xads.offeroptimizer.com

joke0

09/04/2004 à 21:51

Salut,

didier:

J'ai attrapé ce truc sur mon pc. Comment le supprimer
??????????

Télécharge Hijack This! et fait un scan de ton PC:
<http://www.spywareinfo.com/~merijn/downloads.html>
Ensuite demande un rapport et publie-le ici.

Après il y aura juste à cocher les cases qui vont bien pour
nettoyer...

--
joke0

didier

11/04/2004 à 10:43

Bonjour Joke0

Voici le rapport:

Logfile of HijackThis v1.97.7
Scan saved at 10:28:39, on 11/04/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.50 (5.50.4134.0600)

Running processes:
C:WINDOWSSYSTEMKERNEL32.DLL
C:WINDOWSSYSTEMMSGSRV32.EXE
C:WINDOWSSYSTEMSPOOL32.EXE
C:WINDOWSSYSTEMMPREXE.EXE
C:WINDOWSSYSTEMMDM.EXE
C:WINDOWSSYSTEMZONELABSVSMON.EXE
C:WINDOWSSYSTEMMSTASK.EXE
C:WINDOWSSYSTEMmmtask.tsk
C:WINDOWSEXPLORER.EXE
C:WINDOWSTASKMON.EXE
C:WINDOWSSYSTEMSYSTRAY.EXE
C:WINDOWSSYSTEMSTIMON.EXE
C:PROGRAM FILESLOGITECHMOUSEWARESYSTEMEM_EXEC.EXE
C:PROGRAM FILESNORTON ANTIVIRUSNAVAPW32.EXE
C:PROGRAM FILESNORTON ANTIVIRUSPOPROXY.EXE
C:PROGRAM FILESZONE LABSZONEALARMZONEALARM.EXE
C:WINDOWSSYSTEMWMIEXE.EXE
C:PROGRAM FILESAOL 7.0AWAOL.EXE
C:WINDOWSSYSTEMTAPISRV.EXE
C:WINDOWSSYSTEMRNAAPP.EXE
C:WINDOWSSYSTEMDDHELP.EXE
C:WINDOWSBUREAUHIJACKTHIS.EXE

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://www.
microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.
microsoft.com/isapi/redir.
dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://www.
microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL =
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL =
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Window Title = Microsoft
Internet Explorer fourni par AOL
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page =
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - C:WINDOWSBI.DLL
O3 - Toolbar: @msdxmLC.dll,,&Radio - {8E718888-423F-11D2-876E-
00A0C9082467} - C:WINDOWSSYSTEMMSDXM.OCX
O4 - HKLM..Run: [ScanRegistry] c:windowsscanregw.exe /autorun
O4 - HKLM..Run: [TaskMonitor] c:windowstaskmon.exe
O4 - HKLM..Run: [SystemTray] SysTray.Exe
O4 - HKLM..Run: [StillImageMonitor] C:WINDOWSSYSTEMSTIMON.EXE
O4 - HKLM..Run: [EM_EXEC] C:PROGRA~1LOGITECHMOUSEW~1SYSTEMEM_EXEC.EXE
O4 - HKLM..Run: [Norton Auto-Protect] C:PROGRA~1NORTON~1NAVAPW32.EXE
/LOADQUIET
O4 - HKLM..Run: [Norton eMail Protect] C:Program FilesNorton
AntiVirusPOPROXY.EXE
O4 - HKLM..RunServices: [Machine Debug Manager] C:WINDOWSSYSTEMMDM.EXE
O4 - HKLM..RunServices: [TrueVector] C:WINDOWSSYSTEMZONELABSVSMON.EXE -
service
O4 - HKLM..RunServices: [MiniLog] C:WINDOWSSYSTEMZONELABSMINILOG.EXE -
service
O4 - HKLM..RunServices: [ScriptBlocking] "C:Program FilesFichiers
communsSymantec SharedScript BlockingSBServ.exe" -reg
O4 - HKLM..RunServices: [SchedulingAgent] mstask.exe
O4 - Global Startup: ZoneAlarm.lnk = C:Program FilesZone
LabsZoneAlarmzonealarm.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box -
C:PROGRA~1INCRED~1binresourcesWebMenuImg.htm
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} (WONWebLauncher Class) -
http://212.153.46.5/tools/FlipsideWebLauncherControl.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) -
http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.
windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38020.3799768519
O16 - DPF: Yahoo! Fleet - http://download.games.yahoo.
com/games/clients/y/fltt3_x.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.
7.150/24a50b749d0abcdb4505/netzip/RdxIE601_fr.cab
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} - http://www.netpaloffers.
net/NetpalOffers/DMO1/ON01.cab
O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.
com/games/clients/y/dot4_x.cab

