Balltrap i need your help
Résolu
stef69
Messages postés
36
Statut
Membre
-
balltrap34 Messages postés 16241 Statut Contributeur sécurité -
balltrap34 Messages postés 16241 Statut Contributeur sécurité -
J'ai fait tourner adaware et spybot;je viens de lancer HIJACK THIS et voici le résultat:Logfile of HijackThis v1.99.1
Scan saved at 15:03:31, on 25/06/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\SYS\WINDOWS\System32\smss.exe
C:\SYS\WINDOWS\system32\csrss.exe
C:\SYS\WINDOWS\system32\winlogon.exe
C:\SYS\WINDOWS\system32\services.exe
C:\SYS\WINDOWS\system32\lsass.exe
C:\SYS\WINDOWS\system32\ibmpmsvc.exe
C:\SYS\WINDOWS\system32\svchost.exe
C:\SYS\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\SYS\WINDOWS\system32\spoolsv.exe
C:\Program Files\NavNT\Symantec antivirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NetbackupPC\System\NBPClientSvcush.exe
C:\SYS\PSA\PsaSce1.exe
C:\SYS\WINDOWS\system32\regsvc.exe
C:\SYS\WINDOWS\system32\MSTask.exe
c:\sys\psa\pv3agcg.exe
C:\SYS\WINDOWS\system32\stisvc.exe
C:\Program Files\NavNT\Symantec antivirus\Rtvscan.exe
c:\sys\psa\pv3ag6.exe
C:\Program Files\Common Files\VERITAS Shared\ChangeLog\VChangeLogSvcu.exe
C:\SYS\WINDOWS\System32\WBEM\WinMgmt.exe
C:\SYS\WINDOWS\system32\mspmspsv.exe
C:\SYS\WINDOWS\system32\shnlog.exe
C:\SYS\WINDOWS\system32\intmon.exe
C:\SYS\WINDOWS\popuper.exe
C:\SYS\WINDOWS\system32\msole32.exe
C:\SYS\WINDOWS\AGRSMMSG.exe
C:\SYS\WINDOWS\system32\igfxtray.exe
C:\SYS\WINDOWS\system32\hkcmd.exe
C:\SYS\WINDOWS\system32\tp4serv.exe
C:\Program Files\AVENCIS\SSOX\watcher.exe
C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE
C:\SYS\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\NavNT\SYMANT~1\VPTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Sys\Pcom\tpam.exe
C:\SYS\WINDOWS\system32\qttask.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\AntivirusGold\AntivirusGold.exe
C:\SYS\WINDOWS\system32\ctfmon.exe
C:\Program Files\AntivirusGold\AntivirusGold.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\OLYMPUS\CAMEDIA Master 4.1\CM_camera.exe
C:\Program Files\NetbackupPC\NBPClientush.exe
C:\user\U007113\Images\FotoStation Easy AutoLaunch.exe
C:\SYS\WINDOWS\system32\intmonp.exe
C:\SYS\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\u007113\Desktop\pc infect\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.oneclicksearches.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.oneclicksearches.com/bar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.oneclicksearches.com/search.php?qq=%1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.free.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.oneclicksearches.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.oneclicksearches.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.oneclicksearches.com/search.php?qq=%1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.oneclicksearches.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par PSA Peugeot - Citroën
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http.internetpsa.inetpsa.com:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;*.inetpsa.;<local>
F2 - REG:system.ini: UserInit=c:\sys\psa\prof.exe /userinit
O2 - BHO: VMHomepage Class - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA} - C:\SYS\WINDOWS\system32\hp8176.tmp
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\SYS\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (file missing)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [IgfxTray] C:\SYS\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\SYS\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [PSAPI_Prof] c:\sys\psa\prof.exe
O4 - HKLM\..\Run: [PV3MonitorV2] c:\sys\psa\PV3AgCG.exe
O4 - HKLM\..\Run: [_SSOX] "C:\Program Files\AVENCIS\SSOX\watcher.exe"
O4 - HKLM\..\Run: [Pshare] wscript.exe "c:\sys\psa\Pshare.vbs"
O4 - HKLM\..\Run: [ZInfoPeriph] c:\sys\psa\PV3Wait2InfoPeriph.exe
O4 - HKLM\..\Run: [parampdm] C:\SYS\psa\NetMeetingBUR\parampdm1nt5.exe /Q/S
O4 - HKLM\..\Run: [Camera Detector] C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE -autorun
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\NavNT\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Tpam.exe] "C:\Sys\Pcom\tpam.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\SYS\WINDOWS\system32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [projselector] "C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe" -r
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [RegSvr32] C:\SYS\WINDOWS\system32\msmsgs.exe
O4 - HKLM\..\Run: [AntivirusGold] C:\Program Files\AntivirusGold\AntivirusGold.exe /h
O4 - HKLM\..\RunOnce: [AAW] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Aware.exe" "+b1"
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Intel system tool] C:\SYS\WINDOWS\system32\hookdump.exe
O4 - Global Startup: CAMEDIA Master.lnk = OLYMPUS\CAMEDIA Master 4.1\CM_camera.exe
O4 - Global Startup: Client NetBackup Professional.lnk = NetbackupPC\NBPClientush.exe
O4 - Global Startup: FotoStation Easy AutoLaunch.lnk = C:\user\U007113\Images\FotoStation Easy AutoLaunch.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MsOffice\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\SYS\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\SYS\WINDOWS\System32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MsOffice\OFFICE11\REFIEBAR.DLL
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/
O15 - Trusted Zone: http://pyaieb.inetpsa.com
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - https://portail.inetpsa.com/http://MAILZ7.DOMINO.inetpsa.com/iNotes.cab
O16 - DPF: {9b935470-ad4a-11d5-b63e-00c04faedb18} (Oracle JInitiator 1.1.8.16) -
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = inetpsa.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = inetpsa.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = inetpsa.com
