Safetydefender
Safetydefender - Sécurité - Windows & Software
Marsh Posté le 26-04-2006 à 21:27:40
salut
Poste un rapport HijackThis : http://sitethemacs.free.fr/aide_en [...] ackthi.htm
Marsh Posté le 27-04-2006 à 15:33:29
Je le fais des ce soir, et je vous le poste ici ;-)
Merci
Marsh Posté le 27-04-2006 à 16:38:06
Voila le rapport:
Logfile of HijackThis v1.99.1
Scan saved at 19:19:52, on 26/04/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\panda software\panda titanium 2006 antivirus + antispyware\firewall\PNMSRV.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe
C:\Program Files\Fichiers communs\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\dcomcfg.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Apps\Powercinema\PCMService.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\eXeem\eXeem.exe
C:\Program Files\eXeem\client.dll
C:\Program Files\Visicom Media\FTP Expert 3\ftpxpert3.exe
C:\Documents and Settings\Viddobenjo\Mes documents\Mes Fichiers Reçus\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Nothing - {b0398eca-0bcd-4645-8261-5e9dc70248d0} - C:\WINDOWS\system32\hpA9A.tmp
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE USB PC Camera 301P
O4 - HKLM\..\Run: [Realtime Audio Engine] mmrtkrnl.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\APVXDWIN.EXE" /s
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/S [...] vSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6 [...] /cabsa.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ [...] loader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MysqlInventime - Unknown owner - c:\mysql\bin\mysqld-nt.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Fichiers communs\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe
O23 - Service: Panda Network Manager (PNMSRV) - Panda Software - c:\program files\panda software\panda titanium 2006 antivirus + antispyware\firewall\PNMSRV.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe
C'est grave ?
Marsh Posté le 27-04-2006 à 16:42:36
salut
problème relativement classique de nos jours 
télécharge SmitfrauFix de S!Ri: Moe et Balltrap34 http://siri.urz.free.fr/Fix/SmitfraudFix.zip
* décompresse-le
* double-clique sur le fichier "smitfraudfix.cmd" et choisis loption 1, il va lister tous les éléments nuisibles dans un rapport : poste le
Marsh Posté le 27-04-2006 à 18:02:25
J'ai refais un hijckthis, ca donne ca :
Logfile of HijackThis v1.99.1
Scan saved at 17:56:13, on 27/04/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\panda software\panda titanium 2006 antivirus + antispyware\firewall\PNMSRV.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe
C:\Program Files\Fichiers communs\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dcomcfg.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Viddobenjo\Mes documents\Mes Fichiers Reçus\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Nothing - {b0398eca-0bcd-4645-8261-5e9dc70248d0} - C:\WINDOWS\system32\hpC1B9.tmp
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll (file missing)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/S [...] vSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6 [...] /cabsa.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ [...] loader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MysqlInventime - Unknown owner - c:\mysql\bin\mysqld-nt.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Fichiers communs\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe
O23 - Service: Panda Network Manager (PNMSRV) - Panda Software - c:\program files\panda software\panda titanium 2006 antivirus + antispyware\firewall\PNMSRV.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)
Marsh Posté le 27-04-2006 à 18:08:27
Et voila ce que tu m'a demandé :
SmitFraudFix v2.35
Rapport fait à 18:06:50,98, 27/04/2006
Executé à partir de C:\Documents and Settings\Viddobenjo\Mes documents\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600]
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
C:\WINDOWS\system32\hp????.tmp PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Viddobenjo\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\VIDDOB~1\Favoris
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
Je dois faire quoi ??
Marsh Posté le 27-04-2006 à 18:12:10
Ce qui est bizarre c'est qu'on ne voit pas les "éléments du bureau". Est-ce dû à la nouvelle version 2.35 ?
1/ Télécharge :
- CCleaner http://www.filehippo.com/download_ccleaner.html
("Download Latest Version", sur la droite). Ce logiciel va permettre de supprimer tous les fichiers temporaires. Avant de cliquer sur le bouton "installer", décoche toutes les "options supplémentaires". Par la suite, laisse-le avec ses réglages par défaut. C'est tout.
2/ démarre en mode sans échec :
http://service1.symantec.com/SUPPO [...] 5112131924
3/ double-clique sur le fichier "SmitfraudFix.cmd" et choisis loption 2, réponds oui à tout et laisse-le procéder.
