A voir également:
- Virus cryp bits
- Winrar 64 bits - Télécharger - Compression & Décompression
- 32 bits - Guide
- Clé windows 10 pro 64 bits gratuit - Guide
- Virus mcafee - Accueil - Piratage
- Télécharger windows 7 32 bits usb - Télécharger - Systèmes d'exploitation
9 réponses
si vous avez un problème de sécurité, essayez dr web cureit en analyse complète (gratuit et très performant), après, essayé avast comme anti virus
ci dessous, mes derniers échanges avec rapports hijack et lop. Merci pour ton aide.
le rapport Hijack
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:44:40, on 24/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\VISION\SQLCLIENT\dbsrv7.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\AddTools\Trend Micro\Client Server Security Agent\ntrtscan.exe
C:\Program Files\INVENTORYCLIENT\client.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
C:\WINDOWS\System32\svchost.exe
C:\AddTools\Trend Micro\Client Server Security Agent\tmlisten.exe
C:\AddTools\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe
C:\Program Files\Funk Software\Proxy Host\ph32svc.exe
C:\WINDOWS\TEMP\BC8129.EXE
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.Exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Funk Software\Proxy Host\phtray.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\AddTools\Trend Micro\Client Server Security Agent\pccntmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Program Files\Hewlett-Packard\HP Mobile Printing\HPBMOBIL.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\AddTools\Trend Micro\Client Server Security Agent\Pop3Trap.exe
C:\AddTools\CCleaner\CCleaner.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\CGaulard\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://portail.free.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.free.fr/freebox/index.html
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www8.hp.com/fr/fr/home.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by ASSA ABLOY
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: 193.69.85.218 NOMAS03
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ProxyHostTrayIcon] "C:\Program Files\Funk Software\Proxy Host\phtray.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [AutoCalibration] C:\Program Files\TouchKit\xAuto4PtsCal.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\AddTools\Trend Micro\Client Server Security Agent\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [HP Mobile Printing] C:\Program Files\Hewlett-Packard\HP Mobile Printing\HPBMOBIL.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-1614895754-220523388-839522115-20633\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1614895754-220523388-839522115-20633\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - HKUS\S-1-5-21-1614895754-220523388-839522115-20641\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1614895754-220523388-839522115-20660\..\Run: [HP Mobile Printing] C:\Program Files\Hewlett-Packard\HP Mobile Printing\HPBMOBIL.EXE (User '?')
O4 - HKUS\S-1-5-21-2025429265-746137067-839522115-1170\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-2025429265-746137067-839522115-1190\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-2025429265-746137067-839522115-500\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-2107697717-1319666767-927131732-1006\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-2107697717-1319666767-927131732-1008\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Save page in SuperOffice - res://C:\SQL\SUPERO~1\SoIeExtensions.dll/SavePageInSuperOffice.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Organise-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: SuperOffice - {CC88D81F-6166-4F46-AC89-B75CD9CEB292} - C:\SQL\SuperOffice\SoIeExtensions.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.free.fr/freebox/index.html
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - http://dewie04.assaabloyhospitality.com/
O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - http://dewie04.assaabloyhospitality.com/
O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - http://dewie04.assaabloyhospitality.com/
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {C7C7152F-6E85-44F3-A14B-A7F85FDDEA3B} (InstallerCtrl Class) - http://v7.e-tmm.com/bin/tol7inst.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = assaabloyhospitality.com
O17 - HKLM\Software\..\Telephony: DomainName = assaabloyhospitality.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = assaabloyhospitality.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = assaabloyhospitality.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = assaabloyhospitality.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = assaabloyhospitality.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = assaabloyhospitality.com
O23 - Service: Adaptive Server Anywhere - Vision (ASANYs_Vision) - Sybase, Inc. - C:\VISION\SQLCLIENT\dbsrv7.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: Trend Micro Client/Server Security Agent RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\AddTools\Trend Micro\Client Server Security Agent\ntrtscan.exe
O23 - Service: Trend Micro Client/Server Security Agent Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\AddTools\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe
O23 - Service: Proxy Host Service (ProxyHostService) - Funk Software, Inc. - C:\Program Files\Funk Software\Proxy Host\ph32svc.exe
O23 - Service: SnowInventoryClient - Snow Software AB - C:\Program Files\INVENTORYCLIENT\client.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Check Point SecuRemote Service (SR_Service) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
O23 - Service: Check Point SecuRemote WatchDog (SR_WatchDog) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
O23 - Service: Trend Micro Client/Server Security Agent Listener (tmlisten) - Trend Micro Inc. - C:\AddTools\Trend Micro\Client Server Security Agent\tmlisten.exe
End of file - 12194 bytes
Répondre à yoman
3
Ce message vous semble utile, votez !Signaler ce message aux modérateurs Mmsl35_, le samedi 27 décembre 2008 à 20:39:21
Infection Lop :
- Désactive ton antivirus.
- Télécharge Lop S&D sur ton Bureau : https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2
- Double-clique dessus pour lancer l'installation
- Fais un clic-droit sur le raccourci Lop S&D présent sur ton Bureau et choisis "Exécuter en temps qu'administrateur"
- Sélectionne la langue souhaitée, puis choisis l'option 1 (Recherche)
- Patiente jusqu'à la fin du scan
- Poste le rapport généré
- Réactive ton antivirus
Tutoriel pour t’aider : http://www.malekal.com//tutorial_Lop_SD.php
Tu utilise qu'Internet Explorer! alors passe à Firefox! BONNES et JOYEUX FETES !à vous tous!
Cherche avec Google la solution existe peut être! Resolu ? oui alors change ton statut. Mmsl35
Répondre à Mmsl35_
4
Ce message vous semble utile, votez !Signaler ce message aux modérateurs yoman, le lundi 5 janvier 2009 à 09:45:01
Bonjour et bonne année 2009!
