pouet187
-
Compteur de contenus
91 -
Inscription
-
Dernière visite
Type de contenu
Profils
Forums
Blogs
Tout ce qui a été posté par pouet187
-
[résolu]analyse smitfraudfix
pouet187 a répondu à un(e) sujet de pouet187 dans Analyses et éradication malwares
j'ai une question à propos de mes codes bancaires, en fait le site de ma banque ne me demande pas mon code mais je dois mettre mon numéro de carte et j'ai un appareil comme une petite calculatrice chez moi dans laquelle je glisse ma carte ( ce n'est pas relié au pc) et qui me donne plusieurs série de 8 chiffre pour entrer, signer mes virements etc. penses tu qu'il soit nécessaire de tout changer? Pour mes mots de passe c'est juste pour aller sur des forums la pluparts du temps. dis moi ce que tu en penses. merci -
[résolu]analyse smitfraudfix
pouet187 a répondu à un(e) sujet de pouet187 dans Analyses et éradication malwares
voilà la suite: avec easycleaner il n'a pas su me supprimer 2 fichiers petite question est-ce que quand je clique sur regitry dans easycleaner je dois faire un scan et delate all? j'ai pas osé voilà le rapport hijackthis: Logfile of HijackThis v1.99.1 Scan saved at 19:41:48, on 30/03/2007 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe C:\Program Files\USB 2.0 Flash Drive Utility\PLBkMon.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\WINDOWS\System32\sistray.EXE C:\WINDOWS\System32\keyhook.exe C:\WINDOWS\System32\RunDll32.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Belgacom\bin\sprtcmd.exe C:\Program Files\Lexmark 1200 Series\lxczbmon.exe C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Documents and Settings\Pouet187\Bureau\HijackThis.exe R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - (no file) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [TSE_PLUtil] "C:\Program Files\USB 2.0 Flash Drive Utility\PLBkMon.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [siS Tray] C:\WINDOWS\System32\sistray.EXE O4 - HKLM\..\Run: [siS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [belgacom] "C:\Program Files\Belgacom\bin\sprtcmd.exe" /P Belgacom O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: winhun32 - C:\WINDOWS\SYSTEM32\winhun32.dll O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe voilà le rapport sdfix: SDFix: Version 1.75 Run by Pouet187 - ven. 30/03/2007 - 19:36:54,46 Microsoft Windows XP [version 5.1.2600] Running From: C:\Documents and Settings\Pouet187\Bureau\SDFix Safe Mode: Checking Services: Name: gb ImagePath: %SystemRoot%\System32\svchost.exe -k netsvcs gb Deleted Restoring Windows Registry Entries Restoring Default Hosts File Rebooting... Normal Mode: Checking Files: Below files will be copied to Backups folder then removed: C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\ibm00004.dll - Deleted C:\WINDOWS\services.dll - Deleted C:\WINDOWS\system32\dlh9jkd1q8.exe - Deleted C:\WINDOWS\system32\form.txt - Deleted C:\WINDOWS\system32\hook.dll - Deleted C:\WINDOWS\system32\vxga5me3.exe - Deleted C:\WINDOWS\system32\vxga8me6.exe - Deleted C:\WINDOWS\Temp\$_2341233.TMP - Deleted C:\WINDOWS\Temp\$_2341234.TMP - Deleted C:\WINDOWS\Temp\$_2341235.TMP - Deleted C:\WINDOWS\Temp\$b17a2e8.tmp - Deleted C:\WINDOWS\ws386.ini - Deleted C:\WINDOWS\Temp\win*.tmp - Deleted ADS Check: C:\WINDOWS\system32 No streams found. Final Check: Remaining Services: ------------------ Authorized Application Key Export: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] Remaining Files: --------------- Backups Folder: - C:\DOCUME~1\Pouet187\Bureau\SDFix\backups\backups.zip Checking For Files with Hidden Attributes : Finished -
[résolu]analyse smitfraudfix
pouet187 a répondu à un(e) sujet de pouet187 dans Analyses et éradication malwares
ok je préfère t'attendre comme tu es bien au courant du sujet merci. fais signe quand tu es rentré -
[résolu]analyse smitfraudfix
pouet187 a répondu à un(e) sujet de pouet187 dans Analyses et éradication malwares
bon voilà j'ai trouvé poker.exe je l'ai supprimé mais pour winlogon.exe je ne l'ai pas trouvé. Pour winhun32.dll je n'arrive pas à le supprimer il me marque vérifier que le disque n'est pas plein ou protégé en écriture... J'ai essayé de le supprimer avec Locked Files Wizard mais même ça il n'y arrive pas. J'attend de tes nouvelles pour la suite. merci -
[résolu]analyse smitfraudfix
pouet187 a répondu à un(e) sujet de pouet187 dans Analyses et éradication malwares
voilà j'ai fais comme ci-dessus mais j'arrive au même résultat que cité auparavant. Désolé Je fais quoi alors, je continue le reste du processus? pour moi ça ne sera pas pour aujourd'hui. merci 1000x -
[résolu]analyse smitfraudfix
pouet187 a répondu à un(e) sujet de pouet187 dans Analyses et éradication malwares
Bon j'ai un petit problème, tout allait bien jusqu'au moment où je suis arrivé à la phase "Désenregistrer une DLL" en fait j'ai fais comme tu m'as dis mais j'ai le message suivant qui s'affiche:"C:\WINDOWS\SYSTEM32\winhun32.dll a été chargé mais le point d'entrée DllUnregisterServer est introuvable. Ce fichier ne peut pas être enregistré." Donc voilà j'attend des nouvelles. pour la suite j'ai déjà taté un peu sans rien toucher ni lancer ni effacer juste pour voir si je voyais où je devait aller et ça devrair aller -
[résolu]analyse smitfraudfix
pouet187 a répondu à un(e) sujet de pouet187 dans Analyses et éradication malwares
ok merci de ton aide et de ta patience. moi je fais pareil sur les forums de 4x4 c'est plus mon truc. -
[résolu]analyse smitfraudfix
pouet187 a répondu à un(e) sujet de pouet187 dans Analyses et éradication malwares
bon ça a l'air d'aller mais j'ai quand même un soucis, quand je vais sur certains sites et que je clique sur une image ça me renvoi sur google avec un sujet que je n'ai même pas recherché. y doit quand même y avoir un problème. -
[résolu]analyse smitfraudfix
pouet187 a répondu à un(e) sujet de pouet187 dans Analyses et éradication malwares
au fait j'ai oublié de préciser que mon pc avait l'air d'aller mieux. est-ce que vous trouvez encore des saloperies dedans. merci. -
[résolu]analyse smitfraudfix
pouet187 a répondu à un(e) sujet de pouet187 dans Analyses et éradication malwares
