[résolu]Smitfraud.C pour les nuls :-)[résolu]

[Marco911]

Re Mr Bruce Lee

 

Pour l'etape 4 c'est ok, j'ai pu supprimer les 2 fichiers

Voici le rapport ( long ) du scan:

 

 

Spyware Terminator Version: 1.4.01.651

Start time: 15/07/2006 10:25:52

System: Windows XP SP2

User: Limited

 

Processes Scan

C:\WINDOWS\SYSTEM32\WINLOGON.EXE [Microsoft Corporation] C:\WINDOWS\SYSTEM32\ATI2EVXX.DLL [Empty],

C:\WINDOWS\SYSTEM32\SVCHOST.EXE [Microsoft Corporation] C:\WINDOWS\SYSTEM32\AVGFWAFU.DLL [GRISOFT, s.r.o.],

C:\WINDOWS\EXPLORER.EXE [Microsoft Corporation] C:\PROGRAM FILES\EWIDO ANTI-SPYWARE 4.0\SHELLEXECUTEHOOK.DLL [Anti-Malware Development a.s.], C:\Program Files\WinZip\WZSHLSTB.DLL [WinZip Computing, Inc.], C:\PROGRAM FILES\WINRAR\RAREXT.DLL [Empty], C:\PROGRAM FILES\GRISOFT\AVG7\AVGSE.DLL [GRISOFT, s.r.o.],

C:\PROGRAM FILES\SPYWARE TERMINATOR\SPYWARETERMINATORSHIELD.EXE [Crawler.com]

C:\PROGRAM FILES\SPYWARE TERMINATOR\SPYWARETERMINATOR.EXE [Crawler.com] AVGFWAFU.DLL,

 

Startup Scan

 

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run

"{F8EB4D7D-063A-1036-1202-040409270021}" = "C:\PROGRAM FILES\FICHIERS COMMUNS\{F8EB4D7D-063A-1036-1202-040409270021}\UPDATE.EXE" [ Empty ]

"{F8EB4D7D-0256-1036-1202-040409270021}" = "C:\PROGRAM FILES\FICHIERS COMMUNS\{F8EB4D7D-0256-1036-1202-040409270021}\UPDATE.EXE" [ Empty ]

 

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

"TClock.exe" = "C:\PROGRAM FILES\TCLOCK\TCLOCK_INSTALL.EXE" [ Empty ]

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

"AVG7_CC" = "C:\Program Files\Grisoft\AVG7\avgcc.exe" [ GRISOFT, s.r.o. ]

"!ewido" = "C:\PROGRAM FILES\EWIDO ANTI-SPYWARE 4.0\EWIDO.EXE" [ Anti-Malware Development a.s. ]

"VAIO Update 2" = "C:\PROGRAM FILES\SONY\VAIO UPDATE 2\VAIOUPDT.EXE" [ Sony Corporation ]

"SoundMan" = "C:\WINDOWS\SOUNDMAN.EXE" [ Realtek Semiconductor Corp. ]

"SonyPowerCfg" = "C:\PROGRAM FILES\SONY\VAIO POWER MANAGEMENT\SPMGR.EXE" [ Sony Corporation ]

"ISBMgr.exe" = "C:\PROGRAM FILES\SONY\ISB UTILITY\ISBMGR.EXE" [ Sony Corporation ]

"HKSERV.EXE" = "C:\PROGRAM FILES\SONY\HOTKEY UTILITY\HKSERV.EXE" [ Sony Corporation ]

"ATIPTA" = "C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE" [ ATI Technologies, Inc. ]

"IpWins" = "C:\Program Files\ipwins\ipwins.exe" [ file not found ]

"SpywareTerminator" = "C:\PROGRAM FILES\SPYWARE TERMINATOR\SPYWARETERMINATORSHIELD.EXE" [ Crawler.com ]

"BootExecute" = "C:\WINDOWS\system32\OODBS.EXE" [iNFECTION WARNING!]