O20 - Winlogon Notify: atmgrtok - atmgrtok.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\SYS\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\SYS\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: pcsinst - C:\SYS\WINDOWS\SYSTEM32\pcsinst.dll
O23 - Service: AppnNode - IBM Corporation - C:\SYS\WINDOWS\system32\Drivers\appnnode.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\NavNT\Symantec antivirus\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\SYS\WINDOWS\System32\dmadmin.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\SYS\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: IBM Enterprise Extender (ldlcserv) - IBM Corporation - C:\SYS\WINDOWS\system32\Drivers\ldlcserv.exe
O23 - Service: Service du client VERITAS NetBackup Professional (NBPClientSvc) - VERITAS Software Corporation - C:\Program Files\NetbackupPC\System\NBPClientSvcush.exe
O23 - Service: PsaSce1 - PSA Peugeot Citroën - C:\SYS\PSA\PsaSce1.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\NavNT\Symantec antivirus\SavRoam.exe
O23 - Service: Inforeseau CISCO (Situation) - Unknown owner - C:\SYS\WINDOWS\Situation.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\NavNT\Symantec antivirus\Rtvscan.exe
O23 - Service: Utilitaire de trace IBM (TrcBoot) - Unknown owner - C:\SYS\WINDOWS\system32\Drivers\trcboot.exe (file missing)
O23 - Service: VERITAS NetBackup Professional Persistent Change Journal Service (VChangeLogSvc) - VERITAS Software Corporation - C:\Program Files\Common Files\VERITAS Shared\ChangeLog\VChangeLogSvcu.exe
Scan saved at 15:03:31, on 25/06/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\SYS\WINDOWS\System32\smss.exe
C:\SYS\WINDOWS\system32\csrss.exe
C:\SYS\WINDOWS\system32\winlogon.exe
C:\SYS\WINDOWS\system32\services.exe
C:\SYS\WINDOWS\system32\lsass.exe
C:\SYS\WINDOWS\system32\ibmpmsvc.exe
C:\SYS\WINDOWS\system32\svchost.exe
C:\SYS\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\SYS\WINDOWS\system32\spoolsv.exe
C:\Program Files\NavNT\Symantec antivirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NetbackupPC\System\NBPClientSvcush.exe
C:\SYS\PSA\PsaSce1.exe
C:\SYS\WINDOWS\system32\regsvc.exe
C:\SYS\WINDOWS\system32\MSTask.exe
c:\sys\psa\pv3agcg.exe
C:\SYS\WINDOWS\system32\stisvc.exe
C:\Program Files\NavNT\Symantec antivirus\Rtvscan.exe
c:\sys\psa\pv3ag6.exe
C:\Program Files\Common Files\VERITAS Shared\ChangeLog\VChangeLogSvcu.exe
C:\SYS\WINDOWS\System32\WBEM\WinMgmt.exe
C:\SYS\WINDOWS\system32\mspmspsv.exe
C:\SYS\WINDOWS\system32\shnlog.exe
C:\SYS\WINDOWS\system32\intmon.exe
C:\SYS\WINDOWS\popuper.exe
C:\SYS\WINDOWS\system32\msole32.exe
C:\SYS\WINDOWS\AGRSMMSG.exe
C:\SYS\WINDOWS\system32\igfxtray.exe
C:\SYS\WINDOWS\system32\hkcmd.exe
C:\SYS\WINDOWS\system32\tp4serv.exe
C:\Program Files\AVENCIS\SSOX\watcher.exe
C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE
C:\SYS\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\NavNT\SYMANT~1\VPTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Sys\Pcom\tpam.exe
C:\SYS\WINDOWS\system32\qttask.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\AntivirusGold\AntivirusGold.exe
C:\SYS\WINDOWS\system32\ctfmon.exe
C:\Program Files\AntivirusGold\AntivirusGold.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\OLYMPUS\CAMEDIA Master 4.1\CM_camera.exe
C:\Program Files\NetbackupPC\NBPClientush.exe
C:\user\U007113\Images\FotoStation Easy AutoLaunch.exe
C:\SYS\WINDOWS\system32\intmonp.exe
C:\SYS\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\u007113\Desktop\pc infect\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.oneclicksearches.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.oneclicksearches.com/bar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.oneclicksearches.com/search.php?qq=%1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.free.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.oneclicksearches.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.oneclicksearches.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.oneclicksearches.com/search.php?qq=%1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.oneclicksearches.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par PSA Peugeot - Citroën
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http.internetpsa.inetpsa.com:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;*.inetpsa.;<local>
F2 - REG:system.ini: UserInit=c:\sys\psa\prof.exe /userinit
O2 - BHO: VMHomepage Class - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA} - C:\SYS\WINDOWS\system32\hp8176.tmp
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\SYS\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (file missing)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [IgfxTray] C:\SYS\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\SYS\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [PSAPI_Prof] c:\sys\psa\prof.exe
O4 - HKLM\..\Run: [PV3MonitorV2] c:\sys\psa\PV3AgCG.exe
O4 - HKLM\..\Run: [_SSOX] "C:\Program Files\AVENCIS\SSOX\watcher.exe"
O4 - HKLM\..\Run: [Pshare] wscript.exe "c:\sys\psa\Pshare.vbs"
O4 - HKLM\..\Run: [ZInfoPeriph] c:\sys\psa\PV3Wait2InfoPeriph.exe
O4 - HKLM\..\Run: [parampdm] C:\SYS\psa\NetMeetingBUR\parampdm1nt5.exe /Q/S
O4 - HKLM\..\Run: [Camera Detector] C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE -autorun
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\NavNT\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Tpam.exe] "C:\Sys\Pcom\tpam.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\SYS\WINDOWS\system32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [projselector] "C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe" -r
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [RegSvr32] C:\SYS\WINDOWS\system32\msmsgs.exe
O4 - HKLM\..\Run: [AntivirusGold] C:\Program Files\AntivirusGold\AntivirusGold.exe /h
