Infection par spygoldun
cancun123
-
sperdu Messages postés 33 Statut Membre -
sperdu Messages postés 33 Statut Membre -
Bonjour,
J'ai un souci avec le troyen spygoldun.
J'ai scanné en suivant la procédure indiquée sur le site avec Hijackthis.
Voici le résultat. Qu'en pensez-vous ? Je suis nulle en informatique.
Merci de votre réponse.
cancun123
Logfile of HijackThis v1.99.1
Scan saved at 10:47:36, on 10/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\carpserv.exe
C:\PROGRA~1\WANADOO\CnxMon.exe
C:\PROGRA~1\MESSAG~1\StartMessager.exe
C:\PROGRA~1\WANADOO\TaskbarIcon.exe
C:\Program Files\Larousse\Petit Larousse 2003\bin\HiPL2002popup.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Real\Update_OB\rnathchk.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Wanadoo\EspaceWanadoo.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\Jeannin\LOCALS~1\Temp\Répertoire temporaire 2 pour hijackthis.zip\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: (no name) - {BF55256A-3B3B-11D2-B05B-000001145917} - (no file)
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\WANADOO\CnxMon.exe
O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo
O4 - HKLM\..\Run: [autoclk] autoclk.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\TaskbarIcon.exe
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [HyperappelPL2003] C:\Program Files\Larousse\Petit Larousse 2003\bin\HiPL2002popup.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: EPSON Status Monitor 3 Environment Check(3).lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/06b72b0ffa820c60f617/netzip/RdxIE601_fr.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O17 - HKLM\System\CCS\Services\Tcpip\..\{3BC2408A-5656-46F6-A5EA-32212DFB10F6}: NameServer = 80.10.246.130 80.10.246.3
O17 - HKLM\System\CS1\Services\Tcpip\..\{3BC2408A-5656-46F6-A5EA-32212DFB10F6}: NameServer = 80.10.246.130 80.10.246.3
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
J'ai un souci avec le troyen spygoldun.
J'ai scanné en suivant la procédure indiquée sur le site avec Hijackthis.
Voici le résultat. Qu'en pensez-vous ? Je suis nulle en informatique.
Merci de votre réponse.
cancun123
Logfile of HijackThis v1.99.1
Scan saved at 10:47:36, on 10/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\carpserv.exe
C:\PROGRA~1\WANADOO\CnxMon.exe
C:\PROGRA~1\MESSAG~1\StartMessager.exe
C:\PROGRA~1\WANADOO\TaskbarIcon.exe
C:\Program Files\Larousse\Petit Larousse 2003\bin\HiPL2002popup.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Real\Update_OB\rnathchk.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Wanadoo\EspaceWanadoo.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\Jeannin\LOCALS~1\Temp\Répertoire temporaire 2 pour hijackthis.zip\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: (no name) - {BF55256A-3B3B-11D2-B05B-000001145917} - (no file)
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\WANADOO\CnxMon.exe
O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo
O4 - HKLM\..\Run: [autoclk] autoclk.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\TaskbarIcon.exe
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [HyperappelPL2003] C:\Program Files\Larousse\Petit Larousse 2003\bin\HiPL2002popup.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: EPSON Status Monitor 3 Environment Check(3).lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/06b72b0ffa820c60f617/netzip/RdxIE601_fr.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O17 - HKLM\System\CCS\Services\Tcpip\..\{3BC2408A-5656-46F6-A5EA-32212DFB10F6}: NameServer = 80.10.246.130 80.10.246.3
O17 - HKLM\System\CS1\Services\Tcpip\..\{3BC2408A-5656-46F6-A5EA-32212DFB10F6}: NameServer = 80.10.246.130 80.10.246.3
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
A voir également:
- Infection par spygoldun
- Infection par smidfaufix ! ✓ - Forum Virus
- L'ordinateur de simon a été infecté par un virus répertorié récemment - Forum Jeux vidéo
- Infection - Forum Virus
- L'ordinateur d'arthur a été infecté par un virus répertorié récemment ✓ - Forum Virus
- Possible infection par PnkBstrA.exe ✓ - Forum Virus
5 réponses
bonjour
telecharge et execute ces antispywares ( pense a les mettre a jour avant de les lancées)
(1) ad-aware version 1.06
(ici) http://www.florensac-chasse-trap.com/ section virus/logiciel de securite
voir demo
http://pageperso.aol.fr/balltrap34/adwseflash.zip
***
(2) spybot version 1.4
(ici) http://www.florensac-chasse-trap.com/ section virus/logiciel de securite
voir demo d utilisation
http://pageperso.aol.fr/Balltrap34/demo%20spybot.htm
***
ps : un grand merci a balltrap pour les lien :)
(3) AVG anti spyware
https://www.01net.com/telecharger/
Copier/coller le rapport entier sur le forum. (n'oublie pas de le mettre a jour avant de lancer le scan)
NB suis les instruction du tutoriel
http://www.malekal.com/tutorial_AVG_AntiSpyware.html
http://www.kachouri.com/tuto/tuto-161-avg-anti-spyware-75-pour-votre-securite.html
(4)SmitfraudFix
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Exécute le, Double click sur Smitfraudfix.cmd choisit l’option 1, il va générer un rapport
Clik send et colle le rapport stp Copie/colle le sur le poste stp.
supprime les fichiers inutiles (fichiers temporaire , cookies .. ect avec ceci
Ccleaner
https://www.malekal.com/tutoriel-ccleaner/
a+++
telecharge et execute ces antispywares ( pense a les mettre a jour avant de les lancées)
(1) ad-aware version 1.06
(ici) http://www.florensac-chasse-trap.com/ section virus/logiciel de securite
voir demo
http://pageperso.aol.fr/balltrap34/adwseflash.zip
***
(2) spybot version 1.4
(ici) http://www.florensac-chasse-trap.com/ section virus/logiciel de securite
voir demo d utilisation
http://pageperso.aol.fr/Balltrap34/demo%20spybot.htm
***
ps : un grand merci a balltrap pour les lien :)
(3) AVG anti spyware
https://www.01net.com/telecharger/
Copier/coller le rapport entier sur le forum. (n'oublie pas de le mettre a jour avant de lancer le scan)
NB suis les instruction du tutoriel
http://www.malekal.com/tutorial_AVG_AntiSpyware.html
http://www.kachouri.com/tuto/tuto-161-avg-anti-spyware-75-pour-votre-securite.html
(4)SmitfraudFix
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Exécute le, Double click sur Smitfraudfix.cmd choisit l’option 1, il va générer un rapport
Clik send et colle le rapport stp Copie/colle le sur le poste stp.
supprime les fichiers inutiles (fichiers temporaire , cookies .. ect avec ceci
Ccleaner
https://www.malekal.com/tutoriel-ccleaner/
a+++
Merci beaucoup pour ta réponse !!!
Désolé de mettre une semaine pour répondre (emploi du temps chargé).///
Voici les rapports, sachant que SmitfraudFix ne s'exécute pas sur ma machine.
Le reste : AVGAS, SPYBOT, ADAWARE, CLEANER ont été téléchargés et exécutés comme selon tes conseils.
Petite info probablement importante : tous les problèmes ont commencé à partir du moment où WINDOWS m'a informé que je n'avais pas de version légale...ce qui est vrai. Le message "vous êtes exposé à des risques" ou à peu près "version illégale" s'affiche dès le démarrage de la machine depuis le mois de juin 06 - PC et logiciel acquis en 2003 - après un téléchargement de MAJ de WINDOWS.
Dois-je me procurer une version officielle pour cesser d'être la cible de troyens, virus, etc. ? J'ai antivir comme antivirus, + Zone alarm, peut-êre devrais-je passer à AVAST ?
Merci encore pour tous tes conseils super précieux, quand on est nul en informatique.
Bonne journée
Cancun123
Ad-Aware SE Build 1.06r1
Logfile Created on:samedi 16 décembre 2006 11:29:41
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R139 12.12.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):19 total references
Windows(TAC index:3):1 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
16-12-2006 11:29:41 - Scan started. (Smart mode)
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 4076
ThreadCreationTime : 16-12-2006 10:22:30
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Windows Object Recognized!
Type : RegData
Data : "%1" %*
TAC Rating : 3
Category : Vulnerability
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : scrfile\shell\open\command
Value :
Data : "%1" %*
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 1
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1
Deep scanning and examining files...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1
Disk Scan Result for C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1
Disk Scan Result for C:\DOCUME~1\Jeannin\LOCALS~1\Temp\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X
MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw
MRU List Object Recognized!
Location: : S-1-5-21-299502267-220523388-839522115-1003\software\microsoft\mediaplayer\medialibraryui
Description : last selected node in the microsoft windows media player media library
MRU List Object Recognized!
Location: : S-1-5-21-299502267-220523388-839522115-1003\software\microsoft\mediaplayer\player\settings
Description : last open directory used in jasc paint shop pro
MRU List Object Recognized!
Location: : S-1-5-21-299502267-220523388-839522115-1003\software\microsoft\mediaplayer\preferences
Description : last cd record path used in microsoft windows media player
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player
MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player
MRU List Object Recognized!
Location: : S-1-5-21-299502267-220523388-839522115-1003\software\microsoft\office\10.0\common\general
Description : list of recently used symbols in microsoft office
MRU List Object Recognized!
Location: : S-1-5-21-299502267-220523388-839522115-1003\software\microsoft\office\9.0\excel\recent files
Description : list of recent files used by microsoft excel
MRU List Object Recognized!
Location: : S-1-5-21-299502267-220523388-839522115-1003\software\microsoft\office\9.0\powerpoint\recent file list
Description : list of recent files used by microsoft powerpoint
MRU List Object Recognized!
Location: : S-1-5-21-299502267-220523388-839522115-1003\software\microsoft\office\9.0\powerpoint\recent typeface list
Description : list of recently used typefaces in microsoft powerpoint
MRU List Object Recognized!
Location: : S-1-5-21-299502267-220523388-839522115-1003\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened
MRU List Object Recognized!
Location: : S-1-5-21-299502267-220523388-839522115-1003\software\realnetworks\realplayer\6.0\preferences
Description : list of recent skins in realplayer
MRU List Object Recognized!
Location: : S-1-5-21-299502267-220523388-839522115-1003\software\realnetworks\realplayer\6.0\preferences
Description : list of recent clips in realplayer
MRU List Object Recognized!
Location: : S-1-5-21-299502267-220523388-839522115-1003\software\realnetworks\realplayer\6.0\preferences
Description : last login time in realplayer
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general
Description : windows media sdk
MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general
Description : windows media sdk
MRU List Object Recognized!
