Analyse Hijackthis

Argéades -  
balltrap34 Messages postés 16241 Statut Contributeur sécurité -
Bonjour,

Suite à des ralentissements de mon PC, j'ai scanné mon PC avec HijackThis.
Merci de m'indiquer ce qu'il est recommandé de fixer.

Logfile of HijackThis v1.98.0
Scan saved at 17:22:09, on 02/07/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\WINDOWS\System32\Drivers\XWMSAPI.EXE
C:\Program Files\Xerox\ControlCentre 2.0\XWCTray.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\BulletProofSoft.com\SpywareRemover\SpyWatch.exe
C:\Program Files\Harrap's Multimédia\Shorter\bin\HiHarrapsTray.exe
C:\Program Files\XEROX\ControlCentre 2.0\Pagis\Monitor.exe
C:\Program Files\BulletProofSoft.com\SpywareRemover\89D4ADA.DLL
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/fr/fra/gen/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/countries/fr/fra/gen/default.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: UserInit=C:\Windows\System32\wsaupdater.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\Xerox\CONTRO~1.0\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKLM\..\Run: [XWMSUSBAPI] C:\WINDOWS\System32\Drivers\XWMSAPI.EXE
O4 - HKLM\..\Run: [ControlCentreTray] "C:\Program Files\Xerox\ControlCentre 2.0\XWCTray.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\Xerox\CONTRO~1.0\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [spywatch] C:\Program Files\BulletProofSoft.com\SpywareRemover\SpyWatch.exe /STARTUP
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE
O4 - HKCU\..\Run: [WNSI] C:\WINDOWS\System32\wnscpsu.exe
O4 - HKCU\..\Run: [BPSANTISPY] C:\Program Files\BulletProofSoft.com\SpywareRemover\Spyware.exe /STARTUP
O4 - Global Startup: Ask Harrap's Shorter.lnk = ?
O4 - Global Startup: Contrôleur de planification Pagis.lnk = C:\Program Files\XEROX\ControlCentre 2.0\Pagis\Monitor.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: Interface Chat Wanadoo - http://chat10.x-echo.com/version3/Applet/wchatsign.cab
O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cab
O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} (EGEGAUTH Class) - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1015_FR_XP.cab
O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downloadv3.com/binaries/IA/nethv32_FR_XP.cab
O16 - DPF: {7DBFDA8E-D33B-11D4-9269-00600868E56E} (WWWInstall Class) - http://www.edipole.fr/kits/WebInstall.dll
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AE878B14-312C-4C3E-9590-520BE97C5392}: NameServer = 212.151.136.254 130.244.127.170

10 réponses

  1. darkcrystal33 Messages postés 3815 Statut Contributeur 193
     
    a fixer==>

    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} (EGEGAUTH Class) - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1015_FR_XP.cab
    O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{AE878B14-312C-4C3E-9590-520BE97C5392}: NameServer = 212.151.136.254 130.244.127.170
    0
  2. Argéades
     
    Merci beaucoup.
    C'est fixé et ça marche beaucoup mieux.
    0
  3. balltrap34 Messages postés 16241 Statut Contributeur sécurité 332
     
    salut
    tu as trop de programme au demarrage supprime les du demarrage
    perso je ne laisse que mon anti virus mon pare feu
    pour cela
    tu click sur demarrer executer tu tapes msconfig
    tu vas sur l onglet demarrage tu decoche se que tu veut enlever du demarrage et ok tu redemarre une fenetre vas s ouvrir tu coche ne plus afficher se message et ok

    la chasse et le balltrap ma vrai passion
    http://pageperso.aol.fr/balltrap34/page1.html
    0
  4. lukky
     
    bonjour
    j ai un petit probleme evec ma page web d explorer

    blanc : blanc

    et page pub

    voici la reponce d adeware

    Vendor:CoolWebSearch
    Category:Malware
    Object Type:RegValue
    Size:-
    Location:SOFTWARE\Microsoft\Internet Explorer\Main\
    Last Activity:03-07-2004
    Risk LevelLow
    Comment:"HOMEOldSP"
    Description:Malware, Hijacker. Hijacks Browser pages, default search-engine and HOSTS file.Installs unsolicited, runs stealth.(Also known as CWS hijack)

