Toolbars sous IE... help!
tormento
-
balltrap34 Messages postés 16241 Statut Contributeur sécurité -
balltrap34 Messages postés 16241 Statut Contributeur sécurité -
bonjour a tous
je poste ce message apres avoir infructueusement tenté de resoudre le probleme... mon kaspersky (a jour) ne detecte rien, pareil pour spybot et startup mechanics...
deux toolbars sont affichées de base sur mon IE (coolbars et begin2search.com), et malgré que j'aie effacé (avec hijackthis) la ligne contenant "http://www.thecoolbar.com/installfiles/coolbar.cab ", la coolbar est toujours la (j'avais bien sur fermé toutes mes fenetres IE avant de proceder)
mon log hijackthis:
...................................................
Logfile of HijackThis v1.98.2
Scan saved at 21:21:11, on 19/12/2004
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP2 (5.00.2920.0000)
Running processes:
D:\WINNT\System32\smss.exe
D:\WINNT\SYSTEM32\winlogon.exe
D:\WINNT\system32\services.exe
D:\WINNT\system32\lsass.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\system32\spoolsv.exe
D:\WINNT\System32\svchost.exe
D:\WINNT\System32\nvsvc32.exe
D:\WINNT\system32\regsvc.exe
D:\WINNT\system32\MSTask.exe
D:\WINNT\system32\stisvc.exe
D:\WINNT\System32\WBEM\WinMgmt.exe
D:\WINNT\System32\mspmspsv.exe
D:\WINNT\Explorer.EXE
D:\Program Files\Logitech\iTouch\iTouch.exe
D:\WINNT\System32\GSICON.EXE
D:\WINNT\System32\dslagent.exe
D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
D:\WINNT\loadqm.exe
D:\Program Files\Logitech\MouseWare\system\em_exec.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Documents and Settings\Yoshi Torenaga\Bureau\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.popupsearches.com/sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.popupsearches.com/sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.popupsearches.com/sidesearch.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neogeofans.com/leforum
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://D:\WINNT\jfgfq.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://D:\WINNT\jfgfq.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://D:\WINNT\jfgfq.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.popupsearches.com/sidesearch.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.popupsearches.com/sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: BTGrabObj Class - {00000000-F09C-02B4-6EC2-AD0300000000} - D:\WINNT\BTGrab.dll
O2 - BHO: ohb - {4D568F0F-8AC9-40AB-88B7-415134C78777} - D:\WINNT\System32\winb2s32.dll
O2 - BHO: Fizzlebar.clsFwBar - {9056A11F-5EA6-4A67-BDE9-8D3C7C453DAC} - c:\sysfwb\1117668488\iefwbar.dll
O2 - BHO: ohb - {CB5B2BC6-F957-4D8A-BE67-83F3EC58BA01} - D:\WINNT\System32\dsktrf.dll
O2 - BHO: (no name) - {F6FBEF53-BF96-99F0-0567-A196C405EC43} - D:\WINNT\system32\mfcex32.dll (file missing)
O3 - Toolbar: @msdxmLC.dll,-1@1036,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Begin2Search.com Bar - {52FE5233-367C-4EFB-BDD7-0BE4D212C107} - D:\WINNT\System32\winb2s32.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] D:\WINNT\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [zBrowser Launcher] D:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [OfficeGuard RegChecker] "D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\ogrc.exe"
O4 - HKLM\..\Run: [AVPCC] "D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe" /wait
O4 - HKLM\..\Run: [RemoteControl] "D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O8 - Extra context menu item: Rebate Nation - file://D:\Program Files\Rebate_Nation\Sy5300\Tp5300\scri5300a.htm
O14 - IERESET.INF: START_PAGE_URL=http://www.fr.msn.com
O14 - IERESET.INF: MS_START_PAGE_URL=http://www.fr.msn.com
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.static.topconverting.com
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=fab19f64c271dfd5b772fcfb344ed4d5f8217f7b03e9b7145eeb15c7b73869070b857bc819ac1ca41787ff055d83fcb743482bfaec:0a002003c3f6d5950937c6314a45eb37
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{77534BCD-4344-4474-A1BE-6830984FF97B}: NameServer = 80.10.246.1 80.10.246.132
......................................
