HiJackThis
dieseus
Messages postés
144
Statut
Membre
-
Utilisateur anonyme -
Utilisateur anonyme -
salut!
sous Win2000 pro. quand je lance ma page de demarrage meme sous www.google.com, le systèmel commence à me generer une multitude de fenetres. sans arret m'empechant ainsi à aller de l'avant.
j'ai utilisé le HijackThis, et je joins ici le fichier log à toute fin utile ... et merci encore une fois
Logfile of HijackThis v1.98.2
Scan saved at 12:33:58, on 03/01/2006
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
D:\WINNT\System32\smss.exe
D:\WINNT\system32\winlogon.exe
D:\WINNT\system32\services.exe
D:\WINNT\system32\lsass.exe
D:\WINNT\system32\svchost.exe
D:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
D:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
D:\WINNT\system32\spoolsv.exe
D:\Program Files\LANDesk\Shared Files\residentagent.exe
D:\WINNT\system32\crypserv.exe
D:\Program Files\Symantec AntiVirus\DefWatch.exe
D:\WINNT\System32\svchost.exe
D:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
D:\Program Files\LANDesk\LDClient\LocalSch.EXE
D:\WINNT\System32\CBA\pds.exe
D:\Program Files\LANDesk\LDClient\qipclnt.exe
D:\Program Files\LANDesk\LDClient\tmcsvc.exe
D:\PROGRA~1\LANDesk\LDClient\issuser.exe
D:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\WINNT\system32\regsvc.exe
D:\Program Files\Symantec AntiVirus\SavRoam.exe
D:\WINNT\system32\MSTask.exe
D:\Program Files\Symantec AntiVirus\Rtvscan.exe
D:\WINNT\System32\WBEM\WinMgmt.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\System32\MsgSys.EXE
D:\Program Files\LANDesk\LDClient\softmon.exe
D:\WINNT\Explorer.EXE
D:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
D:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
D:\WINNT\System32\hpnra.exe
D:\WINNT\System32\hpnra.exe
D:\Program Files\LANDesk\LDClient\webportal\sdclientmonitor.exe
D:\Program Files\QuickTime\qttask.exe
D:\WINNT\System32\rundll32.exe
D:\WINNT\System32\ctfmon.exe
D:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\Program Files\Sensiva\Sensiva.exe
D:\Program Files\WinZip\WZQKPICK.EXE
D:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe
D:\Program Files\Bright Bug Software\Shared\Screen Savers\BBDTMngr.exe
E:\disk_dur_D_xp\HijackThis.exe
D:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
D:\WINNT\msagent\AgentSvr.exe
D:\WINNT\System32\taskmgr.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - D:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
F2 - REG:system.ini: UserInit=D:\WINNT\system32\userinit.exe,,D:\Program Files\LANDesk\LDClient\softmon.exe
O1 - Hosts file is located at: D:\WINNT\nsdb\hosts
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - D:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - D:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - D:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O2 - BHO: XBTB00429 - {3FDE0CB5-619F-4227-8961-F2D7ED15B88E} - D:\PROGRA~1\CRAMTO~1\UNTITL~1.DLL
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - D:\Program Files\NewDotNet\newdotnet6_98.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: @msdxmLC.dll,-1@1036,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - D:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O3 - Toolbar: TotalSize Bar - {66FBBF2F-A36F-434F-AAB9-590C0BE6EC53} - D:\Program Files\Moveax TotalSize\ExplorerBar.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AdobeVersionCue] D:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
O4 - HKLM\..\Run: [HP Network Registry Agent] D:\WINNT\System32\hpnra.exe
O4 - HKLM\..\Run: [apcm] D:\WINNT\A1_P2_C3\loadqm.exe
O4 - HKLM\..\Run: [apsvc] D:\WINNT\A1_P2_C3\svcohost.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] D:\WINNT\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [IntelAPMClient] "D:\Program Files\LANDesk\LDClient\amclient.exe" /apm /s /ro
O4 - HKLM\..\Run: [LANDeskInventoryClient] "D:\Program Files\LANDesk\LDClient\LDIScn32.exe" /NTT=SRV_LANDESK:5007 /S=SRV_LANDESK /I=HTTP://SRV_LANDESK/ldlogon/ldappl3.ldz /NOUI
O4 - HKLM\..\Run: [LANDeskVulscanClient] "D:\Program Files\LANDesk\LDClient\vulScan.exe" /agentBehavior=1
O4 - HKLM\..\Run: [SDClientMonitor] "D:\Program Files\LANDesk\LDClient\webportal\sdclientmonitor.exe"
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] D:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [New.net Startup] rundll32 D:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] D:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [TotalSizeManager] D:\Program Files\Moveax TotalSize\TotalSize.exe
O4 - HKCU\..\Run: [Sensiva] c:\Program Files\Sensiva\Sensiva.exe
O4 - Startup: MyWebSearch Email Plugin.lnk = D:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = D:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: Digimax Viewer 2.1.lnk = D:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: MyWebSearch Email Plugin.lnk = D:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Global Startup: Run BBDTMngr.exe.lnk = D:\Program Files\Bright Bug Software\Shared\Screen Savers\BBDTMngr.exe
O8 - Extra context menu item: &IFS: Îïðåäåëèòü ðàçìåð ôàéëà - res://D:\Program Files\Moveax TotalSize\IFSIELauncher.dll/201
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZU
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Save Flash to GetFlash - res://D:\Program Files\Superhunter\GetFlash\GetFlash.dll/GetFlash.htm
O8 - Extra context menu item: Sothink SWF Catcher - D:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\WINNT\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\WINNT\System32\msjava.dll
O9 - Extra button: GetFlash - {348821E2-5D36-42c5-9821-E3293F6699F9} - D:\Program Files\Superhunter\GetFlash\GetFlash.dll (file missing)
O9 - Extra 'Tools' menuitem: GetFlash - {348821E2-5D36-42c5-9821-E3293F6699F9} - D:\Program Files\Superhunter\GetFlash\GetFlash.dll (file missing)
O9 - Extra button: GetFlash - {3CA1D406-30D8-4DBC-8EE6-0E2C05F78864} - (no file)
O9 - Extra 'Tools' menuitem: GetFlash - {3CA1D406-30D8-4DBC-8EE6-0E2C05F78864} - (no file)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINNT\web\related.htm
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - D:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - D:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O9 - Extra button: GetFlash - {3CA1D406-30D8-4DBC-8EE6-0E2C05F78864} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: GetFlash - {3CA1D406-30D8-4DBC-8EE6-0E2C05F78864} - (no file) (HKCU)
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O11 - Options group: [!AGetFlash] GetFlash
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/PopularScreenSaversFWBInitialSetup1.0.0.8.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yinst_current.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by19fd.bay19.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://drivers1.free.fr/hardwaredetection.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
sous Win2000 pro. quand je lance ma page de demarrage meme sous www.google.com, le systèmel commence à me generer une multitude de fenetres. sans arret m'empechant ainsi à aller de l'avant.
