GROS problèmes de Spyware et autres mer*e en tout genres

GROS problèmes de Spyware et autres mer*e en tout genres - Sécurité - Windows & Software

Marsh Posté le 20-08-2005 à 14:24:59    

Help me please, je ne sais pas virer mes spyware et autres mer*e en tout genre, help me svp !!! MERCI


---------------
Du bist das Mädchen, dass zu mir gehört !
Reply

Marsh Posté le 20-08-2005 à 14:24:59   

Reply

Marsh Posté le 20-08-2005 à 14:30:18    

ca ma desactiver mon gestionnaire de taches...


---------------
Du bist das Mädchen, dass zu mir gehört !
Reply

Marsh Posté le 20-08-2005 à 14:45:00    

bon je passe les truc "inconnus" en upload sur hijackthis, et j'ai
 
WORM.Mytob.T-2
 
entre autre !


---------------
Du bist das Mädchen, dass zu mir gehört !
Reply

Marsh Posté le 20-08-2005 à 15:20:11    

bon mon problème est, je pense, quasi résolu ... il me reste en fond d'écran youe system is infected . et au démarrage de IE une page bizzare  je fait un hijackthis.


---------------
Du bist das Mädchen, dass zu mir gehört !
Reply

Marsh Posté le 20-08-2005 à 15:22:23    

Logfile of HijackThis v1.99.1
Scan saved at 15:20:01, on 20/08/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Motherboard Monitor 5\MBM5.EXE
C:\Program Files\SlySoft\AnyDVDx\AnyDVD.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PavFnSvr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
C:\Program Files\BenQ\Common\Bin\WinCinemaMgr.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Fichiers communs\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\pavsrv51.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PsImSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\tlntsvr.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\AVENGINE.EXE
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\apvxdwin.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopOE.exe
F:\PROGS\Autres\HijackThis.exe
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file://C:\WINDOWS\blank.mht
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Loader Class - {2E246FAE-8420-11D9-870D-000C2917DE7F} - C:\WINDOWS\SYSTEM\Loader.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {B75F75B8-93F3-429D-FF34-660B206D897A} - C:\WINDOWS\System32\zolker009.dll
O2 - BHO: ZToolbar Activator Class - {FFF5092F-7172-4018-827B-FA5868FB0478} - C:\WINDOWS\System32\ztoolb009.dll
O3 - Toolbar: ZToolbar - {A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB} - C:\WINDOWS\System32\ztoolb009.dll
O4 - HKLM\..\Run: [MBM 5] "C:\Program Files\Motherboard Monitor 5\MBM5.EXE"
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVDx\AnyDVD.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe  
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - Startup: HDDlife.lnk = C:\Program Files\BinarySense\HDDlife\HDDlifePro.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\BenQ\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.xxxtoolbar.com
O15 - Trusted Zone: *.ysbweb.com
O15 - Trusted Zone: *.blazefind.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.flingstone.com (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.searchbarcash.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.slotch.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 - Trusted Zone: *.ysbweb.com (HKLM)
O15 - Trusted IP range: 67.19.178.84
O15 - Trusted IP range: 67.19.178.84 (HKLM)
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {45E83043-1F6F-4D22-A5E7-0138EA171B49} (FileSharingCtrl Class) - http://appdirectory.messenger.msn. [...] ngctrl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537 [...] scan53.cab
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://static.topconverting.com/activex/website.ocx
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn. [...] tPkMSN.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTi [...] refid=4725
O16 - DPF: {B467A3AF-E45B-4B1B-9983-C035D988FB0F} (VacPro.belgio_ver10) - http://advnt01.com/dialer/belgio_ver10.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{A93EA24E-CA6A-4511-977A-5AC78F6D9C7D}: NameServer = 192.168.0.2
O21 - SSODL: System - {E3309BC8-10D1-4174-A418-307D75AAAA42} - vr_sys.dll (file missing)
O21 - SSODL: Active WebCam - {D0313DFE-13A4-ABCD-E2D3-00939830EFBB} - c:\program files\active webcam\wlgebnm32.dll
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PavFnSvr.exe
O23 - Service: Panda PavProt (PavProt) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PavProt.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Fichiers communs\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\pavsrv51.exe
O23 - Service: Power Manager (PowerManager) - Unknown owner - C:\WINDOWS\svchost.exe
O23 - Service: Panda Preventium+ Service (PREVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\prevsrv.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PsImSvc.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR2a\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR2a\RpcSandraSrv.exe
 

