AntivirusGold 2.0
Résolu/Fermé
A voir également:
- AntivirusGold 2.0
- Framework 2.0 - Télécharger - Divers Utilitaires
- Ecran hdmi 2.0 - Guide
- Teams 2.0 - Guide
- Cool edit pro 2.0 - Télécharger - Édition & Montage
- Telecharger scratch 2.0 - Télécharger - Éducatifs
56 réponses
et de deux:
Logfile of HijackThis v1.99.1
Scan saved at 22:23:32, on 16/07/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\sysal.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\dzazdou\Mes documents\Unzipped\hijackthis_199[1]\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\xtjtd.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\xtjtd.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\xtjtd.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\xtjtd.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\xtjtd.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\xtjtd.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par Belgacom Skynet
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {17FC5AF7-0C0F-B62B-EE7D-6FB2FEABA69B} - C:\WINDOWS\system32\appsy32.dll
O2 - BHO: Class - {2005B9B5-C183-DBA7-D764-F4CD01F0DAA3} - C:\WINDOWS\sdkni32.dll
O2 - BHO: Class - {5C2283D1-61C9-9337-3709-169AA24C7206} - C:\WINDOWS\system32\syskp.dll
O2 - BHO: Class - {7299CF30-F233-3F46-2E8C-DD294195AEBE} - C:\WINDOWS\system32\wincu32.dll
O2 - BHO: Class - {73A2EFBB-38ED-18F3-2B78-49EE04A5FEAB} - C:\WINDOWS\ieif.dll
O2 - BHO: Class - {80CE4264-DE48-7277-BAA4-D6E07C2653A2} - C:\WINDOWS\system32\mfccl32.dll
O2 - BHO: Class - {9564CC48-05D0-7649-4D33-CBDCCFF9913B} - C:\WINDOWS\mfcfv32.dll
O2 - BHO: Class - {A97AC2A2-0659-AC43-72DB-D9D913C43C45} - C:\WINDOWS\system32\iege.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Class - {D3DA37FD-F982-375C-FB4D-EE7156A75905} - C:\WINDOWS\system32\atlac.dll
O2 - BHO: Class - {E8983D00-0142-A0FE-63A0-D9E1F3C04A6B} - C:\WINDOWS\sdkzt.dll
O2 - BHO: Class - {F3A0397E-E3B9-0D76-D1C6-7FA1761B11A6} - C:\WINDOWS\iphv32.dll
O2 - BHO: Class - {F4D7791F-ADA5-B851-33CA-06EB8529CE7E} - C:\WINDOWS\system32\sdkxr32.dll
O2 - BHO: Class - {FF534564-71EA-B589-BFE1-B3735E7B4CF5} - C:\WINDOWS\system32\sdkly32.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [sysal.exe] C:\WINDOWS\system32\sysal.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunOnce: [apppw.exe] C:\WINDOWS\apppw.exe
O4 - HKLM\..\RunOnce: [sdkri32.exe] C:\WINDOWS\system32\sdkri32.exe
O4 - HKLM\..\RunOnce: [mshq.exe] C:\WINDOWS\system32\mshq.exe
O4 - HKLM\..\RunOnce: [addlu32.exe] C:\WINDOWS\system32\addlu32.exe
O4 - HKLM\..\RunOnce: [sysvu.exe] C:\WINDOWS\system32\sysvu.exe
O4 - HKLM\..\RunOnce: [sysar32.exe] C:\WINDOWS\system32\sysar32.exe
O4 - HKLM\..\RunOnce: [syspg32.exe] C:\WINDOWS\syspg32.exe
O4 - HKLM\..\RunOnce: [netzx32.exe] C:\WINDOWS\system32\netzx32.exe
O4 - HKLM\..\RunOnce: [syspw32.exe] C:\WINDOWS\syspw32.exe
O4 - HKLM\..\RunOnce: [d3cb32.exe] C:\WINDOWS\system32\d3cb32.exe
O4 - HKLM\..\RunOnce: [atlgh32.exe] C:\WINDOWS\system32\atlgh32.exe
O4 - HKLM\..\RunOnce: [atlcw32.exe] C:\WINDOWS\system32\atlcw32.exe
O4 - HKLM\..\RunOnce: [sysos32.exe] C:\WINDOWS\sysos32.exe
O4 - HKLM\..\RunOnce: [javatu.exe] C:\WINDOWS\javatu.exe
O4 - HKLM\..\RunOnce: [mfcyo32.exe] C:\WINDOWS\system32\mfcyo32.exe
O4 - HKLM\..\RunOnce: [addzl32.exe] C:\WINDOWS\system32\addzl32.exe
O4 - HKLM\..\RunOnce: [cref.exe] C:\WINDOWS\system32\cref.exe
O4 - HKLM\..\RunOnce: [msyw.exe] C:\WINDOWS\msyw.exe
O4 - HKLM\..\RunOnce: [sdkci.exe] C:\WINDOWS\system32\sdkci.exe
O4 - HKLM\..\RunOnce: [atlqf32.exe] C:\WINDOWS\atlqf32.exe
O4 - HKLM\..\RunOnce: [addlj.exe] C:\WINDOWS\system32\addlj.exe
O4 - HKLM\..\RunOnce: [crky32.exe] C:\WINDOWS\system32\crky32.exe
O4 - HKLM\..\RunOnce: [ipao32.exe] C:\WINDOWS\ipao32.exe
O4 - HKLM\..\RunOnce: [ntiw.exe] C:\WINDOWS\system32\ntiw.exe
O4 - HKLM\..\RunOnce: [iedn32.exe] C:\WINDOWS\system32\iedn32.exe
O4 - HKLM\..\RunOnce: [syslv.exe] C:\WINDOWS\system32\syslv.exe
O4 - HKLM\..\RunOnce: [iemw.exe] C:\WINDOWS\system32\iemw.exe
O4 - HKLM\..\RunOnce: [atljl32.exe] C:\WINDOWS\system32\atljl32.exe
O4 - HKLM\..\RunOnce: [ipaa32.exe] C:\WINDOWS\system32\ipaa32.exe
O4 - HKLM\..\RunOnce: [apive.exe] C:\WINDOWS\system32\apive.exe
O4 - HKLM\..\RunOnce: [winuu32.exe] C:\WINDOWS\system32\winuu32.exe
O4 - HKLM\..\RunOnce: [crsj.exe] C:\WINDOWS\crsj.exe
O4 - HKLM\..\RunOnce: [ipxl32.exe] C:\WINDOWS\ipxl32.exe
O4 - HKLM\..\RunOnce: [netrr32.exe] C:\WINDOWS\netrr32.exe
O4 - HKLM\..\RunOnce: [apphg32.exe] C:\WINDOWS\system32\apphg32.exe
O4 - HKLM\..\RunOnce: [atlpw32.exe] C:\WINDOWS\system32\atlpw32.exe
O4 - HKLM\..\RunOnce: [ntqp32.exe] C:\WINDOWS\ntqp32.exe
O4 - HKLM\..\RunOnce: [winyx.exe] C:\WINDOWS\winyx.exe
O4 - HKLM\..\RunOnce: [msub.exe] C:\WINDOWS\msub.exe
O4 - HKLM\..\RunOnce: [apisz32.exe] C:\WINDOWS\apisz32.exe
O4 - HKLM\..\RunOnce: [appsy32.exe] C:\WINDOWS\system32\appsy32.exe
O4 - HKLM\..\RunOnce: [netif32.exe] C:\WINDOWS\system32\netif32.exe
O4 - HKLM\..\RunOnce: [ieeu32.exe] C:\WINDOWS\ieeu32.exe
O4 - HKLM\..\RunOnce: [netea.exe] C:\WINDOWS\system32\netea.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.skynet.be
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/zenpuzzlegarden/miniclipGameLoader.dll
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CF69CFF1-526E-4B72-9614-F410022DB1EB}: NameServer = 195.238.2.21 195.238.2.22
O23 - Service: Network Security Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\mspk32.exe" /s (file missing)
O23 - Service: Client de licence CA (CA_LIC_CLNT) - Unknown owner - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe (file missing)
O23 - Service: Serveur de licence CA (CA_LIC_SRVR) - Unknown owner - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Event Log Watch (LogWatch) - Unknown owner - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe (file missing)
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Windows Media Connect (WMC) (WmcCds) - Unknown owner - c:\program files\windows media connect\mswmccds.exe (file missing)
O23 - Service: Aide de Windows Media Connect (WMC) (WmcCdsLs) - Unknown owner - C:\Program Files\Windows Media Connect\mswmcls.exe (file missing)
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
Logfile of HijackThis v1.99.1
Scan saved at 22:23:32, on 16/07/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\sysal.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\dzazdou\Mes documents\Unzipped\hijackthis_199[1]\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\xtjtd.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\xtjtd.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\xtjtd.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\xtjtd.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\xtjtd.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\xtjtd.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par Belgacom Skynet
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {17FC5AF7-0C0F-B62B-EE7D-6FB2FEABA69B} - C:\WINDOWS\system32\appsy32.dll
O2 - BHO: Class - {2005B9B5-C183-DBA7-D764-F4CD01F0DAA3} - C:\WINDOWS\sdkni32.dll
O2 - BHO: Class - {5C2283D1-61C9-9337-3709-169AA24C7206} - C:\WINDOWS\system32\syskp.dll
O2 - BHO: Class - {7299CF30-F233-3F46-2E8C-DD294195AEBE} - C:\WINDOWS\system32\wincu32.dll
O2 - BHO: Class - {73A2EFBB-38ED-18F3-2B78-49EE04A5FEAB} - C:\WINDOWS\ieif.dll
O2 - BHO: Class - {80CE4264-DE48-7277-BAA4-D6E07C2653A2} - C:\WINDOWS\system32\mfccl32.dll
O2 - BHO: Class - {9564CC48-05D0-7649-4D33-CBDCCFF9913B} - C:\WINDOWS\mfcfv32.dll
O2 - BHO: Class - {A97AC2A2-0659-AC43-72DB-D9D913C43C45} - C:\WINDOWS\system32\iege.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Class - {D3DA37FD-F982-375C-FB4D-EE7156A75905} - C:\WINDOWS\system32\atlac.dll
O2 - BHO: Class - {E8983D00-0142-A0FE-63A0-D9E1F3C04A6B} - C:\WINDOWS\sdkzt.dll
O2 - BHO: Class - {F3A0397E-E3B9-0D76-D1C6-7FA1761B11A6} - C:\WINDOWS\iphv32.dll
O2 - BHO: Class - {F4D7791F-ADA5-B851-33CA-06EB8529CE7E} - C:\WINDOWS\system32\sdkxr32.dll
O2 - BHO: Class - {FF534564-71EA-B589-BFE1-B3735E7B4CF5} - C:\WINDOWS\system32\sdkly32.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [sysal.exe] C:\WINDOWS\system32\sysal.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunOnce: [apppw.exe] C:\WINDOWS\apppw.exe
O4 - HKLM\..\RunOnce: [sdkri32.exe] C:\WINDOWS\system32\sdkri32.exe
O4 - HKLM\..\RunOnce: [mshq.exe] C:\WINDOWS\system32\mshq.exe
O4 - HKLM\..\RunOnce: [addlu32.exe] C:\WINDOWS\system32\addlu32.exe
O4 - HKLM\..\RunOnce: [sysvu.exe] C:\WINDOWS\system32\sysvu.exe
O4 - HKLM\..\RunOnce: [sysar32.exe] C:\WINDOWS\system32\sysar32.exe
O4 - HKLM\..\RunOnce: [syspg32.exe] C:\WINDOWS\syspg32.exe
O4 - HKLM\..\RunOnce: [netzx32.exe] C:\WINDOWS\system32\netzx32.exe
O4 - HKLM\..\RunOnce: [syspw32.exe] C:\WINDOWS\syspw32.exe
O4 - HKLM\..\RunOnce: [d3cb32.exe] C:\WINDOWS\system32\d3cb32.exe
O4 - HKLM\..\RunOnce: [atlgh32.exe] C:\WINDOWS\system32\atlgh32.exe
O4 - HKLM\..\RunOnce: [atlcw32.exe] C:\WINDOWS\system32\atlcw32.exe
O4 - HKLM\..\RunOnce: [sysos32.exe] C:\WINDOWS\sysos32.exe
O4 - HKLM\..\RunOnce: [javatu.exe] C:\WINDOWS\javatu.exe
O4 - HKLM\..\RunOnce: [mfcyo32.exe] C:\WINDOWS\system32\mfcyo32.exe
O4 - HKLM\..\RunOnce: [addzl32.exe] C:\WINDOWS\system32\addzl32.exe
O4 - HKLM\..\RunOnce: [cref.exe] C:\WINDOWS\system32\cref.exe
O4 - HKLM\..\RunOnce: [msyw.exe] C:\WINDOWS\msyw.exe
O4 - HKLM\..\RunOnce: [sdkci.exe] C:\WINDOWS\system32\sdkci.exe
O4 - HKLM\..\RunOnce: [atlqf32.exe] C:\WINDOWS\atlqf32.exe
O4 - HKLM\..\RunOnce: [addlj.exe] C:\WINDOWS\system32\addlj.exe
O4 - HKLM\..\RunOnce: [crky32.exe] C:\WINDOWS\system32\crky32.exe
O4 - HKLM\..\RunOnce: [ipao32.exe] C:\WINDOWS\ipao32.exe
O4 - HKLM\..\RunOnce: [ntiw.exe] C:\WINDOWS\system32\ntiw.exe
O4 - HKLM\..\RunOnce: [iedn32.exe] C:\WINDOWS\system32\iedn32.exe
O4 - HKLM\..\RunOnce: [syslv.exe] C:\WINDOWS\system32\syslv.exe
O4 - HKLM\..\RunOnce: [iemw.exe] C:\WINDOWS\system32\iemw.exe
O4 - HKLM\..\RunOnce: [atljl32.exe] C:\WINDOWS\system32\atljl32.exe
O4 - HKLM\..\RunOnce: [ipaa32.exe] C:\WINDOWS\system32\ipaa32.exe
O4 - HKLM\..\RunOnce: [apive.exe] C:\WINDOWS\system32\apive.exe
O4 - HKLM\..\RunOnce: [winuu32.exe] C:\WINDOWS\system32\winuu32.exe
O4 - HKLM\..\RunOnce: [crsj.exe] C:\WINDOWS\crsj.exe
O4 - HKLM\..\RunOnce: [ipxl32.exe] C:\WINDOWS\ipxl32.exe
O4 - HKLM\..\RunOnce: [netrr32.exe] C:\WINDOWS\netrr32.exe
O4 - HKLM\..\RunOnce: [apphg32.exe] C:\WINDOWS\system32\apphg32.exe
O4 - HKLM\..\RunOnce: [atlpw32.exe] C:\WINDOWS\system32\atlpw32.exe
O4 - HKLM\..\RunOnce: [ntqp32.exe] C:\WINDOWS\ntqp32.exe
O4 - HKLM\..\RunOnce: [winyx.exe] C:\WINDOWS\winyx.exe
O4 - HKLM\..\RunOnce: [msub.exe] C:\WINDOWS\msub.exe
O4 - HKLM\..\RunOnce: [apisz32.exe] C:\WINDOWS\apisz32.exe
O4 - HKLM\..\RunOnce: [appsy32.exe] C:\WINDOWS\system32\appsy32.exe
O4 - HKLM\..\RunOnce: [netif32.exe] C:\WINDOWS\system32\netif32.exe
O4 - HKLM\..\RunOnce: [ieeu32.exe] C:\WINDOWS\ieeu32.exe
O4 - HKLM\..\RunOnce: [netea.exe] C:\WINDOWS\system32\netea.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.skynet.be
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/zenpuzzlegarden/miniclipGameLoader.dll
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CF69CFF1-526E-4B72-9614-F410022DB1EB}: NameServer = 195.238.2.21 195.238.2.22
O23 - Service: Network Security Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\mspk32.exe" /s (file missing)
O23 - Service: Client de licence CA (CA_LIC_CLNT) - Unknown owner - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe (file missing)
O23 - Service: Serveur de licence CA (CA_LIC_SRVR) - Unknown owner - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Event Log Watch (LogWatch) - Unknown owner - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe (file missing)
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Windows Media Connect (WMC) (WmcCds) - Unknown owner - c:\program files\windows media connect\mswmccds.exe (file missing)
O23 - Service: Aide de Windows Media Connect (WMC) (WmcCdsLs) - Unknown owner - C:\Program Files\Windows Media Connect\mswmcls.exe (file missing)
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
et de trois:
SmitFraudFix v0.7
Rapport fait à 22:25:18,70 le sam. 16/07/2005
Executé à partir de C:\Documents and Settings\dzazdou\Mes documents\Unzipped\SmitfraudFix[1]
OS: Microsoft Windows XP [version 5.1.2600]
»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus
»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés
C:\WINDOWS\screen.html supprimé
C:\WINDOWS\system32\hookdump.exe supprimé
»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre
Nettoyage terminé.
»»»»»»»»»»»»»»»»»»»»»»»» Fin du rapport
SmitFraudFix v0.7
Rapport fait à 22:25:18,70 le sam. 16/07/2005
Executé à partir de C:\Documents and Settings\dzazdou\Mes documents\Unzipped\SmitfraudFix[1]
OS: Microsoft Windows XP [version 5.1.2600]
»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus
»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés
C:\WINDOWS\screen.html supprimé
C:\WINDOWS\system32\hookdump.exe supprimé
»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre
Nettoyage terminé.
»»»»»»»»»»»»»»»»»»»»»»»» Fin du rapport
balltrap34
Messages postés
16240
Date d'inscription
jeudi 8 janvier 2004
Statut
Contributeur sécurité
Dernière intervention
28 novembre 2009
331
17 juil. 2005 à 00:48
17 juil. 2005 à 00:48
salut
imprime ceci pour ne rien oublier et tous faire
tous faire dans l ordre imperativement
-------------------------
tous da bord telecharge ces programmes si tu ne les a pas et met les a jour mais ne les utilise pas encore et verifie que tu as les bonnes version c est imperatif
ad-aware (1)version 1.06
(ici) http://www.florensac-chasse-trap.com/ section virus
voir demo
http://pageperso.aol.fr/balltrap34/adwseflash.zip
imprime ceci pour ne rien oublier et tous faire
tous faire dans l ordre imperativement
-------------------------
tous da bord telecharge ces programmes si tu ne les a pas et met les a jour mais ne les utilise pas encore et verifie que tu as les bonnes version c est imperatif
ad-aware (1)version 1.06
(ici) http://www.florensac-chasse-trap.com/ section virus
voir demo
http://pageperso.aol.fr/balltrap34/adwseflash.zip
Logfile of HijackThis v1.99.1
Scan saved at 12:17:57, on 17/07/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\sysal.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\ServicePackFiles\i386\iexplore.exe
C:\Documents and Settings\dzazdou\Mes documents\Unzipped\hijackthis_199[1]\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\fazju.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\fazju.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\fazju.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\fazju.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\fazju.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\fazju.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par Belgacom Skynet
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {14545639-0F65-AB15-C16B-B4F8EE42B3C1} - C:\WINDOWS\system32\sysrd32.dll
O2 - BHO: Class - {4014B4D5-2904-EAE9-66BC-9F97C5F321F8} - C:\WINDOWS\system32\mfcok.dll
O2 - BHO: Class - {4982D30C-67C2-4EDC-B9FB-50B7DB64D84D} - C:\WINDOWS\system32\mfckz32.dll
O2 - BHO: Class - {4FBA7282-EDEE-36A3-D552-74FA9B7E58C7} - C:\WINDOWS\javaxv32.dll
O2 - BHO: Class - {5216D1C9-464B-2CA0-2092-005ED043733C} - C:\WINDOWS\system32\ipkb32.dll
O2 - BHO: Class - {9B2A5C16-0CC3-AAF0-E711-079D47C149CF} - C:\WINDOWS\system32\sysbn32.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Class - {B02C8A79-166D-EAED-C15F-3D1CC66CC436} - C:\WINDOWS\system32\javaiq32.dll
O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)
O2 - BHO: Class - {BAC8C44D-2112-AF01-7896-5BA9C152A8BC} - C:\WINDOWS\sysps32.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Class - {C49EE5EC-58A6-E279-05B8-E5C66D906219} - C:\WINDOWS\system32\apppd.dll
O2 - BHO: Class - {C8B9D513-1F50-BEA9-4C7E-E088E7CE8BF6} - C:\WINDOWS\apiyu.dll
O2 - BHO: Class - {CFC69D80-D884-9E2A-507A-6B067ADD8506} - C:\WINDOWS\apikx.dll
O2 - BHO: Class - {E9288E70-5BA5-6326-846F-3AC0878A4536} - C:\WINDOWS\iepc32.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [sysal.exe] C:\WINDOWS\system32\sysal.exe
O4 - HKLM\..\RunOnce: [apppw.exe] C:\WINDOWS\apppw.exe
O4 - HKLM\..\RunOnce: [apppt32.exe] C:\WINDOWS\system32\apppt32.exe
O4 - HKLM\..\RunOnce: [apidu.exe] C:\WINDOWS\system32\apidu.exe
O4 - HKLM\..\RunOnce: [mfcec32.exe] C:\WINDOWS\mfcec32.exe
O4 - HKLM\..\RunOnce: [sysjw.exe] C:\WINDOWS\sysjw.exe
O4 - HKLM\..\RunOnce: [mssw32.exe] C:\WINDOWS\system32\mssw32.exe
O4 - HKLM\..\RunOnce: [ntxy.exe] C:\WINDOWS\system32\ntxy.exe
O4 - HKLM\..\RunOnce: [apifn.exe] C:\WINDOWS\apifn.exe
O4 - HKLM\..\RunOnce: [javawi.exe] C:\WINDOWS\javawi.exe
O4 - HKLM\..\RunOnce: [apibc.exe] C:\WINDOWS\system32\apibc.exe
O4 - HKLM\..\RunOnce: [msub.exe] C:\WINDOWS\msub.exe
O4 - HKLM\..\RunOnce: [sysia32.exe] C:\WINDOWS\system32\sysia32.exe
O4 - HKLM\..\RunOnce: [mfctx32.exe] C:\WINDOWS\mfctx32.exe
O4 - HKLM\..\RunOnce: [iehz32.exe] C:\WINDOWS\system32\iehz32.exe
O4 - HKLM\..\RunOnce: [netwu32.exe] C:\WINDOWS\system32\netwu32.exe
O4 - HKLM\..\RunOnce: [winby32.exe] C:\WINDOWS\system32\winby32.exe
O4 - HKLM\..\RunOnce: [cros32.exe] C:\WINDOWS\cros32.exe
O4 - HKLM\..\RunOnce: [d3og.exe] C:\WINDOWS\system32\d3og.exe
O4 - HKLM\..\RunOnce: [d3qs32.exe] C:\WINDOWS\system32\d3qs32.exe
O4 - HKLM\..\RunOnce: [mfcvn32.exe] C:\WINDOWS\mfcvn32.exe
O4 - HKLM\..\RunOnce: [ipwc32.exe] C:\WINDOWS\system32\ipwc32.exe
O4 - HKLM\..\RunOnce: [appbe.exe] C:\WINDOWS\appbe.exe
O4 - HKLM\..\RunOnce: [ntzp.exe] C:\WINDOWS\system32\ntzp.exe
O4 - HKLM\..\RunOnce: [mfcam.exe] C:\WINDOWS\mfcam.exe
O4 - HKLM\..\RunOnce: [ieng32.exe] C:\WINDOWS\system32\ieng32.exe
O4 - HKLM\..\RunOnce: [appen32.exe] C:\WINDOWS\system32\appen32.exe
O4 - HKLM\..\RunOnce: [sysvy.exe] C:\WINDOWS\system32\sysvy.exe
O4 - HKLM\..\RunOnce: [winhz32.exe] C:\WINDOWS\winhz32.exe
O4 - HKLM\..\RunOnce: [d3xo32.exe] C:\WINDOWS\system32\d3xo32.exe
O4 - HKLM\..\RunOnce: [addhn32.exe] C:\WINDOWS\addhn32.exe
O4 - HKLM\..\RunOnce: [atlfj.exe] C:\WINDOWS\atlfj.exe
O4 - HKLM\..\RunOnce: [addit.exe] C:\WINDOWS\system32\addit.exe
O4 - HKLM\..\RunOnce: [netex32.exe] C:\WINDOWS\system32\netex32.exe
O4 - HKLM\..\RunOnce: [atlox.exe] C:\WINDOWS\system32\atlox.exe
O4 - HKLM\..\RunOnce: [mfccu32.exe] C:\WINDOWS\system32\mfccu32.exe
O4 - HKLM\..\RunOnce: [ieho.exe] C:\WINDOWS\ieho.exe
O4 - HKLM\..\RunOnce: [netcx.exe] C:\WINDOWS\netcx.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.skynet.be
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/zenpuzzlegarden/miniclipGameLoader.dll
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CF69CFF1-526E-4B72-9614-F410022DB1EB}: NameServer = 195.238.2.21 195.238.2.22
O23 - Service: Network Security Service (NSS) ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\apppw.exe" /s (file missing)
O23 - Service: Client de licence CA (CA_LIC_CLNT) - Unknown owner - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe (file missing)
O23 - Service: Serveur de licence CA (CA_LIC_SRVR) - Unknown owner - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Event Log Watch (LogWatch) - Unknown owner - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe (file missing)
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Windows Media Connect (WMC) (WmcCds) - Unknown owner - c:\program files\windows media connect\mswmccds.exe (file missing)
O23 - Service: Aide de Windows Media Connect (WMC) (WmcCdsLs) - Unknown owner - C:\Program Files\Windows Media Connect\mswmcls.exe (file missing)
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
mes soucis:
je crois que le virus est encore dans mon ordinateur
exemple: dans mes favoris il y a des sites de porno,...