bon finalement j'avais une heure alors j'ai fais le nécessaire voilà les rapports: spy-sweeper: 20:39: Traces Found: 118 20:39: Full Sweep has completed. Elapsed time 00:27:20 20:39: winhun32.dll (ID = 360877) 20:39: Detected running threat: winhun32.dll (ID = 360877) 20:39: File Sweep Complete, Elapsed Time: 00:25:33 20:29: Warning: SweepDirectories: Cannot find directory "d:". This directory was not added to the list of paths to be scanned. 20:26: ibm00001.dll (ID = 496334) 20:26: Found Trojan Horse: trojan-backdoor-us15info 20:19: aspi204973.exe (ID = 464686) 20:19: Found Trojan Horse: trojan-relayer-highport 20:14: starware347 (44 subtraces) (ID = 2147526562) 20:14: starware347 (54 subtraces) (ID = 2147526563) 20:13: Starting File Sweep 20:13: Cookie Sweep Complete, Elapsed Time: 00:00:00 20:13: Starting Cookie Sweep 20:13: Registry Sweep Complete, Elapsed Time:00:00:15 20:13: HKU\S-1-5-21-2052111302-764733703-682003330-1003\software\microsoft\windows\currentversion\run\ || firewall auto setup (ID = 1901597) 20:13: Found Trojan Horse: trojan-downloader-firstwolf 20:13: HKU\S-1-5-21-2052111302-764733703-682003330-1003\software\microsoft\internet explorer\toolbar\webbrowser\ || {bf1ced2c-4b3f-4079-a330-864eda5a4cff} (ID = 1839079) 20:13: Found Trojan Horse: trojan-downloader-zlob 20:13: HKU\S-1-5-21-2052111302-764733703-682003330-1003\software\suchspur\ (ID = 1730604) 20:13: HKU\S-1-5-21-2052111302-764733703-682003330-1003\software\starware347\ (ID = 1576182) 20:13: HKLM\software\microsoft\windows nt\currentversion\winlogon\notify\instcat\ (ID = 1927359) 20:13: HKLM\software\microsoft\mssmgr\ (ID = 1776755) 20:13: Found Trojan Horse: trojan agent winlogonhook 20:13: HKLM\software\microsoft\windows\currentversion\run\ || msn (ID = 1734377) 20:13: Found Trojan Horse: trojan-phisher-bzub 20:13: HKLM\software\microsoft\internet explorer\toolbar\{5d945e9a-dc10-4670-83eb-99daa616628a}\ (ID = 1727674) 20:13: HKLM\software\classes\suchspur.suchspurobj\ (ID = 1727654) 20:13: HKCR\suchspur.suchspurobj\ (ID = 1727611) 20:13: Found Adware: suchspur 20:13: HKLM\software\classes\jokester.prank\ (ID = 1166104) 20:13: HKCR\jokester.prank\ (ID = 1166068) 20:13: Found Adware: starware toolbar 20:13: HKLM\system\currentcontrolset\control\initregkey\ (ID = 943249) 20:13: Found Trojan Horse: trojan-backdoor-keylog-sters 20:13: Starting Registry Sweep 20:13: Memory Sweep Complete, Elapsed Time: 00:01:21 20:12: Starting Memory Sweep 20:12: HKLM\software\microsoft\windows nt\currentversion\winlogon\notify\instcat\ || dllname (ID = 1846738) 20:12: Found Trojan Horse: trojan maccess 20:12: Sweep initiated using definitions version 885 20:12: Spy Sweeper 5.3.2.2361 started 20:12: | Start of Session, lundi 26 mars 2007 | *************** 20:11: Program Version 5.3.2.2361 Using Spyware Definitions 885 20:11: Spy Sweeper 5.3.2.2361 started 20:11: | Start of Session, lundi 26 mars 2007 | *************** 17:19: ApplicationMinimized - EXIT 17:19: ApplicationMinimized - ENTER 17:19: Access to Hosts file blocked for C:\DOCUME~1\POUET187\LOCALS~1\TEMP\IS-DG5U7.TMP\IS-KME9F.TMP Operation: File Access Target: Source: C:\DOCUME~1\POUET187\LOCALS~1\TEMP\IS-DG5U7.TMP\IS-KME9F.TMP 17:19: Tamper Detection 17:19: ApplicationMinimized - EXIT 17:19: ApplicationMinimized - ENTER 17:19: ApplicationMinimized - EXIT 17:19: ApplicationMinimized - EXIT 17:19: ApplicationMinimized - ENTER 17:19: ApplicationMinimized - ENTER 17:19: Access to Hosts file blocked for C:\DOCUMENTS AND SETTINGS\POUET187\BUREAU\SSFSETUP4129_1915211904.EXE 17:19: ApplicationMinimized - EXIT 17:19: ApplicationMinimized - EXIT 17:19: ApplicationMinimized - ENTER 17:19: ApplicationMinimized - ENTER 17:19: Access to Hosts file blocked for C:\DOCUME~1\POUET187\LOCALS~1\TEMP\IS-UMKSU.TMP\IS-P3HOC.TMP Operation: File Access Target: Source: C:\DOCUME~1\POUET187\LOCALS~1\TEMP\IS-UMKSU.TMP\IS-P3HOC.TMP 17:18: Tamper Detection Keylogger: Off BHO Shield: On IE Security Shield: On Alternate Data Stream (ADS) Execution Shield: On Startup Shield: On Common Ad Sites: Off Hosts File Shield: On Internet Communication Shield: On ActiveX Shield: On Windows Messenger Service Shield: On IE Favorites Shield: On Spy Installation Shield: On Memory Shield: Off IE Hijack Shield: On IE Tracking Cookies Shield: Off 17:18: Shield States 17:18: Spyware Definitions: 866 17:17: Spy Sweeper 5.3.2.2361 started 17:17: Spy Sweeper 5.3.2.2361 started 17:17: | Start of Session, lundi 26 mars 2007 | *************** 17:27: ApplicationMinimized - EXIT 17:27: ApplicationMinimized - ENTER 17:27: Access to Hosts file blocked for C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE 17:27: Sweep Status: 1 Item Found 17:27: Traces Found: 1 17:27: Memory Sweep Complete, Elapsed Time: 00:00:21 17:27: ApplicationMinimized - EXIT 17:27: ApplicationMinimized - ENTER 17:27: Sweep Canceled 17:27: Access to Hosts file blocked for C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE 17:26: Starting Memory Sweep 17:26: HKLM\software\microsoft\windows nt\currentversion\winlogon\notify\instcat\ || dllname (ID = 1846738) 17:26: Found Trojan Horse: trojan maccess 17:26: Start Full Sweep 17:26: Sweep initiated using definitions version 885 17:25: Your spyware definitions have been updated. Operation: File Access Target: Source: 17:25: Tamper Detection Keylogger: Off BHO Shield: On IE Security Shield: On Alternate Data Stream (ADS) Execution Shield: On Startup Shield: On Common Ad Sites: Off Hosts File Shield: On Internet Communication Shield: On ActiveX Shield: On Windows Messenger Service Shield: On IE Favorites Shield: On Spy Installation Shield: On Memory Shield: Off IE Hijack Shield: On IE Tracking Cookies Shield: Off 17:23: Shield States 17:23: Spyware Definitions: 866 17:22: Spy Sweeper 5.3.2.2361 started 17:22: Spy Sweeper 5.3.2.2361 started 17:22: | Start of Session, lundi 26 mars 2007 | *************** Keylogger: Off BHO Shield: On IE Security Shield: On Alternate Data Stream (ADS) Execution Shield: On Startup Shield: On Common Ad Sites: Off Hosts File Shield: On Internet Communication Shield: On ActiveX Shield: On Windows Messenger Service Shield: On IE Favorites Shield: On Spy Installation Shield: On Memory Shield: Off IE Hijack Shield: On IE Tracking Cookies Shield: Off 17:30: Shield States 17:30: Spyware Definitions: 885 17:30: Spy Sweeper 5.3.2.2361 started 17:30: Spy Sweeper 5.3.2.2361 started 17:30: | Start of Session, lundi 26 mars 2007 | *************** Smitfraudfix: SmitFraudFix v2.127 Rapport fait à 17:38:01,29, lun. 26/03/2007 Executé à partir de C:\Documents and Settings\Pouet187\Bureau\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Le type du système de fichiers est NTFS Fix executé en mode sans echec »»»»»»»»»»»»»»»»»»»»»»»» Avant SmitFraudFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{3BF77FF3-E054-4728-ADD0-B21EF95EECE1}"="COM+ Service" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{b292ec9f-a074-4115-8342-1f459702d8d2}"="characterizing" [HKEY_CLASSES_ROOT\CLSID\{b292ec9f-a074-4115-8342-1f459702d8d2}\InProcServer32] @="C:\WINDOWS\System32\fyxkaah.dll" [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{b292ec9f-a074-4115-8342-1f459702d8d2}\InProcServer32] @="C:\WINDOWS\System32\fyxkaah.dll" »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés »»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre Nettoyage terminé. »»»»»»»»»»»»»»»»»»»»»»»» Après SmitFraudFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{3BF77FF3-E054-4728-ADD0-B21EF95EECE1}"="COM+ Service" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{b292ec9f-a074-4115-8342-1f459702d8d2}"="characterizing" [HKEY_CLASSES_ROOT\CLSID\{b292ec9f-a074-4115-8342-1f459702d8d2}\InProcServer32] @="C:\WINDOWS\System32\fyxkaah.dll" [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{b292ec9f-a074-4115-8342-1f459702d8d2}\InProcServer32] @="C:\WINDOWS\System32\fyxkaah.dll" »»»»»»»»»»»»»»»»»»»»»»»» Fin hijackthis: Logfile of HijackThis v1.99.1 Scan saved at 20:40:51, on 26/03/2007 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\WINDOWS\system32\cleanmgr.exe C:\WINDOWS\explorer.exe C:\Documents and Settings\Pouet187\Bureau\HijackThis.exe R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.3.19.dll (file missing) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [TSE_PLUtil] "C:\Program Files\USB 2.0 Flash Drive Utility\PLBkMon.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [siS Tray] C:\WINDOWS\System32\sistray.EXE O4 - HKLM\..\Run: [siS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [belgacom] "C:\Program Files\Belgacom\bin\sprtcmd.exe" /P Belgacom O4 - HKLM\..\Run: [MSN] "C:\WINDOWS\poker.exe" /INITSERVICE O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray O4 - HKCU\..\Run: [Firewall auto setup] C:\DOCUME~1\Pouet187\LOCALS~1\Temp\winlogon.exe O4 - HKCU\..\Run: [eMuleAutoStart] "C:\Program Files\eMule\emule.exe" -AutoStart O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: instcat - instcat.dll (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\ O20 - Winlogon Notify: winhun32 - C:\WINDOWS\SYSTEM32\winhun32.dll O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: Moteur Webroot Spy Sweeper (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe merci beaucoup. -
[résolu]analyse smitfraudfix
pouet187 a répondu à un(e) sujet de pouet187 dans Analyses et éradication malwares
merci je vais faire ça dès que j'ai le temps, probablement demain. merci -
[résolu]analyse smitfraudfix
pouet187 a répondu à un(e) sujet de pouet187 dans Analyses et éradication malwares
bon voilà j'ai fini la procédure, je mets les 3 rapports: Smitfraudfix (qui a été mis à jour): SmitFraudFix v2.155 Rapport fait à 22:25:29,27, dim. 25/03/2007 Executé à partir de C:\Documents and Settings\Pouet187\Bureau\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Le type du système de fichiers est NTFS Fix executé en mode normal »»»»»»»»»»»»»»»»»»»»»»»» hosts »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Pouet187 »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Pouet187\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Pouet187\Favoris »»»»»»»»»»»»»»»»»»»»»»»» Bureau »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{3BF77FF3-E054-4728-ADD0-B21EF95EECE1}"="COM+ Service" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{b292ec9f-a074-4115-8342-1f459702d8d2}"="characterizing" [HKEY_CLASSES_ROOT\CLSID\{b292ec9f-a074-4115-8342-1f459702d8d2}\InProcServer32] @="C:\WINDOWS\System32\fyxkaah.dll" [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{b292ec9f-a074-4115-8342-1f459702d8d2}\InProcServer32] @="C:\WINDOWS\System32\fyxkaah.dll" »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32 »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll »»»»»»»»»»»»»»»»»»»»»»»» Fin rapport hijackthis: Logfile of HijackThis v1.99.1 Scan saved at 22:27:15, on 25/03/2007 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe C:\Program Files\USB 2.0 Flash Drive Utility\PLBkMon.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\WINDOWS\System32\sistray.EXE C:\WINDOWS\System32\keyhook.exe C:\Program Files\Lexmark 1200 Series\lxczbmon.exe C:\WINDOWS\System32\RunDll32.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Belgacom\bin\sprtcmd.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\WINDOWS\System32\svchost.exe C:\Documents and Settings\Pouet187\Bureau\HijackThis.exe R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.3.19.dll (file missing) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [TSE_PLUtil] "C:\Program Files\USB 2.0 Flash Drive Utility\PLBkMon.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [siS Tray] C:\WINDOWS\System32\sistray.EXE O4 - HKLM\..\Run: [siS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [belgacom] "C:\Program Files\Belgacom\bin\sprtcmd.exe" /P Belgacom O4 - HKLM\..\Run: [MSN] "C:\WINDOWS\poker.exe" /INITSERVICE O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [Firewall auto setup] C:\DOCUME~1\Pouet187\LOCALS~1\Temp\winlogon.exe O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: instcat - instcat.dll (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\ O20 - Winlogon Notify: winhun32 - C:\WINDOWS\SYSTEM32\winhun32.dll O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe rapport fixwareout: Fixwareout Last edited 2/11/2007 Post this report in the forums please ... »»»»»Prerun check »»»»» System restarted »»»»» Postrun check HKLM\SOFTWARE\~\Winlogon\ "System"="" .... .... »»»»» Misc files. .... »»»»» Checking for older varients. .... Search five digit cs, dm, kd, jb, other, files. The following files NEED TO BE SUBMITTED to one of the following URL'S for further inspection. Click browse, find the file then click submit. http://www.virustotal.com/flash/index_en.html Or http://virusscan.jotti.org/ »»»»» Other »»»»» Current runs [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Lexmark 1200 Series"="\"C:\\Program Files\\Lexmark 1200 Series\\lxczbmgr.exe\"" "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe" "SiSUSBRG"="C:\\WINDOWS\\SiSUSBrg.exe" "TSE_PLUtil"="\"C:\\Program Files\\USB 2.0 Flash Drive Utility\\PLBkMon.exe\"" "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\"" "SpeedTouch USB Diagnostics"="\"C:\\Program Files\\Thomson\\SpeedTouch USB\\Dragdiag.exe\" /icon" "SiS Tray"="C:\\WINDOWS\\System32\\sistray.EXE" "SiS Windows KeyHook"="C:\\WINDOWS\\System32\\keyhook.exe" "Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd" "nod32kui"="\"C:\\Program Files\\Eset\\nod32kui.exe\" /WAITSERVICE" "Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\"" "Belgacom"="\"C:\\Program Files\\Belgacom\\bin\\sprtcmd.exe\" /P Belgacom" "MSN"="\"C:\\WINDOWS\\poker.exe\" /INITSERVICE" "!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Firewall auto setup"="C:\\DOCUME~1\\Pouet187\\LOCALS~1\\Temp\\winlogon.exe" "eMuleAutoStart"="C:\\Program Files\\eMule\\emule.exe -AutoStart" .... Hosts file was reset, If you use a custom hosts file please replace it »»»»» End report »»»»» merci -