 

Explorer Bars Scan

&Rechercher {FF059E31-CC5A-4E2E-BF3B-96E929D65503} C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL [Microsoft Corporation]

 

BHO Scan

&Rechercher {FF059E31-CC5A-4E2E-BF3B-96E929D65503} C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL [Microsoft Corporation]

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [file not found]

{92780B25-18CC-41C8-B9BE-3C9C571A8263} [file not found]

{FB5F1910-F110-11d2-BB9E-00C04F795683} [file not found]

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved

{42071714-76d4-11d1-8b24-00a0c9068ff3} = Extension Affichage Panorama du Panneau de configuration (deskpan.dll) [file not found]

{764BF0E1-F219-11ce-972D-00AA00A14F56} = Extensions de l'environnement de compression de fichiers () [file not found]

{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} = Menu contextuel de cryptage () [file not found]

{88895560-9AA2-1069-930E-00AA0030EBC8} = Extension icône HyperTerminal (C:\WINDOWS\SYSTEM32\HTICONS.DLL) [Hilgraeve, Inc.]

{0DF44EAA-FF21-4412-828E-260A8728E7F1} = Barre des tâches et menu Démarrer () [file not found]

{32683183-48a0-441b-a342-7c2a440a9478} = Media Band () [file not found]

{7A9D77BD-5403-11d2-8785-2E0420524153} = Comptes d'utilisateurs () [file not found]

{ED58A35B-B554-42AF-A26C-6F3D424200D3} = Sony Power Management Extensiond (C:\PROGRAM FILES\SONY\VAIO POWER MANAGEMENT\SPMPANEL.DLL) [sony Corporation]

{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} = Adobe.Acrobat.ContextMenu () [file not found]

{00020D75-0000-0000-C000-000000000046} = Microsoft Office Outlook Desktop Icon Handler (C:\Program Files\Microsoft Office\OFFICE11\MLSHEXT.DLL) [Microsoft Corporation]

{0006F045-0000-0000-C000-000000000046} = Microsoft Office Outlook Custom Icon Handler (C:\Program Files\Microsoft Office\OFFICE11\OLKFSTUB.DLL) [Microsoft Corporation]

{42042206-2D85-11D3-8CFF-005004838597} = Microsoft Office HTML Icon Handler (C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE11\MSOHEV.DLL) [Microsoft Corporation]

{B41DB860-8EE4-11D2-9906-E49FADC173CA} = WinRAR shell extension (C:\PROGRAM FILES\WINRAR\RAREXT.DLL) [Empty]

{E0D79304-84BE-11CE-9641-444553540000} = WinZip (C:\Program Files\WinZip\WZSHLSTB.DLL) [WinZip Computing, Inc.]

{E0D79305-84BE-11CE-9641-444553540000} = WinZip (C:\Program Files\WinZip\WZSHLSTB.DLL) [WinZip Computing, Inc.]

{E0D79306-84BE-11CE-9641-444553540000} = WinZip (C:\Program Files\WinZip\WZSHLSTB.DLL) [WinZip Computing, Inc.]

{E0D79307-84BE-11CE-9641-444553540000} = WinZip (C:\Program Files\WinZip\WZSHLSTB.DLL) [WinZip Computing, Inc.]

{21569614-B795-46b1-85F4-E737A8DC09AD} = Shell Search Band (C:\WINDOWS\SYSTEM32\BROWSEUI.DLL) [Microsoft Corporation]

{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} = iTunes (C:\PROGRAM FILES\ITUNES\ITUNESMINIPLAYER.DLL) [Apple Computer, Inc.]

{640167b4-59b0-47a6-b335-a6b3c0695aea} = Portable Media Devices (C:\WINDOWS\SYSTEM32\AUDIODEV.DLL) [Microsoft Corporation]

{35786D3C-B075-49b9-88DD-029876E11C01} = Portable Devices (C:\WINDOWS\SYSTEM32\WPDSHEXT.DLL) [Microsoft Corporation]

{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} = Portable Devices Menu (C:\WINDOWS\SYSTEM32\WPDSHEXT.DLL) [Microsoft Corporation]

{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = AVG7 Shell Extension (C:\PROGRAM FILES\GRISOFT\AVG7\AVGSE.DLL) [GRISOFT, s.r.o.]

{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} = AVG7 Find Extension (C:\PROGRAM FILES\GRISOFT\AVG7\AVGSE.DLL) [GRISOFT, s.r.o.]