O4 - HKLM\..\RunOnce: [AAW] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Aware.exe" "+b1"
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Intel system tool] C:\SYS\WINDOWS\system32\hookdump.exe
O4 - Global Startup: CAMEDIA Master.lnk = OLYMPUS\CAMEDIA Master 4.1\CM_camera.exe
O4 - Global Startup: Client NetBackup Professional.lnk = NetbackupPC\NBPClientush.exe
O4 - Global Startup: FotoStation Easy AutoLaunch.lnk = C:\user\U007113\Images\FotoStation Easy AutoLaunch.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MsOffice\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\SYS\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\SYS\WINDOWS\System32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MsOffice\OFFICE11\REFIEBAR.DLL
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/
O15 - Trusted Zone: http://pyaieb.inetpsa.com
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - https://portail.inetpsa.com/http://MAILZ7.DOMINO.inetpsa.com/iNotes.cab
O16 - DPF: {9b935470-ad4a-11d5-b63e-00c04faedb18} (Oracle JInitiator 1.1.8.16) -
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = inetpsa.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = inetpsa.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = inetpsa.com
O20 - Winlogon Notify: atmgrtok - atmgrtok.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\SYS\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\SYS\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: pcsinst - C:\SYS\WINDOWS\SYSTEM32\pcsinst.dll
O23 - Service: AppnNode - IBM Corporation - C:\SYS\WINDOWS\system32\Drivers\appnnode.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\NavNT\Symantec antivirus\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\SYS\WINDOWS\System32\dmadmin.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\SYS\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: IBM Enterprise Extender (ldlcserv) - IBM Corporation - C:\SYS\WINDOWS\system32\Drivers\ldlcserv.exe
O23 - Service: Service du client VERITAS NetBackup Professional (NBPClientSvc) - VERITAS Software Corporation - C:\Program Files\NetbackupPC\System\NBPClientSvcush.exe
O23 - Service: PsaSce1 - PSA Peugeot Citroën - C:\SYS\PSA\PsaSce1.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\NavNT\Symantec antivirus\SavRoam.exe
O23 - Service: Inforeseau CISCO (Situation) - Unknown owner - C:\SYS\WINDOWS\Situation.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\NavNT\Symantec antivirus\Rtvscan.exe
O23 - Service: Utilitaire de trace IBM (TrcBoot) - Unknown owner - C:\SYS\WINDOWS\system32\Drivers\trcboot.exe (file missing)
O23 - Service: VERITAS NetBackup Professional Persistent Change Journal Service (VChangeLogSvc) - VERITAS Software Corporation - C:\Program Files\Common Files\VERITAS Shared\ChangeLog\VChangeLogSvcu.exe
A voir également:
- Balltrap i need your help
- I showkeyplus - Télécharger - Utilitaires
- I deux point - Forum Windows
- The requested url was rejected. please consult with your administrator. ✓ - Forum Réseaux sociaux
- I love pdf avis ✓ - Forum PDF
- I tun - Télécharger - Lecture & Playlists
86 réponses
re tu est sur un systeme de resau
c est quoi cela
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par PSA Peugeot - Citroën
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http.internetpsa.inetpsa.com:80
c est quoi cela
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par PSA Peugeot - Citroën
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http.internetpsa.inetpsa.com:80
je ne sais pas ce que c est mais oui je bosse chez psa et ce pc est en réseau de tps en tps pour des montées de version.
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
J AI suivi le chemin que nico m'a indiqué mais en vain,je ne suis pas parvenu à desactiver la resto syst pour continuer à suivre ses conseils
avec plaisir
je viens de passer dix minutes a essayer de telecharger wininet.dll propre...en vain
j ai vraiment besoin de tes compétences
merci pour le tps que tu consacres
je viens de passer dix minutes a essayer de telecharger wininet.dll propre...en vain
j ai vraiment besoin de tes compétences
merci pour le tps que tu consacres
salut
imprime ceci pour ne rien oublier et tous faire
tous faire dans l ordre imperativement
-------------------------
tous da bord telecharge ces programmes si tu ne les a pas et met les a jour mais ne les utilise pas encore
adaware (1)
spyboot (2)
(ici) http://www.florensac-chasse-trap.com/ section virus
et aussi ceci
CleanUp312.exe(3)
voir demo
http://pageperso.aol.fr/balltrap34/democleanup.htm
a2
http://www.emsisoft.net/fr/
penser a le metre a jour avant de scanner le pc
et aussi ceux ci
telecharge le desinstallateur pour newnet ici: a utiliser de suite
http://www.new.net/support/uninstall6_76.exe
double clic sur uninstall6_76.exe
http://pageperso.aol.fr/balltrap34/smitfraud2.zip
tu le decompresse et a utiliser plus tard
----------------
desactive ta restauration systeme
pour ça tu fais clic droit sur poste de travail
propriété tu clique sur onglet restauration système
tu coche la case désactiver la restauration et applique
------------
demarre en mode sans echec
mode sans echec pour cela tu tapote la touche f8
des le debut de l allumage du pc sans t arreter
une fenetre vas souvrir tute deplace avec les fleches du clavier sur demarreren mode sans echec
une fois sur le bureau il ni auras pas toutes les couleurs et autres c est normal.si f8 ne marche pas utilise la touche f5
-------------------------
assure toi de ceci
Affiche tous les fichiers et dossiers :
cliquer sur démarrer/panneau de configuration/option des dossiers/affichage
Cocher afficher les dossiers cacher
Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"
Décocher masquer les extensions dont le type est connu
Puis fais «Ok» pour valider les changements.
