[Saleté de dofgnqmsld!fjdfg Spyware [résolu]]

 

jv 16 a trouvé tout ca

 

jv16 PowerTools 1.3 - Chercheur de Registre

[ Racine, Clé, Entrée, Valeur, Modifié le ]

 

HKEY_USERS, .DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\sidefind.com, {CLE}, {CLE}, 21.04.2006, 14:39, .DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\sidefind.com

HKEY_USERS, .DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sidefind.com, {CLE}, {CLE}, 21.04.2006, 14:39, .DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sidefind.com

HKEY_USERS, S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\sidefind.com, {CLE}, {CLE}, 21.04.2006, 14:39, S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\sidefind.com

HKEY_USERS, S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sidefind.com, {CLE}, {CLE}, 21.04.2006, 14:39, S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sidefind.com

HKEY_USERS, S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\sidefind.com, {CLE}, {CLE}, 21.04.2006, 14:39, S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\sidefind.com

HKEY_USERS, S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sidefind.com, {CLE}, {CLE}, 21.04.2006, 14:39, S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sidefind.com

HKEY_USERS, S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\sidefind.com, {CLE}, {CLE}, 21.04.2006, 14:39, S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\sidefind.com

HKEY_USERS, S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sidefind.com, {CLE}, {CLE}, 21.04.2006, 14:39, S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sidefind.com

HKEY_USERS, S-1-5-21-1644491937-1482476501-839522115-1003\Software\ahead\Nero - Burning ROM\Browser, ShowPureUpperNamesInDownCases, N/A, 13.11.2004, 07:06, S-1-5-21-1644491937-1482476501-839522115-1003\Software\ahead\Nero - Burning ROM\Browser

HKEY_USERS, S-1-5-21-1644491937-1482476501-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\sidefind.com, {CLE}, {CLE}, 21.04.2006, 14:39, S-1-5-21-1644491937-1482476501-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\sidefind.com

HKEY_USERS, S-1-5-21-1644491937-1482476501-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sidefind.com, {CLE}, {CLE}, 21.04.2006, 14:39, S-1-5-21-1644491937-1482476501-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sidefind.com

HKEY_LOCAL_MACHINE, SOFTWARE\Ahead\Nero - Burning ROM\Browser, ShowPureUpperNamesInDownCases, N/A, 13.11.2004, 07:06, SOFTWARE\Ahead\Nero - Burning ROM\Browser

HKEY_LOCAL_MACHINE, SOFTWARE\Classes\CCListBar.ListBar\Clsid, {CLE}, {CLE}, 09.04.2006, 13:57, SOFTWARE\Classes\CCListBar.ListBar\Clsid

HKEY_LOCAL_MACHINE, SOFTWARE\Classes\CCListBar.ListBar, @, CCListBar.ListBar, 09.04.2006, 13:57, SOFTWARE\Classes\CCListBar.ListBar

HKEY_LOCAL_MACHINE, SOFTWARE\Classes\CCListBar.ListBar, {CLE}, {CLE}, 09.04.2006, 13:57, SOFTWARE\Classes\CCListBar.ListBar

HKEY_LOCAL_MACHINE, SOFTWARE\Classes\CLSID\{4813D02C-2D62-418E-A62D-46DB093202CF}\InprocServer32, @, D:\CCleaner\CCListBar.ocx, 08.08.2005, 16:38, SOFTWARE\Classes\CLSID\{4813D02C-2D62-418E-A62D-46DB093202CF}\InprocServer32

HKEY_LOCAL_MACHINE, SOFTWARE\Classes\CLSID\{4813D02C-2D62-418E-A62D-46DB093202CF}\ProgID, @, CCListBar.ListBar, 08.08.2005, 16:38, SOFTWARE\Classes\CLSID\{4813D02C-2D62-418E-A62D-46DB093202CF}\ProgID

HKEY_LOCAL_MACHINE, SOFTWARE\Classes\CLSID\{4813D02C-2D62-418E-A62D-46DB093202CF}\ToolboxBitmap32, @, D:\CCleaner\CCListBar.ocx, 30000, 08.08.2005, 16:38, SOFTWARE\Classes\CLSID\{4813D02C-2D62-418E-A62D-46DB093202CF}\ToolboxBitmap32

HKEY_LOCAL_MACHINE, SOFTWARE\Classes\CLSID\{4813D02C-2D62-418E-A62D-46DB093202CF}, @, CCListBar.ListBar, 08.08.2005, 16:38, SOFTWARE\Classes\CLSID\{4813D02C-2D62-418E-A62D-46DB093202CF}

HKEY_LOCAL_MACHINE, SOFTWARE\Classes\Interface\{124ED4B2-DB16-417C-BDB6-2D32AA2BE4F0}, @, ListBar, 09.04.2006, 13:57, SOFTWARE\Classes\Interface\{124ED4B2-DB16-417C-BDB6-2D32AA2BE4F0}

HKEY_LOCAL_MACHINE, SOFTWARE\Classes\Interface\{17848AC1-9647-4F78-818C-26C0ED4FD000}, @, ListBar, 08.08.2005, 16:38, SOFTWARE\Classes\Interface\{17848AC1-9647-4F78-818C-26C0ED4FD000}

HKEY_LOCAL_MACHINE, SOFTWARE\Classes\Interface\{46F147F4-FBB9-44DE-8942-3B3B42D84945}, @, ListBar, 08.08.2005, 16:38, SOFTWARE\Classes\Interface\{46F147F4-FBB9-44DE-8942-3B3B42D84945}

HKEY_LOCAL_MACHINE, SOFTWARE\Classes\Interface\{543205F2-3AD7-4B6C-BE86-D6FB81EB52DB}, @, ListBar, 08.08.2005, 16:38, SOFTWARE\Classes\Interface\{543205F2-3AD7-4B6C-BE86-D6FB81EB52DB}

HKEY_LOCAL_MACHINE, SOFTWARE\Classes\Interface\{95F138DF-186F-4837-952A-C030030AECD0}, @, ListBar, 08.08.2005, 16:38, SOFTWARE\Classes\Interface\{95F138DF-186F-4837-952A-C030030AECD0}

HKEY_LOCAL_MACHINE, SOFTWARE\Classes\Interface\{D0DD2821-4DB7-4799-B18E-875C592A07CD}, @, ListBar, 09.04.2006, 13:57, SOFTWARE\Classes\Interface\{D0DD2821-4DB7-4799-B18E-875C592A07CD}

HKEY_LOCAL_MACHINE, SOFTWARE\Classes\TypeLib\{22B9829C-7E92-4259-BDFF-4DDDBFBF01C5}\1.1\0\win32, @, D:\CCleaner\CCListBar.ocx, 08.08.2005, 16:38, SOFTWARE\Classes\TypeLib\{22B9829C-7E92-4259-BDFF-4DDDBFBF01C5}\1.1\0\win32

