Multiple infection
cathar6
-
Utilisateur anonyme -
Utilisateur anonyme -
bonjour a tous ! j'ai fait un scan avec spyware nuker XT et j'ai été etonnée de voir tout ce qu'il ma trouvé , pouvez vous m'aidez a m'en débarrassez !!
merci infiniment
Spyware Nuker XT Detection Report
Scan Started:
12/31/2006 11:23
Software Version:
4.8.77.1815
Database Version:
12/11/2006 09:41:36 AM
Operating System:
Windows XP 5.1.2600 [Service Pack 1]
Web Browser(s):
IE:6.0.2800.1106;FF:1.5.0.9 (fr);
24/7 RealMedia
960-55877
A cookie that is shared among websites to track your web surfing habits.
Cookie
Mozilla Firefox | .247realmedia.com/ | 548595 | 20
Cookie
Mozilla Firefox | .247realmedia.com/ | itcanban | 1
Cookie
Mozilla Firefox | .247realmedia.com/ | RMFD | 011H0lmaO1...
Cookie
Mozilla Firefox | .247realmedia.com/ | RMID | 56cac73145...
Cookie
Mozilla Firefox | .247realmedia.com/ | wub1206 | 4
Cookie
Mozilla Firefox | .247realmedia.com/ | wumb1206 | 4
2o7
669-33236
A cookie that is shared among websites to track your web surfing habits.
Cookie
Mozilla Firefox | .msnportal.112.2o7.net/ | s_vi | [CS]v1|459...
Cookie
Mozilla Firefox | .sfr.122.2o7.net/ | s_vi | [CS]v1|459...
Advertising.com
679-1710
A cookie that is shared among websites to track your web surfing habits.
Cookie
Mozilla Firefox | .advertising.com/ | ACID | cc50001167...
Cookie
Mozilla Firefox | .advertising.com/ | BASE | 66gkFfd9ym...
Cookie
Mozilla Firefox | .advertising.com/ | F1 | B88zWWEBAA...
Cookie
Mozilla Firefox | .advertising.com/ | ROLL | Z+vdvb/ua7...
Adware.MediaTickets
646-22651
Silently connects to its controlling servers where it downloads files. May display pop-up advertisements.
Registry Key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/MediaTicketsInstaller.ocx
Registry Value
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/MediaTicketsInstaller.ocx:.Owner
Registry Value
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/MediaTicketsInstaller.ocx:{9EB320CE-BE1D-4304-A081-4B4665414BEF}
File
C:\WINDOWS\System32\oi-uninstaller.ico
Bluestreak
819-49880
A cookie that is shared among websites to track your web surfing habits.
Cookie
Mozilla Firefox | .bluestreak.com/ | id | 4373208768...
CashEngines
968-55887
A cookie that is shared among websites to track your web surfing habits.
Cookie
Mozilla Firefox | click.cashengines.com/ | Click | 7e69bf63-f...
CoolWebSearch
539-53077
Hijacks browser settings and redirects traffic to a search portal site.
File
C:\tmp.txt
DoubleClick
446-2378
A cookie that is shared among websites to track your web surfing habits.
Cookie
Mozilla Firefox | .doubleclick.net/ | id | 800000b3f9...
EyeBlaster
979-55898
A cookie that is shared among websites to track your web surfing habits.
Cookie
Mozilla Firefox | .serving-sys.com/ | A1 | 1gNk2bPO03...
Cookie
Mozilla Firefox | .serving-sys.com/ | B1 | 0FWV08885Q
Cookie
Mozilla Firefox | .serving-sys.com/ | C1 | 07Rh8885Q%...
Cookie
Mozilla Firefox | .serving-sys.com/ | D1 | 07Rh018y88...
Cookie
Mozilla Firefox | .serving-sys.com/ | E1 | 03c08885Q
Fast Click
438-2102
A cookie that is shared among websites to track your web surfing habits.
Cookie
Mozilla Firefox | .fastclick.net/ | m1 | d101289:1:...
Cookie
Mozilla Firefox | .fastclick.net/ | m3 | d101291:1:...
Cookie
Mozilla Firefox | .fastclick.net/ | m6 | 66745:1:13...
Cookie
Mozilla Firefox | .fastclick.net/ | pluto | 22020772-e...
HitBox
447-2382
A cookie that is shared among websites to track your web surfing habits.
Cookie
Mozilla Firefox | .hitbox.com/ | CTG | 1167511160
Cookie
Mozilla Firefox | .ehg-logantod.hitbox.com/ | DM56031688NVV6 | V1eB(#X"rz...