[résolu]analyse smitfraudfix
pouet187 a répondu à un(e) sujet de pouet187 dans Analyses et éradication malwares
Je viens de faire toutes les manipulations et apparement mon problème est réglé mais je mets quand même ci-après les 3 rapports demandés: hijackthis: Logfile of HijackThis v1.99.1 Scan saved at 18:40:18, on 25/03/2007 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe C:\Program Files\Lexmark 1200 Series\lxczbmon.exe C:\Program Files\USB 2.0 Flash Drive Utility\PLBkMon.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\WINDOWS\System32\sistray.EXE C:\WINDOWS\System32\keyhook.exe C:\WINDOWS\System32\RunDll32.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Belgacom\bin\sprtcmd.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wuauclt.exe C:\Documents and Settings\Pouet187\Bureau\HijackThis.exe R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.3.19.dll (file missing) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [TSE_PLUtil] "C:\Program Files\USB 2.0 Flash Drive Utility\PLBkMon.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [siS Tray] C:\WINDOWS\System32\sistray.EXE O4 - HKLM\..\Run: [siS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [belgacom] "C:\Program Files\Belgacom\bin\sprtcmd.exe" /P Belgacom O4 - HKLM\..\Run: [MSN] "C:\WINDOWS\poker.exe" /INITSERVICE O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [Firewall auto setup] C:\DOCUME~1\Pouet187\LOCALS~1\Temp\winlogon.exe O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O17 - HKLM\System\CCS\Services\Tcpip\..\{EBAA6E0A-9363-4D7A-BD54-8A80312DC0A9}: NameServer = 85.255.116.103 85.255.112.214 O17 - HKLM\System\CCS\Services\Tcpip\..\{FEE17191-CA87-438B-A543-0AAD7D8B7556}: NameServer = 85.255.116.103,85.255.112.214 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.103 85.255.112.214 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.103 85.255.112.214 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.103 85.255.112.214 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: instcat - instcat.dll (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\ O20 - Winlogon Notify: winhun32 - C:\WINDOWS\SYSTEM32\winhun32.dll O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe rapport blacklight: 03/25/07 14:48:30 [info]: BlackLight Engine 1.0.55 initialized 03/25/07 14:48:30 [info]: OS: 5.1 build 2600 () 03/25/07 14:48:30 [Note]: 7019 4 03/25/07 14:48:30 [Note]: 7005 0 03/25/07 14:48:37 [Note]: 7006 0 03/25/07 14:48:37 [Note]: 7011 1208 03/25/07 14:48:38 [Note]: 7026 0 03/25/07 14:48:38 [Note]: 7026 0 03/25/07 14:48:48 [Note]: FSRAW library version 1.7.1021 03/25/07 14:53:07 [Note]: 2000 1012 03/25/07 14:53:07 [Note]: 2000 1012 03/25/07 14:53:34 [Note]: 7007 0 rapport AVG: --------------------------------------------------------- AVG Anti-Spyware - Rapport d'analyse --------------------------------------------------------- + Créé à: 18:35:48 25/03/2007 + Résultat de l'analyse: HKLM\SOFTWARE\Classes\SiteTicket -> Adware.Generic : Ignoré. HKLM\SOFTWARE\Classes\SiteTicket\CLSID -> Adware.Generic : Ignoré. HKU\S-1-5-21-2052111302-764733703-682003330-1003\Software\SiteTicket -> Adware.Generic : Ignoré. C:\Documents and Settings\Pouet187\Bureau\SmitfraudFix\SmiUpdate.exe -> Adware.SmiUpdate : Ignoré. C:\Program Files\Mozilla Firefox\SmitfraudFix\SmiUpdate.exe -> Adware.SmiUpdate : Ignoré. C:\System Volume Information\_restore{C49608AD-D1DD-491C-9191-A71D5AA27968}\RP61\A0038671.exe -> Adware.SmiUpdate : Ignoré. C:\System Volume Information\_restore{C49608AD-D1DD-491C-9191-A71D5AA27968}\RP61\A0038683.exe -> Adware.SmiUpdate : Ignoré. C:\System Volume Information\_restore{C49608AD-D1DD-491C-9191-A71D5AA27968}\RP61\A0038696.exe -> Adware.SmiUpdate : Ignoré. C:\System Volume Information\_restore{C49608AD-D1DD-491C-9191-A71D5AA27968}\RP61\A0038706.exe -> Adware.SmiUpdate : Ignoré. C:\System Volume Information\_restore{C49608AD-D1DD-491C-9191-A71D5AA27968}\RP86\A0070186.exe -> Adware.SmiUpdate : Ignoré. C:\System Volume Information\_restore{C49608AD-D1DD-491C-9191-A71D5AA27968}\RP94\A0085683.exe -> Adware.SmiUpdate : Ignoré. C:\System Volume Information\_restore{C49608AD-D1DD-491C-9191-A71D5AA27968}\RP92\A0081922.exe -> Adware.SpyLocked : Ignoré. C:\System Volume Information\_restore{C49608AD-D1DD-491C-9191-A71D5AA27968}\RP68\A0041538.exe -> Adware.Spysheriff : Ignoré. C:\System Volume Information\_restore{C49608AD-D1DD-491C-9191-A71D5AA27968}\RP92\A0081923.exe -> Downloader.Agent.bhc : Nettoyé et sauvegardé (mise en quarantaine). C:\System Volume Information\_restore{C49608AD-D1DD-491C-9191-A71D5AA27968}\RP92\A0079327.dll -> Downloader.Agent.bhl : Nettoyé et sauvegardé (mise en quarantaine). C:\System Volume Information\_restore{C49608AD-D1DD-491C-9191-A71D5AA27968}\RP92\A0081920.dll -> Downloader.Agent.bhl : Nettoyé et sauvegardé (mise en quarantaine). C:\System Volume Information\_restore{C49608AD-D1DD-491C-9191-A71D5AA27968}\RP92\A0081847.dll -> Downloader.Zlob.ato : Nettoyé et sauvegardé (mise en quarantaine). C:\System Volume Information\_restore{C49608AD-D1DD-491C-9191-A71D5AA27968}\RP92\A0081620.dll -> Downloader.Zlob.ats : Nettoyé et sauvegardé (mise en quarantaine). C:\System Volume Information\_restore{C49608AD-D1DD-491C-9191-A71D5AA27968}\RP92\A0081623.exe -> Downloader.Zlob.ats : Nettoyé et sauvegardé (mise en quarantaine). C:\System Volume Information\_restore{C49608AD-D1DD-491C-9191-A71D5AA27968}\RP92\A0081850.dll -> Downloader.Zlob.ats : Nettoyé et sauvegardé (mise en quarantaine). C:\System Volume Information\_restore{C49608AD-D1DD-491C-9191-A71D5AA27968}\RP92\A0081851.exe -> Downloader.Zlob.ats : Nettoyé et sauvegardé (mise en quarantaine). C:\System Volume Information\_restore{C49608AD-D1DD-491C-9191-A71D5AA27968}\RP92\A0081856.exe -> Downloader.Zlob.bng : Nettoyé et sauvegardé (mise en quarantaine). C:\System Volume Information\_restore{C49608AD-D1DD-491C-9191-A71D5AA27968}\RP92\A0081622.exe -> Downloader.Zlob.bpn : Nettoyé et sauvegardé (mise en quarantaine). C:\System Volume Information\_restore{C49608AD-D1DD-491C-9191-A71D5AA27968}\RP92\A0081855.exe -> Downloader.Zlob.bpn : Nettoyé et sauvegardé (mise en quarantaine). C:\RECYCLER\S-1-5-21-2052111302-764733703-682003330-1003\Dc52\backup-20070323-183552-983.dll -> Logger.BZub.ih : Nettoyé et sauvegardé (mise en quarantaine). C:\System Volume Information\_restore{C49608AD-D1DD-491C-9191-A71D5AA27968}\RP93\A0084316.dll -> Logger.BZub.ih : Nettoyé et sauvegardé (mise en quarantaine). C:\WINDOWS\system32\ipv6monl.dll -> Logger.BZub.ih : Nettoyé et sauvegardé (mise en quarantaine). :mozilla.351:C:\Documents and Settings\Pouet187\Application Data\Mozilla\Firefox\Profiles\8t7wuomo.