HKEY_LOCAL_MACHINE, SOFTWARE\Classes\TypeLib\{22B9829C-7E92-4259-BDFF-4DDDBFBF01C5}\1.1, @, CCListBar, 08.08.2005, 16:38, SOFTWARE\Classes\TypeLib\{22B9829C-7E92-4259-BDFF-4DDDBFBF01C5}\1.1

HKEY_LOCAL_MACHINE, SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\sidefind.com, {CLE}, {CLE}, 21.04.2006, 14:39, SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\sidefind.com

 

j'ai je ferais le scan demain bonne nuit les petits faitent de beau rèves

[Saleté de dofgnqmsld!fjdfg Spyware [résolu]]

 

encore moi j'ai regardé le fichier > Iesearch.exe < il fait 8.95 Go

 

f3pssavr.scr c'est un écran de veille je l'ai viré

 

pour le reste j'attend des nouvelles

 

merci et bonne nuit

 

[Saleté de dofgnqmsld!fjdfg Spyware [résolu]]

 

c'est dentesque

 

 

 

Incident Statut Analyse

 

Outil indésirable:application/mywebsearch No Désinfecté c:\windows\system32\f3pssavr.scr

Adware:adware/ilookup No Désinfecté c:\program files\internet explorer\Iesearch.exe

Outil indésirable:application/funweb No Désinfecté hkey_local_machine\software\FunWebProducts

Adware:adware/diytoolbar No Désinfecté Registre Windows

Adware:adware/ist.istbar No Désinfecté Registre Windows

Adware:adware/ncase No Désinfecté Registre Windows

Adware:adware/ist.sidefind No Désinfecté Registre Windows

Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\Jean-Pierre\Application Data\Mozilla\Profiles\default\oq6ubwee.slt\cookies.txt[.xiti.com/]

Spyware:Cookie/Weborama No Désinfecté C:\Documents and Settings\Jean-Pierre\Cookies\jean-pierre@weborama[1].txt

Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\Jean-Pierre\Cookies\jean-pierre@xiti[1].txt

Virus Eventuel. No Désinfecté D:\ATF-cleaner\ATF-Cleaner.exe

Virus Eventuel. No Désinfecté R:\Alcoho.rar[setup.msi][unk_0046]

Virus Eventuel. No Désinfecté R:\ATF-Cleaner.exe

 

mais d'ou ça sort tout ca

 

j'ai viré les points de réstaurations je pense qu'il faut aussi virer la sauvegarde ghost c'est plus sur

 

bon je vais finir de voir le championnat du monde de snooker a sheffield @ +

[Saleté de dofgnqmsld!fjdfg Spyware [résolu]]

 

bonjour c'est fait mais j'ai fait une erreur j'ai tout viré Webcamfirst est un logiciel pour webCam

 

sinon a part le clavier ça roule

 

pour mémoire la touche caps lock fait office de touche windows donc je peu pas frapper en majuscule

 

 

a plus tard

[Saleté de dofgnqmsld!fjdfg Spyware [résolu]]

1 To a scaner C'est long

 

voila ça donne ça

 

 

Incident Statut Analyse

 

Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\Jean-Pierre\Application Data\Mozilla\Profiles\default\oq6ubwee.slt\cookies.txt[.xiti.com/]

Spyware:Cookie/Weborama No Désinfecté C:\Documents and Settings\Jean-Pierre\Cookies\jean-pierre@weborama[1].txt

Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\Jean-Pierre\Cookies\jean-pierre@xiti[1].txt

Adware:Adware/Lop No Désinfecté C:\Documents and Settings\Jean-Pierre\Menu Démarrer\Programmes\Nettoyage\new_uninstall.exe

Adware:Adware/Trebuh No Désinfecté C:\RECYCLER\NPROTECT\00273479.exe

Virus Eventuel. No Désinfecté C:\WINDOWS\system32\dmzva.exe

Virus Eventuel. No Désinfecté D:\ATF-cleaner\ATF-Cleaner.exe

Outil indésirable:Application/FunWeb No Désinfecté D:\Hijackthis\backups\backup-20060423-185244-671.inf

Virus Eventuel. No Désinfecté D:\Webcamfirst\webcamfirst.exe

[Saleté de dofgnqmsld!fjdfg Spyware [résolu]]

Bonsoir

 

---------------------------------------------------------

ewido anti-malware - Rapport de scan

---------------------------------------------------------

 

+ Créé le: 00:20:44, 24/04/2006

+ Somme de contrôle: BABB8F6D

 

+ Résultats du scan:

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ISTactivex.dll -> Adware.ISTBar : Nettoyer et sauvegarder

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\AMeOpt -> Adware.InternetOptimizer : Nettoyer et sauvegarder

HKLM\SYSTEM\CurrentControlSet\Services\ZESOFT -> Adware.NaviSearch : Nettoyer et sauvegarder

:mozilla.13:C:\Documents and Settings\Jean-Pierre\Application Data\Mozilla\Profiles\default\oq6ubwee.slt\cookies.txt -> TrackingCookie.Googleadservices : Nettoyer et sauvegarder

:mozilla.14:C:\Documents and Settings\Jean-Pierre\Application Data\Mozilla\Profiles\default\oq6ubwee.slt\cookies.txt -> TrackingCookie.Weborama : Nettoyer et sauvegarder

:mozilla.15:C:\Documents and Settings\Jean-Pierre\Application Data\Mozilla\Profiles\default\oq6ubwee.slt\cookies.txt -> TrackingCookie.Weborama : Nettoyer et sauvegarder

:mozilla.16:C:\Documents and Settings\Jean-Pierre\Application Data\Mozilla\Profiles\default\oq6ubwee.slt\cookies.txt -> TrackingCookie.Weborama : Nettoyer et sauvegarder

C:\WINDOWS\system32\csopg.exe -> Downloader.Agent.uj : Nettoyer et sauvegarder

 

 

::Fin du rapport

 

 

Logfile of HijackThis v1.99.1

Scan saved at 23:43:20, on 23/04/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe

C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe

C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\ATKKBService.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\drivers\CDAC11BA.EXE

C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE

C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe

C:\WINDOWS\system32\cisvc.exe

C:\WINDOWS\System32\DVDRAMSV.exe

D:\ewido anti-malware\ewidoctrl.exe

D:\ewido anti-malware\ewidoguard.exe

C:\WINDOWS\System32\GEARSec.exe

C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

D:\Symantec\Norton Ghost\Agent\PQV2iSvc.exe

C:\PROGRA~1\NORTON~1\NORTON~4\NPROTECT.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe

C:\WINDOWS\System32\svchost.exe

D:\Wamp\mysql\bin\mysqld-nt.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe

C:\WINDOWS\Anvshell.exe

C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe

C:\Program Files\ASUS\Probe\AsusProb.exe

C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe

C:\Program Files\Microsoft Partner Pack\Onfolio Express\onfserv.exe

D:\Symantec\Norton Ghost\Agent\GhostTray.exe

C:\Program Files\Microsoft IntelliPoint\point32.exe

C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe

D:\ASUSTek\ASUSDVD\PDVDServ.exe

C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Microsoft IntelliType Pro\type32.exe

C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

D:\Winpooch\Winpooch.exe

C:\Program Files\Microsoft Money\System\mnyexpr.exe

D:\Copernic Desktop Search\CopernicDesktopSearch.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Norton SystemWorks\Norton CleanSweep\CsinsmNT.exe

C:\WINDOWS\system32\RAMASST.exe

D:\Change Ecran\Change Ecran.exe

C:\WINDOWS\system32\ntvdm.exe

C:\Program Files\Microsoft Office\Office10\msoffice.exe

D:\HotKeys\HotKeys.exe

D:\MB Softs\MB Clock\mbclock.exe

C:\WINDOWS\system32\ntvdm.exe

C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE

C:\WINDOWS\system32\cidaemon.exe

D:\eMule\emule.exe

C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe

D:\Hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - D:\GetRight\xx2gr.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: BHO pour Compagnon Web Encarta - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL

O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll

O2 - BHO: Onfolio Helper - {ba727652-f90e-4d82-9ce4-98766dffc375} - C:\Program Files\Microsoft Partner Pack\Onfolio Express\onfoliox.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - D:\STARDO~1\SDIEInt.dll

O3 - Toolbar: Onfolio - {1fea1109-9f65-4fdc-aec5-033f6cc60641} - mscoree.dll (file missing)

O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL

O3 - Toolbar: Copernic Desktop Search - {C5F7A735-70F1-477F-8C36-6FF3C736017B} - D:\Copernic Desktop Search\CopernicDesktopSearchIntegration974.dll

O4 - HKLM\..\Run: [Anvshell] C:\WINDOWS\Anvshell.exe

O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe

O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe

O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp

O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup

O4 - HKLM\..\Run: [OnfolioStorage] "C:\Program Files\Microsoft Partner Pack\Onfolio Express\onfserv.exe" nosignal

O4 - HKLM\..\Run: [Norton Ghost 9.0] D:\Symantec\Norton Ghost\Agent\GhostTray.exe

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [urlLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [RemoteControl] D:\ASUSTek\ASUSDVD\PDVDServ.exe

O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [Winpooch] D:\Winpooch\Winpooch.exe

O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"

O4 - HKCU\..\Run: [Copernic Desktop Search] "D:\Copernic Desktop Search\CopernicDesktopSearch.exe" /tray

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Startup: Change Ecran.LNK = D:\Change Ecran\Change Ecran.exe

O4 - Startup: HotKeys.lnk = ?

O4 - Startup: mbclock.lnk = D:\MB Softs\MB Clock\mbclock.exe

O4 - Startup: Mezaniv.lnk = D:\Mezaniv\MEZANIV.EXE

O4 - Startup: MSN Pictures Displayer.lnk = D:\MSN Pictures Displayer\MSN Pictures Displayer.exe

O4 - Startup: Norton System Doctor.LNK = C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = C:\Program Files\Norton SystemWorks\Norton CleanSweep\CsinsmNT.exe

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = D:\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe

O4 - Global Startup: Thumbs.db

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html

O8 - Extra context menu item: Capture &Image To Onfolio... - res://C:\Program Files\Microsoft Partner Pack\Onfolio Express\Onfolio.WindowsResources.dll/AddEntryFromDocumentElement.html

O8 - Extra context menu item: Capture &Page To Onfolio... - res://C:\Program Files\Microsoft Partner Pack\Onfolio Express\Onfolio.WindowsResources.dll/AddLinkEntryFromDocument.html

O8 - Extra context menu item: Capture &Snippet To Onfolio... - res://C:\Program Files\Microsoft Partner Pack\Onfolio Express\Onfolio.WindowsResources.dll/AddEntryFromDocumentSelection.html

O8 - Extra context menu item: Capture &Target To Onfolio... - res://C:\Program Files\Microsoft Partner Pack\Onfolio Express\Onfolio.WindowsResources.dll/AddEntryFromDocumentElement.html

O8 - Extra context menu item: Chercher avec Copernic Agent - D:\Copernic Agent\Web\SearchExt.htm

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Ouvrir avec GetRight - D:\GetRight\GRbrowse.htm

O8 - Extra context menu item: Ouvrir le cadre dans une nouvelle fenêtre - file://C:\WINDOWS\web\nvcadre.html

O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: Surligner en Jaune - C:\WINDOWS\web\MarqueurFluoYellow.htm

O8 - Extra context menu item: Télecharger avec GetRight - D:\GetRight\GRdownload.htm

O8 - Extra context menu item: Télécharger avec Star Downloader - D:\Star Downloader\sdie.htm

O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: Voir les cookies - C:\WINDOWS\web\showcookies.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - D:\COPERN~1\COPERN~1.EXE

O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - D:\COPERN~1\COPERN~1.EXE

O9 - Extra button: (no name) - {2fc2f9a4-c43e-42c0-9490-19d6be8b1726} - mscoree.dll (file missing)

O9 - Extra 'Tools' menuitem: Onfolio Capture... - {2fc2f9a4-c43e-42c0-9490-19d6be8b1726} - mscoree.dll (file missing)

O9 - Extra button: Onfolio - {30e2a68b-20f5-419d-bbb9-dce92edc4e67} - mscoree.dll (file missing)

O9 - Extra 'Tools' menuitem: Onfolio Collection Explorer - {30e2a68b-20f5-419d-bbb9-dce92edc4e67} - mscoree.dll (file missing)

O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - D:\COPERN~1\COPERN~1.EXE

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\AIM95\aim.exe

O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: Downloads - {FA89F458-2DF1-494a-A66D-47BF7F04E713} - C:\WINDOWS\system32\Shdocvw.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe

O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE

O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe

O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe

O23 - Service: ewido security suite control - ewido networks - D:\ewido anti-malware\ewidoctrl.exe

O23 - Service: ewido security suite guard - ewido networks - D:\ewido anti-malware\ewidoguard.exe

O23 - Service: Service de sécurité matérielle (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\GEARSec.exe

O23 - Service: IAA Event Monitor (IAANTMon) - Intel - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton Ghost - Symantec Corporation - D:\Symantec\Norton Ghost\Agent\PQV2iSvc.exe

O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~4\NPROTECT.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe

O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~4\SPEEDD~1\NOPDB.EXE

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe

O23 - Service: wampmysqld - Unknown owner - D:\Wamp\mysql\bin\mysqld-nt.exe

 

 

c'est quoi ce truc > ctfmon.exe (3868) : Reg::SetValue (HKU\S-1-5-21-1644491937-1482476501-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run, ctfmon.exe) -> rejected