merci deja pour tout
parce-que j'ai vu que j'ai enleve des choses commen trojan horse downloader etc
Scan saved at 12:17:57, on 17/07/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\sysal.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\ServicePackFiles\i386\iexplore.exe
C:\Documents and Settings\dzazdou\Mes documents\Unzipped\hijackthis_199[1]\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\fazju.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\fazju.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\fazju.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\fazju.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\fazju.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\fazju.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par Belgacom Skynet
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {14545639-0F65-AB15-C16B-B4F8EE42B3C1} - C:\WINDOWS\system32\sysrd32.dll
O2 - BHO: Class - {4014B4D5-2904-EAE9-66BC-9F97C5F321F8} - C:\WINDOWS\system32\mfcok.dll
O2 - BHO: Class - {4982D30C-67C2-4EDC-B9FB-50B7DB64D84D} - C:\WINDOWS\system32\mfckz32.dll
O2 - BHO: Class - {4FBA7282-EDEE-36A3-D552-74FA9B7E58C7} - C:\WINDOWS\javaxv32.dll
O2 - BHO: Class - {5216D1C9-464B-2CA0-2092-005ED043733C} - C:\WINDOWS\system32\ipkb32.dll
O2 - BHO: Class - {9B2A5C16-0CC3-AAF0-E711-079D47C149CF} - C:\WINDOWS\system32\sysbn32.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Class - {B02C8A79-166D-EAED-C15F-3D1CC66CC436} - C:\WINDOWS\system32\javaiq32.dll
O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)
O2 - BHO: Class - {BAC8C44D-2112-AF01-7896-5BA9C152A8BC} - C:\WINDOWS\sysps32.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Class - {C49EE5EC-58A6-E279-05B8-E5C66D906219} - C:\WINDOWS\system32\apppd.dll
O2 - BHO: Class - {C8B9D513-1F50-BEA9-4C7E-E088E7CE8BF6} - C:\WINDOWS\apiyu.dll
O2 - BHO: Class - {CFC69D80-D884-9E2A-507A-6B067ADD8506} - C:\WINDOWS\apikx.dll
O2 - BHO: Class - {E9288E70-5BA5-6326-846F-3AC0878A4536} - C:\WINDOWS\iepc32.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [sysal.exe] C:\WINDOWS\system32\sysal.exe
O4 - HKLM\..\RunOnce: [apppw.exe] C:\WINDOWS\apppw.exe
O4 - HKLM\..\RunOnce: [apppt32.exe] C:\WINDOWS\system32\apppt32.exe
O4 - HKLM\..\RunOnce: [apidu.exe] C:\WINDOWS\system32\apidu.exe
O4 - HKLM\..\RunOnce: [mfcec32.exe] C:\WINDOWS\mfcec32.exe
O4 - HKLM\..\RunOnce: [sysjw.exe] C:\WINDOWS\sysjw.exe
O4 - HKLM\..\RunOnce: [mssw32.exe] C:\WINDOWS\system32\mssw32.exe
O4 - HKLM\..\RunOnce: [ntxy.exe] C:\WINDOWS\system32\ntxy.exe
O4 - HKLM\..\RunOnce: [apifn.exe] C:\WINDOWS\apifn.exe
O4 - HKLM\..\RunOnce: [javawi.exe] C:\WINDOWS\javawi.exe
O4 - HKLM\..\RunOnce: [apibc.exe] C:\WINDOWS\system32\apibc.exe
O4 - HKLM\..\RunOnce: [msub.exe] C:\WINDOWS\msub.exe
O4 - HKLM\..\RunOnce: [sysia32.exe] C:\WINDOWS\system32\sysia32.exe
O4 - HKLM\..\RunOnce: [mfctx32.exe] C:\WINDOWS\mfctx32.exe
O4 - HKLM\..\RunOnce: [iehz32.exe] C:\WINDOWS\system32\iehz32.exe
O4 - HKLM\..\RunOnce: [netwu32.exe] C:\WINDOWS\system32\netwu32.exe
O4 - HKLM\..\RunOnce: [winby32.exe] C:\WINDOWS\system32\winby32.exe
O4 - HKLM\..\RunOnce: [cros32.exe] C:\WINDOWS\cros32.exe
O4 - HKLM\..\RunOnce: [d3og.exe] C:\WINDOWS\system32\d3og.exe
O4 - HKLM\..\RunOnce: [d3qs32.exe] C:\WINDOWS\system32\d3qs32.exe
O4 - HKLM\..\RunOnce: [mfcvn32.exe] C:\WINDOWS\mfcvn32.exe
O4 - HKLM\..\RunOnce: [ipwc32.exe] C:\WINDOWS\system32\ipwc32.exe
O4 - HKLM\..\RunOnce: [appbe.exe] C:\WINDOWS\appbe.exe
O4 - HKLM\..\RunOnce: [ntzp.exe] C:\WINDOWS\system32\ntzp.exe
O4 - HKLM\..\RunOnce: [mfcam.exe] C:\WINDOWS\mfcam.exe
O4 - HKLM\..\RunOnce: [ieng32.exe] C:\WINDOWS\system32\ieng32.exe
O4 - HKLM\..\RunOnce: [appen32.exe] C:\WINDOWS\system32\appen32.exe
O4 - HKLM\..\RunOnce: [sysvy.exe] C:\WINDOWS\system32\sysvy.exe
O4 - HKLM\..\RunOnce: [winhz32.exe] C:\WINDOWS\winhz32.exe
O4 - HKLM\..\RunOnce: [d3xo32.exe] C:\WINDOWS\system32\d3xo32.exe
O4 - HKLM\..\RunOnce: [addhn32.exe] C:\WINDOWS\addhn32.exe
O4 - HKLM\..\RunOnce: [atlfj.exe] C:\WINDOWS\atlfj.exe
O4 - HKLM\..\RunOnce: [addit.exe] C:\WINDOWS\system32\addit.exe
O4 - HKLM\..\RunOnce: [netex32.exe] C:\WINDOWS\system32\netex32.exe
O4 - HKLM\..\RunOnce: [atlox.exe] C:\WINDOWS\system32\atlox.exe
O4 - HKLM\..\RunOnce: [mfccu32.exe] C:\WINDOWS\system32\mfccu32.exe
O4 - HKLM\..\RunOnce: [ieho.exe] C:\WINDOWS\ieho.exe
O4 - HKLM\..\RunOnce: [netcx.exe] C:\WINDOWS\netcx.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.skynet.be
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/zenpuzzlegarden/miniclipGameLoader.dll
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CF69CFF1-526E-4B72-9614-F410022DB1EB}: NameServer = 195.238.2.21 195.238.2.22
O23 - Service: Network Security Service (NSS) ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\apppw.exe" /s (file missing)
O23 - Service: Client de licence CA (CA_LIC_CLNT) - Unknown owner - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe (file missing)
O23 - Service: Serveur de licence CA (CA_LIC_SRVR) - Unknown owner - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Event Log Watch (LogWatch) - Unknown owner - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe (file missing)
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Windows Media Connect (WMC) (WmcCds) - Unknown owner - c:\program files\windows media connect\mswmccds.exe (file missing)
O23 - Service: Aide de Windows Media Connect (WMC) (WmcCdsLs) - Unknown owner - C:\Program Files\Windows Media Connect\mswmcls.exe (file missing)
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
mes soucis:
je crois que le virus est encore dans mon ordinateur
exemple: dans mes favoris il y a des sites de porno,...
merci deja pour tout
parce-que j'ai vu que j'ai enleve des choses commen trojan horse downloader etc
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
balltrap34
Messages postés
16240
Date d'inscription
jeudi 8 janvier 2004
Statut
Contributeur sécurité
Dernière intervention
28 novembre 2009
331
17 juil. 2005 à 12:39
17 juil. 2005 à 12:39
lol tous y est encore tu suis bien tous dans l ordre le mode sans echec et tous les prog
balltrap34
Messages postés
16240
Date d'inscription
jeudi 8 janvier 2004
Statut
Contributeur sécurité
Dernière intervention
28 novembre 2009
331
17 juil. 2005 à 20:10
17 juil. 2005 à 20:10
la je crack
repasse ceci
telecharge ceci
http://www.downloads.subratam.org/l2mfix.exe
decompresse le double clik sur l2mfix.bat appuie sur n importe quelle touche et ensuite choisi l option 2
et ensuite repete toute l operation
repasse ceci
telecharge ceci
http://www.downloads.subratam.org/l2mfix.exe
decompresse le double clik sur l2mfix.bat appuie sur n importe quelle touche et ensuite choisi l option 2
et ensuite repete toute l operation
L2Mfix 1.03a
Running From:
C:\Documents and Settings\dzazdou\Bureau\l2mfix
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(ID-NI) ALLOW Read BUILTIN\Utilisateurs
(ID-IO) ALLOW Read BUILTIN\Utilisateurs
(ID-NI) ALLOW Full access BUILTIN\Administrateurs
(ID-IO) ALLOW Full access BUILTIN\Administrateurs
(ID-NI) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access CREATEUR PROPRIETAIRE
Setting registry permissions:
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Denying C(CI) access for predefined group "Administrators"
- adding new ACCESS DENY entry
Registry Permissions set too:
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(CI) DENY --C------- BUILTIN\Administrateurs
(ID-NI) ALLOW Read BUILTIN\Utilisateurs
(ID-IO) ALLOW Read BUILTIN\Utilisateurs
(ID-NI) ALLOW Full access BUILTIN\Administrateurs
(ID-IO) ALLOW Full access BUILTIN\Administrateurs
(ID-NI) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access CREATEUR PROPRIETAIRE
Setting up for Reboot
Starting Reboot!
Running From:
C:\Documents and Settings\dzazdou\Bureau\l2mfix
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(ID-NI) ALLOW Read BUILTIN\Utilisateurs
(ID-IO) ALLOW Read BUILTIN\Utilisateurs
(ID-NI) ALLOW Full access BUILTIN\Administrateurs
(ID-IO) ALLOW Full access BUILTIN\Administrateurs
(ID-NI) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access CREATEUR PROPRIETAIRE
Setting registry permissions:
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Denying C(CI) access for predefined group "Administrators"
- adding new ACCESS DENY entry
Registry Permissions set too:
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(CI) DENY --C------- BUILTIN\Administrateurs
(ID-NI) ALLOW Read BUILTIN\Utilisateurs
(ID-IO) ALLOW Read BUILTIN\Utilisateurs
(ID-NI) ALLOW Full access BUILTIN\Administrateurs
(ID-IO) ALLOW Full access BUILTIN\Administrateurs
(ID-NI) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access CREATEUR PROPRIETAIRE
Setting up for Reboot
Starting Reboot!
balltrap34
Messages postés
16240
Date d'inscription
jeudi 8 janvier 2004
Statut
Contributeur sécurité
Dernière intervention
28 novembre 2009
331
17 juil. 2005 à 22:09
17 juil. 2005 à 22:09
il faut que l ont vire se service
O23 - Service: Network Security Service (NSS) ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\apppw.exe" /s (file missing)
demarrer > executer tape(ou fais un copier coller)
sc config 11Fßä#·ºÄÖ`I start= disabled
valide
demarrer > executer tape
sc stop 11Fßä#·ºÄÖ`I
valide
demarrer > executer tape
sc delete 11Fßä#·ºÄÖ`I
valide
redemarre le pc et reposte un hijack
O23 - Service: Network Security Service (NSS) ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\apppw.exe" /s (file missing)
demarrer > executer tape(ou fais un copier coller)
sc config 11Fßä#·ºÄÖ`I start= disabled
valide
demarrer > executer tape
sc stop 11Fßä#·ºÄÖ`I
valide
demarrer > executer tape
sc delete 11Fßä#·ºÄÖ`I
valide
redemarre le pc et reposte un hijack
Logfile of HijackThis v1.99.1
Scan saved at 21:07:20, on 18/07/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\mfcsx.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Documents and Settings\dzazdou\Mes documents\Unzipped\hijackthis_199[1]\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\yhsir.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\yhsir.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\yhsir.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\yhsir.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\yhsir.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\yhsir.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par Belgacom Skynet
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {094EDED8-1F6C-995C-6754-A544D7EA188B} - C:\WINDOWS\system32\crcz32.dll
O2 - BHO: Class - {0AEDCEB7-DB98-2AC8-C751-7602FC73372C} - C:\WINDOWS\addea32.dll
O2 - BHO: Class - {178BF97C-6695-99D8-72C0-80D53BABA646} - C:\WINDOWS\sysik32.dll
O2 - BHO: Class - {267B601E-BF82-736D-7AC7-27C74EE988B8} - C:\WINDOWS\system32\crgk.dll
O2 - BHO: Class - {26DF6F6C-68C1-432E-7845-1CBFEF199116} - C:\WINDOWS\crei32.dll
O2 - BHO: Class - {2CDE04BE-5087-9425-8043-F24037206477} - C:\WINDOWS\netjc32.dll
O2 - BHO: Class - {38F6B10B-D771-3C5C-0291-568F76485423} - C:\WINDOWS\system32\apitg.dll
O2 - BHO: Class - {49067854-CD81-932C-FF39-319631A78BFC} - C:\WINDOWS\system32\netlm32.dll
O2 - BHO: Class - {516BCC99-33A5-EE46-FF69-B7B30CE72B12} - C:\WINDOWS\system32\winyg.dll
O2 - BHO: Class - {5363EB55-7CF4-DA12-F27B-D7B89B413FF3} - C:\WINDOWS\system32\javane32.dll
O2 - BHO: Class - {6BBEE290-2040-F21E-2CFB-CC15C4AC9B90} - C:\WINDOWS\addap.dll
O2 - BHO: Class - {6EF0F034-C0DA-6CB6-18F6-2B49B1B81D7A} - C:\WINDOWS\winmv.dll
O2 - BHO: Class - {77B56A9B-5F2E-3199-3215-D7E8E0F1C765} - C:\WINDOWS\netnn32.dll
O2 - BHO: Class - {8452BC65-9E1F-8A0C-B537-38BCC7650B62} - C:\WINDOWS\system32\apihb.dll
O2 - BHO: Class - {9651FF3B-C2B5-C2EF-5AC4-78D61ADF97C4} - C:\WINDOWS\d3kd.dll
O2 - BHO: Class - {9F8C6736-431A-A80F-7DB3-0D6C8BBD7EA1} - C:\WINDOWS\system32\netxx32.dll
O2 - BHO: Class - {A5E89540-05C4-7AC5-1C77-5A15DBBF6B36} - C:\WINDOWS\system32\winof.dll
O2 - BHO: Class - {AA168207-BE5F-10B0-7FD5-2061FA4F8547} - C:\WINDOWS\system32\winkm32.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Class - {B89E4008-4828-AC3A-CAF5-00B70ABA441F} - C:\WINDOWS\crrp32.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Class - {C01397B5-886F-E2A8-2FDD-7B4758D1AE8E} - C:\WINDOWS\apivi.dll
O2 - BHO: Class - {D7630E68-79D7-6EF3-062A-A8D62572DA69} - C:\WINDOWS\system32\d3it.dll
O2 - BHO: Class - {E850AD1C-2D64-EB86-64E5-80CA936A2373} - C:\WINDOWS\javapo32.dll
O2 - BHO: Class - {E85F1A0E-4BF7-9FC7-5FC6-F9CE2788F77D} - C:\WINDOWS\system32\ipzg32.dll
O2 - BHO: Class - {FBE2FA5F-7935-0120-3FB8-49D74C7057E5} - C:\WINDOWS\system32\addcz.dll
O2 - BHO: Class - {FCA478C5-66CE-9CAB-6011-3194DCF234A8} - C:\WINDOWS\system32\apifr.dll
O2 - BHO: Class - {FF7AF231-F460-F958-9E42-30A70C516066} - C:\WINDOWS\sysyg.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [sysal.exe] C:\WINDOWS\system32\sysal.exe
O4 - HKLM\..\Run: [mfcsx.exe] C:\WINDOWS\system32\mfcsx.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\RunOnce: [apppw.exe] C:\WINDOWS\apppw.exe
O4 - HKLM\..\RunOnce: [sysia32.exe] C:\WINDOWS\system32\sysia32.exe
O4 - HKLM\..\RunOnce: [d3xo32.exe] C:\WINDOWS\system32\d3xo32.exe
O4 - HKLM\..\RunOnce: [addit.exe] C:\WINDOWS\system32\addit.exe
O4 - HKLM\..\RunOnce: [mfccu32.exe] C:\WINDOWS\system32\mfccu32.exe
O4 - HKLM\..\RunOnce: [ipkl32.exe] C:\WINDOWS\ipkl32.exe
O4 - HKLM\..\RunOnce: [netko32.exe] C:\WINDOWS\system32\netko32.exe
O4 - HKLM\..\RunOnce: [sysbu32.exe] C:\WINDOWS\system32\sysbu32.exe
O4 - HKLM\..\RunOnce: [ipmu32.exe] C:\WINDOWS\system32\ipmu32.exe
O4 - HKLM\..\RunOnce: [d3zq32.exe] C:\WINDOWS\d3zq32.exe
O4 - HKLM\..\RunOnce: [apiwb.exe] C:\WINDOWS\apiwb.exe
O4 - HKLM\..\RunOnce: [ntkb32.exe] C:\WINDOWS\ntkb32.exe
O4 - HKLM\..\RunOnce: [crke32.exe] C:\WINDOWS\system32\crke32.exe
O4 - HKLM\..\RunOnce: [ieur.exe] C:\WINDOWS\system32\ieur.exe
O4 - HKLM\..\RunOnce: [mskj.exe] C:\WINDOWS\system32\mskj.exe
O4 - HKLM\..\RunOnce: [crxx.exe] C:\WINDOWS\system32\crxx.exe
O4 - HKLM\..\RunOnce: [addmm32.exe] C:\WINDOWS\addmm32.exe
O4 - HKLM\..\RunOnce: [addhe.exe] C:\WINDOWS\system32\addhe.exe
O4 - HKLM\..\RunOnce: [crug32.exe] C:\WINDOWS\crug32.exe
O4 - HKLM\..\RunOnce: [d3uo32.exe] C:\WINDOWS\system32\d3uo32.exe
O4 - HKLM\..\RunOnce: [ipai32.exe] C:\WINDOWS\ipai32.exe
O4 - HKLM\..\RunOnce: [d3jj32.exe] C:\WINDOWS\system32\d3jj32.exe
O4 - HKLM\..\RunOnce: [netpl.exe] C:\WINDOWS\system32\netpl.exe
O4 - HKLM\..\RunOnce: [d3ea32.exe] C:\WINDOWS\d3ea32.exe
O4 - HKLM\..\RunOnce: [ipxr.exe] C:\WINDOWS\system32\ipxr.exe
O4 - HKLM\..\RunOnce: [appcl32.exe] C:\WINDOWS\system32\appcl32.exe
O4 - HKLM\..\RunOnce: [sysmt.exe] C:\WINDOWS\system32\sysmt.exe
O4 - HKLM\..\RunOnce: [javazo32.exe] C:\WINDOWS\system32\javazo32.exe
O4 - HKLM\..\RunOnce: [javayz.exe] C:\WINDOWS\system32\javayz.exe