    jai scaner avec hijackthis

    voici mec log

    merci de m aider a solutionner mon probleme

    Logfile of HijackThis v1.98.0
    Scan saved at 16:08:35, on 03/07/2004
    Platform: Windows 2000 SP3 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\csrss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\AVPersonal\AVGUARD.EXE
    C:\Program Files\AVPersonal\AVWUPSRV.EXE
    C:\PROGRA~1\DIRECT~1\DUService.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\nero cd creation\InCD\InCDsrv.exe
    D:\configuration routeur di 624+\SCANER LAN\LANguard Network Security Scanner 3\sscansvc.exe
    C:\WINNT\System32\nvsvc32.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\system32\stisvc.exe
    C:\WINNT\system32\ZoneLabs\vsmon.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\SOUNDMAN.EXE
    C:\WINNT\system32\GSICON.EXE
    C:\WINNT\system32\dslagent.exe
    C:\Program Files\nero cd creation\InCD\InCD.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\DirectUpdate\DUControl.exe
    C:\Program Files\AVPersonal\AVGNT.EXE
    C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\WINNT\system32\ctfmon.exe
    C:\Program Files\Spyware Doctor\spydoctor.exe
    C:\Program Files\a2\a2guard.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\Aluria Software\ASE\ASE Scheduler.exe
    C:\Program Files\flowprotector\flowprotector.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\PROGRA~1\WINZIP\winzip32.exe
    C:\Documents and Settings\Luc Guillaume.PC-LGUILLAUME\Local Settings\Temp\HijackThis.exe
    C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://cploving.awmhost.com/index.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.be/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\LUCGUI~1.PC-\LOCALS~1\Temp\sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\LUCGUI~1.PC-\LOCALS~1\Temp\sp.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://google.be
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\LUCGUI~1.PC-\LOCALS~1\Temp\sp.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\LUCGUI~1.PC-\LOCALS~1\Temp\sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\LUCGUI~1.PC-\LOCALS~1\Temp\sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://google.be
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = http://google.be
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\LUCGUI~1.PC-\LOCALS~1\Temp\sp.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = http://google.be
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://google.be
    R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://google.be
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.be/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.2:8080
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - {1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file)
    F0 - system.ini: Shell=
    F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,
    O1 - Hosts: 127.0.0.0 localhost
    O1 - Hosts: 127.0.0.2 auditmypc.com
    O1 - Hosts: 127.0.0.3 boards.cexx.org
    O1 - Hosts: 127.0.0.4 bulletproofsoft.net
    O1 - Hosts: 127.0.0.5 camtech2000.net
    O1 - Hosts: 127.0.0.6 cexx.org
    O1 - Hosts: 127.0.0.7 computercops.us
    O1 - Hosts: 127.0.0.8 ct7support.com
    O1 - Hosts: 127.0.0.9 doxdesk.com
    O1 - Hosts: 127.0.0.20 kellys-korner-xp.com
    O1 - Hosts: 127.0.0.21 kephyr.com
    O1 - Hosts: 127.0.0.22 lavasoft.de
    O1 - Hosts: 127.0.0.23 lavasoftusa.com
    O1 - Hosts: 127.0.0.24 lurkhere.com
    O1 - Hosts: 127.0.0.25 majorgeeks.com
    O1 - Hosts: 127.0.0.26 merijn.org
    O1 - Hosts: 127.0.0.27 mjc1.com
    O1 - Hosts: 127.0.0.28 moosoft.com
    O1 - Hosts: 127.0.0.29 mvps.org
    O1 - Hosts: 127.0.0.30 net-integration.net
    O1 - Hosts: 127.0.0.31 noadware.net
    O1 - Hosts: 127.0.0.32 no-spybot.com
    O1 - Hosts: 127.0.0.33 onlinepcfix.com
    O1 - Hosts: 127.0.0.34 pchell.com
    O1 - Hosts: 127.0.0.35 pestpatrol.com
    O1 - Hosts: 127.0.0.36 safer-networking.org
    O1 - Hosts: 127.0.0.37 secure.spykiller.com
    O1 - Hosts: 127.0.0.38 secureie.com
    O1 - Hosts: 127.0.0.39 security.kolla.de
    O1 - Hosts: 127.0.0.40 spybot.info
    O1 - Hosts: 127.0.0.41 spychecker.com
    O1 - Hosts: 127.0.0.42 spychecker.com
    O1 - Hosts: 127.0.0.43 spycop.com
    O1 - Hosts: 127.0.0.44 spyguard.com
    O1 - Hosts: 127.0.0.45 spykiller.com
    O1 - Hosts: 127.0.0.46 spyware.co.uk
    O1 - Hosts: 127.0.0.47 spyware-cop.com
    O1 - Hosts: 127.0.0.48 spywareinfo.com
    O1 - Hosts: 127.0.0.49 spywarenuker.com
    O1 - Hosts: 127.0.0.50 spywareremove.com
    O1 - Hosts: 127.0.0.51 spywareremove.com
    O1 - Hosts: 127.0.0.52 stopzillapro.com
    O1 - Hosts: 127.0.0.53 sunbelt-software.com
    O1 - Hosts: 127.0.0.54 thiefware.com
    O1 - Hosts: 127.0.0.55 tomcoyote.org
    O1 - Hosts: 127.0.0.56 unwantedlinks.com
    O1 - Hosts: 127.0.0.57 webattack.com
    O1 - Hosts: 127.0.0.58 wilders.org
    O1 - Hosts: 127.0.0.59 www.auditmypc.com
    O1 - Hosts: 127.0.0.60 www.bulletproofsoft.net
    O1 - Hosts: 127.0.0.61 www.cexx.org
    O1 - Hosts: 127.0.0.62 www.computercops.us
    O1 - Hosts: 127.0.0.63 www.ct7support.com
    O1 - Hosts: 127.0.0.64 www.doxdesk.com