4/ Lance Ccleaner : "Nettoyeur"/"lancer le nettoyage" et c'est tout.
5/ redémarre normalement et poste le contenu du fichier C:\rapport.txt avec un nouveau rapport HijackThis
Marsh Posté le 27-04-2006 à 22:58:01
salut
oui il y a eu des modifs
ont en est a la 2.36
---------------
la chasse et le balltrap une vrai passion http://www.florensac-chasse-trap.com/
Marsh Posté le 27-04-2006 à 23:01:31
salut balltrap34
j'ai vu ça. Et du même coup j'ai compris pour le coup des éléments du bureau légitimes qui ne sont plus listés
Marsh Posté le 29-04-2006 à 16:52:21
Bonjour,
Je suis également un heureux gagnant de safetydefender comme benbigboss.
J'ai reussi par bidouillage à récuperer ma page d'accueil mais j'ai toujours cette fenêtre en bas de la barre de lancement rapide.
Voici le rapport hijackthis
Si tu peux m'aider?
Merci par avance et bon week-end
Logfile of HijackThis v1.99.1
Scan saved at 07:45:35, on 28/04/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\PROGRA~1\NORTON~1\NORTON~1\GHOSTS~2.EXE
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kavmm.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kav.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Outlook Express Launcher\OELauncher.exe
C:\Program Files\Outlook Express\msimn.exe
D:\téléchargement provisoire\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://aliceadsl.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {EB572817-CCD3-E655-A3F5-E53B870920CA} - (no file)
O2 - BHO: (no name) - {edbf1bc8-39ab-48eb-a0a9-c75078eb7c8e} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [KAV50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kav.exe" -run -n PersonalPro -v 5.0.0.0
O4 - HKCU\..\Run: [TClockEx] C:\Program Files\TClockEx\TCLOCKEX.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir le cadre dans une nouvelle fenêtre - C:\WINDOWS\web\OpenFrame.htm
O8 - Extra context menu item: Ouvrir le fichier PDF dans Word (PDF Converter 3.0) - res://C:\Program Files\ScanSoft\OmniPage15.0\PDFConverter3\IEShellExt.dll /300
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Surligner en Jaune - C:\WINDOWS\web\MarqueurFluoYellow.htm
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Voir les cookies - C:\WINDOWS\web\cookies.html
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft. [...] 3958925193
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537 [...] scan53.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://drivers1.free.fr/hardwaredetection.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/inst [...] taller.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ [...] loader.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O18 - Protocol: bw+0 - {151E51BC-0023-4CBE-8B54-094EA2288127} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {151E51BC-0023-4CBE-8B54-094EA2288127} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {151E51BC-0023-4CBE-8B54-094EA2288127} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {151E51BC-0023-4CBE-8B54-094EA2288127} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {151E51BC-0023-4CBE-8B54-094EA2288127} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {151E51BC-0023-4CBE-8B54-094EA2288127} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {151E51BC-0023-4CBE-8B54-094EA2288127} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {151E51BC-0023-4CBE-8B54-094EA2288127} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {151E51BC-0023-4CBE-8B54-094EA2288127} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {151E51BC-0023-4CBE-8B54-094EA2288127} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {151E51BC-0023-4CBE-8B54-094EA2288127} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {151E51BC-0023-4CBE-8B54-094EA2288127} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {151E51BC-0023-4CBE-8B54-094EA2288127} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {151E51BC-0023-4CBE-8B54-094EA2288127} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {151E51BC-0023-4CBE-8B54-094EA2288127} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {151E51BC-0023-4CBE-8B54-094EA2288127} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {151E51BC-0023-4CBE-8B54-094EA2288127} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {151E51BC-0023-4CBE-8B54-094EA2288127} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {151E51BC-0023-4CBE-8B54-094EA2288127} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {151E51BC-0023-4CBE-8B54-094EA2288127} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {151E51BC-0023-4CBE-8B54-094EA2288127} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {151E51BC-0023-4CBE-8B54-094EA2288127} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {151E51BC-0023-4CBE-8B54-094EA2288127} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {151E51BC-0023-4CBE-8B54-094EA2288127} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {151E51BC-0023-4CBE-8B54-094EA2288127} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {151E51BC-0023-4CBE-8B54-094EA2288127} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {151E51BC-0023-4CBE-8B54-094EA2288127} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {151E51BC-0023-4CBE-8B54-094EA2288127} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {151E51BC-0023-4CBE-8B54-094EA2288127} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {151E51BC-0023-4CBE-8B54-094EA2288127} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {151E51BC-0023-4CBE-8B54-094EA2288127} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {151E51BC-0023-4CBE-8B54-094EA2288127} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {151E51BC-0023-4CBE-8B54-094EA2288127} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {151E51BC-0023-4CBE-8B54-094EA2288127} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {151E51BC-0023-4CBE-8B54-094EA2288127} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {151E51BC-0023-4CBE-8B54-094EA2288127} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {151E51BC-0023-4CBE-8B54-094EA2288127} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {151E51BC-0023-4CBE-8B54-094EA2288127} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {151E51BC-0023-4CBE-8B54-094EA2288127} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {151E51BC-0023-4CBE-8B54-094EA2288127} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {151E51BC-0023-4CBE-8B54-094EA2288127} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {151E51BC-0023-4CBE-8B54-094EA2288127} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {151E51BC-0023-4CBE-8B54-094EA2288127} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {151E51BC-0023-4CBE-8B54-094EA2288127} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {151E51BC-0023-4CBE-8B54-094EA2288127} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {151E51BC-0023-4CBE-8B54-094EA2288127} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {151E51BC-0023-4CBE-8B54-094EA2288127} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {151E51BC-0023-4CBE-8B54-094EA2288127} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {151E51BC-0023-4CBE-8B54-094EA2288127} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {151E51BC-0023-4CBE-8B54-094EA2288127} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {151E51BC-0023-4CBE-8B54-094EA2288127} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {151E51BC-0023-4CBE-8B54-094EA2288127} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {151E51BC-0023-4CBE-8B54-094EA2288127} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {151E51BC-0023-4CBE-8B54-094EA2288127} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {151E51BC-0023-4CBE-8B54-094EA2288127} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {151E51BC-0023-4CBE-8B54-094EA2288127} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {151E51BC-0023-4CBE-8B54-094EA2288127} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {151E51BC-0023-4CBE-8B54-094EA2288127} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {151E51BC-0023-4CBE-8B54-094EA2288127} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {151E51BC-0023-4CBE-8B54-094EA2288127} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {151E51BC-0023-4CBE-8B54-094EA2288127} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {151E51BC-0023-4CBE-8B54-094EA2288127} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {151E51BC-0023-4CBE-8B54-094EA2288127} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {151E51BC-0023-4CBE-8B54-094EA2288127} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {151E51BC-0023-4CBE-8B54-094EA2288127} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {151E51BC-0023-4CBE-8B54-094EA2288127} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {151E51BC-0023-4CBE-8B54-094EA2288127} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {151E51BC-0023-4CBE-8B54-094EA2288127} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {151E51BC-0023-4CBE-8B54-094EA2288127} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {151E51BC-0023-4CBE-8B54-094EA2288127} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {151E51BC-0023-4CBE-8B54-094EA2288127} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {151E51BC-0023-4CBE-8B54-094EA2288127} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {151E51BC-0023-4CBE-8B54-094EA2288127} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {151E51BC-0023-4CBE-8B54-094EA2288127} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {151E51BC-0023-4CBE-8B54-094EA2288127} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {151E51BC-0023-4CBE-8B54-094EA2288127} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {151E51BC-0023-4CBE-8B54-094EA2288127} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: CLKERN.DLL C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BvrpKrnl - Unknown owner - C:\Program Files\WinFax eXPert\BVRPKrnl.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\GHOSTS~2.EXE
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: Kaspersky Anti-Virus Service (KLBLMain) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kavmm.exe" -run bl -n PersonalPro -v 5.0.0.0 -ttsr 10000000 (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe
Marsh Posté le 30-04-2006 à 07:08:41
Salut,
Miracle, j'ai téléchargé EWIDO hier après midi et scanné à plusieurs reprises: mémoire vive, registre, répertoire windows et les cookies.
Ce matin en allumant le PC la petite fenètre a disparu.
Je vous tiendrai au courant pour vous informer si tout est rentré dans l'ordre.