Location: : S-1-5-21-299502267-220523388-839522115-1003\software\microsoft\windows media\wmsdk\general
Description : windows media sdk
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 20
11:30:02 Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:00:20.500
Objects scanned:83254
Objects identified:1
Objects ignored:0
New critical objects:1
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 12:12:18 16/12/2006
+ Résultat de l'analyse:
HKLM\SOFTWARE\Classes\AppID\Altnet Signing Module.EXE -> Adware.Altnet : Ignoré.
HKLM\SOFTWARE\Classes\AppID\adm.EXE -> Adware.Altnet : Ignoré.
HKLM\SOFTWARE\PerfectNav -> Adware.KeenValue : Ignoré.
C:\Program Files\SE -> Adware.WindowEnhancer : Ignoré.
C:\Program Files\SE\Adi_Rmv.exe -> Adware.WindowEnhancer : Ignoré.
C:\Program Files\SE\Adiout.bat -> Adware.WindowEnhancer : Ignoré.
C:\Program Files\SE\Adiout.pif -> Adware.WindowEnhancer : Ignoré.
C:\Program Files\SE\Props16.dll -> Adware.WindowEnhancer : Ignoré.
C:\Program Files\SE\adminchk.dll -> Adware.WindowEnhancer : Ignoré.
C:\Program Files\SE\props32.dll -> Adware.WindowEnhancer : Ignoré.
C:\Program Files\SE\smwdm.inf -> Adware.WindowEnhancer : Ignoré.
C:\Program Files\SE\smwdm.sys -> Adware.WindowEnhancer : Ignoré.
C:\Program Files\SE\smx.cat -> Adware.WindowEnhancer : Ignoré.
:mozilla.10:C:\Documents and Settings\Jeannin\Application Data\Mozilla\Firefox\Profiles\npogqyma.default\cookies.txt -> TrackingCookie.247realmedia : Ignoré.
:mozilla.11:C:\Documents and Settings\Jeannin\Application Data\Mozilla\Firefox\Profiles\npogqyma.default\cookies.txt -> TrackingCookie.247realmedia : Ignoré.
:mozilla.12:C:\Documents and Settings\Jeannin\Application Data\Mozilla\Firefox\Profiles\npogqyma.default\cookies.txt -> TrackingCookie.247realmedia : Ignoré.
:mozilla.13:C:\Documents and Settings\Jeannin\Application Data\Mozilla\Firefox\Profiles\npogqyma.default\cookies.txt -> TrackingCookie.247realmedia : Ignoré.
:mozilla.14:C:\Documents and Settings\Jeannin\Application Data\Mozilla\Firefox\Profiles\npogqyma.default\cookies.txt -> TrackingCookie.247realmedia : Ignoré.
:mozilla.7:C:\Documents and Settings\Jeannin\Application Data\Mozilla\Firefox\Profiles\npogqyma.default\cookies.txt -> TrackingCookie.247realmedia : Ignoré.
:mozilla.8:C:\Documents and Settings\Jeannin\Application Data\Mozilla\Firefox\Profiles\npogqyma.default\cookies.txt -> TrackingCookie.247realmedia : Ignoré.
:mozilla.9:C:\Documents and Settings\Jeannin\Application Data\Mozilla\Firefox\Profiles\npogqyma.default\cookies.txt -> TrackingCookie.247realmedia : Ignoré.
:mozilla.59:C:\Documents and Settings\Jeannin\Application Data\Mozilla\Firefox\Profiles\npogqyma.default\cookies.txt -> TrackingCookie.2o7 : Ignoré.
:mozilla.70:C:\Documents and Settings\Jeannin\Application Data\Mozilla\Firefox\Profiles\npogqyma.default\cookies.txt -> TrackingCookie.2o7 : Ignoré.
:mozilla.42:C:\Documents and Settings\Jeannin\Application Data\Mozilla\Firefox\Profiles\npogqyma.default\cookies.txt -> TrackingCookie.Adtech : Ignoré.
:mozilla.43:C:\Documents and Settings\Jeannin\Application Data\Mozilla\Firefox\Profiles\npogqyma.default\cookies.txt -> TrackingCookie.Adtech : Ignoré.
:mozilla.46:C:\Documents and Settings\Jeannin\Application Data\Mozilla\Firefox\Profiles\npogqyma.default\cookies.txt -> TrackingCookie.Advertising : Ignoré.
:mozilla.47:C:\Documents and Settings\Jeannin\Application Data\Mozilla\Firefox\Profiles\npogqyma.default\cookies.txt -> TrackingCookie.Advertising : Ignoré.
:mozilla.48:C:\Documents and Settings\Jeannin\Application Data\Mozilla\Firefox\Profiles\npogqyma.default\cookies.txt -> TrackingCookie.Advertising : Ignoré.
:mozilla.49:C:\Documents and Settings\Jeannin\Application Data\Mozilla\Firefox\Profiles\npogqyma.default\cookies.txt -> TrackingCookie.Advertising : Ignoré.
:mozilla.29:C:\Documents and Settings\Jeannin\Application Data\Mozilla\Firefox\Profiles\npogqyma.default\cookies.txt -> TrackingCookie.Atdmt : Ignoré.
:mozilla.17:C:\Documents and Settings\Jeannin\Application Data\Mozilla\Firefox\Profiles\npogqyma.default\cookies.txt -> TrackingCookie.Bluestreak : Ignoré.
:mozilla.16:C:\Documents and Settings\Jeannin\Application Data\Mozilla\Firefox\Profiles\npogqyma.default\cookies.txt -> TrackingCookie.Doubleclick : Ignoré.
:mozilla.30:C:\Documents and Settings\Jeannin\Application Data\Mozilla\Firefox\Profiles\npogqyma.default\cookies.txt -> TrackingCookie.Mediaplex : Ignoré.
:mozilla.55:C:\Documents and Settings\Jeannin\Application Data\Mozilla\Firefox\Profiles\npogqyma.default\cookies.txt -> TrackingCookie.Overture : Ignoré.
:mozilla.26:C:\Documents and Settings\Jeannin\Application Data\Mozilla\Firefox\Profiles\npogqyma.default\cookies.txt -> TrackingCookie.Smartadserver : Ignoré.
:mozilla.27:C:\Documents and Settings\Jeannin\Application Data\Mozilla\Firefox\Profiles\npogqyma.default\cookies.txt -> TrackingCookie.Smartadserver : Ignoré.
:mozilla.28:C:\Documents and Settings\Jeannin\Application Data\Mozilla\Firefox\Profiles\npogqyma.default\cookies.txt -> TrackingCookie.Smartadserver : Ignoré.
:mozilla.39:C:\Documents and Settings\Jeannin\Application Data\Mozilla\Firefox\Profiles\npogqyma.default\cookies.txt -> TrackingCookie.Tradedoubler : Ignoré.
:mozilla.24:C:\Documents and Settings\Jeannin\Application Data\Mozilla\Firefox\Profiles\npogqyma.default\cookies.txt -> TrackingCookie.Weborama : Ignoré.
:mozilla.25:C:\Documents and Settings\Jeannin\Application Data\Mozilla\Firefox\Profiles\npogqyma.default\cookies.txt -> TrackingCookie.Weborama : Ignoré.
:mozilla.60:C:\Documents and Settings\Jeannin\Application Data\Mozilla\Firefox\Profiles\npogqyma.default\cookies.txt -> TrackingCookie.Zedo : Ignoré.
:mozilla.61:C:\Documents and Settings\Jeannin\Application Data\Mozilla\Firefox\Profiles\npogqyma.default\cookies.txt -> TrackingCookie.Zedo : Ignoré.
:mozilla.62:C:\Documents and Settings\Jeannin\Application Data\Mozilla\Firefox\Profiles\npogqyma.default\cookies.txt -> TrackingCookie.Zedo : Ignoré.
Fin du rapport
Désolé de mettre une semaine pour répondre (emploi du temps chargé).///
Voici les rapports, sachant que SmitfraudFix ne s'exécute pas sur ma machine.
Le reste : AVGAS, SPYBOT, ADAWARE, CLEANER ont été téléchargés et exécutés comme selon tes conseils.
Petite info probablement importante : tous les problèmes ont commencé à partir du moment où WINDOWS m'a informé que je n'avais pas de version légale...ce qui est vrai. Le message "vous êtes exposé à des risques" ou à peu près "version illégale" s'affiche dès le démarrage de la machine depuis le mois de juin 06 - PC et logiciel acquis en 2003 - après un téléchargement de MAJ de WINDOWS.
Dois-je me procurer une version officielle pour cesser d'être la cible de troyens, virus, etc. ? J'ai antivir comme antivirus, + Zone alarm, peut-êre devrais-je passer à AVAST ?
Merci encore pour tous tes conseils super précieux, quand on est nul en informatique.
Bonne journée
Cancun123
Ad-Aware SE Build 1.06r1
Logfile Created on:samedi 16 décembre 2006 11:29:41
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R139 12.12.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):19 total references
Windows(TAC index:3):1 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
16-12-2006 11:29:41 - Scan started. (Smart mode)
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 4076
ThreadCreationTime : 16-12-2006 10:22:30
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Windows Object Recognized!
Type : RegData
Data : "%1" %*
TAC Rating : 3
Category : Vulnerability
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : scrfile\shell\open\command
Value :
Data : "%1" %*
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 1
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1
Deep scanning and examining files...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1
Disk Scan Result for C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1
Disk Scan Result for C:\DOCUME~1\Jeannin\LOCALS~1\Temp\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X
MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw
MRU List Object Recognized!
Location: : S-1-5-21-299502267-220523388-839522115-1003\software\microsoft\mediaplayer\medialibraryui
Description : last selected node in the microsoft windows media player media library
MRU List Object Recognized!
Location: : S-1-5-21-299502267-220523388-839522115-1003\software\microsoft\mediaplayer\player\settings
Description : last open directory used in jasc paint shop pro
MRU List Object Recognized!
Location: : S-1-5-21-299502267-220523388-839522115-1003\software\microsoft\mediaplayer\preferences
Description : last cd record path used in microsoft windows media player
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player
MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player
MRU List Object Recognized!
Location: : S-1-5-21-299502267-220523388-839522115-1003\software\microsoft\office\10.0\common\general
Description : list of recently used symbols in microsoft office
MRU List Object Recognized!
Location: : S-1-5-21-299502267-220523388-839522115-1003\software\microsoft\office\9.0\excel\recent files
Description : list of recent files used by microsoft excel
MRU List Object Recognized!
Location: : S-1-5-21-299502267-220523388-839522115-1003\software\microsoft\office\9.0\powerpoint\recent file list
Description : list of recent files used by microsoft powerpoint
MRU List Object Recognized!