    O1 - Hosts: 127.0.0.65 www.eblocs.com
    O1 - Hosts: 127.0.0.66 www.enigmasoftwaregroup.com
    O1 - Hosts: 127.0.0.67 www.free-spyware-scan.com
    O1 - Hosts: 127.0.0.68 www.free-web-browsers.com
    O1 - Hosts: 127.0.0.69 www.grc.com
    O1 - Hosts: 127.0.0.70 www.grisoft.com
    O1 - Hosts: 127.0.0.71 www.hackfaq.org
    O1 - Hosts: 127.0.0.72 www.hazeleger.net
    O1 - Hosts: 127.0.0.73 www.javacoolsoftware.com
    O1 - Hosts: 127.0.0.74 www.kellys-korner-xp.com
    O1 - Hosts: 127.0.0.75 www.kephyr.com
    O1 - Hosts: 127.0.0.76 www.lavasoft.de
    O1 - Hosts: 127.0.0.77 www.lavasoftusa.com
    O1 - Hosts: 127.0.0.78 www.lurkhere.com
    O1 - Hosts: 127.0.0.79 www.majorgeeks.com
    O1 - Hosts: 127.0.0.80 www.merijn.org
    O1 - Hosts: 127.0.0.81 www.mjc1.com
    O1 - Hosts: 127.0.0.82 www.moosoft.com
    O1 - Hosts: 127.0.0.83 www.mvps.org
    O1 - Hosts: 127.0.0.84 www.net-integration.net
    O1 - Hosts: 127.0.0.85 www.noadware.net
    O1 - Hosts: 127.0.0.86 www.no-spybot.com
    O1 - Hosts: 127.0.0.87 www.onlinepcfix.com
    O1 - Hosts: 127.0.0.88 www.pchell.com
    O1 - Hosts: 127.0.0.89 www.pestpatrol.com
    O1 - Hosts: 127.0.0.90 www.safer-networking.org
    O1 - Hosts: 127.0.0.91 www.secureie.com
    O1 - Hosts: 127.0.0.92 www.security.kolla.de
    O1 - Hosts: 127.0.0.93 www.spybot.info
    O1 - Hosts: 127.0.0.94 www.spychecker.com
    O1 - Hosts: 127.0.0.95 www.spychecker.com
    O1 - Hosts: 127.0.0.96 www.spycop.com
    O1 - Hosts: 127.0.0.97 www.spyguard.com
    O1 - Hosts: 127.0.0.98 www.spykiller.com
    O1 - Hosts: 127.0.0.99 www.spyware.co.uk
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: DOMPeek Class - {834261E1-DD97-4177-853B-C907E5D5BD6E} - C:\WINNT\dpe.dll
    O2 - BHO: (no name) - {8B2B46D3-FDDB-4651-8B53-3A00B5A6DA6F} - C:\WINNT\system32\bgnj.dll
    O3 - Toolbar: ReGet Bar - {17939A30-18E2-471E-9D3A-56DD725F1215} - C:\Program Files\ReGetDx\iebar.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
    O3 - Toolbar: (no name) - {1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file)
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
    O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
    O4 - HKLM\..\Run: [InCD] C:\Program Files\nero cd creation\InCD\InCD.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [LaunchList] H:\video pinacle 8 12 2003\LaunchList.exe
    O4 - HKLM\..\Run: [DUControl] C:\Program Files\DirectUpdate\DUControl.exe
    O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
    O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Shps] C:\Documents and Settings\Luc Guillaume.PC-LGUILLAUME\Application Data\csrh.exe
    O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
    O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\spydoctor.exe" /Q
    O4 - HKCU\..\Run: [a²] "C:\Program Files\a2\a2guard.exe"
    O4 - Startup: ASE Scheduler.lnk = C:\Program Files\Aluria Software\ASE\ASE Scheduler.exe
    O4 - Startup: FlowProtector_Plus.lnk = C:\Program Files\flowprotector\flowprotector.exe
    O4 - Startup: ZoneAlarm Pro.lnk = ?
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: &iSearch The Web - res://C:\WINNT\system32\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O12 - Plugin for .ssc: C:\WINNT\Downloaded Program Files\Ubizen\SmartStart\NPSmartStart32.dll
    O13 - DefaultPrefix:
    O13 - WWW Prefix: http://www.google.be
    O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/plugins/fr_FR/DjVuControl_fr_FR.cab
    O16 - DPF: {10000000-1000-0000-1000-000000000000} - ms-its:mhtml:file://c:\MAIN.MHT!http://213.159.117.236/buka.chm::/x.exe
    O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://c:\MAIN.MHT!http://213.159.117.236/buka.chm::/x.exe
    O16 - DPF: {11111111-1111-1111-1111-111111111123} - ms-its:mhtml:file://C:\bla.MHT!http://216.115.95.98//38ble.chm::/wincfgid.exe
    O16 - DPF: {11111111-1111-1111-1111-111111111157} - file://C:\Program Files\Internet Explorer\Q330994.exe
    O16 - DPF: {11311111-1111-1111-1111-111111111157} - file://C:\Program Files\Q330994.exe
    O16 - DPF: {2ABE804B-4D3A-41BF-A172-304627874B45} - http://akamai.downloadv3.com/binaries/DialHTML/EGDHTML_1027.cab
    O16 - DPF: {486E48B5-ABF2-42BB-A327-2679DF3FB822} - http://akamai.downloadv3.com/binaries/IA/ia.cab
    O16 - DPF: {4E15D681-1D20-11D4-8B72-000021DA1956} - http://www.terra.es/personal7/grandmama25/op/tray.exe
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {8EC69950-F299-40AC-A004-3BF5176F8F7B} (FlowScan Control) - http://www.checkspy.com/fr/FlowScan.cab
    O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} -
    O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by2fd.bay2.hotmail.msn.com/activex/HMAtchmt.ocx
    O17 - HKLM\System\CCS\Services\Tcpip\..\{579E6642-270C-448D-8549-19FA4FFC3DB2}: NameServer = 192.168.0.2,194.119.232.3
    O17 - HKLM\System\CCS\Services\Tcpip\..\{A77CFA47-CD3A-4A34-9038-AF2888EE3938}: NameServer = 192.168.0.2,195.95.30.176
    O18 - Filter: text/html - {15B65A12-A608-436A-9367-CBB0D31B2149} - C:\WINNT\system32\bgnj.dll
    O18 - Filter: text/plain - {15B65A12-A608-436A-9367-CBB0D31B2149} - C:\WINNT\system32\bgnj.dll
    0
    1. darkcrystal33 Messages postés 3815 Statut Contributeur 193
       