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé. C:\Documents and Settings\Pouet187\Cookies\pouet187@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé. :mozilla.503:C:\Documents and Settings\Pouet187\Application Data\Mozilla\Firefox\Profiles\8t7wuomo.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé. :mozilla.504:C:\Documents and Settings\Pouet187\Application Data\Mozilla\Firefox\Profiles\8t7wuomo.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé. C:\Documents and Settings\Pouet187\Cookies\pouet187@adbrite[1].txt -> TrackingCookie.Adbrite : Nettoyé. :mozilla.122:C:\Documents and Settings\Pouet187\Application Data\Mozilla\Firefox\Profiles\8t7wuomo.default\cookies.txt -> TrackingCookie.Adjuggler : Nettoyé. :mozilla.123:C:\Documents and Settings\Pouet187\Application Data\Mozilla\Firefox\Profiles\8t7wuomo.default\cookies.txt -> TrackingCookie.Adjuggler : Nettoyé. :mozilla.53:C:\Documents and Settings\Pouet187\Application Data\Mozilla\Firefox\Profiles\8t7wuomo.default\cookies.txt -> TrackingCookie.Adtech : Nettoyé. :mozilla.54:C:\Documents and Settings\Pouet187\Application Data\Mozilla\Firefox\Profiles\8t7wuomo.default\cookies.txt -> TrackingCookie.Adtech : Nettoyé. :mozilla.55:C:\Documents and Settings\Pouet187\Application Data\Mozilla\Firefox\Profiles\8t7wuomo.default\cookies.txt -> TrackingCookie.Adtech : Nettoyé. C:\Documents and Settings\Pouet187\Cookies\pouet187@adtech[2].txt -> TrackingCookie.Adtech : Nettoyé. :mozilla.580:C:\Documents and Settings\Pouet187\Application Data\Mozilla\Firefox\Profiles\8t7wuomo.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé. :mozilla.592:C:\Documents and Settings\Pouet187\Application Data\Mozilla\Firefox\Profiles\8t7wuomo.default\cookies.txt -> TrackingCookie.Adviva : Nettoyé. :mozilla.547:C:\Documents and Settings\Pouet187\Application Data\Mozilla\Firefox\Profiles\8t7wuomo.default\cookies.txt -> TrackingCookie.Atdmt : Nettoyé. :mozilla.56:C:\Documents and Settings\Pouet187\Application Data\Mozilla\Firefox\Profiles\8t7wuomo.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyé. C:\Documents and Settings\Pouet187\Cookies\pouet187@bluestreak[1].txt -> TrackingCookie.Bluestreak : Nettoyé. :mozilla.600:C:\Documents and Settings\Pouet187\Application Data\Mozilla\Firefox\Profiles\8t7wuomo.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé. :mozilla.387:C:\Documents and Settings\Pouet187\Application Data\Mozilla\Firefox\Profiles\8t7wuomo.default\cookies.txt -> TrackingCookie.Clickbank : Nettoyé. C:\Documents and Settings\Pouet187\Cookies\pouet187@ad1.clickhype[2].txt -> TrackingCookie.Clickhype : Nettoyé. :mozilla.247:C:\Documents and Settings\Pouet187\Application Data\Mozilla\Firefox\Profiles\8t7wuomo.default\cookies.txt -> TrackingCookie.Clickzs : Nettoyé. :mozilla.248:C:\Documents and Settings\Pouet187\Application Data\Mozilla\Firefox\Profiles\8t7wuomo.default\cookies.txt -> TrackingCookie.Clickzs : Nettoyé. :mozilla.409:C:\Documents and Settings\Pouet187\Application Data\Mozilla\Firefox\Profiles\8t7wuomo.default\cookies.txt -> TrackingCookie.Clickzs : Nettoyé. :mozilla.410:C:\Documents and Settings\Pouet187\Application Data\Mozilla\Firefox\Profiles\8t7wuomo.default\cookies.txt -> TrackingCookie.Clickzs : Nettoyé. :mozilla.436:C:\Documents and Settings\Pouet187\Application Data\Mozilla\Firefox\Profiles\8t7wuomo.default\cookies.txt -> TrackingCookie.Clickzs : Nettoyé. :mozilla.437:C:\Documents and Settings\Pouet187\Application Data\Mozilla\Firefox\Profiles\8t7wuomo.default\cookies.txt -> TrackingCookie.Clickzs : Nettoyé. :mozilla.438:C:\Documents and Settings\Pouet187\Application Data\Mozilla\Firefox\Profiles\8t7wuomo.default\cookies.txt -> TrackingCookie.Clickzs : Nettoyé. :mozilla.439:C:\Documents and Settings\Pouet187\Application Data\Mozilla\Firefox\Profiles\8t7wuomo.default\cookies.txt -> TrackingCookie.Clickzs : Nettoyé. :mozilla.448:C:\Documents and Settings\Pouet187\Application Data\Mozilla\Firefox\Profiles\8t7wuomo.default\cookies.txt -> TrackingCookie.Clickzs : Nettoyé. :mozilla.449:C:\Documents and Settings\Pouet187\Application Data\Mozilla\Firefox\Profiles\8t7wuomo.default\cookies.txt -> TrackingCookie.Clickzs : Nettoyé. :mozilla.89:C:\Documents and Settings\Pouet187\Application Data\Mozilla\Firefox\Profiles\8t7wuomo.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé. :mozilla.90:C:\Documents and Settings\Pouet187\Application Data\Mozilla\Firefox\Profiles\8t7wuomo.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé. :mozilla.91:C:\Documents and Settings\Pouet187\Application Data\Mozilla\Firefox\Profiles\8t7wuomo.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé. :mozilla.92:C:\Documents and Settings\Pouet187\Application Data\Mozilla\Firefox\Profiles\8t7wuomo.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé. :mozilla.93:C:\Documents and Settings\Pouet187\Application Data\Mozilla\Firefox\Profiles\8t7wuomo.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé. :mozilla.94:C:\Documents and Settings\Pouet187\Application Data\Mozilla\Firefox\Profiles\8t7wuomo.default\cookies.txt -> TrackingCookie.Doubleclick : Nettoyé. :mozilla.668:C:\Documents and Settings\Pouet187\Application Data\Mozilla\Firefox\Profiles\8t7wuomo.default\cookies.txt -> TrackingCookie.Enhance : Nettoyé. :mozilla.669:C:\Documents and Settings\Pouet187\Application Data\Mozilla\Firefox\Profiles\8t7wuomo.default\cookies.txt -> TrackingCookie.Enhance : Nettoyé. :mozilla.404:C:\Documents and Settings\Pouet187\Application Data\Mozilla\Firefox\Profiles\8t7wuomo.default\cookies.txt -> TrackingCookie.Estat : Nettoyé. :mozilla.343:C:\Documents and Settings\Pouet187\Application Data\Mozilla\Firefox\Profiles\8t7wuomo.default\cookies.txt -> TrackingCookie.Falkag : Nettoyé. :mozilla.345:C:\Documents and Settings\Pouet187\Application Data\Mozilla\Firefox\Profiles\8t7wuomo.default\cookies.txt -> TrackingCookie.Falkag : Nettoyé. :mozilla.346:C:\Documents and Settings\Pouet187\Application Data\Mozilla\Firefox\Profiles\8t7wuomo.default\cookies.txt -> TrackingCookie.Falkag : Nettoyé. :mozilla.347:C:\Documents and Settings\Pouet187\Application Data\Mozilla\Firefox\Profiles\8t7wuomo.default\cookies.txt -> TrackingCookie.Falkag : Nettoyé. :mozilla.533:C:\Documents and Settings\Pouet187\Application Data\Mozilla\Firefox\Profiles\8t7wuomo.