wysiwyg

Bonjour!! Bon, j’ai tout fait sauf une chose…( Démarre Hijackthis , vas dans le menu "Misc Tools Section" =>"Delete an NT Service" => copie colle la ligne suivante dans la fenêtre:Workstation NetLogon Service puis valides.) Je ne pouvais pas le faire parce que ca me disait : Service Workstation NetLogon Service was not found in the registry, make sure you entered the short name of the service., vbexclamation et voici les rapports (bonne lecture… il y en a!! hehe) Rapport de Hijackthis : Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ACS.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\EASYPH~1\Apache\apache.exe C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\system32\DVDRAMSV.exe C:\PROGRA~1\EASYPH~1\MySql\bin\mysqld.exe C:\PROGRA~1\EASYPH~1\Apache\apache.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe C:\Program Files\Sierra Wireless Inc\AirCard 555\Generic\Components\SwiWiFiComm.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\Tablet.exe C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\TOSHIBA\TouchPad\TPTray.exe C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\WINDOWS\System32\ZoomingHook.exe C:\WINDOWS\System32\TCtrlIOHook.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe C:\WINDOWS\system32\TPSMain.exe C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\RAMASST.exe C:\WINDOWS\system32\WTablet\TabUserW.exe C:\WINDOWS\system32\TPSBattM.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Microsoft Office\Office\WINWORD.EXE C:\Program Files\Messenger\msmsgs.exe C:\Documents and Settings\Olivier Bourgeois\Desktop\HijackThis.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [ZoomingHook] c:\WINDOWS\System32\ZoomingHook.exe O4 - HKLM\..\Run: [TCtryIOHook] c:\WINDOWS\System32\TCtrlIOHook.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe O4 - HKLM\..\Run: [TFncKy] TFncKy.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient O4 - HKLM\..\Run: [EPSON Stylus CX4600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE /P26 "EPSON Stylus CX4600 Series" /O6 "USB001" /M "Stylus CX4600" O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O23 - Service: Workstation NetLogon Service ( 11Fßä #·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\mslq.exe" /s (file missing) O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apache - Unknown owner - C:\PROGRA~1\EASYPH~1\Apache\apache.exe" --ntservice (file missing) O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: MySql - Unknown owner - C:\PROGRA~1\EASYPH~1\MySql\bin\mysqld.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe O23 - Service: SwiWiFiComm - Unknown owner - C:\Program Files\Sierra Wireless Inc\AirCard 555\Generic\Components\SwiWiFiComm.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe Rapport de SmitFraudFix : SmitFraudFix v2.01 Rapport fait à 0:39:37,04 le 2005-12-01 Executé à partir de C:\Documents and Settings\Olivier Bourgeois\Desktop\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] »»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\ »»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\system32\LogFiles »»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\Documents and Settings\Olivier Bourgeois\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Recherche Menu Démarrer »»»»»»»»»»»»»»»»»»»»»»»» Recherche Bureau »»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Recherche présence de clés corrompues »»»»»»»»»»»»»»»»»»»»»»»» Recherche éléments du bureau [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="My Current Home Page" »»»»»»»»»»»»»»»»»»»»»»»» Recherche Sharedtaskscheduler [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll »»»»»»»»»»»»»»»»»»»»»»»» Fin du rapport Rapport de Spy Sweeper : ******** 01:13: | Start of Session, 1 décembre 2005 | 01:13: Spy Sweeper started 01:13: Sweep initiated using definitions version 576 01:13: Starting Memory Sweep 01:15: Memory Sweep Complete, Elapsed Time: 00:02:12 01:15: Starting Registry