O4 - HKLM\..\RunOnce: [msdb.exe] C:\WINDOWS\system32\msdb.exe
O4 - HKLM\..\RunOnce: [appby.exe] C:\WINDOWS\appby.exe
O4 - HKLM\..\RunOnce: [sysqg.exe] C:\WINDOWS\system32\sysqg.exe
O4 - HKLM\..\RunOnce: [appen32.exe] C:\WINDOWS\system32\appen32.exe
O4 - HKLM\..\RunOnce: [javamb32.exe] C:\WINDOWS\system32\javamb32.exe
O4 - HKLM\..\RunOnce: [javaby32.exe] C:\WINDOWS\system32\javaby32.exe
O4 - HKLM\..\RunOnce: [apigb.exe] C:\WINDOWS\apigb.exe
O4 - HKLM\..\RunOnce: [sdkce.exe] C:\WINDOWS\system32\sdkce.exe
O4 - HKLM\..\RunOnce: [nethm32.exe] C:\WINDOWS\nethm32.exe
O4 - HKLM\..\RunOnce: [netkd32.exe] C:\WINDOWS\system32\netkd32.exe
O4 - HKLM\..\RunOnce: [addpg.exe] C:\WINDOWS\addpg.exe
O4 - HKLM\..\RunOnce: [d3iw32.exe] C:\WINDOWS\system32\d3iw32.exe
O4 - HKLM\..\RunOnce: [msjc32.exe] C:\WINDOWS\msjc32.exe
O4 - HKLM\..\RunOnce: [ipcv.exe] C:\WINDOWS\ipcv.exe
O4 - HKLM\..\RunOnce: [msdb32.exe] C:\WINDOWS\system32\msdb32.exe
O4 - HKLM\..\RunOnce: [crgx.exe] C:\WINDOWS\crgx.exe
O4 - HKLM\..\RunOnce: [netmz32.exe] C:\WINDOWS\system32\netmz32.exe
O4 - HKLM\..\RunOnce: [crwy32.exe] C:\WINDOWS\crwy32.exe
O4 - HKLM\..\RunOnce: [netjs.exe] C:\WINDOWS\netjs.exe
O4 - HKLM\..\RunOnce: [winii32.exe] C:\WINDOWS\winii32.exe
O4 - HKLM\..\RunOnce: [crnc.exe] C:\WINDOWS\crnc.exe
O4 - HKLM\..\RunOnce: [mfctg32.exe] C:\WINDOWS\system32\mfctg32.exe
O4 - HKLM\..\RunOnce: [iegb.exe] C:\WINDOWS\iegb.exe
O4 - HKLM\..\RunOnce: [mshb.exe] C:\WINDOWS\system32\mshb.exe
O4 - HKLM\..\RunOnce: [ntmd.exe] C:\WINDOWS\system32\ntmd.exe
O4 - HKLM\..\RunOnce: [mfcqh32.exe] C:\WINDOWS\system32\mfcqh32.exe
O4 - HKLM\..\RunOnce: [sysej32.exe] C:\WINDOWS\system32\sysej32.exe
O4 - HKLM\..\RunOnce: [appio.exe] C:\WINDOWS\appio.exe
O4 - HKLM\..\RunOnce: [d3oi32.exe] C:\WINDOWS\system32\d3oi32.exe
O4 - HKLM\..\RunOnce: [ntex.exe] C:\WINDOWS\ntex.exe
O4 - HKLM\..\RunOnce: [atlrz32.exe] C:\WINDOWS\atlrz32.exe
O4 - HKLM\..\RunOnce: [nethh.exe] C:\WINDOWS\nethh.exe
O4 - HKLM\..\RunOnce: [addnb32.exe] C:\WINDOWS\system32\addnb32.exe
O4 - HKLM\..\RunOnce: [appgu.exe] C:\WINDOWS\system32\appgu.exe
O4 - HKLM\..\RunOnce: [mslo32.exe] C:\WINDOWS\mslo32.exe
O4 - HKLM\..\RunOnce: [mfcpw.exe] C:\WINDOWS\system32\mfcpw.exe
O4 - HKLM\..\RunOnce: [appye32.exe] C:\WINDOWS\appye32.exe
O4 - HKLM\..\RunOnce: [msey.exe] C:\WINDOWS\msey.exe
O4 - HKLM\..\RunOnce: [sdkhk.exe] C:\WINDOWS\sdkhk.exe
O4 - HKLM\..\RunOnce: [mfcne32.exe] C:\WINDOWS\mfcne32.exe
O4 - HKLM\..\RunOnce: [iprj.exe] C:\WINDOWS\system32\iprj.exe
O4 - HKLM\..\RunOnce: [addxd.exe] C:\WINDOWS\addxd.exe
O4 - HKLM\..\RunOnce: [ipua32.exe] C:\WINDOWS\system32\ipua32.exe
O4 - HKLM\..\RunOnce: [appzu.exe] C:\WINDOWS\system32\appzu.exe
O4 - HKLM\..\RunOnce: [appfr32.exe] C:\WINDOWS\system32\appfr32.exe
O4 - HKLM\..\RunOnce: [mskl32.exe] C:\WINDOWS\mskl32.exe
O4 - HKLM\..\RunOnce: [sdksm32.exe] C:\WINDOWS\sdksm32.exe
O4 - HKLM\..\RunOnce: [atlgh.exe] C:\WINDOWS\atlgh.exe
O4 - HKLM\..\RunOnce: [msxo32.exe] C:\WINDOWS\msxo32.exe
O4 - HKLM\..\RunOnce: [ipkj.exe] C:\WINDOWS\ipkj.exe
O4 - HKLM\..\RunOnce: [addse32.exe] C:\WINDOWS\system32\addse32.exe
O4 - HKLM\..\RunOnce: [cryz.exe] C:\WINDOWS\cryz.exe
O4 - HKLM\..\RunOnce: [apidv.exe] C:\WINDOWS\system32\apidv.exe
O4 - HKLM\..\RunOnce: [sysrx.exe] C:\WINDOWS\system32\sysrx.exe
O4 - HKLM\..\RunOnce: [iery.exe] C:\WINDOWS\iery.exe
O4 - HKLM\..\RunOnce: [ntxs32.exe] C:\WINDOWS\ntxs32.exe
O4 - HKLM\..\RunOnce: [crjw32.exe] C:\WINDOWS\crjw32.exe
O4 - HKLM\..\RunOnce: [netpy.exe] C:\WINDOWS\netpy.exe
O4 - HKLM\..\RunOnce: [sdkou32.exe] C:\WINDOWS\system32\sdkou32.exe
O4 - HKLM\..\RunOnce: [mfcbo32.exe] C:\WINDOWS\system32\mfcbo32.exe
O4 - HKLM\..\RunOnce: [d3mb32.exe] C:\WINDOWS\system32\d3mb32.exe
O4 - HKLM\..\RunOnce: [ipsv.exe] C:\WINDOWS\system32\ipsv.exe
O4 - HKLM\..\RunOnce: [appco32.exe] C:\WINDOWS\appco32.exe
O4 - HKLM\..\RunOnce: [mshr.exe] C:\WINDOWS\system32\mshr.exe
O4 - HKLM\..\RunOnce: [mfccc.exe] C:\WINDOWS\system32\mfccc.exe
O4 - HKLM\..\RunOnce: [syspw.exe] C:\WINDOWS\syspw.exe
O4 - HKLM\..\RunOnce: [ipff.exe] C:\WINDOWS\ipff.exe
O4 - HKLM\..\RunOnce: [appkz.exe] C:\WINDOWS\appkz.exe
O4 - HKLM\..\RunOnce: [sdkby.exe] C:\WINDOWS\sdkby.exe
O4 - HKLM\..\RunOnce: [sdkzc.exe] C:\WINDOWS\system32\sdkzc.exe
O4 - HKLM\..\RunOnce: [msgy32.exe] C:\WINDOWS\system32\msgy32.exe
O4 - HKLM\..\RunOnce: [ipls32.exe] C:\WINDOWS\ipls32.exe
O4 - HKLM\..\RunOnce: [sdkfj32.exe] C:\WINDOWS\sdkfj32.exe
O4 - HKLM\..\RunOnce: [sdkzx.exe] C:\WINDOWS\sdkzx.exe
O4 - HKLM\..\RunOnce: [atlez.exe] C:\WINDOWS\atlez.exe
O4 - HKLM\..\RunOnce: [winid32.exe] C:\WINDOWS\winid32.exe
O4 - HKLM\..\RunOnce: [crof32.exe] C:\WINDOWS\crof32.exe
O4 - HKLM\..\RunOnce: [msnn32.exe] C:\WINDOWS\system32\msnn32.exe
O4 - HKLM\..\RunOnce: [appxj32.exe] C:\WINDOWS\appxj32.exe
O4 - HKLM\..\RunOnce: [crki.exe] C:\WINDOWS\system32\crki.exe
O4 - HKLM\..\RunOnce: [apiqk32.exe] C:\WINDOWS\system32\apiqk32.exe
O4 - HKLM\..\RunOnce: [crfx.exe] C:\WINDOWS\crfx.exe
O4 - HKLM\..\RunOnce: [nettz32.exe] C:\WINDOWS\system32\nettz32.exe
O4 - HKLM\..\RunOnce: [javapv.exe] C:\WINDOWS\system32\javapv.exe
O4 - HKLM\..\RunOnce: [apiol32.exe] C:\WINDOWS\system32\apiol32.exe
O4 - HKLM\..\RunOnce: [systn.exe] C:\WINDOWS\systn.exe
O4 - HKLM\..\RunOnce: [d3gt.exe] C:\WINDOWS\system32\d3gt.exe
O4 - HKLM\..\RunOnce: [ntfg.exe] C:\WINDOWS\ntfg.exe
O4 - HKLM\..\RunOnce: [ipoe.exe] C:\WINDOWS\system32\ipoe.exe
O4 - HKLM\..\RunOnce: [addnu32.exe] C:\WINDOWS\system32\addnu32.exe
O4 - HKLM\..\RunOnce: [d3to.exe] C:\WINDOWS\system32\d3to.exe
O4 - HKLM\..\RunOnce: [msej32.exe] C:\WINDOWS\msej32.exe
O4 - HKLM\..\RunOnce: [ntrd.exe] C:\WINDOWS\ntrd.exe
O4 - HKLM\..\RunOnce: [mfcjw.exe] C:\WINDOWS\mfcjw.exe
O4 - HKLM\..\RunOnce: [javayu32.exe] C:\WINDOWS\system32\javayu32.exe
O4 - HKLM\..\RunOnce: [syshc32.exe] C:\WINDOWS\syshc32.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.skynet.be
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/zenpuzzlegarden/miniclipGameLoader.dll
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\apppw.exe" /s (file missing)
O23 - Service: Client de licence CA (CA_LIC_CLNT) - Unknown owner - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe (file missing)
O23 - Service: Serveur de licence CA (CA_LIC_SRVR) - Unknown owner - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Event Log Watch (LogWatch) - Unknown owner - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe (file missing)
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Windows Media Connect (WMC) (WmcCds) - Unknown owner - c:\program files\windows media connect\mswmccds.exe (file missing)
O23 - Service: Aide de Windows Media Connect (WMC) (WmcCdsLs) - Unknown owner - C:\Program Files\Windows Media Connect\mswmcls.exe (file missing)
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
Scan saved at 21:07:20, on 18/07/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\mfcsx.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Documents and Settings\dzazdou\Mes documents\Unzipped\hijackthis_199[1]\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\yhsir.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\yhsir.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\yhsir.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\yhsir.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\yhsir.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\yhsir.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par Belgacom Skynet
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {094EDED8-1F6C-995C-6754-A544D7EA188B} - C:\WINDOWS\system32\crcz32.dll
O2 - BHO: Class - {0AEDCEB7-DB98-2AC8-C751-7602FC73372C} - C:\WINDOWS\addea32.dll
O2 - BHO: Class - {178BF97C-6695-99D8-72C0-80D53BABA646} - C:\WINDOWS\sysik32.dll
O2 - BHO: Class - {267B601E-BF82-736D-7AC7-27C74EE988B8} - C:\WINDOWS\system32\crgk.dll
O2 - BHO: Class - {26DF6F6C-68C1-432E-7845-1CBFEF199116} - C:\WINDOWS\crei32.dll
O2 - BHO: Class - {2CDE04BE-5087-9425-8043-F24037206477} - C:\WINDOWS\netjc32.dll
O2 - BHO: Class - {38F6B10B-D771-3C5C-0291-568F76485423} - C:\WINDOWS\system32\apitg.dll
O2 - BHO: Class - {49067854-CD81-932C-FF39-319631A78BFC} - C:\WINDOWS\system32\netlm32.dll
O2 - BHO: Class - {516BCC99-33A5-EE46-FF69-B7B30CE72B12} - C:\WINDOWS\system32\winyg.dll
O2 - BHO: Class - {5363EB55-7CF4-DA12-F27B-D7B89B413FF3} - C:\WINDOWS\system32\javane32.dll
O2 - BHO: Class - {6BBEE290-2040-F21E-2CFB-CC15C4AC9B90} - C:\WINDOWS\addap.dll
O2 - BHO: Class - {6EF0F034-C0DA-6CB6-18F6-2B49B1B81D7A} - C:\WINDOWS\winmv.dll
O2 - BHO: Class - {77B56A9B-5F2E-3199-3215-D7E8E0F1C765} - C:\WINDOWS\netnn32.dll
O2 - BHO: Class - {8452BC65-9E1F-8A0C-B537-38BCC7650B62} - C:\WINDOWS\system32\apihb.dll
O2 - BHO: Class - {9651FF3B-C2B5-C2EF-5AC4-78D61ADF97C4} - C:\WINDOWS\d3kd.dll
O2 - BHO: Class - {9F8C6736-431A-A80F-7DB3-0D6C8BBD7EA1} - C:\WINDOWS\system32\netxx32.dll
O2 - BHO: Class - {A5E89540-05C4-7AC5-1C77-5A15DBBF6B36} - C:\WINDOWS\system32\winof.dll
O2 - BHO: Class - {AA168207-BE5F-10B0-7FD5-2061FA4F8547} - C:\WINDOWS\system32\winkm32.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Class - {B89E4008-4828-AC3A-CAF5-00B70ABA441F} - C:\WINDOWS\crrp32.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Class - {C01397B5-886F-E2A8-2FDD-7B4758D1AE8E} - C:\WINDOWS\apivi.dll
O2 - BHO: Class - {D7630E68-79D7-6EF3-062A-A8D62572DA69} - C:\WINDOWS\system32\d3it.dll
O2 - BHO: Class - {E850AD1C-2D64-EB86-64E5-80CA936A2373} - C:\WINDOWS\javapo32.dll
O2 - BHO: Class - {E85F1A0E-4BF7-9FC7-5FC6-F9CE2788F77D} - C:\WINDOWS\system32\ipzg32.dll
O2 - BHO: Class - {FBE2FA5F-7935-0120-3FB8-49D74C7057E5} - C:\WINDOWS\system32\addcz.dll
O2 - BHO: Class - {FCA478C5-66CE-9CAB-6011-3194DCF234A8} - C:\WINDOWS\system32\apifr.dll
O2 - BHO: Class - {FF7AF231-F460-F958-9E42-30A70C516066} - C:\WINDOWS\sysyg.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [sysal.exe] C:\WINDOWS\system32\sysal.exe
O4 - HKLM\..\Run: [mfcsx.exe] C:\WINDOWS\system32\mfcsx.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\RunOnce: [apppw.exe] C:\WINDOWS\apppw.exe
O4 - HKLM\..\RunOnce: [sysia32.exe] C:\WINDOWS\system32\sysia32.exe
O4 - HKLM\..\RunOnce: [d3xo32.exe] C:\WINDOWS\system32\d3xo32.exe
O4 - HKLM\..\RunOnce: [addit.exe] C:\WINDOWS\system32\addit.exe
O4 - HKLM\..\RunOnce: [mfccu32.exe] C:\WINDOWS\system32\mfccu32.exe
O4 - HKLM\..\RunOnce: [ipkl32.exe] C:\WINDOWS\ipkl32.exe
O4 - HKLM\..\RunOnce: [netko32.exe] C:\WINDOWS\system32\netko32.exe
O4 - HKLM\..\RunOnce: [sysbu32.exe] C:\WINDOWS\system32\sysbu32.exe
O4 - HKLM\..\RunOnce: [ipmu32.exe] C:\WINDOWS\system32\ipmu32.exe
O4 - HKLM\..\RunOnce: [d3zq32.exe] C:\WINDOWS\d3zq32.exe
O4 - HKLM\..\RunOnce: [apiwb.exe] C:\WINDOWS\apiwb.exe
O4 - HKLM\..\RunOnce: [ntkb32.exe] C:\WINDOWS\ntkb32.exe
O4 - HKLM\..\RunOnce: [crke32.exe] C:\WINDOWS\system32\crke32.exe
O4 - HKLM\..\RunOnce: [ieur.exe] C:\WINDOWS\system32\ieur.exe
O4 - HKLM\..\RunOnce: [mskj.exe] C:\WINDOWS\system32\mskj.exe
O4 - HKLM\..\RunOnce: [crxx.exe] C:\WINDOWS\system32\crxx.exe
O4 - HKLM\..\RunOnce: [addmm32.exe] C:\WINDOWS\addmm32.exe
O4 - HKLM\..\RunOnce: [addhe.exe] C:\WINDOWS\system32\addhe.exe
O4 - HKLM\..\RunOnce: [crug32.exe] C:\WINDOWS\crug32.exe
O4 - HKLM\..\RunOnce: [d3uo32.exe] C:\WINDOWS\system32\d3uo32.exe
O4 - HKLM\..\RunOnce: [ipai32.exe] C:\WINDOWS\ipai32.exe
O4 - HKLM\..\RunOnce: [d3jj32.exe] C:\WINDOWS\system32\d3jj32.exe
O4 - HKLM\..\RunOnce: [netpl.exe] C:\WINDOWS\system32\netpl.exe
O4 - HKLM\..\RunOnce: [d3ea32.exe] C:\WINDOWS\d3ea32.exe
O4 - HKLM\..\RunOnce: [ipxr.exe] C:\WINDOWS\system32\ipxr.exe
O4 - HKLM\..\RunOnce: [appcl32.exe] C:\WINDOWS\system32\appcl32.exe
O4 - HKLM\..\RunOnce: [sysmt.exe] C:\WINDOWS\system32\sysmt.exe
O4 - HKLM\..\RunOnce: [javazo32.exe] C:\WINDOWS\system32\javazo32.exe
O4 - HKLM\..\RunOnce: [javayz.exe] C:\WINDOWS\system32\javayz.exe
O4 - HKLM\..\RunOnce: [msdb.exe] C:\WINDOWS\system32\msdb.exe
O4 - HKLM\..\RunOnce: [appby.exe] C:\WINDOWS\appby.exe
O4 - HKLM\..\RunOnce: [sysqg.exe] C:\WINDOWS\system32\sysqg.exe
O4 - HKLM\..\RunOnce: [appen32.exe] C:\WINDOWS\system32\appen32.exe
O4 - HKLM\..\RunOnce: [javamb32.exe] C:\WINDOWS\system32\javamb32.exe
O4 - HKLM\..\RunOnce: [javaby32.exe] C:\WINDOWS\system32\javaby32.exe
O4 - HKLM\..\RunOnce: [apigb.exe] C:\WINDOWS\apigb.exe
O4 - HKLM\..\RunOnce: [sdkce.exe] C:\WINDOWS\system32\sdkce.exe
O4 - HKLM\..\RunOnce: [nethm32.exe] C:\WINDOWS\nethm32.exe
O4 - HKLM\..\RunOnce: [netkd32.exe] C:\WINDOWS\system32\netkd32.exe
O4 - HKLM\..\RunOnce: [addpg.exe] C:\WINDOWS\addpg.exe
O4 - HKLM\..\RunOnce: [d3iw32.exe] C:\WINDOWS\system32\d3iw32.exe
O4 - HKLM\..\RunOnce: [msjc32.exe] C:\WINDOWS\msjc32.exe
O4 - HKLM\..\RunOnce: [ipcv.exe] C:\WINDOWS\ipcv.exe
O4 - HKLM\..\RunOnce: [msdb32.exe] C:\WINDOWS\system32\msdb32.exe
O4 - HKLM\..\RunOnce: [crgx.exe] C:\WINDOWS\crgx.exe
O4 - HKLM\..\RunOnce: [netmz32.exe] C:\WINDOWS\system32\netmz32.exe
O4 - HKLM\..\RunOnce: [crwy32.exe] C:\WINDOWS\crwy32.exe
O4 - HKLM\..\RunOnce: [netjs.exe] C:\WINDOWS\netjs.exe
O4 - HKLM\..\RunOnce: [winii32.exe] C:\WINDOWS\winii32.exe
O4 - HKLM\..\RunOnce: [crnc.exe] C:\WINDOWS\crnc.exe
O4 - HKLM\..\RunOnce: [mfctg32.exe] C:\WINDOWS\system32\mfctg32.exe
O4 - HKLM\..\RunOnce: [iegb.exe] C:\WINDOWS\iegb.exe
O4 - HKLM\..\RunOnce: [mshb.exe] C:\WINDOWS\system32\mshb.exe
O4 - HKLM\..\RunOnce: [ntmd.exe] C:\WINDOWS\system32\ntmd.exe
O4 - HKLM\..\RunOnce: [mfcqh32.exe] C:\WINDOWS\system32\mfcqh32.exe
O4 - HKLM\..\RunOnce: [sysej32.exe] C:\WINDOWS\system32\sysej32.exe
O4 - HKLM\..\RunOnce: [appio.exe] C:\WINDOWS\appio.exe
O4 - HKLM\..\RunOnce: [d3oi32.exe] C:\WINDOWS\system32\d3oi32.exe
O4 - HKLM\..\RunOnce: [ntex.exe] C:\WINDOWS\ntex.exe
O4 - HKLM\..\RunOnce: [atlrz32.exe] C:\WINDOWS\atlrz32.exe
O4 - HKLM\..\RunOnce: [nethh.exe] C:\WINDOWS\nethh.exe
O4 - HKLM\..\RunOnce: [addnb32.exe] C:\WINDOWS\system32\addnb32.exe
O4 - HKLM\..\RunOnce: [appgu.exe] C:\WINDOWS\system32\appgu.exe
O4 - HKLM\..\RunOnce: [mslo32.exe] C:\WINDOWS\mslo32.exe
O4 - HKLM\..\RunOnce: [mfcpw.exe] C:\WINDOWS\system32\mfcpw.exe
O4 - HKLM\..\RunOnce: [appye32.exe] C:\WINDOWS\appye32.exe
O4 - HKLM\..\RunOnce: [msey.exe] C:\WINDOWS\msey.exe
O4 - HKLM\..\RunOnce: [sdkhk.exe] C:\WINDOWS\sdkhk.exe
O4 - HKLM\..\RunOnce: [mfcne32.exe] C:\WINDOWS\mfcne32.exe
O4 - HKLM\..\RunOnce: [iprj.exe] C:\WINDOWS\system32\iprj.exe
O4 - HKLM\..\RunOnce: [addxd.exe] C:\WINDOWS\addxd.exe
O4 - HKLM\..\RunOnce: [ipua32.exe] C:\WINDOWS\system32\ipua32.exe
O4 - HKLM\..\RunOnce: [appzu.exe] C:\WINDOWS\system32\appzu.exe
O4 - HKLM\..\RunOnce: [appfr32.exe] C:\WINDOWS\system32\appfr32.exe
O4 - HKLM\..\RunOnce: [mskl32.exe] C:\WINDOWS\mskl32.exe
O4 - HKLM\..\RunOnce: [sdksm32.exe] C:\WINDOWS\sdksm32.exe
O4 - HKLM\..\RunOnce: [atlgh.exe] C:\WINDOWS\atlgh.exe
O4 - HKLM\..\RunOnce: [msxo32.exe] C:\WINDOWS\msxo32.exe