Voici le rapport LOP S&D:
Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) M processor 1600MHz )
BIOS : EPP runtime BIOS - Version 1.1
USER : cgaulard ( Not Administrator ! )
BOOT : Normal boot
Antivirus : Trend Micro Client-Server Security Agent 7.5 (Activated)
Firewall : Trend Micro Client-Server Security Agent Firewall 7.5 (Not Activated)
C:\ (Local Disk) - NTFS - Total:37 Go (Free:16 Go)
D:\ (CD or DVD)
E:\ (Local Disk) - NTFS - Total:232 Go (Free:232 Go)
H:\ (Network Disk)
N:\ (Network Disk)
Y:\ (Network Disk) - *NT5CSC - Total:37 Go (Free:16 Go)
"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( 05/01/2009| 9:34 )
--------------------\\ Listing des dossiers dans APPLIC~1
[13/01/2005|08:49] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
[13/01/2005|08:49] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
[13/01/2005|08:49] C:\DOCUME~1\ADMINI~1\APPLIC~1\Sonic
[13/01/2005|08:49] C:\DOCUME~1\ADMINI~1\APPLIC~1\Sun
[13/01/2005|08:49] C:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec
[13/01/2005|08:49] C:\DOCUME~1\ADMINI~2\APPLIC~1\Identities
[20/10/2004|09:38] C:\DOCUME~1\ADMINI~2\APPLIC~1\Microsoft
[13/01/2005|08:49] C:\DOCUME~1\ADMINI~2\APPLIC~1\Sonic
[13/01/2005|08:49] C:\DOCUME~1\ADMINI~2\APPLIC~1\Sun
[13/01/2005|08:49] C:\DOCUME~1\ADMINI~2\APPLIC~1\Symantec
[26/09/2008|09:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[11/11/2008|18:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BVRP Software
[17/11/2007|07:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Emjysoft
[07/09/2007|10:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[20/11/2008|13:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[28/05/2008|17:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Maxtor
[30/11/2005|08:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
[17/11/2007|07:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[31/01/2008|08:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSN6
[16/03/2005|09:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Network Associates
[02/10/2008|07:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NOS
[13/01/2005|08:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
[06/11/2005|13:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
[14/11/2008|14:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[20/10/2004|08:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[27/06/2006|21:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[06/11/2007|11:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom
[25/02/2007|12:37] C:\DOCUME~1\CGaulard\APPLIC~1\Adobe
[02/03/2007|08:42] C:\DOCUME~1\CGaulard\APPLIC~1\AdobeUM
[17/10/2007|10:05] C:\DOCUME~1\CGaulard\APPLIC~1\Google
[25/07/2008|08:26] C:\DOCUME~1\CGaulard\APPLIC~1\Help
[06/11/2007|11:36] C:\DOCUME~1\CGaulard\APPLIC~1\Identities
[24/11/2006|16:43] C:\DOCUME~1\CGaulard\APPLIC~1\Leadertech
[13/11/2006|12:14] C:\DOCUME~1\CGaulard\APPLIC~1\Macromedia
[20/11/2008|13:47] C:\DOCUME~1\CGaulard\APPLIC~1\Malwarebytes
[20/06/2007|07:25] C:\DOCUME~1\CGaulard\APPLIC~1\Microsoft
[21/12/2007|18:15] C:\DOCUME~1\CGaulard\APPLIC~1\Mozilla
[31/01/2008|08:55] C:\DOCUME~1\CGaulard\APPLIC~1\MSN6
[05/01/2009|09:10] C:\DOCUME~1\CGaulard\APPLIC~1\Skype
[13/01/2005|08:49] C:\DOCUME~1\CGaulard\APPLIC~1\Sonic
[13/01/2005|08:49] C:\DOCUME~1\CGaulard\APPLIC~1\Sun
[13/01/2005|08:49] C:\DOCUME~1\CGaulard\APPLIC~1\Symantec
[06/11/2007|11:36] C:\DOCUME~1\CGaulard\APPLIC~1\Zylom
[13/01/2005|08:49] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[13/01/2005|08:49] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[13/01/2005|08:49] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sonic
[13/01/2005|08:49] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sun
[13/01/2005|08:49] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec
[13/01/2005|08:49] C:\DOCUME~1\FRCMIG~1\APPLIC~1\Identities
[13/01/2005|08:49] C:\DOCUME~1\FRCMIG~1\APPLIC~1\Microsoft
[13/01/2005|08:49] C:\DOCUME~1\FRCMIG~1\APPLIC~1\Sonic
[13/01/2005|08:49] C:\DOCUME~1\FRCMIG~1\APPLIC~1\Sun
[13/01/2005|08:49] C:\DOCUME~1\FRCMIG~1\APPLIC~1\Symantec
[13/01/2005|08:49] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[13/01/2005|08:49] C:\DOCUME~1\MCAFEE~1\APPLIC~1\Identities
[13/01/2005|08:49] C:\DOCUME~1\MCAFEE~1\APPLIC~1\Microsoft
[13/01/2005|08:49] C:\DOCUME~1\MCAFEE~1\APPLIC~1\Sonic
[13/01/2005|08:49] C:\DOCUME~1\MCAFEE~1\APPLIC~1\Sun
[13/01/2005|08:49] C:\DOCUME~1\MCAFEE~1\APPLIC~1\Symantec
[13/01/2005|08:49] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[13/01/2005|08:49] C:\DOCUME~1\nnava\APPLIC~1\Identities
[13/01/2005|08:49] C:\DOCUME~1\nnava\APPLIC~1\Microsoft
[13/01/2005|08:49] C:\DOCUME~1\nnava\APPLIC~1\Sonic
[13/01/2005|08:49] C:\DOCUME~1\nnava\APPLIC~1\Sun
[13/01/2005|08:49] C:\DOCUME~1\nnava\APPLIC~1\Symantec
[13/01/2005|08:49] C:\DOCUME~1\PBOURD~1\APPLIC~1\Identities
[13/01/2005|08:49] C:\DOCUME~1\PBOURD~1\APPLIC~1\Microsoft
[13/01/2005|08:49] C:\DOCUME~1\PBOURD~1\APPLIC~1\Sonic
[13/01/2005|08:49] C:\DOCUME~1\PBOURD~1\APPLIC~1\Sun
[13/01/2005|08:49] C:\DOCUME~1\PBOURD~1\APPLIC~1\Symantec
[13/01/2005|08:49] C:\DOCUME~1\TBELLA~1\APPLIC~1\Identities
[13/01/2005|08:49] C:\DOCUME~1\TBELLA~1\APPLIC~1\Microsoft
[13/01/2005|08:49] C:\DOCUME~1\TBELLA~1\APPLIC~1\Sonic
[13/01/2005|08:49] C:\DOCUME~1\TBELLA~1\APPLIC~1\Sun
[13/01/2005|08:49] C:\DOCUME~1\TBELLA~1\APPLIC~1\Symantec
[13/01/2005|08:49] C:\DOCUME~1\test\APPLIC~1\Identities
[13/01/2005|08:49] C:\DOCUME~1\test\APPLIC~1\Microsoft
[13/01/2005|08:49] C:\DOCUME~1\test\APPLIC~1\Sonic
[13/01/2005|08:49] C:\DOCUME~1\test\APPLIC~1\Sun
[13/01/2005|08:49] C:\DOCUME~1\test\APPLIC~1\Symantec
[29/11/2005|12:09] C:\DOCUME~1\XCHARE~1\APPLIC~1\Adobe
[15/06/2006|17:22] C:\DOCUME~1\XCHARE~1\APPLIC~1\AdobeUM
[05/04/2005|14:05] C:\DOCUME~1\XCHARE~1\APPLIC~1\Help
[13/01/2005|08:49] C:\DOCUME~1\XCHARE~1\APPLIC~1\Identities
[15/02/2006|08:56] C:\DOCUME~1\XCHARE~1\APPLIC~1\InterVideo
[11/04/2006|11:06] C:\DOCUME~1\XCHARE~1\APPLIC~1\Leadertech
[25/10/2004|13:50] C:\DOCUME~1\XCHARE~1\APPLIC~1\Macromedia
[08/09/2005|21:43] C:\DOCUME~1\XCHARE~1\APPLIC~1\Microsoft