Sweep 01:15: Registry Sweep Complete, Elapsed Time:00:00:14 01:15: Starting Cookie Sweep 01:15: Found Spy Cookie: xiti cookie 01:15: olivier bourgeois@xiti[1].txt (ID = 3717) 01:15: Cookie Sweep Complete, Elapsed Time: 00:00:00 01:15: Starting File Sweep 01:38: File Sweep Complete, Elapsed Time: 00:22:45 01:38: Full Sweep has completed. Elapsed time 00:25:14 01:38: Traces Found: 1 02:33: Removal process initiated 02:33: Quarantining All Traces: xiti cookie 02:33: Removal process completed. Elapsed time 00:00:00 ******** 01:12: | Start of Session, 1 décembre 2005 | 01:12: Spy Sweeper started 01:12: Sweep initiated using definitions version 576 01:12: Starting Memory Sweep 01:12: Sweep Canceled 01:12: Memory Sweep Complete, Elapsed Time: 00:00:07 01:12: Traces Found: 0 01:13: Updating spyware definitions 01:13: Your definitions are up to date. 01:13: | End of Session, 1 décembre 2005 | ******** 22:22: | Start of Session, 29 novembre 2005 | 22:22: Spy Sweeper started 22:22: Sweep initiated using definitions version 576 22:22: Starting Memory Sweep 22:22: The Spy Communication shield has blocked access to: www.trackhits.cc 22:22: The Spy Communication shield has blocked access to: www.trackhits.cc 22:23: Found Adware: cws_ns3 22:23: Detected running threat: C:\WINDOWS\system32\javapk32.dll (ID = 22:24: Detected running threat: C:\WINDOWS\system32\mslq.exe (ID = 22:24: Detected running threat: C:\WINDOWS\system32\appzg.exe (ID = 22:24: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || appzg.exe (ID = 0) 22:25: Memory Sweep Complete, Elapsed Time: 00:02:43 22:25: Starting Registry Sweep 22:25: HKCR\clsid\{2b5a2313-ae67-454e-9a8b-f74070e57f1b}\ (2 subtraces) (ID = 117744) 22:25: HKCR\clsid\{676575dd-4d46-911d-8037-9b10d6ee8bb5}\ (ID = 118649) 22:25: HKCR\clsid\{ab537fc9-e3d4-fbbf-80fd-2cde0abcc38b}\ (2 subtraces) (ID = 118808) 22:25: HKLM\software\classes\clsid\{2b5a2313-ae67-454e-9a8b-f74070e57f1b}\ (2 subtraces) (ID = 119620) 22:25: HKLM\software\classes\clsid\{676575dd-4d46-911d-8037-9b10d6ee8bb5}\ (ID = 120496) 22:25: HKLM\software\classes\clsid\{ab537fc9-e3d4-fbbf-80fd-2cde0abcc38b}\ (2 subtraces) (ID = 120646) 22:25: Found Adware: cws_ns3 hijacker 22:25: HKLM\software\microsoft\internet explorer\main\ || default_search_url (ID = 123394) 22:25: HKLM\software\microsoft\internet explorer\main\ || search bar (ID = 123395) 22:25: HKLM\software\microsoft\internet explorer\main\ || search page (ID = 123396) 22:25: HKLM\software\microsoft\internet explorer\search\ || searchassistant (ID = 123399) 22:25: HKU\S-1-5-21-198941390-2361638963-1484250780-1006\software\microsoft\internet explorer\main\ || search bar (ID = 123390) 22:25: HKU\S-1-5-21-198941390-2361638963-1484250780-1006\software\microsoft\internet explorer\main\ || search page (ID = 123391) 22:25: HKU\S-1-5-21-198941390-2361638963-1484250780-1006\software\microsoft\internet explorer\search\ || searchassistant (ID = 123398) 22:25: Registry Sweep Complete, Elapsed Time:00:00:29 22:25: Starting Cookie Sweep 22:25: Found Spy Cookie: yieldmanager cookie 22:25: olivier bourgeois@ad.yieldmanager[1].txt (ID = 3751) 22:25: Found Spy Cookie: advertising cookie 22:25: olivier bourgeois@advertising[1].txt (ID = 2175) 22:25: Found Spy Cookie: atlas dmt cookie 22:25: olivier bourgeois@atdmt[2].txt (ID = 2253) 22:25: Found Spy Cookie: belnk cookie 22:25: olivier bourgeois@belnk[1].txt (ID = 2292) 22:25: olivier bourgeois@dist.belnk[2].txt (ID = 2293) 22:25: Found Spy Cookie: ru4 cookie 22:25: olivier bourgeois@edge.ru4[1].txt (ID = 3269) 22:25: Found Spy Cookie: maxserving cookie 22:25: olivier bourgeois@maxserving[2].txt (ID = 2966) 22:25: Found Spy Cookie: trafficmp cookie 22:25: olivier bourgeois@trafficmp[2].txt (ID = 3581) 22:25: Found Spy Cookie: tribalfusion cookie 22:25: olivier bourgeois@tribalfusion[1].txt (ID = 3589) 22:25: Found Spy Cookie: xiti cookie 22:25: olivier bourgeois@xiti[1].txt (ID = 3717) 22:25: Cookie Sweep Complete, Elapsed Time: 