| Tu as trouvé le meme nom que moi nwnmff? | Non coco j'ai fait msconfig puis demarer mais je n'ai rien trouve qui ressemblait a ton fichier !!????
je devrais refaire une analyse spybot pour voir exactement ou sa se trouve mais je pense qu'il est dans les cle de registre .
merci quand meme !! bye |
| 11 Séb08, le 30 oct 2006 à 11:23:31Remet un log Hijack
***** Have a good day ***** | Voila le nouveau log :
Logfile of HijackThis v1.99.1
Scan saved at 11:30:33, on 30/10/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kav.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kavmm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.lexmark.com/MD/?func=newreg&lang=1&prtr=4476001&ctry=0000080C&os=5&src=1
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [KAV50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kav.exe" -run -n PersonalPro -v 5.0.0.0
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://cathyves1.spaces.live.com/PhotoUpload/MsnPUpld.cab?10,0,912,0
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: bw+0 - {041F8868-9754-457E-975E-D43F4AF44B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {041F8868-9754-457E-975E-D43F4AF44B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {041F8868-9754-457E-975E-D43F4AF44B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {041F8868-9754-457E-975E-D43F4AF44B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {041F8868-9754-457E-975E-D43F4AF44B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {041F8868-9754-457E-975E-D43F4AF44B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {041F8868-9754-457E-975E-D43F4AF44B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {041F8868-9754-457E-975E-D43F4AF44B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {041F8868-9754-457E-975E-D43F4AF44B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {041F8868-9754-457E-975E-D43F4AF44B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {041F8868-9754-457E-975E-D43F4AF44B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {041F8868-9754-457E-975E-D43F4AF44B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {041F8868-9754-457E-975E-D43F4AF44B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {041F8868-9754-457E-975E-D43F4AF44B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {041F8868-9754-457E-975E-D43F4AF44B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {041F8868-9754-457E-975E-D43F4AF44B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {041F8868-9754-457E-975E-D43F4AF44B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {041F8868-9754-457E-975E-D43F4AF44B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {041F8868-9754-457E-975E-D43F4AF44B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {041F8868-9754-457E-975E-D43F4AF44B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {041F8868-9754-457E-975E-D43F4AF44B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {041F8868-9754-457E-975E-D43F4AF44B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {041F8868-9754-457E-975E-D43F4AF44B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {041F8868-9754-457E-975E-D43F4AF44B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {041F8868-9754-457E-975E-D43F4AF44B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {041F8868-9754-457E-975E-D43F4AF44B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {041F8868-9754-457E-975E-D43F4AF44B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {041F8868-9754-457E-975E-D43F4AF44B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {041F8868-9754-457E-975E-D43F4AF44B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {041F8868-9754-457E-975E-D43F4AF44B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {041F8868-9754-457E-975E-D43F4AF44B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {041F8868-9754-457E-975E-D43F4AF44B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {041F8868-9754-457E-975E-D43F4AF44B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {041F8868-9754-457E-975E-D43F4AF44B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {041F8868-9754-457E-975E-D43F4AF44B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {041F8868-9754-457E-975E-D43F4AF44B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {041F8868-9754-457E-975E-D43F4AF44B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {041F8868-9754-457E-975E-D43F4AF44B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {041F8868-9754-457E-975E-D43F4AF44B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {041F8868-9754-457E-975E-D43F4AF44B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {041F8868-9754-457E-975E-D43F4AF44B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {041F8868-9754-457E-975E-D43F4AF44B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {041F8868-9754-457E-975E-D43F4AF44B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {041F8868-9754-457E-975E-D43F4AF44B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {041F8868-9754-457E-975E-D43F4AF44B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {041F8868-9754-457E-975E-D43F4AF44B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {041F8868-9754-457E-975E-D43F4AF44B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {041F8868-9754-457E-975E-D43F4AF44B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {041F8868-9754-457E-975E-D43F4AF44B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {041F8868-9754-457E-975E-D43F4AF44B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {041F8868-9754-457E-975E-D43F4AF44B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {041F8868-9754-457E-975E-D43F4AF44B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {041F8868-9754-457E-975E-D43F4AF44B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {041F8868-9754-457E-975E-D43F4AF44B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {041F8868-9754-457E-975E-D43F4AF44B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {041F8868-9754-457E-975E-D43F4AF44B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {041F8868-9754-457E-975E-D43F4AF44B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {041F8868-9754-457E-975E-D43F4AF44B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {041F8868-9754-457E-975E-D43F4AF44B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {041F8868-9754-457E-975E-D43F4AF44B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {041F8868-9754-457E-975E-D43F4AF44B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {041F8868-9754-457E-975E-D43F4AF44B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {041F8868-9754-457E-975E-D43F4AF44B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {041F8868-9754-457E-975E-D43F4AF44B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {041F8868-9754-457E-975E-D43F4AF44B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {041F8868-9754-457E-975E-D43F4AF44B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {041F8868-9754-457E-975E-D43F4AF44B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {041F8868-9754-457E-975E-D43F4AF44B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {041F8868-9754-457E-975E-D43F4AF44B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {041F8868-9754-457E-975E-D43F4AF44B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {041F8868-9754-457E-975E-D43F4AF44B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {041F8868-9754-457E-975E-D43F4AF44B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {041F8868-9754-457E-975E-D43F4AF44B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {041F8868-9754-457E-975E-D43F4AF44B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {041F8868-9754-457E-975E-D43F4AF44B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {041F8868-9754-457E-975E-D43F4AF44B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {041F8868-9754-457E-975E-D43F4AF44B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: MsgPlusLoader.dll
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kaspersky Anti-Virus Service (KLBLMain) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kavmm.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe |
| 13 Séb08, le 30 oct 2006 à 11:38:36Pour vérif :
Télécharges smitfraudfix :
En image :
http://siri.urz.free.fr/Fix/SmitfraudFix.php
tu le décompresses tu doubles cliques sur smitfraudfix.cmd et tu choisi l option 1
cela vas générer un rapport.
Si tu vois des lignes avec PRESENT! Continue la manip qui suit.
Redémarres le PC en mode sans échec : tu tapotes sur la touche F8 de ton clavier (ou F5 ) et tu choisis le mode sans échec)
- Ouvre le dossier "SmitfraudFix" et double clic sur "Smitfraudfix.cmd", choisit l’option 2 et tu réponds oui à tout.
Copie/colle le rapport sur le forum stp.
***** Have a good day ***** | Voila c'est fait premiere etape voici le rapport :
SmitFraudFix v2.117
Rapport fait à 11:44:48,82, lun. 30/10/2006
Executé à partir de C:\Documents and Settings\Ordi\Mes documents\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Ordi
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Ordi\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Ordi\Favoris
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="MsgPlusLoader.dll"
»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
je ne vois pas de ligne avec present donc je n'ai pas fait en mode sans echec !! mais que dois je faire avec les cle corrompues ??? |
|
| Ce matin j'ai fait une analyse spybot je colle le raport :
Microsoft.WindowsSecurityCenter_disabled: Réglages (Modification du registre, fixed)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Start!=W=2
Command Service: Réglages (Clé du registre, fixed)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\cmdService
Command Service: Réglages (Clé du registre, fixing failed)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdService
Command Service: Réglages (Clé du registre, fixing failed)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService
Command Service: Réglages (Clé du registre, fixing failed)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\cmdService\\SYSTEM\CurrentControlSet\Services\mchInjDrv
Command Service: Réglages (Clé du registre, fixed)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdService\\SYSTEM\CurrentControlSet\Services\mchInjDrv
Command Service: Réglages (Clé du registre, fixing failed)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService\\SYSTEM\CurrentControlSet\Services\mchInjDrv
Smitfraud-C.: Réglages (Clé du registre, fixing failed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\drsmartload2
--- Spybot - Search && Destroy version: 1.3 ---
2006-10-27 Includes\Cookies.sbi
2006-10-13 Includes\Dialer.sbi
2006-10-27 Includes\DialerC.sbi
2006-10-13 Includes\Hijackers.sbi
2006-10-27 Includes\HijackersC.sbi
2006-10-27 Includes\Keyloggers.sbi
2006-10-27 Includes\KeyloggersC.sbi
2004-05-12 Includes\LSP.sbi
2006-10-13 Includes\Malware.sbi
2006-10-27 Includes\MalwareC.sbi
2006-10-20 Includes\PUPS.sbi
2006-10-27 Includes\PUPSC.sbi
2006-10-27 Includes\Revision.sbi
2006-10-13 Includes\Security.sbi
2006-10-27 Includes\SecurityC.sbi
2006-10-13 Includes\Spybots.sbi
2006-10-27 Includes\SpybotsC.sbi
2005-02-17 Includes\Tracks.uti
2006-10-13 Includes\Trojans.sbi
2006-10-27 Includes\TrojansC.sbi
est ce que je peux supprimer ces lignes du registre ??? ce n'est pas dangeureux ????