[23/10/2006|17:08] C:\DOCUME~1\XCHARE~1\APPLIC~1\Skype
[13/01/2005|08:49] C:\DOCUME~1\XCHARE~1\APPLIC~1\Sonic
[13/01/2005|08:49] C:\DOCUME~1\XCHARE~1\APPLIC~1\Sun
[13/01/2005|08:49] C:\DOCUME~1\XCHARE~1\APPLIC~1\Symantec
[04/08/2006|08:39] C:\DOCUME~1\XCHARE~1\APPLIC~1\vlc
[31/08/2005|13:59] C:\DOCUME~1\XCHARE~1\APPLIC~1\XnView
--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks
[05/01/2009 09:00][--ah-----] C:\WINDOWS\tasks\SA.DAT
[24/04/2003 03:00][-rah-----] C:\WINDOWS\tasks\desktop.ini
--------------------\\ Listing des dossiers dans C:\Program Files
[13/11/2006|11:54] C:\Program Files\AccessManager
[14/11/2007|15:29] C:\Program Files\Acro Software
[26/09/2008|08:57] C:\Program Files\Adobe
[13/01/2005|08:49] C:\Program Files\Analog Devices
[20/10/2004|11:45] C:\Program Files\Borland
[24/11/2006|16:11] C:\Program Files\Broadcom
[23/10/2006|12:51] C:\Program Files\Canon
[13/11/2006|12:25] C:\Program Files\CheckPoint
[01/12/2004|10:18] C:\Program Files\Common Files
[13/01/2005|08:49] C:\Program Files\ComPlus Applications
[25/07/2005|12:40] C:\Program Files\Disney Interactive
[13/01/2005|08:49] C:\Program Files\Easy Internet signup
[23/10/2006|12:56] C:\Program Files\Fichiers communs
[20/10/2004|09:11] C:\Program Files\Funk Software
[10/09/2007|05:31] C:\Program Files\Google
[14/11/2007|15:34] C:\Program Files\GPLGS
[25/08/2006|16:12] C:\Program Files\gs
[20/11/2008|09:50] C:\Program Files\Hewlett-Packard
[18/10/2004|18:15] C:\Program Files\HighMAT CD Writing Wizard
[23/10/2006|12:54] C:\Program Files\HP
[08/12/2006|11:21] C:\Program Files\hp deskjet 920c series
[12/01/2005|23:51] C:\Program Files\HPQ
[09/03/2006|14:48] C:\Program Files\IGC
[17/12/2008|12:13] C:\Program Files\INHOVA
[11/11/2008|18:29] C:\Program Files\InstallShield Installation Information
[18/09/2008|19:40] C:\Program Files\Internet Explorer
[13/11/2008|12:07] C:\Program Files\INVENTORYCLIENT
[14/08/2006|21:26] C:\Program Files\IP VPN Remote Services
[22/12/2008|08:36] C:\Program Files\Java
[25/02/2006|22:53] C:\Program Files\Larousse
[03/07/2006|15:56] C:\Program Files\Lasermedia
[25/12/2008|13:47] C:\Program Files\Malwarebytes' Anti-Malware
[23/03/2008|10:47] C:\Program Files\Maxtor
[16/03/2005|09:10] C:\Program Files\McAfee
[18/09/2008|19:53] C:\Program Files\Messenger
[04/11/2006|15:31] C:\Program Files\Microsoft ActiveSync
[25/02/2006|22:34] C:\Program Files\Microsoft AutoRoute
[09/05/2007|08:08] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[22/07/2005|21:00] C:\Program Files\Microsoft Encarta
[13/01/2005|08:49] C:\Program Files\microsoft frontpage
[31/03/2008|08:48] C:\Program Files\Microsoft Office
[20/10/2004|08:47] C:\Program Files\Microsoft Visual Studio
[18/09/2008|19:40] C:\Program Files\Movie Maker
[12/02/2008|19:08] C:\Program Files\Mozilla Firefox
[31/03/2008|08:48] C:\Program Files\MSECache
[13/01/2005|08:49] C:\Program Files\MSN
[13/01/2005|08:49] C:\Program Files\MSN Gaming Zone
[15/11/2006|10:32] C:\Program Files\MSXML 4.0
[23/03/2008|10:44] C:\Program Files\MSXML 6.0
[18/09/2008|19:31] C:\Program Files\NetMeeting
[02/10/2008|07:06] C:\Program Files\NOS
[20/10/2004|09:39] C:\Program Files\OfficeUpdate11
[18/09/2008|19:31] C:\Program Files\Outlook Express
[19/03/2008|16:42] C:\Program Files\QuickTime
[12/01/2005|23:55] C:\Program Files\Raccourcis de programmes
[13/01/2005|08:49] C:\Program Files\RecordNow!
[20/10/2004|09:08] C:\Program Files\Sage
[13/01/2005|08:49] C:\Program Files\Services en ligne
[05/04/2005|13:50] C:\Program Files\Skype
[13/01/2005|08:49] C:\Program Files\Sonic
[26/08/2008|07:15] C:\Program Files\Sun
[17/11/2007|07:52] C:\Program Files\SuperOffice
[20/10/2004|08:38] C:\Program Files\Symantec
[13/01/2005|08:49] C:\Program Files\Synaptics
[24/10/2006|16:23] C:\Program Files\TouchKit
[18/10/2004|18:35] C:\Program Files\Uninstall Information
[04/08/2006|08:38] C:\Program Files\VideoLAN
[18/10/2004|18:15] C:\Program Files\Windows Journal Viewer
[30/12/2006|16:49] C:\Program Files\Windows Media Connect 2
[18/09/2008|19:31] C:\Program Files\Windows Media Player
[18/09/2008|19:31] C:\Program Files\Windows NT
[13/01/2005|08:49] C:\Program Files\WindowsUpdate
[19/10/2004|16:34] C:\Program Files\WinZip
[13/01/2005|08:49] C:\Program Files\xerox
[25/08/2006|15:49] C:\Program Files\XnView
[16/02/2006|16:13] C:\Program Files\Yahoo!
[06/11/2007|11:39] C:\Program Files\Zylom Games
--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs
[26/09/2008|08:59] C:\Program Files\Fichiers communs\Adobe
[24/03/2006|11:55] C:\Program Files\Fichiers communs\Borland Shared
[20/10/2004|08:47] C:\Program Files\Fichiers communs\Designer
[22/10/2004|18:01] C:\Program Files\Fichiers communs\EPSON
[08/02/2008|08:34] C:\Program Files\Fichiers communs\Funk Software
[13/01/2005|08:49] C:\Program Files\Fichiers communs\InstallShield
[13/01/2005|08:49] C:\Program Files\Fichiers communs\Java
[20/10/2004|08:42] C:\Program Files\Fichiers communs\L&H
[15/10/2008|08:53] C:\Program Files\Fichiers communs\Microsoft Shared
[13/01/2005|08:49] C:\Program Files\Fichiers communs\MSSoap
[13/01/2005|08:49] C:\Program Files\Fichiers communs\ODBC
[13/01/2005|08:49] C:\Program Files\Fichiers communs\Services
[13/01/2005|08:49] C:\Program Files\Fichiers communs\Sonic
[13/01/2005|08:49] C:\Program Files\Fichiers communs\SpeechEngines
[13/01/2005|08:49] C:\Program Files\Fichiers communs\SureThing Shared
[20/10/2004|08:39] C:\Program Files\Fichiers communs\Symantec Shared
[18/09/2008|19:53] C:\Program Files\Fichiers communs\System
--------------------\\ Process
( 51 Processes )
iexplore.exe ~ [PID:2112]
--------------------\\ Recherche avec S_Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Recherche de Fichiers / Dossiers Lop
C:\DOCUME~1\CGaulard\Cookies\cgaulard@advertising[2].txt
--------------------\\ Verification du Registre
..... OK !
--------------------\\ Verification du fichier Hosts
Fichier Hosts PROPRE
--------------------\\ Recherche de fichiers avec Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-05 09:35:38
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0
--------------------\\ Recherche d'autres infections
Aucune autre infection trouvée !