Bon 1er mai
Marsh Posté le 30-04-2006 à 12:46:32
bonjour spide_59
as-tu lancé le SmitfraudFix (dernière version) ?
Marsh Posté le 30-04-2006 à 15:34:51
Bonjour,
SmitfraudFix est impossible à ouvrir, quand je clique sur le fichier une fenètre noire s'ouvre et se referme immédiatement.
Marsh Posté le 30-04-2006 à 15:38:48
retélécharge-le et dézippe-le en mode sans échec. Puis lance-le, option2 et réponds oui à tout. Le log sera sauvegardé dans le fichier C:\rapport.txt, si ça a marché, poste-le
Marsh Posté le 01-05-2006 à 08:11:21
Dossier rechargé, dézippé en mode sans échec, et même problème.
La fenêtre DOS s'ouvre et se referme instantanément.
aucun accès.
Marsh Posté le 01-05-2006 à 11:42:21
Salut,
re-démarre en mode sans échec et exécute "Testor" après l'avoir décompressé dans un dossier dédié...
Essaye à nouveau Smitfraud...
Si pas de résultat, télécharge SilentRunners et poste ici le rapport !
Bonne chance !
Marsh Posté le 03-05-2006 à 09:03:23
Salut à tous,
J'ai tout essayé et seul le rapport SilentRunners est possible.
Bonne journée
"Silent Runners.vbs", revision 45, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"TClockEx" = "C:\Program Files\TClockEx\TCLOCKEX.EXE" ["Dale Nurden"]
"msnmsgr" = ""C:\Program Files\MSN Messenger\msnmsgr.exe" /background" [MS]
"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ {++}
"wininet.dll" = (empty string)
"kernel32.dll" = (empty string)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"KAV50" = ""C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kav.exe" -run -n PersonalPro -v 5.0.0.0" ["Kaspersky Lab"]
"LVCOMSX" = "C:\WINDOWS\system32\LVCOMSX.EXE" ["Logitech Inc."]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{A2569D1F-4E06-43EC-9825-0088B471BE47}" = "IntelliType Pro Wireless Control Panel Property Page"
-> {HKLM...CLSID} = "IntelliType Pro Wireless Control Panel Property Page"
\InProcServer32\(Default) = ""C:\Program Files\Microsoft IntelliType Pro\itcplwir.dll"" [MS]
"{111D8120-25EB-4E1C-A4DF-C9EE5FCA35CB}" = "IntelliType Pro Scrolling Control Panel Property Page"
-> {HKLM...CLSID} = "IntelliType Pro Scrolling Property Page"
\InProcServer32\(Default) = ""C:\Program Files\Microsoft IntelliType Pro\itcplwhl.dll"" [MS]
"{ED6E87C6-8A83-43aa-8208-8DBC8247F4D2}" = "IntelliType Pro Key Settings Control Panel Property Page"
-> {HKLM...CLSID} = "IntelliType Pro Key Settings Property Page"
\InProcServer32\(Default) = ""C:\Program Files\Microsoft IntelliType Pro\itcplkey.dll"" [MS]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{AC1DB655-4F9A-4c39-8AD2-A65324A4C446}" = "Autodesk Drawing Preview"
-> {HKLM...CLSID} = "ACTHUMBNAIL"
\InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Autodesk Shared\Thumbnail\AcThumbnail16.dll" ["Autodesk"]
"{36A21736-36C2-4C11-8ACB-D4136F2B57BD}" = "Identificateur de superposition : icône Signatures numériques de AutoCAD"
-> {HKLM...CLSID} = "AcSignIcon"
\InProcServer32\(Default) = "C:\WINDOWS\system32\AcSignIcon.dll" ["Autodesk"]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {HKLM...CLSID} = "Portable Media Devices"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {HKLM...CLSID} = "Portable Media Devices Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{c7745760-8ead-11ce-b750-02608ca5202c}" = "IomegaWare Shell Extension"
-> {HKLM...CLSID} = "IomegaWare Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Iomega\Shell\ImgMenu.dll" ["Iomega Corp."]
"{c7745761-8ead-11ce-b750-02608ca5202c}" = "IomegaWare Shell Extension"
-> {HKLM...CLSID} = "IomegaWare Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Iomega\Shell\ImgProp.dll" ["Iomega Corp."]