Et appliquer
----------------------
vide tes fichiers temps et tempory internet file sur tous les utilisateur
utilise ceci pour le faire
http://pageperso.aol.fr/Balltrap34/CleanUp312.exe
--------------------
relance hijack coche ces lignes et ensuite clik sur fix
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.oneclicksearches.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.oneclicksearches.com/bar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.oneclicksearches.com/search.php?qq=%1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.free.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.oneclicksearches.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.oneclicksearches.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.oneclicksearches.com/search.php?qq=%1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.oneclicksearches.com/
F2 - REG:system.ini: UserInit=c:\sys\psa\prof.exe /userinit
O2 - BHO: VMHomepage Class - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA} - C:\SYS\WINDOWS\system32\hp8176.tmp
O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O4 - HKLM\..\Run: [PSAPI_Prof] c:\sys\psa\prof.exe
O4 - HKLM\..\Run: [PV3MonitorV2] c:\sys\psa\PV3AgCG.exe
O4 - HKLM\..\Run: [ZInfoPeriph] c:\sys\psa\PV3Wait2InfoPeriph.exe <==sauf si tu connait
O4 - HKLM\..\Run: [parampdm] C:\SYS\psa\NetMeetingBUR\parampdm1nt5.exe /Q/S<==sauf si tu connait
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [Tpam.exe] "C:\Sys\Pcom\tpam.exe<==sauf si tu connait
O4 - HKLM\..\Run: [RegSvr32] O4 - HKLM\..\Run: [RegSvr32] C:\SYS\WINDOWS\system32\msmsgs.exe
O4 - HKLM\..\Run: [AntivirusGold] C:\Program Files\AntivirusGold\AntivirusGold.exe /h
O4 - HKCU\..\Run: [Intel system tool] C:\SYS\WINDOWS\system32\hookdump.exe
O15 - Trusted Zone: http://pyaieb.inetpsa.com
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - https://portail.inetpsa.com/http://MAILZ7.DOMINO.inetpsa.com/iNotes.cab
O16 - DPF: {9b935470-ad4a-11d5-b63e-00c04faedb18} (Oracle JInitiator 1.1.8.16) -
O20 - Winlogon Notify: atmgrtok - atmgrtok.dll (file missing)
----------------------
recherche et suppr ceci
attention seulement les fichiers
C:\SYS\WINDOWS\system32\hp8176.tmp
c:\sys\psa\prof.exe
C:\Program Files\MyWay<==le dossier
c:\sys\psa\PV3AgCG.exe
c:\sys\psa\PV3Wait2InfoPeriph.exe <==sauf si tu connait
C:\SYS\psa\NetMeetingBUR\parampdm1nt5.exe /Q/S<==sauf si tu connait
C:\PROGRA~1\NEWDOT~1<==le dossier
C:\Sys\Pcom\tpam.exe<==sauf si tu connait
C:\SYS\WINDOWS\system32\msmsgs.exe
C:\Program Files\AntivirusGold\AntivirusGold.exe
C:\SYS\WINDOWS\system32\hookdump.exe
---------------
utilise le dernier prog que je t ai fait telecharger
double clik dessus et confirme
-------------
passe adaware et vire tous se qu il trouve
----------
passe spy boot et vire tous se qu il trouvent
-------------
tu vide ta poubelle et tu redemarre en mode normal et refait un hijack
et precise ou en sont tes soucis
--
imprime ceci pour ne rien oublier et tous faire
tous faire dans l ordre imperativement
-------------------------
tous da bord telecharge ces programmes si tu ne les a pas et met les a jour mais ne les utilise pas encore
adaware (1)
spyboot (2)
(ici) http://www.florensac-chasse-trap.com/ section virus
et aussi ceci
CleanUp312.exe(3)
voir demo
http://pageperso.aol.fr/balltrap34/democleanup.htm
a2
http://www.emsisoft.net/fr/
penser a le metre a jour avant de scanner le pc
et aussi ceux ci
telecharge le desinstallateur pour newnet ici: a utiliser de suite
http://www.new.net/support/uninstall6_76.exe
double clic sur uninstall6_76.exe
http://pageperso.aol.fr/balltrap34/smitfraud2.zip
tu le decompresse et a utiliser plus tard
----------------
desactive ta restauration systeme
pour ça tu fais clic droit sur poste de travail
propriété tu clique sur onglet restauration système
tu coche la case désactiver la restauration et applique
------------
demarre en mode sans echec
mode sans echec pour cela tu tapote la touche f8
des le debut de l allumage du pc sans t arreter
une fenetre vas souvrir tute deplace avec les fleches du clavier sur demarreren mode sans echec
une fois sur le bureau il ni auras pas toutes les couleurs et autres c est normal.si f8 ne marche pas utilise la touche f5
-------------------------
assure toi de ceci
Affiche tous les fichiers et dossiers :
cliquer sur démarrer/panneau de configuration/option des dossiers/affichage
Cocher afficher les dossiers cacher
Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"
Décocher masquer les extensions dont le type est connu
Puis fais «Ok» pour valider les changements.
Et appliquer
----------------------
vide tes fichiers temps et tempory internet file sur tous les utilisateur
utilise ceci pour le faire
http://pageperso.aol.fr/Balltrap34/CleanUp312.exe
--------------------
relance hijack coche ces lignes et ensuite clik sur fix
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.oneclicksearches.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.oneclicksearches.com/bar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.oneclicksearches.com/search.php?qq=%1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.free.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.oneclicksearches.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.oneclicksearches.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.oneclicksearches.com/search.php?qq=%1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.oneclicksearches.com/
F2 - REG:system.ini: UserInit=c:\sys\psa\prof.exe /userinit
O2 - BHO: VMHomepage Class - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA} - C:\SYS\WINDOWS\system32\hp8176.tmp
O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O4 - HKLM\..\Run: [PSAPI_Prof] c:\sys\psa\prof.exe
O4 - HKLM\..\Run: [PV3MonitorV2] c:\sys\psa\PV3AgCG.exe
O4 - HKLM\..\Run: [ZInfoPeriph] c:\sys\psa\PV3Wait2InfoPeriph.exe <==sauf si tu connait
O4 - HKLM\..\Run: [parampdm] C:\SYS\psa\NetMeetingBUR\parampdm1nt5.exe /Q/S<==sauf si tu connait
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [Tpam.exe] "C:\Sys\Pcom\tpam.exe<==sauf si tu connait
O4 - HKLM\..\Run: [RegSvr32] O4 - HKLM\..\Run: [RegSvr32] C:\SYS\WINDOWS\system32\msmsgs.exe
O4 - HKLM\..\Run: [AntivirusGold] C:\Program Files\AntivirusGold\AntivirusGold.exe /h
O4 - HKCU\..\Run: [Intel system tool] C:\SYS\WINDOWS\system32\hookdump.exe
O15 - Trusted Zone: http://pyaieb.inetpsa.com
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - https://portail.inetpsa.com/http://MAILZ7.DOMINO.inetpsa.com/iNotes.cab
O16 - DPF: {9b935470-ad4a-11d5-b63e-00c04faedb18} (Oracle JInitiator 1.1.8.16) -
O20 - Winlogon Notify: atmgrtok - atmgrtok.dll (file missing)
----------------------
recherche et suppr ceci
attention seulement les fichiers
C:\SYS\WINDOWS\system32\hp8176.tmp
c:\sys\psa\prof.exe
C:\Program Files\MyWay<==le dossier
c:\sys\psa\PV3AgCG.exe
c:\sys\psa\PV3Wait2InfoPeriph.exe <==sauf si tu connait
C:\SYS\psa\NetMeetingBUR\parampdm1nt5.exe /Q/S<==sauf si tu connait
C:\PROGRA~1\NEWDOT~1<==le dossier
C:\Sys\Pcom\tpam.exe<==sauf si tu connait
C:\SYS\WINDOWS\system32\msmsgs.exe
C:\Program Files\AntivirusGold\AntivirusGold.exe
C:\SYS\WINDOWS\system32\hookdump.exe
---------------
utilise le dernier prog que je t ai fait telecharger
double clik dessus et confirme
-------------
passe adaware et vire tous se qu il trouve
----------
passe spy boot et vire tous se qu il trouvent
-------------
tu vide ta poubelle et tu redemarre en mode normal et refait un hijack
et precise ou en sont tes soucis
--
me revoila sur le post d' origine,j'ai suivi ds la mesure du possible ta procedure mais:
j'avais deja fait tourné adaware et spybot .