[F:8][D:9]-> C:\DOCUME~1\CGaulard\LOCALS~1\Temp
[F:59][D:0]-> C:\DOCUME~1\CGaulard\Cookies
[F:55][D:16]-> C:\DOCUME~1\CGaulard\LOCALS~1\TEMPOR~1\content.IE5
1 - "C:\Lop SD\LopR_1.txt" - 05/01/2009| 9:38 - Option : [1]
le rapport Hijack
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:44:40, on 24/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\VISION\SQLCLIENT\dbsrv7.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\AddTools\Trend Micro\Client Server Security Agent\ntrtscan.exe
C:\Program Files\INVENTORYCLIENT\client.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
C:\WINDOWS\System32\svchost.exe
C:\AddTools\Trend Micro\Client Server Security Agent\tmlisten.exe
C:\AddTools\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe
C:\Program Files\Funk Software\Proxy Host\ph32svc.exe
C:\WINDOWS\TEMP\BC8129.EXE
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.Exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Funk Software\Proxy Host\phtray.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\AddTools\Trend Micro\Client Server Security Agent\pccntmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Program Files\Hewlett-Packard\HP Mobile Printing\HPBMOBIL.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\AddTools\Trend Micro\Client Server Security Agent\Pop3Trap.exe
C:\AddTools\CCleaner\CCleaner.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\CGaulard\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://portail.free.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.free.fr/freebox/index.html
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www8.hp.com/fr/fr/home.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by ASSA ABLOY
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: 193.69.85.218 NOMAS03
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ProxyHostTrayIcon] "C:\Program Files\Funk Software\Proxy Host\phtray.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [AutoCalibration] C:\Program Files\TouchKit\xAuto4PtsCal.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\AddTools\Trend Micro\Client Server Security Agent\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [HP Mobile Printing] C:\Program Files\Hewlett-Packard\HP Mobile Printing\HPBMOBIL.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-1614895754-220523388-839522115-20633\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1614895754-220523388-839522115-20633\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - HKUS\S-1-5-21-1614895754-220523388-839522115-20641\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1614895754-220523388-839522115-20660\..\Run: [HP Mobile Printing] C:\Program Files\Hewlett-Packard\HP Mobile Printing\HPBMOBIL.EXE (User '?')
O4 - HKUS\S-1-5-21-2025429265-746137067-839522115-1170\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-2025429265-746137067-839522115-1190\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-2025429265-746137067-839522115-500\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-2107697717-1319666767-927131732-1006\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-2107697717-1319666767-927131732-1008\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Save page in SuperOffice - res://C:\SQL\SUPERO~1\SoIeExtensions.dll/SavePageInSuperOffice.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Organise-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: SuperOffice - {CC88D81F-6166-4F46-AC89-B75CD9CEB292} - C:\SQL\SuperOffice\SoIeExtensions.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.free.fr/freebox/index.html
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - http://dewie04.assaabloyhospitality.com/
O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - http://dewie04.assaabloyhospitality.com/
O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - http://dewie04.assaabloyhospitality.com/
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {C7C7152F-6E85-44F3-A14B-A7F85FDDEA3B} (InstallerCtrl Class) - http://v7.e-tmm.com/bin/tol7inst.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = assaabloyhospitality.com
O17 - HKLM\Software\..\Telephony: DomainName = assaabloyhospitality.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = assaabloyhospitality.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = assaabloyhospitality.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = assaabloyhospitality.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = assaabloyhospitality.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = assaabloyhospitality.com
O23 - Service: Adaptive Server Anywhere - Vision (ASANYs_Vision) - Sybase, Inc. - C:\VISION\SQLCLIENT\dbsrv7.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: Trend Micro Client/Server Security Agent RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\AddTools\Trend Micro\Client Server Security Agent\ntrtscan.exe
O23 - Service: Trend Micro Client/Server Security Agent Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\AddTools\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe
O23 - Service: Proxy Host Service (ProxyHostService) - Funk Software, Inc. - C:\Program Files\Funk Software\Proxy Host\ph32svc.exe
O23 - Service: SnowInventoryClient - Snow Software AB - C:\Program Files\INVENTORYCLIENT\client.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Check Point SecuRemote Service (SR_Service) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
O23 - Service: Check Point SecuRemote WatchDog (SR_WatchDog) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
O23 - Service: Trend Micro Client/Server Security Agent Listener (tmlisten) - Trend Micro Inc. - C:\AddTools\Trend Micro\Client Server Security Agent\tmlisten.exe
End of file - 12194 bytes
Répondre à yoman
3
Ce message vous semble utile, votez !Signaler ce message aux modérateurs Mmsl35_, le samedi 27 décembre 2008 à 20:39:21
Infection Lop :
- Désactive ton antivirus.
- Télécharge Lop S&D sur ton Bureau : https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2
- Double-clique dessus pour lancer l'installation
- Fais un clic-droit sur le raccourci Lop S&D présent sur ton Bureau et choisis "Exécuter en temps qu'administrateur"
- Sélectionne la langue souhaitée, puis choisis l'option 1 (Recherche)
- Patiente jusqu'à la fin du scan
- Poste le rapport généré
- Réactive ton antivirus
Tutoriel pour t’aider : http://www.malekal.com//tutorial_Lop_SD.php
Tu utilise qu'Internet Explorer! alors passe à Firefox! BONNES et JOYEUX FETES !à vous tous!