j'ai utilisé le HijackThis, et je joins ici le fichier log à toute fin utile ... et merci encore une fois
Logfile of HijackThis v1.98.2
Scan saved at 12:33:58, on 03/01/2006
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
D:\WINNT\System32\smss.exe
D:\WINNT\system32\winlogon.exe
D:\WINNT\system32\services.exe
D:\WINNT\system32\lsass.exe
D:\WINNT\system32\svchost.exe
D:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
D:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
D:\WINNT\system32\spoolsv.exe
D:\Program Files\LANDesk\Shared Files\residentagent.exe
D:\WINNT\system32\crypserv.exe
D:\Program Files\Symantec AntiVirus\DefWatch.exe
D:\WINNT\System32\svchost.exe
D:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
D:\Program Files\LANDesk\LDClient\LocalSch.EXE
D:\WINNT\System32\CBA\pds.exe
D:\Program Files\LANDesk\LDClient\qipclnt.exe
D:\Program Files\LANDesk\LDClient\tmcsvc.exe
D:\PROGRA~1\LANDesk\LDClient\issuser.exe
D:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\WINNT\system32\regsvc.exe
D:\Program Files\Symantec AntiVirus\SavRoam.exe
D:\WINNT\system32\MSTask.exe
D:\Program Files\Symantec AntiVirus\Rtvscan.exe
D:\WINNT\System32\WBEM\WinMgmt.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\System32\MsgSys.EXE
D:\Program Files\LANDesk\LDClient\softmon.exe
D:\WINNT\Explorer.EXE
D:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
D:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
D:\WINNT\System32\hpnra.exe
D:\WINNT\System32\hpnra.exe
D:\Program Files\LANDesk\LDClient\webportal\sdclientmonitor.exe
D:\Program Files\QuickTime\qttask.exe
D:\WINNT\System32\rundll32.exe
D:\WINNT\System32\ctfmon.exe
D:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\Program Files\Sensiva\Sensiva.exe
D:\Program Files\WinZip\WZQKPICK.EXE
D:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe
D:\Program Files\Bright Bug Software\Shared\Screen Savers\BBDTMngr.exe
E:\disk_dur_D_xp\HijackThis.exe
D:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
D:\WINNT\msagent\AgentSvr.exe
D:\WINNT\System32\taskmgr.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - D:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
F2 - REG:system.ini: UserInit=D:\WINNT\system32\userinit.exe,,D:\Program Files\LANDesk\LDClient\softmon.exe
O1 - Hosts file is located at: D:\WINNT\nsdb\hosts
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - D:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - D:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - D:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O2 - BHO: XBTB00429 - {3FDE0CB5-619F-4227-8961-F2D7ED15B88E} - D:\PROGRA~1\CRAMTO~1\UNTITL~1.DLL
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - D:\Program Files\NewDotNet\newdotnet6_98.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: @msdxmLC.dll,-1@1036,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - D:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O3 - Toolbar: TotalSize Bar - {66FBBF2F-A36F-434F-AAB9-590C0BE6EC53} - D:\Program Files\Moveax TotalSize\ExplorerBar.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AdobeVersionCue] D:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
O4 - HKLM\..\Run: [HP Network Registry Agent] D:\WINNT\System32\hpnra.exe
O4 - HKLM\..\Run: [apcm] D:\WINNT\A1_P2_C3\loadqm.exe
O4 - HKLM\..\Run: [apsvc] D:\WINNT\A1_P2_C3\svcohost.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] D:\WINNT\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [IntelAPMClient] "D:\Program Files\LANDesk\LDClient\amclient.exe" /apm /s /ro
O4 - HKLM\..\Run: [LANDeskInventoryClient] "D:\Program Files\LANDesk\LDClient\LDIScn32.exe" /NTT=SRV_LANDESK:5007 /S=SRV_LANDESK /I=HTTP://SRV_LANDESK/ldlogon/ldappl3.ldz /NOUI
O4 - HKLM\..\Run: [LANDeskVulscanClient] "D:\Program Files\LANDesk\LDClient\vulScan.exe" /agentBehavior=1