Cookie
Mozilla Firefox | .hitbox.com/ | WSS_GW | V1z%%e@Q%%...
Keylogger.Msconfg
1168-62254
Logs all keystrokes and sends them to its server. Silently attempts to infect other computers on the network.
Registry Value
HKEY_CURRENT_USER\Software\Microsoft\OLE:Microsoft Update 32
Registry Value
HKEY_USERS\.DEFAULT\Software\Microsoft\OLE:Microsoft Update 32
Registry Value
HKEY_USERS\S-1-5-18\Software\Microsoft\OLE:Microsoft Update 32
Malware.win32ssr
1210-62631
Lowers system security settings. Makes connections to the internet and downloads other bad files. Attempts to infect other computers on a local network by scanning local IP addresses.
File
C:\WINDOWS\System32\SVKP.sys
MediaPlex
448-2383
A cookie that is shared among websites to track your web surfing habits.
Cookie
Mozilla Firefox | .mediaplex.com/ | svid | 5259884295
SpyAnytime
1107
Spy software which silently logs keystrokes and monitors computer activity.
File
C:\Program Files\Fichiers communs\Logitech\QCDriver\ijl11.dll
TradeDoubler
1009-56791
A cookie that is shared among websites to track your web surfing habits.
Cookie
Mozilla Firefox | .tradedoubler.com/ | TD_PIC | 988046*5Z1...
Cookie
Mozilla Firefox | .tradedoubler.com/ | TD_UNIQUE_IMP | 463a368121...
Trojan.Lsass
1156-61522
Silently connects to a remote location where it downloads other files. Opens certain ports and attempts to disable certain security features on an infected computer. May cause your system to shutdown.
Registry Value
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks:{00DBDAC8-4691-4797-8E6A-7C6AB89BC441}
Registry Key
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lsass
Registry Value
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lsass:Description
Registry Value
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lsass:DisplayName
Registry Value
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lsass:ErrorControl
Registry Value
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lsass:FailureActions
Registry Value
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lsass:ObjectName
Registry Value
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lsass:Start
Registry Value
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lsass:Type
Registry Key
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lsass\Security
Registry Value
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lsass\Security:Security
Registry Key
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lsass
Registry Value
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lsass:Description
Registry Value
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lsass:DisplayName
Registry Value
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lsass:ErrorControl
Registry Value
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lsass:FailureActions
Registry Value
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lsass:ObjectName
Registry Value
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lsass:Start
Registry Value
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lsass:Type
Registry Key
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lsass\Enum
Registry Value
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lsass\Enum:0
Registry Value
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lsass\Enum:Count
Registry Value
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lsass\Enum:NextInstance
Registry Key
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lsass\Security
Registry Value
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lsass\Security:Security
Registry Key
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\rdriv
Registry Value
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\rdriv:DisplayName
Registry Value
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\rdriv:ErrorControl
Registry Value
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\rdriv:Start
Registry Value
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\rdriv:Type
Registry Key
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\rdriv\Security
Registry Value
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\rdriv\Security:Security
Registry Key
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rdriv
Registry Value
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rdriv:DisplayName
Registry Value
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rdriv:ErrorControl
Registry Value
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rdriv:Start
Registry Value
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rdriv:Type
Registry Key
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rdriv\Security
Registry Value
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rdriv\Security:Security
Trojan.msmsgs
1123-60562
Silently connects to it's controlling server where it transmits information, recieves instructions, and downloads other files. Hijacks IE's homepage as well as Windows desktop and changes IE's Security and ZoneMap settings.
Registry Value
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range10::Range:85.255.117.243
aQuantive
978-2354
A cookie that is shared among websites to track your web surfing habits.
Cookie
Mozilla Firefox | .atdmt.com/ | AA002 | 1167420813...
merci infiniment
Spyware Nuker XT Detection Report
Scan Started:
12/31/2006 11:23
Software Version:
4.8.77.1815
Database Version:
12/11/2006 09:41:36 AM
Operating System:
Windows XP 5.1.2600 [Service Pack 1]
Web Browser(s):
IE:6.0.2800.1106;FF:1.5.0.9 (fr);
24/7 RealMedia
960-55877
A cookie that is shared among websites to track your web surfing habits.
Cookie
Mozilla Firefox | .247realmedia.com/ | 548595 | 20
Cookie
Mozilla Firefox | .247realmedia.com/ | itcanban | 1
Cookie
Mozilla Firefox | .247realmedia.com/ | RMFD | 011H0lmaO1...