Cherche avec Google la solution existe peut être! Resolu ? oui alors change ton statut. Mmsl35
Répondre à Mmsl35_
4
Ce message vous semble utile, votez !Signaler ce message aux modérateurs yoman, le lundi 5 janvier 2009 à 09:45:01
Bonjour et bonne année 2009!
Voici le rapport LOP S&D:
Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) M processor 1600MHz )
BIOS : EPP runtime BIOS - Version 1.1
USER : cgaulard ( Not Administrator ! )
BOOT : Normal boot
Antivirus : Trend Micro Client-Server Security Agent 7.5 (Activated)
Firewall : Trend Micro Client-Server Security Agent Firewall 7.5 (Not Activated)
C:\ (Local Disk) - NTFS - Total:37 Go (Free:16 Go)
D:\ (CD or DVD)
E:\ (Local Disk) - NTFS - Total:232 Go (Free:232 Go)
H:\ (Network Disk)
N:\ (Network Disk)
Y:\ (Network Disk) - *NT5CSC - Total:37 Go (Free:16 Go)
"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( 05/01/2009| 9:34 )
--------------------\\ Listing des dossiers dans APPLIC~1
[13/01/2005|08:49] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
[13/01/2005|08:49] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
[13/01/2005|08:49] C:\DOCUME~1\ADMINI~1\APPLIC~1\Sonic
[13/01/2005|08:49] C:\DOCUME~1\ADMINI~1\APPLIC~1\Sun
[13/01/2005|08:49] C:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec
[13/01/2005|08:49] C:\DOCUME~1\ADMINI~2\APPLIC~1\Identities
[20/10/2004|09:38] C:\DOCUME~1\ADMINI~2\APPLIC~1\Microsoft
[13/01/2005|08:49] C:\DOCUME~1\ADMINI~2\APPLIC~1\Sonic
[13/01/2005|08:49] C:\DOCUME~1\ADMINI~2\APPLIC~1\Sun
[13/01/2005|08:49] C:\DOCUME~1\ADMINI~2\APPLIC~1\Symantec
[26/09/2008|09:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[11/11/2008|18:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BVRP Software
[17/11/2007|07:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Emjysoft
[07/09/2007|10:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[20/11/2008|13:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[28/05/2008|17:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Maxtor
[30/11/2005|08:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
[17/11/2007|07:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[31/01/2008|08:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSN6
[16/03/2005|09:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Network Associates
[02/10/2008|07:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NOS
[13/01/2005|08:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
[06/11/2005|13:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
[14/11/2008|14:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[20/10/2004|08:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[27/06/2006|21:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[06/11/2007|11:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom
[25/02/2007|12:37] C:\DOCUME~1\CGaulard\APPLIC~1\Adobe
[02/03/2007|08:42] C:\DOCUME~1\CGaulard\APPLIC~1\AdobeUM
[17/10/2007|10:05] C:\DOCUME~1\CGaulard\APPLIC~1\Google
[25/07/2008|08:26] C:\DOCUME~1\CGaulard\APPLIC~1\Help
[06/11/2007|11:36] C:\DOCUME~1\CGaulard\APPLIC~1\Identities
[24/11/2006|16:43] C:\DOCUME~1\CGaulard\APPLIC~1\Leadertech
[13/11/2006|12:14] C:\DOCUME~1\CGaulard\APPLIC~1\Macromedia
[20/11/2008|13:47] C:\DOCUME~1\CGaulard\APPLIC~1\Malwarebytes
[20/06/2007|07:25] C:\DOCUME~1\CGaulard\APPLIC~1\Microsoft
[21/12/2007|18:15] C:\DOCUME~1\CGaulard\APPLIC~1\Mozilla
[31/01/2008|08:55] C:\DOCUME~1\CGaulard\APPLIC~1\MSN6
[05/01/2009|09:10] C:\DOCUME~1\CGaulard\APPLIC~1\Skype
[13/01/2005|08:49] C:\DOCUME~1\CGaulard\APPLIC~1\Sonic
[13/01/2005|08:49] C:\DOCUME~1\CGaulard\APPLIC~1\Sun
[13/01/2005|08:49] C:\DOCUME~1\CGaulard\APPLIC~1\Symantec
[06/11/2007|11:36] C:\DOCUME~1\CGaulard\APPLIC~1\Zylom
[13/01/2005|08:49] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[13/01/2005|08:49] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[13/01/2005|08:49] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sonic
[13/01/2005|08:49] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sun
[13/01/2005|08:49] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec
[13/01/2005|08:49] C:\DOCUME~1\FRCMIG~1\APPLIC~1\Identities
[13/01/2005|08:49] C:\DOCUME~1\FRCMIG~1\APPLIC~1\Microsoft
[13/01/2005|08:49] C:\DOCUME~1\FRCMIG~1\APPLIC~1\Sonic
[13/01/2005|08:49] C:\DOCUME~1\FRCMIG~1\APPLIC~1\Sun
[13/01/2005|08:49] C:\DOCUME~1\FRCMIG~1\APPLIC~1\Symantec
[13/01/2005|08:49] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[13/01/2005|08:49] C:\DOCUME~1\MCAFEE~1\APPLIC~1\Identities
[13/01/2005|08:49] C:\DOCUME~1\MCAFEE~1\APPLIC~1\Microsoft
[13/01/2005|08:49] C:\DOCUME~1\MCAFEE~1\APPLIC~1\Sonic
[13/01/2005|08:49] C:\DOCUME~1\MCAFEE~1\APPLIC~1\Sun
[13/01/2005|08:49] C:\DOCUME~1\MCAFEE~1\APPLIC~1\Symantec
[13/01/2005|08:49] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[13/01/2005|08:49] C:\DOCUME~1\nnava\APPLIC~1\Identities
[13/01/2005|08:49] C:\DOCUME~1\nnava\APPLIC~1\Microsoft
[13/01/2005|08:49] C:\DOCUME~1\nnava\APPLIC~1\Sonic
[13/01/2005|08:49] C:\DOCUME~1\nnava\APPLIC~1\Sun
[13/01/2005|08:49] C:\DOCUME~1\nnava\APPLIC~1\Symantec
[13/01/2005|08:49] C:\DOCUME~1\PBOURD~1\APPLIC~1\Identities
[13/01/2005|08:49] C:\DOCUME~1\PBOURD~1\APPLIC~1\Microsoft
[13/01/2005|08:49] C:\DOCUME~1\PBOURD~1\APPLIC~1\Sonic
[13/01/2005|08:49] C:\DOCUME~1\PBOURD~1\APPLIC~1\Sun
[13/01/2005|08:49] C:\DOCUME~1\PBOURD~1\APPLIC~1\Symantec
[13/01/2005|08:49] C:\DOCUME~1\TBELLA~1\APPLIC~1\Identities
[13/01/2005|08:49] C:\DOCUME~1\TBELLA~1\APPLIC~1\Microsoft
[13/01/2005|08:49] C:\DOCUME~1\TBELLA~1\APPLIC~1\Sonic
[13/01/2005|08:49] C:\DOCUME~1\TBELLA~1\APPLIC~1\Sun
[13/01/2005|08:49] C:\DOCUME~1\TBELLA~1\APPLIC~1\Symantec
[13/01/2005|08:49] C:\DOCUME~1\test\APPLIC~1\Identities
[13/01/2005|08:49] C:\DOCUME~1\test\APPLIC~1\Microsoft
[13/01/2005|08:49] C:\DOCUME~1\test\APPLIC~1\Sonic
[13/01/2005|08:49] C:\DOCUME~1\test\APPLIC~1\Sun
[13/01/2005|08:49] C:\DOCUME~1\test\APPLIC~1\Symantec
[29/11/2005|12:09] C:\DOCUME~1\XCHARE~1\APPLIC~1\Adobe
[15/06/2006|17:22] C:\DOCUME~1\XCHARE~1\APPLIC~1\AdobeUM
[05/04/2005|14:05] C:\DOCUME~1\XCHARE~1\APPLIC~1\Help
[13/01/2005|08:49] C:\DOCUME~1\XCHARE~1\APPLIC~1\Identities
[15/02/2006|08:56] C:\DOCUME~1\XCHARE~1\APPLIC~1\InterVideo
[11/04/2006|11:06] C:\DOCUME~1\XCHARE~1\APPLIC~1\Leadertech
[25/10/2004|13:50] C:\DOCUME~1\XCHARE~1\APPLIC~1\Macromedia
[08/09/2005|21:43] C:\DOCUME~1\XCHARE~1\APPLIC~1\Microsoft
[23/10/2006|17:08] C:\DOCUME~1\XCHARE~1\APPLIC~1\Skype
[13/01/2005|08:49] C:\DOCUME~1\XCHARE~1\APPLIC~1\Sonic
[13/01/2005|08:49] C:\DOCUME~1\XCHARE~1\APPLIC~1\Sun
[13/01/2005|08:49] C:\DOCUME~1\XCHARE~1\APPLIC~1\Symantec