O4 - HKLM\..\Run: [SDClientMonitor] "D:\Program Files\LANDesk\LDClient\webportal\sdclientmonitor.exe"
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] D:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [New.net Startup] rundll32 D:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] D:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [TotalSizeManager] D:\Program Files\Moveax TotalSize\TotalSize.exe
O4 - HKCU\..\Run: [Sensiva] c:\Program Files\Sensiva\Sensiva.exe
O4 - Startup: MyWebSearch Email Plugin.lnk = D:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = D:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: Digimax Viewer 2.1.lnk = D:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: MyWebSearch Email Plugin.lnk = D:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Global Startup: Run BBDTMngr.exe.lnk = D:\Program Files\Bright Bug Software\Shared\Screen Savers\BBDTMngr.exe
O8 - Extra context menu item: &IFS: Îïðåäåëèòü ðàçìåð ôàéëà - res://D:\Program Files\Moveax TotalSize\IFSIELauncher.dll/201
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZU
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Save Flash to GetFlash - res://D:\Program Files\Superhunter\GetFlash\GetFlash.dll/GetFlash.htm
O8 - Extra context menu item: Sothink SWF Catcher - D:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\WINNT\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\WINNT\System32\msjava.dll
O9 - Extra button: GetFlash - {348821E2-5D36-42c5-9821-E3293F6699F9} - D:\Program Files\Superhunter\GetFlash\GetFlash.dll (file missing)
O9 - Extra 'Tools' menuitem: GetFlash - {348821E2-5D36-42c5-9821-E3293F6699F9} - D:\Program Files\Superhunter\GetFlash\GetFlash.dll (file missing)
O9 - Extra button: GetFlash - {3CA1D406-30D8-4DBC-8EE6-0E2C05F78864} - (no file)
O9 - Extra 'Tools' menuitem: GetFlash - {3CA1D406-30D8-4DBC-8EE6-0E2C05F78864} - (no file)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINNT\web\related.htm
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - D:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - D:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O9 - Extra button: GetFlash - {3CA1D406-30D8-4DBC-8EE6-0E2C05F78864} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: GetFlash - {3CA1D406-30D8-4DBC-8EE6-0E2C05F78864} - (no file) (HKCU)
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O11 - Options group: [!AGetFlash] GetFlash
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/PopularScreenSaversFWBInitialSetup1.0.0.8.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yinst_current.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by19fd.bay19.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://drivers1.free.fr/hardwaredetection.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
A voir également:
- HiJackThis
- Hijackthis - Télécharger - Antivirus & Antimalwares
- Entraide Hijackthis ✓ - Forum Virus
- Analyse HiJackThis - Forum Virus
- Raport hijackthis - Forum Virus
- Analyse rapport Hijackthis - Forum Virus
13 réponses
salut
t as pas la bonne version
télécharge HijackThis ici:
http://www.hijackthis.de/downloads/hijackthis_199.zip
Dézippe le dans un dossier prévu à cet effet.
Par exemple C:\hijackthis < Enregistre le bien dans c : !
Démo : (Merci a Balltrap34 pour cette réalisation)
http://pageperso.aol.fr/balltrap34/Hijenr.gif
Lance le puis:
clique sur "do a system scan and save logfile" (cf démo)
faire un copier coller du log entier sur le forum
Démo : (Merci a Balltrap34 pour cette réalisation)
http://pageperso.aol.fr/balltrap34/demohijack.htm
Bon courage
A+
t as pas la bonne version
télécharge HijackThis ici:
http://www.hijackthis.de/downloads/hijackthis_199.zip
Dézippe le dans un dossier prévu à cet effet.
Par exemple C:\hijackthis < Enregistre le bien dans c : !