{45AC2688-0253-4ED8-97DE-B5370FA7D48A} = Shell Extension for Malware scanning () [file not found]

 

Winlogon Notify Scan

AtiExtEvent = Ati2evxx.dll (C:\WINDOWS\system32\ATI2EVXX.DLL) [Empty]

WgaLogon = WgaLogon.dll (C:\WINDOWS\system32\WGALOGON.DLL) [Microsoft Corporation]

 

Services Scan

"ALCXSENS" = C:\WINDOWS\SYSTEM32\DRIVERS\ALCXSENS.SYS [sensaura]

"ALCXWDM" = C:\WINDOWS\SYSTEM32\DRIVERS\ALCXWDM.SYS [Realtek Semiconductor Corp.]

"ApfiltrService" = C:\WINDOWS\SYSTEM32\DRIVERS\APFILTR.SYS [Alps Electric Co., Ltd.]

"Ati HotKey Poller" = C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE [Empty]

"ati2mtag" = C:\WINDOWS\SYSTEM32\DRIVERS\ATI2MTAG.SYS [ATI Technologies Inc.]

"Automatic LiveUpdate Scheduler" = "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [file not found]

"Avg7Alrt" = C:\Program Files\Grisoft\AVG7\avgamsvr.exe [GRISOFT, s.r.o.]

"Avg7Core" = C:\WINDOWS\SYSTEM32\DRIVERS\AVG7CORE.SYS [GRISOFT, s.r.o.]

"Avg7RsW" = C:\WINDOWS\SYSTEM32\DRIVERS\AVG7RSW.SYS [GRISOFT, s.r.o.]

"Avg7RsXP" = C:\WINDOWS\SYSTEM32\DRIVERS\AVG7RSXP.SYS [GRISOFT, s.r.o.]

"Avg7UpdSvc" = C:\Program Files\Grisoft\AVG7\avgupsvc.exe [GRISOFT, s.r.o.]

"AVGFwSrv" = C:\Program Files\Grisoft\AVG7\avgfwsrv.exe [GRISOFT, s.r.o.]

"Boonty Games" = C:\PROGRAM FILES\FICHIERS COMMUNS\BOONTY SHARED\SERVICE\BOONTY.EXE [bOONTY]

"BT4501D" = system32\DRIVERS\BT4501D.sys [file not found]

"DCamUSBEMPIA" = C:\WINDOWS\SYSTEM32\DRIVERS\EMDEVICE.SYS [eMPIA Technology, Inc.]

"dmboot" = C:\WINDOWS\SYSTEM32\DRIVERS\DMBOOT.SYS [Microsoft Corp., Veritas Software]

"DMICall" = C:\WINDOWS\SYSTEM32\DRIVERS\DMICALL.SYS [sony Corporation]

"dmio" = C:\WINDOWS\SYSTEM32\DRIVERS\DMIO.SYS [Microsoft Corp., Veritas Software]

"dmload" = C:\WINDOWS\SYSTEM32\DRIVERS\DMLOAD.SYS [Microsoft Corp., Veritas Software.]

"E1000" = C:\WINDOWS\SYSTEM32\DRIVERS\E1000325.SYS [intel Corporation]

"ewido anti-spyware 4.0 driver" = C:\PROGRAM FILES\EWIDO ANTI-SPYWARE 4.0\GUARD.SYS [Empty]

"ewido anti-spyware 4.0 guard" = C:\PROGRAM FILES\EWIDO ANTI-SPYWARE 4.0\GUARD.EXE [Anti-Malware Development a.s.]

"FiltUSBEMPIA" = C:\WINDOWS\SYSTEM32\DRIVERS\EMFILTER.SYS [eMPIA Technology Inc.]

"GEARAspiWDM" = System32\Drivers\GEARAspiWDM.sys [file not found]

"giveio" = C:\WINDOWS\SYSTEM32\GIVEIO.SYS [Empty]

"HPZid412" = C:\WINDOWS\SYSTEM32\DRIVERS\HPZID412.SYS [HP]

"HPZipr12" = C:\WINDOWS\SYSTEM32\DRIVERS\HPZIPR12.SYS [HP]

"HPZius12" = C:\WINDOWS\SYSTEM32\DRIVERS\HPZIUS12.SYS [HP]

"HSFHWICH" = C:\WINDOWS\SYSTEM32\DRIVERS\HSFHWICH.SYS [Conexant Systems, Inc.]