Reply

Marsh Posté le 20-08-2005 à 15:37:50    

Bonjour,
 
Ton log semble loin d'être propre :(
 
Un p'tit tuto HJT :
http://forum.hardware.fr/hardwaref [...] 1913-1.htm

Reply

Marsh Posté le 20-08-2005 à 16:06:14    

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file://C:\WINDOWS\blank.mht  
 
O2 - BHO: Loader Class - {2E246FAE-8420-11D9-870D-000C2917DE7F} - C:\WINDOWS\SYSTEM\Loader.dll  
O2 - BHO: (no name) - {B75F75B8-93F3-429D-FF34-660B206D897A} - C:\WINDOWS\System32\zolker009.dll  
O2 - BHO: ZToolbar Activator Class - {FFF5092F-7172-4018-827B-FA5868FB0478} - C:\WINDOWS\System32\ztoolb009.dll  
O3 - Toolbar: ZToolbar - {A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB} - C:\WINDOWS\System32\ztoolb009.dll  
 
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe  
 
+
Tous les O15
+
 
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTi [...] refid=4725  
O16 - DPF: {B467A3AF-E45B-4B1B-9983-C035D988FB0F} (VacPro.belgio_ver10) - http://advnt01.com/dialer/belgio_ver10.CAB  
 
O21 - SSODL: System - {E3309BC8-10D1-4174-A418-307D75AAAA42} - vr_sys.dll (file missing)  
 
O23 - Service: Power Manager (PowerManager) - Unknown owner - C:\WINDOWS\svchost.exe  
 
Ferme tous les programmes, y compris internet explorer.
Lance HijackThis. Coche ces lignes et clique "Fix checked".
 
----------
Redémarre en mode sans échec (en tapotant F8 au démarrage).
Assure-toi que tu as accès aux fichiers cachés.
(explorateur windows->outils->options des dossiers->affichage
""Afficher les fichiers cachés"->coché
"Masquer les extensions.."->décoché)
 
Et supprime:
C:\winstall.exe
C:\WINDOWS\svchost.exe <-dans CE dossier. Surtout pas dans system32!
 
Vide la corbeille. Redémarre en mode normal et poste un nouveau log.

Reply

Marsh Posté le 20-08-2005 à 16:08:02    

slt, j'ai tout enlever, il y a l'air d'avoir plus aucuns problèmes, sauf un, voici le screen:
 
http://nokthib3.free.fr/photos/per [...] oirage.gif


---------------
Du bist das Mädchen, dass zu mir gehört !
Reply

Marsh Posté le 20-08-2005 à 16:10:27    

Poste un nouveau log.

Reply

Marsh Posté le 20-08-2005 à 16:11:37    

attends je fait ce que tu me dis, c'était en réponse a l'autre personne :)


---------------
Du bist das Mädchen, dass zu mir gehört !
Reply

Marsh Posté le 20-08-2005 à 16:11:37   

Reply

Marsh Posté le 20-08-2005 à 16:13:41    

nokthib a écrit :

attends je fait ce que tu me dis, c'était en réponse a l'autre personne :)


 
Ok. J'espère que tu n'as pas enlevé n'importe quoi.

Reply

Marsh Posté le 20-08-2005 à 16:15:40    

Logfile of HijackThis v1.99.1
Scan saved at 16:14:36, on 20/08/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PavFnSvr.exe
C:\Program Files\Fichiers communs\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Motherboard Monitor 5\MBM5.EXE
C:\Program Files\SlySoft\AnyDVDx\AnyDVD.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
C:\Program Files\BenQ\Common\Bin\WinCinemaMgr.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PsImSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\tlntsvr.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\apvxdwin.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Documents and Settings\Thibault\Bureau\HijackThis.exe
 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [MBM 5] "C:\Program Files\Motherboard Monitor 5\MBM5.EXE"
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVDx\AnyDVD.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe  
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [HijackThis startup scan] F:\PROGS\Autres\HijackThis.exe /startupscan
O4 - Startup: HDDlife.lnk = C:\Program Files\BinarySense\HDDlife\HDDlifePro.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\BenQ\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {45E83043-1F6F-4D22-A5E7-0138EA171B49} (FileSharingCtrl Class) - http://appdirectory.messenger.msn. [...] ngctrl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537 [...] scan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn. [...] tPkMSN.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A93EA24E-CA6A-4511-977A-5AC78F6D9C7D}: NameServer = 192.168.0.2
O21 - SSODL: Active WebCam - {D0313DFE-13A4-ABCD-E2D3-00939830EFBB} - c:\program files\active webcam\wlgebnm32.dll (file missing)
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Fichiers communs\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\pavsrv51.exe
O23 - Service: Power Manager (PowerManager) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PsImSvc.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR2a\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR2a\RpcSandraSrv.exe
 