Je ne vois pas quoi enlever dans tout cela.

Merci d'avance de ce que tu pourras faire.
--
Ce message a été posté via la plateforme Web club-Internet.fr
This message has been posted by the Web platform club-Internet.fr

http://forums.club-internet.fr/

Bonjour Joke0

Voici le rapport:

Logfile of HijackThis v1.97.7
Scan saved at 10:28:39, on 11/04/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.50 (5.50.4134.0600)

Running processes:
C:WINDOWSSYSTEMKERNEL32.DLL
C:WINDOWSSYSTEMMSGSRV32.EXE
C:WINDOWSSYSTEMSPOOL32.EXE
C:WINDOWSSYSTEMMPREXE.EXE
C:WINDOWSSYSTEMMDM.EXE
C:WINDOWSSYSTEMZONELABSVSMON.EXE
C:WINDOWSSYSTEMMSTASK.EXE
C:WINDOWSSYSTEMmmtask.tsk
C:WINDOWSEXPLORER.EXE
C:WINDOWSTASKMON.EXE
C:WINDOWSSYSTEMSYSTRAY.EXE
C:WINDOWSSYSTEMSTIMON.EXE
C:PROGRAM FILESLOGITECHMOUSEWARESYSTEMEM_EXEC.EXE
C:PROGRAM FILESNORTON ANTIVIRUSNAVAPW32.EXE
C:PROGRAM FILESNORTON ANTIVIRUSPOPROXY.EXE
C:PROGRAM FILESZONE LABSZONEALARMZONEALARM.EXE
C:WINDOWSSYSTEMWMIEXE.EXE
C:PROGRAM FILESAOL 7.0AWAOL.EXE
C:WINDOWSSYSTEMTAPISRV.EXE
C:WINDOWSSYSTEMRNAAPP.EXE
C:WINDOWSSYSTEMDDHELP.EXE
C:WINDOWSBUREAUHIJACKTHIS.EXE