"{57C51AF9-DEF7-11D3-A801-00C04F163490}" = "Ghost Shell Extension"
-> {HKLM...CLSID} = "PropPage Class"
\InProcServer32\(Default) = "C:\Program Files\Norton SystemWorks\Norton Ghost\GhoShExt.dll" ["Symantec Corporation"]
"{fc181130-05a0-11d6-8140-000102e745a6}" = "Mon P910i"
-> {HKLM...CLSID} = "Mon P910i"
\InProcServer32\(Default) = "C:\Program Files\Sony Ericsson\Mobile\auexpext.dll" ["Teleca Software Solutions AB"]
"{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"
-> {HKLM...CLSID} = "Shell Search Band"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {HKLM...CLSID} = "Microsoft Office Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook File Icon Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{5EB5D616-DC17-4f5c-BB4F-73D99A0C7C32}" = "ScanSoft PDF Converter 3.0 Shell Extension"
-> {HKLM...CLSID} = "ScanSoft PDF Converter 3.0 Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\ScanSoft\OmniPage15.0\PDFConverter3\ShellExt30.dll" ["ScanSoft, Inc."]
"{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"
-> {HKLM...CLSID} = "NeroDigitalIconHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"
-> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
"{5E2121EE-0300-11D4-8D3B-444553540000}" = "Catalyst Context Menu extension"
-> {HKLM...CLSID} = "SimpleShlExt Class"
\InProcServer32\(Default) = "C:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll" [empty string]
"{400CFEE2-39D0-46DC-96DF-E0BB5A4324B3}" = "My Logitech Pictures"
-> {HKLM...CLSID} = "My Logitech Pictures"
\InProcServer32\(Default) = "C:\Program Files\Logitech\Video\Namespc2.dll" ["Logitech Inc."]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{54D9498B-CF93-414F-8984-8CE7FDE0D391}" = "ewido shell guard"
-> {HKLM...CLSID} = "CShellExecuteHookImpl Object"
\InProcServer32\(Default) = "C:\Program Files\ewido anti-malware\shellhook.dll" ["TODO: <Firmenname>"]
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\
INFECTION WARNING! "AppInit_DLLs" = "CLKERN.DLL C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL" ["MicroBest Corporation"]
HKLM\System\CurrentControlSet\Control\Session Manager\
INFECTION WARNING! "BootExecute" = "autocheck autochk *" [file not found], [MS], [file not found]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]
HKLM\Software\Classes\PROTOCOLS\Filter\
INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]
HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"
-> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\7-Zip\7-zipn.dll" ["Igor Pavlov"]
ewido\(Default) = "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}"
-> {HKLM...CLSID} = "Ctest Object"
\InProcServer32\(Default) = "C:\Program Files\ewido anti-malware\context.dll" ["ewido networks"]
Kaspersky Anti-Virus\(Default) = "{DD230880-495A-11D1-B064-008048EC2FC5}"
-> {HKLM...CLSID} = "ShellExt Class"
\InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\ShellEx.dll" ["Kaspersky Lab"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\7-Zip\7-zipn.dll" ["Igor Pavlov"]
ewido\(Default) = "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}"
-> {HKLM...CLSID} = "Ctest Object"
\InProcServer32\(Default) = "C:\Program Files\ewido anti-malware\context.dll" ["ewido networks"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\7-Zip\7-zipn.dll" ["Igor Pavlov"]
Kaspersky Anti-Virus\(Default) = "{DD230880-495A-11D1-B064-008048EC2FC5}"
-> {HKLM...CLSID} = "ShellExt Class"
\InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\ShellEx.dll" ["Kaspersky Lab"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
Default executables:
--------------------
HKCU\Software\Classes\.scr\(Default) = "AutoCADScriptFile"
HKCU\Software\Classes\AutoCADScriptFile\shell\open\command\(Default) = ""C:\WINDOWS\notepad.exe" "%1"" [MS]
Active Desktop and Wallpaper:
-----------------------------
Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Alain p\Application Data\Microsoft\Internet Explorer\Papier peint de Internet Explorer.bmp"
Enabled Screen Saver:
---------------------
HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\ssstars.scr" [MS]
Enabled Scheduled Tasks:
------------------------
"Norton SystemWorks One Button Checkup" -> launches: "C:\Program Files\Norton SystemWorks\OBC.exe /CUSTOM /SCHEDULE" ["Symantec Corporation"]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 23
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]
HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]
Explorer Bars
HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\
{21569614-B795-46B1-85F4-E737A8DC09AD}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Shell Search Band"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
Dormant Explorer Bars in "View, Explorer Bar" menu
HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Rechercher"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Recherche"
{CD67F990-D8E9-11D2-98FE-00C0F0318AFE}\
{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]
Miscellaneous IE Hijack Points
------------------------------
C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings" )
Added lines (compared with English-language version):
[Strings]: SAFESITE_VALUE="http://home.microsoft.com/intl/fr/"
Missing lines (compared with English-language version):
[Strings]: 1 line
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."]