Cookie
Mozilla Firefox | .247realmedia.com/ | RMID | 56cac73145...
Cookie
Mozilla Firefox | .247realmedia.com/ | wub1206 | 4
Cookie
Mozilla Firefox | .247realmedia.com/ | wumb1206 | 4
2o7
669-33236
A cookie that is shared among websites to track your web surfing habits.
Cookie
Mozilla Firefox | .msnportal.112.2o7.net/ | s_vi | [CS]v1|459...
Cookie
Mozilla Firefox | .sfr.122.2o7.net/ | s_vi | [CS]v1|459...
Advertising.com
679-1710
A cookie that is shared among websites to track your web surfing habits.
Cookie
Mozilla Firefox | .advertising.com/ | ACID | cc50001167...
Cookie
Mozilla Firefox | .advertising.com/ | BASE | 66gkFfd9ym...
Cookie
Mozilla Firefox | .advertising.com/ | F1 | B88zWWEBAA...
Cookie
Mozilla Firefox | .advertising.com/ | ROLL | Z+vdvb/ua7...
Adware.MediaTickets
646-22651
Silently connects to its controlling servers where it downloads files. May display pop-up advertisements.
Registry Key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/MediaTicketsInstaller.ocx
Registry Value
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/MediaTicketsInstaller.ocx:.Owner
Registry Value
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/MediaTicketsInstaller.ocx:{9EB320CE-BE1D-4304-A081-4B4665414BEF}
File
C:\WINDOWS\System32\oi-uninstaller.ico
Bluestreak
819-49880
A cookie that is shared among websites to track your web surfing habits.
Cookie
Mozilla Firefox | .bluestreak.com/ | id | 4373208768...
CashEngines
968-55887
A cookie that is shared among websites to track your web surfing habits.
Cookie
Mozilla Firefox | click.cashengines.com/ | Click | 7e69bf63-f...
CoolWebSearch
539-53077
Hijacks browser settings and redirects traffic to a search portal site.
File
C:\tmp.txt
DoubleClick
446-2378
A cookie that is shared among websites to track your web surfing habits.
Cookie
Mozilla Firefox | .doubleclick.net/ | id | 800000b3f9...
EyeBlaster
979-55898
A cookie that is shared among websites to track your web surfing habits.
Cookie
Mozilla Firefox | .serving-sys.com/ | A1 | 1gNk2bPO03...
Cookie
Mozilla Firefox | .serving-sys.com/ | B1 | 0FWV08885Q
Cookie
Mozilla Firefox | .serving-sys.com/ | C1 | 07Rh8885Q%...
Cookie
Mozilla Firefox | .serving-sys.com/ | D1 | 07Rh018y88...
Cookie
Mozilla Firefox | .serving-sys.com/ | E1 | 03c08885Q
Fast Click
438-2102
A cookie that is shared among websites to track your web surfing habits.
Cookie
Mozilla Firefox | .fastclick.net/ | m1 | d101289:1:...
Cookie
Mozilla Firefox | .fastclick.net/ | m3 | d101291:1:...
Cookie
Mozilla Firefox | .fastclick.net/ | m6 | 66745:1:13...
Cookie
Mozilla Firefox | .fastclick.net/ | pluto | 22020772-e...
HitBox
447-2382
A cookie that is shared among websites to track your web surfing habits.
Cookie
Mozilla Firefox | .hitbox.com/ | CTG | 1167511160
Cookie
Mozilla Firefox | .ehg-logantod.hitbox.com/ | DM56031688NVV6 | V1eB(#X"rz...
Cookie
Mozilla Firefox | .hitbox.com/ | WSS_GW | V1z%%e@Q%%...
Keylogger.Msconfg
1168-62254
Logs all keystrokes and sends them to its server. Silently attempts to infect other computers on the network.
Registry Value
HKEY_CURRENT_USER\Software\Microsoft\OLE:Microsoft Update 32
Registry Value
HKEY_USERS\.DEFAULT\Software\Microsoft\OLE:Microsoft Update 32
Registry Value
HKEY_USERS\S-1-5-18\Software\Microsoft\OLE:Microsoft Update 32
Malware.win32ssr
1210-62631
Lowers system security settings. Makes connections to the internet and downloads other bad files. Attempts to infect other computers on a local network by scanning local IP addresses.
File
C:\WINDOWS\System32\SVKP.sys
MediaPlex
448-2383
A cookie that is shared among websites to track your web surfing habits.