00:00:02 22:25: Starting File Sweep 22:26: Found Adware: coolwebsearch (cws) 22:26: a0136517.dll (ID = 190732) 22:27: Found Adware: security iguard 22:27: chmhelp.chm (ID = 75238) 22:27: win.ini.backup:pncpkg (ID = 190732) 22:32: kb893803.log:onwkob (ID = 190732) 22:34: a0136714.dll (ID = 190732) 22:38: 0.log:rxnrsk (ID = 190732) 22:38: a0137748.dll (ID = 190732) 22:39: win.ini:pncpkg (ID = 190732) 22:39: a0137749.dll (ID = 190732) 22:40: a0136713.dll (ID = 190732) 22:40: a0136715.dll (ID = 190732) 22:41: ebxhw.dll (ID = 190732) 22:43: ennco.txt:deeoot (ID = 190732) 22:43: a0137745.dll (ID = 190732) 22:44: kb896358.log:bcaivp (ID = 190732) 22:46: a0137746.dll (ID = 190732) 22:46: epstplog.txt:mzffsv (ID = 190732) 22:47: Found Adware: spysheriff 22:47: a0136557.exe (ID = 198832) 22:47: dc378.url (ID = 54454) 22:47: dc379.url (ID = 54373) 22:47: dc377.url (ID = 54472) 22:47: credit counseling.url (ID = 130668) 22:47: insurance home.url (ID = 130676) 22:47: mortgage life insurance.url (ID = 130681) 22:47: help desk software.url (ID = 130675) 22:47: ab scissor.url (ID = 130666) 22:47: videos.url (ID = 130694) 22:47: what is hydrocodone.url (ID = 130695) 22:47: online gambling casino.url (ID = 130684) 22:47: refinancing my mortgage.url (ID = 130691) 22:47: debt credit card.url (ID = 130671) 22:47: fha.url (ID = 130673) 22:47: loan for debt consolidation.url (ID = 130677) 22:47: health insurance.url (ID = 130674) 22:47: personal loans online.url (ID = 130688) 22:47: payroll advance.url (ID = 130687) 22:47: marketing email.url (ID = 130679) 22:47: prescription drugs rx online.url (ID = 130690) 22:47: credit report.url (ID = 130669) 22:47: tahoe vacation rental.url (ID = 130692) 22:48: escorts.url (ID = 130672) 22:48: order phentermine.url (ID = 130686) 22:48: mortgage insurance.url (ID = 130680) 22:48: personal loans with bad credit.url (ID = 130689) 22:48: crm software.url (ID = 130670) 22:48: nevada corporations.url (ID = 130682) 22:48: unsecured bad credit loans.url (ID = 130693) 22:48: loan for people with bad credit.url (ID = 130678) 22:48: broadband comparison.url (ID = 130667) 22:48: online betting site.url (ID = 130683) 22:48: online instant loan.url (ID = 130685) 22:48: dc350.url (ID = 54454) 22:48: dc351.url (ID = 54373) 22:48: dc349.url (ID = 54472) 22:48: search the web.url (ID = 54454) 22:48: only sex website.url (ID = 54373) 22:48: seven days of free porn.url (ID = 54472) 22:48: Found Adware: java byteverify 22:48: gummy.class-5cefca2b-1b3cadb3.class (ID = 64824) 22:52: File Sweep Complete, Elapsed Time: 00:26:30 22:52: Full Sweep has completed. Elapsed time 00:29:45 22:52: Traces Found: 93 22:54: Removal process initiated 22:55: Quarantining All Traces: cws_ns3 22:55: Quarantining All Traces: spysheriff 22:55: Quarantining All Traces: coolwebsearch (cws) 22:55: Quarantining All Traces: cws_ns3 hijacker 22:55: Quarantining All Traces: java byteverify 22:55: Quarantining All Traces: security iguard 22:55: Quarantining All Traces: advertising cookie 22:55: Quarantining All Traces: atlas dmt cookie 22:55: Quarantining All Traces: belnk cookie 22:55: Quarantining All Traces: maxserving cookie 22:55: Quarantining All Traces: ru4 cookie 22:55: Quarantining All Traces: trafficmp cookie 22:55: Quarantining All Traces: tribalfusion cookie 22:55: Quarantining All Traces: xiti cookie 22:55: Quarantining All Traces: yieldmanager cookie 22:56: Preparing to restart your computer. Please wait... 22:56: Removal process completed. Elapsed time 00:02:33 ******** 22:11: | Start of Session, 29 novembre 2005 | 22:11: Spy Sweeper started 22:11: Your spyware definitions have been updated. 22:22: | End of Session, 29 novembre 2005 | Merci bcp