JE ne me suis pas mis en mode sans echec
j ai supprimé toutes les lignes que tu m'as recommendé sauf celles qui concernent psa.
je n'ai pas pu ,faute de mail et d'inscription,faire tourner a2 comme tu me le demens
dais.
Voila balltrap, ce que j'ai fait.
Voici mon dernier log:
Logfile of HijackThis v1.99.1
Scan saved at 22:16:30, on 25/06/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\SYS\WINDOWS\System32\smss.exe
C:\SYS\WINDOWS\system32\winlogon.exe
C:\SYS\WINDOWS\system32\services.exe
C:\SYS\WINDOWS\system32\lsass.exe
C:\SYS\WINDOWS\system32\ibmpmsvc.exe
C:\SYS\WINDOWS\system32\svchost.exe
C:\SYS\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\SYS\WINDOWS\system32\spoolsv.exe
C:\Program Files\NavNT\Symantec antivirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NetbackupPC\System\NBPClientSvcush.exe
C:\SYS\PSA\PsaSce1.exe
C:\SYS\WINDOWS\system32\regsvc.exe
C:\SYS\WINDOWS\system32\MSTask.exe
c:\sys\psa\pv3agcg.exe
C:\SYS\WINDOWS\system32\stisvc.exe
C:\Program Files\NavNT\Symantec antivirus\Rtvscan.exe
c:\sys\psa\pv3ag6.exe
C:\Program Files\Common Files\VERITAS Shared\ChangeLog\VChangeLogSvcu.exe
C:\SYS\WINDOWS\System32\WBEM\WinMgmt.exe
C:\SYS\WINDOWS\system32\mspmspsv.exe
C:\SYS\WINDOWS\Explorer.EXE
C:\SYS\WINDOWS\system32\shnlog.exe
C:\SYS\WINDOWS\system32\intmon.exe
C:\SYS\WINDOWS\AGRSMMSG.exe
C:\SYS\WINDOWS\system32\igfxtray.exe
C:\SYS\WINDOWS\system32\hkcmd.exe
C:\SYS\WINDOWS\system32\tp4serv.exe
C:\Program Files\AVENCIS\SSOX\watcher.exe
C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\NavNT\SYMANT~1\VPTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\SYS\WINDOWS\system32\qttask.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\SYS\WINDOWS\system32\rundll32.exe
C:\SYS\WINDOWS\system32\ctfmon.exe
C:\Program Files\OLYMPUS\CAMEDIA Master 4.1\CM_camera.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\NetbackupPC\NBPClientush.exe
C:\user\U007113\Images\FotoStation Easy AutoLaunch.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\u007113\Desktop\pc infect\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.oneclicksearches.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.oneclicksearches.com/bar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.oneclicksearches.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.oneclicksearches.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.oneclicksearches.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.oneclicksearches.com/search.php?qq=%1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.oneclicksearches.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par PSA Peugeot - Citroën
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http.internetpsa.inetpsa.com:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;*.inetpsa.;<local>
O2 - BHO: VMHomepage Class - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA} - C:\SYS\WINDOWS\system32\hp5E19.tmp
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\SYS\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (file missing)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [IgfxTray] C:\SYS\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\SYS\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [PSAPI_Prof] c:\sys\psa\prof.exe
O4 - HKLM\..\Run: [PV3MonitorV2] c:\sys\psa\PV3AgCG.exe
O4 - HKLM\..\Run: [_SSOX] "C:\Program Files\AVENCIS\SSOX\watcher.exe"
O4 - HKLM\..\Run: [Pshare] wscript.exe "c:\sys\psa\Pshare.vbs"
O4 - HKLM\..\Run: [ZInfoPeriph] c:\sys\psa\PV3Wait2InfoPeriph.exe
O4 - HKLM\..\Run: [parampdm] C:\SYS\psa\NetMeetingBUR\parampdm1nt5.exe /Q/S
O4 - HKLM\..\Run: [Camera Detector] C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE -autorun
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\NavNT\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\SYS\WINDOWS\system32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [projselector] "C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe" -r
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Global Startup: CAMEDIA Master.lnk = OLYMPUS\CAMEDIA Master 4.1\CM_camera.exe
O4 - Global Startup: Client NetBackup Professional.lnk = NetbackupPC\NBPClientush.exe
O4 - Global Startup: FotoStation Easy AutoLaunch.lnk = C:\user\U007113\Images\FotoStation Easy AutoLaunch.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MsOffice\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\SYS\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\SYS\WINDOWS\System32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MsOffice\OFFICE11\REFIEBAR.DLL
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - https://portail.inetpsa.com/http://MAILZ7.DOMINO.inetpsa.com/iNotes.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yinst_current.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = inetpsa.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = inetpsa.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = inetpsa.com
O20 - Winlogon Notify: igfxcui - C:\SYS\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\SYS\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: pcsinst - C:\SYS\WINDOWS\SYSTEM32\pcsinst.dll
O23 - Service: AppnNode - IBM Corporation - C:\SYS\WINDOWS\system32\Drivers\appnnode.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\NavNT\Symantec antivirus\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\SYS\WINDOWS\System32\dmadmin.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\SYS\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: IBM Enterprise Extender (ldlcserv) - IBM Corporation - C:\SYS\WINDOWS\system32\Drivers\ldlcserv.exe
O23 - Service: Service du client VERITAS NetBackup Professional (NBPClientSvc) - VERITAS Software Corporation - C:\Program Files\NetbackupPC\System\NBPClientSvcush.exe
O23 - Service: PsaSce1 - PSA Peugeot Citroën - C:\SYS\PSA\PsaSce1.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\NavNT\Symantec antivirus\SavRoam.exe
O23 - Service: Inforeseau CISCO (Situation) - Unknown owner - C:\SYS\WINDOWS\Situation.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\NavNT\Symantec antivirus\Rtvscan.exe
O23 - Service: Utilitaire de trace IBM (TrcBoot) - Unknown owner - C:\SYS\WINDOWS\system32\Drivers\trcboot.exe (file missing)
O23 - Service: VERITAS NetBackup Professional Persistent Change Journal Service (VChangeLogSvc) - VERITAS Software Corporation - C:\Program Files\Common Files\VERITAS Shared\ChangeLog\VChangeLogSvcu.exe
merci encore pour ton aide!
j'avais deja fait tourné adaware et spybot .