      fixe les lignes suivantes:
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\LUCGUI~1.PC-\LOCALS~1\Temp\sp.html
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\LUCGUI~1.PC-\LOCALS~1\Temp\sp.html
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\LUCGUI~1.PC-\LOCALS~1\Temp\sp.html
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\LUCGUI~1.PC-\LOCALS~1\Temp\sp.html
      R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\LUCGUI~1.PC-\LOCALS~1\Temp\sp.html
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\LUCGUI~1.PC-\LOCALS~1\Temp\sp.html
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank



      R3 - URLSearchHook: (no name) - {1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file)
      F0 - system.ini: Shell=
      O1 - Hosts: 127.0.0.0 localhost
      O1 - Hosts: 127.0.0.2 auditmypc.com
      O1 - Hosts: 127.0.0.3 boards.cexx.org
      O1 - Hosts: 127.0.0.4 bulletproofsoft.net
      O1 - Hosts: 127.0.0.5 camtech2000.net
      O1 - Hosts: 127.0.0.6 cexx.org
      O1 - Hosts: 127.0.0.7 computercops.us
      O1 - Hosts: 127.0.0.8 ct7support.com
      O1 - Hosts: 127.0.0.9 doxdesk.com
      O1 - Hosts: 127.0.0.20 kellys-korner-xp.com
      O1 - Hosts: 127.0.0.21 kephyr.com
      O1 - Hosts: 127.0.0.22 lavasoft.de
      O1 - Hosts: 127.0.0.23 lavasoftusa.com
      O1 - Hosts: 127.0.0.24 lurkhere.com
      O1 - Hosts: 127.0.0.25 majorgeeks.com
      O1 - Hosts: 127.0.0.26 merijn.org
      O1 - Hosts: 127.0.0.27 mjc1.com
      O1 - Hosts: 127.0.0.28 moosoft.com
      O1 - Hosts: 127.0.0.29 mvps.org
      O1 - Hosts: 127.0.0.30 net-integration.net
      O1 - Hosts: 127.0.0.31 noadware.net
      O1 - Hosts: 127.0.0.32 no-spybot.com
      O1 - Hosts: 127.0.0.33 onlinepcfix.com
      O1 - Hosts: 127.0.0.34 pchell.com
      O1 - Hosts: 127.0.0.35 pestpatrol.com
      O1 - Hosts: 127.0.0.36 safer-networking.org
      O1 - Hosts: 127.0.0.37 secure.spykiller.com
      O1 - Hosts: 127.0.0.38 secureie.com
      O1 - Hosts: 127.0.0.39 security.kolla.de
      O1 - Hosts: 127.0.0.40 spybot.info
      O1 - Hosts: 127.0.0.41 spychecker.com
      O1 - Hosts: 127.0.0.42 spychecker.com
      O1 - Hosts: 127.0.0.43 spycop.com
      O1 - Hosts: 127.0.0.44 spyguard.com
      O1 - Hosts: 127.0.0.45 spykiller.com
      O1 - Hosts: 127.0.0.46 spyware.co.uk
      O1 - Hosts: 127.0.0.47 spyware-cop.com
      O1 - Hosts: 127.0.0.48 spywareinfo.com
      O1 - Hosts: 127.0.0.49 spywarenuker.com
      O1 - Hosts: 127.0.0.50 spywareremove.com
      O1 - Hosts: 127.0.0.51 spywareremove.com
      O1 - Hosts: 127.0.0.52 stopzillapro.com
      O1 - Hosts: 127.0.0.53 sunbelt-software.com
      O1 - Hosts: 127.0.0.54 thiefware.com
      O1 - Hosts: 127.0.0.55 tomcoyote.org
      O1 - Hosts: 127.0.0.56 unwantedlinks.com
      O1 - Hosts: 127.0.0.57 webattack.com
      O1 - Hosts: 127.0.0.58 wilders.org
      O1 - Hosts: 127.0.0.59 www.auditmypc.com
      O1 - Hosts: 127.0.0.60 www.bulletproofsoft.net
      O1 - Hosts: 127.0.0.61 www.cexx.org
      O1 - Hosts: 127.0.0.62 www.computercops.us
      O1 - Hosts: 127.0.0.63 www.ct7support.com
      O1 - Hosts: 127.0.0.64 www.doxdesk.com
      O1 - Hosts: 127.0.0.65 www.eblocs.com
      O1 - Hosts: 127.0.0.66 www.enigmasoftwaregroup.com
      O1 - Hosts: 127.0.0.67 www.free-spyware-scan.com
      O1 - Hosts: 127.0.0.68 www.free-web-browsers.com
      O1 - Hosts: 127.0.0.69 www.grc.com
      O1 - Hosts: 127.0.0.70 www.grisoft.com
      O1 - Hosts: 127.0.0.71 www.hackfaq.org
      O1 - Hosts: 127.0.0.72 www.hazeleger.net
      O1 - Hosts: 127.0.0.73 www.javacoolsoftware.com
      O1 - Hosts: 127.0.0.74 www.kellys-korner-xp.com
      O1 - Hosts: 127.0.0.75 www.kephyr.com
      O1 - Hosts: 127.0.0.76 www.lavasoft.de
      O1 - Hosts: 127.0.0.77 www.lavasoftusa.com
      O1 - Hosts: 127.0.0.78 www.lurkhere.com
      O1 - Hosts: 127.0.0.79 www.majorgeeks.com
      O1 - Hosts: 127.0.0.80 www.merijn.org
      O1 - Hosts: 127.0.0.81 www.mjc1.com
      O1 - Hosts: 127.0.0.82 www.moosoft.com
      O1 - Hosts: 127.0.0.83 www.mvps.org
      O1 - Hosts: 127.0.0.84 www.net-integration.net
      O1 - Hosts: 127.0.0.85 www.noadware.net
      O1 - Hosts: 127.0.0.86 www.no-spybot.com
      O1 - Hosts: 127.0.0.87 www.onlinepcfix.com
      O1 - Hosts: 127.0.0.88 www.pchell.com
      O1 - Hosts: 127.0.0.89 www.pestpatrol.com
      O1 - Hosts: 127.0.0.90 www.safer-networking.org
      O1 - Hosts: 127.0.0.91 www.secureie.com
      O1 - Hosts: 127.0.0.92 www.security.kolla.de
      O1 - Hosts: 127.0.0.93 www.spybot.info
      O1 - Hosts: 127.0.0.94 www.spychecker.com
      O1 - Hosts: 127.0.0.95 www.spychecker.com
      O1 - Hosts: 127.0.0.96 www.spycop.com
      O1 - Hosts: 127.0.0.97 www.spyguard.com
      O1 - Hosts: 127.0.0.98 www.spykiller.com
      O1 - Hosts: 127.0.0.99 www.spyware.co.uk
      O13 - DefaultPrefix:
      O13 - WWW Prefix: http://www.google.be
      O17 - HKLM\System\CCS\Services\Tcpip\..\{579E6642-270C-448D-8549-19FA4FFC3DB2}: NameServer = 192.168.0.2,194.119.232.3
      O17 - HKLM\System\CCS\Services\Tcpip\..\{A77CFA47-CD3A-4A34-9038-AF2888EE3938}: NameServer = 192.168.0.2,195.95.30.176
      O18 - Filter: text/html - {15B65A12-A608-436A-9367-CBB0D31B2149} - C:\WINNT\system32\bgnj.dll
      O18 - Filter: text/plain - {15B65A12-A608-436A-9367-CBB0D31B2149} - C:\WINNT\system32\bgnj.dll
      0
      1. lukky > darkcrystal33 Messages postés 3815 Statut Contributeur
         
        resalut

        comme tu peux le voir j ai beau fixer les ligne que tu me dis mais elle revienne meme apres avoir rebooter et effacer dans le config de explorer le blanc blanc


        veux tu bien encore plancher dessus une fois

        merci

        tiens

        c est normal de voir google partous

        ??