Location: : S-1-5-21-299502267-220523388-839522115-1003\software\microsoft\office\9.0\powerpoint\recent typeface list
Description : list of recently used typefaces in microsoft powerpoint
MRU List Object Recognized!
Location: : S-1-5-21-299502267-220523388-839522115-1003\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened
MRU List Object Recognized!
Location: : S-1-5-21-299502267-220523388-839522115-1003\software\realnetworks\realplayer\6.0\preferences
Description : list of recent skins in realplayer
MRU List Object Recognized!
Location: : S-1-5-21-299502267-220523388-839522115-1003\software\realnetworks\realplayer\6.0\preferences
Description : list of recent clips in realplayer
MRU List Object Recognized!
Location: : S-1-5-21-299502267-220523388-839522115-1003\software\realnetworks\realplayer\6.0\preferences
Description : last login time in realplayer
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general
Description : windows media sdk
MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general
Description : windows media sdk
MRU List Object Recognized!
Location: : S-1-5-21-299502267-220523388-839522115-1003\software\microsoft\windows media\wmsdk\general
Description : windows media sdk
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 20
11:30:02 Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:00:20.500
Objects scanned:83254
Objects identified:1
Objects ignored:0
New critical objects:1
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 12:12:18 16/12/2006
+ Résultat de l'analyse:
HKLM\SOFTWARE\Classes\AppID\Altnet Signing Module.EXE -> Adware.Altnet : Ignoré.
HKLM\SOFTWARE\Classes\AppID\adm.EXE -> Adware.Altnet : Ignoré.
HKLM\SOFTWARE\PerfectNav -> Adware.KeenValue : Ignoré.
C:\Program Files\SE -> Adware.WindowEnhancer : Ignoré.
C:\Program Files\SE\Adi_Rmv.exe -> Adware.WindowEnhancer : Ignoré.
C:\Program Files\SE\Adiout.bat -> Adware.WindowEnhancer : Ignoré.
C:\Program Files\SE\Adiout.pif -> Adware.WindowEnhancer : Ignoré.
C:\Program Files\SE\Props16.dll -> Adware.WindowEnhancer : Ignoré.
C:\Program Files\SE\adminchk.dll -> Adware.WindowEnhancer : Ignoré.
C:\Program Files\SE\props32.dll -> Adware.WindowEnhancer : Ignoré.
C:\Program Files\SE\smwdm.inf -> Adware.WindowEnhancer : Ignoré.
C:\Program Files\SE\smwdm.sys -> Adware.WindowEnhancer : Ignoré.
C:\Program Files\SE\smx.cat -> Adware.WindowEnhancer : Ignoré.
:mozilla.10:C:\Documents and Settings\Jeannin\Application Data\Mozilla\Firefox\Profiles\npogqyma.default\cookies.txt -> TrackingCookie.247realmedia : Ignoré.
:mozilla.11:C:\Documents and Settings\Jeannin\Application Data\Mozilla\Firefox\Profiles\npogqyma.default\cookies.txt -> TrackingCookie.247realmedia : Ignoré.
:mozilla.12:C:\Documents and Settings\Jeannin\Application Data\Mozilla\Firefox\Profiles\npogqyma.default\cookies.txt -> TrackingCookie.247realmedia : Ignoré.
:mozilla.13:C:\Documents and Settings\Jeannin\Application Data\Mozilla\Firefox\Profiles\npogqyma.default\cookies.txt -> TrackingCookie.247realmedia : Ignoré.
:mozilla.14:C:\Documents and Settings\Jeannin\Application Data\Mozilla\Firefox\Profiles\npogqyma.default\cookies.txt -> TrackingCookie.247realmedia : Ignoré.
:mozilla.7:C:\Documents and Settings\Jeannin\Application Data\Mozilla\Firefox\Profiles\npogqyma.default\cookies.txt -> TrackingCookie.247realmedia : Ignoré.
:mozilla.8:C:\Documents and Settings\Jeannin\Application Data\Mozilla\Firefox\Profiles\npogqyma.default\cookies.txt -> TrackingCookie.247realmedia : Ignoré.
:mozilla.9:C:\Documents and Settings\Jeannin\Application Data\Mozilla\Firefox\Profiles\npogqyma.default\cookies.txt -> TrackingCookie.247realmedia : Ignoré.
:mozilla.59:C:\Documents and Settings\Jeannin\Application Data\Mozilla\Firefox\Profiles\npogqyma.default\cookies.txt -> TrackingCookie.2o7 : Ignoré.
:mozilla.70:C:\Documents and Settings\Jeannin\Application Data\Mozilla\Firefox\Profiles\npogqyma.default\cookies.txt -> TrackingCookie.2o7 : Ignoré.
:mozilla.42:C:\Documents and Settings\Jeannin\Application Data\Mozilla\Firefox\Profiles\npogqyma.default\cookies.txt -> TrackingCookie.Adtech : Ignoré.
:mozilla.43:C:\Documents and Settings\Jeannin\Application Data\Mozilla\Firefox\Profiles\npogqyma.default\cookies.txt -> TrackingCookie.Adtech : Ignoré.
:mozilla.46:C:\Documents and Settings\Jeannin\Application Data\Mozilla\Firefox\Profiles\npogqyma.default\cookies.txt -> TrackingCookie.Advertising : Ignoré.
:mozilla.47:C:\Documents and Settings\Jeannin\Application Data\Mozilla\Firefox\Profiles\npogqyma.default\cookies.txt -> TrackingCookie.Advertising : Ignoré.
:mozilla.48:C:\Documents and Settings\Jeannin\Application Data\Mozilla\Firefox\Profiles\npogqyma.default\cookies.txt -> TrackingCookie.Advertising : Ignoré.
:mozilla.49:C:\Documents and Settings\Jeannin\Application Data\Mozilla\Firefox\Profiles\npogqyma.default\cookies.txt -> TrackingCookie.Advertising : Ignoré.
:mozilla.29:C:\Documents and Settings\Jeannin\Application Data\Mozilla\Firefox\Profiles\npogqyma.default\cookies.txt -> TrackingCookie.Atdmt : Ignoré.
:mozilla.17:C:\Documents and Settings\Jeannin\Application Data\Mozilla\Firefox\Profiles\npogqyma.default\cookies.txt -> TrackingCookie.Bluestreak : Ignoré.
:mozilla.16:C:\Documents and Settings\Jeannin\Application Data\Mozilla\Firefox\Profiles\npogqyma.default\cookies.txt -> TrackingCookie.Doubleclick : Ignoré.
:mozilla.30:C:\Documents and Settings\Jeannin\Application Data\Mozilla\Firefox\Profiles\npogqyma.default\cookies.txt -> TrackingCookie.Mediaplex : Ignoré.
:mozilla.55:C:\Documents and Settings\Jeannin\Application Data\Mozilla\Firefox\Profiles\npogqyma.default\cookies.txt -> TrackingCookie.Overture : Ignoré.
:mozilla.26:C:\Documents and Settings\Jeannin\Application Data\Mozilla\Firefox\Profiles\npogqyma.default\cookies.txt -> TrackingCookie.Smartadserver : Ignoré.
:mozilla.27:C:\Documents and Settings\Jeannin\Application Data\Mozilla\Firefox\Profiles\npogqyma.default\cookies.txt -> TrackingCookie.Smartadserver : Ignoré.
:mozilla.28:C:\Documents and Settings\Jeannin\Application Data\Mozilla\Firefox\Profiles\npogqyma.default\cookies.txt -> TrackingCookie.Smartadserver : Ignoré.
:mozilla.39:C:\Documents and Settings\Jeannin\Application Data\Mozilla\Firefox\Profiles\npogqyma.default\cookies.txt -> TrackingCookie.Tradedoubler : Ignoré.
:mozilla.24:C:\Documents and Settings\Jeannin\Application Data\Mozilla\Firefox\Profiles\npogqyma.default\cookies.txt -> TrackingCookie.Weborama : Ignoré.
:mozilla.25:C:\Documents and Settings\Jeannin\Application Data\Mozilla\Firefox\Profiles\npogqyma.default\cookies.txt -> TrackingCookie.Weborama : Ignoré.
:mozilla.60:C:\Documents and Settings\Jeannin\Application Data\Mozilla\Firefox\Profiles\npogqyma.default\cookies.txt -> TrackingCookie.Zedo : Ignoré.
:mozilla.61:C:\Documents and Settings\Jeannin\Application Data\Mozilla\Firefox\Profiles\npogqyma.default\cookies.txt -> TrackingCookie.Zedo : Ignoré.
:mozilla.62:C:\Documents and Settings\Jeannin\Application Data\Mozilla\Firefox\Profiles\npogqyma.default\cookies.txt -> TrackingCookie.Zedo : Ignoré.
Fin du rapport
bonjour pas grave pour le retard :p
alors concernant avg antispyware pour supprimer ce qu'il a trouver fait comme suit
Relance AVG AS puis choisis l'onglet "Analyse"
Puis l'onglet "Paramètres"
Sous la question "Comment réagir ?", clique sur "Actions recommandées" et choisis "Quarantaine" ou "supprimer"
/!\ Si un fichier est infecté en fin d'analyse /!\
Clique sur "Appliquer toutes les actions "
Clique sur "Enregistrer le rapport" puis sur "Enregistrer le rapport sous"
Enregistre ce fichier texte sur ton bureau et colle le raport ici :)
concernant windows oui il serai preferable d'aquerrir la version original car avec la version que tu as . tu ne poura jamais effectuer de nouvelle mise ajour . je vois que tu as le sp2 ce qui est deja une bonne protection mais a l'avenir si une nouvelle mise a jour ce presente tu poura pas l'installé
sinon apart ca esque ton Antivirus te detecte toujour le trojan?
a+++
alors concernant avg antispyware pour supprimer ce qu'il a trouver fait comme suit
Relance AVG AS puis choisis l'onglet "Analyse"
Puis l'onglet "Paramètres"
Sous la question "Comment réagir ?", clique sur "Actions recommandées" et choisis "Quarantaine" ou "supprimer"
/!\ Si un fichier est infecté en fin d'analyse /!\
Clique sur "Appliquer toutes les actions "
Clique sur "Enregistrer le rapport" puis sur "Enregistrer le rapport sous"
Enregistre ce fichier texte sur ton bureau et colle le raport ici :)
concernant windows oui il serai preferable d'aquerrir la version original car avec la version que tu as . tu ne poura jamais effectuer de nouvelle mise ajour . je vois que tu as le sp2 ce qui est deja une bonne protection mais a l'avenir si une nouvelle mise a jour ce presente tu poura pas l'installé
sinon apart ca esque ton Antivirus te detecte toujour le trojan?
a+++
Merci Salwa.