 

pour blacklight ya pas de case (x)scan though Windows Explorer ?? ya pas de txt non plus il a rien trouvé

 

bon @ +

[Saleté de dofgnqmsld!fjdfg Spyware [résolu]]

 

bon voila

 

Logfile of HijackThis v1.99.1

Scan saved at 19:29:11, on 23/04/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

D:\Hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - D:\GetRight\xx2gr.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: BHO pour Compagnon Web Encarta - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL

O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll

O2 - BHO: Onfolio Helper - {ba727652-f90e-4d82-9ce4-98766dffc375} - C:\Program Files\Microsoft Partner Pack\Onfolio Express\onfoliox.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - D:\STARDO~1\SDIEInt.dll

O3 - Toolbar: Onfolio - {1fea1109-9f65-4fdc-aec5-033f6cc60641} - mscoree.dll (file missing)

O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL

O3 - Toolbar: Copernic Desktop Search - {C5F7A735-70F1-477F-8C36-6FF3C736017B} - D:\Copernic Desktop Search\CopernicDesktopSearchIntegration974.dll

O4 - HKLM\..\Run: [Anvshell] C:\WINDOWS\Anvshell.exe

O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe

O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe

O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp

O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup

O4 - HKLM\..\Run: [OnfolioStorage] "C:\Program Files\Microsoft Partner Pack\Onfolio Express\onfserv.exe" nosignal

O4 - HKLM\..\Run: [Norton Ghost 9.0] D:\Symantec\Norton Ghost\Agent\GhostTray.exe

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [urlLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [RemoteControl] D:\ASUSTek\ASUSDVD\PDVDServ.exe

O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [Winpooch] D:\Winpooch\Winpooch.exe

O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"

O4 - HKCU\..\Run: [Copernic Desktop Search] "D:\Copernic Desktop Search\CopernicDesktopSearch.exe" /tray

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Startup: Change Ecran.LNK = D:\Change Ecran\Change Ecran.exe

O4 - Startup: HotKeys.lnk = ?

O4 - Startup: mbclock.lnk = D:\MB Softs\MB Clock\mbclock.exe

O4 - Startup: Mezaniv.lnk = D:\Mezaniv\MEZANIV.EXE

O4 - Startup: MSN Pictures Displayer.lnk = D:\MSN Pictures Displayer\MSN Pictures Displayer.exe

O4 - Startup: Norton System Doctor.LNK = C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = C:\Program Files\Norton SystemWorks\Norton CleanSweep\CsinsmNT.exe

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = D:\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe

O4 - Global Startup: Thumbs.db

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html

O8 - Extra context menu item: Capture &Image To Onfolio... - res://C:\Program Files\Microsoft Partner Pack\Onfolio Express\Onfolio.WindowsResources.dll/AddEntryFromDocumentElement.html

O8 - Extra context menu item: Capture &Page To Onfolio... - res://C:\Program Files\Microsoft Partner Pack\Onfolio Express\Onfolio.WindowsResources.dll/AddLinkEntryFromDocument.html

O8 - Extra context menu item: Capture &Snippet To Onfolio... - res://C:\Program Files\Microsoft Partner Pack\Onfolio Express\Onfolio.WindowsResources.dll/AddEntryFromDocumentSelection.html

O8 - Extra context menu item: Capture &Target To Onfolio... - res://C:\Program Files\Microsoft Partner Pack\Onfolio Express\Onfolio.WindowsResources.dll/AddEntryFromDocumentElement.html

O8 - Extra context menu item: Chercher avec Copernic Agent - D:\Copernic Agent\Web\SearchExt.htm

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Ouvrir avec GetRight - D:\GetRight\GRbrowse.htm

O8 - Extra context menu item: Ouvrir le cadre dans une nouvelle fenêtre - file://C:\WINDOWS\web\nvcadre.html

O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: Surligner en Jaune - C:\WINDOWS\web\MarqueurFluoYellow.htm

O8 - Extra context menu item: Télecharger avec GetRight - D:\GetRight\GRdownload.htm

O8 - Extra context menu item: Télécharger avec Star Downloader - D:\Star Downloader\sdie.htm

O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: Voir les cookies - C:\WINDOWS\web\showcookies.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - D:\COPERN~1\COPERN~1.EXE

O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - D:\COPERN~1\COPERN~1.EXE

O9 - Extra button: (no name) - {2fc2f9a4-c43e-42c0-9490-19d6be8b1726} - mscoree.dll (file missing)

O9 - Extra 'Tools' menuitem: Onfolio Capture... - {2fc2f9a4-c43e-42c0-9490-19d6be8b1726} - mscoree.dll (file missing)

O9 - Extra button: Onfolio - {30e2a68b-20f5-419d-bbb9-dce92edc4e67} - mscoree.dll (file missing)

O9 - Extra 'Tools' menuitem: Onfolio Collection Explorer - {30e2a68b-20f5-419d-bbb9-dce92edc4e67} - mscoree.dll (file missing)

O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - D:\COPERN~1\COPERN~1.EXE

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\AIM95\aim.exe

O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: Downloads - {FA89F458-2DF1-494a-A66D-47BF7F04E713} - C:\WINDOWS\system32\Shdocvw.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe

O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE

O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe

O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe

O23 - Service: ewido security suite control - ewido networks - D:\ewido anti-malware\ewidoctrl.exe

O23 - Service: ewido security suite guard - ewido networks - D:\ewido anti-malware\ewidoguard.exe

O23 - Service: Service de sécurité matérielle (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\GEARSec.exe

O23 - Service: IAA Event Monitor (IAANTMon) - Intel - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton Ghost - Symantec Corporation - D:\Symantec\Norton Ghost\Agent\PQV2iSvc.exe

O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~4\NPROTECT.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe

O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~4\SPEEDD~1\NOPDB.EXE

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe

O23 - Service: wampmysqld - Unknown owner - D:\Wamp\mysql\bin\mysqld-nt.exe

 

 

voila voila bonne soirée a lundi

[Saleté de dofgnqmsld!fjdfg Spyware [résolu]]

 

re 4e

 

Logfile of HijackThis v1.99.1

Scan saved at 14:35:27, on 23/04/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe

C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe

C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\ATKKBService.exe

C:\WINDOWS\system32\drivers\CDAC11BA.EXE

C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE

C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe

C:\WINDOWS\system32\cisvc.exe

C:\WINDOWS\System32\DVDRAMSV.exe

C:\WINDOWS\System32\GEARSec.exe

C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

D:\Symantec\Norton Ghost\Agent\PQV2iSvc.exe

C:\PROGRA~1\NORTON~1\NORTON~4\NPROTECT.EXE

C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe

C:\WINDOWS\System32\svchost.exe

D:\Wamp\mysql\bin\mysqld-nt.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\Anvshell.exe