JE ne me suis pas mis en mode sans echec
j ai supprimé toutes les lignes que tu m'as recommendé sauf celles qui concernent psa.
je n'ai pas pu ,faute de mail et d'inscription,faire tourner a2 comme tu me le demens
dais.
Voila balltrap, ce que j'ai fait.
Voici mon dernier log:
Logfile of HijackThis v1.99.1
Scan saved at 22:16:30, on 25/06/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\SYS\WINDOWS\System32\smss.exe
C:\SYS\WINDOWS\system32\winlogon.exe
C:\SYS\WINDOWS\system32\services.exe
C:\SYS\WINDOWS\system32\lsass.exe
C:\SYS\WINDOWS\system32\ibmpmsvc.exe
C:\SYS\WINDOWS\system32\svchost.exe
C:\SYS\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\SYS\WINDOWS\system32\spoolsv.exe
C:\Program Files\NavNT\Symantec antivirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NetbackupPC\System\NBPClientSvcush.exe
C:\SYS\PSA\PsaSce1.exe
C:\SYS\WINDOWS\system32\regsvc.exe
C:\SYS\WINDOWS\system32\MSTask.exe
c:\sys\psa\pv3agcg.exe
C:\SYS\WINDOWS\system32\stisvc.exe
C:\Program Files\NavNT\Symantec antivirus\Rtvscan.exe
c:\sys\psa\pv3ag6.exe
C:\Program Files\Common Files\VERITAS Shared\ChangeLog\VChangeLogSvcu.exe
C:\SYS\WINDOWS\System32\WBEM\WinMgmt.exe
C:\SYS\WINDOWS\system32\mspmspsv.exe
C:\SYS\WINDOWS\Explorer.EXE
C:\SYS\WINDOWS\system32\shnlog.exe
C:\SYS\WINDOWS\system32\intmon.exe
C:\SYS\WINDOWS\AGRSMMSG.exe
C:\SYS\WINDOWS\system32\igfxtray.exe
C:\SYS\WINDOWS\system32\hkcmd.exe
C:\SYS\WINDOWS\system32\tp4serv.exe
C:\Program Files\AVENCIS\SSOX\watcher.exe
C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\NavNT\SYMANT~1\VPTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\SYS\WINDOWS\system32\qttask.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\SYS\WINDOWS\system32\rundll32.exe
C:\SYS\WINDOWS\system32\ctfmon.exe
C:\Program Files\OLYMPUS\CAMEDIA Master 4.1\CM_camera.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\NetbackupPC\NBPClientush.exe
C:\user\U007113\Images\FotoStation Easy AutoLaunch.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\u007113\Desktop\pc infect\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.oneclicksearches.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.oneclicksearches.com/bar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.oneclicksearches.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.oneclicksearches.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.oneclicksearches.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.oneclicksearches.com/search.php?qq=%1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.oneclicksearches.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par PSA Peugeot - Citroën
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http.internetpsa.inetpsa.com:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;*.inetpsa.;<local>
O2 - BHO: VMHomepage Class - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA} - C:\SYS\WINDOWS\system32\hp5E19.tmp
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\SYS\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (file missing)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [IgfxTray] C:\SYS\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\SYS\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [PSAPI_Prof] c:\sys\psa\prof.exe
O4 - HKLM\..\Run: [PV3MonitorV2] c:\sys\psa\PV3AgCG.exe
O4 - HKLM\..\Run: [_SSOX] "C:\Program Files\AVENCIS\SSOX\watcher.exe"
O4 - HKLM\..\Run: [Pshare] wscript.exe "c:\sys\psa\Pshare.vbs"
O4 - HKLM\..\Run: [ZInfoPeriph] c:\sys\psa\PV3Wait2InfoPeriph.exe
O4 - HKLM\..\Run: [parampdm] C:\SYS\psa\NetMeetingBUR\parampdm1nt5.exe /Q/S
O4 - HKLM\..\Run: [Camera Detector] C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE -autorun
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\NavNT\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\SYS\WINDOWS\system32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [projselector] "C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe" -r
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Global Startup: CAMEDIA Master.lnk = OLYMPUS\CAMEDIA Master 4.1\CM_camera.exe
O4 - Global Startup: Client NetBackup Professional.lnk = NetbackupPC\NBPClientush.exe
O4 - Global Startup: FotoStation Easy AutoLaunch.lnk = C:\user\U007113\Images\FotoStation Easy AutoLaunch.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MsOffice\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\SYS\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\SYS\WINDOWS\System32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MsOffice\OFFICE11\REFIEBAR.DLL
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - https://portail.inetpsa.com/http://MAILZ7.DOMINO.inetpsa.com/iNotes.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yinst_current.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = inetpsa.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = inetpsa.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = inetpsa.com
O20 - Winlogon Notify: igfxcui - C:\SYS\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\SYS\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: pcsinst - C:\SYS\WINDOWS\SYSTEM32\pcsinst.dll
O23 - Service: AppnNode - IBM Corporation - C:\SYS\WINDOWS\system32\Drivers\appnnode.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\NavNT\Symantec antivirus\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\SYS\WINDOWS\System32\dmadmin.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\SYS\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: IBM Enterprise Extender (ldlcserv) - IBM Corporation - C:\SYS\WINDOWS\system32\Drivers\ldlcserv.exe
O23 - Service: Service du client VERITAS NetBackup Professional (NBPClientSvc) - VERITAS Software Corporation - C:\Program Files\NetbackupPC\System\NBPClientSvcush.exe
O23 - Service: PsaSce1 - PSA Peugeot Citroën - C:\SYS\PSA\PsaSce1.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\NavNT\Symantec antivirus\SavRoam.exe
O23 - Service: Inforeseau CISCO (Situation) - Unknown owner - C:\SYS\WINDOWS\Situation.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\NavNT\Symantec antivirus\Rtvscan.exe
O23 - Service: Utilitaire de trace IBM (TrcBoot) - Unknown owner - C:\SYS\WINDOWS\system32\Drivers\trcboot.exe (file missing)
O23 - Service: VERITAS NetBackup Professional Persistent Change Journal Service (VChangeLogSvc) - VERITAS Software Corporation - C:\Program Files\Common Files\VERITAS Shared\ChangeLog\VChangeLogSvcu.exe
merci encore pour ton aide!
impossible de faire tourner unistall 6 76 exe
erreur ds IE qui me dit que la station de travail est en train de s'arreter.