"HSF_DP" = C:\WINDOWS\SYSTEM32\DRIVERS\HSF_DP.SYS [Conexant Systems, Inc.]

"IDriverT" = C:\PROGRAM FILES\FICHIERS COMMUNS\INSTALLSHIELD\DRIVER\11\INTEL 32\IDRIVERT.EXE [Macrovision Corporation]

"iPodService" = C:\PROGRAM FILES\IPOD\BIN\IPODSERVICE.EXE [Apple Computer, Inc.]

"mdmxsdk" = C:\WINDOWS\SYSTEM32\DRIVERS\MDMXSDK.SYS [Conexant]

"MTsensor" = C:\WINDOWS\SYSTEM32\DRIVERS\ATKACPI.SYS [Empty]

"netrcacm" = C:\WINDOWS\SYSTEM32\DRIVERS\NETRCACM.SYS [Thomson Inc.]

"O&O Defrag" = C:\WINDOWS\SYSTEM32\OODAG.EXE [O&O Software GmbH]

"PACSPTISVR" = C:\PROGRAM FILES\FICHIERS COMMUNS\SONY SHARED\AVLIB\PACSPTISVR.EXE [sony Corporation]

"pelmouse" = C:\WINDOWS\SYSTEM32\DRIVERS\PELMOUSE.SYS [Primax Electronics Ltd.]

"pelusblf" = C:\WINDOWS\SYSTEM32\DRIVERS\PELUSBLF.SYS [Primax Electronics Ltd.]

"Pml Driver HPZ12" = C:\WINDOWS\SYSTEM32\HPZIPM12.EXE [HP]

"Ptilink" = C:\WINDOWS\SYSTEM32\DRIVERS\PTILINK.SYS [Parallel Technologies, Inc.]

"PxHelp20" = C:\WINDOWS\SYSTEM32\DRIVERS\PXHELP20.SYS [sonic Solutions]

"ScanUSBEMPIA" = C:\WINDOWS\SYSTEM32\DRIVERS\EMSCAN.SYS [eMPIA Technology, Inc.]

"Secdrv" = C:\WINDOWS\SYSTEM32\DRIVERS\SECDRV.SYS [Empty]

"sfdrv01" = C:\WINDOWS\SYSTEM32\DRIVERS\SFDRV01.SYS [Protection Technology]

"sfhlp02" = C:\WINDOWS\SYSTEM32\DRIVERS\SFHLP02.SYS [Protection Technology]

"sfvfs02" = C:\WINDOWS\SYSTEM32\DRIVERS\SFVFS02.SYS [Protection Technology]

"SNC" = C:\WINDOWS\SYSTEM32\DRIVERS\SONYNC.SYS [sony Corporation]

"SONYPVU1" = C:\WINDOWS\SYSTEM32\DRIVERS\SONYPVU1.SYS [sony Corporation]

"SONYTVC" = C:\WINDOWS\SYSTEM32\DRIVERS\SONYTVC.SYS [sony Corporation]

"speedfan" = C:\WINDOWS\SYSTEM32\SPEEDFAN.SYS [Windows ® 2000 DDK provider]

"SPI" = C:\WINDOWS\SYSTEM32\DRIVERS\SONYPI.SYS [sony Corporation]

"SPTISRV" = C:\PROGRAM FILES\FICHIERS COMMUNS\SONY SHARED\AVLIB\SPTISRV.EXE [sony Corporation]

"sp_rsdrv2" = C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SPYWARE TERMINATOR\SP_RSDRV2.SYS [Empty]

"tifmsony" = C:\WINDOWS\SYSTEM32\DRIVERS\TIFMSONY.SYS [Texas Instruments]

"VAIO Entertainment Aggregation and Control Service" = C:\PROGRAM FILES\FICHIERS COMMUNS\SONY SHARED\VAIO ENTERTAINMENT\VZRS\VZRS.EXE [sony Corporation]