C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe

C:\Program Files\ASUS\Probe\AsusProb.exe

C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe

C:\Program Files\Microsoft Partner Pack\Onfolio Express\onfserv.exe

D:\Symantec\Norton Ghost\Agent\GhostTray.exe

C:\Program Files\Microsoft IntelliPoint\point32.exe

C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe

D:\ASUSTek\ASUSDVD\PDVDServ.exe

C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Microsoft IntelliType Pro\type32.exe

C:\WINDOWS\system32\kernels8.exe

C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

D:\Winpooch\Winpooch.exe

C:\Program Files\Microsoft Money\System\mnyexpr.exe

D:\Copernic Desktop Search\CopernicDesktopSearch.exe

C:\Program Files\Norton SystemWorks\Norton CleanSweep\CsinsmNT.exe

C:\WINDOWS\system32\ntvdm.exe

C:\WINDOWS\system32\RAMASST.exe

D:\Change Ecran\Change Ecran.exe

C:\Program Files\Microsoft Office\Office10\msoffice.exe

D:\HotKeys\HotKeys.exe

D:\MB Softs\MB Clock\mbclock.exe

C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE

C:\WINDOWS\system32\cidaemon.exe

C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe

D:\GetRight\GETRIGHT.EXE

D:\GetRight\GETRIGHT.EXE

D:\Mozilla\mozilla.exe

D:\Hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - D:\GetRight\xx2gr.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: BHO pour Compagnon Web Encarta - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL

O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)

O2 - BHO: Onfolio Helper - {ba727652-f90e-4d82-9ce4-98766dffc375} - C:\Program Files\Microsoft Partner Pack\Onfolio Express\onfoliox.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - D:\STARDO~1\SDIEInt.dll

O3 - Toolbar: Onfolio - {1fea1109-9f65-4fdc-aec5-033f6cc60641} - mscoree.dll (file missing)

O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL

O3 - Toolbar: Copernic Desktop Search - {C5F7A735-70F1-477F-8C36-6FF3C736017B} - D:\Copernic Desktop Search\CopernicDesktopSearchIntegration974.dll

O4 - HKLM\..\Run: [Anvshell] C:\WINDOWS\Anvshell.exe

O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe

O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe

O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp

O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup

O4 - HKLM\..\Run: [OnfolioStorage] "C:\Program Files\Microsoft Partner Pack\Onfolio Express\onfserv.exe" nosignal

O4 - HKLM\..\Run: [Norton Ghost 9.0] D:\Symantec\Norton Ghost\Agent\GhostTray.exe

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [urlLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [RemoteControl] D:\ASUSTek\ASUSDVD\PDVDServ.exe

O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"

O4 - HKLM\..\Run: [system] C:\WINDOWS\system32\kernels8.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [Winpooch] D:\Winpooch\Winpooch.exe

O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"

O4 - HKCU\..\Run: [Copernic Desktop Search] "D:\Copernic Desktop Search\CopernicDesktopSearch.exe" /tray

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [ActionScr] runload32.exe

O4 - HKCU\..\Run: [Kargo] Uint32.exe

O4 - HKCU\..\Run: [backd] clamav.exe

O4 - Startup: Change Ecran.LNK = D:\Change Ecran\Change Ecran.exe

O4 - Startup: HotKeys.lnk = ?

O4 - Startup: mbclock.lnk = D:\MB Softs\MB Clock\mbclock.exe

O4 - Startup: Mezaniv.lnk = D:\Mezaniv\MEZANIV.EXE

O4 - Startup: MSN Pictures Displayer.lnk = D:\MSN Pictures Displayer\MSN Pictures Displayer.exe

O4 - Startup: Norton System Doctor.LNK = C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = C:\Program Files\Norton SystemWorks\Norton CleanSweep\CsinsmNT.exe

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = D:\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe

O4 - Global Startup: Thumbs.db

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html

O8 - Extra context menu item: Capture &Image To Onfolio... - res://C:\Program Files\Microsoft Partner Pack\Onfolio Express\Onfolio.WindowsResources.dll/AddEntryFromDocumentElement.html

O8 - Extra context menu item: Capture &Page To Onfolio... - res://C:\Program Files\Microsoft Partner Pack\Onfolio Express\Onfolio.WindowsResources.dll/AddLinkEntryFromDocument.html

O8 - Extra context menu item: Capture &Snippet To Onfolio... - res://C:\Program Files\Microsoft Partner Pack\Onfolio Express\Onfolio.WindowsResources.dll/AddEntryFromDocumentSelection.html

O8 - Extra context menu item: Capture &Target To Onfolio... - res://C:\Program Files\Microsoft Partner Pack\Onfolio Express\Onfolio.WindowsResources.dll/AddEntryFromDocumentElement.html

O8 - Extra context menu item: Chercher avec Copernic Agent - D:\Copernic Agent\Web\SearchExt.htm

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Ouvrir avec GetRight - D:\GetRight\GRbrowse.htm

O8 - Extra context menu item: Ouvrir le cadre dans une nouvelle fenêtre - file://C:\WINDOWS\web\nvcadre.html

O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: Surligner en Jaune - C:\WINDOWS\web\MarqueurFluoYellow.htm

O8 - Extra context menu item: Télecharger avec GetRight - D:\GetRight\GRdownload.htm

O8 - Extra context menu item: Télécharger avec Star Downloader - D:\Star Downloader\sdie.htm

O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: Voir les cookies - C:\WINDOWS\web\showcookies.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - D:\COPERN~1\COPERN~1.EXE

O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - D:\COPERN~1\COPERN~1.EXE

O9 - Extra button: (no name) - {2fc2f9a4-c43e-42c0-9490-19d6be8b1726} - mscoree.dll (file missing)

O9 - Extra 'Tools' menuitem: Onfolio Capture... - {2fc2f9a4-c43e-42c0-9490-19d6be8b1726} - mscoree.dll (file missing)

O9 - Extra button: Onfolio - {30e2a68b-20f5-419d-bbb9-dce92edc4e67} - mscoree.dll (file missing)

O9 - Extra 'Tools' menuitem: Onfolio Collection Explorer - {30e2a68b-20f5-419d-bbb9-dce92edc4e67} - mscoree.dll (file missing)

O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - D:\COPERN~1\COPERN~1.EXE

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\AIM95\aim.exe

O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: Downloads - {FA89F458-2DF1-494a-A66D-47BF7F04E713} - C:\WINDOWS\system32\Shdocvw.dll

O16 - DPF: Interface Chat Voila - http://chat14.x-echo.com/version6/Applet/vchatsign.cab

O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure...teleir_cert.cab

O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...etup1.0.0.8.cab

O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/insta...staller_gmn.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://G:\content\include\XPPatchInstaller.CAB