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé. :mozilla.534:C:\Documents and Settings\Pouet187\Application Data\Mozilla\Firefox\Profiles\8t7wuomo.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé. :mozilla.639:C:\Documents and Settings\Pouet187\Application Data\Mozilla\Firefox\Profiles\8t7wuomo.default\cookies.txt -> TrackingCookie.Goclick : Nettoyé. :mozilla.640:C:\Documents and Settings\Pouet187\Application Data\Mozilla\Firefox\Profiles\8t7wuomo.default\cookies.txt -> TrackingCookie.Goclick : Nettoyé. :mozilla.388:C:\Documents and Settings\Pouet187\Application Data\Mozilla\Firefox\Profiles\8t7wuomo.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé. :mozilla.469:C:\Documents and Settings\Pouet187\Application Data\Mozilla\Firefox\Profiles\8t7wuomo.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé. :mozilla.49:C:\Documents and Settings\Pouet187\Application Data\Mozilla\Firefox\Profiles\8t7wuomo.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé. :mozilla.441:C:\Documents and Settings\Pouet187\Application Data\Mozilla\Firefox\Profiles\8t7wuomo.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé. :mozilla.442:C:\Documents and Settings\Pouet187\Application Data\Mozilla\Firefox\Profiles\8t7wuomo.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé. :mozilla.443:C:\Documents and Settings\Pouet187\Application Data\Mozilla\Firefox\Profiles\8t7wuomo.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé. :mozilla.369:C:\Documents and Settings\Pouet187\Application Data\Mozilla\Firefox\Profiles\8t7wuomo.default\cookies.txt -> TrackingCookie.Hitslink : Nettoyé. :mozilla.32:C:\Documents and Settings\Pouet187\Application Data\Mozilla\Firefox\Profiles\8t7wuomo.default\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé. :mozilla.34:C:\Documents and Settings\Pouet187\Application Data\Mozilla\Firefox\Profiles\8t7wuomo.default\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé. :mozilla.399:C:\Documents and Settings\Pouet187\Application Data\Mozilla\Firefox\Profiles\8t7wuomo.default\cookies.txt -> TrackingCookie.Linkbuddies : Nettoyé. :mozilla.194:C:\Documents and Settings\Pouet187\Application Data\Mozilla\Firefox\Profiles\8t7wuomo.default\cookies.txt -> TrackingCookie.Masterstats : Nettoyé. :mozilla.338:C:\Documents and Settings\Pouet187\Application Data\Mozilla\Firefox\Profiles\8t7wuomo.default\cookies.txt -> TrackingCookie.Mediaplex : Nettoyé. :mozilla.339:C:\Documents and Settings\Pouet187\Application Data\Mozilla\Firefox\Profiles\8t7wuomo.default\cookies.txt -> TrackingCookie.Mediaplex : Nettoyé. :mozilla.433:C:\Documents and Settings\Pouet187\Application Data\Mozilla\Firefox\Profiles\8t7wuomo.default\cookies.txt -> TrackingCookie.Paycounter : Nettoyé. :mozilla.328:C:\Documents and Settings\Pouet187\Application Data\Mozilla\Firefox\Profiles\8t7wuomo.default\cookies.txt -> TrackingCookie.Paypal : Nettoyé. C:\Documents and Settings\Pouet187\Cookies\pouet187@www.paypal[2].txt -> TrackingCookie.Paypal : Nettoyé. :mozilla.647:C:\Documents and Settings\Pouet187\Application Data\Mozilla\Firefox\Profiles\8t7wuomo.default\cookies.txt -> TrackingCookie.Revenue : Nettoyé. :mozilla.462:C:\Documents and Settings\Pouet187\Application Data\Mozilla\Firefox\Profiles\8t7wuomo.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé. :mozilla.463:C:\Documents and Settings\Pouet187\Application Data\Mozilla\Firefox\Profiles\8t7wuomo.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé. :mozilla.464:C:\Documents and Settings\Pouet187\Application Data\Mozilla\Firefox\Profiles\8t7wuomo.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé. :mozilla.465:C:\Documents and Settings\Pouet187\Application Data\Mozilla\Firefox\Profiles\8t7wuomo.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé. :mozilla.466:C:\Documents and Settings\Pouet187\Application Data\Mozilla\Firefox\Profiles\8t7wuomo.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé. :mozilla.467:C:\Documents and Settings\Pouet187\Application Data\Mozilla\Firefox\Profiles\8t7wuomo.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé. C:\Documents and Settings\Pouet187\Cookies\pouet187@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Nettoyé. C:\Documents and Settings\Pouet187\Cookies\pouet187@serving-sys[1].txt -> TrackingCookie.Serving-sys : Nettoyé. :mozilla.163:C:\Documents and Settings\Pouet187\Application Data\Mozilla\Firefox\Profiles\8t7wuomo.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé. :mozilla.164:C:\Documents and Settings\Pouet187\Application Data\Mozilla\Firefox\Profiles\8t7wuomo.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé. :mozilla.165:C:\Documents and Settings\Pouet187\Application Data\Mozilla\Firefox\Profiles\8t7wuomo.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé. :mozilla.166:C:\Documents and Settings\Pouet187\Application Data\Mozilla\Firefox\Profiles\8t7wuomo.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé. :mozilla.167:C:\Documents and Settings\Pouet187\Application Data\Mozilla\Firefox\Profiles\8t7wuomo.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé. :mozilla.168:C:\Documents and Settings\Pouet187\Application Data\Mozilla\Firefox\Profiles\8t7wuomo.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé. :mozilla.169:C:\Documents and Settings\Pouet187\Application Data\Mozilla\Firefox\Profiles\8t7wuomo.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé. :mozilla.170:C:\Documents and Settings\Pouet187\Application Data\Mozilla\Firefox\Profiles\8t7wuomo.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé. :mozilla.171:C:\Documents and Settings\Pouet187\Application Data\Mozilla\Firefox\Profiles\8t7wuomo.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé. :mozilla.172:C:\Documents and Settings\Pouet187\Application Data\Mozilla\Firefox\Profiles\8t7wuomo.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé. :mozilla.173:C:\Documents and Settings\Pouet187\Application Data\Mozilla\Firefox\Profiles\8t7wuomo.