Salut! je viens de trouver l'onglet session log ! le voici (c'était le log d'hier soir..) : ******** 22:22: | Start of Session, 29 novembre 2005 | 22:22: Spy Sweeper started 22:22: Sweep initiated using definitions version 576 22:22: Starting Memory Sweep 22:22: The Spy Communication shield has blocked access to: www.trackhits.cc 22:22: The Spy Communication shield has blocked access to: www.trackhits.cc 22:23: Found Adware: cws_ns3 22:23: Detected running threat: C:\WINDOWS\system32\javapk32.dll (ID = 22:24: Detected running threat: C:\WINDOWS\system32\mslq.exe (ID = 22:24: Detected running threat: C:\WINDOWS\system32\appzg.exe (ID = 22:24: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || appzg.exe (ID = 0) 22:25: Memory Sweep Complete, Elapsed Time: 00:02:43 22:25: Starting Registry Sweep 22:25: HKCR\clsid\{2b5a2313-ae67-454e-9a8b-f74070e57f1b}\ (2 subtraces) (ID = 117744) 22:25: HKCR\clsid\{676575dd-4d46-911d-8037-9b10d6ee8bb5}\ (ID = 118649) 22:25: HKCR\clsid\{ab537fc9-e3d4-fbbf-80fd-2cde0abcc38b}\ (2 subtraces) (ID = 118808) 22:25: HKLM\software\classes\clsid\{2b5a2313-ae67-454e-9a8b-f74070e57f1b}\ (2 subtraces) (ID = 119620) 22:25: HKLM\software\classes\clsid\{676575dd-4d46-911d-8037-9b10d6ee8bb5}\ (ID = 120496) 22:25: HKLM\software\classes\clsid\{ab537fc9-e3d4-fbbf-80fd-2cde0abcc38b}\ (2 subtraces) (ID = 120646) 22:25: Found Adware: cws_ns3 hijacker 22:25: HKLM\software\microsoft\internet explorer\main\ || default_search_url (ID = 123394) 22:25: HKLM\software\microsoft\internet explorer\main\ || search bar (ID = 123395) 22:25: HKLM\software\microsoft\internet explorer\main\ || search page (ID = 123396) 22:25: HKLM\software\microsoft\internet explorer\search\ || searchassistant (ID = 123399) 22:25: HKU\S-1-5-21-198941390-2361638963-1484250780-1006\software\microsoft\internet explorer\main\ || search bar (ID = 123390) 22:25: HKU\S-1-5-21-198941390-2361638963-1484250780-1006\software\microsoft\internet explorer\main\ || search page (ID = 123391) 22:25: HKU\S-1-5-21-198941390-2361638963-1484250780-1006\software\microsoft\internet explorer\search\ || searchassistant (ID = 123398) 22:25: Registry Sweep Complete, Elapsed Time:00:00:29 22:25: Starting Cookie Sweep 22:25: Found Spy Cookie: yieldmanager cookie 22:25: olivier bourgeois@ad.yieldmanager[1].txt (ID = 3751) 22:25: Found Spy Cookie: advertising cookie 22:25: olivier bourgeois@advertising[1].txt (ID = 2175) 22:25: Found Spy Cookie: atlas dmt cookie 22:25: olivier bourgeois@atdmt[2].txt (ID = 2253) 22:25: Found Spy Cookie: belnk cookie 22:25: olivier bourgeois@belnk[1].txt (ID = 2292) 22:25: olivier bourgeois@dist.belnk[2].txt (ID = 2293) 22:25: Found Spy Cookie: ru4 cookie 22:25: olivier bourgeois@edge.ru4[1].txt (ID = 3269) 22:25: Found Spy Cookie: maxserving cookie 22:25: olivier bourgeois@maxserving[2].txt (ID = 2966) 22:25: Found Spy Cookie: trafficmp cookie 22:25: olivier bourgeois@trafficmp[2].txt (ID = 3581) 22:25: Found Spy Cookie: tribalfusion cookie 22:25: olivier bourgeois@tribalfusion[1].txt (ID = 3589) 22:25: Found Spy Cookie: xiti cookie 22:25: olivier bourgeois@xiti[1].txt (ID = 3717) 22:25: Cookie Sweep Complete, Elapsed Time: 00:00:02 22:25: Starting File Sweep 22:26: Found Adware: coolwebsearch (cws) 22:26: a0136517.dll (ID = 190732) 22:27: Found Adware: security iguard 22:27: chmhelp.chm (ID = 75238) 22:27: win.ini.backup:pncpkg (ID = 190732) 22:32: kb893803.log:onwkob (ID = 190732) 22:34: a0136714.dll (ID = 190732) 22:38: 0.log:rxnrsk (ID = 190732) 22:38: a0137748.dll (ID = 190732) 22:39: win.ini:pncpkg (ID = 190732) 22:39: a0137749.dll (ID = 190732) 22:40: a0136713.dll (ID = 190732) 22:40: a0136715.dll (ID = 190732) 22:41: ebxhw.dll (ID = 190732) 22:43: ennco.txt:deeoot (ID = 190732) 22:43: a0137745.dll (ID = 190732) 22:44: kb896358.log:bcaivp (ID = 190732) 22:46: a0137746.dll (ID = 190732) 22:46: epstplog.txt:mzffsv (ID = 190732) 22:47: Found Adware: spysheriff 22:47: a0136557.exe (ID = 198832) 22:47: dc378.url (ID = 54454) 22:47: dc379.url (ID = 54373) 22:47: dc377.url (ID = 54472) 22:47: credit counseling.url (ID = 130668) 22:47: insurance home.url (ID = 130676) 22:47: mortgage life insurance.url (ID = 130681) 22:47: help desk software.url (ID = 130675) 22:47: ab scissor.url (ID = 