---------------
Du bist das Mädchen, dass zu mir gehört !
Reply

Marsh Posté le 20-08-2005 à 16:21:14    

Ok. On va finir ça, et ensuite enlever l'écran.
 
1- Démarrer->exécuter->tape:   services.msc
Sélectionne : Power Manager  
Règle-le sur "Arrêté" et "Désactivé" si ce n'est pas déjà fait.
 
2- Lance HijackThis -> Config -> misc tools -> delete an NT service
Dans la boîte, tape :  PowerManager
-> ok
 
Redémarre et poste un nouveau log.
 
==========
 
Pourquoi HJT se lance au démarrage ???
O4 - HKCU\..\Run: [HijackThis startup scan] F:\PROGS\Autres\HijackThis.exe /startupscan  

Reply

Marsh Posté le 20-08-2005 à 16:23:35    

je l'ai fait au demarrage car chaque foi que je demarrai depuis 2h je faisai un scan pr virer et encore virer les merdas, je fait ceque tu le dis


---------------
Du bist das Mädchen, dass zu mir gehört !
Reply

Marsh Posté le 20-08-2005 à 16:29:17    

wala...
Logfile of HijackThis v1.99.1
Scan saved at 16:28:10, on 20/08/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PavFnSvr.exe
C:\Program Files\Fichiers communs\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PsImSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\tlntsvr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\apvxdwin.exe
C:\Program Files\Motherboard Monitor 5\MBM5.EXE
C:\Program Files\SlySoft\AnyDVDx\AnyDVD.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
F:\PROGS\Autres\HijackThis.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
C:\Program Files\BenQ\Common\Bin\WinCinemaMgr.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [MBM 5] "C:\Program Files\Motherboard Monitor 5\MBM5.EXE"
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVDx\AnyDVD.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe  
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [HijackThis startup scan] F:\PROGS\Autres\HijackThis.exe /startupscan
O4 - Startup: HDDlife.lnk = C:\Program Files\BinarySense\HDDlife\HDDlifePro.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\BenQ\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {45E83043-1F6F-4D22-A5E7-0138EA171B49} (FileSharingCtrl Class) - http://appdirectory.messenger.msn. [...] ngctrl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537 [...] scan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn. [...] tPkMSN.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A93EA24E-CA6A-4511-977A-5AC78F6D9C7D}: NameServer = 192.168.0.2
O21 - SSODL: Active WebCam - {D0313DFE-13A4-ABCD-E2D3-00939830EFBB} - c:\program files\active webcam\wlgebnm32.dll (file missing)
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Fichiers communs\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\pavsrv51.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PsImSvc.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR2a\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR2a\RpcSandraSrv.exe
 


---------------
Du bist das Mädchen, dass zu mir gehört !
Reply

Marsh Posté le 20-08-2005 à 16:29:29    


Ensuite : Panneau de configuration -> Affichage -> Bureau -> personnalisation du bureau -> Web -> S'il y a une entrée "Security..." décoche-la -> appliquer

Reply

Marsh Posté le 20-08-2005 à 16:32:50    

heu non il y à pas ca ...
il y a un rectangle blanc avec rien, et nouveau, supprimer propriété et syncro, mais supprimer et propriété est en gris, donc non clicable


Message édité par nokthib le 20-08-2005 à 16:33:36

---------------
Du bist das Mädchen, dass zu mir gehört !
Reply

Marsh Posté le 20-08-2005 à 16:34:28    

Alkors télécharge ceci :
http://www.silentrunners.org/Silent%20Runners.vbs
lance-le et copie/colle le log obtenu.