O4 - HKLM\..\RunOnce: [ipkj.exe] C:\WINDOWS\ipkj.exe
O4 - HKLM\..\RunOnce: [addse32.exe] C:\WINDOWS\system32\addse32.exe
O4 - HKLM\..\RunOnce: [cryz.exe] C:\WINDOWS\cryz.exe
O4 - HKLM\..\RunOnce: [apidv.exe] C:\WINDOWS\system32\apidv.exe
O4 - HKLM\..\RunOnce: [sysrx.exe] C:\WINDOWS\system32\sysrx.exe
O4 - HKLM\..\RunOnce: [iery.exe] C:\WINDOWS\iery.exe
O4 - HKLM\..\RunOnce: [ntxs32.exe] C:\WINDOWS\ntxs32.exe
O4 - HKLM\..\RunOnce: [crjw32.exe] C:\WINDOWS\crjw32.exe
O4 - HKLM\..\RunOnce: [netpy.exe] C:\WINDOWS\netpy.exe
O4 - HKLM\..\RunOnce: [sdkou32.exe] C:\WINDOWS\system32\sdkou32.exe
O4 - HKLM\..\RunOnce: [mfcbo32.exe] C:\WINDOWS\system32\mfcbo32.exe
O4 - HKLM\..\RunOnce: [d3mb32.exe] C:\WINDOWS\system32\d3mb32.exe
O4 - HKLM\..\RunOnce: [ipsv.exe] C:\WINDOWS\system32\ipsv.exe
O4 - HKLM\..\RunOnce: [appco32.exe] C:\WINDOWS\appco32.exe
O4 - HKLM\..\RunOnce: [mshr.exe] C:\WINDOWS\system32\mshr.exe
O4 - HKLM\..\RunOnce: [mfccc.exe] C:\WINDOWS\system32\mfccc.exe
O4 - HKLM\..\RunOnce: [syspw.exe] C:\WINDOWS\syspw.exe
O4 - HKLM\..\RunOnce: [ipff.exe] C:\WINDOWS\ipff.exe
O4 - HKLM\..\RunOnce: [appkz.exe] C:\WINDOWS\appkz.exe
O4 - HKLM\..\RunOnce: [sdkby.exe] C:\WINDOWS\sdkby.exe
O4 - HKLM\..\RunOnce: [sdkzc.exe] C:\WINDOWS\system32\sdkzc.exe
O4 - HKLM\..\RunOnce: [msgy32.exe] C:\WINDOWS\system32\msgy32.exe
O4 - HKLM\..\RunOnce: [ipls32.exe] C:\WINDOWS\ipls32.exe
O4 - HKLM\..\RunOnce: [sdkfj32.exe] C:\WINDOWS\sdkfj32.exe
O4 - HKLM\..\RunOnce: [sdkzx.exe] C:\WINDOWS\sdkzx.exe
O4 - HKLM\..\RunOnce: [atlez.exe] C:\WINDOWS\atlez.exe
O4 - HKLM\..\RunOnce: [winid32.exe] C:\WINDOWS\winid32.exe
O4 - HKLM\..\RunOnce: [crof32.exe] C:\WINDOWS\crof32.exe
O4 - HKLM\..\RunOnce: [msnn32.exe] C:\WINDOWS\system32\msnn32.exe
O4 - HKLM\..\RunOnce: [appxj32.exe] C:\WINDOWS\appxj32.exe
O4 - HKLM\..\RunOnce: [crki.exe] C:\WINDOWS\system32\crki.exe
O4 - HKLM\..\RunOnce: [apiqk32.exe] C:\WINDOWS\system32\apiqk32.exe
O4 - HKLM\..\RunOnce: [crfx.exe] C:\WINDOWS\crfx.exe
O4 - HKLM\..\RunOnce: [nettz32.exe] C:\WINDOWS\system32\nettz32.exe
O4 - HKLM\..\RunOnce: [javapv.exe] C:\WINDOWS\system32\javapv.exe
O4 - HKLM\..\RunOnce: [apiol32.exe] C:\WINDOWS\system32\apiol32.exe
O4 - HKLM\..\RunOnce: [systn.exe] C:\WINDOWS\systn.exe
O4 - HKLM\..\RunOnce: [d3gt.exe] C:\WINDOWS\system32\d3gt.exe
O4 - HKLM\..\RunOnce: [ntfg.exe] C:\WINDOWS\ntfg.exe
O4 - HKLM\..\RunOnce: [ipoe.exe] C:\WINDOWS\system32\ipoe.exe
O4 - HKLM\..\RunOnce: [addnu32.exe] C:\WINDOWS\system32\addnu32.exe
O4 - HKLM\..\RunOnce: [d3to.exe] C:\WINDOWS\system32\d3to.exe
O4 - HKLM\..\RunOnce: [msej32.exe] C:\WINDOWS\msej32.exe
O4 - HKLM\..\RunOnce: [ntrd.exe] C:\WINDOWS\ntrd.exe
O4 - HKLM\..\RunOnce: [mfcjw.exe] C:\WINDOWS\mfcjw.exe
O4 - HKLM\..\RunOnce: [javayu32.exe] C:\WINDOWS\system32\javayu32.exe
O4 - HKLM\..\RunOnce: [syshc32.exe] C:\WINDOWS\syshc32.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.skynet.be
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/zenpuzzlegarden/miniclipGameLoader.dll
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\apppw.exe" /s (file missing)
O23 - Service: Client de licence CA (CA_LIC_CLNT) - Unknown owner - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe (file missing)
O23 - Service: Serveur de licence CA (CA_LIC_SRVR) - Unknown owner - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Event Log Watch (LogWatch) - Unknown owner - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe (file missing)
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Windows Media Connect (WMC) (WmcCds) - Unknown owner - c:\program files\windows media connect\mswmccds.exe (file missing)
O23 - Service: Aide de Windows Media Connect (WMC) (WmcCdsLs) - Unknown owner - C:\Program Files\Windows Media Connect\mswmcls.exe (file missing)
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
balltrap34
Messages postés
16240
Date d'inscription
jeudi 8 janvier 2004
Statut
Contributeur sécurité
Dernière intervention
28 novembre 2009
331
18 juil. 2005 à 21:23
18 juil. 2005 à 21:23
recommence ceci
il faut que l ont vire se service
O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\apppw.exe" /s (file missing)
sc config Workstation NetLogon Service start= disabled
valide
demarrer > executer tape
sc stop Workstation NetLogon Service
valide
demarrer > executer tape
sc delete Workstation NetLogon Service
valide
recherche et suppr cec i
C:\WINDOWS\apppw.exe
et fait ceci et ne redemarre surtous pas
relance hijack clik sur open the misk tolls section ensuite clik sur open ads spy
verifie que ceci est cocher
quick scan et ignore safe
clik ensuite sur scan
et a la fin sur save log et donne moi se log
il faut que l ont vire se service
O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\apppw.exe" /s (file missing)
sc config Workstation NetLogon Service start= disabled
valide
demarrer > executer tape
sc stop Workstation NetLogon Service
valide
demarrer > executer tape
sc delete Workstation NetLogon Service
valide
recherche et suppr cec i
C:\WINDOWS\apppw.exe
et fait ceci et ne redemarre surtous pas
relance hijack clik sur open the misk tolls section ensuite clik sur open ads spy
verifie que ceci est cocher
quick scan et ignore safe
clik ensuite sur scan
et a la fin sur save log et donne moi se log
Logfile of HijackThis v1.99.1
Scan saved at 21:07:20, on 18/07/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\mfcsx.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Documents and Settings\dzazdou\Mes documents\Unzipped\hijackthis_199[1]\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\yhsir.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\yhsir.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\yhsir.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\yhsir.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\yhsir.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\yhsir.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par Belgacom Skynet
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {094EDED8-1F6C-995C-6754-A544D7EA188B} - C:\WINDOWS\system32\crcz32.dll
O2 - BHO: Class - {0AEDCEB7-DB98-2AC8-C751-7602FC73372C} - C:\WINDOWS\addea32.dll
O2 - BHO: Class - {178BF97C-6695-99D8-72C0-80D53BABA646} - C:\WINDOWS\sysik32.dll
O2 - BHO: Class - {267B601E-BF82-736D-7AC7-27C74EE988B8} - C:\WINDOWS\system32\crgk.dll
O2 - BHO: Class - {26DF6F6C-68C1-432E-7845-1CBFEF199116} - C:\WINDOWS\crei32.dll
O2 - BHO: Class - {2CDE04BE-5087-9425-8043-F24037206477} - C:\WINDOWS\netjc32.dll
O2 - BHO: Class - {38F6B10B-D771-3C5C-0291-568F76485423} - C:\WINDOWS\system32\apitg.dll
O2 - BHO: Class - {49067854-CD81-932C-FF39-319631A78BFC} - C:\WINDOWS\system32\netlm32.dll
O2 - BHO: Class - {516BCC99-33A5-EE46-FF69-B7B30CE72B12} - C:\WINDOWS\system32\winyg.dll
O2 - BHO: Class - {5363EB55-7CF4-DA12-F27B-D7B89B413FF3} - C:\WINDOWS\system32\javane32.dll
O2 - BHO: Class - {6BBEE290-2040-F21E-2CFB-CC15C4AC9B90} - C:\WINDOWS\addap.dll
O2 - BHO: Class - {6EF0F034-C0DA-6CB6-18F6-2B49B1B81D7A} - C:\WINDOWS\winmv.dll
O2 - BHO: Class - {77B56A9B-5F2E-3199-3215-D7E8E0F1C765} - C:\WINDOWS\netnn32.dll
O2 - BHO: Class - {8452BC65-9E1F-8A0C-B537-38BCC7650B62} - C:\WINDOWS\system32\apihb.dll
O2 - BHO: Class - {9651FF3B-C2B5-C2EF-5AC4-78D61ADF97C4} - C:\WINDOWS\d3kd.dll
O2 - BHO: Class - {9F8C6736-431A-A80F-7DB3-0D6C8BBD7EA1} - C:\WINDOWS\system32\netxx32.dll
O2 - BHO: Class - {A5E89540-05C4-7AC5-1C77-5A15DBBF6B36} - C:\WINDOWS\system32\winof.dll
O2 - BHO: Class - {AA168207-BE5F-10B0-7FD5-2061FA4F8547} - C:\WINDOWS\system32\winkm32.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Class - {B89E4008-4828-AC3A-CAF5-00B70ABA441F} - C:\WINDOWS\crrp32.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Class - {C01397B5-886F-E2A8-2FDD-7B4758D1AE8E} - C:\WINDOWS\apivi.dll
O2 - BHO: Class - {D7630E68-79D7-6EF3-062A-A8D62572DA69} - C:\WINDOWS\system32\d3it.dll
O2 - BHO: Class - {E850AD1C-2D64-EB86-64E5-80CA936A2373} - C:\WINDOWS\javapo32.dll
O2 - BHO: Class - {E85F1A0E-4BF7-9FC7-5FC6-F9CE2788F77D} - C:\WINDOWS\system32\ipzg32.dll
O2 - BHO: Class - {FBE2FA5F-7935-0120-3FB8-49D74C7057E5} - C:\WINDOWS\system32\addcz.dll
O2 - BHO: Class - {FCA478C5-66CE-9CAB-6011-3194DCF234A8} - C:\WINDOWS\system32\apifr.dll
O2 - BHO: Class - {FF7AF231-F460-F958-9E42-30A70C516066} - C:\WINDOWS\sysyg.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [sysal.exe] C:\WINDOWS\system32\sysal.exe
O4 - HKLM\..\Run: [mfcsx.exe] C:\WINDOWS\system32\mfcsx.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\RunOnce: [apppw.exe] C:\WINDOWS\apppw.exe
O4 - HKLM\..\RunOnce: [sysia32.exe] C:\WINDOWS\system32\sysia32.exe
O4 - HKLM\..\RunOnce: [d3xo32.exe] C:\WINDOWS\system32\d3xo32.exe
O4 - HKLM\..\RunOnce: [addit.exe] C:\WINDOWS\system32\addit.exe
O4 - HKLM\..\RunOnce: [mfccu32.exe] C:\WINDOWS\system32\mfccu32.exe
O4 - HKLM\..\RunOnce: [ipkl32.exe] C:\WINDOWS\ipkl32.exe
O4 - HKLM\..\RunOnce: [netko32.exe] C:\WINDOWS\system32\netko32.exe
O4 - HKLM\..\RunOnce: [sysbu32.exe] C:\WINDOWS\system32\sysbu32.exe
O4 - HKLM\..\RunOnce: [ipmu32.exe] C:\WINDOWS\system32\ipmu32.exe
O4 - HKLM\..\RunOnce: [d3zq32.exe] C:\WINDOWS\d3zq32.exe
O4 - HKLM\..\RunOnce: [apiwb.exe] C:\WINDOWS\apiwb.exe
O4 - HKLM\..\RunOnce: [ntkb32.exe] C:\WINDOWS\ntkb32.exe
O4 - HKLM\..\RunOnce: [crke32.exe] C:\WINDOWS\system32\crke32.exe
O4 - HKLM\..\RunOnce: [ieur.exe] C:\WINDOWS\system32\ieur.exe
O4 - HKLM\..\RunOnce: [mskj.exe] C:\WINDOWS\system32\mskj.exe
O4 - HKLM\..\RunOnce: [crxx.exe] C:\WINDOWS\system32\crxx.exe
O4 - HKLM\..\RunOnce: [addmm32.exe] C:\WINDOWS\addmm32.exe
O4 - HKLM\..\RunOnce: [addhe.exe] C:\WINDOWS\system32\addhe.exe
O4 - HKLM\..\RunOnce: [crug32.exe] C:\WINDOWS\crug32.exe
O4 - HKLM\..\RunOnce: [d3uo32.exe] C:\WINDOWS\system32\d3uo32.exe
O4 - HKLM\..\RunOnce: [ipai32.exe] C:\WINDOWS\ipai32.exe
O4 - HKLM\..\RunOnce: [d3jj32.exe] C:\WINDOWS\system32\d3jj32.exe
O4 - HKLM\..\RunOnce: [netpl.exe] C:\WINDOWS\system32\netpl.exe
O4 - HKLM\..\RunOnce: [d3ea32.exe] C:\WINDOWS\d3ea32.exe
O4 - HKLM\..\RunOnce: [ipxr.exe] C:\WINDOWS\system32\ipxr.exe
O4 - HKLM\..\RunOnce: [appcl32.exe] C:\WINDOWS\system32\appcl32.exe
O4 - HKLM\..\RunOnce: [sysmt.exe] C:\WINDOWS\system32\sysmt.exe
O4 - HKLM\..\RunOnce: [javazo32.exe] C:\WINDOWS\system32\javazo32.exe
O4 - HKLM\..\RunOnce: [javayz.exe] C:\WINDOWS\system32\javayz.exe
O4 - HKLM\..\RunOnce: [msdb.exe] C:\WINDOWS\system32\msdb.exe
O4 - HKLM\..\RunOnce: [appby.exe] C:\WINDOWS\appby.exe
O4 - HKLM\..\RunOnce: [sysqg.exe] C:\WINDOWS\system32\sysqg.exe
O4 - HKLM\..\RunOnce: [appen32.exe] C:\WINDOWS\system32\appen32.exe
O4 - HKLM\..\RunOnce: [javamb32.exe] C:\WINDOWS\system32\javamb32.exe
O4 - HKLM\..\RunOnce: [javaby32.exe] C:\WINDOWS\system32\javaby32.exe
O4 - HKLM\..\RunOnce: [apigb.exe] C:\WINDOWS\apigb.exe
O4 - HKLM\..\RunOnce: [sdkce.exe] C:\WINDOWS\system32\sdkce.exe
O4 - HKLM\..\RunOnce: [nethm32.exe] C:\WINDOWS\nethm32.exe
O4 - HKLM\..\RunOnce: [netkd32.exe] C:\WINDOWS\system32\netkd32.exe
O4 - HKLM\..\RunOnce: [addpg.exe] C:\WINDOWS\addpg.exe
O4 - HKLM\..\RunOnce: [d3iw32.exe] C:\WINDOWS\system32\d3iw32.exe
O4 - HKLM\..\RunOnce: [msjc32.exe] C:\WINDOWS\msjc32.exe
O4 - HKLM\..\RunOnce: [ipcv.exe] C:\WINDOWS\ipcv.exe
O4 - HKLM\..\RunOnce: [msdb32.exe] C:\WINDOWS\system32\msdb32.exe
O4 - HKLM\..\RunOnce: [crgx.exe] C:\WINDOWS\crgx.exe
O4 - HKLM\..\RunOnce: [netmz32.exe] C:\WINDOWS\system32\netmz32.exe
O4 - HKLM\..\RunOnce: [crwy32.exe] C:\WINDOWS\crwy32.exe
O4 - HKLM\..\RunOnce: [netjs.exe] C:\WINDOWS\netjs.exe
O4 - HKLM\..\RunOnce: [winii32.exe] C:\WINDOWS\winii32.exe
O4 - HKLM\..\RunOnce: [crnc.exe] C:\WINDOWS\crnc.exe
O4 - HKLM\..\RunOnce: [mfctg32.exe] C:\WINDOWS\system32\mfctg32.exe
O4 - HKLM\..\RunOnce: [iegb.exe] C:\WINDOWS\iegb.exe
O4 - HKLM\..\RunOnce: [mshb.exe] C:\WINDOWS\system32\mshb.exe
O4 - HKLM\..\RunOnce: [ntmd.exe] C:\WINDOWS\system32\ntmd.exe
O4 - HKLM\..\RunOnce: [mfcqh32.exe] C:\WINDOWS\system32\mfcqh32.exe
O4 - HKLM\..\RunOnce: [sysej32.exe] C:\WINDOWS\system32\sysej32.exe
O4 - HKLM\..\RunOnce: [appio.exe] C:\WINDOWS\appio.exe
O4 - HKLM\..\RunOnce: [d3oi32.exe] C:\WINDOWS\system32\d3oi32.exe
O4 - HKLM\..\RunOnce: [ntex.exe] C:\WINDOWS\ntex.exe
O4 - HKLM\..\RunOnce: [atlrz32.exe] C:\WINDOWS\atlrz32.exe
O4 - HKLM\..\RunOnce: [nethh.exe] C:\WINDOWS\nethh.exe
O4 - HKLM\..\RunOnce: [addnb32.exe] C:\WINDOWS\system32\addnb32.exe
O4 - HKLM\..\RunOnce: [appgu.exe] C:\WINDOWS\system32\appgu.exe
O4 - HKLM\..\RunOnce: [mslo32.exe] C:\WINDOWS\mslo32.exe
O4 - HKLM\..\RunOnce: [mfcpw.exe] C:\WINDOWS\system32\mfcpw.exe
O4 - HKLM\..\RunOnce: [appye32.exe] C:\WINDOWS\appye32.exe
O4 - HKLM\..\RunOnce: [msey.exe] C:\WINDOWS\msey.exe
O4 - HKLM\..\RunOnce: [sdkhk.exe] C:\WINDOWS\sdkhk.exe
O4 - HKLM\..\RunOnce: [mfcne32.exe] C:\WINDOWS\mfcne32.exe
O4 - HKLM\..\RunOnce: [iprj.exe] C:\WINDOWS\system32\iprj.exe
O4 - HKLM\..\RunOnce: [addxd.exe] C:\WINDOWS\addxd.exe
O4 - HKLM\..\RunOnce: [ipua32.exe] C:\WINDOWS\system32\ipua32.exe
O4 - HKLM\..\RunOnce: [appzu.exe] C:\WINDOWS\system32\appzu.exe
O4 - HKLM\..\RunOnce: [appfr32.exe] C:\WINDOWS\system32\appfr32.exe
O4 - HKLM\..\RunOnce: [mskl32.exe] C:\WINDOWS\mskl32.exe
O4 - HKLM\..\RunOnce: [sdksm32.exe] C:\WINDOWS\sdksm32.exe
O4 - HKLM\..\RunOnce: [atlgh.exe] C:\WINDOWS\atlgh.exe
O4 - HKLM\..\RunOnce: [msxo32.exe] C:\WINDOWS\msxo32.exe
O4 - HKLM\..\RunOnce: [ipkj.exe] C:\WINDOWS\ipkj.exe
O4 - HKLM\..\RunOnce: [addse32.exe] C:\WINDOWS\system32\addse32.exe
O4 - HKLM\..\RunOnce: [cryz.exe] C:\WINDOWS\cryz.exe
O4 - HKLM\..\RunOnce: [apidv.exe] C:\WINDOWS\system32\apidv.exe
O4 - HKLM\..\RunOnce: [sysrx.exe] C:\WINDOWS\system32\sysrx.exe
O4 - HKLM\..\RunOnce: [iery.exe] C:\WINDOWS\iery.exe
O4 - HKLM\..\RunOnce: [ntxs32.exe] C:\WINDOWS\ntxs32.exe
O4 - HKLM\..\RunOnce: [crjw32.exe] C:\WINDOWS\crjw32.exe
O4 - HKLM\..\RunOnce: [netpy.exe] C:\WINDOWS\netpy.exe
O4 - HKLM\..\RunOnce: [sdkou32.exe] C:\WINDOWS\system32\sdkou32.exe
O4 - HKLM\..\RunOnce: [mfcbo32.exe] C:\WINDOWS\system32\mfcbo32.exe
O4 - HKLM\..\RunOnce: [d3mb32.exe] C:\WINDOWS\system32\d3mb32.exe
O4 - HKLM\..\RunOnce: [ipsv.exe] C:\WINDOWS\system32\ipsv.exe
O4 - HKLM\..\RunOnce: [appco32.exe] C:\WINDOWS\appco32.exe
O4 - HKLM\..\RunOnce: [mshr.exe] C:\WINDOWS\system32\mshr.exe
O4 - HKLM\..\RunOnce: [mfccc.exe] C:\WINDOWS\system32\mfccc.exe
O4 - HKLM\..\RunOnce: [syspw.exe] C:\WINDOWS\syspw.exe
O4 - HKLM\..\RunOnce: [ipff.exe] C:\WINDOWS\ipff.exe
O4 - HKLM\..\RunOnce: [appkz.exe] C:\WINDOWS\appkz.exe
O4 - HKLM\..\RunOnce: [sdkby.exe] C:\WINDOWS\sdkby.exe
O4 - HKLM\..\RunOnce: [sdkzc.exe] C:\WINDOWS\system32\sdkzc.exe
O4 - HKLM\..\RunOnce: [msgy32.exe] C:\WINDOWS\system32\msgy32.exe
O4 - HKLM\..\RunOnce: [ipls32.exe] C:\WINDOWS\ipls32.exe
O4 - HKLM\..\RunOnce: [sdkfj32.exe] C:\WINDOWS\sdkfj32.exe
O4 - HKLM\..\RunOnce: [sdkzx.exe] C:\WINDOWS\sdkzx.exe