J'ai essayé de t'envoyer le rapport hier soir, mais il semble qu'il y avait des pbs avec le site.
Voici le rapport de l'analyse faite le 17/12.
Qu'en penses-tu ?
Pour la version WINDOWS, oui, je crois qu'il faut faire qqchose...
Merci encore pour tes conseils
Cancun 123
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 21:31:12 17/12/2006
+ Résultat de l'analyse:
HKLM\SOFTWARE\Classes\AppID\Altnet Signing Module.EXE -> Adware.Altnet : Aucune action entreprise.
HKLM\SOFTWARE\Classes\AppID\adm.EXE -> Adware.Altnet : Aucune action entreprise.
HKLM\SOFTWARE\PerfectNav -> Adware.KeenValue : Aucune action entreprise.
C:\Program Files\SE -> Adware.WindowEnhancer : Aucune action entreprise.
C:\Program Files\SE\Adi_Rmv.exe -> Adware.WindowEnhancer : Aucune action entreprise.
C:\Program Files\SE\Adiout.bat -> Adware.WindowEnhancer : Aucune action entreprise.
C:\Program Files\SE\Adiout.pif -> Adware.WindowEnhancer : Aucune action entreprise.
C:\Program Files\SE\Props16.dll -> Adware.WindowEnhancer : Aucune action entreprise.
C:\Program Files\SE\adminchk.dll -> Adware.WindowEnhancer : Aucune action entreprise.
C:\Program Files\SE\props32.dll -> Adware.WindowEnhancer : Aucune action entreprise.
C:\Program Files\SE\smwdm.inf -> Adware.WindowEnhancer : Aucune action entreprise.
C:\Program Files\SE\smwdm.sys -> Adware.WindowEnhancer : Aucune action entreprise.
C:\Program Files\SE\smx.cat -> Adware.WindowEnhancer : Aucune action entreprise.
:mozilla.10:C:\Documents and Settings\Jeannin\Application Data\Mozilla\Firefox\Profiles\npogqyma.default\cookies.txt -> TrackingCookie.247realmedia : Aucune action entreprise.
:mozilla.11:C:\Documents and Settings\Jeannin\Application Data\Mozilla\Firefox\Profiles\npogqyma.default\cookies.txt -> TrackingCookie.247realmedia : Aucune action entreprise.
:mozilla.12:C:\Documents and Settings\Jeannin\Application Data\Mozilla\Firefox\Profiles\npogqyma.default\cookies.txt -> TrackingCookie.247realmedia : Aucune action entreprise.
:mozilla.13:C:\Documents and Settings\Jeannin\Application Data\Mozilla\Firefox\Profiles\npogqyma.default\cookies.txt -> TrackingCookie.247realmedia : Aucune action entreprise.
:mozilla.14:C:\Documents and Settings\Jeannin\Application Data\Mozilla\Firefox\Profiles\npogqyma.default\cookies.txt -> TrackingCookie.247realmedia : Aucune action entreprise.
:mozilla.15:C:\Documents and Settings\Jeannin\Application Data\Mozilla\Firefox\Profiles\npogqyma.default\cookies.txt -> TrackingCookie.247realmedia : Aucune action entreprise.
:mozilla.16:C:\Documents and Settings\Jeannin\Application Data\Mozilla\Firefox\Profiles\npogqyma.default\cookies.txt -> TrackingCookie.247realmedia : Aucune action entreprise.
:mozilla.17:C:\Documents and Settings\Jeannin\Application Data\Mozilla\Firefox\Profiles\npogqyma.default\cookies.txt -> TrackingCookie.247realmedia : Aucune action entreprise.
:mozilla.8:C:\Documents and Settings\Jeannin\Application Data\Mozilla\Firefox\Profiles\npogqyma.default\cookies.txt -> TrackingCookie.247realmedia : Aucune action entreprise.
:mozilla.9:C:\Documents and Settings\Jeannin\Application Data\Mozilla\Firefox\Profiles\npogqyma.default\cookies.txt -> TrackingCookie.247realmedia : Aucune action entreprise.
:mozilla.74:C:\Documents and Settings\Jeannin\Application Data\Mozilla\Firefox\Profiles\npogqyma.default\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.
:mozilla.81:C:\Documents and Settings\Jeannin\Application Data\Mozilla\Firefox\Profiles\npogqyma.default\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.
:mozilla.31:C:\Documents and Settings\Jeannin\Application Data\Mozilla\Firefox\Profiles\npogqyma.default\cookies.txt -> TrackingCookie.Adtech : Aucune action entreprise.
:mozilla.32:C:\Documents and Settings\Jeannin\Application Data\Mozilla\Firefox\Profiles\npogqyma.default\cookies.txt -> TrackingCookie.Adtech : Aucune action entreprise.
:mozilla.33:C:\Documents and Settings\Jeannin\Application Data\Mozilla\Firefox\Profiles\npogqyma.default\cookies.txt -> TrackingCookie.Adtech : Aucune action entreprise.
:mozilla.62:C:\Documents and Settings\Jeannin\Application Data\Mozilla\Firefox\Profiles\npogqyma.default\cookies.txt -> TrackingCookie.Advertising : Aucune action entreprise.
:mozilla.63:C:\Documents and Settings\Jeannin\Application Data\Mozilla\Firefox\Profiles\npogqyma.default\cookies.txt -> TrackingCookie.Advertising : Aucune action entreprise.
:mozilla.64:C:\Documents and Settings\Jeannin\Application Data\Mozilla\Firefox\Profiles\npogqyma.default\cookies.txt -> TrackingCookie.Advertising : Aucune action entreprise.
:mozilla.65:C:\Documents and Settings\Jeannin\Application Data\Mozilla\Firefox\Profiles\npogqyma.default\cookies.txt -> TrackingCookie.Advertising : Aucune action entreprise.
:mozilla.53:C:\Documents and Settings\Jeannin\Application Data\Mozilla\Firefox\Profiles\npogqyma.default\cookies.txt -> TrackingCookie.Atdmt : Aucune action entreprise.
:mozilla.58:C:\Documents and Settings\Jeannin\Application Data\Mozilla\Firefox\Profiles\npogqyma.default\cookies.txt -> TrackingCookie.Bluestreak : Aucune action entreprise.
:mozilla.18:C:\Documents and Settings\Jeannin\Application Data\Mozilla\Firefox\Profiles\npogqyma.default\cookies.txt -> TrackingCookie.Doubleclick : Aucune action entreprise.
:mozilla.89:C:\Documents and Settings\Jeannin\Application Data\Mozilla\Firefox\Profiles\npogqyma.default\cookies.txt -> TrackingCookie.Googleadservices : Aucune action entreprise.
:mozilla.27:C:\Documents and Settings\Jeannin\Application Data\Mozilla\Firefox\Profiles\npogqyma.default\cookies.txt -> TrackingCookie.Mediaplex : Aucune action entreprise.
:mozilla.78:C:\Documents and Settings\Jeannin\Application Data\Mozilla\Firefox\Profiles\npogqyma.default\cookies.txt -> TrackingCookie.Questionmarket : Aucune action entreprise.
:mozilla.79:C:\Documents and Settings\Jeannin\Application Data\Mozilla\Firefox\Profiles\npogqyma.default\cookies.txt -> TrackingCookie.Questionmarket : Aucune action entreprise.
:mozilla.19:C:\Documents and Settings\Jeannin\Application Data\Mozilla\Firefox\Profiles\npogqyma.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
:mozilla.20:C:\Documents and Settings\Jeannin\Application Data\Mozilla\Firefox\Profiles\npogqyma.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
:mozilla.21:C:\Documents and Settings\Jeannin\Application Data\Mozilla\Firefox\Profiles\npogqyma.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
:mozilla.22:C:\Documents and Settings\Jeannin\Application Data\Mozilla\Firefox\Profiles\npogqyma.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
:mozilla.76:C:\Documents and Settings\Jeannin\Application Data\Mozilla\Firefox\Profiles\npogqyma.default\cookies.txt -> TrackingCookie.Tradedoubler : Aucune action entreprise.
:mozilla.77:C:\Documents and Settings\Jeannin\Application Data\Mozilla\Firefox\Profiles\npogqyma.default\cookies.txt -> TrackingCookie.Tradedoubler : Aucune action entreprise.
:mozilla.83:C:\Documents and Settings\Jeannin\Application Data\Mozilla\Firefox\Profiles\npogqyma.default\cookies.txt -> TrackingCookie.Weborama : Aucune action entreprise.
Fin du rapport
ogfile Created on:dimanche 17 décembre 2006 17:40:42
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R139 12.12.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):21 total references
Tracking Cookie(TAC index:3):1 total references
Windows(TAC index:3):1 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
17-12-2006 17:40:42 - Scan started. (Smart mode)
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 552
ThreadCreationTime : 17-12-2006 15:33:04
BasePriority : Normal
#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 632
ThreadCreationTime : 17-12-2006 15:33:08
BasePriority : Normal
#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 656
ThreadCreationTime : 17-12-2006 15:33:08
BasePriority : High
#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 700
ThreadCreationTime : 17-12-2006 15:33:09
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Système d'exploitation Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Applications Services et Contrôleur
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. Tous droits réservés.
OriginalFilename : services.exe
#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 712
ThreadCreationTime : 17-12-2006 15:33:09
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 856
ThreadCreationTime : 17-12-2006 15:33:09
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 924
ThreadCreationTime : 17-12-2006 15:33:10
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 972
ThreadCreationTime : 17-12-2006 15:33:10
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1020
ThreadCreationTime : 17-12-2006 15:33:10
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:10 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1116
ThreadCreationTime : 17-12-2006 15:33:10
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:11 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1352
ThreadCreationTime : 17-12-2006 15:33:11
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
#:12 [aswupdsv.exe]
FilePath : C:\Program Files\Alwil Software\Avast4\
ProcessID : 1484
ThreadCreationTime : 17-12-2006 15:33:11
BasePriority : Normal
#:13 [ashserv.exe]
FilePath : C:\Program Files\Alwil Software\Avast4\
ProcessID : 1496
ThreadCreationTime : 17-12-2006 15:33:12
BasePriority : High
FileVersion : 4, 7, 889, 0
ProductVersion : 4, 7, 0, 0
ProductName : avast! Antivirus
FileDescription : avast! antivirus service
InternalName : aswServ
LegalCopyright : Copyright (c) 2006 ALWIL Software
OriginalFilename : aswServ.exe
#:14 [guard.exe]
FilePath : C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\
ProcessID : 1520
ThreadCreationTime : 17-12-2006 15:33:12
BasePriority : Normal
FileVersion : 7, 5, 0, 47
ProductVersion : 7, 5, 0, 47
ProductName : AVG Anti-Spyware
CompanyName : Anti-Malware Development a.s.