130666) 22:47: videos.url (ID = 130694) 22:47: what is hydrocodone.url (ID = 130695) 22:47: online gambling casino.url (ID = 130684) 22:47: refinancing my mortgage.url (ID = 130691) 22:47: debt credit card.url (ID = 130671) 22:47: fha.url (ID = 130673) 22:47: loan for debt consolidation.url (ID = 130677) 22:47: health insurance.url (ID = 130674) 22:47: personal loans online.url (ID = 130688) 22:47: payroll advance.url (ID = 130687) 22:47: marketing email.url (ID = 130679) 22:47: prescription drugs rx online.url (ID = 130690) 22:47: credit report.url (ID = 130669) 22:47: tahoe vacation rental.url (ID = 130692) 22:48: escorts.url (ID = 130672) 22:48: order phentermine.url (ID = 130686) 22:48: mortgage insurance.url (ID = 130680) 22:48: personal loans with bad credit.url (ID = 130689) 22:48: crm software.url (ID = 130670) 22:48: nevada corporations.url (ID = 130682) 22:48: unsecured bad credit loans.url (ID = 130693) 22:48: loan for people with bad credit.url (ID = 130678) 22:48: broadband comparison.url (ID = 130667) 22:48: online betting site.url (ID = 130683) 22:48: online instant loan.url (ID = 130685) 22:48: dc350.url (ID = 54454) 22:48: dc351.url (ID = 54373) 22:48: dc349.url (ID = 54472) 22:48: search the web.url (ID = 54454) 22:48: only sex website.url (ID = 54373) 22:48: seven days of free porn.url (ID = 54472) 22:48: Found Adware: java byteverify 22:48: gummy.class-5cefca2b-1b3cadb3.class (ID = 64824) 22:52: File Sweep Complete, Elapsed Time: 00:26:30 22:52: Full Sweep has completed. Elapsed time 00:29:45 22:52: Traces Found: 93 22:54: Removal process initiated 22:55: Quarantining All Traces: cws_ns3 22:55: Quarantining All Traces: spysheriff 22:55: Quarantining All Traces: coolwebsearch (cws) 22:55: Quarantining All Traces: cws_ns3 hijacker 22:55: Quarantining All Traces: java byteverify 22:55: Quarantining All Traces: security iguard 22:55: Quarantining All Traces: advertising cookie 22:55: Quarantining All Traces: atlas dmt cookie 22:55: Quarantining All Traces: belnk cookie 22:55: Quarantining All Traces: maxserving cookie 22:55: Quarantining All Traces: ru4 cookie 22:55: Quarantining All Traces: trafficmp cookie 22:55: Quarantining All Traces: tribalfusion cookie 22:55: Quarantining All Traces: xiti cookie 22:55: Quarantining All Traces: yieldmanager cookie 22:56: Preparing to restart your computer. Please wait... 22:56: Removal process completed. Elapsed time 00:02:33 ******** 22:11: | Start of Session, 29 novembre 2005 | 22:11: Spy Sweeper started 22:11: Your spyware definitions have been updated. 22:22: | End of Session, 29 novembre 2005 | voici maintenant le HIjackthis : Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ACS.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\EASYPH~1\Apache\apache.exe C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\system32\DVDRAMSV.exe C:\PROGRA~1\EASYPH~1\MySql\bin\mysqld.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\EASYPH~1\Apache\apache.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\TOSHIBA\TouchPad\TPTray.exe C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\WINDOWS\System32\ZoomingHook.exe C:\WINDOWS\System32\TCtrlIOHook.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe C:\WINDOWS\system32\TPSMain.exe C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\RAMASST.exe C:\WINDOWS\system32\WTablet\TabUserW.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\Sierra Wireless Inc\AirCard 555\Generic\Components\SwiWiFiComm.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\Tablet.exe C:\WINDOWS\system32\TPSBattM.