Démo : (Merci a Balltrap34 pour cette réalisation)
http://pageperso.aol.fr/balltrap34/Hijenr.gif
Lance le puis:
clique sur "do a system scan and save logfile" (cf démo)
faire un copier coller du log entier sur le forum
Démo : (Merci a Balltrap34 pour cette réalisation)
http://pageperso.aol.fr/balltrap34/demohijack.htm
Bon courage
A+
j'ai supprimer un truc et refais,
je l'ai aussi fais à partir de c:
Logfile of HijackThis v1.99.1
Scan saved at 2:34:19 AM, on 1/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\ps2.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\SPYWAR~1\swdoctor.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Grisoft\AVG Free\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Grisoft\AVG Free\avgemc.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=Q105&bd=pavilion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=Q105&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [SunServer] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.2\SetHook.exe
O4 - HKLM\..\Run: [VirusKeeper] C:\Program Files\AxBx\VirusKeeper 2005 Pro\VirusKeeper.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [AutoTBar] c:\Program Files\HP\Digital Imaging\bin\AUTOTBAR.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [PicoZip] C:\Program Files\PicoZip\PicoZipTray.exe
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - HKCU\..\Run: [Gestionnaire Antidote.exe] C:\Program Files\Druide\Antidote\Antidote\Gestionnaire Antidote.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Ubisoft register.lnk = C:\Program Files\Ubisoft\Register\schedule.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\PROGRA~1\ELTIMA~1\FLASHD~1\iebt.dll (HKCU)
O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\PROGRA~1\ELTIMA~1\FLASHD~1\iebt.dll (HKCU)
O9 - Extra button: Correcteur - {F7C8E5F6-B6D1-45db-8D91-2BCFA5DF11A9} - C:\PROGRA~1\Druide\Antidote\Antidote\Internet Explorer\6\Antidote K - IE 6.htm (HKCU)
O9 - Extra button: Dictionnaire - {FB4AE6A3-EE20-442c-9189-251885352358} - C:\PROGRA~1\Druide\Antidote\Antidote\Internet Explorer\6\Antidote D - IE 6.htm (HKCU)
O9 - Extra button: Synonymes - {FDD637F8-2693-49ce-817E-1AD59574900C} - C:\PROGRA~1\Druide\Antidote\Antidote\Internet Explorer\6\Antidote S - IE 6.htm (HKCU)
O9 - Extra button: Conjugueur - {FF229BEC-9E1F-48c1-99A6-AF34ABEFAB0A} - C:\PROGRA~1\Druide\Antidote\Antidote\Internet Explorer\6\Antidote C - IE 6.htm (HKCU)
O9 - Extra button: Grammaire - {FFB5EE7F-726F-423e-83C2-572FE7CEB3F0} - C:\PROGRA~1\Druide\Antidote\Antidote\Internet Explorer\6\Antidote G - IE 6.htm (HKCU)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1124501010906
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://clubic.metaboli.fr/components/Metaboli.ocx
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005102501/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{809F026D-F987-457C-B577-C090436092CB}: NameServer = 206.47.244.15 206.47.244.50
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)
merci pour tout
je l'ai aussi fais à partir de c:
Logfile of HijackThis v1.99.1
Scan saved at 2:34:19 AM, on 1/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\ps2.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\SPYWAR~1\swdoctor.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Grisoft\AVG Free\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Grisoft\AVG Free\avgemc.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=Q105&bd=pavilion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=Q105&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [SunServer] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.2\SetHook.exe
O4 - HKLM\..\Run: [VirusKeeper] C:\Program Files\AxBx\VirusKeeper 2005 Pro\VirusKeeper.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [AutoTBar] c:\Program Files\HP\Digital Imaging\bin\AUTOTBAR.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [PicoZip] C:\Program Files\PicoZip\PicoZipTray.exe
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - HKCU\..\Run: [Gestionnaire Antidote.exe] C:\Program Files\Druide\Antidote\Antidote\Gestionnaire Antidote.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Ubisoft register.lnk = C:\Program Files\Ubisoft\Register\schedule.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\PROGRA~1\ELTIMA~1\FLASHD~1\iebt.dll (HKCU)
O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\PROGRA~1\ELTIMA~1\FLASHD~1\iebt.dll (HKCU)
O9 - Extra button: Correcteur - {F7C8E5F6-B6D1-45db-8D91-2BCFA5DF11A9} - C:\PROGRA~1\Druide\Antidote\Antidote\Internet Explorer\6\Antidote K - IE 6.htm (HKCU)
O9 - Extra button: Dictionnaire - {FB4AE6A3-EE20-442c-9189-251885352358} - C:\PROGRA~1\Druide\Antidote\Antidote\Internet Explorer\6\Antidote D - IE 6.htm (HKCU)
O9 - Extra button: Synonymes - {FDD637F8-2693-49ce-817E-1AD59574900C} - C:\PROGRA~1\Druide\Antidote\Antidote\Internet Explorer\6\Antidote S - IE 6.htm (HKCU)
O9 - Extra button: Conjugueur - {FF229BEC-9E1F-48c1-99A6-AF34ABEFAB0A} - C:\PROGRA~1\Druide\Antidote\Antidote\Internet Explorer\6\Antidote C - IE 6.htm (HKCU)
O9 - Extra button: Grammaire - {FFB5EE7F-726F-423e-83C2-572FE7CEB3F0} - C:\PROGRA~1\Druide\Antidote\Antidote\Internet Explorer\6\Antidote G - IE 6.htm (HKCU)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1124501010906
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://clubic.metaboli.fr/components/Metaboli.ocx
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005102501/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{809F026D-F987-457C-B577-C090436092CB}: NameServer = 206.47.244.15 206.47.244.50
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)
merci pour tout
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
aie aie,
HijackThis -> Open the misc tools sections -> open Uninstall manager -> clique sur "Save list" -> enregistre le fichier -> fais-en un copier/coller ici.
HijackThis -> Open the misc tools sections -> open Uninstall manager -> clique sur "Save list" -> enregistre le fichier -> fais-en un copier/coller ici.