FileDescription : AVG Anti-Spyware guard
InternalName : AVG Anti-Spyware guard
LegalCopyright : Copyright © 2006 Anti-Malware Development a.s.
OriginalFilename : guard.exe
#:15 [nvsvc32.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1584
ThreadCreationTime : 17-12-2006 15:33:12
BasePriority : Normal
FileVersion : 6.14.10.5216
ProductVersion : 6.14.10.5216
ProductName : NVIDIA Driver Helper Service, Version 52.16
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 52.16
InternalName : NVSVC
LegalCopyright : (C) NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe
#:16 [sdhelp.exe]
FilePath : C:\Program Files\Spyware Doctor\
ProcessID : 1616
ThreadCreationTime : 17-12-2006 15:33:13
BasePriority : Normal
FileVersion : 3.6.0.2026
ProductVersion : 3.6
ProductName : Spyware Doctor
CompanyName : PC Tools Research Pty Ltd
#:17 [smagent.exe]
FilePath : C:\Program Files\Analog Devices\SoundMAX\
ProcessID : 1732
ThreadCreationTime : 17-12-2006 15:33:15
BasePriority : Normal
FileVersion : 3, 2, 5, 0
ProductVersion : 3, 2, 5, 0
ProductName : SoundMAX service agent
CompanyName : Analog Devices, Inc.
FileDescription : SoundMAX service agent component
InternalName : SMAgent
LegalCopyright : Copyright © 2002
OriginalFilename : SMAgent.exe
#:18 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 384
ThreadCreationTime : 17-12-2006 15:33:32
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Système d'exploitation Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Explorateur Windows
InternalName : explorer
LegalCopyright : © Microsoft Corporation. Tous droits réservés.
OriginalFilename : EXPLORER.EXE
#:19 [ashmaisv.exe]
FilePath : C:\Program Files\Alwil Software\Avast4\
ProcessID : 416
ThreadCreationTime : 17-12-2006 15:33:33
BasePriority : Normal
#:20 [ashwebsv.exe]
FilePath : C:\Program Files\Alwil Software\Avast4\
ProcessID : 580
ThreadCreationTime : 17-12-2006 15:33:35
BasePriority : Normal
#:21 [wgatray.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 608
ThreadCreationTime : 17-12-2006 15:33:36
BasePriority : Normal
FileVersion : 1.5.0540.0
ProductVersion : 1.5.0540.0
ProductName : Windows Genuine Advantage
CompanyName : Microsoft Corporation
FileDescription : Windows Genuine Advantage Notification
InternalName : WgaNotify
LegalCopyright : © 1995-2006 Microsoft Corporation
OriginalFilename : WgaTray.exe
#:22 [carpserv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 344
ThreadCreationTime : 17-12-2006 15:33:37
BasePriority : Normal
FileVersion : 6.01.05
ProductVersion : 6.01.05
ProductName : Conexant carpserv
CompanyName : Conexant Systems
FileDescription : carpserv
InternalName : carpserv
LegalCopyright : Copyright© Conexant Systems, Inc. 2003
OriginalFilename : carpserv.exe
#:23 [cnxmon.exe]
FilePath : C:\PROGRA~1\WANADOO\
ProcessID : 824
ThreadCreationTime : 17-12-2006 15:33:38
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : Application CnxMon
FileDescription : Application MFC CnxMon
InternalName : CnxMon
LegalCopyright : Copyright (C) 2001
OriginalFilename : CnxMon.EXE
#:24 [startmessager.exe]
FilePath : C:\PROGRA~1\MESSAG~1\
ProcessID : 864
ThreadCreationTime : 17-12-2006 15:33:38
BasePriority : Normal
FileVersion : 3, 1, 0, 10
ProductVersion : 3, 1, 0, 10
ProductName : Demon Messager
CompanyName : France Telecom
FileDescription : StartMessager
InternalName : Demon
OriginalFilename : StartMessager.exe
#:25 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1252
ThreadCreationTime : 17-12-2006 15:33:40
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe
#:26 [taskbaricon.exe]
FilePath : C:\PROGRA~1\WANADOO\
ProcessID : 1792
ThreadCreationTime : 17-12-2006 15:33:42
BasePriority : Normal
FileVersion : 5.6 (2)
ProductVersion : 5.6 (2)
ProductName : Kit de Connexion et de Services
CompanyName : France Télécom R&D
FileDescription : Gestion de l'icône de la barre des tâches
InternalName : TaskBarIcon
LegalCopyright : Copyright (C) France Télécom R&D 1999 - 2003
OriginalFilename : TaskBarIcon.exe
#:27 [hipl2002popup.exe]
FilePath : C:\Program Files\Larousse\Petit Larousse 2003\bin\
ProcessID : 2124
ThreadCreationTime : 17-12-2006 15:33:43
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : HIPL2000Popup Application
FileDescription : HIPL2000Popup MFC Application
InternalName : HIPL2000Popup
LegalCopyright : Copyright (C) 1999
OriginalFilename : HIPL2000Popup.EXE
#:28 [realsched.exe]
FilePath : C:\Program Files\Fichiers communs\Real\Update_OB\
ProcessID : 2148
ThreadCreationTime : 17-12-2006 15:33:43
BasePriority : Normal
FileVersion : 0.1.0.1622
ProductVersion : 0.1.0.1622
ProductName : RealOne Player (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2002
LegalTrademarks : RealAudio(tm) is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe
#:29 [smtray.exe]
FilePath : C:\Program Files\Analog Devices\SoundMAX\
ProcessID : 2156
ThreadCreationTime : 17-12-2006 15:33:43
BasePriority : Normal
FileVersion : 3, 2, 10, 0
ProductVersion : 3, 2, 10, 0
ProductName : SoundMAX Integrated Digital Audio
CompanyName : Analog Devices, Inc.
FileDescription : SoundMAX System Tray
InternalName : SMTray
LegalCopyright : Copyright © 2001 Analog Devices
OriginalFilename : SMTray.exe
#:30 [avgas.exe]
FilePath : C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\
ProcessID : 2196
ThreadCreationTime : 17-12-2006 15:33:45
BasePriority : Normal
FileVersion : 7, 5, 0, 50
ProductVersion : 7, 5, 0, 50
ProductName : AVG Anti-Spyware
CompanyName : Anti-Malware Development a.s.
FileDescription : AVG Anti-Spyware
InternalName : AVG Anti-Spyware
LegalCopyright : Copyright © 2006 Anti-Malware Development a.s.
OriginalFilename : avgas.exe
#:31 [rnathchk.exe]
FilePath : C:\Program Files\Fichiers communs\Real\Update_OB\
ProcessID : 2204
ThreadCreationTime : 17-12-2006 15:33:45
BasePriority : Normal
FileVersion : 7.0.0.1176
ProductVersion : 7.0.0.1176
ProductName : RealOne Player (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks ATH Check App
InternalName : rnathchk
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2002
LegalTrademarks : RealAudio(tm) is a trademark of RealNetworks, Inc.
OriginalFilename : rnathchk.EXE
#:32 [ashdisp.exe]
FilePath : C:\PROGRA~1\ALWILS~1\Avast4\
ProcessID : 2228
ThreadCreationTime : 17-12-2006 15:33:45
BasePriority : Normal
FileVersion : 5, 0, 0, 0
ProductVersion : 5, 0, 0, 0
ProductName : avast! Antivirus
FileDescription : avast! service GUI component
InternalName : aswDisp
LegalCopyright : Copyright (c) 2006 ALWIL Software
OriginalFilename : aswDisp.exe
#:33 [ctfmon.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2244
ThreadCreationTime : 17-12-2006 15:33:46
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE
#:34 [rundll32.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2256
ThreadCreationTime : 17-12-2006 15:33:46
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Système d'exploitation Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Exécuter une DLL en tant qu'application
InternalName : rundll
LegalCopyright : © Microsoft Corporation. Tous droits réservés.
OriginalFilename : RUNDLL.EXE
#:35 [googletoolbarnotifier.exe]
FilePath : C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\
ProcessID : 2288
ThreadCreationTime : 17-12-2006 15:33:47
BasePriority : Normal
FileVersion : 1, 2, 908, 5008
ProductVersion : 1, 2, 908, 5008
ProductName : GoogleToolbarNotifier
CompanyName : Google Inc.
FileDescription : GoogleToolbarNotifier
LegalCopyright : Copyright © 2005-2006
OriginalFilename : GoogleToolbarNotifier.exe
#:36 [swdoctor.exe]
FilePath : C:\Program Files\Spyware Doctor\
ProcessID : 2336
ThreadCreationTime : 17-12-2006 15:33:52
BasePriority : Normal
FileVersion : 4.0.0.2620
ProductVersion : 3.6
ProductName : Spyware Doctor
CompanyName : PC Tools Research Pty Ltd
FileDescription : Spyware Doctor
InternalName : Spyware Doctor
LegalCopyright : Copyright (c) 2005. Distributed by PC Tools Research Pty Ltd
OriginalFilename : swdoctor.exe
#:37 [dslmon.exe]
FilePath : C:\Program Files\SAGEM\SAGEM F@st 800-840\
ProcessID : 2500
ThreadCreationTime : 17-12-2006 15:34:06
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : DSLMON Application
FileDescription : ADIMON MFC Application
InternalName : DSLMON
LegalCopyright : Copyright (C) 2000
OriginalFilename : ADIMON.EXE
#:38 [wuauclt.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2968
ThreadCreationTime : 17-12-2006 15:34:54
BasePriority : Normal
FileVersion : 5.8.0.2469 built by: lab01_n(wmbla)
ProductVersion : 5.8.0.2469
ProductName : Système d'exploitation Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Mises à jour automatiques
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. Tous droits réservés.