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Adobe\Adobe Photoshop CS2\Photoshop.exe C:\DOCUME~1\OLIVIE~1\LOCALS~1\Temp\Adobelm_Cleanup.0001 C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe C:\DOCUME~1\OLIVIE~1\LOCALS~1\Temp\Adobelm_Cleanup.0001 C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\Olivier Bourgeois\Desktop\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R3 - Default URLSearchHook is missing O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {24D7F30F-899B-1DBE-BFBF-BD478BF760FD} - (no file) O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: (no name) - {69C0A8D5-09FF-0C21-6FB1-DD6D344A8BBF} - (no file) O2 - BHO: (no name) - {9B46EFA0-A8CD-6ED9-3D1F-B1FF1A5FC359} - (no file) O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [ZoomingHook] c:\WINDOWS\System32\ZoomingHook.exe O4 - HKLM\..\Run: [TCtryIOHook] c:\WINDOWS\System32\TCtrlIOHook.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe O4 - HKLM\..\Run: [TFncKy] TFncKy.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient O4 - HKLM\..\Run: [EPSON Stylus CX4600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE /P26 "EPSON Stylus CX4600 Series" /O6 "USB001" /M "Stylus CX4600" O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {22A88341-AFCB-45F0-A856-C2BAE74F878E} - http://www.20x2p.com/d02b7637/enter.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103fd.bay103.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\mslq.exe" /s (file missing) O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apache - Unknown owner - C:\PROGRA~1\EASYPH~1\Apache\apache.exe" --ntservice (file missing) O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: MySql - Unknown owner - C:\PROGRA~1\EASYPH~1\MySql\bin\mysqld.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe O23 - Service: SwiWiFiComm - Unknown owner - C:\Program Files\Sierra Wireless Inc\AirCard 555\Generic\Components\SwiWiFiComm.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

Merci beaucoup Birkoff!!! J'ai fait ce que tu m'a dit et je crois que ca n'a pas fait de tort Maintenant, je vais attendre la réponse de charles ingals pour mon problème d'installeur. Merci bcp a vous 2! Mon portable se porte beaucoup mieux depuis que vous êtes arrivé dans sa vie hehehe

''-Télécharge EasyCleaner(installe le dans son dossier): http://personal.inet.fi/business/toniarts/...0.exe'' Salut! Lorsque je dowload le fichier EClea2_0.exe.... et que je click dessus... il ne se passe rien dutout. Aucun installeur apparait à l'écran donc je ne vois pas vraiment comment je pourrais l'installaller dans ''son dossier'' ? Merci

resalut! Malheureusement, je n'ai pas pu copier le session log dans spy sweeper! Je ne l'ai pas trouvé, par contre, voici le log de highjack this. En passant je suis TRÈS heureux de voir que mon problème de homepage semble arrangé!!! MILLE merci a toi. Maintenant, reste a voir si les pop ups vont revenir. D'ici la, voici le log : C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ACS.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\EASYPH~1\Apache\apache.exe C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\system32\DVDRAMSV.exe C:\PROGRA~1\EASYPH~1\MySql\bin\mysqld.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\PROGRA~1\EASYPH~1\Apache\apache.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe C:\WINDOWS\Explorer.EXE C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\TOSHIBA\TouchPad\TPTray.exe C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\WINDOWS\System32\ZoomingHook.exe C:\WINDOWS\System32\TCtrlIOHook.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe C:\WINDOWS\system32\TPSMain.exe C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\RAMASST.exe C:\Program Files\Apoint2K\Apntex.exe C:\WINDOWS\system32\WTablet\TabUserW.exe C:\Program Files\Sierra Wireless Inc\AirCard 555\Generic\Components\SwiWiFiComm.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\Tablet.exe C:\WINDOWS\system32\TPSBattM.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Microsoft Office\Office\WINWORD.EXE C:\Program Files\Messenger\msmsgs.exe C:\Documents and Settings\Olivier Bourgeois\Desktop\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R3 - Default URLSearchHook is missing O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Class - {24D7F30F-899B-1DBE-BFBF-BD478BF760FD} - C:\WINDOWS\system32\msaa32.dll (file missing) O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: Class - {69C0A8D5-09FF-0C21-6FB1-DD6D344A8BBF} - C:\WINDOWS\ntgu.dll (file missing) O2 - BHO: Class - {9B46EFA0-A8CD-6ED9-3D1F-B1FF1A5FC359} - C:\WINDOWS\crbm.dll (file missing) O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [ZoomingHook] c:\WINDOWS\System32\ZoomingHook.exe O4 - HKLM\..