ok voila comme c demandé.. le log
D:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\Program Files\Sensiva\Sensiva.exe
D:\Program Files\WinZip\WZQKPICK.EXE
D:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe
D:\Program Files\Bright Bug Software\Shared\Screen Savers\BBDTMngr.exe
E:\disk_dur_D_xp\HijackThis.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\WINNT\System32\svchost.exe
D:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
D:\PROGRA~1\WINZIP\winzip32.exe
D:\Documents and Settings\s.jarek.DOMONDA\Local Settings\Temp\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - D:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
F2 - REG:system.ini: UserInit=D:\WINNT\system32\userinit.exe,,D:\Program Files\LANDesk\LDClient\softmon.exe
O1 - Hosts file is located at: D:\WINNT\nsdb\hosts
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - D:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - D:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - D:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O2 - BHO: XBTB00429 - {3FDE0CB5-619F-4227-8961-F2D7ED15B88E} - D:\PROGRA~1\CRAMTO~1\UNTITL~1.DLL
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - D:\Program Files\NewDotNet\newdotnet6_98.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: @msdxmLC.dll,-1@1036,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - D:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O3 - Toolbar: TotalSize Bar - {66FBBF2F-A36F-434F-AAB9-590C0BE6EC53} - D:\Program Files\Moveax TotalSize\ExplorerBar.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AdobeVersionCue] D:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
O4 - HKLM\..\Run: [HP Network Registry Agent] D:\WINNT\System32\hpnra.exe
O4 - HKLM\..\Run: [apcm] D:\WINNT\A1_P2_C3\loadqm.exe
O4 - HKLM\..\Run: [apsvc] D:\WINNT\A1_P2_C3\svcohost.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] D:\WINNT\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [IntelAPMClient] "D:\Program Files\LANDesk\LDClient\amclient.exe" /apm /s /ro
O4 - HKLM\..\Run: [LANDeskInventoryClient] "D:\Program Files\LANDesk\LDClient\LDIScn32.exe" /NTT=SRV_LANDESK:5007 /S=SRV_LANDESK /I=HTTP://SRV_LANDESK/ldlogon/ldappl3.ldz /NOUI
O4 - HKLM\..\Run: [LANDeskVulscanClient] "D:\Program Files\LANDesk\LDClient\vulScan.exe" /agentBehavior=1
O4 - HKLM\..\Run: [SDClientMonitor] "D:\Program Files\LANDesk\LDClient\webportal\sdclientmonitor.exe"
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] D:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [New.net Startup] rundll32 D:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] D:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [TotalSizeManager] D:\Program Files\Moveax TotalSize\TotalSize.exe
O4 - HKCU\..\Run: [Sensiva] c:\Program Files\Sensiva\Sensiva.exe
O4 - Startup: MyWebSearch Email Plugin.lnk = D:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = D:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &IFS: Îïðåäåëèòü ðàçìåð ôàéëà - res://D:\Program Files\Moveax TotalSize\IFSIELauncher.dll/201
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZU
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Save Flash to GetFlash - res://D:\Program Files\Superhunter\GetFlash\GetFlash.dll/GetFlash.htm
O8 - Extra context menu item: Sothink SWF Catcher - D:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O11 - Options group: [!AGetFlash] GetFlash
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = onda.aero
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = onda.aero
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = onda.aero
O20 - Winlogon Notify: NavLogon - D:\WINNT\System32\NavLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - D:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - D:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: LANDesk(R) Management Agent (CBA8) - LANDesk(R) Development, Ltd - D:\Program Files\LANDesk\Shared Files\residentagent.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - D:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - D:\WINNT\SYSTEM32\crypserv.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - D:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - D:\WINNT\System32\dmadmin.exe
O23 - Service: GhostStartService - Symantec Corporation - D:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel Local Scheduler Service - LANDesk Software Ltd. - D:\Program Files\LANDesk\LDClient\LocalSch.EXE
O23 - Service: Intel PDS - Intel® Corporation - D:\WINNT\System32\CBA\pds.exe
O23 - Service: Intel QIP Client Service - LANDesk Software Ltd. - D:\Program Files\LANDesk\LDClient\qipclnt.exe
O23 - Service: Multicast LANDesk ciblé (Intel Targeted Multicast) - LANDesk Software Ltd. - D:\Program Files\LANDesk\LDClient\tmcsvc.exe
O23 - Service: Service de Contrôle distant de LANDesk (ISSUSER) - LANDesk Software, Ltd. - D:\PROGRA~1\LANDesk\LDClient\issuser.exe
O23 - Service: Macromedia Licensing Service - Macromedia - D:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: SAVRoam (SavRoam) - symantec - D:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - D:\Program Files\Symantec AntiVirus\Rtvscan.exe
D:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\Program Files\Sensiva\Sensiva.exe
D:\Program Files\WinZip\WZQKPICK.EXE
D:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe
D:\Program Files\Bright Bug Software\Shared\Screen Savers\BBDTMngr.exe
E:\disk_dur_D_xp\HijackThis.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\WINNT\System32\svchost.exe
D:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
D:\PROGRA~1\WINZIP\winzip32.exe
D:\Documents and Settings\s.jarek.DOMONDA\Local Settings\Temp\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - D:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
F2 - REG:system.ini: UserInit=D:\WINNT\system32\userinit.exe,,D:\Program Files\LANDesk\LDClient\softmon.exe
O1 - Hosts file is located at: D:\WINNT\nsdb\hosts
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - D:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - D:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - D:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O2 - BHO: XBTB00429 - {3FDE0CB5-619F-4227-8961-F2D7ED15B88E} - D:\PROGRA~1\CRAMTO~1\UNTITL~1.DLL