note concernant les lignes "015 - trusted zone"! je les supprime, mais elles reapparraissent a chaque scan...
merci d'avance!
je poste ce message apres avoir infructueusement tenté de resoudre le probleme... mon kaspersky (a jour) ne detecte rien, pareil pour spybot et startup mechanics...
deux toolbars sont affichées de base sur mon IE (coolbars et begin2search.com), et malgré que j'aie effacé (avec hijackthis) la ligne contenant "http://www.thecoolbar.com/installfiles/coolbar.cab ", la coolbar est toujours la (j'avais bien sur fermé toutes mes fenetres IE avant de proceder)
mon log hijackthis:
...................................................
Logfile of HijackThis v1.98.2
Scan saved at 21:21:11, on 19/12/2004
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP2 (5.00.2920.0000)
Running processes:
D:\WINNT\System32\smss.exe
D:\WINNT\SYSTEM32\winlogon.exe
D:\WINNT\system32\services.exe
D:\WINNT\system32\lsass.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\system32\spoolsv.exe
D:\WINNT\System32\svchost.exe
D:\WINNT\System32\nvsvc32.exe
D:\WINNT\system32\regsvc.exe
D:\WINNT\system32\MSTask.exe
D:\WINNT\system32\stisvc.exe
D:\WINNT\System32\WBEM\WinMgmt.exe
D:\WINNT\System32\mspmspsv.exe
D:\WINNT\Explorer.EXE
D:\Program Files\Logitech\iTouch\iTouch.exe
D:\WINNT\System32\GSICON.EXE
D:\WINNT\System32\dslagent.exe
D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
D:\WINNT\loadqm.exe
D:\Program Files\Logitech\MouseWare\system\em_exec.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Documents and Settings\Yoshi Torenaga\Bureau\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.popupsearches.com/sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.popupsearches.com/sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.popupsearches.com/sidesearch.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neogeofans.com/leforum
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://D:\WINNT\jfgfq.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://D:\WINNT\jfgfq.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://D:\WINNT\jfgfq.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.popupsearches.com/sidesearch.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.popupsearches.com/sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: BTGrabObj Class - {00000000-F09C-02B4-6EC2-AD0300000000} - D:\WINNT\BTGrab.dll
O2 - BHO: ohb - {4D568F0F-8AC9-40AB-88B7-415134C78777} - D:\WINNT\System32\winb2s32.dll
O2 - BHO: Fizzlebar.clsFwBar - {9056A11F-5EA6-4A67-BDE9-8D3C7C453DAC} - c:\sysfwb\1117668488\iefwbar.dll
O2 - BHO: ohb - {CB5B2BC6-F957-4D8A-BE67-83F3EC58BA01} - D:\WINNT\System32\dsktrf.dll
O2 - BHO: (no name) - {F6FBEF53-BF96-99F0-0567-A196C405EC43} - D:\WINNT\system32\mfcex32.dll (file missing)
O3 - Toolbar: @msdxmLC.dll,-1@1036,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Begin2Search.com Bar - {52FE5233-367C-4EFB-BDD7-0BE4D212C107} - D:\WINNT\System32\winb2s32.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] D:\WINNT\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [zBrowser Launcher] D:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [OfficeGuard RegChecker] "D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\ogrc.exe"
O4 - HKLM\..\Run: [AVPCC] "D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe" /wait
O4 - HKLM\..\Run: [RemoteControl] "D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O8 - Extra context menu item: Rebate Nation - file://D:\Program Files\Rebate_Nation\Sy5300\Tp5300\scri5300a.htm
O14 - IERESET.INF: START_PAGE_URL=http://www.fr.msn.com
O14 - IERESET.INF: MS_START_PAGE_URL=http://www.fr.msn.com
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.static.topconverting.com
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=fab19f64c271dfd5b772fcfb344ed4d5f8217f7b03e9b7145eeb15c7b73869070b857bc819ac1ca41787ff055d83fcb743482bfaec:0a002003c3f6d5950937c6314a45eb37
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{77534BCD-4344-4474-A1BE-6830984FF97B}: NameServer = 80.10.246.1 80.10.246.132
......................................
note concernant les lignes "015 - trusted zone"! je les supprime, mais elles reapparraissent a chaque scan...
merci d'avance!