"VAIO Entertainment Task Scheduler" = C:\PROGRAM FILES\SONY\VAIO ENTERTAINMENT\VZTASKSCHEDULER.EXE [sony Corporation]

"VAIO Entertainment TV Device Arbitration Service" = C:\PROGRAM FILES\FICHIERS COMMUNS\SONY SHARED\VAIO ENTERTAINMENT PLATFORM\VZCS\VZHARDWARERESOURCEMANAGER\VZHARDWARERESOURCEMANAGER.EXE [sony Corporation]

"VAIOMediaPlatform-IntegratedServer-AppServer" = C:\PROGRAM FILES\SONY\VAIO MEDIA INTEGRATED SERVER\VMISRV.EXE [sony Corporation]

"VAIOMediaPlatform-IntegratedServer-HTTP" = C:\PROGRAM FILES\SONY\VAIO MEDIA INTEGRATED SERVER\PLATFORM\SV_HTTPD.EXE [sony Corporation]

"VAIOMediaPlatform-IntegratedServer-UPnP" = C:\PROGRAM FILES\SONY\VAIO MEDIA INTEGRATED SERVER\PLATFORM\UPNPFRAMEWORK.EXE [sony Corporation]

"VAIOMediaPlatform-Mobile-Gateway" = C:\PROGRAM FILES\SONY\VAIO MEDIA INTEGRATED SERVER\PLATFORM\VMGATEWAY.EXE [sony Corporation]

"VCI" = C:\PROGRAM FILES\SONY\VAIO COOPERATED INITIALISATION\VCI_SVC.EXE [sony Corporation]

"Vcsw" = C:\PROGRAM FILES\FICHIERS COMMUNS\SONY SHARED\VAIO ENTERTAINMENT PLATFORM\VCSW\VCSW.EXE [sony Corporation]

"VzCdbSvc" = C:\PROGRAM FILES\FICHIERS COMMUNS\SONY SHARED\VAIO ENTERTAINMENT PLATFORM\VZCDB\VZCDBSVC.EXE [sony Corporation]

"VzFw" = C:\PROGRAM FILES\FICHIERS COMMUNS\SONY SHARED\VAIO ENTERTAINMENT PLATFORM\VZCDB\VZFW.EXE [sony Corporation]

"w22n51" = C:\WINDOWS\SYSTEM32\DRIVERS\W22N51.SYS [intel® Corporation]

"winachsf" = C:\WINDOWS\SYSTEM32\DRIVERS\HSF_CNXT.SYS [Conexant Systems, Inc.]

 

Protocol Filters Scan

Class Install Handler = {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} (C:\WINDOWS\SYSTEM32\URLMON.DLL) [Microsoft Corporation]

text/xml = {807553E5-5146-11D5-A672-00B0D022E945} (C:\PROGRAM FILES\FICHIERS COMMUNS\MICROSOFT SHARED\OFFICE11\MSOXMLMF.DLL) [Microsoft Corporation]

 

Hosts Scan

LOCALHOST mapping = 1

 

IE Scan

IERESET.INF missing Signature="$CHICAGO$"

IERESET.INF missing AdvancedINF=2.5,"You need a new version of advpack.dll"

IERESET.INF missing AddReg=RestoreHomePage.reg

IERESET.INF missing HKCU,"Software\Microsoft\Internet Explorer\Main","Start Page",0,%START_PAGE_URL%

IERESET.INF missing HKLM,"Software\Microsoft\Internet Explorer\Main","Default_Page_URL",0,%START_PAGE_URL%

IERESET.INF missing HKLM,"Software\Microsoft\Internet Explorer\Main","Default_Search_URL",0,%SEARCH_PAGE_URL%

IERESET.INF missing HKLM,"Software\Microsoft\Internet Explorer\Main","Search Page",0,%SEARCH_PAGE_URL%

IERESET.INF missing HKLM,"Software\Microsoft\Internet Explorer\Main\UrlTemplate","1",0,"www.%s.com"

IERESET.INF missing HKLM,"Software\Microsoft\Internet Explorer\Main\UrlTemplate","2",0,"www.%s.org"