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé. :mozilla.174:C:\Documents and Settings\Pouet187\Application Data\Mozilla\Firefox\Profiles\8t7wuomo.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé. :mozilla.175:C:\Documents and Settings\Pouet187\Application Data\Mozilla\Firefox\Profiles\8t7wuomo.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé. :mozilla.176:C:\Documents and Settings\Pouet187\Application Data\Mozilla\Firefox\Profiles\8t7wuomo.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé. :mozilla.177:C:\Documents and Settings\Pouet187\Application Data\Mozilla\Firefox\Profiles\8t7wuomo.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé. :mozilla.178:C:\Documents and Settings\Pouet187\Application Data\Mozilla\Firefox\Profiles\8t7wuomo.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé. :mozilla.179:C:\Documents and Settings\Pouet187\Application Data\Mozilla\Firefox\Profiles\8t7wuomo.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé. :mozilla.180:C:\Documents and Settings\Pouet187\Application Data\Mozilla\Firefox\Profiles\8t7wuomo.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé. :mozilla.181:C:\Documents and Settings\Pouet187\Application Data\Mozilla\Firefox\Profiles\8t7wuomo.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé. :mozilla.182:C:\Documents and Settings\Pouet187\Application Data\Mozilla\Firefox\Profiles\8t7wuomo.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé. :mozilla.183:C:\Documents and Settings\Pouet187\Application Data\Mozilla\Firefox\Profiles\8t7wuomo.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé. :mozilla.184:C:\Documents and Settings\Pouet187\Application Data\Mozilla\Firefox\Profiles\8t7wuomo.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé. :mozilla.204:C:\Documents and Settings\Pouet187\Application Data\Mozilla\Firefox\Profiles\8t7wuomo.default\cookies.txt -> TrackingCookie.Sexlist : Nettoyé. :mozilla.205:C:\Documents and Settings\Pouet187\Application Data\Mozilla\Firefox\Profiles\8t7wuomo.default\cookies.txt -> TrackingCookie.Sexlist : Nettoyé. :mozilla.206:C:\Documents and Settings\Pouet187\Application Data\Mozilla\Firefox\Profiles\8t7wuomo.default\cookies.txt -> TrackingCookie.Sexlist : Nettoyé. :mozilla.207:C:\Documents and Settings\Pouet187\Application Data\Mozilla\Firefox\Profiles\8t7wuomo.default\cookies.txt -> TrackingCookie.Sexlist : Nettoyé. :mozilla.208:C:\Documents and Settings\Pouet187\Application Data\Mozilla\Firefox\Profiles\8t7wuomo.default\cookies.txt -> TrackingCookie.Sexlist : Nettoyé. :mozilla.209:C:\Documents and Settings\Pouet187\Application Data\Mozilla\Firefox\Profiles\8t7wuomo.default\cookies.txt -> TrackingCookie.Sexlist : Nettoyé. :mozilla.210:C:\Documents and Settings\Pouet187\Application Data\Mozilla\Firefox\Profiles\8t7wuomo.default\cookies.txt -> TrackingCookie.Sexlist : Nettoyé. :mozilla.211:C:\Documents and Settings\Pouet187\Application Data\Mozilla\Firefox\Profiles\8t7wuomo.default\cookies.txt -> TrackingCookie.Sexlist : Nettoyé. :mozilla.212:C:\Documents and Settings\Pouet187\Application Data\Mozilla\Firefox\Profiles\8t7wuomo.default\cookies.txt -> TrackingCookie.Sexlist : Nettoyé. :mozilla.213:C:\Documents and Settings\Pouet187\Application Data\Mozilla\Firefox\Profiles\8t7wuomo.default\cookies.txt -> TrackingCookie.Sexlist : Nettoyé. C:\Documents and Settings\Pouet187\Cookies\pouet187@sexlist[1].txt -> TrackingCookie.Sexlist : Nettoyé. :mozilla.153:C:\Documents and Settings\Pouet187\Application Data\Mozilla\Firefox\Profiles\8t7wuomo.default\cookies.txt -> TrackingCookie.Sextracker : Nettoyé. :mozilla.154:C:\Documents and Settings\Pouet187\Application Data\Mozilla\Firefox\Profiles\8t7wuomo.default\cookies.txt -> TrackingCookie.Sextracker : Nettoyé. :mozilla.155:C:\Documents and Settings\Pouet187\Application Data\Mozilla\Firefox\Profiles\8t7wuomo.default\cookies.txt -> TrackingCookie.Sextracker : Nettoyé. :mozilla.156:C:\Documents and Settings\Pouet187\Application Data\Mozilla\Firefox\Profiles\8t7wuomo.default\cookies.txt -> TrackingCookie.Sextracker : Nettoyé. :mozilla.157:C:\Documents and Settings\Pouet187\Application Data\Mozilla\Firefox\Profiles\8t7wuomo.default\cookies.txt -> TrackingCookie.Sextracker : Nettoyé. :mozilla.158:C:\Documents and Settings\Pouet187\Application Data\Mozilla\Firefox\Profiles\8t7wuomo.default\cookies.txt -> TrackingCookie.Sextracker : Nettoyé. C:\Documents and Settings\Pouet187\Cookies\pouet187@counter8.sextracker[1].txt -> TrackingCookie.Sextracker : Nettoyé. C:\Documents and Settings\Pouet187\Cookies\pouet187@sextracker[1].txt -> TrackingCookie.Sextracker : Nettoyé. :mozilla.138:C:\Documents and Settings\Pouet187\Application Data\Mozilla\Firefox\Profiles\8t7wuomo.default\cookies.txt -> TrackingCookie.Sitestat : Nettoyé. :mozilla.139:C:\Documents and Settings\Pouet187\Application Data\Mozilla\Firefox\Profiles\8t7wuomo.default\cookies.txt -> TrackingCookie.Sitestat : Nettoyé. :mozilla.105:C:\Documents and Settings\Pouet187\Application Data\Mozilla\Firefox\Profiles\8t7wuomo.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé. :mozilla.106:C:\Documents and Settings\Pouet187\Application Data\Mozilla\Firefox\Profiles\8t7wuomo.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé. :mozilla.107:C:\Documents and Settings\Pouet187\Application Data\Mozilla\Firefox\Profiles\8t7wuomo.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé. C:\Documents and Settings\Pouet187\Cookies\pouet187@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : Nettoyé. :mozilla.124:C:\Documents and Settings\Pouet187\Application Data\Mozilla\Firefox\Profiles\8t7wuomo.default\cookies.txt -> TrackingCookie.Specificclick : Nettoyé. :mozilla.125:C:\Documents and Settings\Pouet187\Application Data\Mozilla\Firefox\Profiles\8t7wuomo.default\cookies.txt -> TrackingCookie.Specificclick : Nettoyé. :mozilla.126:C:\Documents and Settings\Pouet187\Application Data\Mozilla\Firefox\Profiles\8t7wuomo.default\cookies.txt -> TrackingCookie.Specificclick : Nettoyé. :mozilla.127:C:\Documents and Settings\Pouet187\Application Data\Mozilla\Firefox\Profiles\8t7wuomo.default\cookies.txt -> TrackingCookie.Specificclick : Nettoyé. :mozilla.43:C:\Documents and Settings\Pouet187\Application Data\Mozilla\Firefox\Profiles\8t7wuomo.default\cookies.txt -> TrackingCookie.Toplist : Nettoyé. C:\Documents and Settings\Pouet187\Cookies\pouet187@toplist[1].txt -> TrackingCookie.Toplist : Nettoyé. :mozilla.36:C:\Documents and Settings\Pouet187\Application Data\Mozilla\Firefox\Profiles\8t7wuomo.