3 réponses
relance hj coche et fix ces lignes
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.popupsearches.com/sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.popupsearches.com/sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.popupsearches.com/sidesearch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://D:\WINNT\jfgfq.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://D:\WINNT\jfgfq.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://D:\WINNT\jfgfq.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.popupsearches.com/sidesearch.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.popupsearches.com/sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: BTGrabObj Class - {00000000-F09C-02B4-6EC2-AD0300000000} - D:\WINNT\BTGrab.dll
O2 - BHO: ohb - {4D568F0F-8AC9-40AB-88B7-415134C78777} - D:\WINNT\System32\winb2s32.dll
O2 - BHO: Fizzlebar.clsFwBar - {9056A11F-5EA6-4A67-BDE9-8D3C7C453DAC} - c:\sysfwb\1117668488\iefwbar.dll
O2 - BHO: ohb - {CB5B2BC6-F957-4D8A-BE67-83F3EC58BA01} - D:\WINNT\System32\dsktrf.dll
O2 - BHO: (no name) - {F6FBEF53-BF96-99F0-0567-A196C405EC43} - D:\WINNT\system32\mfcex32.dll (file missing)
O3 - Toolbar: Begin2Search.com Bar - {52FE5233-367C-4EFB-BDD7-0BE4D212C107} - D:\WINNT\System32\winb2s32.dll
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.static.topconverting.com
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=fab19f64c271dfd5b772fcfb344ed4d5f8217f7b03e9b7145eeb15c7b73869070b857bc819ac1ca41787ff055d83fcb743482bfaec:0a002003c3f6d5950937c6314a45eb37
---------
pour les 015 si elle reviennent ont s en occuperat apres
la chasse et le balltrap ma vrai passion
voir site perso dans profil
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.popupsearches.com/sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.popupsearches.com/sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.popupsearches.com/sidesearch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://D:\WINNT\jfgfq.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://D:\WINNT\jfgfq.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://D:\WINNT\jfgfq.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.popupsearches.com/sidesearch.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.popupsearches.com/sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: BTGrabObj Class - {00000000-F09C-02B4-6EC2-AD0300000000} - D:\WINNT\BTGrab.dll
O2 - BHO: ohb - {4D568F0F-8AC9-40AB-88B7-415134C78777} - D:\WINNT\System32\winb2s32.dll
O2 - BHO: Fizzlebar.clsFwBar - {9056A11F-5EA6-4A67-BDE9-8D3C7C453DAC} - c:\sysfwb\1117668488\iefwbar.dll
O2 - BHO: ohb - {CB5B2BC6-F957-4D8A-BE67-83F3EC58BA01} - D:\WINNT\System32\dsktrf.dll
O2 - BHO: (no name) - {F6FBEF53-BF96-99F0-0567-A196C405EC43} - D:\WINNT\system32\mfcex32.dll (file missing)
O3 - Toolbar: Begin2Search.com Bar - {52FE5233-367C-4EFB-BDD7-0BE4D212C107} - D:\WINNT\System32\winb2s32.dll
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.static.topconverting.com
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=fab19f64c271dfd5b772fcfb344ed4d5f8217f7b03e9b7145eeb15c7b73869070b857bc819ac1ca41787ff055d83fcb743482bfaec:0a002003c3f6d5950937c6314a45eb37
---------
pour les 015 si elle reviennent ont s en occuperat apres
la chasse et le balltrap ma vrai passion
voir site perso dans profil
