HiJackThis

dieseus Messages postés 144 Statut Membre -  
 Utilisateur anonyme -
salut!
sous Win2000 pro. quand je lance ma page de demarrage meme sous www.google.com, le systèmel commence à me generer une multitude de fenetres. sans arret m'empechant ainsi à aller de l'avant.

j'ai utilisé le HijackThis, et je joins ici le fichier log à toute fin utile ... et merci encore une fois

Logfile of HijackThis v1.98.2
Scan saved at 12:33:58, on 03/01/2006
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINNT\System32\smss.exe
D:\WINNT\system32\winlogon.exe
D:\WINNT\system32\services.exe
D:\WINNT\system32\lsass.exe
D:\WINNT\system32\svchost.exe
D:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
D:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
D:\WINNT\system32\spoolsv.exe
D:\Program Files\LANDesk\Shared Files\residentagent.exe
D:\WINNT\system32\crypserv.exe
D:\Program Files\Symantec AntiVirus\DefWatch.exe
D:\WINNT\System32\svchost.exe
D:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
D:\Program Files\LANDesk\LDClient\LocalSch.EXE
D:\WINNT\System32\CBA\pds.exe
D:\Program Files\LANDesk\LDClient\qipclnt.exe
D:\Program Files\LANDesk\LDClient\tmcsvc.exe
D:\PROGRA~1\LANDesk\LDClient\issuser.exe
D:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\WINNT\system32\regsvc.exe
D:\Program Files\Symantec AntiVirus\SavRoam.exe
D:\WINNT\system32\MSTask.exe
D:\Program Files\Symantec AntiVirus\Rtvscan.exe
D:\WINNT\System32\WBEM\WinMgmt.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\System32\MsgSys.EXE
D:\Program Files\LANDesk\LDClient\softmon.exe
D:\WINNT\Explorer.EXE
D:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
D:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
D:\WINNT\System32\hpnra.exe
D:\WINNT\System32\hpnra.exe
D:\Program Files\LANDesk\LDClient\webportal\sdclientmonitor.exe
D:\Program Files\QuickTime\qttask.exe
D:\WINNT\System32\rundll32.exe
D:\WINNT\System32\ctfmon.exe
D:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\Program Files\Sensiva\Sensiva.exe
D:\Program Files\WinZip\WZQKPICK.EXE
D:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe
D:\Program Files\Bright Bug Software\Shared\Screen Savers\BBDTMngr.exe
E:\disk_dur_D_xp\HijackThis.exe
D:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
D:\WINNT\msagent\AgentSvr.exe
D:\WINNT\System32\taskmgr.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - D:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
F2 - REG:system.ini: UserInit=D:\WINNT\system32\userinit.exe,,D:\Program Files\LANDesk\LDClient\softmon.exe
O1 - Hosts file is located at: D:\WINNT\nsdb\hosts
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - D:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - D:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - D:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O2 - BHO: XBTB00429 - {3FDE0CB5-619F-4227-8961-F2D7ED15B88E} - D:\PROGRA~1\CRAMTO~1\UNTITL~1.DLL
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - D:\Program Files\NewDotNet\newdotnet6_98.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: @msdxmLC.dll,-1@1036,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - D:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O3 - Toolbar: TotalSize Bar - {66FBBF2F-A36F-434F-AAB9-590C0BE6EC53} - D:\Program Files\Moveax TotalSize\ExplorerBar.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AdobeVersionCue] D:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