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by12fd.bay12.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {5F05A225-0F66-43DE-89E4-6FFD589C4F01} (OC web Installer) - http://www.objectcube.com/dc5/aebn/files/o...CubeInstall.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {68A2C3BD-7809-11D3-8ACF-0050046F2F9A} (AXELPlayer Class) - http://www.mindavenue.com/Downloads/AXELPlayerAX_Win32.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1122828321359

O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe

O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE

O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe

O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe

O23 - Service: Service de sécurité matérielle (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\GEARSec.exe

O23 - Service: IAA Event Monitor (IAANTMon) - Intel - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton Ghost - Symantec Corporation - D:\Symantec\Norton Ghost\Agent\PQV2iSvc.exe

O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~4\NPROTECT.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe

O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~4\SPEEDD~1\NOPDB.EXE

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe

O23 - Service: wampmysqld - Unknown owner - D:\Wamp\mysql\bin\mysqld-nt.exe

 

ya du mieux win doctor c'est exécuté tout seul

 

sinon j'ai un vieux problème a résoudre

quand j'appuis sur la touche caps loock elle a l'action de la touche windows se qui fait que je ne peu plus écrire en majuscule

 

bon sinon vous etes génial merci a toi pour ton aide

 

PS : pour les chocolats dit moi ou je les envois

[Saleté de dofgnqmsld!fjdfg Spyware [résolu]]

3e édition bonjour

 

 

Fixwareout ver 1.003

Last edited 04/09/2006

Post this report in the forums please

 

Reg Entries that were deleted

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\xedocne

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\repiwoh

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\23plhps

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\mgcppp

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\tesvaf

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\32refaselif

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\avzmd

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\xedocne

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\gib_ogol

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\repiwoh

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\llun

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\23plhps

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\mgcppp

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\tesvaf

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\32refaselif

...

 

Microsoft ® Windows Script Host Version 5.6

Random Runs removed from HKLM

"dmzva.exe"=-

...

 

PLEASE NOTE, There WILL be LEGIT FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.

Example ipsec6.exe is lagitamate

 

»»»»» Search by size and names...

* csr.exe C:\WINDOWS\System32\CSOPG.EXE

 

»»»»» Misc files

 

»»»»» Checking for older varients covered by the Rem3 tool

 

 

suite

 

Logfile of HijackThis v1.99.1

Scan saved at 14:03:45, on 23/04/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe

C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe

C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\ATKKBService.exe

C:\WINDOWS\system32\drivers\CDAC11BA.EXE

C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE

C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe

C:\WINDOWS\system32\cisvc.exe

C:\WINDOWS\System32\DVDRAMSV.exe

C:\WINDOWS\System32\GEARSec.exe

C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

D:\Symantec\Norton Ghost\Agent\PQV2iSvc.exe

C:\PROGRA~1\NORTON~1\NORTON~4\NPROTECT.EXE

C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe

C:\PROGRA~1\NORTON~1\NORTON~4\SPEEDD~1\NOPDB.EXE

C:\WINDOWS\System32\svchost.exe

D:\Wamp\mysql\bin\mysqld-nt.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe

C:\Program Files\Windows NT\Accessoires\WORDPAD.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\Anvshell.exe

C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe

C:\Program Files\ASUS\Probe\AsusProb.exe

C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe

C:\Program Files\Microsoft Partner Pack\Onfolio Express\onfserv.exe

D:\Symantec\Norton Ghost\Agent\GhostTray.exe

C:\Program Files\Microsoft IntelliPoint\point32.exe

C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe

D:\ASUSTek\ASUSDVD\PDVDServ.exe

C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe

C:\Program Files\Microsoft IntelliType Pro\type32.exe

C:\WINDOWS\system32\kernels8.exe

C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

D:\Winpooch\Winpooch.exe

C:\Program Files\Microsoft Money\System\mnyexpr.exe

D:\Copernic Desktop Search\CopernicDesktopSearch.exe

C:\Program Files\Norton SystemWorks\Norton CleanSweep\CsinsmNT.exe

C:\WINDOWS\system32\ntvdm.exe

C:\WINDOWS\system32\RAMASST.exe

D:\Change Ecran\Change Ecran.exe

C:\Program Files\Microsoft Office\Office10\msoffice.exe

D:\HotKeys\HotKeys.exe

D:\MB Softs\MB Clock\mbclock.exe

C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE

C:\Program Files\Norton SystemWorks\Norton Utilities\Speed Disk\SDNTC.EXE

C:\Program Files\Norton SystemWorks\Norton Utilities\WDSCAN.EXE

D:\Hijackthis\HijackThis.exe

C:\WINDOWS\system32\cidaemon.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - D:\GetRight\xx2gr.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: BHO pour Compagnon Web Encarta - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL

O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)

O2 - BHO: Onfolio Helper - {ba727652-f90e-4d82-9ce4-98766dffc375} - C:\Program Files\Microsoft Partner Pack\Onfolio Express\onfoliox.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - D:\STARDO~1\SDIEInt.dll

O3 - Toolbar: Onfolio - {1fea1109-9f65-4fdc-aec5-033f6cc60641} - mscoree.dll (file missing)

O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL

O3 - Toolbar: Copernic Desktop Search - {C5F7A735-70F1-477F-8C36-6FF3C736017B} - D:\Copernic Desktop Search\CopernicDesktopSearchIntegration974.dll

O4 - HKLM\..\Run: [Anvshell] C:\WINDOWS\Anvshell.exe

O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe

O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe

O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp

O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup

O4 - HKLM\..\Run: [OnfolioStorage] "C:\Program Files\Microsoft Partner Pack\Onfolio Express\onfserv.exe" nosignal

O4 - HKLM\..\Run: [Norton Ghost 9.0] D:\Symantec\Norton Ghost\Agent\GhostTray.exe

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [urlLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [RemoteControl] D:\ASUSTek\ASUSDVD\PDVDServ.exe

O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"

O4 - HKLM\..\Run: [system] C:\WINDOWS\system32\kernels8.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [bnui] porka_.exe

O4 - HKLM\..\Run: [boundRec] ERTYDF.exe

O4 - HKLM\..\Run: [Winpooch] D:\Winpooch\Winpooch.exe

O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"

O4 - HKCU\..\Run: [Copernic Desktop Search] "D:\Copernic Desktop Search\CopernicDesktopSearch.exe" /tray

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [ActionScr] runload32.exe

O4 - HKCU\..\Run: [Kargo] Uint32.exe

O4 - HKCU\..\Run: [backd] clamav.exe

O4 - Startup: Change Ecran.LNK = D:\Change Ecran\Change Ecran.exe

O4 - Startup: HotKeys.lnk = ?