Reply

Marsh Posté le 20-08-2005 à 16:39:20    

Citation :

"Silent Runners.vbs", revision 40, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"
 
 
Startup items buried in registry:
---------------------------------
 
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"MsnMsgr" = ""C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background" [MS]
"LogitechSoftwareUpdate" = ""C:\Program Files\Logitech\Video\ManifestEngine.exe" boot" ["Logitech Inc."]
"Google Desktop Search" = ""C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup" [null data]
"HijackThis startup scan" = "F:\PROGS\Autres\HijackThis.exe /startupscan" ["Soeperman Enterprises Ltd."]
 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ {++}
"notepad.exe" = "msmsgs.exe" [file not found]
"notepad2.exe" = "popuper.exe" [file not found]
"winlogon.exe" = "helper.exe" [file not found]
 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"MBM 5" = ""C:\Program Files\Motherboard Monitor 5\MBM5.EXE"" ["Alex van Kaam"]
"AnyDVD" = "C:\Program Files\SlySoft\AnyDVDx\AnyDVD.exe" ["SlySoft, Inc."]
"LVCOMSX" = "C:\WINDOWS\System32\LVCOMSX.EXE" ["Logitech Inc."]
"LogitechVideoRepair" = "C:\Program Files\Logitech\Video\ISStart.exe " ["Logitech Inc."]
"LogitechVideoTray" = "C:\Program Files\Logitech\Video\LogiTray.exe" ["Logitech Inc."]
 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx" [empty string]
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = "Google Toolbar Helper" [from CLSID]
  -> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]
 
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"
  -> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\K-Lite Codec Pack\Real\rpshell.dll" ["RealNetworks, Inc."]
"{1EBC3533-B289-409F-9924-B84B3F0717D2}" = "AceFTP Context Menu Shell Extension"
  -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\VISICO~1\FTPEXP~1\FTPCNT~1.DLL" ["Visicom Media Inc."]
"{400CFEE2-39D0-46DC-96DF-E0BB5A4324B3}" = "Mes photos Logitech"
  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Logitech\Video\Namespc2.dll" ["Logitech Inc."]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]
"{A5110426-177D-4e08-AB3F-785F10B4439C}" = "Sony Ericsson Gestionnaire de fichiers"
  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Sony Ericsson\Mobile\File Manager\fmgrgui.dll" ["Sony Ericsson Mobile Communications AB"]
"{6af09ec9-b429-11d4-a1fb-0090960218cb}" = "My Bluetooth Places"
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\btneighborhood.dll" [empty string]
"{330417E8-EF62-4047-82BE-D8305CEFF572}" = "AMEncShlExt extension"
  -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\ALTWAV~1\amshellext.dll" ["4Musics, Inc."]
"{46E22146-59C0-4136-9233-52E412E2B428}" = "EzCddax extension"
  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Easy CD-DA Extractor 8\ezcddax8.dll" [null data]
"{FED7043D-346A-414D-ACD7-550D052499A7}" = "dBpowerAMP Music Converter 1"
  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Illustrate\dBpowerAMP\dBShell.dll" [empty string]
"{2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5}" = "dBpowerAMP Music Converter"
  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Illustrate\dBpowerAMP\dMCShell.dll" [empty string]
"{65756541-C65C-11CD-0000-4B656E696100}" = "Panda Antivirus"
  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\ShellTit.DLL" ["Panda Software International"]
 
HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
"Active WebCam" = "{D0313DFE-13A4-ABCD-E2D3-00939830EFBB}"
  -> {CLSID}\InProcServer32\(Default) = "c:\program files\active webcam\wlgebnm32.dll" [file not found]
 
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
EzCddax\(Default) = "{46E22146-59C0-4136-9233-52E412E2B428}"
  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Easy CD-DA Extractor 8\ezcddax8.dll" [null data]
FTP Expert\(Default) = "{1EBC3533-B289-409F-9924-B84B3F0717D2}"
  -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\VISICO~1\FTPEXP~1\FTPCNT~1.DLL" ["Visicom Media Inc."]
Panda Antivirus\(Default) = "{65756541-C65C-11CD-0000-4B656E696100}"
  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\ShellTit.DLL" ["Panda Software International"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
 
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
FTP Expert\(Default) = "{1EBC3533-B289-409F-9924-B84B3F0717D2}"
  -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\VISICO~1\FTPEXP~1\FTPCNT~1.DLL" ["Visicom Media Inc."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
 