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé. :mozilla.37:C:\Documents and Settings\Pouet187\Application Data\Mozilla\Firefox\Profiles\8t7wuomo.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé. :mozilla.38:C:\Documents and Settings\Pouet187\Application Data\Mozilla\Firefox\Profiles\8t7wuomo.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé. C:\Documents and Settings\Pouet187\Cookies\pouet187@xxxcounter[1].txt -> TrackingCookie.Xxxcounter : Nettoyé. :mozilla.293:C:\Documents and Settings\Pouet187\Application Data\Mozilla\Firefox\Profiles\8t7wuomo.default\cookies.txt -> TrackingCookie.Yadro : Nettoyé. :mozilla.26:C:\Documents and Settings\Pouet187\Application Data\Mozilla\Firefox\Profiles\8t7wuomo.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé. :mozilla.27:C:\Documents and Settings\Pouet187\Application Data\Mozilla\Firefox\Profiles\8t7wuomo.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé. :mozilla.29:C:\Documents and Settings\Pouet187\Application Data\Mozilla\Firefox\Profiles\8t7wuomo.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé. C:\System Volume Information\_restore{C49608AD-D1DD-491C-9191-A71D5AA27968}\RP94\A0085673.exe -> Trojan.DNSChanger.ik : Nettoyé et sauvegardé (mise en quarantaine). C:\WINDOWS\system32\fyxkaah.dll -> Trojan.Renos.nar : Nettoyé et sauvegardé (mise en quarantaine). [708] C:\WINDOWS\System32\fyxkaah.dll -> Trojan.Renos.nar : Nettoyé et sauvegardé (mise en quarantaine). C:\System Volume Information\_restore{C49608AD-D1DD-491C-9191-A71D5AA27968}\RP89\A0075991.dll -> Worm.Locksky.aw : Nettoyé et sauvegardé (mise en quarantaine). C:\3456346345643.exe -> Worm.Zhelatin.al : Nettoyé et sauvegardé (mise en quarantaine). C:\System Volume Information\_restore{C49608AD-D1DD-491C-9191-A71D5AA27968}\RP89\A0074688.exe -> Worm.Zhelatin.al : Nettoyé et sauvegardé (mise en quarantaine). C:\System Volume Information\_restore{C49608AD-D1DD-491C-9191-A71D5AA27968}\RP93\A0084132.exe -> Worm.Zhelatin.al : Nettoyé et sauvegardé (mise en quarantaine). C:\System Volume Information\_restore{C49608AD-D1DD-491C-9191-A71D5AA27968}\RP92\A0079287.exe -> Worm.Zhelatin.bl : Nettoyé et sauvegardé (mise en quarantaine). C:\xx1232255.exe -> Worm.Zhelatin.bl : Nettoyé et sauvegardé (mise en quarantaine). Fin du rapport J'attend de vos nouvelles merci beaucoup en attendant. -
[résolu]analyse smitfraudfix
pouet187 a répondu à un(e) sujet de pouet187 dans Analyses et éradication malwares
ok merci là j'ai pas le temps mais je le fais dès que possible. -
[résolu]analyse smitfraudfix
pouet187 a répondu à un(e) sujet de pouet187 dans Analyses et éradication malwares
ok merci voici le rapport smitfraudfix: SmitFraudFix v2.127 Rapport fait à 22:00:08,17, sam. 24/03/2007 Executé à partir de C:\Documents and Settings\Pouet187\Bureau\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Le type du système de fichiers est NTFS Fix executé en mode sans echec »»»»»»»»»»»»»»»»»»»»»»»» Avant SmitFraudFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{3BF77FF3-E054-4728-ADD0-B21EF95EECE1}"="COM+ Service" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{b292ec9f-a074-4115-8342-1f459702d8d2}"="characterizing" [HKEY_CLASSES_ROOT\CLSID\{b292ec9f-a074-4115-8342-1f459702d8d2}\InProcServer32] @="C:\WINDOWS\System32\fyxkaah.dll" [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{b292ec9f-a074-4115-8342-1f459702d8d2}\InProcServer32] @="C:\WINDOWS\System32\fyxkaah.dll" »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés »»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre Nettoyage terminé. »»»»»»»»»»»»»»»»»»»»»»»» Après SmitFraudFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{3BF77FF3-E054-4728-ADD0-B21EF95EECE1}"="COM+ Service" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{b292ec9f-a074-4115-8342-1f459702d8d2}"="characterizing" [HKEY_CLASSES_ROOT\CLSID\{b292ec9f-a074-4115-8342-1f459702d8d2}\InProcServer32] @="C:\WINDOWS\System32\fyxkaah.dll" [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{b292ec9f-a074-4115-8342-1f459702d8d2}\InProcServer32] @="C:\WINDOWS\System32\fyxkaah.dll" »»»»»»»»»»»»»»»»»»»»»»»» Fin et le rapport hijackthis: Logfile of HijackThis v1.99.1 Scan saved at 8:41:23, on 25/03/2007 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe C:\Program Files\USB 2.0 Flash Drive Utility\PLBkMon.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\WINDOWS\System32\sistray.EXE C:\WINDOWS\System32\keyhook.exe C:\WINDOWS\System32\RunDll32.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Belgacom\bin\sprtcmd.exe C:\Program Files\Lexmark 1200 Series\lxczbmon.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Pouet187\Bureau\HijackThis.exe R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.3.19.dll (file missing) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [TSE_PLUtil] "C:\Program Files\USB 2.0 Flash Drive Utility\PLBkMon.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [siS Tray] C:\WINDOWS\System32\sistray.EXE O4 - HKLM\..\Run: [siS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [belgacom] "C:\Program Files\Belgacom\bin\sprtcmd.exe" /P Belgacom O4 - HKLM\..\Run: [MSN] "C:\WINDOWS\poker.exe" /INITSERVICE O4 - HKCU\..\Run: [Firewall auto setup] C:\DOCUME~1\Pouet187\LOCALS~1\Temp\winlogon.exe O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O17 - HKLM\System\CCS\Services\Tcpip\..\{EBAA6E0A-9363-4D7A-BD54-8A80312DC0A9}: NameServer = 85.255.116.103 85.255.112.214 O17 - HKLM\System\CCS\Services\Tcpip\..\{FEE17191-CA87-438B-A543-0AAD7D8B7556}: NameServer = 85.255.116.103,85.255.112.214 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.103 85.255.112.214 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.103 85.255.112.214 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.103 85.255.112.214 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: instcat - instcat.dll (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\ O20 - Winlogon Notify: winhun32 - C:\WINDOWS\SYSTEM32\winhun32.dll O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe merci beaucoup! -
j'ai un problème avec un message system alert qui s'affiche en bas à droite, j'ai passé spybot et il m'a détecté Torpig qu'il ne veut pas supprimer, j'ai été aidé par une personne sur un autre forum et il m'a dis de faire une analyse avec smitfraudfixj'ai fais une analyse avec smitfraudfix et on m'a dis que je pouvais le mettre ici. dès que j'ai votre accord je le mets merci