Cookie
Mozilla Firefox | .mediaplex.com/ | svid | 5259884295
SpyAnytime
1107
Spy software which silently logs keystrokes and monitors computer activity.
File
C:\Program Files\Fichiers communs\Logitech\QCDriver\ijl11.dll
TradeDoubler
1009-56791
A cookie that is shared among websites to track your web surfing habits.
Cookie
Mozilla Firefox | .tradedoubler.com/ | TD_PIC | 988046*5Z1...
Cookie
Mozilla Firefox | .tradedoubler.com/ | TD_UNIQUE_IMP | 463a368121...
Trojan.Lsass
1156-61522
Silently connects to a remote location where it downloads other files. Opens certain ports and attempts to disable certain security features on an infected computer. May cause your system to shutdown.
Registry Value
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks:{00DBDAC8-4691-4797-8E6A-7C6AB89BC441}
Registry Key
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lsass
Registry Value
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lsass:Description
Registry Value
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lsass:DisplayName
Registry Value
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lsass:ErrorControl
Registry Value
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lsass:FailureActions
Registry Value
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lsass:ObjectName
Registry Value
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lsass:Start
Registry Value
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lsass:Type
Registry Key
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lsass\Security
Registry Value
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lsass\Security:Security
Registry Key
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lsass
Registry Value
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lsass:Description
Registry Value
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lsass:DisplayName
Registry Value
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lsass:ErrorControl
Registry Value
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lsass:FailureActions
Registry Value
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lsass:ObjectName
Registry Value
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lsass:Start
Registry Value
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lsass:Type
Registry Key
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lsass\Enum
Registry Value
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lsass\Enum:0
Registry Value
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lsass\Enum:Count
Registry Value
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lsass\Enum:NextInstance
Registry Key
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lsass\Security
Registry Value
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lsass\Security:Security
Registry Key
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\rdriv
Registry Value
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\rdriv:DisplayName
Registry Value
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\rdriv:ErrorControl
Registry Value
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\rdriv:Start
Registry Value
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\rdriv:Type
Registry Key
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\rdriv\Security
Registry Value
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\rdriv\Security:Security
Registry Key
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rdriv
Registry Value
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rdriv:DisplayName
Registry Value
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rdriv:ErrorControl
Registry Value
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rdriv:Start
Registry Value
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rdriv:Type
Registry Key
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rdriv\Security
Registry Value
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rdriv\Security:Security
Trojan.msmsgs
1123-60562
Silently connects to it's controlling server where it transmits information, recieves instructions, and downloads other files. Hijacks IE's homepage as well as Windows desktop and changes IE's Security and ZoneMap settings.
Registry Value
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range10::Range:85.255.117.243
aQuantive
978-2354
A cookie that is shared among websites to track your web surfing habits.
Cookie
Mozilla Firefox | .atdmt.com/ | AA002 | 1167420813...
A voir également:
- Multiple infection
- Ecran multiple pc - Guide
- Excel cellule choix multiple - Guide
- Copier coller multiple - Guide
- Publication multiple instagram format - Guide
- Envoi sms multiple - Forum Samsung
49 réponses
bonjour !