O4 - HKLM\..\RunOnce: [atlez.exe] C:\WINDOWS\atlez.exe
O4 - HKLM\..\RunOnce: [winid32.exe] C:\WINDOWS\winid32.exe
O4 - HKLM\..\RunOnce: [crof32.exe] C:\WINDOWS\crof32.exe
O4 - HKLM\..\RunOnce: [msnn32.exe] C:\WINDOWS\system32\msnn32.exe
O4 - HKLM\..\RunOnce: [appxj32.exe] C:\WINDOWS\appxj32.exe
O4 - HKLM\..\RunOnce: [crki.exe] C:\WINDOWS\system32\crki.exe
O4 - HKLM\..\RunOnce: [apiqk32.exe] C:\WINDOWS\system32\apiqk32.exe
O4 - HKLM\..\RunOnce: [crfx.exe] C:\WINDOWS\crfx.exe
O4 - HKLM\..\RunOnce: [nettz32.exe] C:\WINDOWS\system32\nettz32.exe
O4 - HKLM\..\RunOnce: [javapv.exe] C:\WINDOWS\system32\javapv.exe
O4 - HKLM\..\RunOnce: [apiol32.exe] C:\WINDOWS\system32\apiol32.exe
O4 - HKLM\..\RunOnce: [systn.exe] C:\WINDOWS\systn.exe
O4 - HKLM\..\RunOnce: [d3gt.exe] C:\WINDOWS\system32\d3gt.exe
O4 - HKLM\..\RunOnce: [ntfg.exe] C:\WINDOWS\ntfg.exe
O4 - HKLM\..\RunOnce: [ipoe.exe] C:\WINDOWS\system32\ipoe.exe
O4 - HKLM\..\RunOnce: [addnu32.exe] C:\WINDOWS\system32\addnu32.exe
O4 - HKLM\..\RunOnce: [d3to.exe] C:\WINDOWS\system32\d3to.exe
O4 - HKLM\..\RunOnce: [msej32.exe] C:\WINDOWS\msej32.exe
O4 - HKLM\..\RunOnce: [ntrd.exe] C:\WINDOWS\ntrd.exe
O4 - HKLM\..\RunOnce: [mfcjw.exe] C:\WINDOWS\mfcjw.exe
O4 - HKLM\..\RunOnce: [javayu32.exe] C:\WINDOWS\system32\javayu32.exe
O4 - HKLM\..\RunOnce: [syshc32.exe] C:\WINDOWS\syshc32.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.skynet.be
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/zenpuzzlegarden/miniclipGameLoader.dll
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\apppw.exe" /s (file missing)
O23 - Service: Client de licence CA (CA_LIC_CLNT) - Unknown owner - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe (file missing)
O23 - Service: Serveur de licence CA (CA_LIC_SRVR) - Unknown owner - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Event Log Watch (LogWatch) - Unknown owner - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe (file missing)
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Windows Media Connect (WMC) (WmcCds) - Unknown owner - c:\program files\windows media connect\mswmccds.exe (file missing)
O23 - Service: Aide de Windows Media Connect (WMC) (WmcCdsLs) - Unknown owner - C:\Program Files\Windows Media Connect\mswmcls.exe (file missing)
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
Scan saved at 21:07:20, on 18/07/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\mfcsx.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Documents and Settings\dzazdou\Mes documents\Unzipped\hijackthis_199[1]\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\yhsir.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\yhsir.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\yhsir.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\yhsir.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\yhsir.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\yhsir.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par Belgacom Skynet
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {094EDED8-1F6C-995C-6754-A544D7EA188B} - C:\WINDOWS\system32\crcz32.dll
O2 - BHO: Class - {0AEDCEB7-DB98-2AC8-C751-7602FC73372C} - C:\WINDOWS\addea32.dll
O2 - BHO: Class - {178BF97C-6695-99D8-72C0-80D53BABA646} - C:\WINDOWS\sysik32.dll
O2 - BHO: Class - {267B601E-BF82-736D-7AC7-27C74EE988B8} - C:\WINDOWS\system32\crgk.dll
O2 - BHO: Class - {26DF6F6C-68C1-432E-7845-1CBFEF199116} - C:\WINDOWS\crei32.dll
O2 - BHO: Class - {2CDE04BE-5087-9425-8043-F24037206477} - C:\WINDOWS\netjc32.dll
O2 - BHO: Class - {38F6B10B-D771-3C5C-0291-568F76485423} - C:\WINDOWS\system32\apitg.dll
O2 - BHO: Class - {49067854-CD81-932C-FF39-319631A78BFC} - C:\WINDOWS\system32\netlm32.dll
O2 - BHO: Class - {516BCC99-33A5-EE46-FF69-B7B30CE72B12} - C:\WINDOWS\system32\winyg.dll
O2 - BHO: Class - {5363EB55-7CF4-DA12-F27B-D7B89B413FF3} - C:\WINDOWS\system32\javane32.dll
O2 - BHO: Class - {6BBEE290-2040-F21E-2CFB-CC15C4AC9B90} - C:\WINDOWS\addap.dll
O2 - BHO: Class - {6EF0F034-C0DA-6CB6-18F6-2B49B1B81D7A} - C:\WINDOWS\winmv.dll
O2 - BHO: Class - {77B56A9B-5F2E-3199-3215-D7E8E0F1C765} - C:\WINDOWS\netnn32.dll
O2 - BHO: Class - {8452BC65-9E1F-8A0C-B537-38BCC7650B62} - C:\WINDOWS\system32\apihb.dll
O2 - BHO: Class - {9651FF3B-C2B5-C2EF-5AC4-78D61ADF97C4} - C:\WINDOWS\d3kd.dll
O2 - BHO: Class - {9F8C6736-431A-A80F-7DB3-0D6C8BBD7EA1} - C:\WINDOWS\system32\netxx32.dll
O2 - BHO: Class - {A5E89540-05C4-7AC5-1C77-5A15DBBF6B36} - C:\WINDOWS\system32\winof.dll
O2 - BHO: Class - {AA168207-BE5F-10B0-7FD5-2061FA4F8547} - C:\WINDOWS\system32\winkm32.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Class - {B89E4008-4828-AC3A-CAF5-00B70ABA441F} - C:\WINDOWS\crrp32.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Class - {C01397B5-886F-E2A8-2FDD-7B4758D1AE8E} - C:\WINDOWS\apivi.dll
O2 - BHO: Class - {D7630E68-79D7-6EF3-062A-A8D62572DA69} - C:\WINDOWS\system32\d3it.dll
O2 - BHO: Class - {E850AD1C-2D64-EB86-64E5-80CA936A2373} - C:\WINDOWS\javapo32.dll
O2 - BHO: Class - {E85F1A0E-4BF7-9FC7-5FC6-F9CE2788F77D} - C:\WINDOWS\system32\ipzg32.dll
O2 - BHO: Class - {FBE2FA5F-7935-0120-3FB8-49D74C7057E5} - C:\WINDOWS\system32\addcz.dll
O2 - BHO: Class - {FCA478C5-66CE-9CAB-6011-3194DCF234A8} - C:\WINDOWS\system32\apifr.dll
O2 - BHO: Class - {FF7AF231-F460-F958-9E42-30A70C516066} - C:\WINDOWS\sysyg.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [sysal.exe] C:\WINDOWS\system32\sysal.exe
O4 - HKLM\..\Run: [mfcsx.exe] C:\WINDOWS\system32\mfcsx.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\RunOnce: [apppw.exe] C:\WINDOWS\apppw.exe
O4 - HKLM\..\RunOnce: [sysia32.exe] C:\WINDOWS\system32\sysia32.exe
O4 - HKLM\..\RunOnce: [d3xo32.exe] C:\WINDOWS\system32\d3xo32.exe
O4 - HKLM\..\RunOnce: [addit.exe] C:\WINDOWS\system32\addit.exe
O4 - HKLM\..\RunOnce: [mfccu32.exe] C:\WINDOWS\system32\mfccu32.exe
O4 - HKLM\..\RunOnce: [ipkl32.exe] C:\WINDOWS\ipkl32.exe
O4 - HKLM\..\RunOnce: [netko32.exe] C:\WINDOWS\system32\netko32.exe
O4 - HKLM\..\RunOnce: [sysbu32.exe] C:\WINDOWS\system32\sysbu32.exe
O4 - HKLM\..\RunOnce: [ipmu32.exe] C:\WINDOWS\system32\ipmu32.exe
O4 - HKLM\..\RunOnce: [d3zq32.exe] C:\WINDOWS\d3zq32.exe
O4 - HKLM\..\RunOnce: [apiwb.exe] C:\WINDOWS\apiwb.exe
O4 - HKLM\..\RunOnce: [ntkb32.exe] C:\WINDOWS\ntkb32.exe
O4 - HKLM\..\RunOnce: [crke32.exe] C:\WINDOWS\system32\crke32.exe
O4 - HKLM\..\RunOnce: [ieur.exe] C:\WINDOWS\system32\ieur.exe
O4 - HKLM\..\RunOnce: [mskj.exe] C:\WINDOWS\system32\mskj.exe
O4 - HKLM\..\RunOnce: [crxx.exe] C:\WINDOWS\system32\crxx.exe
O4 - HKLM\..\RunOnce: [addmm32.exe] C:\WINDOWS\addmm32.exe
O4 - HKLM\..\RunOnce: [addhe.exe] C:\WINDOWS\system32\addhe.exe
O4 - HKLM\..\RunOnce: [crug32.exe] C:\WINDOWS\crug32.exe
O4 - HKLM\..\RunOnce: [d3uo32.exe] C:\WINDOWS\system32\d3uo32.exe
O4 - HKLM\..\RunOnce: [ipai32.exe] C:\WINDOWS\ipai32.exe
O4 - HKLM\..\RunOnce: [d3jj32.exe] C:\WINDOWS\system32\d3jj32.exe
O4 - HKLM\..\RunOnce: [netpl.exe] C:\WINDOWS\system32\netpl.exe
O4 - HKLM\..\RunOnce: [d3ea32.exe] C:\WINDOWS\d3ea32.exe
O4 - HKLM\..\RunOnce: [ipxr.exe] C:\WINDOWS\system32\ipxr.exe
O4 - HKLM\..\RunOnce: [appcl32.exe] C:\WINDOWS\system32\appcl32.exe
O4 - HKLM\..\RunOnce: [sysmt.exe] C:\WINDOWS\system32\sysmt.exe
O4 - HKLM\..\RunOnce: [javazo32.exe] C:\WINDOWS\system32\javazo32.exe
O4 - HKLM\..\RunOnce: [javayz.exe] C:\WINDOWS\system32\javayz.exe
O4 - HKLM\..\RunOnce: [msdb.exe] C:\WINDOWS\system32\msdb.exe
O4 - HKLM\..\RunOnce: [appby.exe] C:\WINDOWS\appby.exe
O4 - HKLM\..\RunOnce: [sysqg.exe] C:\WINDOWS\system32\sysqg.exe
O4 - HKLM\..\RunOnce: [appen32.exe] C:\WINDOWS\system32\appen32.exe
O4 - HKLM\..\RunOnce: [javamb32.exe] C:\WINDOWS\system32\javamb32.exe
O4 - HKLM\..\RunOnce: [javaby32.exe] C:\WINDOWS\system32\javaby32.exe
O4 - HKLM\..\RunOnce: [apigb.exe] C:\WINDOWS\apigb.exe
O4 - HKLM\..\RunOnce: [sdkce.exe] C:\WINDOWS\system32\sdkce.exe
O4 - HKLM\..\RunOnce: [nethm32.exe] C:\WINDOWS\nethm32.exe
O4 - HKLM\..\RunOnce: [netkd32.exe] C:\WINDOWS\system32\netkd32.exe
O4 - HKLM\..\RunOnce: [addpg.exe] C:\WINDOWS\addpg.exe
O4 - HKLM\..\RunOnce: [d3iw32.exe] C:\WINDOWS\system32\d3iw32.exe
O4 - HKLM\..\RunOnce: [msjc32.exe] C:\WINDOWS\msjc32.exe
O4 - HKLM\..\RunOnce: [ipcv.exe] C:\WINDOWS\ipcv.exe
O4 - HKLM\..\RunOnce: [msdb32.exe] C:\WINDOWS\system32\msdb32.exe
O4 - HKLM\..\RunOnce: [crgx.exe] C:\WINDOWS\crgx.exe
O4 - HKLM\..\RunOnce: [netmz32.exe] C:\WINDOWS\system32\netmz32.exe
O4 - HKLM\..\RunOnce: [crwy32.exe] C:\WINDOWS\crwy32.exe
O4 - HKLM\..\RunOnce: [netjs.exe] C:\WINDOWS\netjs.exe
O4 - HKLM\..\RunOnce: [winii32.exe] C:\WINDOWS\winii32.exe
O4 - HKLM\..\RunOnce: [crnc.exe] C:\WINDOWS\crnc.exe
O4 - HKLM\..\RunOnce: [mfctg32.exe] C:\WINDOWS\system32\mfctg32.exe
O4 - HKLM\..\RunOnce: [iegb.exe] C:\WINDOWS\iegb.exe
O4 - HKLM\..\RunOnce: [mshb.exe] C:\WINDOWS\system32\mshb.exe
O4 - HKLM\..\RunOnce: [ntmd.exe] C:\WINDOWS\system32\ntmd.exe
O4 - HKLM\..\RunOnce: [mfcqh32.exe] C:\WINDOWS\system32\mfcqh32.exe
O4 - HKLM\..\RunOnce: [sysej32.exe] C:\WINDOWS\system32\sysej32.exe
O4 - HKLM\..\RunOnce: [appio.exe] C:\WINDOWS\appio.exe
O4 - HKLM\..\RunOnce: [d3oi32.exe] C:\WINDOWS\system32\d3oi32.exe
O4 - HKLM\..\RunOnce: [ntex.exe] C:\WINDOWS\ntex.exe
O4 - HKLM\..\RunOnce: [atlrz32.exe] C:\WINDOWS\atlrz32.exe
O4 - HKLM\..\RunOnce: [nethh.exe] C:\WINDOWS\nethh.exe
O4 - HKLM\..\RunOnce: [addnb32.exe] C:\WINDOWS\system32\addnb32.exe
O4 - HKLM\..\RunOnce: [appgu.exe] C:\WINDOWS\system32\appgu.exe
O4 - HKLM\..\RunOnce: [mslo32.exe] C:\WINDOWS\mslo32.exe
O4 - HKLM\..\RunOnce: [mfcpw.exe] C:\WINDOWS\system32\mfcpw.exe
O4 - HKLM\..\RunOnce: [appye32.exe] C:\WINDOWS\appye32.exe
O4 - HKLM\..\RunOnce: [msey.exe] C:\WINDOWS\msey.exe
O4 - HKLM\..\RunOnce: [sdkhk.exe] C:\WINDOWS\sdkhk.exe
O4 - HKLM\..\RunOnce: [mfcne32.exe] C:\WINDOWS\mfcne32.exe
O4 - HKLM\..\RunOnce: [iprj.exe] C:\WINDOWS\system32\iprj.exe
O4 - HKLM\..\RunOnce: [addxd.exe] C:\WINDOWS\addxd.exe
O4 - HKLM\..\RunOnce: [ipua32.exe] C:\WINDOWS\system32\ipua32.exe
O4 - HKLM\..\RunOnce: [appzu.exe] C:\WINDOWS\system32\appzu.exe
O4 - HKLM\..\RunOnce: [appfr32.exe] C:\WINDOWS\system32\appfr32.exe
O4 - HKLM\..\RunOnce: [mskl32.exe] C:\WINDOWS\mskl32.exe
O4 - HKLM\..\RunOnce: [sdksm32.exe] C:\WINDOWS\sdksm32.exe
O4 - HKLM\..\RunOnce: [atlgh.exe] C:\WINDOWS\atlgh.exe
O4 - HKLM\..\RunOnce: [msxo32.exe] C:\WINDOWS\msxo32.exe
O4 - HKLM\..\RunOnce: [ipkj.exe] C:\WINDOWS\ipkj.exe
O4 - HKLM\..\RunOnce: [addse32.exe] C:\WINDOWS\system32\addse32.exe
O4 - HKLM\..\RunOnce: [cryz.exe] C:\WINDOWS\cryz.exe
O4 - HKLM\..\RunOnce: [apidv.exe] C:\WINDOWS\system32\apidv.exe
O4 - HKLM\..\RunOnce: [sysrx.exe] C:\WINDOWS\system32\sysrx.exe
O4 - HKLM\..\RunOnce: [iery.exe] C:\WINDOWS\iery.exe
O4 - HKLM\..\RunOnce: [ntxs32.exe] C:\WINDOWS\ntxs32.exe
O4 - HKLM\..\RunOnce: [crjw32.exe] C:\WINDOWS\crjw32.exe
O4 - HKLM\..\RunOnce: [netpy.exe] C:\WINDOWS\netpy.exe
O4 - HKLM\..\RunOnce: [sdkou32.exe] C:\WINDOWS\system32\sdkou32.exe
O4 - HKLM\..\RunOnce: [mfcbo32.exe] C:\WINDOWS\system32\mfcbo32.exe
O4 - HKLM\..\RunOnce: [d3mb32.exe] C:\WINDOWS\system32\d3mb32.exe
O4 - HKLM\..\RunOnce: [ipsv.exe] C:\WINDOWS\system32\ipsv.exe
O4 - HKLM\..\RunOnce: [appco32.exe] C:\WINDOWS\appco32.exe
O4 - HKLM\..\RunOnce: [mshr.exe] C:\WINDOWS\system32\mshr.exe
O4 - HKLM\..\RunOnce: [mfccc.exe] C:\WINDOWS\system32\mfccc.exe
O4 - HKLM\..\RunOnce: [syspw.exe] C:\WINDOWS\syspw.exe
O4 - HKLM\..\RunOnce: [ipff.exe] C:\WINDOWS\ipff.exe
O4 - HKLM\..\RunOnce: [appkz.exe] C:\WINDOWS\appkz.exe
O4 - HKLM\..\RunOnce: [sdkby.exe] C:\WINDOWS\sdkby.exe
O4 - HKLM\..\RunOnce: [sdkzc.exe] C:\WINDOWS\system32\sdkzc.exe
O4 - HKLM\..\RunOnce: [msgy32.exe] C:\WINDOWS\system32\msgy32.exe
O4 - HKLM\..\RunOnce: [ipls32.exe] C:\WINDOWS\ipls32.exe
O4 - HKLM\..\RunOnce: [sdkfj32.exe] C:\WINDOWS\sdkfj32.exe
O4 - HKLM\..\RunOnce: [sdkzx.exe] C:\WINDOWS\sdkzx.exe
O4 - HKLM\..\RunOnce: [atlez.exe] C:\WINDOWS\atlez.exe
O4 - HKLM\..\RunOnce: [winid32.exe] C:\WINDOWS\winid32.exe
O4 - HKLM\..\RunOnce: [crof32.exe] C:\WINDOWS\crof32.exe
O4 - HKLM\..\RunOnce: [msnn32.exe] C:\WINDOWS\system32\msnn32.exe
O4 - HKLM\..\RunOnce: [appxj32.exe] C:\WINDOWS\appxj32.exe
O4 - HKLM\..\RunOnce: [crki.exe] C:\WINDOWS\system32\crki.exe
O4 - HKLM\..\RunOnce: [apiqk32.exe] C:\WINDOWS\system32\apiqk32.exe
O4 - HKLM\..\RunOnce: [crfx.exe] C:\WINDOWS\crfx.exe
O4 - HKLM\..\RunOnce: [nettz32.exe] C:\WINDOWS\system32\nettz32.exe
O4 - HKLM\..\RunOnce: [javapv.exe] C:\WINDOWS\system32\javapv.exe
O4 - HKLM\..\RunOnce: [apiol32.exe] C:\WINDOWS\system32\apiol32.exe
O4 - HKLM\..\RunOnce: [systn.exe] C:\WINDOWS\systn.exe
O4 - HKLM\..\RunOnce: [d3gt.exe] C:\WINDOWS\system32\d3gt.exe
O4 - HKLM\..\RunOnce: [ntfg.exe] C:\WINDOWS\ntfg.exe
O4 - HKLM\..\RunOnce: [ipoe.exe] C:\WINDOWS\system32\ipoe.exe
O4 - HKLM\..\RunOnce: [addnu32.exe] C:\WINDOWS\system32\addnu32.exe
O4 - HKLM\..\RunOnce: [d3to.exe] C:\WINDOWS\system32\d3to.exe
O4 - HKLM\..\RunOnce: [msej32.exe] C:\WINDOWS\msej32.exe
O4 - HKLM\..\RunOnce: [ntrd.exe] C:\WINDOWS\ntrd.exe
O4 - HKLM\..\RunOnce: [mfcjw.exe] C:\WINDOWS\mfcjw.exe
O4 - HKLM\..\RunOnce: [javayu32.exe] C:\WINDOWS\system32\javayu32.exe
O4 - HKLM\..\RunOnce: [syshc32.exe] C:\WINDOWS\syshc32.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.skynet.be
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/zenpuzzlegarden/miniclipGameLoader.dll
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\apppw.exe" /s (file missing)
O23 - Service: Client de licence CA (CA_LIC_CLNT) - Unknown owner - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe (file missing)
O23 - Service: Serveur de licence CA (CA_LIC_SRVR) - Unknown owner - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Event Log Watch (LogWatch) - Unknown owner - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe (file missing)
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Windows Media Connect (WMC) (WmcCds) - Unknown owner - c:\program files\windows media connect\mswmccds.exe (file missing)
O23 - Service: Aide de Windows Media Connect (WMC) (WmcCdsLs) - Unknown owner - C:\Program Files\Windows Media Connect\mswmcls.exe (file missing)
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
balltrap34
Messages postés
16240
Date d'inscription
jeudi 8 janvier 2004
Statut
Contributeur sécurité
Dernière intervention
28 novembre 2009
331
18 juil. 2005 à 21:53
18 juil. 2005 à 21:53
se n est pas se qaue je t est demander si tu ne lit pas tous et fait tous j abandonne
balltrap34
Messages postés
16240
Date d'inscription
jeudi 8 janvier 2004
Statut
Contributeur sécurité
Dernière intervention
28 novembre 2009
331
18 juil. 2005 à 22:18
18 juil. 2005 à 22:18
lol
ont vas tous reprendre
telecharge ceci
About:Buster.
Tu le télécharges sur :
http://www.majorgeeks.com/download4289.html
clik "Check for updates".