O4 - HKLM\..\Run: [HP Network Registry Agent] D:\WINNT\System32\hpnra.exe
O4 - HKLM\..\Run: [apcm] D:\WINNT\A1_P2_C3\loadqm.exe
O4 - HKLM\..\Run: [apsvc] D:\WINNT\A1_P2_C3\svcohost.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] D:\WINNT\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [IntelAPMClient] "D:\Program Files\LANDesk\LDClient\amclient.exe" /apm /s /ro
O4 - HKLM\..\Run: [LANDeskInventoryClient] "D:\Program Files\LANDesk\LDClient\LDIScn32.exe" /NTT=SRV_LANDESK:5007 /S=SRV_LANDESK /I=HTTP://SRV_LANDESK/ldlogon/ldappl3.ldz /NOUI
O4 - HKLM\..\Run: [LANDeskVulscanClient] "D:\Program Files\LANDesk\LDClient\vulScan.exe" /agentBehavior=1
O4 - HKLM\..\Run: [SDClientMonitor] "D:\Program Files\LANDesk\LDClient\webportal\sdclientmonitor.exe"
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] D:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [New.net Startup] rundll32 D:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] D:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [TotalSizeManager] D:\Program Files\Moveax TotalSize\TotalSize.exe
O4 - HKCU\..\Run: [Sensiva] c:\Program Files\Sensiva\Sensiva.exe
O4 - Startup: MyWebSearch Email Plugin.lnk = D:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = D:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: Digimax Viewer 2.1.lnk = D:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: MyWebSearch Email Plugin.lnk = D:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Global Startup: Run BBDTMngr.exe.lnk = D:\Program Files\Bright Bug Software\Shared\Screen Savers\BBDTMngr.exe
O8 - Extra context menu item: &IFS: Îïðåäåëèòü ðàçìåð ôàéëà - res://D:\Program Files\Moveax TotalSize\IFSIELauncher.dll/201
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZU
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Save Flash to GetFlash - res://D:\Program Files\Superhunter\GetFlash\GetFlash.dll/GetFlash.htm
O8 - Extra context menu item: Sothink SWF Catcher - D:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\WINNT\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\WINNT\System32\msjava.dll
O9 - Extra button: GetFlash - {348821E2-5D36-42c5-9821-E3293F6699F9} - D:\Program Files\Superhunter\GetFlash\GetFlash.dll (file missing)
O9 - Extra 'Tools' menuitem: GetFlash - {348821E2-5D36-42c5-9821-E3293F6699F9} - D:\Program Files\Superhunter\GetFlash\GetFlash.dll (file missing)
O9 - Extra button: GetFlash - {3CA1D406-30D8-4DBC-8EE6-0E2C05F78864} - (no file)
O9 - Extra 'Tools' menuitem: GetFlash - {3CA1D406-30D8-4DBC-8EE6-0E2C05F78864} - (no file)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINNT\web\related.htm
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - D:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - D:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O9 - Extra button: GetFlash - {3CA1D406-30D8-4DBC-8EE6-0E2C05F78864} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: GetFlash - {3CA1D406-30D8-4DBC-8EE6-0E2C05F78864} - (no file) (HKCU)
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O11 - Options group: [!AGetFlash] GetFlash
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/PopularScreenSaversFWBInitialSetup1.0.0.8.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yinst_current.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by19fd.bay19.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://drivers1.free.fr/hardwaredetection.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab

13 réponses

  1. Utilisateur anonyme
     
    salut

    t as pas la bonne version

    télécharge HijackThis ici:
    http://www.hijackthis.de/downloads/hijackthis_199.zip

    Dézippe le dans un dossier prévu à cet effet.
    Par exemple C:\hijackthis < Enregistre le bien dans c : !
    Démo : (Merci a Balltrap34 pour cette réalisation)
    http://pageperso.aol.fr/balltrap34/Hijenr.gif

    Lance le puis:
    clique sur "do a system scan and save logfile" (cf démo)
    faire un copier coller du log entier sur le forum

    Démo : (Merci a Balltrap34 pour cette réalisation)
    http://pageperso.aol.fr/balltrap34/demohijack.htm

    Bon courage

    A+
    0
    1. dieseus Messages postés 144 Statut Membre 9
       
      Bonjour, et merci pour votre aide, j'ai utilisé la nouvelle version , je tiens à preciser que ce probleme apparait seulement sur l'explorateur IE.. et voici le log généré.

      merci de me montrer les lignes à eliminer

      Logfile of HijackThis v1.99.1
      Scan saved at 11:45:02, on 04/01/2006
      Platform: Windows 2000 SP3 (WinNT 5.00.2195)
      MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

      Running processes:
      D:\WINNT\System32\smss.exe
      D:\WINNT\system32\winlogon.exe
      D:\WINNT\system32\services.exe
      D:\WINNT\system32\lsass.exe
      D:\WINNT\system32\svchost.exe
      D:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
      D:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
      D:\WINNT\system32\spoolsv.exe
      D:\Program Files\LANDesk\Shared Files\residentagent.exe
      D:\WINNT\system32\crypserv.exe
      D:\Program Files\Symantec AntiVirus\DefWatch.exe
      D:\WINNT\System32\svchost.exe
      D:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
      D:\Program Files\LANDesk\LDClient\LocalSch.EXE
      D:\WINNT\System32\CBA\pds.exe
      D:\Program Files\LANDesk\LDClient\qipclnt.exe
      D:\Program Files\LANDesk\LDClient\tmcsvc.exe
      D:\PROGRA~1\LANDesk\LDClient\issuser.exe
      D:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
      D:\WINNT\system32\regsvc.exe
      D:\Program Files\Symantec AntiVirus\SavRoam.exe
      D:\WINNT\system32\MSTask.exe
      D:\Program Files\Symantec AntiVirus\Rtvscan.exe
      D:\WINNT\System32\WBEM\WinMgmt.exe
      D:\WINNT\system32\svchost.exe
      D:\WINNT\System32\MsgSys.EXE
      D:\Program Files\LANDesk\LDClient\softmon.exe
      D:\WINNT\Explorer.EXE
      D:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
      D:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
      D:\WINNT\System32\hpnra.exe
      D:\WINNT\System32\hpnra.exe
      D:\Program Files\LANDesk\LDClient\webportal\sdclientmonitor.exe
      D:\Program Files\QuickTime\qttask.exe
      D:\WINNT\System32\rundll32.exe
      D:\WINNT\System32\ctfmon.exe
      D:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
      C:\Program Files\Sensiva\Sensiva.exe
      D:\Program Files\WinZip\WZQKPICK.EXE
      D:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe
      D:\Program Files\Bright Bug Software\Shared\Screen Savers\BBDTMngr.exe
      E:\disk_dur_D_xp\HijackThis.exe
      D:\WINNT\System32\taskmgr.exe
      D:\Program Files\Mozilla Firefox\firefox.exe
      D:\WINNT\System32\svchost.exe
      D:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
      D:\PROGRA~1\WINZIP\winzip32.exe
      D:\Documents and Settings\s.jarek.DOMONDA\Local Settings\Temp\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer =
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - D:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
      F2 - REG:system.ini: UserInit=D:\WINNT\system32\userinit.exe,,D:\Program Files\LANDesk\LDClient\softmon.exe
      O1 - Hosts file is located at: D:\WINNT\nsdb\hosts
      O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - D:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
      O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
      O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - D:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
      O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - D:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
      O2 - BHO: XBTB00429 - {3FDE0CB5-619F-4227-8961-F2D7ED15B88E} - D:\PROGRA~1\CRAMTO~1\UNTITL~1.DLL
      O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - D:\Program Files\NewDotNet\newdotnet6_98.dll
      O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
      O3 - Toolbar: @msdxmLC.dll,-1@1036,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\System32\msdxm.ocx
      O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
      O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - D:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
      O3 - Toolbar: TotalSize Bar - {66FBBF2F-A36F-434F-AAB9-590C0BE6EC53} - D:\Program Files\Moveax TotalSize\ExplorerBar.dll
      O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