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - D:\Program Files\NewDotNet\newdotnet6_98.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: @msdxmLC.dll,-1@1036,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - D:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O3 - Toolbar: TotalSize Bar - {66FBBF2F-A36F-434F-AAB9-590C0BE6EC53} - D:\Program Files\Moveax TotalSize\ExplorerBar.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AdobeVersionCue] D:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
O4 - HKLM\..\Run: [HP Network Registry Agent] D:\WINNT\System32\hpnra.exe
O4 - HKLM\..\Run: [apcm] D:\WINNT\A1_P2_C3\loadqm.exe
O4 - HKLM\..\Run: [apsvc] D:\WINNT\A1_P2_C3\svcohost.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] D:\WINNT\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [IntelAPMClient] "D:\Program Files\LANDesk\LDClient\amclient.exe" /apm /s /ro
O4 - HKLM\..\Run: [LANDeskInventoryClient] "D:\Program Files\LANDesk\LDClient\LDIScn32.exe" /NTT=SRV_LANDESK:5007 /S=SRV_LANDESK /I=HTTP://SRV_LANDESK/ldlogon/ldappl3.ldz /NOUI
O4 - HKLM\..\Run: [LANDeskVulscanClient] "D:\Program Files\LANDesk\LDClient\vulScan.exe" /agentBehavior=1
O4 - HKLM\..\Run: [SDClientMonitor] "D:\Program Files\LANDesk\LDClient\webportal\sdclientmonitor.exe"
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] D:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [New.net Startup] rundll32 D:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] D:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [TotalSizeManager] D:\Program Files\Moveax TotalSize\TotalSize.exe
O4 - HKCU\..\Run: [Sensiva] c:\Program Files\Sensiva\Sensiva.exe
O4 - Startup: MyWebSearch Email Plugin.lnk = D:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = D:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &IFS: Îïðåäåëèòü ðàçìåð ôàéëà - res://D:\Program Files\Moveax TotalSize\IFSIELauncher.dll/201
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZU
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Save Flash to GetFlash - res://D:\Program Files\Superhunter\GetFlash\GetFlash.dll/GetFlash.htm
O8 - Extra context menu item: Sothink SWF Catcher - D:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O11 - Options group: [!AGetFlash] GetFlash
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = onda.aero
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = onda.aero
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = onda.aero
O20 - Winlogon Notify: NavLogon - D:\WINNT\System32\NavLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - D:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - D:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: LANDesk(R) Management Agent (CBA8) - LANDesk(R) Development, Ltd - D:\Program Files\LANDesk\Shared Files\residentagent.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - D:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - D:\WINNT\SYSTEM32\crypserv.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - D:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - D:\WINNT\System32\dmadmin.exe
O23 - Service: GhostStartService - Symantec Corporation - D:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel Local Scheduler Service - LANDesk Software Ltd. - D:\Program Files\LANDesk\LDClient\LocalSch.EXE
O23 - Service: Intel PDS - Intel® Corporation - D:\WINNT\System32\CBA\pds.exe
O23 - Service: Intel QIP Client Service - LANDesk Software Ltd. - D:\Program Files\LANDesk\LDClient\qipclnt.exe
O23 - Service: Multicast LANDesk ciblé (Intel Targeted Multicast) - LANDesk Software Ltd. - D:\Program Files\LANDesk\LDClient\tmcsvc.exe
O23 - Service: Service de Contrôle distant de LANDesk (ISSUSER) - LANDesk Software, Ltd. - D:\PROGRA~1\LANDesk\LDClient\issuser.exe
O23 - Service: Macromedia Licensing Service - Macromedia - D:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: SAVRoam (SavRoam) - symantec - D:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - D:\Program Files\Symantec AntiVirus\Rtvscan.exe
lol
m'excuse , matnant je crois que c bon..
1 Cool Menu FX Tool
1st Flash Studio Pro+
3D Hand Clock
3DWebButton v1.7
A4Desk v5.22
Adobe Acrobat 5.0
Adobe Creative Suite
Adobe Premiere 6.0
Adobe SVG Viewer 3.0
ArcSoft PhotoImpression 4
Articulate Presenter Professional Edition Trial
AVI MPEG Video Converter
AVI/MPEG CD MAKER 1.1
Business Card Designer Plus 8.5.1.0
Camtasia Studio 2
Cram Toolbar
DefaultProductName
develotec Flashmorph (remove only)
Digimax Viewer 2.1
Easy Video Splitter 1.28
EPSON Scan! II
Flash Decompiler
Flash miner 1.40
Flashation Menu Builder
Folder Guard
GetFlash
GlobFX Web Player
Google Earth
Half-Life: Counter-Strike
HijackThis 1.99.1
Jasc Animation Shop 3
Java 2 Runtime Environment, SE v1.4.1_02
Java Web Start
Lame ACM MP3 Codec
LiveReg (Symantec Corporation)
LiveUpdate 2.0 (Symantec Corporation)
Macromedia Dreamweaver MX 2004
Macromedia Extension Manager
Macromedia Fireworks MX 2004
Macromedia Flash MX 2004
Macromedia Flash Player 8
Macromedia Flash Player 8
Macromedia Shockwave Player
MemTurbo
MicroBest Cracklock 3.8.1
Microsoft .NET Framework 1.1
Microsoft Internet Explorer 6 SP1
Microsoft Office Professional Edition 2003
Microsoft Office XP Professional avec FrontPage
Mise à jour système du Lecteur Windows Media (Série 9)
Mix-FX
Mozilla Firefox (1.0)
Mozilla Firefox (1.0.4)
Mozilla Thunderbird (1.0)
MPEG Maker 2 v1.0 Demo
Multimedia Construction Kit 3.4.2 - Build 040.308
muvee autoProducer 3.5 magicMoments
My IPs
My Web Search Bar
Nero 6 Ultra Edition
New.net Domains 6.98
Norton Ghost
Notepad++
Panoweaver 3.01 Standard Edition
PcMedik
PowerQuest PartitionMagic 8.0
Programme de désinstallation hp color LaserJet 4600
QuickTime
Récupérez vos Fichiers
said_test_flash Screen Saver
Samsung Digimax 430&370
ScreenTime for Flash 3.0.1 Demo
Sensiva
SolidConverterPDF
Sothink SWF Decompiler
SpyKy 1.0
SpywareBlaster v3.3
Sqirlz Morph
Studio 9
Swift 3D Version 1.00
SWiSHmax
SWiSHvideo
Symantec AntiVirus
The File Splitter 1.31
TotalSize 3.48
TSM100 / TSM30 USB MASS STORAGE DRIVER
Ultra Screen Saver Maker
V - The File Viewer
Valve Hammer Editor
Video Edit Magic 4.12
Video Screensaver Maker (Trial)
Video2Flash 3.1
WinRAR archiver
WinZip
WinZip Companion for Outlook
Xara ScreenMaker3D
Xara3D6
Yahoo! Toolbar
Merci de vot aide
m'excuse , matnant je crois que c bon..