        Logfile of HijackThis v1.98.0
        Scan saved at 18:10:20, on 03/07/2004
        Platform: Windows 2000 SP3 (WinNT 5.00.2195)
        MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

        Running processes:
        C:\WINNT\System32\smss.exe
        C:\WINNT\system32\csrss.exe
        C:\WINNT\system32\winlogon.exe
        C:\WINNT\system32\services.exe
        C:\WINNT\system32\lsass.exe
        C:\WINNT\system32\svchost.exe
        C:\WINNT\system32\spoolsv.exe
        C:\Program Files\AVPersonal\AVGUARD.EXE
        C:\Program Files\AVPersonal\AVWUPSRV.EXE
        C:\PROGRA~1\DIRECT~1\DUService.exe
        C:\WINNT\System32\svchost.exe
        C:\Program Files\nero cd creation\InCD\InCDsrv.exe
        D:\configuration routeur di 624+\SCANER LAN\LANguard Network Security Scanner 3\sscansvc.exe
        C:\WINNT\System32\nvsvc32.exe
        C:\WINNT\system32\regsvc.exe
        C:\WINNT\system32\MSTask.exe
        C:\WINNT\system32\stisvc.exe
        C:\WINNT\system32\ZoneLabs\vsmon.exe
        C:\WINNT\System32\WBEM\WinMgmt.exe
        C:\WINNT\system32\svchost.exe
        C:\WINNT\System32\svchost.exe
        C:\WINNT\Explorer.EXE
        C:\WINNT\SOUNDMAN.EXE
        C:\WINNT\system32\GSICON.EXE
        C:\WINNT\system32\dslagent.exe
        C:\Program Files\nero cd creation\InCD\InCD.exe
        C:\Program Files\QuickTime\qttask.exe
        C:\Program Files\DirectUpdate\DUControl.exe
        C:\Program Files\AVPersonal\AVGNT.EXE
        C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
        C:\Program Files\MSN Messenger\MsnMsgr.Exe
        C:\WINNT\system32\ctfmon.exe
        C:\Program Files\Spyware Doctor\spydoctor.exe
        C:\Program Files\a2\a2guard.exe
        C:\Program Files\WinZip\WZQKPICK.EXE
        C:\Program Files\Aluria Software\ASE\ASE Scheduler.exe
        C:\Program Files\flowprotector\flowprotector.exe
        C:\Program Files\Internet Explorer\IEXPLORE.EXE
        D:\telechargement luc\Hijackthis netoyage explorer et ordi\HijackThis.exe

