fichiers communs\SpeechEngines
C:\Program Files\Fichiers communs\System
C:\Program Files\Fichiers communs\Wise Installation Wizard
C:\Program Files\Fichiers communs\xing shared
----------------------[ Recherche dans le Registre ]----------------------
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
-----------------[ Recherche de Fichiers - Dossiers Lop ]-----------------
Aucun dossier Lop trouvé !
--------------------[ Vérification du fichier Hosts ]---------------------
Fichier Hosts : Propre
--------------------[ Recherche d'autres infections ]---------------------
C:\WINDOWS\pack.epk
! EGDACCESS Possible !
--------------------[ Fin du rapport à 14:39:47,59 ]----------------------
Lassé par la pub ? Créez un compte
