Analyse d'un Scan CWshredder.exe - Page 2

Précédent
  • 1
  • 2
  1. balltrap34 Messages postés 16241 Statut Contributeur sécurité 332
     
    Salut
    Ceci sont des trojan C:\WINDOWS\system32\scagent.exe
    C:\WINDOWS\System32\windll32.exe

    Relance hijack et coche et fix ces lignes
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Thierry2\LOCALS~1\Temp\sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Thierry2\LOCALS~1\Temp\sp.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Thierry2\LOCALS~1\Temp\sp.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Thierry2\LOCALS~1\Temp\sp.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Thierry2\LOCALS~1\Temp\sp.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Thierry2\LOCALS~1\Temp\sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.find-everything.com/index.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: (no name) - {CD4C3CF0-4B15-11D1-ABED-709549C10000} - (no file)
    O4 - HKCU\..\Run: [windll32.exe] C:\WINDOWS\System32\windll32.exe
    O16 - DPF: {093F9CF8-0DE1-491C-95D5-5EC257BD4CA3} - http://akamai.downloadv3.com/binaries/IA/dtc32_FR_XP.cab
    O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://c:\nosuch.mht!http://66.230.167.185/z/aw/chm/cool.chm::/cool.exe
    O16 - DPF: {1EB17D1C-141D-4D9D-91CB-24D99215851D} - http://akamai.downloadv3.com/binaries/IA/netia32_FR_XP.cab
    O16 - DPF: {6DB731A3-B074-4118-8B1C-32511C65D836} (FotovistaPhotoUploader.ctrFpu) - http://www.mypixmania.com/tools/activex/fpu.cab
    O16 - DPF: {94F5DCB7-816C-4B94-A2C1-856C6E323C5B} - http://akamai.downloadv3.com/binaries/LiveService/LiveService_4_FR_XP.cab
    O16 - DPF: {D1B80EBF-1A26-4FEC-B0B9-DCB934C6507E} - http://dialup.carpediem.fr/CABS/cd/1,0,3,8/fr/AccesMembre.cab
    O16 - DPF: {EEECA057-AD0F-44A7-8BE5-8634CEDBDBD1} - http://akamai.downloadv3.com/binaries/IA/netpe32_FR_XP.cab
    O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} - http://download.rfwnad.com/cab/dlaccell.CAB

    Tu ne ma pas dit ton probleme
    Met ton anti virus a jour
    Met un bon pare feu
    Et a eviter les site x et autres
    Telecharge cet anti trojan
    http://www.emsisoft.net/fr/
    penser a le metre a jour avant de scanner le pc

    --------------------
    mes vrai passion la chasse et le balltrap
    0
  2. zambal
     
    merci balltrap, je vais essayer çà. Mon problème est que quand je lance ie, j'ai toujours la même page d'accueil(un moteur de recherche à la con) et je ne peux pas la changer. Outlook express est aussi bloqué, je ne sais pas si c'est lié.
    0
  3. balltrap34 Messages postés 16241 Statut Contributeur sécurité 332
     
    ok
    tient moi au courent
    a++

    --------------------
    mes vrai passion la chasse et le balltrap
    0
  4. zambal
     
    salut balltrap, j'ai viré tout ce que tu m'as dit et outlook remarche mais j'ai toujours la même page d'accueil (about:blank). A chaque redémarrage de l'ordi(même non connecté) j'ai toujours ces lignes qui reviennent dans hijackthis :
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Thierry2\LOCALS~1\Temp\sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Thierry2\LOCALS~1\Temp\sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Thierry2\LOCALS~1\Temp\sp.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Thierry2\LOCALS~1\Temp\sp.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Thierry2\LOCALS~1\Temp\sp.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Thierry2\LOCALS~1\Temp\sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

    je te reposte mon dernier log :