telecharge les mises a jour
referme le
ont l utiliseras plus tard
-------
telecharge ceci
http://lineofire.geekstogo.com/cwsserviceremove.zip
decompresse le et ont utilise plus tard
-------
relance hijack en mode normal
coche et fix ces lignes
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\yhsir.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\yhsir.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\yhsir.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\yhsir.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\yhsir.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\yhsir.dll/sp.html#37049
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {094EDED8-1F6C-995C-6754-A544D7EA188B} - C:\WINDOWS\system32\crcz32.dll
O2 - BHO: Class - {0AEDCEB7-DB98-2AC8-C751-7602FC73372C} - C:\WINDOWS\addea32.dll
O2 - BHO: Class - {178BF97C-6695-99D8-72C0-80D53BABA646} - C:\WINDOWS\sysik32.dll
O2 - BHO: Class - {267B601E-BF82-736D-7AC7-27C74EE988B8} - C:\WINDOWS\system32\crgk.dll
O2 - BHO: Class - {26DF6F6C-68C1-432E-7845-1CBFEF199116} - C:\WINDOWS\crei32.dll
O2 - BHO: Class - {2CDE04BE-5087-9425-8043-F24037206477} - C:\WINDOWS\netjc32.dll
O2 - BHO: Class - {38F6B10B-D771-3C5C-0291-568F76485423} - C:\WINDOWS\system32\apitg.dll
O2 - BHO: Class - {49067854-CD81-932C-FF39-319631A78BFC} - C:\WINDOWS\system32\netlm32.dll
O2 - BHO: Class - {516BCC99-33A5-EE46-FF69-B7B30CE72B12} - C:\WINDOWS\system32\winyg.dll
O2 - BHO: Class - {5363EB55-7CF4-DA12-F27B-D7B89B413FF3} - C:\WINDOWS\system32\javane32.dll
O2 - BHO: Class - {6BBEE290-2040-F21E-2CFB-CC15C4AC9B90} - C:\WINDOWS\addap.dll
O2 - BHO: Class - {6EF0F034-C0DA-6CB6-18F6-2B49B1B81D7A} - C:\WINDOWS\winmv.dll
O2 - BHO: Class - {77B56A9B-5F2E-3199-3215-D7E8E0F1C765} - C:\WINDOWS\netnn32.dll
O2 - BHO: Class - {8452BC65-9E1F-8A0C-B537-38BCC7650B62} - C:\WINDOWS\system32\apihb.dll
O2 - BHO: Class - {9651FF3B-C2B5-C2EF-5AC4-78D61ADF97C4} - C:\WINDOWS\d3kd.dll
O2 - BHO: Class - {9F8C6736-431A-A80F-7DB3-0D6C8BBD7EA1} - C:\WINDOWS\system32\netxx32.dll
O2 - BHO: Class - {A5E89540-05C4-7AC5-1C77-5A15DBBF6B36} - C:\WINDOWS\system32\winof.dll
O2 - BHO: Class - {AA168207-BE5F-10B0-7FD5-2061FA4F8547} - C:\WINDOWS\system32\winkm32.dll
O2 - BHO: Class - {B89E4008-4828-AC3A-CAF5-00B70ABA441F} - C:\WINDOWS\crrp32.dll
O2 - BHO: Class - {C01397B5-886F-E2A8-2FDD-7B4758D1AE8E} - C:\WINDOWS\apivi.dll
O2 - BHO: Class - {D7630E68-79D7-6EF3-062A-A8D62572DA69} - C:\WINDOWS\system32\d3it.dll
O2 - BHO: Class - {E850AD1C-2D64-EB86-64E5-80CA936A2373} - C:\WINDOWS\javapo32.dll
O2 - BHO: Class - {E85F1A0E-4BF7-9FC7-5FC6-F9CE2788F77D} - C:\WINDOWS\system32\ipzg32.dll
O2 - BHO: Class - {FBE2FA5F-7935-0120-3FB8-49D74C7057E5} - C:\WINDOWS\system32\addcz.dll
O2 - BHO: Class - {FCA478C5-66CE-9CAB-6011-3194DCF234A8} - C:\WINDOWS\system32\apifr.dll
O2 - BHO: Class - {FF7AF231-F460-F958-9E42-30A70C516066} - C:\WINDOWS\sysyg.dll
O4 - HKLM\..\Run: [sysal.exe] C:\WINDOWS\system32\sysal.exe
O4 - HKLM\..\Run: [mfcsx.exe] C:\WINDOWS\system32\mfcsx.exe
O4 - HKLM\..\RunOnce: [apppw.exe] C:\WINDOWS\apppw.exe
O4 - HKLM\..\RunOnce: [sysia32.exe] C:\WINDOWS\system32\sysia32.exe
O4 - HKLM\..\RunOnce: [d3xo32.exe] C:\WINDOWS\system32\d3xo32.exe
O4 - HKLM\..\RunOnce: [addit.exe] C:\WINDOWS\system32\addit.exe
O4 - HKLM\..\RunOnce: [mfccu32.exe] C:\WINDOWS\system32\mfccu32.exe
O4 - HKLM\..\RunOnce: [ipkl32.exe] C:\WINDOWS\ipkl32.exe
O4 - HKLM\..\RunOnce: [netko32.exe] C:\WINDOWS\system32\netko32.exe
O4 - HKLM\..\RunOnce: [sysbu32.exe] C:\WINDOWS\system32\sysbu32.exe
O4 - HKLM\..\RunOnce: [ipmu32.exe] C:\WINDOWS\system32\ipmu32.exe
O4 - HKLM\..\RunOnce: [d3zq32.exe] C:\WINDOWS\d3zq32.exe
O4 - HKLM\..\RunOnce: [apiwb.exe] C:\WINDOWS\apiwb.exe
O4 - HKLM\..\RunOnce: [ntkb32.exe] C:\WINDOWS\ntkb32.exe
O4 - HKLM\..\RunOnce: [crke32.exe] C:\WINDOWS\system32\crke32.exe
O4 - HKLM\..\RunOnce: [ieur.exe] C:\WINDOWS\system32\ieur.exe
O4 - HKLM\..\RunOnce: [mskj.exe] C:\WINDOWS\system32\mskj.exe
O4 - HKLM\..\RunOnce: [crxx.exe] C:\WINDOWS\system32\crxx.exe
O4 - HKLM\..\RunOnce: [addmm32.exe] C:\WINDOWS\addmm32.exe
O4 - HKLM\..\RunOnce: [addhe.exe] C:\WINDOWS\system32\addhe.exe
O4 - HKLM\..\RunOnce: [crug32.exe] C:\WINDOWS\crug32.exe
O4 - HKLM\..\RunOnce: [d3uo32.exe] C:\WINDOWS\system32\d3uo32.exe
O4 - HKLM\..\RunOnce: [ipai32.exe] C:\WINDOWS\ipai32.exe
O4 - HKLM\..\RunOnce: [d3jj32.exe] C:\WINDOWS\system32\d3jj32.exe
O4 - HKLM\..\RunOnce: [netpl.exe] C:\WINDOWS\system32\netpl.exe
O4 - HKLM\..\RunOnce: [d3ea32.exe] C:\WINDOWS\d3ea32.exe
O4 - HKLM\..\RunOnce: [ipxr.exe] C:\WINDOWS\system32\ipxr.exe
O4 - HKLM\..\RunOnce: [appcl32.exe] C:\WINDOWS\system32\appcl32.exe
O4 - HKLM\..\RunOnce: [sysmt.exe] C:\WINDOWS\system32\sysmt.exe
O4 - HKLM\..\RunOnce: [javazo32.exe] C:\WINDOWS\system32\javazo32.exe
O4 - HKLM\..\RunOnce: [javayz.exe] C:\WINDOWS\system32\javayz.exe
O4 - HKLM\..\RunOnce: [msdb.exe] C:\WINDOWS\system32\msdb.exe
O4 - HKLM\..\RunOnce: [appby.exe] C:\WINDOWS\appby.exe
O4 - HKLM\..\RunOnce: [sysqg.exe] C:\WINDOWS\system32\sysqg.exe
O4 - HKLM\..\RunOnce: [appen32.exe] C:\WINDOWS\system32\appen32.exe
O4 - HKLM\..\RunOnce: [javamb32.exe] C:\WINDOWS\system32\javamb32.exe
O4 - HKLM\..\RunOnce: [javaby32.exe] C:\WINDOWS\system32\javaby32.exe
O4 - HKLM\..\RunOnce: [apigb.exe] C:\WINDOWS\apigb.exe
O4 - HKLM\..\RunOnce: [sdkce.exe] C:\WINDOWS\system32\sdkce.exe
O4 - HKLM\..\RunOnce: [nethm32.exe] C:\WINDOWS\nethm32.exe
O4 - HKLM\..\RunOnce: [netkd32.exe] C:\WINDOWS\system32\netkd32.exe
O4 - HKLM\..\RunOnce: [addpg.exe] C:\WINDOWS\addpg.exe
O4 - HKLM\..\RunOnce: [d3iw32.exe] C:\WINDOWS\system32\d3iw32.exe
O4 - HKLM\..\RunOnce: [msjc32.exe] C:\WINDOWS\msjc32.exe
O4 - HKLM\..\RunOnce: [ipcv.exe] C:\WINDOWS\ipcv.exe
O4 - HKLM\..\RunOnce: [msdb32.exe] C:\WINDOWS\system32\msdb32.exe
O4 - HKLM\..\RunOnce: [crgx.exe] C:\WINDOWS\crgx.exe
O4 - HKLM\..\RunOnce: [netmz32.exe] C:\WINDOWS\system32\netmz32.exe
O4 - HKLM\..\RunOnce: [crwy32.exe] C:\WINDOWS\crwy32.exe
O4 - HKLM\..\RunOnce: [netjs.exe] C:\WINDOWS\netjs.exe
O4 - HKLM\..\RunOnce: [winii32.exe] C:\WINDOWS\winii32.exe
O4 - HKLM\..\RunOnce: [crnc.exe] C:\WINDOWS\crnc.exe
O4 - HKLM\..\RunOnce: [mfctg32.exe] C:\WINDOWS\system32\mfctg32.exe
O4 - HKLM\..\RunOnce: [iegb.exe] C:\WINDOWS\iegb.exe
O4 - HKLM\..\RunOnce: [mshb.exe] C:\WINDOWS\system32\mshb.exe
O4 - HKLM\..\RunOnce: [ntmd.exe] C:\WINDOWS\system32\ntmd.exe
O4 - HKLM\..\RunOnce: [mfcqh32.exe] C:\WINDOWS\system32\mfcqh32.exe
O4 - HKLM\..\RunOnce: [sysej32.exe] C:\WINDOWS\system32\sysej32.exe
O4 - HKLM\..\RunOnce: [appio.exe] C:\WINDOWS\appio.exe
O4 - HKLM\..\RunOnce: [d3oi32.exe] C:\WINDOWS\system32\d3oi32.exe
O4 - HKLM\..\RunOnce: [ntex.exe] C:\WINDOWS\ntex.exe
O4 - HKLM\..\RunOnce: [atlrz32.exe] C:\WINDOWS\atlrz32.exe
O4 - HKLM\..\RunOnce: [nethh.exe] C:\WINDOWS\nethh.exe
O4 - HKLM\..\RunOnce: [addnb32.exe] C:\WINDOWS\system32\addnb32.exe
O4 - HKLM\..\RunOnce: [appgu.exe] C:\WINDOWS\system32\appgu.exe
O4 - HKLM\..\RunOnce: [mslo32.exe] C:\WINDOWS\mslo32.exe
O4 - HKLM\..\RunOnce: [mfcpw.exe] C:\WINDOWS\system32\mfcpw.exe
O4 - HKLM\..\RunOnce: [appye32.exe] C:\WINDOWS\appye32.exe
O4 - HKLM\..\RunOnce: [msey.exe] C:\WINDOWS\msey.exe
O4 - HKLM\..\RunOnce: [sdkhk.exe] C:\WINDOWS\sdkhk.exe
O4 - HKLM\..\RunOnce: [mfcne32.exe] C:\WINDOWS\mfcne32.exe
O4 - HKLM\..\RunOnce: [iprj.exe] C:\WINDOWS\system32\iprj.exe
O4 - HKLM\..\RunOnce: [addxd.exe] C:\WINDOWS\addxd.exe
O4 - HKLM\..\RunOnce: [ipua32.exe] C:\WINDOWS\system32\ipua32.exe
O4 - HKLM\..\RunOnce: [appzu.exe] C:\WINDOWS\system32\appzu.exe
O4 - HKLM\..\RunOnce: [appfr32.exe] C:\WINDOWS\system32\appfr32.exe
O4 - HKLM\..\RunOnce: [mskl32.exe] C:\WINDOWS\mskl32.exe
O4 - HKLM\..\RunOnce: [sdksm32.exe] C:\WINDOWS\sdksm32.exe
O4 - HKLM\..\RunOnce: [atlgh.exe] C:\WINDOWS\atlgh.exe
O4 - HKLM\..\RunOnce: [msxo32.exe] C:\WINDOWS\msxo32.exe
O4 - HKLM\..\RunOnce: [ipkj.exe] C:\WINDOWS\ipkj.exe
O4 - HKLM\..\RunOnce: [addse32.exe] C:\WINDOWS\system32\addse32.exe
O4 - HKLM\..\RunOnce: [cryz.exe] C:\WINDOWS\cryz.exe
O4 - HKLM\..\RunOnce: [apidv.exe] C:\WINDOWS\system32\apidv.exe
O4 - HKLM\..\RunOnce: [sysrx.exe] C:\WINDOWS\system32\sysrx.exe
O4 - HKLM\..\RunOnce: [iery.exe] C:\WINDOWS\iery.exe
O4 - HKLM\..\RunOnce: [ntxs32.exe] C:\WINDOWS\ntxs32.exe
O4 - HKLM\..\RunOnce: [crjw32.exe] C:\WINDOWS\crjw32.exe
O4 - HKLM\..\RunOnce: [netpy.exe] C:\WINDOWS\netpy.exe
O4 - HKLM\..\RunOnce: [sdkou32.exe] C:\WINDOWS\system32\sdkou32.exe
O4 - HKLM\..\RunOnce: [mfcbo32.exe] C:\WINDOWS\system32\mfcbo32.exe
O4 - HKLM\..\RunOnce: [d3mb32.exe] C:\WINDOWS\system32\d3mb32.exe
O4 - HKLM\..\RunOnce: [ipsv.exe] C:\WINDOWS\system32\ipsv.exe
O4 - HKLM\..\RunOnce: [appco32.exe] C:\WINDOWS\appco32.exe
O4 - HKLM\..\RunOnce: [mshr.exe] C:\WINDOWS\system32\mshr.exe
O4 - HKLM\..\RunOnce: [mfccc.exe] C:\WINDOWS\system32\mfccc.exe
O4 - HKLM\..\RunOnce: [syspw.exe] C:\WINDOWS\syspw.exe
O4 - HKLM\..\RunOnce: [ipff.exe] C:\WINDOWS\ipff.exe
O4 - HKLM\..\RunOnce: [appkz.exe] C:\WINDOWS\appkz.exe
O4 - HKLM\..\RunOnce: [sdkby.exe] C:\WINDOWS\sdkby.exe
O4 - HKLM\..\RunOnce: [sdkzc.exe] C:\WINDOWS\system32\sdkzc.exe
O4 - HKLM\..\RunOnce: [msgy32.exe] C:\WINDOWS\system32\msgy32.exe
O4 - HKLM\..\RunOnce: [ipls32.exe] C:\WINDOWS\ipls32.exe
O4 - HKLM\..\RunOnce: [sdkfj32.exe] C:\WINDOWS\sdkfj32.exe
O4 - HKLM\..\RunOnce: [sdkzx.exe] C:\WINDOWS\sdkzx.exe
O4 - HKLM\..\RunOnce: [atlez.exe] C:\WINDOWS\atlez.exe
O4 - HKLM\..\RunOnce: [winid32.exe] C:\WINDOWS\winid32.exe
O4 - HKLM\..\RunOnce: [crof32.exe] C:\WINDOWS\crof32.exe
O4 - HKLM\..\RunOnce: [msnn32.exe] C:\WINDOWS\system32\msnn32.exe
O4 - HKLM\..\RunOnce: [appxj32.exe] C:\WINDOWS\appxj32.exe
O4 - HKLM\..\RunOnce: [crki.exe] C:\WINDOWS\system32\crki.exe
O4 - HKLM\..\RunOnce: [apiqk32.exe] C:\WINDOWS\system32\apiqk32.exe
O4 - HKLM\..\RunOnce: [crfx.exe] C:\WINDOWS\crfx.exe
O4 - HKLM\..\RunOnce: [nettz32.exe] C:\WINDOWS\system32\nettz32.exe
O4 - HKLM\..\RunOnce: [javapv.exe] C:\WINDOWS\system32\javapv.exe
O4 - HKLM\..\RunOnce: [apiol32.exe] C:\WINDOWS\system32\apiol32.exe
O4 - HKLM\..\RunOnce: [systn.exe] C:\WINDOWS\systn.exe
O4 - HKLM\..\RunOnce: [d3gt.exe] C:\WINDOWS\system32\d3gt.exe
O4 - HKLM\..\RunOnce: [ntfg.exe] C:\WINDOWS\ntfg.exe
O4 - HKLM\..\RunOnce: [ipoe.exe] C:\WINDOWS\system32\ipoe.exe
O4 - HKLM\..\RunOnce: [addnu32.exe] C:\WINDOWS\system32\addnu32.exe
O4 - HKLM\..\RunOnce: [d3to.exe] C:\WINDOWS\system32\d3to.exe
O4 - HKLM\..\RunOnce: [msej32.exe] C:\WINDOWS\msej32.exe
O4 - HKLM\..\RunOnce: [ntrd.exe] C:\WINDOWS\ntrd.exe
O4 - HKLM\..\RunOnce: [mfcjw.exe] C:\WINDOWS\mfcjw.exe
O4 - HKLM\..\RunOnce: [javayu32.exe] C:\WINDOWS\system32\javayu32.exe
O4 - HKLM\..\RunOnce: [syshc32.exe] C:\WINDOWS\syshc32.exe
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/zenpuzzlegarden/miniclipGameLoader.dll
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\apppw.exe" /s (file missing)
------------------
redemarre en mode sans echec
recherche et suppr les fichiers n en oublie pas les fichier en fin de ligne ex/crcz32.dll
O2 - BHO: Class - {094EDED8-1F6C-995C-6754-A544D7EA188B} - C:\WINDOWS\system32\crcz32.dll
O2 - BHO: Class - {0AEDCEB7-DB98-2AC8-C751-7602FC73372C} - C:\WINDOWS\addea32.dll
O2 - BHO: Class - {178BF97C-6695-99D8-72C0-80D53BABA646} - C:\WINDOWS\sysik32.dll
O2 - BHO: Class - {267B601E-BF82-736D-7AC7-27C74EE988B8} - C:\WINDOWS\system32\crgk.dll
O2 - BHO: Class - {26DF6F6C-68C1-432E-7845-1CBFEF199116} - C:\WINDOWS\crei32.dll
O2 - BHO: Class - {2CDE04BE-5087-9425-8043-F24037206477} - C:\WINDOWS\netjc32.dll
O2 - BHO: Class - {38F6B10B-D771-3C5C-0291-568F76485423} - C:\WINDOWS\system32\apitg.dll
O2 - BHO: Class - {49067854-CD81-932C-FF39-319631A78BFC} - C:\WINDOWS\system32\netlm32.dll
O2 - BHO: Class - {516BCC99-33A5-EE46-FF69-B7B30CE72B12} - C:\WINDOWS\system32\winyg.dll
O2 - BHO: Class - {5363EB55-7CF4-DA12-F27B-D7B89B413FF3} - C:\WINDOWS\system32\javane32.dll
O2 - BHO: Class - {6BBEE290-2040-F21E-2CFB-CC15C4AC9B90} - C:\WINDOWS\addap.dll
O2 - BHO: Class - {6EF0F034-C0DA-6CB6-18F6-2B49B1B81D7A} - C:\WINDOWS\winmv.dll
O2 - BHO: Class - {77B56A9B-5F2E-3199-3215-D7E8E0F1C765} - C:\WINDOWS\netnn32.dll
O2 - BHO: Class - {8452BC65-9E1F-8A0C-B537-38BCC7650B62} - C:\WINDOWS\system32\apihb.dll
O2 - BHO: Class - {9651FF3B-C2B5-C2EF-5AC4-78D61ADF97C4} - C:\WINDOWS\d3kd.dll
O2 - BHO: Class - {9F8C6736-431A-A80F-7DB3-0D6C8BBD7EA1} - C:\WINDOWS\system32\netxx32.dll
O2 - BHO: Class - {A5E89540-05C4-7AC5-1C77-5A15DBBF6B36} - C:\WINDOWS\system32\winof.dll
O2 - BHO: Class - {AA168207-BE5F-10B0-7FD5-2061FA4F8547} - C:\WINDOWS\system32\winkm32.dll
O2 - BHO: Class - {B89E4008-4828-AC3A-CAF5-00B70ABA441F} - C:\WINDOWS\crrp32.dll
O2 - BHO: Class - {C01397B5-886F-E2A8-2FDD-7B4758D1AE8E} - C:\WINDOWS\apivi.dll
O2 - BHO: Class - {D7630E68-79D7-6EF3-062A-A8D62572DA69} - C:\WINDOWS\system32\d3it.dll
O2 - BHO: Class - {E850AD1C-2D64-EB86-64E5-80CA936A2373} - C:\WINDOWS\javapo32.dll
O2 - BHO: Class - {E85F1A0E-4BF7-9FC7-5FC6-F9CE2788F77D} - C:\WINDOWS\system32\ipzg32.dll
O2 - BHO: Class - {FBE2FA5F-7935-0120-3FB8-49D74C7057E5} - C:\WINDOWS\system32\addcz.dll
O2 - BHO: Class - {FCA478C5-66CE-9CAB-6011-3194DCF234A8} - C:\WINDOWS\system32\apifr.dll
O2 - BHO: Class - {FF7AF231-F460-F958-9E42-30A70C516066} - C:\WINDOWS\sysyg.dll
O4 - HKLM\..\Run: [sysal.exe] C:\WINDOWS\system32\sysal.exe
O4 - HKLM\..\Run: [mfcsx.exe] C:\WINDOWS\system32\mfcsx.exe
O4 - HKLM\..\RunOnce: [apppw.exe] C:\WINDOWS\apppw.exe
O4 - HKLM\..\RunOnce: [sysia32.exe] C:\WINDOWS\system32\sysia32.exe
O4 - HKLM\..\RunOnce: [d3xo32.exe] C:\WINDOWS\system32\d3xo32.exe
O4 - HKLM\..\RunOnce: [addit.exe] C:\WINDOWS\system32\addit.exe
O4 - HKLM\..\RunOnce: [mfccu32.exe] C:\WINDOWS\system32\mfccu32.exe
O4 - HKLM\..\RunOnce: [ipkl32.exe] C:\WINDOWS\ipkl32.exe
O4 - HKLM\..\RunOnce: [netko32.exe] C:\WINDOWS\system32\netko32.exe
O4 - HKLM\..\RunOnce: [sysbu32.exe] C:\WINDOWS\system32\sysbu32.exe
O4 - HKLM\..\RunOnce: [ipmu32.exe] C:\WINDOWS\system32\ipmu32.exe
O4 - HKLM\..\RunOnce: [d3zq32.exe] C:\WINDOWS\d3zq32.exe
O4 - HKLM\..\RunOnce: [apiwb.exe] C:\WINDOWS\apiwb.exe
O4 - HKLM\..\RunOnce: [ntkb32.exe] C:\WINDOWS\ntkb32.exe
O4 - HKLM\..\RunOnce: [crke32.exe] C:\WINDOWS\system32\crke32.exe
O4 - HKLM\..\RunOnce: [ieur.exe] C:\WINDOWS\system32\ieur.exe
O4 - HKLM\..\RunOnce: [mskj.exe] C:\WINDOWS\system32\mskj.exe
O4 - HKLM\..\RunOnce: [crxx.exe] C:\WINDOWS\system32\crxx.exe
O4 - HKLM\..\RunOnce: [addmm32.exe] C:\WINDOWS\addmm32.exe
O4 - HKLM\..\RunOnce: [addhe.exe] C:\WINDOWS\system32\addhe.exe
O4 - HKLM\..\RunOnce: [crug32.exe] C:\WINDOWS\crug32.exe
O4 - HKLM\..\RunOnce: [d3uo32.exe] C:\WINDOWS\system32\d3uo32.exe
O4 - HKLM\..\RunOnce: [ipai32.exe] C:\WINDOWS\ipai32.exe
O4 - HKLM\..\RunOnce: [d3jj32.exe] C:\WINDOWS\system32\d3jj32.exe
O4 - HKLM\..\RunOnce: [netpl.exe] C:\WINDOWS\system32\netpl.exe
O4 - HKLM\..\RunOnce: [d3ea32.exe] C:\WINDOWS\d3ea32.exe
O4 - HKLM\..\RunOnce: [ipxr.exe] C:\WINDOWS\system32\ipxr.exe
O4 - HKLM\..\RunOnce: [appcl32.exe] C:\WINDOWS\system32\appcl32.exe
O4 - HKLM\..\RunOnce: [sysmt.exe] C:\WINDOWS\system32\sysmt.exe
O4 - HKLM\..\RunOnce: [javazo32.exe] C:\WINDOWS\system32\javazo32.exe
O4 - HKLM\..\RunOnce: [javayz.exe] C:\WINDOWS\system32\javayz.exe
O4 - HKLM\..\RunOnce: [msdb.exe] C:\WINDOWS\system32\msdb.exe
O4 - HKLM\..\RunOnce: [appby.exe] C:\WINDOWS\appby.exe
O4 - HKLM\..\RunOnce: [sysqg.exe] C:\WINDOWS\system32\sysqg.exe
O4 - HKLM\..\RunOnce: [appen32.exe] C:\WINDOWS\system32\appen32.exe
O4 - HKLM\..\RunOnce: [javamb32.exe] C:\WINDOWS\system32\javamb32.exe
O4 - HKLM\..\RunOnce: [javaby32.exe] C:\WINDOWS\system32\javaby32.exe
O4 - HKLM\..\RunOnce: [apigb.exe] C:\WINDOWS\apigb.exe
O4 - HKLM\..\RunOnce: [sdkce.exe] C:\WINDOWS\system32\sdkce.exe
O4 - HKLM\..\RunOnce: [nethm32.exe] C:\WINDOWS\nethm32.exe
O4 - HKLM\..\RunOnce: [netkd32.exe] C:\WINDOWS\system32\netkd32.exe
O4 - HKLM\..\RunOnce: [addpg.exe] C:\WINDOWS\addpg.exe
O4 - HKLM\..\RunOnce: [d3iw32.exe] C:\WINDOWS\system32\d3iw32.exe
O4 - HKLM\..\RunOnce: [msjc32.exe] C:\WINDOWS\msjc32.exe
O4 - HKLM\..\RunOnce: [ipcv.exe] C:\WINDOWS\ipcv.exe
O4 - HKLM\..\RunOnce: [msdb32.exe] C:\WINDOWS\system32\msdb32.exe
O4 - HKLM\..\RunOnce: [crgx.exe] C:\WINDOWS\crgx.exe
O4 - HKLM\..\RunOnce: [netmz32.exe] C:\WINDOWS\system32\netmz32.exe
O4 - HKLM\..\RunOnce: [crwy32.exe] C:\WINDOWS\crwy32.exe
O4 - HKLM\..\RunOnce: [netjs.exe] C:\WINDOWS\netjs.exe
O4 - HKLM\..\RunOnce: [winii32.exe] C:\WINDOWS\winii32.exe
O4 - HKLM\..\RunOnce: [crnc.exe] C:\WINDOWS\crnc.exe
O4 - HKLM\..\RunOnce: [mfctg32.exe] C:\WINDOWS\system32\mfctg32.exe
O4 - HKLM\..\RunOnce: [iegb.exe] C:\WINDOWS\iegb.exe
O4 - HKLM\..\RunOnce: [mshb.exe] C:\WINDOWS\system32\mshb.exe
O4 - HKLM\..\RunOnce: [ntmd.exe] C:\WINDOWS\system32\ntmd.exe
O4 - HKLM\..\RunOnce: [mfcqh32.exe] C:\WINDOWS\system32\mfcqh32.exe
O4 - HKLM\..\RunOnce: [sysej32.exe] C:\WINDOWS\system32\sysej32.exe
O4 - HKLM\..\RunOnce: [appio.exe] C:\WINDOWS\appio.exe
O4 - HKLM\..\RunOnce: [d3oi32.exe] C:\WINDOWS\system32\d3oi32.exe
O4 - HKLM\..\RunOnce: [ntex.exe] C:\WINDOWS\ntex.exe
O4 - HKLM\..\RunOnce: [atlrz32.exe] C:\WINDOWS\atlrz32.exe
O4 - HKLM\..\RunOnce: [nethh.exe] C:\WINDOWS\nethh.exe
O4 - HKLM\..\RunOnce: [addnb32.exe] C:\WINDOWS\system32\addnb32.exe
O4 - HKLM\..\RunOnce: [appgu.exe] C:\WINDOWS\system32\appgu.exe
O4 - HKLM\..\RunOnce: [mslo32.exe] C:\WINDOWS\mslo32.exe
O4 - HKLM\..\RunOnce: [mfcpw.exe] C:\WINDOWS\system32\mfcpw.exe
O4 - HKLM\..\RunOnce: [appye32.exe] C:\WINDOWS\appye32.exe
O4 - HKLM\..\RunOnce: [msey.exe] C:\WINDOWS\msey.exe
O4 - HKLM\..\RunOnce: [sdkhk.exe] C:\WINDOWS\sdkhk.exe
O4 - HKLM\..\RunOnce: [mfcne32.exe] C:\WINDOWS\mfcne32.exe
O4 - HKLM\..\RunOnce: [iprj.exe] C:\WINDOWS\system32\iprj.exe
O4 - HKLM\..\RunOnce: [addxd.exe] C:\WINDOWS\addxd.exe
O4 - HKLM\..\RunOnce: [ipua32.exe] C:\WINDOWS\system32\ipua32.exe
O4 - HKLM\..\RunOnce: [appzu.exe] C:\WINDOWS\system32\appzu.exe
O4 - HKLM\..\RunOnce: [appfr32.exe] C:\WINDOWS\system32\appfr32.exe
O4 - HKLM\..\RunOnce: [mskl32.exe] C:\WINDOWS\mskl32.exe
O4 - HKLM\..\RunOnce: [sdksm32.exe] C:\WINDOWS\sdksm32.exe
O4 - HKLM\..\RunOnce: [atlgh.exe] C:\WINDOWS\atlgh.exe
O4 - HKLM\..\RunOnce: [msxo32.exe] C:\WINDOWS\msxo32.exe
O4 - HKLM\..\RunOnce: [ipkj.exe] C:\WINDOWS\ipkj.exe
O4 - HKLM\..\RunOnce: [addse32.exe] C:\WINDOWS\system32\addse32.exe
O4 - HKLM\..\RunOnce: [cryz.exe] C:\WINDOWS\cryz.exe
O4 - HKLM\..\RunOnce: [apidv.exe] C:\WINDOWS\system32\apidv.exe
O4 - HKLM\..\RunOnce: [sysrx.exe] C:\WINDOWS\system32\sysrx.exe
O4 - HKLM\..\RunOnce: [iery.exe] C:\WINDOWS\iery.exe
O4 - HKLM\..\RunOnce: [ntxs32.exe] C:\WINDOWS\ntxs32.exe
O4 - HKLM\..\RunOnce: [crjw32.exe] C:\WINDOWS\crjw32.exe
O4 - HKLM\..\RunOnce: [netpy.exe] C:\WINDOWS\netpy.exe
O4 - HKLM\..\RunOnce: [sdkou32.exe] C:\WINDOWS\system32\sdkou32.exe
O4 - HKLM\..\RunOnce: [mfcbo32.exe] C:\WINDOWS\system32\mfcbo32.exe
O4 - HKLM\..\RunOnce: [d3mb32.exe] C:\WINDOWS\system32\d3mb32.exe
O4 - HKLM\..\RunOnce: [ipsv.exe] C:\WINDOWS\system32\ipsv.exe
O4 - HKLM\..\RunOnce: [appco32.exe] C:\WINDOWS\appco32.exe
O4 - HKLM\..\RunOnce: [mshr.exe] C:\WINDOWS\system32\mshr.exe
O4 - HKLM\..\RunOnce: [mfccc.exe] C:\WINDOWS\system32\mfccc.exe
O4 - HKLM\..\RunOnce: [syspw.exe] C:\WINDOWS\syspw.exe
O4 - HKLM\..\RunOnce: [ipff.exe] C:\WINDOWS\ipff.exe
O4 - HKLM\..\RunOnce: [appkz.exe] C:\WINDOWS\appkz.exe
O4 - HKLM\..\RunOnce: [sdkby.exe] C:\WINDOWS\sdkby.exe
O4 - HKLM\..\RunOnce: [sdkzc.exe] C:\WINDOWS\system32\sdkzc.exe
O4 - HKLM\..\RunOnce: [msgy32.exe] C:\WINDOWS\system32\msgy32.exe
O4 - HKLM\..\RunOnce: [ipls32.exe] C:\WINDOWS\ipls32.exe
O4 - HKLM\..\RunOnce: [sdkfj32.exe] C:\WINDOWS\sdkfj32.exe
O4 - HKLM\..\RunOnce: [sdkzx.exe] C:\WINDOWS\sdkzx.exe
O4 - HKLM\..\RunOnce: [atlez.exe] C:\WINDOWS\atlez.exe
O4 - HKLM\..\RunOnce: [winid32.exe] C:\WINDOWS\winid32.exe
O4 - HKLM\..\RunOnce: [crof32.exe] C:\WINDOWS\crof32.exe
O4 - HKLM\..\RunOnce: [msnn32.exe] C:\WINDOWS\system32\msnn32.exe
O4 - HKLM\..\RunOnce: [appxj32.exe] C:\WINDOWS\appxj32.exe
O4 - HKLM\..\RunOnce: [crki.exe] C:\WINDOWS\system32\crki.exe
O4 - HKLM\..\RunOnce: [apiqk32.exe] C:\WINDOWS\system32\apiqk32.exe
O4 - HKLM\..\RunOnce: [crfx.exe] C:\WINDOWS\crfx.exe
O4 - HKLM\..\RunOnce: [nettz32.exe] C:\WINDOWS\system32\nettz32.exe
O4 - HKLM\..\RunOnce: [javapv.exe] C:\WINDOWS\system32\javapv.exe
O4 - HKLM\..\RunOnce: [apiol32.exe] C:\WINDOWS\system32\apiol32.exe
O4 - HKLM\..\RunOnce: [systn.exe] C:\WINDOWS\systn.exe
O4 - HKLM\..\RunOnce: [d3gt.exe] C:\WINDOWS\system32\d3gt.exe
O4 - HKLM\..\RunOnce: [ntfg.exe] C:\WINDOWS\ntfg.exe
O4 - HKLM\..\RunOnce: [ipoe.exe] C:\WINDOWS\system32\ipoe.exe
O4 - HKLM\..\RunOnce: [addnu32.exe] C:\WINDOWS\system32\addnu32.exe
O4 - HKLM\..\RunOnce: [d3to.exe] C:\WINDOWS\system32\d3to.exe
O4 - HKLM\..\RunOnce: [msej32.exe] C:\WINDOWS\msej32.exe
O4 - HKLM\..\RunOnce: [ntrd.exe] C:\WINDOWS\ntrd.exe
O4 - HKLM\..\RunOnce: [mfcjw.exe] C:\WINDOWS\mfcjw.exe
O4 - HKLM\..\RunOnce: [javayu32.exe] C:\WINDOWS\system32\javayu32.exe
O4 - HKLM\..\RunOnce: [syshc32.exe] C:\WINDOWS\syshc32.exe
------------
maintenant passe about buster autant de fois qu il trouve quelque chose
4/5/6 fois si il faut
------
double clik sur le fichier telecharger tous a l heure
cwsserviceremove.zip
-----------
redemarre et nouvel hijack
ont vas tous reprendre
telecharge ceci
About:Buster.