C-DillaCdaC11BA, C-DillaCdaC11BA, "C:\WINDOWS\system32\drivers\CDAC11BA.EXE" ["Macrovision"]
Diskeeper, Diskeeper, "C:\Program Files\Executive Software\Diskeeper\DkService.exe" ["Executive Software International, Inc."]
ewido security suite control, ewido security suite control, "C:\Program Files\ewido anti-malware\ewidoctrl.exe" ["ewido networks"]
ewido security suite guard, ewido security suite guard, "C:\Program Files\ewido anti-malware\ewidoguard.exe" ["ewido networks"]
GhostStartService, GhostStartService, "C:\PROGRA~1\NORTON~1\NORTON~1\GHOSTS~2.EXE" ["Symantec Corporation"]
HTTP SSL, HTTPFilter, "C:\WINDOWS\System32\svchost.exe -k HTTPFilter" {"C:\WINDOWS\System32\w3ssl.dll" [MS]}
Iomega Active Disk, _IOMEGA_ACTIVE_DISK_SERVICE_, ""C:\Program Files\Iomega\AutoDisk\ADService.exe"" ["Iomega Corporation"]
Iomega App Services, Iomega App Services, ""C:\PROGRA~1\Iomega\System32\AppServices.exe"" ["Iomega Corporation"]
Kaspersky Anti-Virus Service, KLBLMain, ""C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kavmm.exe" -run bl -n PersonalPro -v 5.0.0.0 -ttsr 10000000" ["Kaspersky Lab"]
LexBce Server, LexBceS, "C:\WINDOWS\system32\LEXBCES.EXE" ["Lexmark International, Inc."]
Machine Debug Manager, MDM, ""C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE"" [MS]
Norton Unerase Protection, NProtectService, "C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE" ["Symantec Corporation"]
Speed Disk service, Speed Disk service, "C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe" ["Symantec Corporation"]
Ulead Burning Helper, UleadBurningHelper, "C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe" ["Ulead Systems, Inc."]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]
Print Monitors:
---------------
HKLM\System\CurrentControlSet\Control\Print\Monitors\
Lexmark Network Port\Driver = "LEXLMPM.DLL" [file not found]
----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 56 seconds.
+ The search for all Registry CLSIDs containing dormant Explorer Bars
took 25 seconds.
---------- (total run time: 114 seconds)
Marsh Posté le 03-05-2006 à 10:07:30
Une belle saloperie ce problème, je le vois apparaître partout autour de moi et au boulot, heureusement qu'il y a Smitfraudfix! 
Pour ton problème de fenêtre DOS qui se referme immédiatement, tu peux faire "Démarrer" -> "Exécuter", tu tapes "cmd", et ça t'ouvrira une commande DOS. Puis tu vas dans le répertoire ou tu as décompressé Smitfraudfix (style c:\smitfraudfix, ça sera plus pratique que d'accéder au bureau), et tu lances l'exécutable manuellement, ça ne fonctionne pas?
---------------
J'aime pas Apple...
Marsh Posté le 03-05-2006 à 10:20:21
Je croid qu'on chope ca sur des sites de luc 
(c'est un pote à moi qui a eu ce problem, meme si c'est moi qui est posté 
)
Marsh Posté le 26-04-2006 à 21:19:15
Salut à tous
j'ai une fenetre en bas de mon ordi a droite qui s'affiche et qui me dit que mon pc est infecté, et il m'est impossible de l'enlever !
de plus ma page d'acceuil est www.safetydefender.com
et reviens a chaque fois, meme si je la change
J'imagine bien que safetydefender est un spywire, mais je ne sais pas comment faire pour l'enlever car adaware ne trouve rien...
Aider moi plize