[04/08/2006|08:39] C:\DOCUME~1\XCHARE~1\APPLIC~1\vlc
[31/08/2005|13:59] C:\DOCUME~1\XCHARE~1\APPLIC~1\XnView
--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks
[05/01/2009 09:00][--ah-----] C:\WINDOWS\tasks\SA.DAT
[24/04/2003 03:00][-rah-----] C:\WINDOWS\tasks\desktop.ini
--------------------\\ Listing des dossiers dans C:\Program Files
[13/11/2006|11:54] C:\Program Files\AccessManager
[14/11/2007|15:29] C:\Program Files\Acro Software
[26/09/2008|08:57] C:\Program Files\Adobe
[13/01/2005|08:49] C:\Program Files\Analog Devices
[20/10/2004|11:45] C:\Program Files\Borland
[24/11/2006|16:11] C:\Program Files\Broadcom
[23/10/2006|12:51] C:\Program Files\Canon
[13/11/2006|12:25] C:\Program Files\CheckPoint
[01/12/2004|10:18] C:\Program Files\Common Files
[13/01/2005|08:49] C:\Program Files\ComPlus Applications
[25/07/2005|12:40] C:\Program Files\Disney Interactive
[13/01/2005|08:49] C:\Program Files\Easy Internet signup
[23/10/2006|12:56] C:\Program Files\Fichiers communs
[20/10/2004|09:11] C:\Program Files\Funk Software
[10/09/2007|05:31] C:\Program Files\Google
[14/11/2007|15:34] C:\Program Files\GPLGS
[25/08/2006|16:12] C:\Program Files\gs
[20/11/2008|09:50] C:\Program Files\Hewlett-Packard
[18/10/2004|18:15] C:\Program Files\HighMAT CD Writing Wizard
[23/10/2006|12:54] C:\Program Files\HP
[08/12/2006|11:21] C:\Program Files\hp deskjet 920c series
[12/01/2005|23:51] C:\Program Files\HPQ
[09/03/2006|14:48] C:\Program Files\IGC
[17/12/2008|12:13] C:\Program Files\INHOVA
[11/11/2008|18:29] C:\Program Files\InstallShield Installation Information
[18/09/2008|19:40] C:\Program Files\Internet Explorer
[13/11/2008|12:07] C:\Program Files\INVENTORYCLIENT
[14/08/2006|21:26] C:\Program Files\IP VPN Remote Services
[22/12/2008|08:36] C:\Program Files\Java
[25/02/2006|22:53] C:\Program Files\Larousse
[03/07/2006|15:56] C:\Program Files\Lasermedia
[25/12/2008|13:47] C:\Program Files\Malwarebytes' Anti-Malware
[23/03/2008|10:47] C:\Program Files\Maxtor
[16/03/2005|09:10] C:\Program Files\McAfee
[18/09/2008|19:53] C:\Program Files\Messenger
[04/11/2006|15:31] C:\Program Files\Microsoft ActiveSync
[25/02/2006|22:34] C:\Program Files\Microsoft AutoRoute
[09/05/2007|08:08] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[22/07/2005|21:00] C:\Program Files\Microsoft Encarta
[13/01/2005|08:49] C:\Program Files\microsoft frontpage
[31/03/2008|08:48] C:\Program Files\Microsoft Office
[20/10/2004|08:47] C:\Program Files\Microsoft Visual Studio
[18/09/2008|19:40] C:\Program Files\Movie Maker
[12/02/2008|19:08] C:\Program Files\Mozilla Firefox
[31/03/2008|08:48] C:\Program Files\MSECache
[13/01/2005|08:49] C:\Program Files\MSN
[13/01/2005|08:49] C:\Program Files\MSN Gaming Zone
[15/11/2006|10:32] C:\Program Files\MSXML 4.0
[23/03/2008|10:44] C:\Program Files\MSXML 6.0
[18/09/2008|19:31] C:\Program Files\NetMeeting
[02/10/2008|07:06] C:\Program Files\NOS
[20/10/2004|09:39] C:\Program Files\OfficeUpdate11
[18/09/2008|19:31] C:\Program Files\Outlook Express
[19/03/2008|16:42] C:\Program Files\QuickTime
[12/01/2005|23:55] C:\Program Files\Raccourcis de programmes
[13/01/2005|08:49] C:\Program Files\RecordNow!
[20/10/2004|09:08] C:\Program Files\Sage
[13/01/2005|08:49] C:\Program Files\Services en ligne
[05/04/2005|13:50] C:\Program Files\Skype
[13/01/2005|08:49] C:\Program Files\Sonic
[26/08/2008|07:15] C:\Program Files\Sun
[17/11/2007|07:52] C:\Program Files\SuperOffice
[20/10/2004|08:38] C:\Program Files\Symantec
[13/01/2005|08:49] C:\Program Files\Synaptics
[24/10/2006|16:23] C:\Program Files\TouchKit
[18/10/2004|18:35] C:\Program Files\Uninstall Information
[04/08/2006|08:38] C:\Program Files\VideoLAN
[18/10/2004|18:15] C:\Program Files\Windows Journal Viewer
[30/12/2006|16:49] C:\Program Files\Windows Media Connect 2
[18/09/2008|19:31] C:\Program Files\Windows Media Player
[18/09/2008|19:31] C:\Program Files\Windows NT
[13/01/2005|08:49] C:\Program Files\WindowsUpdate
[19/10/2004|16:34] C:\Program Files\WinZip
[13/01/2005|08:49] C:\Program Files\xerox
[25/08/2006|15:49] C:\Program Files\XnView
[16/02/2006|16:13] C:\Program Files\Yahoo!
[06/11/2007|11:39] C:\Program Files\Zylom Games
--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs
[26/09/2008|08:59] C:\Program Files\Fichiers communs\Adobe
[24/03/2006|11:55] C:\Program Files\Fichiers communs\Borland Shared
[20/10/2004|08:47] C:\Program Files\Fichiers communs\Designer
[22/10/2004|18:01] C:\Program Files\Fichiers communs\EPSON
[08/02/2008|08:34] C:\Program Files\Fichiers communs\Funk Software
[13/01/2005|08:49] C:\Program Files\Fichiers communs\InstallShield
[13/01/2005|08:49] C:\Program Files\Fichiers communs\Java
[20/10/2004|08:42] C:\Program Files\Fichiers communs\L&H
[15/10/2008|08:53] C:\Program Files\Fichiers communs\Microsoft Shared
[13/01/2005|08:49] C:\Program Files\Fichiers communs\MSSoap
[13/01/2005|08:49] C:\Program Files\Fichiers communs\ODBC
[13/01/2005|08:49] C:\Program Files\Fichiers communs\Services
[13/01/2005|08:49] C:\Program Files\Fichiers communs\Sonic
[13/01/2005|08:49] C:\Program Files\Fichiers communs\SpeechEngines
[13/01/2005|08:49] C:\Program Files\Fichiers communs\SureThing Shared
[20/10/2004|08:39] C:\Program Files\Fichiers communs\Symantec Shared
[18/09/2008|19:53] C:\Program Files\Fichiers communs\System
--------------------\\ Process
( 51 Processes )
iexplore.exe ~ [PID:2112]
--------------------\\ Recherche avec S_Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Recherche de Fichiers / Dossiers Lop
C:\DOCUME~1\CGaulard\Cookies\cgaulard@advertising[2].txt
--------------------\\ Verification du Registre
..... OK !
--------------------\\ Verification du fichier Hosts
Fichier Hosts PROPRE
--------------------\\ Recherche de fichiers avec Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-05 09:35:38
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0
--------------------\\ Recherche d'autres infections
Aucune autre infection trouvée !
[F:8][D:9]-> C:\DOCUME~1\CGaulard\LOCALS~1\Temp
[F:59][D:0]-> C:\DOCUME~1\CGaulard\Cookies
[F:55][D:16]-> C:\DOCUME~1\CGaulard\LOCALS~1\TEMPOR~1\content.IE5
1 - "C:\Lop SD\LopR_1.txt" - 05/01/2009| 9:38 - Option : [1]
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Ce que je veux dire c'est :
* et si tu repostais un nouveau rapport hijackthis !
* Depuis le 24 decembre, meme si il fait froid---> de l'eau a coulé sous les ponts...
* et si tu repostais un nouveau rapport hijackthis !
* Depuis le 24 decembre, meme si il fait froid---> de l'eau a coulé sous les ponts...