\Run: [TCtryIOHook] c:\WINDOWS\System32\TCtrlIOHook.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe O4 - HKLM\..\Run: [TFncKy] TFncKy.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient O4 - HKLM\..\Run: [CyberLat Ram Cleaner] C:\Program Files\CyberLat\CyberLat RAM Cleaner 2,0\CLRamCleaner.exe O4 - HKLM\..\Run: [EPSON Stylus CX4600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE /P26 "EPSON Stylus CX4600 Series" /O6 "USB001" /M "Stylus CX4600" O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [uniUploader] C:\Program Files\Uni-Uploader\UniUploader.exe O4 - HKLM\..\Run: [apiby32.exe] C:\WINDOWS\apiby32.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {22A88341-AFCB-45F0-A856-C2BAE74F878E} - http://www.20x2p.com/d02b7637/enter.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103fd.bay103.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\mslq.exe" /s (file missing) O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apache - Unknown owner - C:\PROGRA~1\EASYPH~1\Apache\apache.exe" --ntservice (file missing) O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: MySql - Unknown owner - C:\PROGRA~1\EASYPH~1\MySql\bin\mysqld.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe O23 - Service: SwiWiFiComm - Unknown owner - C:\Program Files\Sierra Wireless Inc\AirCard 555\Generic\Components\SwiWiFiComm.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

merci beaucoup pour ton temps! je fais ca a l'instant je reviens tantot

Bonjour! j'ai des problèmes avec la sécurité sur mon ordinateur. Je recois constamment des messages du genre 'Windows Security Center : Warning : Windows Firewall detected suspicious network activity on your computer. Malicious software codes try to steal your privacy information, such as credit card numbers, electronic mail accounts, financial data or passwords. Do you want to learn how to protect your computer?' Je ne sais plus quoi faire dutout. 2 amis programmeurs ont tenté de m'aider et personne n'a réussi encore.. Voici les problèmes que j'ai : -Popup d'une fenêtre Windows Security Center -Apparition du petit bouclier rouge aux allures de Norton me disant dacheter un anti-spy -Fenêtre d'accueil gelé a blank affichant un site d'antispy (impossible de la modifier) -Apparition de pop ups de publicités -Il y a de ca trois jour, mon desktop sest changé tout seul et à afficher un message de virus en fond d'écran -Un message note pad est apparu par lui meme et un mesage s'est tapé en real time Voici ce que j'ai tenté de faire jusqu'à présent, avant d'écrire sur ce forum : -J'ai lu le tutorial que propose ce forum -j'ai consulté plusieurs thread sur plusieurs forums -J'ai fait rouler HiJackThis et j'ai tenté de supprimer les fichiers de type R1 -Je suis aller deleter à la source les fichiers louche .dll dans windows -j'ai deleter manuellement des fichiers dans add/remove mais.... je suis incapable de deleter ceux relier a coolWebSearch -J'ai réinstaller Norton et je l'ai passé en mode sans échec -J'ai deleter les R1, redemarrer et passé un par un : Spybot search and destroy, adaware et norton -j'ai deleter tous mes temp files Lors que je click 'fix this' avec hijackthis, tout se remet au démarrage..... Bref aucun de ces outils n'a réussi à enlever mes problème. De l'aide serait fortement apprécié!! voivi mon log (les R1 sont revenu puisque même si je les delete.. il se réactive au lancement de IE è chauqe fois : Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ACS.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\EASYPH~1\Apache\apache.exe C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\system32\DVDRAMSV.exe C:\PROGRA~1\EASYPH~1\MySql\bin\mysqld.