Tu le télécharges sur :
http://www.majorgeeks.com/download4289.html
clik "Check for updates".
telecharge les mises a jour
referme le
ont l utiliseras plus tard
-------
telecharge ceci
http://lineofire.geekstogo.com/cwsserviceremove.zip
decompresse le et ont utilise plus tard
-------
relance hijack en mode normal
coche et fix ces lignes
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\yhsir.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\yhsir.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\yhsir.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\yhsir.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\yhsir.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\yhsir.dll/sp.html#37049
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {094EDED8-1F6C-995C-6754-A544D7EA188B} - C:\WINDOWS\system32\crcz32.dll
O2 - BHO: Class - {0AEDCEB7-DB98-2AC8-C751-7602FC73372C} - C:\WINDOWS\addea32.dll
O2 - BHO: Class - {178BF97C-6695-99D8-72C0-80D53BABA646} - C:\WINDOWS\sysik32.dll
O2 - BHO: Class - {267B601E-BF82-736D-7AC7-27C74EE988B8} - C:\WINDOWS\system32\crgk.dll
O2 - BHO: Class - {26DF6F6C-68C1-432E-7845-1CBFEF199116} - C:\WINDOWS\crei32.dll
O2 - BHO: Class - {2CDE04BE-5087-9425-8043-F24037206477} - C:\WINDOWS\netjc32.dll
O2 - BHO: Class - {38F6B10B-D771-3C5C-0291-568F76485423} - C:\WINDOWS\system32\apitg.dll
O2 - BHO: Class - {49067854-CD81-932C-FF39-319631A78BFC} - C:\WINDOWS\system32\netlm32.dll
O2 - BHO: Class - {516BCC99-33A5-EE46-FF69-B7B30CE72B12} - C:\WINDOWS\system32\winyg.dll
O2 - BHO: Class - {5363EB55-7CF4-DA12-F27B-D7B89B413FF3} - C:\WINDOWS\system32\javane32.dll
O2 - BHO: Class - {6BBEE290-2040-F21E-2CFB-CC15C4AC9B90} - C:\WINDOWS\addap.dll
O2 - BHO: Class - {6EF0F034-C0DA-6CB6-18F6-2B49B1B81D7A} - C:\WINDOWS\winmv.dll
O2 - BHO: Class - {77B56A9B-5F2E-3199-3215-D7E8E0F1C765} - C:\WINDOWS\netnn32.dll
O2 - BHO: Class - {8452BC65-9E1F-8A0C-B537-38BCC7650B62} - C:\WINDOWS\system32\apihb.dll
O2 - BHO: Class - {9651FF3B-C2B5-C2EF-5AC4-78D61ADF97C4} - C:\WINDOWS\d3kd.dll
O2 - BHO: Class - {9F8C6736-431A-A80F-7DB3-0D6C8BBD7EA1} - C:\WINDOWS\system32\netxx32.dll
O2 - BHO: Class - {A5E89540-05C4-7AC5-1C77-5A15DBBF6B36} - C:\WINDOWS\system32\winof.dll
O2 - BHO: Class - {AA168207-BE5F-10B0-7FD5-2061FA4F8547} - C:\WINDOWS\system32\winkm32.dll
O2 - BHO: Class - {B89E4008-4828-AC3A-CAF5-00B70ABA441F} - C:\WINDOWS\crrp32.dll
O2 - BHO: Class - {C01397B5-886F-E2A8-2FDD-7B4758D1AE8E} - C:\WINDOWS\apivi.dll
O2 - BHO: Class - {D7630E68-79D7-6EF3-062A-A8D62572DA69} - C:\WINDOWS\system32\d3it.dll
O2 - BHO: Class - {E850AD1C-2D64-EB86-64E5-80CA936A2373} - C:\WINDOWS\javapo32.dll
O2 - BHO: Class - {E85F1A0E-4BF7-9FC7-5FC6-F9CE2788F77D} - C:\WINDOWS\system32\ipzg32.dll
O2 - BHO: Class - {FBE2FA5F-7935-0120-3FB8-49D74C7057E5} - C:\WINDOWS\system32\addcz.dll
O2 - BHO: Class - {FCA478C5-66CE-9CAB-6011-3194DCF234A8} - C:\WINDOWS\system32\apifr.dll
O2 - BHO: Class - {FF7AF231-F460-F958-9E42-30A70C516066} - C:\WINDOWS\sysyg.dll
O4 - HKLM\..\Run: [sysal.exe] C:\WINDOWS\system32\sysal.exe
O4 - HKLM\..\Run: [mfcsx.exe] C:\WINDOWS\system32\mfcsx.exe
O4 - HKLM\..\RunOnce: [apppw.exe] C:\WINDOWS\apppw.exe
O4 - HKLM\..\RunOnce: [sysia32.exe] C:\WINDOWS\system32\sysia32.exe
O4 - HKLM\..\RunOnce: [d3xo32.exe] C:\WINDOWS\system32\d3xo32.exe
O4 - HKLM\..\RunOnce: [addit.exe] C:\WINDOWS\system32\addit.exe
O4 - HKLM\..\RunOnce: [mfccu32.exe] C:\WINDOWS\system32\mfccu32.exe
O4 - HKLM\..\RunOnce: [ipkl32.exe] C:\WINDOWS\ipkl32.exe
O4 - HKLM\..\RunOnce: [netko32.exe] C:\WINDOWS\system32\netko32.exe
O4 - HKLM\..\RunOnce: [sysbu32.exe] C:\WINDOWS\system32\sysbu32.exe
O4 - HKLM\..\RunOnce: [ipmu32.exe] C:\WINDOWS\system32\ipmu32.exe
O4 - HKLM\..\RunOnce: [d3zq32.exe] C:\WINDOWS\d3zq32.exe
O4 - HKLM\..\RunOnce: [apiwb.exe] C:\WINDOWS\apiwb.exe
O4 - HKLM\..\RunOnce: [ntkb32.exe] C:\WINDOWS\ntkb32.exe
O4 - HKLM\..\RunOnce: [crke32.exe] C:\WINDOWS\system32\crke32.exe
O4 - HKLM\..\RunOnce: [ieur.exe] C:\WINDOWS\system32\ieur.exe
O4 - HKLM\..\RunOnce: [mskj.exe] C:\WINDOWS\system32\mskj.exe
O4 - HKLM\..\RunOnce: [crxx.exe] C:\WINDOWS\system32\crxx.exe
O4 - HKLM\..\RunOnce: [addmm32.exe] C:\WINDOWS\addmm32.exe
O4 - HKLM\..\RunOnce: [addhe.exe] C:\WINDOWS\system32\addhe.exe
O4 - HKLM\..\RunOnce: [crug32.exe] C:\WINDOWS\crug32.exe
O4 - HKLM\..\RunOnce: [d3uo32.exe] C:\WINDOWS\system32\d3uo32.exe
O4 - HKLM\..\RunOnce: [ipai32.exe] C:\WINDOWS\ipai32.exe
O4 - HKLM\..\RunOnce: [d3jj32.exe] C:\WINDOWS\system32\d3jj32.exe
O4 - HKLM\..\RunOnce: [netpl.exe] C:\WINDOWS\system32\netpl.exe
O4 - HKLM\..\RunOnce: [d3ea32.exe] C:\WINDOWS\d3ea32.exe
O4 - HKLM\..\RunOnce: [ipxr.exe] C:\WINDOWS\system32\ipxr.exe
O4 - HKLM\..\RunOnce: [appcl32.exe] C:\WINDOWS\system32\appcl32.exe
O4 - HKLM\..\RunOnce: [sysmt.exe] C:\WINDOWS\system32\sysmt.exe
O4 - HKLM\..\RunOnce: [javazo32.exe] C:\WINDOWS\system32\javazo32.exe
O4 - HKLM\..\RunOnce: [javayz.exe] C:\WINDOWS\system32\javayz.exe
O4 - HKLM\..\RunOnce: [msdb.exe] C:\WINDOWS\system32\msdb.exe
O4 - HKLM\..\RunOnce: [appby.exe] C:\WINDOWS\appby.exe
O4 - HKLM\..\RunOnce: [sysqg.exe] C:\WINDOWS\system32\sysqg.exe
O4 - HKLM\..\RunOnce: [appen32.exe] C:\WINDOWS\system32\appen32.exe
O4 - HKLM\..\RunOnce: [javamb32.exe] C:\WINDOWS\system32\javamb32.exe
O4 - HKLM\..\RunOnce: [javaby32.exe] C:\WINDOWS\system32\javaby32.exe
O4 - HKLM\..\RunOnce: [apigb.exe] C:\WINDOWS\apigb.exe
O4 - HKLM\..\RunOnce: [sdkce.exe] C:\WINDOWS\system32\sdkce.exe
O4 - HKLM\..\RunOnce: [nethm32.exe] C:\WINDOWS\nethm32.exe
O4 - HKLM\..\RunOnce: [netkd32.exe] C:\WINDOWS\system32\netkd32.exe
O4 - HKLM\..\RunOnce: [addpg.exe] C:\WINDOWS\addpg.exe
O4 - HKLM\..\RunOnce: [d3iw32.exe] C:\WINDOWS\system32\d3iw32.exe
O4 - HKLM\..\RunOnce: [msjc32.exe] C:\WINDOWS\msjc32.exe
O4 - HKLM\..\RunOnce: [ipcv.exe] C:\WINDOWS\ipcv.exe
O4 - HKLM\..\RunOnce: [msdb32.exe] C:\WINDOWS\system32\msdb32.exe
O4 - HKLM\..\RunOnce: [crgx.exe] C:\WINDOWS\crgx.exe
O4 - HKLM\..\RunOnce: [netmz32.exe] C:\WINDOWS\system32\netmz32.exe
O4 - HKLM\..\RunOnce: [crwy32.exe] C:\WINDOWS\crwy32.exe
O4 - HKLM\..\RunOnce: [netjs.exe] C:\WINDOWS\netjs.exe
O4 - HKLM\..\RunOnce: [winii32.exe] C:\WINDOWS\winii32.exe
O4 - HKLM\..\RunOnce: [crnc.exe] C:\WINDOWS\crnc.exe
O4 - HKLM\..\RunOnce: [mfctg32.exe] C:\WINDOWS\system32\mfctg32.exe
O4 - HKLM\..\RunOnce: [iegb.exe] C:\WINDOWS\iegb.exe
O4 - HKLM\..\RunOnce: [mshb.exe] C:\WINDOWS\system32\mshb.exe
O4 - HKLM\..\RunOnce: [ntmd.exe] C:\WINDOWS\system32\ntmd.exe
O4 - HKLM\..\RunOnce: [mfcqh32.exe] C:\WINDOWS\system32\mfcqh32.exe
O4 - HKLM\..\RunOnce: [sysej32.exe] C:\WINDOWS\system32\sysej32.exe
O4 - HKLM\..\RunOnce: [appio.exe] C:\WINDOWS\appio.exe
O4 - HKLM\..\RunOnce: [d3oi32.exe] C:\WINDOWS\system32\d3oi32.exe
O4 - HKLM\..\RunOnce: [ntex.exe] C:\WINDOWS\ntex.exe
O4 - HKLM\..\RunOnce: [atlrz32.exe] C:\WINDOWS\atlrz32.exe
O4 - HKLM\..\RunOnce: [nethh.exe] C:\WINDOWS\nethh.exe
O4 - HKLM\..\RunOnce: [addnb32.exe] C:\WINDOWS\system32\addnb32.exe
O4 - HKLM\..\RunOnce: [appgu.exe] C:\WINDOWS\system32\appgu.exe
O4 - HKLM\..\RunOnce: [mslo32.exe] C:\WINDOWS\mslo32.exe
O4 - HKLM\..\RunOnce: [mfcpw.exe] C:\WINDOWS\system32\mfcpw.exe
O4 - HKLM\..\RunOnce: [appye32.exe] C:\WINDOWS\appye32.exe
O4 - HKLM\..\RunOnce: [msey.exe] C:\WINDOWS\msey.exe
O4 - HKLM\..\RunOnce: [sdkhk.exe] C:\WINDOWS\sdkhk.exe
O4 - HKLM\..\RunOnce: [mfcne32.exe] C:\WINDOWS\mfcne32.exe
O4 - HKLM\..\RunOnce: [iprj.exe] C:\WINDOWS\system32\iprj.exe
O4 - HKLM\..\RunOnce: [addxd.exe] C:\WINDOWS\addxd.exe
O4 - HKLM\..\RunOnce: [ipua32.exe] C:\WINDOWS\system32\ipua32.exe
O4 - HKLM\..\RunOnce: [appzu.exe] C:\WINDOWS\system32\appzu.exe
O4 - HKLM\..\RunOnce: [appfr32.exe] C:\WINDOWS\system32\appfr32.exe
O4 - HKLM\..\RunOnce: [mskl32.exe] C:\WINDOWS\mskl32.exe
O4 - HKLM\..\RunOnce: [sdksm32.exe] C:\WINDOWS\sdksm32.exe
O4 - HKLM\..\RunOnce: [atlgh.exe] C:\WINDOWS\atlgh.exe
O4 - HKLM\..\RunOnce: [msxo32.exe] C:\WINDOWS\msxo32.exe
O4 - HKLM\..\RunOnce: [ipkj.exe] C:\WINDOWS\ipkj.exe
O4 - HKLM\..\RunOnce: [addse32.exe] C:\WINDOWS\system32\addse32.exe
O4 - HKLM\..\RunOnce: [cryz.exe] C:\WINDOWS\cryz.exe
O4 - HKLM\..\RunOnce: [apidv.exe] C:\WINDOWS\system32\apidv.exe
O4 - HKLM\..\RunOnce: [sysrx.exe] C:\WINDOWS\system32\sysrx.exe
O4 - HKLM\..\RunOnce: [iery.exe] C:\WINDOWS\iery.exe
O4 - HKLM\..\RunOnce: [ntxs32.exe] C:\WINDOWS\ntxs32.exe
O4 - HKLM\..\RunOnce: [crjw32.exe] C:\WINDOWS\crjw32.exe
O4 - HKLM\..\RunOnce: [netpy.exe] C:\WINDOWS\netpy.exe
O4 - HKLM\..\RunOnce: [sdkou32.exe] C:\WINDOWS\system32\sdkou32.exe
O4 - HKLM\..\RunOnce: [mfcbo32.exe] C:\WINDOWS\system32\mfcbo32.exe
O4 - HKLM\..\RunOnce: [d3mb32.exe] C:\WINDOWS\system32\d3mb32.exe
O4 - HKLM\..\RunOnce: [ipsv.exe] C:\WINDOWS\system32\ipsv.exe
O4 - HKLM\..\RunOnce: [appco32.exe] C:\WINDOWS\appco32.exe
O4 - HKLM\..\RunOnce: [mshr.exe] C:\WINDOWS\system32\mshr.exe
O4 - HKLM\..\RunOnce: [mfccc.exe] C:\WINDOWS\system32\mfccc.exe
O4 - HKLM\..\RunOnce: [syspw.exe] C:\WINDOWS\syspw.exe
O4 - HKLM\..\RunOnce: [ipff.exe] C:\WINDOWS\ipff.exe
O4 - HKLM\..\RunOnce: [appkz.exe] C:\WINDOWS\appkz.exe
O4 - HKLM\..\RunOnce: [sdkby.exe] C:\WINDOWS\sdkby.exe
O4 - HKLM\..\RunOnce: [sdkzc.exe] C:\WINDOWS\system32\sdkzc.exe
O4 - HKLM\..\RunOnce: [msgy32.exe] C:\WINDOWS\system32\msgy32.exe
O4 - HKLM\..\RunOnce: [ipls32.exe] C:\WINDOWS\ipls32.exe
O4 - HKLM\..\RunOnce: [sdkfj32.exe] C:\WINDOWS\sdkfj32.exe
O4 - HKLM\..\RunOnce: [sdkzx.exe] C:\WINDOWS\sdkzx.exe
O4 - HKLM\..\RunOnce: [atlez.exe] C:\WINDOWS\atlez.exe
O4 - HKLM\..\RunOnce: [winid32.exe] C:\WINDOWS\winid32.exe
O4 - HKLM\..\RunOnce: [crof32.exe] C:\WINDOWS\crof32.exe
O4 - HKLM\..\RunOnce: [msnn32.exe] C:\WINDOWS\system32\msnn32.exe
O4 - HKLM\..\RunOnce: [appxj32.exe] C:\WINDOWS\appxj32.exe
O4 - HKLM\..\RunOnce: [crki.exe] C:\WINDOWS\system32\crki.exe
O4 - HKLM\..\RunOnce: [apiqk32.exe] C:\WINDOWS\system32\apiqk32.exe
O4 - HKLM\..\RunOnce: [crfx.exe] C:\WINDOWS\crfx.exe
O4 - HKLM\..\RunOnce: [nettz32.exe] C:\WINDOWS\system32\nettz32.exe
O4 - HKLM\..\RunOnce: [javapv.exe] C:\WINDOWS\system32\javapv.exe
O4 - HKLM\..\RunOnce: [apiol32.exe] C:\WINDOWS\system32\apiol32.exe
O4 - HKLM\..\RunOnce: [systn.exe] C:\WINDOWS\systn.exe
O4 - HKLM\..\RunOnce: [d3gt.exe] C:\WINDOWS\system32\d3gt.exe
O4 - HKLM\..\RunOnce: [ntfg.exe] C:\WINDOWS\ntfg.exe
O4 - HKLM\..\RunOnce: [ipoe.exe] C:\WINDOWS\system32\ipoe.exe
O4 - HKLM\..\RunOnce: [addnu32.exe] C:\WINDOWS\system32\addnu32.exe
O4 - HKLM\..\RunOnce: [d3to.exe] C:\WINDOWS\system32\d3to.exe
O4 - HKLM\..\RunOnce: [msej32.exe] C:\WINDOWS\msej32.exe
O4 - HKLM\..\RunOnce: [ntrd.exe] C:\WINDOWS\ntrd.exe
O4 - HKLM\..\RunOnce: [mfcjw.exe] C:\WINDOWS\mfcjw.exe
O4 - HKLM\..\RunOnce: [javayu32.exe] C:\WINDOWS\system32\javayu32.exe
O4 - HKLM\..\RunOnce: [syshc32.exe] C:\WINDOWS\syshc32.exe
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/zenpuzzlegarden/miniclipGameLoader.dll
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\apppw.exe" /s (file missing)
------------------
redemarre en mode sans echec
recherche et suppr les fichiers n en oublie pas les fichier en fin de ligne ex/crcz32.dll
O2 - BHO: Class - {094EDED8-1F6C-995C-6754-A544D7EA188B} - C:\WINDOWS\system32\crcz32.dll
O2 - BHO: Class - {0AEDCEB7-DB98-2AC8-C751-7602FC73372C} - C:\WINDOWS\addea32.dll
O2 - BHO: Class - {178BF97C-6695-99D8-72C0-80D53BABA646} - C:\WINDOWS\sysik32.dll
O2 - BHO: Class - {267B601E-BF82-736D-7AC7-27C74EE988B8} - C:\WINDOWS\system32\crgk.dll
O2 - BHO: Class - {26DF6F6C-68C1-432E-7845-1CBFEF199116} - C:\WINDOWS\crei32.dll
O2 - BHO: Class - {2CDE04BE-5087-9425-8043-F24037206477} - C:\WINDOWS\netjc32.dll
O2 - BHO: Class - {38F6B10B-D771-3C5C-0291-568F76485423} - C:\WINDOWS\system32\apitg.dll
O2 - BHO: Class - {49067854-CD81-932C-FF39-319631A78BFC} - C:\WINDOWS\system32\netlm32.dll
O2 - BHO: Class - {516BCC99-33A5-EE46-FF69-B7B30CE72B12} - C:\WINDOWS\system32\winyg.dll
O2 - BHO: Class - {5363EB55-7CF4-DA12-F27B-D7B89B413FF3} - C:\WINDOWS\system32\javane32.dll
O2 - BHO: Class - {6BBEE290-2040-F21E-2CFB-CC15C4AC9B90} - C:\WINDOWS\addap.dll
O2 - BHO: Class - {6EF0F034-C0DA-6CB6-18F6-2B49B1B81D7A} - C:\WINDOWS\winmv.dll
O2 - BHO: Class - {77B56A9B-5F2E-3199-3215-D7E8E0F1C765} - C:\WINDOWS\netnn32.dll
O2 - BHO: Class - {8452BC65-9E1F-8A0C-B537-38BCC7650B62} - C:\WINDOWS\system32\apihb.dll
O2 - BHO: Class - {9651FF3B-C2B5-C2EF-5AC4-78D61ADF97C4} - C:\WINDOWS\d3kd.dll
O2 - BHO: Class - {9F8C6736-431A-A80F-7DB3-0D6C8BBD7EA1} - C:\WINDOWS\system32\netxx32.dll
O2 - BHO: Class - {A5E89540-05C4-7AC5-1C77-5A15DBBF6B36} - C:\WINDOWS\system32\winof.dll
O2 - BHO: Class - {AA168207-BE5F-10B0-7FD5-2061FA4F8547} - C:\WINDOWS\system32\winkm32.dll
O2 - BHO: Class - {B89E4008-4828-AC3A-CAF5-00B70ABA441F} - C:\WINDOWS\crrp32.dll
O2 - BHO: Class - {C01397B5-886F-E2A8-2FDD-7B4758D1AE8E} - C:\WINDOWS\apivi.dll
O2 - BHO: Class - {D7630E68-79D7-6EF3-062A-A8D62572DA69} - C:\WINDOWS\system32\d3it.dll
O2 - BHO: Class - {E850AD1C-2D64-EB86-64E5-80CA936A2373} - C:\WINDOWS\javapo32.dll
O2 - BHO: Class - {E85F1A0E-4BF7-9FC7-5FC6-F9CE2788F77D} - C:\WINDOWS\system32\ipzg32.dll
O2 - BHO: Class - {FBE2FA5F-7935-0120-3FB8-49D74C7057E5} - C:\WINDOWS\system32\addcz.dll
O2 - BHO: Class - {FCA478C5-66CE-9CAB-6011-3194DCF234A8} - C:\WINDOWS\system32\apifr.dll
O2 - BHO: Class - {FF7AF231-F460-F958-9E42-30A70C516066} - C:\WINDOWS\sysyg.dll
O4 - HKLM\..\Run: [sysal.exe] C:\WINDOWS\system32\sysal.exe
O4 - HKLM\..\Run: [mfcsx.exe] C:\WINDOWS\system32\mfcsx.exe
O4 - HKLM\..\RunOnce: [apppw.exe] C:\WINDOWS\apppw.exe
O4 - HKLM\..\RunOnce: [sysia32.exe] C:\WINDOWS\system32\sysia32.exe
O4 - HKLM\..\RunOnce: [d3xo32.exe] C:\WINDOWS\system32\d3xo32.exe
O4 - HKLM\..\RunOnce: [addit.exe] C:\WINDOWS\system32\addit.exe
O4 - HKLM\..\RunOnce: [mfccu32.exe] C:\WINDOWS\system32\mfccu32.exe
O4 - HKLM\..\RunOnce: [ipkl32.exe] C:\WINDOWS\ipkl32.exe
O4 - HKLM\..\RunOnce: [netko32.exe] C:\WINDOWS\system32\netko32.exe
O4 - HKLM\..\RunOnce: [sysbu32.exe] C:\WINDOWS\system32\sysbu32.exe
O4 - HKLM\..\RunOnce: [ipmu32.exe] C:\WINDOWS\system32\ipmu32.exe
O4 - HKLM\..\RunOnce: [d3zq32.exe] C:\WINDOWS\d3zq32.exe
O4 - HKLM\..\RunOnce: [apiwb.exe] C:\WINDOWS\apiwb.exe
O4 - HKLM\..\RunOnce: [ntkb32.exe] C:\WINDOWS\ntkb32.exe
O4 - HKLM\..\RunOnce: [crke32.exe] C:\WINDOWS\system32\crke32.exe
O4 - HKLM\..\RunOnce: [ieur.exe] C:\WINDOWS\system32\ieur.exe