Alors le voici!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:39:07, on 09/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\VISION\SQLCLIENT\dbsrv7.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\AddTools\Trend Micro\Client Server Security Agent\ntrtscan.exe
C:\Program Files\INVENTORYCLIENT\client.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
C:\WINDOWS\System32\svchost.exe
C:\AddTools\Trend Micro\Client Server Security Agent\tmlisten.exe
C:\AddTools\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe
C:\Program Files\Funk Software\Proxy Host\ph32svc.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Funk Software\Proxy Host\phtray.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.Exe
C:\AddTools\Trend Micro\Client Server Security Agent\pccntmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Hewlett-Packard\HP Mobile Printing\HPBMOBIL.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\AddTools\Trend Micro\Client Server Security Agent\pccntupd.exe
C:\WINDOWS\TEMP\XYFB50.EXE
C:\AddTools\Trend Micro\Client Server Security Agent\Pop3Trap.exe
C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\SQL\SuperOffice\SOCRM.exe
c:\SQL\SuperOffice\Database\dbeng9.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\CGaulard\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://portail.free.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.free.fr/freebox/index.html
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www8.hp.com/fr/fr/home.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by ASSA ABLOY
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: 193.69.85.218 NOMAS03
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ProxyHostTrayIcon] "C:\Program Files\Funk Software\Proxy Host\phtray.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [AutoCalibration] C:\Program Files\TouchKit\xAuto4PtsCal.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\AddTools\Trend Micro\Client Server Security Agent\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [HP Mobile Printing] C:\Program Files\Hewlett-Packard\HP Mobile Printing\HPBMOBIL.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-1614895754-220523388-839522115-20633\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1614895754-220523388-839522115-20633\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - HKUS\S-1-5-21-2025429265-746137067-839522115-1190\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-2025429265-746137067-839522115-500\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-2107697717-1319666767-927131732-1006\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-2107697717-1319666767-927131732-1008\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Save page in SuperOffice - res://C:\SQL\SUPERO~1\SoIeExtensions.dll/SavePageInSuperOffice.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Organise-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: SuperOffice - {CC88D81F-6166-4F46-AC89-B75CD9CEB292} - C:\SQL\SuperOffice\SoIeExtensions.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.free.fr/freebox/index.html
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - http://dewie04.assaabloyhospitality.com/...
O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - http://dewie04.assaabloyhospitality.com/...
O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - http://dewie04.assaabloyhospitality.com/...
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {C7C7152F-6E85-44F3-A14B-A7F85FDDEA3B} (InstallerCtrl Class) - http://v7.e-tmm.com/bin/tol7inst.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = assaabloyhospitality.com
O17 - HKLM\Software\..\Telephony: DomainName = assaabloyhospitality.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{C0A47155-A588-48D5-8339-18B051F7462A}: Domain = assaabloyhospitality.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{C0A47155-A588-48D5-8339-18B051F7462A}: NameServer = 10.0.142.19,10.0.142.97
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = assaabloyhospitality.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = assaabloyhospitality.com,assaabloyhospitality.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = assaabloyhospitality.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = assaabloyhospitality.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = assaabloyhospitality.com,assaabloyhospitality.com
O23 - Service: Adaptive Server Anywhere - Vision (ASANYs_Vision) - Sybase, Inc. - C:\VISION\SQLCLIENT\dbsrv7.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: Trend Micro Client/Server Security Agent RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\AddTools\Trend Micro\Client Server Security Agent\ntrtscan.exe
O23 - Service: Trend Micro Client/Server Security Agent Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\AddTools\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe
O23 - Service: Proxy Host Service (ProxyHostService) - Funk Software, Inc. - C:\Program Files\Funk Software\Proxy Host\ph32svc.exe
O23 - Service: SnowInventoryClient - Snow Software AB - C:\Program Files\INVENTORYCLIENT\client.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Check Point SecuRemote Service (SR_Service) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
O23 - Service: Check Point SecuRemote WatchDog (SR_WatchDog) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
O23 - Service: Trend Micro Client/Server Security Agent Listener (tmlisten) - Trend Micro Inc. - C:\AddTools\Trend Micro\Client Server Security Agent\tmlisten.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:39:07, on 09/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\VISION\SQLCLIENT\dbsrv7.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\AddTools\Trend Micro\Client Server Security Agent\ntrtscan.exe
C:\Program Files\INVENTORYCLIENT\client.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
C:\WINDOWS\System32\svchost.exe
C:\AddTools\Trend Micro\Client Server Security Agent\tmlisten.exe
C:\AddTools\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe
C:\Program Files\Funk Software\Proxy Host\ph32svc.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Funk Software\Proxy Host\phtray.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.Exe
C:\AddTools\Trend Micro\Client Server Security Agent\pccntmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Hewlett-Packard\HP Mobile Printing\HPBMOBIL.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\AddTools\Trend Micro\Client Server Security Agent\pccntupd.exe
C:\WINDOWS\TEMP\XYFB50.EXE
C:\AddTools\Trend Micro\Client Server Security Agent\Pop3Trap.exe
C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\SQL\SuperOffice\SOCRM.exe
c:\SQL\SuperOffice\Database\dbeng9.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\CGaulard\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://portail.free.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.free.fr/freebox/index.html
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www8.hp.com/fr/fr/home.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by ASSA ABLOY
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: 193.69.85.218 NOMAS03
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ProxyHostTrayIcon] "C:\Program Files\Funk Software\Proxy Host\phtray.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [AutoCalibration] C:\Program Files\TouchKit\xAuto4PtsCal.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\AddTools\Trend Micro\Client Server Security Agent\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [HP Mobile Printing] C:\Program Files\Hewlett-Packard\HP Mobile Printing\HPBMOBIL.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-1614895754-220523388-839522115-20633\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1614895754-220523388-839522115-20633\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - HKUS\S-1-5-21-2025429265-746137067-839522115-1190\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-2025429265-746137067-839522115-500\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-2107697717-1319666767-927131732-1006\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-2107697717-1319666767-927131732-1008\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Save page in SuperOffice - res://C:\SQL\SUPERO~1\SoIeExtensions.dll/SavePageInSuperOffice.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Organise-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: SuperOffice - {CC88D81F-6166-4F46-AC89-B75CD9CEB292} - C:\SQL\SuperOffice\SoIeExtensions.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.free.fr/freebox/index.html
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - http://dewie04.assaabloyhospitality.com/...
O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - http://dewie04.assaabloyhospitality.com/...
O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - http://dewie04.assaabloyhospitality.com/...
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {C7C7152F-6E85-44F3-A14B-A7F85FDDEA3B} (InstallerCtrl Class) - http://v7.e-tmm.com/bin/tol7inst.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = assaabloyhospitality.com
O17 - HKLM\Software\..\Telephony: DomainName = assaabloyhospitality.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{C0A47155-A588-48D5-8339-18B051F7462A}: Domain = assaabloyhospitality.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{C0A47155-A588-48D5-8339-18B051F7462A}: NameServer = 10.0.142.19,10.0.142.97
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = assaabloyhospitality.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = assaabloyhospitality.com,assaabloyhospitality.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = assaabloyhospitality.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = assaabloyhospitality.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = assaabloyhospitality.com,assaabloyhospitality.com
O23 - Service: Adaptive Server Anywhere - Vision (ASANYs_Vision) - Sybase, Inc. - C:\VISION\SQLCLIENT\dbsrv7.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: Trend Micro Client/Server Security Agent RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\AddTools\Trend Micro\Client Server Security Agent\ntrtscan.exe
O23 - Service: Trend Micro Client/Server Security Agent Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\AddTools\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe
O23 - Service: Proxy Host Service (ProxyHostService) - Funk Software, Inc. - C:\Program Files\Funk Software\Proxy Host\ph32svc.exe
O23 - Service: SnowInventoryClient - Snow Software AB - C:\Program Files\INVENTORYCLIENT\client.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Check Point SecuRemote Service (SR_Service) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
O23 - Service: Check Point SecuRemote WatchDog (SR_WatchDog) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
O23 - Service: Trend Micro Client/Server Security Agent Listener (tmlisten) - Trend Micro Inc. - C:\AddTools\Trend Micro\Client Server Security Agent\tmlisten.exe
* Telecharges SmifraudFix sur ton bureau :
http://siri.urz.free.fr/Fix/SmitfraudFix.exe
/!\ Desactives ton antivirus et le Tea timer de spybot /!\.