        R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://cploving.awmhost.com/index.php
        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.be/
        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\LUCGUI~1.PC-\LOCALS~1\Temp\sp.html
        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\LUCGUI~1.PC-\LOCALS~1\Temp\sp.html
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://google.be
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\LUCGUI~1.PC-\LOCALS~1\Temp\sp.html
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\LUCGUI~1.PC-\LOCALS~1\Temp\sp.html
        R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\LUCGUI~1.PC-\LOCALS~1\Temp\sp.html
        R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://google.be
        R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = http://google.be
        R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\LUCGUI~1.PC-\LOCALS~1\Temp\sp.html
        R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = http://google.be
        R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://google.be
        R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://google.be
        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.be/
        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
        R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.2:8080
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
        R3 - URLSearchHook: (no name) - {1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file)
        F0 - system.ini: Shell=
        F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,
        O1 - Hosts: 127.0.0.0 localhost
        O1 - Hosts: 127.0.0.2 auditmypc.com
        O1 - Hosts: 127.0.0.3 boards.cexx.org
        O1 - Hosts: 127.0.0.4 bulletproofsoft.net
        O1 - Hosts: 127.0.0.5 camtech2000.net
        O1 - Hosts: 127.0.0.6 cexx.org
        O1 - Hosts: 127.0.0.7 computercops.us
        O1 - Hosts: 127.0.0.8 ct7support.com
        O1 - Hosts: 127.0.0.9 doxdesk.com
        O1 - Hosts: 127.0.0.20 kellys-korner-xp.com
        O1 - Hosts: 127.0.0.21 kephyr.com
        O1 - Hosts: 127.0.0.22 lavasoft.de
        O1 - Hosts: 127.0.0.23 lavasoftusa.com
        O1 - Hosts: 127.0.0.24 lurkhere.com
        O1 - Hosts: 127.0.0.25 majorgeeks.com
        O1 - Hosts: 127.0.0.26 merijn.org
        O1 - Hosts: 127.0.0.27 mjc1.com
        O1 - Hosts: 127.0.0.28 moosoft.com
        O1 - Hosts: 127.0.0.29 mvps.org
        O1 - Hosts: 127.0.0.30 net-integration.net
        O1 - Hosts: 127.0.0.31 noadware.net
        O1 - Hosts: 127.0.0.32 no-spybot.com
        O1 - Hosts: 127.0.0.33 onlinepcfix.com
        O1 - Hosts: 127.0.0.34 pchell.com
        O1 - Hosts: 127.0.0.35 pestpatrol.com
        O1 - Hosts: 127.0.0.36 safer-networking.org
        O1 - Hosts: 127.0.0.37 secure.spykiller.com
        O1 - Hosts: 127.0.0.38 secureie.com
        O1 - Hosts: 127.0.0.39 security.kolla.de
        O1 - Hosts: 127.0.0.40 spybot.info
        O1 - Hosts: 127.0.0.41 spychecker.com
        O1 - Hosts: 127.0.0.42 spychecker.com
        O1 - Hosts: 127.0.0.43 spycop.com
        O1 - Hosts: 127.0.0.44 spyguard.com
        O1 - Hosts: 127.0.0.45 spykiller.com
        O1 - Hosts: 127.0.0.46 spyware.co.uk
        O1 - Hosts: 127.0.0.47 spyware-cop.com
        O1 - Hosts: 127.0.0.48 spywareinfo.com
        O1 - Hosts: 127.0.0.49 spywarenuker.com
        O1 - Hosts: 127.0.0.50 spywareremove.com
        O1 - Hosts: 127.0.0.51 spywareremove.com
        O1 - Hosts: 127.0.0.52 stopzillapro.com
        O1 - Hosts: 127.0.0.53 sunbelt-software.com
        O1 - Hosts: 127.0.0.54 thiefware.com
        O1 - Hosts: 127.0.0.55 tomcoyote.org
        O1 - Hosts: 127.0.0.56 unwantedlinks.com
        O1 - Hosts: 127.0.0.57 webattack.com
        O1 - Hosts: 127.0.0.58 wilders.org
        O1 - Hosts: 127.0.0.59 www.auditmypc.com
        O1 - Hosts: 127.0.0.60 www.bulletproofsoft.net
        O1 - Hosts: 127.0.0.61 www.cexx.org
        O1 - Hosts: 127.0.0.62 www.computercops.us
        O1 - Hosts: 127.0.0.63 www.ct7support.com
        O1 - Hosts: 127.0.0.64 www.doxdesk.com
        O1 - Hosts: 127.0.0.65 www.eblocs.com
        O1 - Hosts: 127.0.0.66 www.enigmasoftwaregroup.com
        O1 - Hosts: 127.0.0.67 www.free-spyware-scan.com
        O1 - Hosts: 127.0.0.68 www.free-web-browsers.com
        O1 - Hosts: 127.0.0.69 www.grc.com
        O1 - Hosts: 127.0.0.70 www.grisoft.com
        O1 - Hosts: 127.0.0.71 www.hackfaq.org
        O1 - Hosts: 127.0.0.72 www.hazeleger.net
        O1 - Hosts: 127.0.0.73 www.javacoolsoftware.com
        O1 - Hosts: 127.0.0.74 www.kellys-korner-xp.com
        O1 - Hosts: 127.0.0.75 www.kephyr.com
        O1 - Hosts: 127.0.0.76 www.lavasoft.de
        O1 - Hosts: 127.0.0.77 www.lavasoftusa.com
        O1 - Hosts: 127.0.0.78 www.lurkhere.com
        O1 - Hosts: 127.0.0.79 www.majorgeeks.com
        O1 - Hosts: 127.0.0.80 www.merijn.org
        O1 - Hosts: 127.0.0.81 www.mjc1.com
        O1 - Hosts: 127.0.0.82 www.moosoft.com
        O1 - Hosts: 127.0.0.83 www.mvps.org
        O1 - Hosts: 127.0.0.84 www.net-integration.net
        O1 - Hosts: 127.0.0.85 www.noadware.net
        O1 - Hosts: 127.0.0.86 www.no-spybot.com
        O1 - Hosts: 127.0.0.87 www.onlinepcfix.com
        O1 - Hosts: 127.0.0.88 www.pchell.com
        O1 - Hosts: 127.0.0.89 www.pestpatrol.com
        O1 - Hosts: 127.0.0.90 www.safer-networking.org
        O1 - Hosts: 127.0.0.91 www.secureie.com
        O1 - Hosts: 127.0.0.92 www.security.kolla.de
        O1 - Hosts: 127.0.0.93 www.spybot.info
        O1 - Hosts: 127.0.0.94 www.spychecker.com
        O1 - Hosts: 127.0.0.95 www.spychecker.com
        O1 - Hosts: 127.0.0.96 www.spycop.com
        O1 - Hosts: 127.0.0.97 www.spyguard.com
        O1 - Hosts: 127.0.0.98 www.spykiller.com
        O1 - Hosts: 127.0.0.99 www.spyware.co.uk
        O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
        O2 - BHO: DOMPeek Class - {834261E1-DD97-4177-853B-C907E5D5BD6E} - C:\WINNT\dpe.dll
        O2 - BHO: (no name) - {8B2B46D3-FDDB-4651-8B53-3A00B5A6DA6F} - C:\WINNT\system32\bgnj.dll
        O3 - Toolbar: ReGet Bar - {17939A30-18E2-471E-9D3A-56DD725F1215} - C:\Program Files\ReGetDx\iebar.dll
        O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
        O3 - Toolbar: (no name) - {1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file)
        O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
        O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
        O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
        O4 - HKLM\..\Run: [LoadQM] loadqm.exe
        O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
        O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
        O4 - HKLM\..\Run: [InCD] C:\Program Files\nero cd creation\InCD\InCD.exe
        O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
        O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
        O4 - HKLM\..\Run: [LaunchList] H:\video pinacle 8 12 2003\LaunchList.exe
        O4 - HKLM\..\Run: [DUControl] C:\Program Files\DirectUpdate\DUControl.exe
        O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
        O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
        O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
        O4 - HKCU\..\Run: [Shps] C:\Documents and Settings\Luc Guillaume.PC-LGUILLAUME\Application Data\csrh.exe
        O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
        O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\spydoctor.exe" /Q
        O4 - HKCU\..\Run: [a²] "C:\Program Files\a2\a2guard.exe"
        O4 - Startup: ASE Scheduler.lnk = C:\Program Files\Aluria Software\ASE\ASE Scheduler.exe
        O4 - Startup: FlowProtector_Plus.lnk = C:\Program Files\flowprotector\flowprotector.exe
        O4 - Startup: ZoneAlarm Pro.lnk = ?
        O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
        O8 - Extra context menu item: &iSearch The Web - res://C:\WINNT\system32\toolbar.dll/SEARCH.HTML
        O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
        O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
        O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
        O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
        O12 - Plugin for .ssc: C:\WINNT\Downloaded Program Files\Ubizen\SmartStart\NPSmartStart32.dll
        O13 - DefaultPrefix:
        O13 - WWW Prefix:
        O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/plugins/fr_FR/DjVuControl_fr_FR.cab
        O16 - DPF: {10000000-1000-0000-1000-000000000000} - ms-its:mhtml:file://c:\MAIN.MHT!http://213.159.117.236/buka.chm::/x.exe
        O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://c:\MAIN.MHT!http://213.159.117.236/buka.chm::/x.exe
        O16 - DPF: {11111111-1111-1111-1111-111111111123} - ms-its:mhtml:file://C:\bla.MHT!http://216.115.95.98//38ble.chm::/wincfgid.exe
        O16 - DPF: {11111111-1111-1111-1111-111111111157} - file://C:\Program Files\Internet Explorer\Q330994.exe
        O16 - DPF: {11311111-1111-1111-1111-111111111157} - file://C:\Program Files\Q330994.exe
        O16 - DPF: {2ABE804B-4D3A-41BF-A172-304627874B45} - http://akamai.downloadv3.com/binaries/DialHTML/EGDHTML_1027.cab
        O16 - DPF: {486E48B5-ABF2-42BB-A327-2679DF3FB822} - http://akamai.downloadv3.com/binaries/IA/ia.cab
        O16 - DPF: {4E15D681-1D20-11D4-8B72-000021DA1956} - http://www.terra.es/personal7/grandmama25/op/tray.exe
        O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
        O16 - DPF: {8EC69950-F299-40AC-A004-3BF5176F8F7B} (FlowScan Control) - http://www.checkspy.com/fr/FlowScan.cab
        O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} -
        O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by2fd.bay2.hotmail.msn.com/activex/HMAtchmt.ocx
        O17 - HKLM\System\CCS\Services\Tcpip\..\{579E6642-270C-448D-8549-19FA4FFC3DB2}: NameServer = 192.168.0.2,194.119.232.3
        O17 - HKLM\System\CCS\Services\Tcpip\..\{A77CFA47-CD3A-4A34-9038-AF2888EE3938}: NameServer = 192.168.0.2,195.95.30.176
        O18 - Filter: text/html - {15B65A12-A608-436A-9367-CBB0D31B2149} - C:\WINNT\system32\bgnj.dll
        O18 - Filter: text/plain - {15B65A12-A608-436A-9367-CBB0D31B2149} - C:\WINNT\system32\bgnj.dll
        0
      2. darkcrystal33 Messages postés 3815 Statut Contributeur 193 > lukky
         