    Logfile of HijackThis v1.97.7
    Scan saved at 15:07:55, on 18/07/2004
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE
    C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
    C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
    C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
    C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\Mixer.exe
    C:\WINDOWS\System32\MMTray.exe
    C:\WINDOWS\System32\MMTray2k.exe
    C:\WINDOWS\System32\MMTrayLSI.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
    C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\SAGEM\SAGEM F@st 800-908\dslmon.exe
    C:\Program Files\Microsoft Office\Office\1036\OLFSNT40.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\Thierry2\Bureau\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Thierry2\LOCALS~1\Temp\sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Thierry2\LOCALS~1\Temp\sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Thierry2\LOCALS~1\Temp\sp.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Thierry2\LOCALS~1\Temp\sp.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Thierry2\LOCALS~1\Temp\sp.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Thierry2\LOCALS~1\Temp\sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: (no name) - {B5B85CAB-7559-4B12-8080-2EFBB28F1E4A} - C:\WINDOWS\madopew.dll
    O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [MMTray] MMTray.exe
    O4 - HKLM\..\Run: [MMTray2K] MMTray2k.exe
    O4 - HKLM\..\Run: [MMTrayLSI] MMTrayLSI.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\System32\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1036
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [monitor] monitor.exe
    O4 - HKCU\..\Run: [Norton SystemWorks] C:\Program Files\Fichiers communs\Symantec Shared\CfgWiz.exe /GUID {DA9935BA-22F7-44ee-BD12-BD8B87700BEA}
    O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
    O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-908\dslmon.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1036\OLFSNT40.EXE
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Tout télécharger en utilisant Mass Downloader - C:\Program Files\Mass Downloader\Add_All.htm
    O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Télécharger en utilisant &Mass Downloader - C:\Program Files\Mass Downloader\Add_Url.htm
    O9 - Extra button: Mass Downloader (HKLM)
    O9 - Extra 'Tools' menuitem: &Mass Downloader (HKLM)
    O16 - DPF: {0000000A-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/d/4/4/d446e8a9-3a86-4b59-bb19-f5bd11b40367/wmavax.CAB
    O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {7DBFDA8E-D33B-11D4-9269-00600868E56E} (WWWInstall Class) - http://www.alloticket.com/MicroPaiement/kit/WebInstall.dll
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38109.3702430556
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/activedata/SymAData.dll
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - http://www.symantec.com/techsupp/activedata/ActiveData.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{08016098-2E42-43CE-96F0-766E80DDD989}: NameServer = 213.228.0.212 212.27.32.177
    O17 - HKLM\System\CS1\Services\Tcpip\..\{08016098-2E42-43CE-96F0-766E80DDD989}: NameServer = 213.228.0.212 212.27.32.177
    O17 - HKLM\System\CS2\Services\Tcpip\..\{08016098-2E42-43CE-96F0-766E80DDD989}: NameServer = 213.228.0.212 212.27.32.177

    Merci encore pour ton aide

    a+

    zambal
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. balltrap34 Messages postés 16241 Statut Contributeur sécurité 332
     
    salut fait ca et met le rapport

    http://membres.lycos.fr/aricop/forum/dllfix.exe

    -Pose-le sur le bureau.
    -Double-clique.
    -Décompresse-le sur le bureau.
    -Double-clique "Start.bat" et choisis l'option 1 pour le rapport.
    -Une fois la recherche terminée, un fichier txt doit apparaître sous
    le nom "Output.txt" et sera sauvegardé dans le dossier.
    -Copie/colle le contenu de "Output.txt" dans ta réponse.

    --------------------
    mes vrai passion la chasse et le balltrap
    0
  7. zambal
     
    salut balltrap, voici mon output.txt. Au démarrage, j'ai maintenant mon lecteur CD qui s'ouvre, est-ce lié???
    a+

    --==***@@@ FIND-ALL' VERSION MODIFIED -6/05 @@@***==--
    --==***@@@ ORIGINAL BY FREEATLAST @@@***==--

    20/07/2004
    11:56

    System Info:

    Microsoft Windows XP [version 5.1.2600]
    C: "" (A069:9E53) - FS:NTFS clusters:4k
    Total: 40 007 729 152 [37G] - Free: 7 407 566 848 [6.9G]

    *IE version and Service packs:
    6.0.2600.0 C:\Program Files\Internet Explorer\Iexplore.exe
    *Notepad version :
    5.1.2600.0 C:\WINDOWS\notepad.exe
    *Media Player version :
    8.0.0.4482 C:\Program Files\Windows Media Player\wmplayer.exe

    ! REG.EXE VERSION 2.0

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings
    MinorVersion REG_SZ ;Q837009;Q832894;

    Locked or 'Suspect' file(s) found...
    These may be other files that Dllfix doesnt target.