OriginalFilename : wuauclt.exe
#:39 [espacewanadoo.exe]
FilePath : C:\Program Files\Wanadoo\
ProcessID : 2848
ThreadCreationTime : 17-12-2006 16:17:20
BasePriority : Normal
FileVersion : 5.6 (213)
ProductVersion : 5.6 (213)
ProductName : Kit de Connexion et de Services
CompanyName : France Télécom R&D
FileDescription : Espace Client
InternalName : EspaceClient
LegalCopyright : Copyright (C) France Télécom R&D 1999-2003
OriginalFilename : EspaceClient.exe
#:40 [comcomp.exe]
FilePath : C:\Program Files\Wanadoo\
ProcessID : 2864
ThreadCreationTime : 17-12-2006 16:17:21
BasePriority : Normal
FileVersion : 5.5 (379)
ProductVersion : 5.5 (379)
ProductName : Kit de Connexion et de Services
CompanyName : France Télécom R&D
FileDescription : Module de communication
InternalName : ComComp
LegalCopyright : Copyright (C) France Télécom R&D 1999- 2002
OriginalFilename : ComComp.exe
#:41 [watch.exe]
FilePath : C:\Program Files\Wanadoo\
ProcessID : 3028
ThreadCreationTime : 17-12-2006 16:17:25
BasePriority : Normal
FileVersion : 5.5 (81)
ProductVersion : 5.5 (81)
ProductName : Kit de Connexion et de Services
CompanyName : France Télécom R&D
FileDescription : Surveillance des modifications
InternalName : Watch
LegalCopyright : Copyright (C) France Télécom R&D 1999-2002
OriginalFilename : Watch.exe
#:42 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 616
ThreadCreationTime : 17-12-2006 16:40:25
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Windows Object Recognized!
Type : RegData
Data : "%1" %*
TAC Rating : 3
Category : Vulnerability
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : scrfile\shell\open\command
Value :
Data : "%1" %*
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 1
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jeannin@ads.addynamix[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:5
Value : Cookie:jeannin@ads.addynamix.com/
Expires : 18-12-2006 17:35:34
LastSync : Hits:5
UseCount : 0
Hits : 5
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 2
Deep scanning and examining files...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 2
Disk Scan Result for C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 2
Disk Scan Result for C:\DOCUME~1\Jeannin\LOCALS~1\Temp\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 2
Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 2
MRU List Object Recognized!
Location: : C:\Documents and Settings\Jeannin\recent
Description : list of recently opened documents
MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw
MRU List Object Recognized!
Location: : S-1-5-21-299502267-220523388-839522115-1003\software\microsoft\mediaplayer\medialibraryui
Description : last selected node in the microsoft windows media player media library
MRU List Object Recognized!
Location: : S-1-5-21-299502267-220523388-839522115-1003\software\microsoft\mediaplayer\player\settings
Description : last open directory used in jasc paint shop pro
MRU List Object Recognized!
Location: : S-1-5-21-299502267-220523388-839522115-1003\software\microsoft\mediaplayer\preferences
Description : last cd record path used in microsoft windows media player
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player
MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player
MRU List Object Recognized!
Location: : S-1-5-19\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player
MRU List Object Recognized!
Location: : S-1-5-20\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player
MRU List Object Recognized!
Location: : S-1-5-21-299502267-220523388-839522115-1003\software\microsoft\office\10.0\common\general
Description : list of recently used symbols in microsoft office
MRU List Object Recognized!
Location: : S-1-5-21-299502267-220523388-839522115-1003\software\microsoft\office\9.0\excel\recent files
Description : list of recent files used by microsoft excel
MRU List Object Recognized!
Location: : S-1-5-21-299502267-220523388-839522115-1003\software\microsoft\office\9.0\powerpoint\recent file list
Description : list of recent files used by microsoft powerpoint
MRU List Object Recognized!
Location: : S-1-5-21-299502267-220523388-839522115-1003\software\microsoft\office\9.0\powerpoint\recent typeface list
Description : list of recently used typefaces in microsoft powerpoint
MRU List Object Recognized!
Location: : S-1-5-21-299502267-220523388-839522115-1003\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant
MRU List Object Recognized!
Location: : S-1-5-21-299502267-220523388-839522115-1003\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened
MRU List Object Recognized!
Location: : S-1-5-21-299502267-220523388-839522115-1003\software\realnetworks\realplayer\6.0\preferences
Description : list of recent skins in realplayer
MRU List Object Recognized!
Location: : S-1-5-21-299502267-220523388-839522115-1003\software\realnetworks\realplayer\6.0\preferences
Description : list of recent clips in realplayer
MRU List Object Recognized!
Location: : S-1-5-21-299502267-220523388-839522115-1003\software\realnetworks\realplayer\6.0\preferences
Description : last login time in realplayer
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general
Description : windows media sdk
MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general
Description : windows media sdk
MRU List Object Recognized!
Location: : S-1-5-21-299502267-220523388-839522115-1003\software\microsoft\windows media\wmsdk\general
Description : windows media sdk
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 23
17:42:23 Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:01:41.484
Objects scanned:88430
Objects identified:2
Objects ignored:0
New critical objects:2
J'ai essayé de t'envoyer le rapport hier soir, mais il semble qu'il y avait des pbs avec le site.
Voici le rapport de l'analyse faite le 17/12.
Qu'en penses-tu ?
Pour la version WINDOWS, oui, je crois qu'il faut faire qqchose...
Merci encore pour tes conseils
Cancun 123
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 21:31:12 17/12/2006
+ Résultat de l'analyse:
HKLM\SOFTWARE\Classes\AppID\Altnet Signing Module.EXE -> Adware.Altnet : Aucune action entreprise.
HKLM\SOFTWARE\Classes\AppID\adm.EXE -> Adware.Altnet : Aucune action entreprise.
HKLM\SOFTWARE\PerfectNav -> Adware.KeenValue : Aucune action entreprise.
C:\Program Files\SE -> Adware.WindowEnhancer : Aucune action entreprise.
C:\Program Files\SE\Adi_Rmv.exe -> Adware.WindowEnhancer : Aucune action entreprise.
C:\Program Files\SE\Adiout.bat -> Adware.WindowEnhancer : Aucune action entreprise.
C:\Program Files\SE\Adiout.pif -> Adware.WindowEnhancer : Aucune action entreprise.
C:\Program Files\SE\Props16.dll -> Adware.WindowEnhancer : Aucune action entreprise.
C:\Program Files\SE\adminchk.dll -> Adware.WindowEnhancer : Aucune action entreprise.
C:\Program Files\SE\props32.dll -> Adware.WindowEnhancer : Aucune action entreprise.
C:\Program Files\SE\smwdm.inf -> Adware.WindowEnhancer : Aucune action entreprise.
C:\Program Files\SE\smwdm.sys -> Adware.WindowEnhancer : Aucune action entreprise.
C:\Program Files\SE\smx.cat -> Adware.WindowEnhancer : Aucune action entreprise.
:mozilla.10:C:\Documents and Settings\Jeannin\Application Data\Mozilla\Firefox\Profiles\npogqyma.default\cookies.txt -> TrackingCookie.247realmedia : Aucune action entreprise.
:mozilla.11:C:\Documents and Settings\Jeannin\Application Data\Mozilla\Firefox\Profiles\npogqyma.default\cookies.txt -> TrackingCookie.247realmedia : Aucune action entreprise.
:mozilla.12:C:\Documents and Settings\Jeannin\Application Data\Mozilla\Firefox\Profiles\npogqyma.default\cookies.txt -> TrackingCookie.247realmedia : Aucune action entreprise.
:mozilla.13:C:\Documents and Settings\Jeannin\Application Data\Mozilla\Firefox\Profiles\npogqyma.default\cookies.txt -> TrackingCookie.247realmedia : Aucune action entreprise.
:mozilla.14:C:\Documents and Settings\Jeannin\Application Data\Mozilla\Firefox\Profiles\npogqyma.default\cookies.txt -> TrackingCookie.247realmedia : Aucune action entreprise.
:mozilla.15:C:\Documents and Settings\Jeannin\Application Data\Mozilla\Firefox\Profiles\npogqyma.default\cookies.txt -> TrackingCookie.247realmedia : Aucune action entreprise.
:mozilla.16:C:\Documents and Settings\Jeannin\Application Data\Mozilla\Firefox\Profiles\npogqyma.default\cookies.txt -> TrackingCookie.247realmedia : Aucune action entreprise.
:mozilla.17:C:\Documents and Settings\Jeannin\Application Data\Mozilla\Firefox\Profiles\npogqyma.default\cookies.txt -> TrackingCookie.247realmedia : Aucune action entreprise.
:mozilla.8:C:\Documents and Settings\Jeannin\Application Data\Mozilla\Firefox\Profiles\npogqyma.default\cookies.txt -> TrackingCookie.247realmedia : Aucune action entreprise.
:mozilla.9:C:\Documents and Settings\Jeannin\Application Data\Mozilla\Firefox\Profiles\npogqyma.default\cookies.txt -> TrackingCookie.247realmedia : Aucune action entreprise.
:mozilla.74:C:\Documents and Settings\Jeannin\Application Data\Mozilla\Firefox\Profiles\npogqyma.default\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.
:mozilla.81:C:\Documents and Settings\Jeannin\Application Data\Mozilla\Firefox\Profiles\npogqyma.default\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.
:mozilla.31:C:\Documents and Settings\Jeannin\Application Data\Mozilla\Firefox\Profiles\npogqyma.default\cookies.txt -> TrackingCookie.Adtech : Aucune action entreprise.
:mozilla.32:C:\Documents and Settings\Jeannin\Application Data\Mozilla\Firefox\Profiles\npogqyma.default\cookies.txt -> TrackingCookie.Adtech : Aucune action entreprise.
:mozilla.33:C:\Documents and Settings\Jeannin\Application Data\Mozilla\Firefox\Profiles\npogqyma.default\cookies.txt -> TrackingCookie.Adtech : Aucune action entreprise.
:mozilla.62:C:\Documents and Settings\Jeannin\Application Data\Mozilla\Firefox\Profiles\npogqyma.default\cookies.txt -> TrackingCookie.Advertising : Aucune action entreprise.
:mozilla.63:C:\Documents and Settings\Jeannin\Application Data\Mozilla\Firefox\Profiles\npogqyma.default\cookies.txt -> TrackingCookie.Advertising : Aucune action entreprise.
:mozilla.64:C:\Documents and Settings\Jeannin\Application Data\Mozilla\Firefox\Profiles\npogqyma.default\cookies.txt -> TrackingCookie.Advertising : Aucune action entreprise.
:mozilla.65:C:\Documents and Settings\Jeannin\Application Data\Mozilla\Firefox\Profiles\npogqyma.default\cookies.txt -> TrackingCookie.Advertising : Aucune action entreprise.
:mozilla.53:C:\Documents and Settings\Jeannin\Application Data\Mozilla\Firefox\Profiles\npogqyma.default\cookies.txt -> TrackingCookie.Atdmt : Aucune action entreprise.
:mozilla.58:C:\Documents and Settings\Jeannin\Application Data\Mozilla\Firefox\Profiles\npogqyma.default\cookies.txt -> TrackingCookie.Bluestreak : Aucune action entreprise.
:mozilla.18:C:\Documents and Settings\Jeannin\Application Data\Mozilla\Firefox\Profiles\npogqyma.default\cookies.txt -> TrackingCookie.Doubleclick : Aucune action entreprise.