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
Panda Antivirus\(Default) = "{65756541-C65C-11CD-0000-4B656E696100}"
  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\ShellTit.DLL" ["Panda Software International"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
 
 
Group Policies [Description] {enabled Group Policy setting}:
------------------------------------------------------------
 
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
HIJACK WARNING! "ForceActiveDesktopOn"=dword:00000001  
[enables Active Desktop and prevents disabling it]
{User Configuration|Administrative Templates|Desktop|Active Desktop|
Enable Active Desktop}
 
HIJACK WARNING! "Wallpaper" = "C:\WINDOWS\desktop.html"
[disables the Display Properties|Desktop (tab) (except the "Customize
Desktop..." button); selects wallpaper if Active Desktop is enabled]
{User Configuration|Administrative Templates|Desktop|Active Desktop|
Active Desktop Wallpaper|Wallpaper Name:}
 
 
Active Desktop and Wallpaper:
-----------------------------
 
Active Desktop enabled via Group Policy.
 
Wallpaper selected via Group Policy.
 
 
Enabled Screen Saver:
---------------------
 
HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]
 
 
Startup items in "Thibault" & "All Users" startup folders:
----------------------------------------------------------
 
C:\Documents and Settings\Thibault\Menu Démarrer\Programmes\Démarrage
"HDDlife" -> shortcut to: "C:\Program Files\BinarySense\HDDlife\HDDlifePro.exe" [file not found]
 
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
"BTTray" -> shortcut to: "C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe" [empty string]
"InterVideo WinCinema Manager" -> shortcut to: "C:\Program Files\BenQ\Common\Bin\WinCinemaMgr.exe" ["InterVideo Inc."]
"Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l" [MS]
"VIA RAID TOOL" -> shortcut to: "C:\Program Files\VIA\RAID\raid_tool.exe" ["VIA"]
 
 
Winsock2 Service Provider DLLs:
-------------------------------
 
Namespace Service Providers
 
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
 
Transport Service Providers
 
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork1.dll [null data], 01 - 02, 08
%SystemRoot%\system32\mswsock.dll [MS], 03 - 05, 09 - 18
%SystemRoot%\system32\rsvpsp.dll [MS], 06 - 07
 
 
Toolbars, Explorer Bars, Extensions:
------------------------------------
 
Toolbars
 
HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID]
  -> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]
 
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID]
  -> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]
 
"{77B2F8DE-CB3F-4B6B-839B-807DD1ADBA1C}" = "Virtual Maid" [from CLSID]
  -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\VIRTUA~1\VIRTUA~1.DLL" [file not found]
 
HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID]
  -> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]
 
Extensions (Tools menu items, main toolbar menu buttons)
 
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Console Java (Sun)"
"CLSIDExtension" = "{08B0E5C0-4FCB-11CF-AAA5-00401C608501}"
 
 
Miscellaneous IE Hijack Points
------------------------------
 
C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings" )
 
Added lines (compared with English-language version):
(unwritable string)
 
Missing lines (compared with English-language version):
[Version]: 2 lines
[RestoreHomePage]: 1 line
[RestoreHomePage.reg]: 1 line
[RestoreBrowserSettings.reg]: 12 lines
[DeleteTemplates.reg]: 5 lines
[DeleteAutosearch.reg]: 1 line
[Strings]: 1 line
[RestoreBrowserSettings]: 2 lines
[Strings]: 3 lines
 
 
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
 
Panda Function Service, PAVFNSVR, ""C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PavFnSvr.exe"" ["Panda Software"]
Panda IManager Service, PSIMSVC, ""C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PsImSvc.exe"" ["Panda Software Internacional"]
Panda Process Protection Service, PavPrSrv, ""C:\Program Files\Fichiers communs\Panda Software\PavShld\pavprsrv.exe"" ["Panda Software"]
 
 
----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
  launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
  DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
  use the -supp parameter or answer "Yes" at the first message box.
---------- (total run time: 74 seconds, including 1 second for message boxes)


---------------
Du bist das Mädchen, dass zu mir gehört !
Reply

Marsh Posté le 20-08-2005 à 16:44:06    

Ok. Alors fais ceci :
 
Démarrer->exécuter->tape:   regedit
 
Va à : HK _Current_User\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
 
Sélectionne : "ForceActiveDesktopOn"=
et change sa valeur à dword:00000000
 
Puis sélectionne :  "Wallpaper"  -> clic droit -> "supprimer".
 