    Scanning for main Hijacker:

    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=""
    "DeviceNotSelectedTimeout"="15"
    "GDIProcessHandleQuota"=dword:00002710
    "Spooler"="yes"
    "swapdisk"=""
    "TransmissionRetryTimeout"="90"
    "USERProcessHandleQuota"=dword:00002710

    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
    @=""

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    @=""

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
    @=""

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B5B85CAB-7559-4B12-8080-2EFBB28F1E4A}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}]
    @=""

    REGEDIT4

    [HKEY_CLASSES_ROOT\PROTOCOLS\Filter]

    [HKEY_CLASSES_ROOT\PROTOCOLS\Filter\Class Install Handler]
    @="AP Class Install Handler filter"
    "CLSID"="{32B533BB-EDAE-11d0-BD5A-00AA00B92AF1}"

    [HKEY_CLASSES_ROOT\PROTOCOLS\Filter\deflate]
    @="AP Deflate Encoding/Decoding Filter "
    "CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"

    [HKEY_CLASSES_ROOT\PROTOCOLS\Filter\gzip]
    @="AP GZIP Encoding/Decoding Filter "
    "CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"

    [HKEY_CLASSES_ROOT\PROTOCOLS\Filter\lzdhtml]
    @="AP lzdhtml encoding/decoding Filter"
    "CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"

    [HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/html]
    "CLSID"="{AACA9E00-85EE-401B-850E-A3D3EADF05B4}"
    "CLSID_"="{353357F9-2A37-46D6-9AD2-24E3E1B0C51A}"

    [HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/plain]
    "CLSID"="{AACA9E00-85EE-401B-850E-A3D3EADF05B4}"

    [HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/webviewhtml]
    @="WebView MIME Filter"
    "CLSID"="{733AC4CB-F1A4-11d0-B951-00A0C90312E1}"

    ! REG.EXE VERSION 2.0

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
    AppInit_Dlls REG_SZ

    *Security settings for 'Windows' key:

    RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
    Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
    This program is Freeware, use it on your own risk!

    Access Control List for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:
    (NI) ALLOW Read BUILTIN\Utilisateurs
    (IO) ALLOW Read BUILTIN\Utilisateurs
    (NI) ALLOW Read BUILTIN\Utilisateurs avec pouvoir
    (IO) ALLOW Read BUILTIN\Utilisateurs avec pouvoir
    (NI) ALLOW Full access BUILTIN\Administrateurs
    (IO) ALLOW Full access BUILTIN\Administrateurs
    (NI) ALLOW Full access AUTORITE NT\SYSTEM
    (IO) ALLOW Full access AUTORITE NT\SYSTEM
    (NI) ALLOW Full access BUILTIN\Administrateurs
    (IO) ALLOW Full access CREATEUR PROPRIETAIRE

    Effective permissions for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:
    Read BUILTIN\Utilisateurs
    Read BUILTIN\Utilisateurs avec pouvoir
    Full access BUILTIN\Administrateurs
    Full access AUTORITE NT\SYSTEM

    0
  8. balltrap34 Messages postés 16241 Statut Contributeur sécurité 332
     
    re
    desoler j ai oublier des trucs
    relance hijack coche et fix les lignes que je t avais mis
    ensuite
    demarre en mode sans echec et supprime ces fichiers
    C:\WINDOWS\system32\scagent.exe
    C:\WINDOWS\System32\windll32.exe

    la chasse et la balltrap ma vrai passion
    voir site perso dans profil
    0
  9. zambal
     
    re
    y'a pas de mal mais scagent.exe et windll32.exe ne sont plus présents sur mon système depuis mon post n°28 du 18/07
    0
  10. balltrap34 Messages postés 16241 Statut Contributeur sécurité 332
     
    oki
    a tu essayer celui ci telecharge le derniere version
    CWShredder
    http://www.spywareinfo.com/~merijn/downloads.html

    il faut l'ouvrir (absolument) toutes fenêtres fermées et hors connexion et faire fix- next - next

    la chasse et la balltrap ma vrai passion
    voir site perso dans profil
    0
  11. zambal
     