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://www.
microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.
microsoft.com/isapi/redir.
dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://www.
microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL =
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL =
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Window Title = Microsoft
Internet Explorer fourni par AOL
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page =
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - C:WINDOWSBI.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1036,&Radio - {8E718888-423F-11D2-876E-
00A0C9082467} - C:WINDOWSSYSTEMMSDXM.OCX
O4 - HKLM..Run: [ScanRegistry] c:windowsscanregw.exe /autorun
O4 - HKLM..Run: [TaskMonitor] c:windowstaskmon.exe
O4 - HKLM..Run: [SystemTray] SysTray.Exe
O4 - HKLM..Run: [StillImageMonitor] C:WINDOWSSYSTEMSTIMON.EXE
O4 - HKLM..Run: [EM_EXEC] C:PROGRA~1LOGITECHMOUSEW~1SYSTEMEM_EXEC.EXE
O4 - HKLM..Run: [Norton Auto-Protect] C:PROGRA~1NORTON~1NAVAPW32.EXE
/LOADQUIET
O4 - HKLM..Run: [Norton eMail Protect] C:Program FilesNorton
AntiVirusPOPROXY.EXE
O4 - HKLM..RunServices: [Machine Debug Manager] C:WINDOWSSYSTEMMDM.EXE
O4 - HKLM..RunServices: [TrueVector] C:WINDOWSSYSTEMZONELABSVSMON.EXE -
service
O4 - HKLM..RunServices: [MiniLog] C:WINDOWSSYSTEMZONELABSMINILOG.EXE -
service
O4 - HKLM..RunServices: [ScriptBlocking] "C:Program FilesFichiers
communsSymantec SharedScript BlockingSBServ.exe" -reg
O4 - HKLM..RunServices: [SchedulingAgent] mstask.exe
O4 - Global Startup: ZoneAlarm.lnk = C:Program FilesZone
LabsZoneAlarmzonealarm.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box -
C:PROGRA~1INCRED~1binresourcesWebMenuImg.htm
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} (WONWebLauncher Class) -
http://212.153.46.5/tools/FlipsideWebLauncherControl.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) -
http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.
windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38020.3799768519
O16 - DPF: Yahoo! Fleet - http://download.games.yahoo.
com/games/clients/y/fltt3_x.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.
7.150/24a50b749d0abcdb4505/netzip/RdxIE601_fr.cab
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} - http://www.netpaloffers.
net/NetpalOffers/DMO1/ON01.cab
O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.
com/games/clients/y/dot4_x.cab

Je ne vois pas quoi enlever dans tout cela.

Merci d'avance de ce que tu pourras faire.
--
Ce message a été posté via la plateforme Web club-Internet.fr
This message has been posted by the Web platform club-Internet.fr

http://forums.club-internet.fr/

Vous avez filtré cet utilisateur ! Consultez son message

Bonjour Joke0

Voici le rapport:

Logfile of HijackThis v1.97.7
Scan saved at 10:28:39, on 11/04/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.50 (5.50.4134.0600)

Running processes:
C:WINDOWSSYSTEMKERNEL32.DLL
C:WINDOWSSYSTEMMSGSRV32.EXE
C:WINDOWSSYSTEMSPOOL32.EXE
C:WINDOWSSYSTEMMPREXE.EXE
C:WINDOWSSYSTEMMDM.EXE
C:WINDOWSSYSTEMZONELABSVSMON.EXE
C:WINDOWSSYSTEMMSTASK.EXE
C:WINDOWSSYSTEMmmtask.tsk
C:WINDOWSEXPLORER.EXE
C:WINDOWSTASKMON.EXE
C:WINDOWSSYSTEMSYSTRAY.EXE
C:WINDOWSSYSTEMSTIMON.EXE
C:PROGRAM FILESLOGITECHMOUSEWARESYSTEMEM_EXEC.EXE
C:PROGRAM FILESNORTON ANTIVIRUSNAVAPW32.EXE
C:PROGRAM FILESNORTON ANTIVIRUSPOPROXY.EXE
C:PROGRAM FILESZONE LABSZONEALARMZONEALARM.EXE
C:WINDOWSSYSTEMWMIEXE.EXE
C:PROGRAM FILESAOL 7.0AWAOL.EXE
C:WINDOWSSYSTEMTAPISRV.EXE
C:WINDOWSSYSTEMRNAAPP.EXE
C:WINDOWSSYSTEMDDHELP.EXE
C:WINDOWSBUREAUHIJACKTHIS.EXE