IERESET.INF missing HKLM,"Software\Microsoft\Internet Explorer\Main\UrlTemplate","3",0,"www.%s.net"

IERESET.INF missing HKLM,"Software\Microsoft\Internet Explorer\Main\UrlTemplate","4",0,"www.%s.edu"

IERESET.INF missing HKCU,"Software\Microsoft\Internet Explorer\Main","Search Page",0,%SEARCH_PAGE_URL%

IERESET.INF missing HKCU,"Software\Microsoft\Internet Explorer\SearchUrl","Provider",0,""

IERESET.INF missing HKLM,"Software\Microsoft\Internet Explorer\Search","SearchAssistant",0,"http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"

IERESET.INF missing HKLM,"Software\Microsoft\Internet Explorer\Search","CustomizeSearch",0,"http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm"

IERESET.INF missing HKLM,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\SafeSites",%SAFESITE_VALUE%,0,"http://ie.search.msn.com/*"

IERESET.INF missing HKLM,"Software\Microsoft\Internet Explorer\Main\UrlTemplate","5"

IERESET.INF missing HKLM,"Software\Microsoft\Internet Explorer\Main\UrlTemplate","6"

IERESET.INF missing HKLM,"Software\Microsoft\Internet Explorer\Main\UrlTemplate","7"

IERESET.INF missing HKLM,"Software\Microsoft\Internet Explorer\Main\UrlTemplate","8"

IERESET.INF missing HKLM,"Software\Microsoft\Internet Explorer\Main\UrlTemplate","9"

IERESET.INF missing HKCU,"Software\Microsoft\Internet Explorer\Main","AutoSearch"

IERESET.INF missing SEARCH_PAGE_URL="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

IERESET.INF missing AddReg=RestoreBrowserSettings.reg

IERESET.INF missing DelReg=DeleteTemplates.reg or DelReg=DeleteTemplates.reg, DeleteAutosearch.reg

IERESET.INF missing START_PAGE_URL="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"'>http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome" or START_PAGE_URL="http://www.msn.com"'>http://www.msn.com"

IERESET.INF missing SAFESITE_VALUE="http://home.microsoft.com/" or SAFESITE_VALUE="ie.search.msn.com"

IERESET.INF missing MS_START_PAGE_URL="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome" or MS_START_PAGE_URL="http://www.msn.com"

TuneUp = file://C|/Documents and Settings/All Users/Application Data/TuneUp Software/Common/base.css HIJACK WARNING!

 

WinSock2 Scan

Protocol Entry 000000000001 = C:\WINDOWS\SYSTEM32\AVGFWAFU.DLL [GRISOFT, s.r.o.]

Protocol Entry 000000000002 = C:\WINDOWS\SYSTEM32\AVGFWAFU.DLL [GRISOFT, s.r.o.]

Protocol Entry 000000000003 = C:\WINDOWS\SYSTEM32\AVGFWAFU.DLL [GRISOFT, s.r.o.]

Protocol Entry 000000000004 = C:\WINDOWS\SYSTEM32\AVGFWAFU.DLL [GRISOFT, s.r.o.]

Protocol Entry 000000000005 = C:\WINDOWS\SYSTEM32\AVGFWAFU.DLL [GRISOFT, s.r.o.]

Modifié le 15 juillet 2006 par Marco911

[bruce lee]

Re,

 

As tu supprimé les elements trouvé par spyware terminator?

[Marco911]

Oui oui bien sur , et ensuite j'ai edité le rapport ....

 

D'ailleurs en ce moment même, je fais un scan panda, je suis a 306.000 fichiers scannés ... et deja 12 logiciels espions detectes ( pas d'outils indesirables pour le moment )

[bruce lee]

re,

 

D'ailleurs en ce moment même, je fais un scan panda, je suis a 306.000 fichiers scannés ... et deja 12 logiciels espions detectes ( pas d'outils indesirables pour le moment )

 

Courage, on va les avoir ces bestioles

 

A la fin, poste le rapport.