:mozilla.89:C:\Documents and Settings\Jeannin\Application Data\Mozilla\Firefox\Profiles\npogqyma.default\cookies.txt -> TrackingCookie.Googleadservices : Aucune action entreprise.
:mozilla.27:C:\Documents and Settings\Jeannin\Application Data\Mozilla\Firefox\Profiles\npogqyma.default\cookies.txt -> TrackingCookie.Mediaplex : Aucune action entreprise.
:mozilla.78:C:\Documents and Settings\Jeannin\Application Data\Mozilla\Firefox\Profiles\npogqyma.default\cookies.txt -> TrackingCookie.Questionmarket : Aucune action entreprise.
:mozilla.79:C:\Documents and Settings\Jeannin\Application Data\Mozilla\Firefox\Profiles\npogqyma.default\cookies.txt -> TrackingCookie.Questionmarket : Aucune action entreprise.
:mozilla.19:C:\Documents and Settings\Jeannin\Application Data\Mozilla\Firefox\Profiles\npogqyma.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
:mozilla.20:C:\Documents and Settings\Jeannin\Application Data\Mozilla\Firefox\Profiles\npogqyma.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
:mozilla.21:C:\Documents and Settings\Jeannin\Application Data\Mozilla\Firefox\Profiles\npogqyma.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
:mozilla.22:C:\Documents and Settings\Jeannin\Application Data\Mozilla\Firefox\Profiles\npogqyma.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
:mozilla.76:C:\Documents and Settings\Jeannin\Application Data\Mozilla\Firefox\Profiles\npogqyma.default\cookies.txt -> TrackingCookie.Tradedoubler : Aucune action entreprise.
:mozilla.77:C:\Documents and Settings\Jeannin\Application Data\Mozilla\Firefox\Profiles\npogqyma.default\cookies.txt -> TrackingCookie.Tradedoubler : Aucune action entreprise.
:mozilla.83:C:\Documents and Settings\Jeannin\Application Data\Mozilla\Firefox\Profiles\npogqyma.default\cookies.txt -> TrackingCookie.Weborama : Aucune action entreprise.
Fin du rapport
ogfile Created on:dimanche 17 décembre 2006 17:40:42
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R139 12.12.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):21 total references
Tracking Cookie(TAC index:3):1 total references
Windows(TAC index:3):1 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
17-12-2006 17:40:42 - Scan started. (Smart mode)
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 552
ThreadCreationTime : 17-12-2006 15:33:04
BasePriority : Normal
#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 632
ThreadCreationTime : 17-12-2006 15:33:08
BasePriority : Normal
#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 656
ThreadCreationTime : 17-12-2006 15:33:08
BasePriority : High
#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 700
ThreadCreationTime : 17-12-2006 15:33:09
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Système d'exploitation Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Applications Services et Contrôleur
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. Tous droits réservés.
OriginalFilename : services.exe
#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 712
ThreadCreationTime : 17-12-2006 15:33:09
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 856
ThreadCreationTime : 17-12-2006 15:33:09
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 924
ThreadCreationTime : 17-12-2006 15:33:10
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 972
ThreadCreationTime : 17-12-2006 15:33:10
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1020
ThreadCreationTime : 17-12-2006 15:33:10
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:10 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1116
ThreadCreationTime : 17-12-2006 15:33:10
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:11 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1352
ThreadCreationTime : 17-12-2006 15:33:11
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
#:12 [aswupdsv.exe]
FilePath : C:\Program Files\Alwil Software\Avast4\
ProcessID : 1484
ThreadCreationTime : 17-12-2006 15:33:11
BasePriority : Normal
#:13 [ashserv.exe]
FilePath : C:\Program Files\Alwil Software\Avast4\
ProcessID : 1496
ThreadCreationTime : 17-12-2006 15:33:12
BasePriority : High
FileVersion : 4, 7, 889, 0
ProductVersion : 4, 7, 0, 0
ProductName : avast! Antivirus
FileDescription : avast! antivirus service
InternalName : aswServ
LegalCopyright : Copyright (c) 2006 ALWIL Software
OriginalFilename : aswServ.exe
#:14 [guard.exe]
FilePath : C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\
ProcessID : 1520
ThreadCreationTime : 17-12-2006 15:33:12
BasePriority : Normal
FileVersion : 7, 5, 0, 47
ProductVersion : 7, 5, 0, 47
ProductName : AVG Anti-Spyware
CompanyName : Anti-Malware Development a.s.
FileDescription : AVG Anti-Spyware guard
InternalName : AVG Anti-Spyware guard
LegalCopyright : Copyright © 2006 Anti-Malware Development a.s.
OriginalFilename : guard.exe
#:15 [nvsvc32.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1584
ThreadCreationTime : 17-12-2006 15:33:12
BasePriority : Normal
FileVersion : 6.14.10.5216
ProductVersion : 6.14.10.5216
ProductName : NVIDIA Driver Helper Service, Version 52.16
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 52.16
InternalName : NVSVC
LegalCopyright : (C) NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe
#:16 [sdhelp.exe]
FilePath : C:\Program Files\Spyware Doctor\
ProcessID : 1616
ThreadCreationTime : 17-12-2006 15:33:13
BasePriority : Normal
FileVersion : 3.6.0.2026
ProductVersion : 3.6
ProductName : Spyware Doctor
CompanyName : PC Tools Research Pty Ltd
#:17 [smagent.exe]
FilePath : C:\Program Files\Analog Devices\SoundMAX\
ProcessID : 1732
ThreadCreationTime : 17-12-2006 15:33:15
BasePriority : Normal
FileVersion : 3, 2, 5, 0
ProductVersion : 3, 2, 5, 0
ProductName : SoundMAX service agent
CompanyName : Analog Devices, Inc.
FileDescription : SoundMAX service agent component
InternalName : SMAgent
LegalCopyright : Copyright © 2002
OriginalFilename : SMAgent.exe
#:18 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 384
ThreadCreationTime : 17-12-2006 15:33:32
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Système d'exploitation Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Explorateur Windows
InternalName : explorer
LegalCopyright : © Microsoft Corporation. Tous droits réservés.
OriginalFilename : EXPLORER.EXE
#:19 [ashmaisv.exe]
FilePath : C:\Program Files\Alwil Software\Avast4\
ProcessID : 416
ThreadCreationTime : 17-12-2006 15:33:33
BasePriority : Normal
#:20 [ashwebsv.exe]
FilePath : C:\Program Files\Alwil Software\Avast4\
ProcessID : 580
ThreadCreationTime : 17-12-2006 15:33:35
BasePriority : Normal
#:21 [wgatray.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 608
ThreadCreationTime : 17-12-2006 15:33:36
BasePriority : Normal
FileVersion : 1.5.0540.0
ProductVersion : 1.5.0540.0
ProductName : Windows Genuine Advantage
CompanyName : Microsoft Corporation
FileDescription : Windows Genuine Advantage Notification
InternalName : WgaNotify
LegalCopyright : © 1995-2006 Microsoft Corporation
OriginalFilename : WgaTray.exe
#:22 [carpserv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 344
ThreadCreationTime : 17-12-2006 15:33:37
BasePriority : Normal
FileVersion : 6.01.05
ProductVersion : 6.01.05
ProductName : Conexant carpserv
CompanyName : Conexant Systems
FileDescription : carpserv
InternalName : carpserv
LegalCopyright : Copyright© Conexant Systems, Inc. 2003
OriginalFilename : carpserv.exe
#:23 [cnxmon.exe]
FilePath : C:\PROGRA~1\WANADOO\
ProcessID : 824
ThreadCreationTime : 17-12-2006 15:33:38
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : Application CnxMon
FileDescription : Application MFC CnxMon
InternalName : CnxMon
LegalCopyright : Copyright (C) 2001
OriginalFilename : CnxMon.EXE
#:24 [startmessager.exe]
FilePath : C:\PROGRA~1\MESSAG~1\
ProcessID : 864
ThreadCreationTime : 17-12-2006 15:33:38
BasePriority : Normal
FileVersion : 3, 1, 0, 10
ProductVersion : 3, 1, 0, 10
ProductName : Demon Messager
CompanyName : France Telecom
FileDescription : StartMessager
InternalName : Demon
OriginalFilename : StartMessager.exe
#:25 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1252
ThreadCreationTime : 17-12-2006 15:33:40
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe
#:26 [taskbaricon.exe]
FilePath : C:\PROGRA~1\WANADOO\
ProcessID : 1792
ThreadCreationTime : 17-12-2006 15:33:42
BasePriority : Normal
FileVersion : 5.6 (2)
ProductVersion : 5.6 (2)
ProductName : Kit de Connexion et de Services
CompanyName : France Télécom R&D
FileDescription : Gestion de l'icône de la barre des tâches
InternalName : TaskBarIcon
LegalCopyright : Copyright (C) France Télécom R&D 1999 - 2003
OriginalFilename : TaskBarIcon.exe
#:27 [hipl2002popup.exe]
FilePath : C:\Program Files\Larousse\Petit Larousse 2003\bin\
ProcessID : 2124
ThreadCreationTime : 17-12-2006 15:33:43
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : HIPL2000Popup Application
FileDescription : HIPL2000Popup MFC Application
InternalName : HIPL2000Popup
LegalCopyright : Copyright (C) 1999
OriginalFilename : HIPL2000Popup.EXE
#:28 [realsched.exe]
FilePath : C:\Program Files\Fichiers communs\Real\Update_OB\
ProcessID : 2148
ThreadCreationTime : 17-12-2006 15:33:43
BasePriority : Normal
FileVersion : 0.1.0.1622
ProductVersion : 0.1.0.1622
ProductName : RealOne Player (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2002
LegalTrademarks : RealAudio(tm) is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe
#:29 [smtray.exe]
FilePath : C:\Program Files\Analog Devices\SoundMAX\
ProcessID : 2156
ThreadCreationTime : 17-12-2006 15:33:43
BasePriority : Normal
FileVersion : 3, 2, 10, 0
ProductVersion : 3, 2, 10, 0
ProductName : SoundMAX Integrated Digital Audio
CompanyName : Analog Devices, Inc.
FileDescription : SoundMAX System Tray
InternalName : SMTray
LegalCopyright : Copyright © 2001 Analog Devices
OriginalFilename : SMTray.exe
#:30 [avgas.exe]
FilePath : C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\
ProcessID : 2196
ThreadCreationTime : 17-12-2006 15:33:45
BasePriority : Normal
FileVersion : 7, 5, 0, 50
ProductVersion : 7, 5, 0, 50
ProductName : AVG Anti-Spyware
CompanyName : Anti-Malware Development a.s.