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://www.
microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.
microsoft.com/isapi/redir.
dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://www.
microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL =
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL =
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Window Title = Microsoft
Internet Explorer fourni par AOL
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page =
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - C:WINDOWSBI.DLL
O3 - Toolbar: @msdxmLC.dll,,&Radio - {8E718888-423F-11D2-876E-
00A0C9082467} - C:WINDOWSSYSTEMMSDXM.OCX
O4 - HKLM..Run: [ScanRegistry] c:windowsscanregw.exe /autorun
O4 - HKLM..Run: [TaskMonitor] c:windowstaskmon.exe
O4 - HKLM..Run: [SystemTray] SysTray.Exe
O4 - HKLM..Run: [StillImageMonitor] C:WINDOWSSYSTEMSTIMON.EXE
O4 - HKLM..Run: [EM_EXEC] C:PROGRA~1LOGITECHMOUSEW~1SYSTEMEM_EXEC.EXE
O4 - HKLM..Run: [Norton Auto-Protect] C:PROGRA~1NORTON~1NAVAPW32.EXE
/LOADQUIET
O4 - HKLM..Run: [Norton eMail Protect] C:Program FilesNorton
AntiVirusPOPROXY.EXE
O4 - HKLM..RunServices: [Machine Debug Manager] C:WINDOWSSYSTEMMDM.EXE
O4 - HKLM..RunServices: [TrueVector] C:WINDOWSSYSTEMZONELABSVSMON.EXE -
service
O4 - HKLM..RunServices: [MiniLog] C:WINDOWSSYSTEMZONELABSMINILOG.EXE -
service
O4 - HKLM..RunServices: [ScriptBlocking] "C:Program FilesFichiers
communsSymantec SharedScript BlockingSBServ.exe" -reg
O4 - HKLM..RunServices: [SchedulingAgent] mstask.exe
O4 - Global Startup: ZoneAlarm.lnk = C:Program FilesZone
LabsZoneAlarmzonealarm.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box -
C:PROGRA~1INCRED~1binresourcesWebMenuImg.htm
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} (WONWebLauncher Class) -
http://212.153.46.5/tools/FlipsideWebLauncherControl.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) -
http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.
windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38020.3799768519
O16 - DPF: Yahoo! Fleet - http://download.games.yahoo.
com/games/clients/y/fltt3_x.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.
7.150/24a50b749d0abcdb4505/netzip/RdxIE601_fr.cab
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} - http://www.netpaloffers.
net/NetpalOffers/DMO1/ON01.cab
O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.
com/games/clients/y/dot4_x.cab

Je ne vois pas quoi enlever dans tout cela.

Merci d'avance de ce que tu pourras faire.
--
Ce message a été posté via la plateforme Web club-Internet.fr
This message has been posted by the Web platform club-Internet.fr

http://forums.club-internet.fr/

joke0

11/04/2004 à 12:33

Salut,

didier:

C:WINDOWSSYSTEMMDM.EXE

Normalement, il s'agit du debugger manager. Il n'est pas
installé par défaut, j'imagine que tu sais s'il s'agit vraiment
du mdm.exe de Windows.

C:PROGRAM FILESNORTON ANTIVIRUSPOPROXY.EXE

A mon avis, c'est dangereux d'utiliser ce truc pour filtrer les
mails entrants. On a souvent entendu parler de messages qui
disparaissent "par enchantement".
http://www.lacave.net/~jokeuse/usenet/faq-fcsv.html#a5.7

O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} -
C:WINDOWSBI.DLL

Cocher. C'est un cheval de Troie publicitaire:
TrojanSpy.Win32.BiSpy.

O4 - HKLM..RunServices: [Machine Debug Manager]
C:WINDOWSSYSTEMMDM.EXE

Si tu veux désactiver mdm.exe, cocher ici.

O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6}
(WONWebLauncher Class) -
http://212.153.46.5/tools/FlipsideWebLauncherControl.cab

Cocher.

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE
Class) - http://207.188.
7.150/24a50b749d0abcdb4505/netzip/RdxIE601_fr.cab

Cocher.

O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} -
http://www.netpaloffers. net/NetpalOffers/DMO1/ON01.cab

Et cocher.

Avec Internet Explorer fermé, tu cliques sur 'Fix' et tu
redémarres le PC. Au démarrage, tu vérifies que tout ce que tu
as coché n'apparait plus dans le rapport.

Il faut mieux configurer IE pour qu'il n'accepte plus les
ActiveX sur tous les sites.

--
joke0

xads.offeroptimizer.com

3 réponses

Veuillez sélectionner un problème