Après tout ça, recémarre et dis ce qu'il en est.  

Reply

Marsh Posté le 20-08-2005 à 16:48:26    

"Puis sélectionne :  "Wallpaper"  -> clic droit -> "supprimer". "
 
je ne vois pas ca ...
NO DRIVE TYPE AUTO RUN
CLASSIC SHELL
CLEARRECENT DOCS ON EXIT
FORCE ACTIVE DESKTOP ON
NO ACTIVE DESKTOP
NO DRIVE TYPE AUTO RUN
 
Voila merci
 
edit: le truc walpaper, il serais pas dans active desktop, aulieux de Explorer ?


Message édité par nokthib le 20-08-2005 à 16:50:01

---------------
Du bist das Mädchen, dass zu mir gehört !
Reply

Marsh Posté le 20-08-2005 à 17:02:58    

up :'(


---------------
Du bist das Mädchen, dass zu mir gehört !
Reply

Marsh Posté le 20-08-2005 à 17:07:18    

On va voir.
 
Télécharge Registry Search Tool
Dézippe-le, lance-le.
Dans la boîte de dialogue, copie/colle :  
Wallpaper
Laisse-le travailler. Puis copie/colle ses résultats ici.
 
Edit...zut! Le lien ne fonctionne plus..


Message édité par acrobaze le 20-08-2005 à 17:09:30
Reply

Marsh Posté le 20-08-2005 à 17:11:39    

Utilise RegSeeker.
http://www.snapfiles.com/screenshots/regseeker.htm
 
Mais ne supprime rien pour l'instant. juste le rapport.

Reply

Marsh Posté le 20-08-2005 à 17:18:58    

ok, je fait quoi avec ce programme ?


---------------
Du bist das Mädchen, dass zu mir gehört !
Reply

Marsh Posté le 20-08-2005 à 18:57:55    

Rien. Delete le. Il peut être dangereux.
 
Avec regedit va à :
 
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System  
 
S'il y a une sous-valeur "Wallpaper", supprime-la.

Reply

Marsh Posté le 20-08-2005 à 19:11:20    

cela resemble a une variante de smitfraud essai ceci
telecharge
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
tu le decompresse tu double clik dessus et tu choisi l option 1
cela vas generer un rapport donne nous le
*******
redemarre en sans echec
 
relance le et choisi cette fois l option 2 et repond oui a tous
redemarre et donne le nouveau rapport
*******
redemarre
 
et vérifie ceci:  
Démarrer > panneau de configuration > affichage  
clic sur l'onglet bureau  
clic sur personnalisation du bureau  
clic sur l'onglet Web  
supprime tout ce qui se trouve ici, sauf "Ma page d'acceuil" qui doit rester DECOCHE  
une fois fait, ca doit etre comme sur cette image:  
http://get.yourfile.net/ie52977.gif  
 
puis remet un fond d'écran
 
et completer a la fin par hijack


---------------
la chasse et le balltrap une vrai passion http://www.florensac-chasse-trap.com/
Reply

Marsh Posté le 20-08-2005 à 19:20:15    

ok, avec l'option 1:
 

Citation :

SmitFraudFix v1.7
 
Rapport fait à 19:18:38,06 le sam. 20/08/2005
Executé à partir de C:\Documents and Settings\Thibault\Bureau
OS: Microsoft Windows XP [version 5.1.2600]
 
»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\
 
 
»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS
 
C:\WINDOWS\desktop.html PRESENT !
C:\WINDOWS\sites.ini PRESENT !
 
»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\system
 
 
»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\Web
 
C:\WINDOWS\Web\desktop.html PRESENT!
 
»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\system32
 
C:\WINDOWS\system32\perfcii.ini PRESENT !
C:\WINDOWS\system32\srpcsrv32.dll PRESENT !
C:\WINDOWS\system32\vxgame?.exe PRESENT !
C:\WINDOWS\system32\vxgamet?.exe PRESENT !
C:\WINDOWS\system32\vxh8jkdq?.exe PRESENT !
C:\WINDOWS\system32\wldr.dll PRESENT !
 