---> pour desactiver le tea-timer de Spybot, ouvres Spybot et cliques sur Mode en haut
à gauche " Avancé " et cliques en bas sur " outils, puis desactive le et quitte spybot...
*Double cliques sur SmitfraudFix.exe
---> une fenetre s'ouvre....
---> au menu, choisis l'option 1 ( recherche) et laisses le scanner
----> un rapport sera généré, postes le
http://siri.urz.free.fr/Fix/SmitfraudFix.exe
/!\ Desactives ton antivirus et le Tea timer de spybot /!\.
---> pour desactiver le tea-timer de Spybot, ouvres Spybot et cliques sur Mode en haut
à gauche " Avancé " et cliques en bas sur " outils, puis desactive le et quitte spybot...
*Double cliques sur SmitfraudFix.exe
---> une fenetre s'ouvre....
---> au menu, choisis l'option 1 ( recherche) et laisses le scanner
----> un rapport sera généré, postes le
Bonjour,
le rapport SmitFraudFix v2.388
Rapport fait à 10:46:01,80, 10/01/2009
Executé à partir de C:\Documents and Settings\CGaulard\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\VISION\SQLCLIENT\dbsrv7.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\AddTools\Trend Micro\Client Server Security Agent\ntrtscan.exe
C:\Program Files\INVENTORYCLIENT\client.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
C:\WINDOWS\System32\svchost.exe
C:\AddTools\Trend Micro\Client Server Security Agent\tmlisten.exe
C:\AddTools\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe
C:\Program Files\Funk Software\Proxy Host\ph32svc.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Funk Software\Proxy Host\phtray.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.Exe
C:\AddTools\Trend Micro\Client Server Security Agent\pccntmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Hewlett-Packard\HP Mobile Printing\HPBMOBIL.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\AddTools\Trend Micro\Client Server Security Agent\pccntupd.exe
C:\WINDOWS\TEMP\XYFB50.EXE
C:\AddTools\Trend Micro\Client Server Security Agent\Pop3Trap.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\CGaulard\Bureau\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\CGaulard
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\CGaulard\LOCALS~1\Temp
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\CGaulard\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\CGaulard\Favoris
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» RK
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Broadcom 440x 10/100 Integrated Controller - SecuRemote Miniport
DNS Server Search Order: 212.27.40.240
DNS Server Search Order: 212.27.40.241
Description: VPN-1 SecureClient Adapter - SecuRemote Miniport
DNS Server Search Order: 10.0.142.19
DNS Server Search Order: 10.0.142.97
Description: VPN-1 SecureClient Adapter - SecuRemote Miniport
DNS Server Search Order: 212.27.54.252
DNS Server Search Order: 213.228.0.212
HKLM\SYSTEM\CCS\Services\Tcpip\..\{A55ECA53-A407-4789-9930-3040F9D66EA8}: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CCS\Services\Tcpip\..\{C0A47155-A588-48D5-8339-18B051F7462A}: NameServer=10.0.142.19,10.0.142.97
HKLM\SYSTEM\CCS\Services\Tcpip\..\{C395DEBC-FC83-48F8-B66E-8C05C75A8CAE}: DhcpNameServer=212.27.54.252 213.228.0.212
HKLM\SYSTEM\CS1\Services\Tcpip\..\{A55ECA53-A407-4789-9930-3040F9D66EA8}: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS1\Services\Tcpip\..\{C0A47155-A588-48D5-8339-18B051F7462A}: NameServer=10.0.142.19,10.0.142.97
HKLM\SYSTEM\CS1\Services\Tcpip\..\{C395DEBC-FC83-48F8-B66E-8C05C75A8CAE}: DhcpNameServer=212.27.54.252 213.228.0.212
HKLM\SYSTEM\CS2\Services\Tcpip\..\{A55ECA53-A407-4789-9930-3040F9D66EA8}: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS2\Services\Tcpip\..\{C395DEBC-FC83-48F8-B66E-8C05C75A8CAE}: DhcpNameServer=212.27.54.252 213.228.0.212
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.241 212.27.40.240
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
le rapport SmitFraudFix v2.388
Rapport fait à 10:46:01,80, 10/01/2009
Executé à partir de C:\Documents and Settings\CGaulard\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\VISION\SQLCLIENT\dbsrv7.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\AddTools\Trend Micro\Client Server Security Agent\ntrtscan.exe
C:\Program Files\INVENTORYCLIENT\client.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
C:\WINDOWS\System32\svchost.exe
C:\AddTools\Trend Micro\Client Server Security Agent\tmlisten.exe
C:\AddTools\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe
C:\Program Files\Funk Software\Proxy Host\ph32svc.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Funk Software\Proxy Host\phtray.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.Exe
C:\AddTools\Trend Micro\Client Server Security Agent\pccntmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Hewlett-Packard\HP Mobile Printing\HPBMOBIL.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\AddTools\Trend Micro\Client Server Security Agent\pccntupd.exe
C:\WINDOWS\TEMP\XYFB50.EXE
C:\AddTools\Trend Micro\Client Server Security Agent\Pop3Trap.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\CGaulard\Bureau\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\CGaulard
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\CGaulard\LOCALS~1\Temp
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\CGaulard\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\CGaulard\Favoris
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» RK
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Broadcom 440x 10/100 Integrated Controller - SecuRemote Miniport
DNS Server Search Order: 212.27.40.240
DNS Server Search Order: 212.27.40.241
Description: VPN-1 SecureClient Adapter - SecuRemote Miniport
DNS Server Search Order: 10.0.142.19
DNS Server Search Order: 10.0.142.97
Description: VPN-1 SecureClient Adapter - SecuRemote Miniport
DNS Server Search Order: 212.27.54.252
DNS Server Search Order: 213.228.0.212
HKLM\SYSTEM\CCS\Services\Tcpip\..\{A55ECA53-A407-4789-9930-3040F9D66EA8}: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CCS\Services\Tcpip\..\{C0A47155-A588-48D5-8339-18B051F7462A}: NameServer=10.0.142.19,10.0.142.97
HKLM\SYSTEM\CCS\Services\Tcpip\..\{C395DEBC-FC83-48F8-B66E-8C05C75A8CAE}: DhcpNameServer=212.27.54.252 213.228.0.212
HKLM\SYSTEM\CS1\Services\Tcpip\..\{A55ECA53-A407-4789-9930-3040F9D66EA8}: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS1\Services\Tcpip\..\{C0A47155-A588-48D5-8339-18B051F7462A}: NameServer=10.0.142.19,10.0.142.97
HKLM\SYSTEM\CS1\Services\Tcpip\..\{C395DEBC-FC83-48F8-B66E-8C05C75A8CAE}: DhcpNameServer=212.27.54.252 213.228.0.212
HKLM\SYSTEM\CS2\Services\Tcpip\..\{A55ECA53-A407-4789-9930-3040F9D66EA8}: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS2\Services\Tcpip\..\{C395DEBC-FC83-48F8-B66E-8C05C75A8CAE}: DhcpNameServer=212.27.54.252 213.228.0.212
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.241 212.27.40.240
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