    Salut balltrap, avec CWSshredder ça a marché nickel, j'ai enfin retrouvé ma page d'accueil. Merci encore pour toute ton aide.
    a+
    zambal
    0
  12. balltrap34 Messages postés 16241 Statut Contributeur sécurité 332
     
    de rien
    content pour toi
    a++

    la chasse et le balltrap ma vrai passion
    voir site perso dans profil
    0
  13. eashan27
     
    salut voila mon log est se kelkun pourrai maidé merci ;)

    Logfile of HijackThis v1.99.0
    Scan saved at 00:45:14, on 09/01/05
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SYSTEM\SXGTKBAR.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\PROGRAM FILES\FICHIERS COMMUNS\REAL\UPDATE_OB\REALSCHED.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\PROGRAM FILES\ADSL AUTOCONNECT\ADSL AUTOCONNECT.EXE
    C:\PROGRAM FILES\ADSL AUTOCONNECT\ADSL AUTOCONNECT.EXE
    C:\PROGRAM FILES\MSN APPS\UPDATER\01.02.3000.1001\FR\MSNAPPAU.EXE
    C:\PROGRAM FILES\AZUREUS\AZUREUS.EXE
    C:\PROGRAM FILES\JAVA\J2RE1.4.2_06\BIN\JAVAW.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    C:\PROGRAM FILES\XI\NETTRANSPORT 2\NETTRANSPORT.EXE
    C:\WINDOWS\TEMP\RAR$EX00.380\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.isearch.com/index.php?app=SE&affjump=1&affiliate=ODQ6NTo5&Terms=
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.isearch.com/index.php?app=SE&affjump=1&affiliate=ODQ6NTo5&Terms=
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.isearch.com/index.php?app=SE&affjump=1&affiliate=ODQ6NTo5&Terms=
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neuf.fr/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.isearch.com/index.php?app=SE&affjump=1&affiliate=ODQ6NTo5&Terms=
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.isearch.com/index.php?app=SE&affjump=1&affiliate=ODQ6NTo5&Terms=
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.neuf.fr
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - {1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file)
    N3 - Netscape 7: user_pref("browser.startup.homepage", "http://fr.racingmanager.yahoo.net/yracing/"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\x71yomx3.slt\prefs.js)
    N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRAM%20FILES%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_01.src"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\x71yomx3.slt\prefs.js)
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_18_0.DLL
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\FR\MSNTB.DLL
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\PROGRAM FILES\MSN APPS\ST\01.02.3000.1002\EN-XU\STMAIN.DLL
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
    O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\PROGRAM FILES\XI\NETTRANSPORT 2\NTIEHELPER.DLL
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: ohb - {086CEFD5-A88D-4981-8915-D51F04360ED1} - C:\WINDOWS\SYSTEM\WINHOT32.DLL
    O2 - BHO: ohb - {285B5CCD-C3F0-4EB6-9632-7D0A3C3AF824} - C:\WINDOWS\SYSTEM\HSRB.DLL
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\FR\MSNTB.DLL
    O3 - Toolbar: Yahoo! Compagnon - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_18_0.DLL
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: (no name) - {8B224779-3B0E-4FEA-8AE1-B66C20DD840F} - C:\WINDOWS\SYSTEM\WINHOT32.DLL
    O3 - Toolbar: (no name) - {1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file)
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [SxgTkBar] SxgTkBar.exe
    O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\RunServices: [PowerManager] C:\WINDOWS\SVCHOST.EXE
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe
    O4 - HKLM\..\RunServices: [ADSLAutoconnect] C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe -Z
    O4 - Startup: hp psc 2000 Series.lnk.disabled
    O4 - Startup: officejet 6100.lnk.disabled
    O8 - Extra context menu item: &Télécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
    O8 - Extra context menu item: Tout t&élécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddList.html
    O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
    O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
    O8 - Extra context menu item: Pages similaires - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
    O8 - Extra context menu item: Pages liées - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
    O8 - Extra context menu item: &iSearch The Web - res://C:\WINDOWS\SYSTEM\TOOLBAR.DLL/SEARCH.HTML
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
    O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES.DLL
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES.DLL
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yinst_current.cab
    O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.lankadeepa.lk/wfplayer/tdserver.cab
    O16 - DPF: {99802379-7362-40E2-9D28-8A3B9AF880B7} (iiittt Class) - http://hotsearchbar.com/toolbar2/winhot32.cab
    O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} - http://toolbar.isearch.com/general/drm.cab
    0
Précédent
  • 1
  • 2