»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\system32\LogFiles
 
 
»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\Documents and Settings\Thibault\Application Data
 
 
»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\Program Files
 
C:\Program Files\SpySheriff\PRESENT!
 
»»»»»»»»»»»»»»»»»»»»»»»» Fin du rapport


 
edit:
 
avec option 2:

Citation :

SmitFraudFix v1.7
 
Rapport fait à 19:19:58,51 le sam. 20/08/2005
Executé à partir de C:\Documents and Settings\Thibault\Bureau
OS: Microsoft Windows XP [version 5.1.2600]
 
»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus
 
 
»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés
 
C:\WINDOWS\desktop.html supprimé
C:\WINDOWS\sites.ini supprimé
C:\WINDOWS\Web\desktop.html supprimé
C:\WINDOWS\system32\perfcii.ini supprimé
C:\WINDOWS\system32\srpcsrv32.dll supprimé
C:\WINDOWS\system32\vxgame?.exe supprimé
C:\WINDOWS\system32\vxgamet?.exe supprimé
C:\WINDOWS\system32\vxh8jkdq?.exe supprimé
C:\WINDOWS\system32\wldr.dll supprimé
 
C:\Program Files\SpySheriff\ supprimé
 
»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre
 
Nettoyage terminé.  
 
»»»»»»»»»»»»»»»»»»»»»»»» Fin du rapport
 


 
NICKEL MERCI !


Message édité par nokthib le 20-08-2005 à 19:21:35
Reply

Marsh Posté le 20-08-2005 à 19:21:59    

Merci à tous ceux qui m'ont aider, merci beaucoup !!!

Reply

Marsh Posté le 20-08-2005 à 19:27:30    

attend t embale pas refait un hijack pour finir le nettoyage


---------------
la chasse et le balltrap une vrai passion http://www.florensac-chasse-trap.com/
Reply

Marsh Posté le 20-08-2005 à 19:28:31    

Logfile of HijackThis v1.99.1
Scan saved at 19:27:25, on 20/08/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PavFnSvr.exe
C:\Program Files\Fichiers communs\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PsImSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\tlntsvr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Motherboard Monitor 5\MBM5.EXE
C:\Program Files\SlySoft\AnyDVDx\AnyDVD.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
C:\Program Files\BenQ\Common\Bin\WinCinemaMgr.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopOE.exe
C:\Documents and Settings\Thibault\Bureau\HijackThis.exe
 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [MBM 5] "C:\Program Files\Motherboard Monitor 5\MBM5.EXE"
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVDx\AnyDVD.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe  
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [HijackThis startup scan] F:\PROGS\Autres\HijackThis.exe /startupscan
O4 - Startup: HDDlife.lnk = C:\Program Files\BinarySense\HDDlife\HDDlifePro.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\BenQ\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {45E83043-1F6F-4D22-A5E7-0138EA171B49} (FileSharingCtrl Class) - http://appdirectory.messenger.msn. [...] ngctrl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537 [...] scan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn. [...] tPkMSN.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A93EA24E-CA6A-4511-977A-5AC78F6D9C7D}: NameServer = 192.168.0.2
O21 - SSODL: Active WebCam - {D0313DFE-13A4-ABCD-E2D3-00939830EFBB} - c:\program files\active webcam\wlgebnm32.dll (file missing)
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Fichiers communs\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\pavsrv51.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PsImSvc.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR2a\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR2a\RpcSandraSrv.exe
 


---------------
Du bist das Mädchen, dass zu mir gehört !
Reply

Marsh Posté le 20-08-2005 à 19:35:05    

cela a lair a peu pres bon
fait un scan ici par securite
Scan bit defender
http://www.bitdefender.fr
clik sur scan on line a gauche et suis la procedure
----------------


---------------
la chasse et le balltrap une vrai passion http://www.florensac-chasse-trap.com/
Reply

Marsh Posté le 20-08-2005 à 19:38:04    

ok, je le fait now :) thanks


---------------
Du bist das Mädchen, dass zu mir gehört !
Reply

Marsh Posté le 20-08-2005 à 19:46:50    

oki


---------------
la chasse et le balltrap une vrai passion http://www.florensac-chasse-trap.com/
Reply

Marsh Posté le    

Reply

Sujets relatifs:

Leave a Replay

Make sure you enter the(*)required information where indicate.HTML code is not allowed