        non, je ne replanche pas dessus désolé

        télécharge CWShredder.exe et nettoie ton pc avec
        http://209.133.47.12/~merijn/files/CWShredder.exe

        télécharge aussi spybot et nettoie aussi ton pc avec
        http://kujoe.com/freeware/spybotsd13.exe

        une fois les nettoyages effectués, fixe a nouveau les lignes que je t'ai indiqué.

        ps: la prochaine fois poste tes messages dans ton propre post et non pas dans celui d'un autre par politesse pour celui qui l'a crée et pour éviter les surcharges etc...
        0
      3. balltrap34 Messages postés 16241 Statut Contributeur sécurité 332 > lukky
         
        salut
        si tu est sous xp ou 2000 fait ceci et ensuite refait un hijack et met le rapport
        alors action numero 1
        telecharger ce fichier : a retelecharger chaque fois que vous vouler l utiliser

        ftp://www.renonce.com/pub/renonce/Rimouveur.exe

        Action numero 2 :o)
        Demarrer en mode sans echec :
        tapotter sur la touche F8 sans arret desque tu allume ton PC
        et si ca ne marche pas utiliser la touche f5 a la place
        Appliquer le fichier dans le mode sans echec
        le PC redemarre a la fin si c'est pas le cas tu fais un reboot tu ne touche plus a F8 et le PC reviendra tout seul en mode normal sans les virus

        Action numero 3
        copier ici le contenu du fichier resulata.txt qui se trouve au redemarrage du pc


        la chasse et le balltrap ma vrai passion
        http://pageperso.aol.fr/balltrap34/page1.html
        0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. ben31
     
    boujour, j'ai egalement un probleme lors de mon demarrage de ie
    mon adresse de demarrage n'existe plus et j'ai comme adresse :about:blank et s'affiche une page de search,
    malgré les scan avec ad aware et ayant supprimé les fichiers de ma base de registre comme SP.html et autres fichiers identiques sur ma base de registre que celles trouvé sur les autres posts, cela ne marche pas.
    voici mon log avec hijackthis