      O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
      O4 - HKLM\..\Run: [AdobeVersionCue] D:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
      O4 - HKLM\..\Run: [HP Network Registry Agent] D:\WINNT\System32\hpnra.exe
      O4 - HKLM\..\Run: [apcm] D:\WINNT\A1_P2_C3\loadqm.exe
      O4 - HKLM\..\Run: [apsvc] D:\WINNT\A1_P2_C3\svcohost.exe
      O4 - HKLM\..\Run: [PinnacleDriverCheck] D:\WINNT\System32\PSDrvCheck.exe -CheckReg
      O4 - HKLM\..\Run: [IntelAPMClient] "D:\Program Files\LANDesk\LDClient\amclient.exe" /apm /s /ro
      O4 - HKLM\..\Run: [LANDeskInventoryClient] "D:\Program Files\LANDesk\LDClient\LDIScn32.exe" /NTT=SRV_LANDESK:5007 /S=SRV_LANDESK /I=HTTP://SRV_LANDESK/ldlogon/ldappl3.ldz /NOUI
      O4 - HKLM\..\Run: [LANDeskVulscanClient] "D:\Program Files\LANDesk\LDClient\vulScan.exe" /agentBehavior=1
      O4 - HKLM\..\Run: [SDClientMonitor] "D:\Program Files\LANDesk\LDClient\webportal\sdclientmonitor.exe"
      O4 - HKLM\..\Run: [MyWebSearch Email Plugin] D:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
      O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINNT\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [New.net Startup] rundll32 D:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
      O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
      O4 - HKCU\..\Run: [MyWebSearch Email Plugin] D:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
      O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [TotalSizeManager] D:\Program Files\Moveax TotalSize\TotalSize.exe
      O4 - HKCU\..\Run: [Sensiva] c:\Program Files\Sensiva\Sensiva.exe
      O4 - Startup: MyWebSearch Email Plugin.lnk = D:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
      O4 - Global Startup: WinZip Quick Pick.lnk = D:\Program Files\WinZip\WZQKPICK.EXE
      O8 - Extra context menu item: &IFS: Îïðåäåëèòü ðàçìåð ôàéëà - res://D:\Program Files\Moveax TotalSize\IFSIELauncher.dll/201
      O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZU
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O8 - Extra context menu item: Save Flash to GetFlash - res://D:\Program Files\Superhunter\GetFlash\GetFlash.dll/GetFlash.htm
      O8 - Extra context menu item: Sothink SWF Catcher - D:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm
      O10 - Hijacked Internet access by New.Net
      O10 - Hijacked Internet access by New.Net
      O10 - Hijacked Internet access by New.Net
      O10 - Hijacked Internet access by New.Net
      O10 - Hijacked Internet access by New.Net
      O11 - Options group: [!AGetFlash] GetFlash
      O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
      O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = onda.aero
      O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = onda.aero
      O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = onda.aero
      O20 - Winlogon Notify: NavLogon - D:\WINNT\System32\NavLogon.dll
      O23 - Service: Adobe LM Service - Unknown owner - D:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
      O23 - Service: AdobeVersionCue - Adobe Sytems - D:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
      O23 - Service: LANDesk(R) Management Agent (CBA8) - LANDesk(R) Development, Ltd - D:\Program Files\LANDesk\Shared Files\residentagent.exe
      O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
      O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - D:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
      O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
      O23 - Service: Crypkey License - Kenonic Controls Ltd. - D:\WINNT\SYSTEM32\crypserv.exe
      O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - D:\Program Files\Symantec AntiVirus\DefWatch.exe
      O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - D:\WINNT\System32\dmadmin.exe
      O23 - Service: GhostStartService - Symantec Corporation - D:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: Intel Local Scheduler Service - LANDesk Software Ltd. - D:\Program Files\LANDesk\LDClient\LocalSch.EXE
      O23 - Service: Intel PDS - Intel® Corporation - D:\WINNT\System32\CBA\pds.exe
      O23 - Service: Intel QIP Client Service - LANDesk Software Ltd. - D:\Program Files\LANDesk\LDClient\qipclnt.exe
      O23 - Service: Multicast LANDesk ciblé (Intel Targeted Multicast) - LANDesk Software Ltd. - D:\Program Files\LANDesk\LDClient\tmcsvc.exe
      O23 - Service: Service de Contrôle distant de LANDesk (ISSUSER) - LANDesk Software, Ltd. - D:\PROGRA~1\LANDesk\LDClient\issuser.exe
      O23 - Service: Macromedia Licensing Service - Macromedia - D:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
      O23 - Service: SAVRoam (SavRoam) - symantec - D:\Program Files\Symantec AntiVirus\SavRoam.exe
      O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
      O23 - Service: Symantec AntiVirus - Symantec Corporation - D:\Program Files\Symantec AntiVirus\Rtvscan.exe
      0
  2. me_Zo
     