VOICI QD MEME apres redemarrage
Logfile of HijackThis v1.99.1
Scan saved at 22:38:29, on 25/06/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\SYS\WINDOWS\System32\smss.exe
C:\SYS\WINDOWS\system32\winlogon.exe
C:\SYS\WINDOWS\system32\services.exe
C:\SYS\WINDOWS\system32\lsass.exe
C:\SYS\WINDOWS\system32\ibmpmsvc.exe
C:\SYS\WINDOWS\system32\svchost.exe
C:\SYS\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\SYS\WINDOWS\system32\spoolsv.exe
C:\Program Files\NavNT\Symantec antivirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NetbackupPC\System\NBPClientSvcush.exe
C:\SYS\PSA\PsaSce1.exe
C:\SYS\WINDOWS\system32\regsvc.exe
C:\SYS\WINDOWS\system32\MSTask.exe
c:\sys\psa\pv3agcg.exe
C:\SYS\WINDOWS\system32\stisvc.exe
C:\Program Files\NavNT\Symantec antivirus\Rtvscan.exe
c:\sys\psa\pv3ag6.exe
C:\Program Files\Common Files\VERITAS Shared\ChangeLog\VChangeLogSvcu.exe
C:\SYS\WINDOWS\Explorer.EXE
C:\SYS\WINDOWS\System32\WBEM\WinMgmt.exe
C:\SYS\WINDOWS\system32\mspmspsv.exe
C:\SYS\WINDOWS\system32\shnlog.exe
C:\SYS\WINDOWS\system32\intmon.exe
C:\SYS\WINDOWS\AGRSMMSG.exe
C:\SYS\WINDOWS\system32\igfxtray.exe
C:\SYS\WINDOWS\system32\hkcmd.exe
C:\SYS\WINDOWS\system32\tp4serv.exe
C:\Program Files\AVENCIS\SSOX\watcher.exe
C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\NavNT\SYMANT~1\VPTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\SYS\WINDOWS\system32\qttask.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\SYS\WINDOWS\system32\ctfmon.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\OLYMPUS\CAMEDIA Master 4.1\CM_camera.exe
C:\Program Files\NetbackupPC\NBPClientush.exe
C:\user\U007113\Images\FotoStation Easy AutoLaunch.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\SYS\WINDOWS\Situation.exe
C:\Documents and Settings\u007113\Desktop\pc infect\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.oneclicksearches.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.oneclicksearches.com/bar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.oneclicksearches.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.oneclicksearches.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.oneclicksearches.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.oneclicksearches.com/search.php?qq=%1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.oneclicksearches.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par PSA Peugeot - Citroën
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http.internetpsa.inetpsa.com:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;*.inetpsa.;<local>
O2 - BHO: VMHomepage Class - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA} - C:\SYS\WINDOWS\system32\hpE556.tmp
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\SYS\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (file missing)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [IgfxTray] C:\SYS\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\SYS\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [PSAPI_Prof] c:\sys\psa\prof.exe
O4 - HKLM\..\Run: [PV3MonitorV2] c:\sys\psa\PV3AgCG.exe
O4 - HKLM\..\Run: [_SSOX] "C:\Program Files\AVENCIS\SSOX\watcher.exe"
O4 - HKLM\..\Run: [Pshare] wscript.exe "c:\sys\psa\Pshare.vbs"
O4 - HKLM\..\Run: [ZInfoPeriph] c:\sys\psa\PV3Wait2InfoPeriph.exe
O4 - HKLM\..\Run: [parampdm] C:\SYS\psa\NetMeetingBUR\parampdm1nt5.exe /Q/S
O4 - HKLM\..\Run: [Camera Detector] C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE -autorun
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\NavNT\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\SYS\WINDOWS\system32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [projselector] "C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe" -r
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Global Startup: CAMEDIA Master.lnk = OLYMPUS\CAMEDIA Master 4.1\CM_camera.exe
O4 - Global Startup: Client NetBackup Professional.lnk = NetbackupPC\NBPClientush.exe
O4 - Global Startup: FotoStation Easy AutoLaunch.lnk = C:\user\U007113\Images\FotoStation Easy AutoLaunch.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MsOffice\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\SYS\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\SYS\WINDOWS\System32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MsOffice\OFFICE11\REFIEBAR.DLL
O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - https://portail.inetpsa.com/http://MAILZ7.DOMINO.inetpsa.com/iNotes.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yinst_current.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = inetpsa.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = inetpsa.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = inetpsa.com
O20 - Winlogon Notify: igfxcui - C:\SYS\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\SYS\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: pcsinst - C:\SYS\WINDOWS\SYSTEM32\pcsinst.dll
O23 - Service: AppnNode - IBM Corporation - C:\SYS\WINDOWS\system32\Drivers\appnnode.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\NavNT\Symantec antivirus\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\SYS\WINDOWS\System32\dmadmin.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\SYS\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: IBM Enterprise Extender (ldlcserv) - IBM Corporation - C:\SYS\WINDOWS\system32\Drivers\ldlcserv.exe
O23 - Service: Service du client VERITAS NetBackup Professional (NBPClientSvc) - VERITAS Software Corporation - C:\Program Files\NetbackupPC\System\NBPClientSvcush.exe
O23 - Service: PsaSce1 - PSA Peugeot Citroën - C:\SYS\PSA\PsaSce1.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\NavNT\Symantec antivirus\SavRoam.exe
O23 - Service: Inforeseau CISCO (Situation) - Unknown owner - C:\SYS\WINDOWS\Situation.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\NavNT\Symantec antivirus\Rtvscan.exe
O23 - Service: Utilitaire de trace IBM (TrcBoot) - Unknown owner - C:\SYS\WINDOWS\system32\Drivers\trcboot.exe (file missing)
O23 - Service: VERITAS NetBackup Professional Persistent Change Journal Service (VChangeLogSvc) - VERITAS Software Corporation - C:\Program Files\Common Files\VERITAS Shared\ChangeLog\VChangeLogSvcu.exe
erreur ds IE qui me dit que la station de travail est en train de s'arreter.