    merci d'avance

    Logfile of HijackThis v1.98.0
    Scan saved at 17:28:50, on 03/07/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\WFXSVC.EXE
    C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
    C:\Program Files\DelFax\WFXMOD32.EXE
    C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
    C:\Program Files\Softwin\BitDefender Desktop\vsserv.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\PROGRA~1\Softwin\BITDEF~2\bdmcon.exe
    C:\Program Files\Softwin\BitDefender Desktop\bdoesrv.exe
    C:\WINDOWS\System32\wfxsnt40.exe
    C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPLamp.exe
    C:\PROGRA~1\DelFax\WFXSWTCH.exe
    C:\Program Files\Softwin\BitDefender Desktop\bdswitch.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\benoit\Bureau\hjt\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\benoit\LOCALS~1\Temp\sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\benoit\LOCALS~1\Temp\sp.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\benoit\LOCALS~1\Temp\sp.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\benoit\LOCALS~1\Temp\sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\benoit\LOCALS~1\Temp\sp.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\benoit\LOCALS~1\Temp\sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    F0 - system.ini: Shell=
    F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {40B3F31F-79A5-4DAC-8B94-797F56321768} - C:\WINDOWS\System32\enafi.dll
    O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
    O2 - BHO: (no name) - {A86B5A09-DB50-4E7B-999F-76E0087E63F2} - C:\WINDOWS\System32\enafi.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: (no name) - {C10290AE-D80B-4367-8763-B4240FA5C4BC} - C:\WINDOWS\System32\enafi.dll
    O2 - BHO: (no name) - {E59128AF-A6AE-4F4C-8093-6C24F7C83BA0} - C:\WINDOWS\System32\enafi.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Barre d'outils MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1601.0\fr\msntb.dll
    O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~2\bdmcon.exe
    O4 - HKLM\..\Run: [BDOESRV] C:\Program Files\Softwin\BitDefender Desktop\\bdoesrv.exe
    O4 - HKLM\..\Run: [Watch] C:\PROGRA~1\Minitel\Watch.exe
    O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
    O4 - HKLM\..\Run: [HP Lamp] C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPLamp.exe
    O4 - HKLM\..\Run: [WFXSwtch] C:\PROGRA~1\DelFax\WFXSWTCH.exe
    O4 - HKLM\..\Run: [ConfiggLoader] cart322.exe
    O4 - HKLM\..\Run: [BDSwitchAgent] C:\Program Files\Softwin\BitDefender Desktop\bdswitch.exe
    O4 - HKLM\..\Run: [BDNewsAgent] C:\Program Files\Softwin\BitDefender Desktop\bdnagent.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\RunServices: [ConfiggLoader] cart322.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: Chercher avec Copernic Agent - C:\Program Files\Copernic Agent\Web\SearchExt.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
    O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
    O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - (no file)
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - (no file)
    O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - (no file)
    O9 - Extra button: (no name) - {44EFB53C-C965-43CF-9F45-52242D134187} - (no file)
    O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.fr
    O18 - Filter: text/html - {94150903-8C9B-4E34-999E-E5153D2A4470} - C:\WINDOWS\System32\enafi.dll
    O18 - Filter: text/plain - {94150903-8C9B-4E34-999E-E5153D2A4470} - C:\WINDOWS\System32\enafi.dll
    O20 - AppInit_DLLs: sockspy.dll
    0
    1. darkcrystal33 Messages postés 3815 Statut Contributeur 193
       
      a fixer==>

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\benoit\LOCALS~1\Temp\sp.html
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\benoit\LOCALS~1\Temp\sp.html
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\benoit\LOCALS~1\Temp\sp.html
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\benoit\LOCALS~1\Temp\sp.html
      R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\benoit\LOCALS~1\Temp\sp.html
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\benoit\LOCALS~1\Temp\sp.html
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

      F0 - system.ini: Shell=
      O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
      O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
      O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.fr
      O18 - Filter: text/html - {94150903-8C9B-4E34-999E-E5153D2A4470} - C:\WINDOWS\System32\enafi.dll
      O18 - Filter: text/plain - {94150903-8C9B-4E34-999E-E5153D2A4470} - C:\WINDOWS\System32\enafi.dll
      0
  7. Terdef Messages postés 1034 Statut Contributeur sécurité 133
     
    Bonjour,

    C'est quoi ce sockspy.dll dans appinit_dlls
    Je n'ai pas beaucoup d'infos la dessus et ce que j'ai n'est pas clair.

    Pierre (aka Terdef)
    0
  8. Terdef Messages postés 1034 Statut Contributeur sécurité 133
     
    Bonjour BallTrap34

    T'es là, dans ce thread ?

    Je viens de lire ton feedback.

    Ben oui, tu vois, je me pose la même question à propos de sockspy.dll. En gros je n'arrive pas à savoir ce que c'est exactement.

    J'ai vu à plusieurs reprises qu'il était question de la suprimer lorsqu'il s'agissait de désinstaller complètement un logiciel. Je l'ai vu sur 2 ou 3 logiciels légitmes donc ça me parait un truc légitime. Je n'en sais pas plus.

    Recherche google
    http://www.google.fr/search?num=100&hl=fr&ie=UTF-8&q=sockspy.dll&btnG=Rechercher&meta=

    Apparaît dans la désinstallation de BullGuard - un truc solide et sain.
    www.bullguard.com/uninstall.aspx+sockspy.dll&hl=fr' target='_blank'>http://www.google.fr/search?q=cache:hOIy0uz05zIJ:www.bullguard.com/uninstall.aspx+sockspy.dll&hl=fr

    Apparaît dans la désinstallation de BitDefender - difficile à mettre en cause
    www.bitdefender.com/kb/script_view_document.php%3Fid%3D20%26language%3Dfr+sockspy.dll&hl=fr' target='_blank'>http://www.google.fr/search?q=cache:2M0STMNaTW8J:www.bitdefender.com/kb/script_view_document.php%3Fid%3D20%26language%3Dfr+sockspy.dll&hl=fr
    http://www.editions-profil.fr/Faqs.aspx?versionid=1125

    D'autre part il existe un projet Sockspy en open source qui serait plutôt utilisé en sécurité pour voir ce qui se passe sur les connexions TCP entre client et serveurs. Est-ce ceci qui serait installé dans BullGuard et BitDefender ?

    Y a t'il un bug dans Sockspy.dll ?

    http://wiki.tcl.tk/2256
    http://sourceforge.net/projects/sockspy/
    http://sockspy.sourceforge.net/sockspy.html

    Pierre (aka Terdef)
    0
  9. balltrap34 Messages postés 16241 Statut Contributeur sécurité 332
     
    salut terdef
    pour ce qui est d un bug je ne crois pas
    tous du moins je n ai j amais tenter une desinstall de bit defender version pro
    et je pense que c est lier au rapport envoyer automatiquement
    en cas de virus non identifier achez bit defender sans passer par url

    la chasse et le balltrap ma vrai passion
    0
  10. balltrap34 Messages postés 16241 Statut Contributeur sécurité 332
     
    salut
    aparrament cela se' rapproche de se que je pensais
    cela est en quelque sorte un espion utile
    a mon av pour le rapport de virus non connue

    la chasse et le balltrap ma vrai passion
    0