apres ca j'ai "redefini " mon demarrage j'ai fait executer msconfig demarrage desactiver tout et redemarer maintenant mon pc est en mode selectif de demarrage mais je ne vois rien de changer !!
hier j'ai fait une analyse avec tune up utilities 2006 une maintenance de l'ordi a l'examen du registre il me trouve 80 probleme !!!! est ce normal ?????? je les ai reparer mas rien n'a changer !! |
| 16 Séb08, le 30 oct 2006 à 11:50:52Ok, tu as essayé de les supprimé en mode sans echec en passant par la base de registre ?
***** Have a good day ***** | Euhhhh tu parle de quoi la ???? les lignes de registre decouverte par spybot ?????
si oui non je n'ai rien fait sans savoir si ces ligne etait essentiels et je ne sais pas ce qu'est la base de registre !!! tu sais moi et l'informatique ca fait 46 !!!! mdrrrrr apart surfer et quelques truc de base quand on rentre dans les details je suis perdue !!! lol |
| 18 Séb08, le 30 oct 2006 à 12:05:10Tu fais ceci :
démarrer -> executer -> dans la fenêtre qui s'ouvre tu tapes regedit - > ok
Après tu suis l'arborescence des clés dans ta base de registre (les lignes que t'as trouvé Spybot) et tu les supprimes.
***** Have a good day ***** |
| 19 Séb08, le 30 oct 2006 à 12:12:27Supprimes les clé en gras:
Command Service: Réglages (Clé du registre, fixed)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\cmdService
Command Service: Réglages (Clé du registre, fixing failed)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdService
Command Service: Réglages (Clé du registre, fixing failed)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService
Command Service: Réglages (Clé du registre, fixing failed)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\cmdService\\SYSTEM\CurrentControlSet\Services\mchInjDrv
Command Service: Réglages (Clé du registre, fixed)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdService\\SYSTEM\CurrentControlSet\Services\mchInjDrv
Command Service: Réglages (Clé du registre, fixing failed)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService\\SYSTEM\CurrentControlSet\Services\mchInjDrv
Smitfraud-C.: Réglages (Clé du registre, fixing failed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\drsmartload2
***** Have a good day ***** | Ok ca j'ai essaye
Command Service: Réglages (Clé du registre, fixed)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\cmdService => impossible de supprimer
Command Service: Réglages (Clé du registre, fixing failed)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdService => impossible de suprimer
Command Service: Réglages (Clé du registre, fixing failed)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService => impossible de suprrimer
Command Service: Réglages (Clé du registre, fixing failed)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\cmdService\\SYSTEM\CurrentControlSet\Services\mchInjDrv => impossible a trouver !!!!!
Command Service: Réglages (Clé du registre, fixed)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdService\\SYSTEM\CurrentControlSet\Services\mchInjDrv => impossible a trouver !!
Command Service: Réglages (Clé du registre, fixing failed)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService\\SYSTEM\CurrentControlSet\Services\mchInjDrv => impossible a trouver !!!
Smitfraud-C.: Réglages (Clé du registre, fixing failed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\drsmartload2 => suprimer !!
les cle que je n'arrive pas a trouver sont celle ou il y a 2/ avant system ,??? comment faire ??? |
|
|
|
|
Blackberry internet service