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\EASYPH~1\Apache\apache.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Sierra Wireless Inc\AirCard 555\Generic\Components\SwiWiFiComm.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\Tablet.exe C:\WINDOWS\system32\mslq.exe C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\TOSHIBA\TouchPad\TPTray.exe C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\WINDOWS\System32\ZoomingHook.exe C:\WINDOWS\System32\TCtrlIOHook.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe C:\WINDOWS\system32\TPSMain.exe C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Apoint2K\Apntex.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\system32\appzg.exe C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\RAMASST.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\WTablet\TabUserW.exe C:\WINDOWS\system32\TPSBattM.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Adobe\Adobe Photoshop CS2\Photoshop.exe C:\DOCUME~1\OLIVIE~1\LOCALS~1\Temp\Adobelm_Cleanup.0001 C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe C:\DOCUME~1\OLIVIE~1\LOCALS~1\Temp\Adobelm_Cleanup.0001 C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Olivier Bourgeois\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\ebxhw.dll/sp.html#44768 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\ebxhw.dll/sp.html#44768 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\ebxhw.dll/sp.html#44768 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\ebxhw.dll/sp.html#44768 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\ebxhw.dll/sp.html#44768 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\ebxhw.dll/sp.html#44768 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\ebxhw.dll/sp.html#44768 R3 - Default URLSearchHook is missing O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Class - {233DFA5E-F204-29B4-564A-8AA698602B60} - C:\WINDOWS\system32\javapk32.dll O2 - BHO: Class - {24D7F30F-899B-1DBE-BFBF-BD478BF760FD} - C:\WINDOWS\system32\msaa32.dll (file missing) O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: Class - {69C0A8D5-09FF-0C21-6FB1-DD6D344A8BBF} - C:\WINDOWS\ntgu.dll (file missing) O2 - BHO: Class - {9B46EFA0-A8CD-6ED9-3D1F-B1FF1A5FC359} - C:\WINDOWS\crbm.dll (file missing) O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [ZoomingHook] c:\WINDOWS\System32\ZoomingHook.exe O4 - HKLM\..\Run: [TCtryIOHook] c:\WINDOWS\System32\TCtrlIOHook.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe O4 - HKLM\..\Run: [TFncKy] TFncKy.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient O4 - HKLM\..\Run: [CyberLat Ram Cleaner] C:\Program Files\CyberLat\CyberLat RAM Cleaner 2,0\CLRamCleaner.exe O4 - HKLM\..\Run: [EPSON Stylus CX4600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE /P26 "EPSON Stylus CX4600 Series" /O6 "USB001" /M "Stylus CX4600" O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [uniUploader] C:\Program Files\Uni-Uploader\UniUploader.exe O4 - HKLM\..\Run: [apiby32.exe] C:\WINDOWS\apiby32.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [appzg.exe] C:\WINDOWS\system32\appzg.exe O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {22A88341-AFCB-45F0-A856-C2BAE74F878E} - http://www.20x2p.com/d02b7637/enter.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103fd.bay103.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\mslq.exe" /s (file missing) O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apache - Unknown owner - C:\PROGRA~1\EASYPH~1\Apache\apache.exe" --ntservice (file missing) O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: MySql - Unknown owner - C:\PROGRA~1\EASYPH~1\MySql\bin\mysqld.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: SwiWiFiComm - Unknown owner - C:\Program Files\Sierra Wireless Inc\AirCard 555\Generic\Components\SwiWiFiComm.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe MERCI!!