O4 - Startup: mbclock.lnk = D:\MB Softs\MB Clock\mbclock.exe

O4 - Startup: Mezaniv.lnk = D:\Mezaniv\MEZANIV.EXE

O4 - Startup: MSN Pictures Displayer.lnk = D:\MSN Pictures Displayer\MSN Pictures Displayer.exe

O4 - Startup: Norton System Doctor.LNK = C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = C:\Program Files\Norton SystemWorks\Norton CleanSweep\CsinsmNT.exe

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = D:\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe

O4 - Global Startup: Thumbs.db

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html

O8 - Extra context menu item: Capture &Image To Onfolio... - res://C:\Program Files\Microsoft Partner Pack\Onfolio Express\Onfolio.WindowsResources.dll/AddEntryFromDocumentElement.html

O8 - Extra context menu item: Capture &Page To Onfolio... - res://C:\Program Files\Microsoft Partner Pack\Onfolio Express\Onfolio.WindowsResources.dll/AddLinkEntryFromDocument.html

O8 - Extra context menu item: Capture &Snippet To Onfolio... - res://C:\Program Files\Microsoft Partner Pack\Onfolio Express\Onfolio.WindowsResources.dll/AddEntryFromDocumentSelection.html

O8 - Extra context menu item: Capture &Target To Onfolio... - res://C:\Program Files\Microsoft Partner Pack\Onfolio Express\Onfolio.WindowsResources.dll/AddEntryFromDocumentElement.html

O8 - Extra context menu item: Chercher avec Copernic Agent - D:\Copernic Agent\Web\SearchExt.htm

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Ouvrir avec GetRight - D:\GetRight\GRbrowse.htm

O8 - Extra context menu item: Ouvrir le cadre dans une nouvelle fenêtre - file://C:\WINDOWS\web\nvcadre.html

O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: Surligner en Jaune - C:\WINDOWS\web\MarqueurFluoYellow.htm

O8 - Extra context menu item: Télecharger avec GetRight - D:\GetRight\GRdownload.htm

O8 - Extra context menu item: Télécharger avec Star Downloader - D:\Star Downloader\sdie.htm

O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: Voir les cookies - C:\WINDOWS\web\showcookies.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - D:\COPERN~1\COPERN~1.EXE

O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - D:\COPERN~1\COPERN~1.EXE

O9 - Extra button: (no name) - {2fc2f9a4-c43e-42c0-9490-19d6be8b1726} - mscoree.dll (file missing)

O9 - Extra 'Tools' menuitem: Onfolio Capture... - {2fc2f9a4-c43e-42c0-9490-19d6be8b1726} - mscoree.dll (file missing)

O9 - Extra button: Onfolio - {30e2a68b-20f5-419d-bbb9-dce92edc4e67} - mscoree.dll (file missing)

O9 - Extra 'Tools' menuitem: Onfolio Collection Explorer - {30e2a68b-20f5-419d-bbb9-dce92edc4e67} - mscoree.dll (file missing)

O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - D:\COPERN~1\COPERN~1.EXE

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\AIM95\aim.exe

O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: Downloads - {FA89F458-2DF1-494a-A66D-47BF7F04E713} - C:\WINDOWS\system32\Shdocvw.dll

O16 - DPF: Interface Chat Voila - http://chat14.x-echo.com/version6/Applet/vchatsign.cab

O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure...teleir_cert.cab

O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...etup1.0.0.8.cab

O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/insta...staller_gmn.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://G:\content\include\XPPatchInstaller.CAB

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by12fd.bay12.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {5F05A225-0F66-43DE-89E4-6FFD589C4F01} (OC web Installer) - http://www.objectcube.com/dc5/aebn/files/o...CubeInstall.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {68A2C3BD-7809-11D3-8ACF-0050046F2F9A} (AXELPlayer Class) - http://www.mindavenue.com/Downloads/AXELPlayerAX_Win32.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1122828321359

O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{30C6946C-45EC-43AE-A2CB-7F98C467FF0F}: NameServer = 85.255.114.52,85.255.112.12

O17 - HKLM\System\CCS\Services\Tcpip\..\{6E8D2A18-EE09-44BA-9C6B-8846EBCB8C8C}: NameServer = 85.255.114.52,85.255.112.12

O17 - HKLM\System\CCS\Services\Tcpip\..\{B3CE9BC5-874D-45F3-9AC9-DAC5C25C1426}: NameServer = 85.255.114.52,85.255.112.12

O17 - HKLM\System\CCS\Services\Tcpip\..\{BBD9C008-4DF4-4843-88B3-4E2C8DC40766}: NameServer = 85.255.114.52,85.255.112.12

O17 - HKLM\System\CCS\Services\Tcpip\..\{CEC19058-8439-430B-8F58-E7F840FA9C33}: NameServer = 85.255.114.52,85.255.112.12

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe

O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE

O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe

O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe

O23 - Service: Service de sécurité matérielle (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\GEARSec.exe

O23 - Service: IAA Event Monitor (IAANTMon) - Intel - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton Ghost - Symantec Corporation - D:\Symantec\Norton Ghost\Agent\PQV2iSvc.exe

O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~4\NPROTECT.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe

O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~4\SPEEDD~1\NOPDB.EXE

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe

O23 - Service: wampmysqld - Unknown owner - D:\Wamp\mysql\bin\mysqld-nt.exe

 

qui dit mieux merci beaucoup mais quand comprend l'anglais c'est plus facile @ +

[Saleté de dofgnqmsld!fjdfg Spyware [résolu]]

 

 

Bonjour Bonjour suite

 

Logfile of HijackThis v1.99.1

Scan saved at 12:44:08, on 23/04/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe

C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe

C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Anvshell.exe

C:\Program Files\ASUS\Probe\AsusProb.exe

C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe

C:\Program Files\Microsoft Partner Pack\Onfolio Express\onfserv.exe

C:\WINDOWS\ATKKBService.exe

C:\WINDOWS\system32\drivers\CDAC11BA.EXE

C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE

C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe

D:\Symantec\Norton Ghost\Agent\GhostTray.exe

C:\Program Files\Microsoft IntelliPoint\point32.exe

C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe

C:\WINDOWS\System32\DVDRAMSV.exe

C:\WINDOWS\System32\GEARSec.exe

C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

D:\ASUSTek\ASUSDVD\PDVDServ.exe

C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\WINDOWS\system32\RUNDLL32.EXE

D:\Symantec\Norton Ghost\Agent\PQV2iSvc.exe

C:\Program Files\Microsoft IntelliType Pro\type32.exe

C:\WINDOWS\system32\kernels8.exe

C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

C:\PROGRA~1\NORTON~1\NORTON~4\NPROTECT.EXE

D:\Winpooch\Winpooch.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Microsoft Money\System\mnyexpr.exe

C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe

D:\Copernic Desktop Search\CopernicDesktopSearch.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Norton SystemWorks\Norton CleanSweep\CsinsmNT.exe

C:\PROGRA~1\NORTON~1\NORTON~4\SPEEDD~1\NOPDB.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wdfmgr.exe