VOICI QD MEME apres redemarrage
Logfile of HijackThis v1.99.1
Scan saved at 22:38:29, on 25/06/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\SYS\WINDOWS\System32\smss.exe
C:\SYS\WINDOWS\system32\winlogon.exe
C:\SYS\WINDOWS\system32\services.exe
C:\SYS\WINDOWS\system32\lsass.exe
C:\SYS\WINDOWS\system32\ibmpmsvc.exe
C:\SYS\WINDOWS\system32\svchost.exe
C:\SYS\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\SYS\WINDOWS\system32\spoolsv.exe
C:\Program Files\NavNT\Symantec antivirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NetbackupPC\System\NBPClientSvcush.exe
C:\SYS\PSA\PsaSce1.exe
C:\SYS\WINDOWS\system32\regsvc.exe
C:\SYS\WINDOWS\system32\MSTask.exe
c:\sys\psa\pv3agcg.exe
C:\SYS\WINDOWS\system32\stisvc.exe
C:\Program Files\NavNT\Symantec antivirus\Rtvscan.exe
c:\sys\psa\pv3ag6.exe
C:\Program Files\Common Files\VERITAS Shared\ChangeLog\VChangeLogSvcu.exe
C:\SYS\WINDOWS\Explorer.EXE
C:\SYS\WINDOWS\System32\WBEM\WinMgmt.exe
C:\SYS\WINDOWS\system32\mspmspsv.exe
C:\SYS\WINDOWS\system32\shnlog.exe
C:\SYS\WINDOWS\system32\intmon.exe
C:\SYS\WINDOWS\AGRSMMSG.exe
C:\SYS\WINDOWS\system32\igfxtray.exe
C:\SYS\WINDOWS\system32\hkcmd.exe
C:\SYS\WINDOWS\system32\tp4serv.exe
C:\Program Files\AVENCIS\SSOX\watcher.exe
C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\NavNT\SYMANT~1\VPTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\SYS\WINDOWS\system32\qttask.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\SYS\WINDOWS\system32\ctfmon.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\OLYMPUS\CAMEDIA Master 4.1\CM_camera.exe
C:\Program Files\NetbackupPC\NBPClientush.exe
C:\user\U007113\Images\FotoStation Easy AutoLaunch.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\SYS\WINDOWS\Situation.exe
C:\Documents and Settings\u007113\Desktop\pc infect\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.oneclicksearches.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.oneclicksearches.com/bar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.oneclicksearches.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.oneclicksearches.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.oneclicksearches.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.oneclicksearches.com/search.php?qq=%1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.oneclicksearches.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par PSA Peugeot - Citroën
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http.internetpsa.inetpsa.com:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;*.inetpsa.;<local>
O2 - BHO: VMHomepage Class - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA} - C:\SYS\WINDOWS\system32\hpE556.tmp
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\SYS\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (file missing)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [IgfxTray] C:\SYS\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\SYS\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [PSAPI_Prof] c:\sys\psa\prof.exe
O4 - HKLM\..\Run: [PV3MonitorV2] c:\sys\psa\PV3AgCG.exe
O4 - HKLM\..\Run: [_SSOX] "C:\Program Files\AVENCIS\SSOX\watcher.exe"
O4 - HKLM\..\Run: [Pshare] wscript.exe "c:\sys\psa\Pshare.vbs"
O4 - HKLM\..\Run: [ZInfoPeriph] c:\sys\psa\PV3Wait2InfoPeriph.exe
O4 - HKLM\..\Run: [parampdm] C:\SYS\psa\NetMeetingBUR\parampdm1nt5.exe /Q/S
O4 - HKLM\..\Run: [Camera Detector] C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE -autorun
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\NavNT\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\SYS\WINDOWS\system32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [projselector] "C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe" -r
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Global Startup: CAMEDIA Master.lnk = OLYMPUS\CAMEDIA Master 4.1\CM_camera.exe
O4 - Global Startup: Client NetBackup Professional.lnk = NetbackupPC\NBPClientush.exe
O4 - Global Startup: FotoStation Easy AutoLaunch.lnk = C:\user\U007113\Images\FotoStation Easy AutoLaunch.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MsOffice\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\SYS\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\SYS\WINDOWS\System32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MsOffice\OFFICE11\REFIEBAR.DLL
O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - https://portail.inetpsa.com/http://MAILZ7.DOMINO.inetpsa.com/iNotes.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yinst_current.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = inetpsa.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = inetpsa.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = inetpsa.com
O20 - Winlogon Notify: igfxcui - C:\SYS\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\SYS\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: pcsinst - C:\SYS\WINDOWS\SYSTEM32\pcsinst.dll
O23 - Service: AppnNode - IBM Corporation - C:\SYS\WINDOWS\system32\Drivers\appnnode.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\NavNT\Symantec antivirus\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\SYS\WINDOWS\System32\dmadmin.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\SYS\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: IBM Enterprise Extender (ldlcserv) - IBM Corporation - C:\SYS\WINDOWS\system32\Drivers\ldlcserv.exe
O23 - Service: Service du client VERITAS NetBackup Professional (NBPClientSvc) - VERITAS Software Corporation - C:\Program Files\NetbackupPC\System\NBPClientSvcush.exe
O23 - Service: PsaSce1 - PSA Peugeot Citroën - C:\SYS\PSA\PsaSce1.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\NavNT\Symantec antivirus\SavRoam.exe
O23 - Service: Inforeseau CISCO (Situation) - Unknown owner - C:\SYS\WINDOWS\Situation.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\NavNT\Symantec antivirus\Rtvscan.exe
O23 - Service: Utilitaire de trace IBM (TrcBoot) - Unknown owner - C:\SYS\WINDOWS\system32\Drivers\trcboot.exe (file missing)
O23 - Service: VERITAS NetBackup Professional Persistent Change Journal Service (VChangeLogSvc) - VERITAS Software Corporation - C:\Program Files\Common Files\VERITAS Shared\ChangeLog\VChangeLogSvcu.exe