 

@+

[Marco911]

Ce n'est pas le courage qui nous manque

3 Pages - 42 Messages et 505 consultations

Si ca ce n'est pas de la perseverance je ne sais pas ce que c'est

 

Bravo a toi Bruce Lee

Des que le scan est terminé je post le rapport

[Marco911]

Et voila un nouveau rapport tout chaud

 

Incident Statut Analyse

 

Adware:adware/sidesearch No Désinfecté Registre Windows

Adware:adware/block-checker No Désinfecté Registre Windows

Spyware:Cookie/YieldManager No Désinfecté C:\Documents and Settings\user\Cookies\user@ad.yieldmanager[2].txt

Spyware:Cookie/Com.com No Désinfecté C:\Documents and Settings\user\Cookies\user@com[1].txt

Spyware:Cookie/ErrorSafe No Désinfecté C:\Documents and Settings\user\Cookies\user@errorsafe[2].txt

Spyware:Cookie/Statcounter No Désinfecté C:\Documents and Settings\user\Cookies\user@statcounter[2].txt

Spyware:Cookie/Reliablestats No Désinfecté C:\Documents and Settings\user\Cookies\user@stats1.reliablestats[2].txt

Spyware:Cookie/Weborama No Désinfecté C:\Documents and Settings\user\Cookies\user@weborama[2].txt

Spyware:Cookie/ErrorSafe No Désinfecté C:\Documents and Settings\user\Cookies\user@www.errorsafe[1].txt

Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\user\Cookies\user@xiti[1].txt

Spyware:Spyware/BetterInet No Désinfecté C:\Program Files\Microsoft AntiSpyware\Quarantine\4FEEAEB8-4FEB-47AF-8594-8E6814\B08459D8-F5CE-4725-8B1E-D83458

[bruce lee]

re,

 

Ok, le rapport est deja nettement plus propre, a mon avis, ce qui reste c'est des faux positifs... Car le reste c'est des cookies, et le denrier spyware du rapport est deja en quarentaine.

 

Reutilises reg search, et fais comme recherche sidesearch et poste le resultat.

 

@+

[Marco911]

Et voila le resultat :

 

REGEDIT4

 

; Registry Search by Bobbi Flekman © 2005

; Version: 1.0.2.4

 

; Results at 15/07/2006 19:56:25 for strings:

; 'sidesearch'

; Strings excluded from search:

; (None)

; Search in:

; Registry Keys Registry Values Registry Data

; HKEY_LOCAL_MACHINE HKEY_USERS

 

 

; End Of The Log...

[bruce lee]

Bonjour,

 

On va verifier une chose:

 

1/ demarrer/executer/regedit

 

2/supprime ce qui est en gras et surtout rien d'autres!

 

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\ {00000762-3965-4A1A-98CE-3D4BF457D4C8}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\ {000007AB-7059-463E-BD44-101A1750D732}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\ {C30793AF-14B2-4300-8B5D-4BFA3987050E}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\ {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\ {FFFFDA2C-A0D5-4D60-8EE1-1B7F8929E24D}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\ {3A951AF0-53F8-4803-A565-0E1DEE4B11F5}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\ {AF286CEA-635D-40C5-A891-B40A0F520539}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\ {4E627A1E-BC4B-4FAF-8DE8-1D9A54D37DA3}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ {000007AB-7059-463E-BD44-101A1750D732}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ {000007C6-17DF-4438-92A4-DE5537471BA3}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {00000762-3965-4A1A-98CE-3D4BF457D4C8}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {FFFFDA2C-A0D5-4D60-8EE1-1B7F8929E24D}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94}

HKEY_LOCAL_MACHINE\SOFTWARE\ Lycos

HKEY_LOCAL_MACHINE\SOFTWARE\Lycos\ Sidesearch

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ Sep.Band

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ Sep.Band.1

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ Sep.Search

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ Sep.Search.1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ SEP

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ Lycos Sidesearch

 

3/ quitte le registre

 

4/ dis moi si tu as reussi a trouver et a supprimer ce qui est en gras

 

NOTE: il y aura surement des clés que tu ne trouveras pas.

[Marco911]

Je n'en trouve aucune !!!

 

Il y a meme des dossiers que je n'ai pas !! tel que

 

HKEY_LOCAL_MACHINE\SOFTWARE \Microsoft\