1 Cool Menu FX Tool
1st Flash Studio Pro+
3D Hand Clock
3DWebButton v1.7
A4Desk v5.22
Adobe Acrobat 5.0
Adobe Creative Suite
Adobe Premiere 6.0
Adobe SVG Viewer 3.0
ArcSoft PhotoImpression 4
Articulate Presenter Professional Edition Trial
AVI MPEG Video Converter
AVI/MPEG CD MAKER 1.1
Business Card Designer Plus 8.5.1.0
Camtasia Studio 2
Cram Toolbar
DefaultProductName
develotec Flashmorph (remove only)
Digimax Viewer 2.1
Easy Video Splitter 1.28
EPSON Scan! II
Flash Decompiler
Flash miner 1.40
Flashation Menu Builder
Folder Guard
GetFlash
GlobFX Web Player
Google Earth
Half-Life: Counter-Strike
HijackThis 1.99.1
Jasc Animation Shop 3
Java 2 Runtime Environment, SE v1.4.1_02
Java Web Start
Lame ACM MP3 Codec
LiveReg (Symantec Corporation)
LiveUpdate 2.0 (Symantec Corporation)
Macromedia Dreamweaver MX 2004
Macromedia Extension Manager
Macromedia Fireworks MX 2004
Macromedia Flash MX 2004
Macromedia Flash Player 8
Macromedia Flash Player 8
Macromedia Shockwave Player
MemTurbo
MicroBest Cracklock 3.8.1
Microsoft .NET Framework 1.1
Microsoft Internet Explorer 6 SP1
Microsoft Office Professional Edition 2003
Microsoft Office XP Professional avec FrontPage
Mise à jour système du Lecteur Windows Media (Série 9)
Mix-FX
Mozilla Firefox (1.0)
Mozilla Firefox (1.0.4)
Mozilla Thunderbird (1.0)
MPEG Maker 2 v1.0 Demo
Multimedia Construction Kit 3.4.2 - Build 040.308
muvee autoProducer 3.5 magicMoments
My IPs
My Web Search Bar
Nero 6 Ultra Edition
New.net Domains 6.98
Norton Ghost
Notepad++
Panoweaver 3.01 Standard Edition
PcMedik
PowerQuest PartitionMagic 8.0
Programme de désinstallation hp color LaserJet 4600
QuickTime
Récupérez vos Fichiers
said_test_flash Screen Saver
Samsung Digimax 430&370
ScreenTime for Flash 3.0.1 Demo
Sensiva
SolidConverterPDF
Sothink SWF Decompiler
SpyKy 1.0
SpywareBlaster v3.3
Sqirlz Morph
Studio 9
Swift 3D Version 1.00
SWiSHmax
SWiSHvideo
Symantec AntiVirus
The File Splitter 1.31
TotalSize 3.48
TSM100 / TSM30 USB MASS STORAGE DRIVER
Ultra Screen Saver Maker
V - The File Viewer
Valve Hammer Editor
Video Edit Magic 4.12
Video Screensaver Maker (Trial)
Video2Flash 3.1
WinRAR archiver
WinZip
WinZip Companion for Outlook
Xara ScreenMaker3D
Xara3D6
Yahoo! Toolbar
Merci de vot aide
impeccable , c'est réussi .