O4 - HKLM\..\RunOnce: [mskj.exe] C:\WINDOWS\system32\mskj.exe
O4 - HKLM\..\RunOnce: [crxx.exe] C:\WINDOWS\system32\crxx.exe
O4 - HKLM\..\RunOnce: [addmm32.exe] C:\WINDOWS\addmm32.exe
O4 - HKLM\..\RunOnce: [addhe.exe] C:\WINDOWS\system32\addhe.exe
O4 - HKLM\..\RunOnce: [crug32.exe] C:\WINDOWS\crug32.exe
O4 - HKLM\..\RunOnce: [d3uo32.exe] C:\WINDOWS\system32\d3uo32.exe
O4 - HKLM\..\RunOnce: [ipai32.exe] C:\WINDOWS\ipai32.exe
O4 - HKLM\..\RunOnce: [d3jj32.exe] C:\WINDOWS\system32\d3jj32.exe
O4 - HKLM\..\RunOnce: [netpl.exe] C:\WINDOWS\system32\netpl.exe
O4 - HKLM\..\RunOnce: [d3ea32.exe] C:\WINDOWS\d3ea32.exe
O4 - HKLM\..\RunOnce: [ipxr.exe] C:\WINDOWS\system32\ipxr.exe
O4 - HKLM\..\RunOnce: [appcl32.exe] C:\WINDOWS\system32\appcl32.exe
O4 - HKLM\..\RunOnce: [sysmt.exe] C:\WINDOWS\system32\sysmt.exe
O4 - HKLM\..\RunOnce: [javazo32.exe] C:\WINDOWS\system32\javazo32.exe
O4 - HKLM\..\RunOnce: [javayz.exe] C:\WINDOWS\system32\javayz.exe
O4 - HKLM\..\RunOnce: [msdb.exe] C:\WINDOWS\system32\msdb.exe
O4 - HKLM\..\RunOnce: [appby.exe] C:\WINDOWS\appby.exe
O4 - HKLM\..\RunOnce: [sysqg.exe] C:\WINDOWS\system32\sysqg.exe
O4 - HKLM\..\RunOnce: [appen32.exe] C:\WINDOWS\system32\appen32.exe
O4 - HKLM\..\RunOnce: [javamb32.exe] C:\WINDOWS\system32\javamb32.exe
O4 - HKLM\..\RunOnce: [javaby32.exe] C:\WINDOWS\system32\javaby32.exe
O4 - HKLM\..\RunOnce: [apigb.exe] C:\WINDOWS\apigb.exe
O4 - HKLM\..\RunOnce: [sdkce.exe] C:\WINDOWS\system32\sdkce.exe
O4 - HKLM\..\RunOnce: [nethm32.exe] C:\WINDOWS\nethm32.exe
O4 - HKLM\..\RunOnce: [netkd32.exe] C:\WINDOWS\system32\netkd32.exe
O4 - HKLM\..\RunOnce: [addpg.exe] C:\WINDOWS\addpg.exe
O4 - HKLM\..\RunOnce: [d3iw32.exe] C:\WINDOWS\system32\d3iw32.exe
O4 - HKLM\..\RunOnce: [msjc32.exe] C:\WINDOWS\msjc32.exe
O4 - HKLM\..\RunOnce: [ipcv.exe] C:\WINDOWS\ipcv.exe
O4 - HKLM\..\RunOnce: [msdb32.exe] C:\WINDOWS\system32\msdb32.exe
O4 - HKLM\..\RunOnce: [crgx.exe] C:\WINDOWS\crgx.exe
O4 - HKLM\..\RunOnce: [netmz32.exe] C:\WINDOWS\system32\netmz32.exe
O4 - HKLM\..\RunOnce: [crwy32.exe] C:\WINDOWS\crwy32.exe
O4 - HKLM\..\RunOnce: [netjs.exe] C:\WINDOWS\netjs.exe
O4 - HKLM\..\RunOnce: [winii32.exe] C:\WINDOWS\winii32.exe
O4 - HKLM\..\RunOnce: [crnc.exe] C:\WINDOWS\crnc.exe
O4 - HKLM\..\RunOnce: [mfctg32.exe] C:\WINDOWS\system32\mfctg32.exe
O4 - HKLM\..\RunOnce: [iegb.exe] C:\WINDOWS\iegb.exe
O4 - HKLM\..\RunOnce: [mshb.exe] C:\WINDOWS\system32\mshb.exe
O4 - HKLM\..\RunOnce: [ntmd.exe] C:\WINDOWS\system32\ntmd.exe
O4 - HKLM\..\RunOnce: [mfcqh32.exe] C:\WINDOWS\system32\mfcqh32.exe
O4 - HKLM\..\RunOnce: [sysej32.exe] C:\WINDOWS\system32\sysej32.exe
O4 - HKLM\..\RunOnce: [appio.exe] C:\WINDOWS\appio.exe
O4 - HKLM\..\RunOnce: [d3oi32.exe] C:\WINDOWS\system32\d3oi32.exe
O4 - HKLM\..\RunOnce: [ntex.exe] C:\WINDOWS\ntex.exe
O4 - HKLM\..\RunOnce: [atlrz32.exe] C:\WINDOWS\atlrz32.exe
O4 - HKLM\..\RunOnce: [nethh.exe] C:\WINDOWS\nethh.exe
O4 - HKLM\..\RunOnce: [addnb32.exe] C:\WINDOWS\system32\addnb32.exe
O4 - HKLM\..\RunOnce: [appgu.exe] C:\WINDOWS\system32\appgu.exe
O4 - HKLM\..\RunOnce: [mslo32.exe] C:\WINDOWS\mslo32.exe
O4 - HKLM\..\RunOnce: [mfcpw.exe] C:\WINDOWS\system32\mfcpw.exe
O4 - HKLM\..\RunOnce: [appye32.exe] C:\WINDOWS\appye32.exe
O4 - HKLM\..\RunOnce: [msey.exe] C:\WINDOWS\msey.exe
O4 - HKLM\..\RunOnce: [sdkhk.exe] C:\WINDOWS\sdkhk.exe
O4 - HKLM\..\RunOnce: [mfcne32.exe] C:\WINDOWS\mfcne32.exe
O4 - HKLM\..\RunOnce: [iprj.exe] C:\WINDOWS\system32\iprj.exe
O4 - HKLM\..\RunOnce: [addxd.exe] C:\WINDOWS\addxd.exe
O4 - HKLM\..\RunOnce: [ipua32.exe] C:\WINDOWS\system32\ipua32.exe
O4 - HKLM\..\RunOnce: [appzu.exe] C:\WINDOWS\system32\appzu.exe
O4 - HKLM\..\RunOnce: [appfr32.exe] C:\WINDOWS\system32\appfr32.exe
O4 - HKLM\..\RunOnce: [mskl32.exe] C:\WINDOWS\mskl32.exe
O4 - HKLM\..\RunOnce: [sdksm32.exe] C:\WINDOWS\sdksm32.exe
O4 - HKLM\..\RunOnce: [atlgh.exe] C:\WINDOWS\atlgh.exe
O4 - HKLM\..\RunOnce: [msxo32.exe] C:\WINDOWS\msxo32.exe
O4 - HKLM\..\RunOnce: [ipkj.exe] C:\WINDOWS\ipkj.exe
O4 - HKLM\..\RunOnce: [addse32.exe] C:\WINDOWS\system32\addse32.exe
O4 - HKLM\..\RunOnce: [cryz.exe] C:\WINDOWS\cryz.exe
O4 - HKLM\..\RunOnce: [apidv.exe] C:\WINDOWS\system32\apidv.exe
O4 - HKLM\..\RunOnce: [sysrx.exe] C:\WINDOWS\system32\sysrx.exe
O4 - HKLM\..\RunOnce: [iery.exe] C:\WINDOWS\iery.exe
O4 - HKLM\..\RunOnce: [ntxs32.exe] C:\WINDOWS\ntxs32.exe
O4 - HKLM\..\RunOnce: [crjw32.exe] C:\WINDOWS\crjw32.exe
O4 - HKLM\..\RunOnce: [netpy.exe] C:\WINDOWS\netpy.exe
O4 - HKLM\..\RunOnce: [sdkou32.exe] C:\WINDOWS\system32\sdkou32.exe
O4 - HKLM\..\RunOnce: [mfcbo32.exe] C:\WINDOWS\system32\mfcbo32.exe
O4 - HKLM\..\RunOnce: [d3mb32.exe] C:\WINDOWS\system32\d3mb32.exe
O4 - HKLM\..\RunOnce: [ipsv.exe] C:\WINDOWS\system32\ipsv.exe
O4 - HKLM\..\RunOnce: [appco32.exe] C:\WINDOWS\appco32.exe
O4 - HKLM\..\RunOnce: [mshr.exe] C:\WINDOWS\system32\mshr.exe
O4 - HKLM\..\RunOnce: [mfccc.exe] C:\WINDOWS\system32\mfccc.exe
O4 - HKLM\..\RunOnce: [syspw.exe] C:\WINDOWS\syspw.exe
O4 - HKLM\..\RunOnce: [ipff.exe] C:\WINDOWS\ipff.exe
O4 - HKLM\..\RunOnce: [appkz.exe] C:\WINDOWS\appkz.exe
O4 - HKLM\..\RunOnce: [sdkby.exe] C:\WINDOWS\sdkby.exe
O4 - HKLM\..\RunOnce: [sdkzc.exe] C:\WINDOWS\system32\sdkzc.exe
O4 - HKLM\..\RunOnce: [msgy32.exe] C:\WINDOWS\system32\msgy32.exe
O4 - HKLM\..\RunOnce: [ipls32.exe] C:\WINDOWS\ipls32.exe
O4 - HKLM\..\RunOnce: [sdkfj32.exe] C:\WINDOWS\sdkfj32.exe
O4 - HKLM\..\RunOnce: [sdkzx.exe] C:\WINDOWS\sdkzx.exe
O4 - HKLM\..\RunOnce: [atlez.exe] C:\WINDOWS\atlez.exe
O4 - HKLM\..\RunOnce: [winid32.exe] C:\WINDOWS\winid32.exe
O4 - HKLM\..\RunOnce: [crof32.exe] C:\WINDOWS\crof32.exe
O4 - HKLM\..\RunOnce: [msnn32.exe] C:\WINDOWS\system32\msnn32.exe
O4 - HKLM\..\RunOnce: [appxj32.exe] C:\WINDOWS\appxj32.exe
O4 - HKLM\..\RunOnce: [crki.exe] C:\WINDOWS\system32\crki.exe
O4 - HKLM\..\RunOnce: [apiqk32.exe] C:\WINDOWS\system32\apiqk32.exe
O4 - HKLM\..\RunOnce: [crfx.exe] C:\WINDOWS\crfx.exe
O4 - HKLM\..\RunOnce: [nettz32.exe] C:\WINDOWS\system32\nettz32.exe
O4 - HKLM\..\RunOnce: [javapv.exe] C:\WINDOWS\system32\javapv.exe
O4 - HKLM\..\RunOnce: [apiol32.exe] C:\WINDOWS\system32\apiol32.exe
O4 - HKLM\..\RunOnce: [systn.exe] C:\WINDOWS\systn.exe
O4 - HKLM\..\RunOnce: [d3gt.exe] C:\WINDOWS\system32\d3gt.exe
O4 - HKLM\..\RunOnce: [ntfg.exe] C:\WINDOWS\ntfg.exe
O4 - HKLM\..\RunOnce: [ipoe.exe] C:\WINDOWS\system32\ipoe.exe
O4 - HKLM\..\RunOnce: [addnu32.exe] C:\WINDOWS\system32\addnu32.exe
O4 - HKLM\..\RunOnce: [d3to.exe] C:\WINDOWS\system32\d3to.exe
O4 - HKLM\..\RunOnce: [msej32.exe] C:\WINDOWS\msej32.exe
O4 - HKLM\..\RunOnce: [ntrd.exe] C:\WINDOWS\ntrd.exe
O4 - HKLM\..\RunOnce: [mfcjw.exe] C:\WINDOWS\mfcjw.exe
O4 - HKLM\..\RunOnce: [javayu32.exe] C:\WINDOWS\system32\javayu32.exe
O4 - HKLM\..\RunOnce: [syshc32.exe] C:\WINDOWS\syshc32.exe
------------
maintenant passe about buster autant de fois qu il trouve quelque chose
4/5/6 fois si il faut
------
double clik sur le fichier telecharger tous a l heure
cwsserviceremove.zip
-----------
redemarre et nouvel hijack
écoute baltrap moi j'ai fait tout ce que tu as dit
bon je vais essayer encore ceci et sinon j'emporte mon pc chez un type du coin qui m'arrangera ça
bon je vais essayer encore ceci et sinon j'emporte mon pc chez un type du coin qui m'arrangera ça
balltrap34
Messages postés
16240
Date d'inscription
jeudi 8 janvier 2004
Statut
Contributeur sécurité
Dernière intervention
28 novembre 2009
331
18 juil. 2005 à 23:48
18 juil. 2005 à 23:48
fait bien cela ont vas y arriver je c est cest du boulot
ouf... fini!
bon le aboput buster je l'ai passé au moins 30 fois
ogfile of HijackThis v1.99.1
Scan saved at 11:51:59, on 19/07/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\apppw.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\ServicePackFiles\i386\iexplore.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\dzazdou\Mes documents\Unzipped\hijackthis_199[1]\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\cppfi.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\cppfi.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\cppfi.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\cppfi.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\cppfi.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\cppfi.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par Belgacom Skynet
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.skynet.be
O17 - HKLM\System\CCS\Services\Tcpip\..\{CF69CFF1-526E-4B72-9614-F410022DB1EB}: NameServer = 195.238.2.21 195.238.2.22
O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\apppw.exe" /s (file missing)
O23 - Service: Client de licence CA (CA_LIC_CLNT) - Unknown owner - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe (file missing)
O23 - Service: Serveur de licence CA (CA_LIC_SRVR) - Unknown owner - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Event Log Watch (LogWatch) - Unknown owner - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe (file missing)
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Windows Media Connect (WMC) (WmcCds) - Unknown owner - c:\program files\windows media connect\mswmccds.exe (file missing)
O23 - Service: Aide de Windows Media Connect (WMC) (WmcCdsLs) - Unknown owner - C:\Program Files\Windows Media Connect\mswmcls.exe (file missing)
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
j'espere que les fichiers ne sont pas revenus cette fois ci
bon le aboput buster je l'ai passé au moins 30 fois
ogfile of HijackThis v1.99.1
Scan saved at 11:51:59, on 19/07/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\apppw.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\ServicePackFiles\i386\iexplore.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\dzazdou\Mes documents\Unzipped\hijackthis_199[1]\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\cppfi.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\cppfi.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\cppfi.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\cppfi.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\cppfi.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\cppfi.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par Belgacom Skynet
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.skynet.be
O17 - HKLM\System\CCS\Services\Tcpip\..\{CF69CFF1-526E-4B72-9614-F410022DB1EB}: NameServer = 195.238.2.21 195.238.2.22
O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\apppw.exe" /s (file missing)
O23 - Service: Client de licence CA (CA_LIC_CLNT) - Unknown owner - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe (file missing)
O23 - Service: Serveur de licence CA (CA_LIC_SRVR) - Unknown owner - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Event Log Watch (LogWatch) - Unknown owner - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe (file missing)
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Windows Media Connect (WMC) (WmcCds) - Unknown owner - c:\program files\windows media connect\mswmccds.exe (file missing)
O23 - Service: Aide de Windows Media Connect (WMC) (WmcCdsLs) - Unknown owner - C:\Program Files\Windows Media Connect\mswmcls.exe (file missing)
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
j'espere que les fichiers ne sont pas revenus cette fois ci
balltrap34
Messages postés
16240
Date d'inscription
jeudi 8 janvier 2004
Statut
Contributeur sécurité
Dernière intervention
28 novembre 2009
331
19 juil. 2005 à 12:14
19 juil. 2005 à 12:14
recommence ceci ont y est presque dans cette ordre
about buster autant de fois qu il trouve quelque chose
4/5/6 fois si il faut
------
double clik sur le fichier telecharger tous a l heure
cwsserviceremove.zip
lance hijack et coche et fix
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\cppfi.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\cppfi.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\cppfi.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\cppfi.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\cppfi.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\cppfi.dll/sp.html#37049
R3 - Default URLSearchHook is missing
O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\apppw.exe" /s (file missing)
recherche et suppr si tu trouve
C:\WINDOWS\cppfi.dll/sp.html#37049
C:\WINDOWS\cppfi.dll
copie ceci dans le bloc note et respecte la ligne vide au debut et a la fin
-----------------
Windows Registry Editor Version 5.00
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\%AF夶À¨]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\%AF夶À¨]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\%AF夶À¨]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\%AF夶À¨]
---------------------
enregistre le et donne lui comme nom
fixsp.reg et met tous fichiers dans type
double clik dessus et confirme
redemarre et nouvelle hijack
about buster autant de fois qu il trouve quelque chose
4/5/6 fois si il faut
------
double clik sur le fichier telecharger tous a l heure
cwsserviceremove.zip
lance hijack et coche et fix
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\cppfi.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\cppfi.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\cppfi.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\cppfi.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\cppfi.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\cppfi.dll/sp.html#37049
R3 - Default URLSearchHook is missing
O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\apppw.exe" /s (file missing)
recherche et suppr si tu trouve
C:\WINDOWS\cppfi.dll/sp.html#37049
C:\WINDOWS\cppfi.dll
copie ceci dans le bloc note et respecte la ligne vide au debut et a la fin
-----------------
Windows Registry Editor Version 5.00
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\%AF夶À¨]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\%AF夶À¨]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\%AF夶À¨]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\%AF夶À¨]
---------------------
enregistre le et donne lui comme nom
fixsp.reg et met tous fichiers dans type
double clik dessus et confirme
redemarre et nouvelle hijack
Utilisateur anonyme
19 juil. 2005 à 12:21
19 juil. 2005 à 12:21
salut balltrap,
c est quoi cette manip, au cas ou les sp.htlm en R1 sont tenaces?
c est quoi cette manip, au cas ou les sp.htlm en R1 sont tenaces?