    j'ai supprimer un truc et refais,
    je l'ai aussi fais à partir de c:

    Logfile of HijackThis v1.99.1
    Scan saved at 2:34:19 AM, on 1/4/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\WINDOWS\system32\ps2.exe
    C:\WINDOWS\ALCXMNTR.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\PROGRA~1\SPYWAR~1\swdoctor.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Grisoft\AVG Free\avgcc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\Program Files\Grisoft\AVG Free\avgemc.exe
    C:\WINDOWS\system32\WISPTIS.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=Q105&bd=pavilion&pf=desktop
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=Q105&bd=pavilion&pf=desktop
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
    O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
    O4 - HKLM\..\Run: [SunServer] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.2\SetHook.exe
    O4 - HKLM\..\Run: [VirusKeeper] C:\Program Files\AxBx\VirusKeeper 2005 Pro\VirusKeeper.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [AutoTBar] c:\Program Files\HP\Digital Imaging\bin\AUTOTBAR.EXE
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
    O4 - HKCU\..\Run: [PicoZip] C:\Program Files\PicoZip\PicoZipTray.exe
    O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
    O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
    O4 - HKCU\..\Run: [Gestionnaire Antidote.exe] C:\Program Files\Druide\Antidote\Antidote\Gestionnaire Antidote.exe
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: Ubisoft register.lnk = C:\Program Files\Ubisoft\Register\schedule.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\PROGRA~1\ELTIMA~1\FLASHD~1\iebt.dll (HKCU)
    O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\PROGRA~1\ELTIMA~1\FLASHD~1\iebt.dll (HKCU)
    O9 - Extra button: Correcteur - {F7C8E5F6-B6D1-45db-8D91-2BCFA5DF11A9} - C:\PROGRA~1\Druide\Antidote\Antidote\Internet Explorer\6\Antidote K - IE 6.htm (HKCU)
    O9 - Extra button: Dictionnaire - {FB4AE6A3-EE20-442c-9189-251885352358} - C:\PROGRA~1\Druide\Antidote\Antidote\Internet Explorer\6\Antidote D - IE 6.htm (HKCU)
    O9 - Extra button: Synonymes - {FDD637F8-2693-49ce-817E-1AD59574900C} - C:\PROGRA~1\Druide\Antidote\Antidote\Internet Explorer\6\Antidote S - IE 6.htm (HKCU)
    O9 - Extra button: Conjugueur - {FF229BEC-9E1F-48c1-99A6-AF34ABEFAB0A} - C:\PROGRA~1\Druide\Antidote\Antidote\Internet Explorer\6\Antidote C - IE 6.htm (HKCU)
    O9 - Extra button: Grammaire - {FFB5EE7F-726F-423e-83C2-572FE7CEB3F0} - C:\PROGRA~1\Druide\Antidote\Antidote\Internet Explorer\6\Antidote G - IE 6.htm (HKCU)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1124501010906
    O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://clubic.metaboli.fr/components/Metaboli.ocx
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005102501/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{809F026D-F987-457C-B577-C090436092CB}: NameServer = 206.47.244.15 206.47.244.50
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)

    merci pour tout
    0
  3. me_zo
     
    Désolé je me suis trompé de discution, veulliex me pardonner
    0
  4. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  5. Utilisateur anonyme
     
    aie aie,

    HijackThis -> Open the misc tools sections -> open Uninstall manager -> clique sur "Save list" -> enregistre le fichier -> fais-en un copier/coller ici.
    0
  6. dieseus Messages postés 144 Statut Membre 9
     