SmitFraudFix v2.132
Rapport fait à 12:00:55,37, 03/01/2007
Executé à partir de C:\Documents and Settings\sabrina\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est FAT32
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\sabrina
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\sabrina\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\sabrina\Favoris
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\PROGRA~1\\Google\\GOOGLE~4\\GOEC62~1.DLL"
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
SmitFraudFix v2.132
Rapport fait à 12:00:55,37, 03/01/2007
Executé à partir de C:\Documents and Settings\sabrina\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est FAT32
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\sabrina
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\sabrina\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\sabrina\Favoris
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\PROGRA~1\\Google\\GOOGLE~4\\GOEC62~1.DLL"
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
voila le hijack :
Logfile of HijackThis v1.99.1
Scan saved at 21:05:53, on 03/01/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Ontrack\SYSTEM~1\mxtask.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\sabrina\Bureau\Nouveau dossier (2)\metin !!.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\karim\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O17 - HKLM\System\CCS\Services\Tcpip\..\{2A8FAC4D-E9F0-408B-90AE-476BD8306011}: NameServer = 80.10.246.1 80.10.246.132
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
O23 - Service: ewido anti-spyware 4.0 guard - Unknown owner - (no file)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - rundll32.exe (file missing)
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: SystemSuite Task Manager - Ontrack Data International - C:\PROGRA~1\Ontrack\SYSTEM~1\mxtask.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
Logfile of HijackThis v1.99.1
Scan saved at 21:05:53, on 03/01/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Ontrack\SYSTEM~1\mxtask.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\sabrina\Bureau\Nouveau dossier (2)\metin !!.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\karim\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O17 - HKLM\System\CCS\Services\Tcpip\..\{2A8FAC4D-E9F0-408B-90AE-476BD8306011}: NameServer = 80.10.246.1 80.10.246.132
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
O23 - Service: ewido anti-spyware 4.0 guard - Unknown owner - (no file)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - rundll32.exe (file missing)
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: SystemSuite Task Manager - Ontrack Data International - C:\PROGRA~1\Ontrack\SYSTEM~1\mxtask.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
Salut
Pour avancer Philo
Pare-Feu gratos
télécharger la version gratuite de Kerio (avec Avast => moins de conflits)
https://www.clubic.com/telecharger-fiche11071-sunbelt-personal-firewall-ex-kerio.html
Tuto =>
https://www.vulgarisation-informatique.com/kerio.php
Site de Kerio
https://kerio.probb.fr/
A++
Pour avancer Philo
Pare-Feu gratos
télécharger la version gratuite de Kerio (avec Avast => moins de conflits)
https://www.clubic.com/telecharger-fiche11071-sunbelt-personal-firewall-ex-kerio.html
Tuto =>
https://www.vulgarisation-informatique.com/kerio.php
Site de Kerio
https://kerio.probb.fr/
A++
On ne met pas d'anti-spy en tache de fond en général !
(on peut, bien sûr)
Perso j'ai F-secure Internet security qui fait tout.
Ceci dit dans Spyboot il existe la fonction de vaccination.
Mais les résidents antimalware peuvent ralentir ta machine.
C'est la raison de mon install de F-secure, afin d'éviter de mutilplier les processus....pitié pour nos PC !
(on peut, bien sûr)
Perso j'ai F-secure Internet security qui fait tout.
Ceci dit dans Spyboot il existe la fonction de vaccination.
Mais les résidents antimalware peuvent ralentir ta machine.
C'est la raison de mon install de F-secure, afin d'éviter de mutilplier les processus....pitié pour nos PC !
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
toi en plus t'en as un avec f-secure mais par contre moi je devrais pas en avoir un ???
---------------------------------------------------------------------------------
(on peut, bien sûr)
s'il ne fait pas partie intègre de ton fire wall/anti-virus ça risque de ralentir ton PC.
Il est évident qu'en temps normal (hors désinfection, tu fais comme il te semble bon )
La seule chose....JAMAIS deux anti-virus, ni deux anti-malwares résidents ( à ne pas confondre avec installer dans ton PC )
Note:
Seulement faut attention AVG par exemple colle trés vite la protection/temps réel à l'install ! (les autres aussi)
Mais dans le cas d'une désinfection en cours je ne préconise pas l'ajout/ni l'utilisation d'un anti-malware.
----------------------------------------------------------------
Perso je suggère EWIDO, actuellement AVG (français) mais ne pas installer la protection résidente.
On peut la remettre en cas de PC "clean" et si celui-ci est assez performant.
---------------------------------------------------------------------------------
(on peut, bien sûr)
s'il ne fait pas partie intègre de ton fire wall/anti-virus ça risque de ralentir ton PC.
Il est évident qu'en temps normal (hors désinfection, tu fais comme il te semble bon )
La seule chose....JAMAIS deux anti-virus, ni deux anti-malwares résidents ( à ne pas confondre avec installer dans ton PC )
Note:
Seulement faut attention AVG par exemple colle trés vite la protection/temps réel à l'install ! (les autres aussi)
Mais dans le cas d'une désinfection en cours je ne préconise pas l'ajout/ni l'utilisation d'un anti-malware.
----------------------------------------------------------------
Perso je suggère EWIDO, actuellement AVG (français) mais ne pas installer la protection résidente.
On peut la remettre en cas de PC "clean" et si celui-ci est assez performant.
wech philo2100 !
ok reçu 5 sur 5 !!
PS : est-ce que ton pseudo a-t-il un lien avec le fait que tu t'y connaisse en philo car je suis en terminale et j'ai besoin d'aide en philo ???
merci infiniment
ok reçu 5 sur 5 !!
PS : est-ce que ton pseudo a-t-il un lien avec le fait que tu t'y connaisse en philo car je suis en terminale et j'ai besoin d'aide en philo ???
merci infiniment