dois je me contenter de ça ou bien on continue
merci infiniment
Lent comme je suis , je vous suis
dois je me contenter de ça ou bien on continue
merci infiniment
Lent comme je suis , je vous suis
merci de me montrer les lignes à eliminer
Logfile of HijackThis v1.99.1
Scan saved at 11:45:02, on 04/01/2006
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
D:\WINNT\System32\smss.exe
D:\WINNT\system32\winlogon.exe
D:\WINNT\system32\services.exe
D:\WINNT\system32\lsass.exe
D:\WINNT\system32\svchost.exe
D:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
D:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
D:\WINNT\system32\spoolsv.exe
D:\Program Files\LANDesk\Shared Files\residentagent.exe
D:\WINNT\system32\crypserv.exe
D:\Program Files\Symantec AntiVirus\DefWatch.exe
D:\WINNT\System32\svchost.exe
D:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
D:\Program Files\LANDesk\LDClient\LocalSch.EXE
D:\WINNT\System32\CBA\pds.exe
D:\Program Files\LANDesk\LDClient\qipclnt.exe
D:\Program Files\LANDesk\LDClient\tmcsvc.exe
D:\PROGRA~1\LANDesk\LDClient\issuser.exe
D:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\WINNT\system32\regsvc.exe
D:\Program Files\Symantec AntiVirus\SavRoam.exe
D:\WINNT\system32\MSTask.exe
D:\Program Files\Symantec AntiVirus\Rtvscan.exe
D:\WINNT\System32\WBEM\WinMgmt.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\System32\MsgSys.EXE
D:\Program Files\LANDesk\LDClient\softmon.exe
D:\WINNT\Explorer.EXE
D:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
D:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
D:\WINNT\System32\hpnra.exe
D:\WINNT\System32\hpnra.exe
D:\Program Files\LANDesk\LDClient\webportal\sdclientmonitor.exe
D:\Program Files\QuickTime\qttask.exe
D:\WINNT\System32\rundll32.exe
D:\WINNT\System32\ctfmon.exe
D:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\Program Files\Sensiva\Sensiva.exe
D:\Program Files\WinZip\WZQKPICK.EXE
D:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe
D:\Program Files\Bright Bug Software\Shared\Screen Savers\BBDTMngr.exe
E:\disk_dur_D_xp\HijackThis.exe
D:\WINNT\System32\taskmgr.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\WINNT\System32\svchost.exe
D:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
D:\PROGRA~1\WINZIP\winzip32.exe
D:\Documents and Settings\s.jarek.DOMONDA\Local Settings\Temp\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - D:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
F2 - REG:system.ini: UserInit=D:\WINNT\system32\userinit.exe,,D:\Program Files\LANDesk\LDClient\softmon.exe
O1 - Hosts file is located at: D:\WINNT\nsdb\hosts
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - D:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - D:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - D:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O2 - BHO: XBTB00429 - {3FDE0CB5-619F-4227-8961-F2D7ED15B88E} - D:\PROGRA~1\CRAMTO~1\UNTITL~1.DLL
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - D:\Program Files\NewDotNet\newdotnet6_98.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: @msdxmLC.dll,-1@1036,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - D:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O3 - Toolbar: TotalSize Bar - {66FBBF2F-A36F-434F-AAB9-590C0BE6EC53} - D:\Program Files\Moveax TotalSize\ExplorerBar.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AdobeVersionCue] D:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
O4 - HKLM\..\Run: [HP Network Registry Agent] D:\WINNT\System32\hpnra.exe
O4 - HKLM\..\Run: [apcm] D:\WINNT\A1_P2_C3\loadqm.exe
O4 - HKLM\..\Run: [apsvc] D:\WINNT\A1_P2_C3\svcohost.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] D:\WINNT\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [IntelAPMClient] "D:\Program Files\LANDesk\LDClient\amclient.exe" /apm /s /ro
O4 - HKLM\..\Run: [LANDeskInventoryClient] "D:\Program Files\LANDesk\LDClient\LDIScn32.exe" /NTT=SRV_LANDESK:5007 /S=SRV_LANDESK /I=HTTP://SRV_LANDESK/ldlogon/ldappl3.ldz /NOUI
O4 - HKLM\..\Run: [LANDeskVulscanClient] "D:\Program Files\LANDesk\LDClient\vulScan.exe" /agentBehavior=1
O4 - HKLM\..\Run: [SDClientMonitor] "D:\Program Files\LANDesk\LDClient\webportal\sdclientmonitor.exe"
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] D:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [New.net Startup] rundll32 D:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] D:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [TotalSizeManager] D:\Program Files\Moveax TotalSize\TotalSize.exe
O4 - HKCU\..\Run: [Sensiva] c:\Program Files\Sensiva\Sensiva.exe
O4 - Startup: MyWebSearch Email Plugin.lnk = D:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = D:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &IFS: Îïðåäåëèòü ðàçìåð ôàéëà - res://D:\Program Files\Moveax TotalSize\IFSIELauncher.dll/201
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZU
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Save Flash to GetFlash - res://D:\Program Files\Superhunter\GetFlash\GetFlash.dll/GetFlash.htm
O8 - Extra context menu item: Sothink SWF Catcher - D:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O11 - Options group: [!AGetFlash] GetFlash
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = onda.aero
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = onda.aero
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = onda.aero
O20 - Winlogon Notify: NavLogon - D:\WINNT\System32\NavLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - D:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - D:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: LANDesk(R) Management Agent (CBA8) - LANDesk(R) Development, Ltd - D:\Program Files\LANDesk\Shared Files\residentagent.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - D:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - D:\WINNT\SYSTEM32\crypserv.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - D:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - D:\WINNT\System32\dmadmin.exe
O23 - Service: GhostStartService - Symantec Corporation - D:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel Local Scheduler Service - LANDesk Software Ltd. - D:\Program Files\LANDesk\LDClient\LocalSch.EXE
O23 - Service: Intel PDS - Intel® Corporation - D:\WINNT\System32\CBA\pds.exe
O23 - Service: Intel QIP Client Service - LANDesk Software Ltd. - D:\Program Files\LANDesk\LDClient\qipclnt.exe
O23 - Service: Multicast LANDesk ciblé (Intel Targeted Multicast) - LANDesk Software Ltd. - D:\Program Files\LANDesk\LDClient\tmcsvc.exe
O23 - Service: Service de Contrôle distant de LANDesk (ISSUSER) - LANDesk Software, Ltd. - D:\PROGRA~1\LANDesk\LDClient\issuser.exe
O23 - Service: Macromedia Licensing Service - Macromedia - D:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: SAVRoam (SavRoam) - symantec - D:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - D:\Program Files\Symantec AntiVirus\Rtvscan.exe