    ok voila comme c demandé.. le log

    D:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
    C:\Program Files\Sensiva\Sensiva.exe
    D:\Program Files\WinZip\WZQKPICK.EXE
    D:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe
    D:\Program Files\Bright Bug Software\Shared\Screen Savers\BBDTMngr.exe
    E:\disk_dur_D_xp\HijackThis.exe
    D:\Program Files\Mozilla Firefox\firefox.exe
    D:\WINNT\System32\svchost.exe
    D:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
    D:\PROGRA~1\WINZIP\winzip32.exe
    D:\Documents and Settings\s.jarek.DOMONDA\Local Settings\Temp\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - D:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
    F2 - REG:system.ini: UserInit=D:\WINNT\system32\userinit.exe,,D:\Program Files\LANDesk\LDClient\softmon.exe
    O1 - Hosts file is located at: D:\WINNT\nsdb\hosts
    O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - D:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - D:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
    O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - D:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
    O2 - BHO: XBTB00429 - {3FDE0CB5-619F-4227-8961-F2D7ED15B88E} - D:\PROGRA~1\CRAMTO~1\UNTITL~1.DLL
    O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - D:\Program Files\NewDotNet\newdotnet6_98.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: @msdxmLC.dll,-1@1036,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\System32\msdxm.ocx
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - D:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
    O3 - Toolbar: TotalSize Bar - {66FBBF2F-A36F-434F-AAB9-590C0BE6EC53} - D:\Program Files\Moveax TotalSize\ExplorerBar.dll
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [AdobeVersionCue] D:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
    O4 - HKLM\..\Run: [HP Network Registry Agent] D:\WINNT\System32\hpnra.exe
    O4 - HKLM\..\Run: [apcm] D:\WINNT\A1_P2_C3\loadqm.exe
    O4 - HKLM\..\Run: [apsvc] D:\WINNT\A1_P2_C3\svcohost.exe
    O4 - HKLM\..\Run: [PinnacleDriverCheck] D:\WINNT\System32\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [IntelAPMClient] "D:\Program Files\LANDesk\LDClient\amclient.exe" /apm /s /ro
    O4 - HKLM\..\Run: [LANDeskInventoryClient] "D:\Program Files\LANDesk\LDClient\LDIScn32.exe" /NTT=SRV_LANDESK:5007 /S=SRV_LANDESK /I=HTTP://SRV_LANDESK/ldlogon/ldappl3.ldz /NOUI
    O4 - HKLM\..\Run: [LANDeskVulscanClient] "D:\Program Files\LANDesk\LDClient\vulScan.exe" /agentBehavior=1
    O4 - HKLM\..\Run: [SDClientMonitor] "D:\Program Files\LANDesk\LDClient\webportal\sdclientmonitor.exe"
    O4 - HKLM\..\Run: [MyWebSearch Email Plugin] D:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINNT\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [New.net Startup] rundll32 D:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
    O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
    O4 - HKCU\..\Run: [MyWebSearch Email Plugin] D:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [TotalSizeManager] D:\Program Files\Moveax TotalSize\TotalSize.exe
    O4 - HKCU\..\Run: [Sensiva] c:\Program Files\Sensiva\Sensiva.exe
    O4 - Startup: MyWebSearch Email Plugin.lnk = D:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
    O4 - Global Startup: WinZip Quick Pick.lnk = D:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: &IFS: Îïðåäåëèòü ðàçìåð ôàéëà - res://D:\Program Files\Moveax TotalSize\IFSIELauncher.dll/201
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZU
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Save Flash to GetFlash - res://D:\Program Files\Superhunter\GetFlash\GetFlash.dll/GetFlash.htm
    O8 - Extra context menu item: Sothink SWF Catcher - D:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O11 - Options group: [!AGetFlash] GetFlash
    O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = onda.aero
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = onda.aero
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = onda.aero
    O20 - Winlogon Notify: NavLogon - D:\WINNT\System32\NavLogon.dll
    O23 - Service: Adobe LM Service - Unknown owner - D:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AdobeVersionCue - Adobe Sytems - D:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
    O23 - Service: LANDesk(R) Management Agent (CBA8) - LANDesk(R) Development, Ltd - D:\Program Files\LANDesk\Shared Files\residentagent.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - D:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    O23 - Service: Crypkey License - Kenonic Controls Ltd. - D:\WINNT\SYSTEM32\crypserv.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - D:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - D:\WINNT\System32\dmadmin.exe
    O23 - Service: GhostStartService - Symantec Corporation - D:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Intel Local Scheduler Service - LANDesk Software Ltd. - D:\Program Files\LANDesk\LDClient\LocalSch.EXE
    O23 - Service: Intel PDS - Intel® Corporation - D:\WINNT\System32\CBA\pds.exe
    O23 - Service: Intel QIP Client Service - LANDesk Software Ltd. - D:\Program Files\LANDesk\LDClient\qipclnt.exe
    O23 - Service: Multicast LANDesk ciblé (Intel Targeted Multicast) - LANDesk Software Ltd. - D:\Program Files\LANDesk\LDClient\tmcsvc.exe
    O23 - Service: Service de Contrôle distant de LANDesk (ISSUSER) - LANDesk Software, Ltd. - D:\PROGRA~1\LANDesk\LDClient\issuser.exe
    O23 - Service: Macromedia Licensing Service - Macromedia - D:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - D:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - D:\Program Files\Symantec AntiVirus\Rtvscan.exe
    0
  7. Utilisateur anonyme
     
    non, c est pas ca que j ai demandé lol

    a+
    0
  8. dieseus Messages postés 144 Statut Membre 9
     
    lol
    m'excuse , matnant je crois que c bon..