FileDescription : AVG Anti-Spyware
InternalName : AVG Anti-Spyware
LegalCopyright : Copyright © 2006 Anti-Malware Development a.s.
OriginalFilename : avgas.exe
#:31 [rnathchk.exe]
FilePath : C:\Program Files\Fichiers communs\Real\Update_OB\
ProcessID : 2204
ThreadCreationTime : 17-12-2006 15:33:45
BasePriority : Normal
FileVersion : 7.0.0.1176
ProductVersion : 7.0.0.1176
ProductName : RealOne Player (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks ATH Check App
InternalName : rnathchk
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2002
LegalTrademarks : RealAudio(tm) is a trademark of RealNetworks, Inc.
OriginalFilename : rnathchk.EXE
#:32 [ashdisp.exe]
FilePath : C:\PROGRA~1\ALWILS~1\Avast4\
ProcessID : 2228
ThreadCreationTime : 17-12-2006 15:33:45
BasePriority : Normal
FileVersion : 5, 0, 0, 0
ProductVersion : 5, 0, 0, 0
ProductName : avast! Antivirus
FileDescription : avast! service GUI component
InternalName : aswDisp
LegalCopyright : Copyright (c) 2006 ALWIL Software
OriginalFilename : aswDisp.exe
#:33 [ctfmon.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2244
ThreadCreationTime : 17-12-2006 15:33:46
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE
#:34 [rundll32.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2256
ThreadCreationTime : 17-12-2006 15:33:46
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Système d'exploitation Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Exécuter une DLL en tant qu'application
InternalName : rundll
LegalCopyright : © Microsoft Corporation. Tous droits réservés.
OriginalFilename : RUNDLL.EXE
#:35 [googletoolbarnotifier.exe]
FilePath : C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\
ProcessID : 2288
ThreadCreationTime : 17-12-2006 15:33:47
BasePriority : Normal
FileVersion : 1, 2, 908, 5008
ProductVersion : 1, 2, 908, 5008
ProductName : GoogleToolbarNotifier
CompanyName : Google Inc.
FileDescription : GoogleToolbarNotifier
LegalCopyright : Copyright © 2005-2006
OriginalFilename : GoogleToolbarNotifier.exe
#:36 [swdoctor.exe]
FilePath : C:\Program Files\Spyware Doctor\
ProcessID : 2336
ThreadCreationTime : 17-12-2006 15:33:52
BasePriority : Normal
FileVersion : 4.0.0.2620
ProductVersion : 3.6
ProductName : Spyware Doctor
CompanyName : PC Tools Research Pty Ltd
FileDescription : Spyware Doctor
InternalName : Spyware Doctor
LegalCopyright : Copyright (c) 2005. Distributed by PC Tools Research Pty Ltd
OriginalFilename : swdoctor.exe
#:37 [dslmon.exe]
FilePath : C:\Program Files\SAGEM\SAGEM F@st 800-840\
ProcessID : 2500
ThreadCreationTime : 17-12-2006 15:34:06
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : DSLMON Application
FileDescription : ADIMON MFC Application
InternalName : DSLMON
LegalCopyright : Copyright (C) 2000
OriginalFilename : ADIMON.EXE
#:38 [wuauclt.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2968
ThreadCreationTime : 17-12-2006 15:34:54
BasePriority : Normal
FileVersion : 5.8.0.2469 built by: lab01_n(wmbla)
ProductVersion : 5.8.0.2469
ProductName : Système d'exploitation Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Mises à jour automatiques
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. Tous droits réservés.
OriginalFilename : wuauclt.exe
#:39 [espacewanadoo.exe]
FilePath : C:\Program Files\Wanadoo\
ProcessID : 2848
ThreadCreationTime : 17-12-2006 16:17:20
BasePriority : Normal
FileVersion : 5.6 (213)
ProductVersion : 5.6 (213)
ProductName : Kit de Connexion et de Services
CompanyName : France Télécom R&D
FileDescription : Espace Client
InternalName : EspaceClient
LegalCopyright : Copyright (C) France Télécom R&D 1999-2003
OriginalFilename : EspaceClient.exe
#:40 [comcomp.exe]
FilePath : C:\Program Files\Wanadoo\
ProcessID : 2864
ThreadCreationTime : 17-12-2006 16:17:21
BasePriority : Normal
FileVersion : 5.5 (379)
ProductVersion : 5.5 (379)
ProductName : Kit de Connexion et de Services
CompanyName : France Télécom R&D
FileDescription : Module de communication
InternalName : ComComp
LegalCopyright : Copyright (C) France Télécom R&D 1999- 2002
OriginalFilename : ComComp.exe
#:41 [watch.exe]
FilePath : C:\Program Files\Wanadoo\
ProcessID : 3028
ThreadCreationTime : 17-12-2006 16:17:25
BasePriority : Normal
FileVersion : 5.5 (81)
ProductVersion : 5.5 (81)
ProductName : Kit de Connexion et de Services
CompanyName : France Télécom R&D
FileDescription : Surveillance des modifications
InternalName : Watch
LegalCopyright : Copyright (C) France Télécom R&D 1999-2002
OriginalFilename : Watch.exe
#:42 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 616
ThreadCreationTime : 17-12-2006 16:40:25
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Windows Object Recognized!
Type : RegData
Data : "%1" %*
TAC Rating : 3
Category : Vulnerability
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : scrfile\shell\open\command
Value :
Data : "%1" %*
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 1
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jeannin@ads.addynamix[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:5
Value : Cookie:jeannin@ads.addynamix.com/
Expires : 18-12-2006 17:35:34
LastSync : Hits:5
UseCount : 0
Hits : 5
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 2
Deep scanning and examining files...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 2
Disk Scan Result for C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 2
Disk Scan Result for C:\DOCUME~1\Jeannin\LOCALS~1\Temp\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 2
Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 2
MRU List Object Recognized!
Location: : C:\Documents and Settings\Jeannin\recent
Description : list of recently opened documents
MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw
MRU List Object Recognized!
Location: : S-1-5-21-299502267-220523388-839522115-1003\software\microsoft\mediaplayer\medialibraryui
Description : last selected node in the microsoft windows media player media library
MRU List Object Recognized!
Location: : S-1-5-21-299502267-220523388-839522115-1003\software\microsoft\mediaplayer\player\settings
Description : last open directory used in jasc paint shop pro
MRU List Object Recognized!
Location: : S-1-5-21-299502267-220523388-839522115-1003\software\microsoft\mediaplayer\preferences
Description : last cd record path used in microsoft windows media player
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player
MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player
MRU List Object Recognized!
Location: : S-1-5-19\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player
MRU List Object Recognized!
Location: : S-1-5-20\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player
MRU List Object Recognized!
Location: : S-1-5-21-299502267-220523388-839522115-1003\software\microsoft\office\10.0\common\general
Description : list of recently used symbols in microsoft office
MRU List Object Recognized!
Location: : S-1-5-21-299502267-220523388-839522115-1003\software\microsoft\office\9.0\excel\recent files
Description : list of recent files used by microsoft excel
MRU List Object Recognized!
Location: : S-1-5-21-299502267-220523388-839522115-1003\software\microsoft\office\9.0\powerpoint\recent file list
Description : list of recent files used by microsoft powerpoint
MRU List Object Recognized!
Location: : S-1-5-21-299502267-220523388-839522115-1003\software\microsoft\office\9.0\powerpoint\recent typeface list
Description : list of recently used typefaces in microsoft powerpoint
MRU List Object Recognized!
Location: : S-1-5-21-299502267-220523388-839522115-1003\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant
MRU List Object Recognized!
Location: : S-1-5-21-299502267-220523388-839522115-1003\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened
MRU List Object Recognized!
Location: : S-1-5-21-299502267-220523388-839522115-1003\software\realnetworks\realplayer\6.0\preferences
Description : list of recent skins in realplayer
MRU List Object Recognized!
Location: : S-1-5-21-299502267-220523388-839522115-1003\software\realnetworks\realplayer\6.0\preferences
Description : list of recent clips in realplayer
MRU List Object Recognized!
Location: : S-1-5-21-299502267-220523388-839522115-1003\software\realnetworks\realplayer\6.0\preferences
Description : last login time in realplayer
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general
Description : windows media sdk
MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general
Description : windows media sdk
MRU List Object Recognized!
Location: : S-1-5-21-299502267-220523388-839522115-1003\software\microsoft\windows media\wmsdk\general
Description : windows media sdk
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 23
17:42:23 Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:01:41.484
Objects scanned:88430
Objects identified:2
Objects ignored:0
New critical objects:2
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
bonsoir concernant avg voici comment faire pour supprimer ce qu'il t'a trouvé
Relance AVG AS puis choisis l'onglet "Analyse"
Puis l'onglet "Paramètres"
Sous la question "Comment réagir ?", clique sur "Actions recommandées" et choisis "Quarantaine"
revien dans l'onglet analyse
Clique sur "Appliquer toutes les actions "
Clique sur "Enregistrer le rapport" puis sur "Enregistrer le rapport sous"
Enregistre ce fichier texte sur ton bureau ensuite colle le raport ici
ensuite peu tu m'expliquer pourquoi smitfraud ne se lance pas sur ton ordi?? y'a t'il un message d'erreur?
a++
Relance AVG AS puis choisis l'onglet "Analyse"
Puis l'onglet "Paramètres"
Sous la question "Comment réagir ?", clique sur "Actions recommandées" et choisis "Quarantaine"
revien dans l'onglet analyse
Clique sur "Appliquer toutes les actions "
Clique sur "Enregistrer le rapport" puis sur "Enregistrer le rapport sous"
Enregistre ce fichier texte sur ton bureau ensuite colle le raport ici
ensuite peu tu m'expliquer pourquoi smitfraud ne se lance pas sur ton ordi?? y'a t'il un message d'erreur?
a++
bsr salwa c sperdu! comen vas tu?
je tavai di ke dici peu on se recontacterai! rire
en effet, la derniere fois ona pas du reussir a eliminer cette saleté de bestiole!
la page d'accueil change toujour mais cette fois ci
c msn qui est mis d'office
et l'ecran se trouble!
des ke tu a un moment a m'accorder tu peu jeter un cou d'oeil sus mon cas stp? merci salwa!
mon sujet est : [virus] pas éliminé
A+++
je tavai di ke dici peu on se recontacterai! rire
en effet, la derniere fois ona pas du reussir a eliminer cette saleté de bestiole!
la page d'accueil change toujour mais cette fois ci
c msn qui est mis d'office
et l'ecran se trouble!
des ke tu a un moment a m'accorder tu peu jeter un cou d'oeil sus mon cas stp? merci salwa!
mon sujet est : [virus] pas éliminé
A+++