    1 Cool Menu FX Tool
    1st Flash Studio Pro+
    3D Hand Clock
    3DWebButton v1.7
    A4Desk v5.22
    Adobe Acrobat 5.0
    Adobe Creative Suite
    Adobe Premiere 6.0
    Adobe SVG Viewer 3.0
    ArcSoft PhotoImpression 4
    Articulate Presenter Professional Edition Trial
    AVI MPEG Video Converter
    AVI/MPEG CD MAKER 1.1
    Business Card Designer Plus 8.5.1.0
    Camtasia Studio 2
    Cram Toolbar
    DefaultProductName
    develotec Flashmorph (remove only)
    Digimax Viewer 2.1
    Easy Video Splitter 1.28
    EPSON Scan! II
    Flash Decompiler
    Flash miner 1.40
    Flashation Menu Builder
    Folder Guard
    GetFlash
    GlobFX Web Player
    Google Earth
    Half-Life: Counter-Strike
    HijackThis 1.99.1
    Jasc Animation Shop 3
    Java 2 Runtime Environment, SE v1.4.1_02
    Java Web Start
    Lame ACM MP3 Codec
    LiveReg (Symantec Corporation)
    LiveUpdate 2.0 (Symantec Corporation)
    Macromedia Dreamweaver MX 2004
    Macromedia Extension Manager
    Macromedia Fireworks MX 2004
    Macromedia Flash MX 2004
    Macromedia Flash Player 8
    Macromedia Flash Player 8
    Macromedia Shockwave Player
    MemTurbo
    MicroBest Cracklock 3.8.1
    Microsoft .NET Framework 1.1
    Microsoft Internet Explorer 6 SP1
    Microsoft Office Professional Edition 2003
    Microsoft Office XP Professional avec FrontPage
    Mise à jour système du Lecteur Windows Media (Série 9)
    Mix-FX
    Mozilla Firefox (1.0)
    Mozilla Firefox (1.0.4)
    Mozilla Thunderbird (1.0)
    MPEG Maker 2 v1.0 Demo
    Multimedia Construction Kit 3.4.2 - Build 040.308
    muvee autoProducer 3.5 magicMoments
    My IPs
    My Web Search Bar
    Nero 6 Ultra Edition
    New.net Domains 6.98
    Norton Ghost
    Notepad++
    Panoweaver 3.01 Standard Edition
    PcMedik
    PowerQuest PartitionMagic 8.0
    Programme de désinstallation hp color LaserJet 4600
    QuickTime
    Récupérez vos Fichiers
    said_test_flash Screen Saver
    Samsung Digimax 430&370
    ScreenTime for Flash 3.0.1 Demo
    Sensiva
    SolidConverterPDF
    Sothink SWF Decompiler
    SpyKy 1.0
    SpywareBlaster v3.3
    Sqirlz Morph
    Studio 9
    Swift 3D Version 1.00
    SWiSHmax
    SWiSHvideo
    Symantec AntiVirus
    The File Splitter 1.31
    TotalSize 3.48
    TSM100 / TSM30 USB MASS STORAGE DRIVER
    Ultra Screen Saver Maker
    V - The File Viewer
    Valve Hammer Editor
    Video Edit Magic 4.12
    Video Screensaver Maker (Trial)
    Video2Flash 3.1
    WinRAR archiver
    WinZip
    WinZip Companion for Outlook
    Xara ScreenMaker3D
    Xara3D6
    Yahoo! Toolbar

    Merci de vot aide
    0
  9. Utilisateur anonyme
     
    commence par desinstaller ceci

    My Web Search Bar
    New.net Domains 6.98

    et remet un hijack this

    a+
    0
  10. dieseus Messages postés 144 Statut Membre 9
     
    impeccable , c'est réussi .

    dois je me contenter de ça ou bien on continue

    merci infiniment

    Lent comme je suis , je vous suis
    0
  11. Utilisateur anonyme
     
    Re,

    non remet un hijack this

    a+
    0
  12. dieseus Messages postés 144 Statut Membre 9
     
    j'ai pas bien saisi ..
    dois executer un hijackthis et coller le reultat ici ou quoi ?

    je voudrais pas pas te faire du mal "aie aie"

    merci
    0
  13. Utilisateur anonyme
     
    Re,
    lol
    Tu n es pas trop familier avec ces termes? lol

    Remet un rapport hijack this (ou logfiles ca s appelle) comme au poste 7
    C est exactement cela, tu generes un rapport et tu me l envoie

    PS: Oublie pas ton carnet de cheques lool
    0