D:\Wamp\mysql\bin\mysqld-nt.exe

C:\WINDOWS\system32\RAMASST.exe

D:\Change Ecran\Change Ecran.exe

C:\WINDOWS\System32\MsPMSPSv.exe

D:\HotKeys\HotKeys.exe

C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe

D:\MB Softs\MB Clock\mbclock.exe

C:\WINDOWS\system32\ntvdm.exe

C:\WINDOWS\System32\alg.exe

D:\Hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - D:\GetRight\xx2gr.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: BHO pour Compagnon Web Encarta - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL

O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)

O2 - BHO: Onfolio Helper - {ba727652-f90e-4d82-9ce4-98766dffc375} - C:\Program Files\Microsoft Partner Pack\Onfolio Express\onfoliox.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - D:\STARDO~1\SDIEInt.dll

O3 - Toolbar: Onfolio - {1fea1109-9f65-4fdc-aec5-033f6cc60641} - mscoree.dll (file missing)

O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL

O3 - Toolbar: Copernic Desktop Search - {C5F7A735-70F1-477F-8C36-6FF3C736017B} - D:\Copernic Desktop Search\CopernicDesktopSearchIntegration974.dll

O4 - HKLM\..\Run: [Anvshell] C:\WINDOWS\Anvshell.exe

O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe

O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe

O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp

O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup

O4 - HKLM\..\Run: [OnfolioStorage] "C:\Program Files\Microsoft Partner Pack\Onfolio Express\onfserv.exe" nosignal

O4 - HKLM\..\Run: [Norton Ghost 9.0] D:\Symantec\Norton Ghost\Agent\GhostTray.exe

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [urlLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [RemoteControl] D:\ASUSTek\ASUSDVD\PDVDServ.exe

O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"

O4 - HKLM\..\Run: [system] C:\WINDOWS\system32\kernels8.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [bnui] porka_.exe

O4 - HKLM\..\Run: [boundRec] ERTYDF.exe

O4 - HKLM\..\Run: [Winpooch] D:\Winpooch\Winpooch.exe

O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"

O4 - HKCU\..\Run: [Copernic Desktop Search] "D:\Copernic Desktop Search\CopernicDesktopSearch.exe" /tray

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [ActionScr] runload32.exe

O4 - HKCU\..\Run: [Kargo] Uint32.exe

O4 - HKCU\..\Run: [backd] clamav.exe

O4 - Startup: Change Ecran.LNK = D:\Change Ecran\Change Ecran.exe

O4 - Startup: HotKeys.lnk = ?

O4 - Startup: mbclock.lnk = D:\MB Softs\MB Clock\mbclock.exe

O4 - Startup: Mezaniv.lnk = D:\Mezaniv\MEZANIV.EXE

O4 - Startup: MSN Pictures Displayer.lnk = D:\MSN Pictures Displayer\MSN Pictures Displayer.exe

O4 - Startup: Norton System Doctor.LNK = C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = C:\Program Files\Norton SystemWorks\Norton CleanSweep\CsinsmNT.exe

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = D:\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe

O4 - Global Startup: Thumbs.db

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html

O8 - Extra context menu item: Capture &Image To Onfolio... - res://C:\Program Files\Microsoft Partner Pack\Onfolio Express\Onfolio.WindowsResources.dll/AddEntryFromDocumentElement.html

O8 - Extra context menu item: Capture &Page To Onfolio... - res://C:\Program Files\Microsoft Partner Pack\Onfolio Express\Onfolio.WindowsResources.dll/AddLinkEntryFromDocument.html

O8 - Extra context menu item: Capture &Snippet To Onfolio... - res://C:\Program Files\Microsoft Partner Pack\Onfolio Express\Onfolio.WindowsResources.dll/AddEntryFromDocumentSelection.html

O8 - Extra context menu item: Capture &Target To Onfolio... - res://C:\Program Files\Microsoft Partner Pack\Onfolio Express\Onfolio.WindowsResources.dll/AddEntryFromDocumentElement.html

O8 - Extra context menu item: Chercher avec Copernic Agent - D:\Copernic Agent\Web\SearchExt.htm

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Ouvrir avec GetRight - D:\GetRight\GRbrowse.htm

O8 - Extra context menu item: Ouvrir le cadre dans une nouvelle fenêtre - file://C:\WINDOWS\web\nvcadre.html

O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: Surligner en Jaune - C:\WINDOWS\web\MarqueurFluoYellow.htm

O8 - Extra context menu item: Télecharger avec GetRight - D:\GetRight\GRdownload.htm

O8 - Extra context menu item: Télécharger avec Star Downloader - D:\Star Downloader\sdie.htm

O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: Voir les cookies - C:\WINDOWS\web\showcookies.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - D:\COPERN~1\COPERN~1.EXE

O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - D:\COPERN~1\COPERN~1.EXE

O9 - Extra button: (no name) - {2fc2f9a4-c43e-42c0-9490-19d6be8b1726} - mscoree.dll (file missing)

O9 - Extra 'Tools' menuitem: Onfolio Capture... - {2fc2f9a4-c43e-42c0-9490-19d6be8b1726} - mscoree.dll (file missing)

O9 - Extra button: Onfolio - {30e2a68b-20f5-419d-bbb9-dce92edc4e67} - mscoree.dll (file missing)

O9 - Extra 'Tools' menuitem: Onfolio Collection Explorer - {30e2a68b-20f5-419d-bbb9-dce92edc4e67} - mscoree.dll (file missing)

O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - D:\COPERN~1\COPERN~1.EXE

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\AIM95\aim.exe

O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: Downloads - {FA89F458-2DF1-494a-A66D-47BF7F04E713} - C:\WINDOWS\system32\Shdocvw.dll

O16 - DPF: Interface Chat Voila - http://chat14.x-echo.com/version6/Applet/vchatsign.cab

O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure...teleir_cert.cab

O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...etup1.0.0.8.cab

O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/insta...staller_gmn.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://G:\content\include\XPPatchInstaller.CAB

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by12fd.bay12.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {5F05A225-0F66-43DE-89E4-6FFD589C4F01} (OC web Installer) - http://www.objectcube.com/dc5/aebn/files/o...CubeInstall.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {68A2C3BD-7809-11D3-8ACF-0050046F2F9A} (AXELPlayer Class) - http://www.mindavenue.com/Downloads/AXELPlayerAX_Win32.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1122828321359

O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{30C6946C-45EC-43AE-A2CB-7F98C467FF0F}: NameServer = 85.255.114.52,85.255.112.12

O17 - HKLM\System\CCS\Services\Tcpip\..\{6E8D2A18-EE09-44BA-9C6B-8846EBCB8C8C}: NameServer = 85.255.114.52,85.255.112.12

O17 - HKLM\System\CCS\Services\Tcpip\..\{B3CE9BC5-874D-45F3-9AC9-DAC5C25C1426}: NameServer = 85.255.114.52,85.255.112.12

O17 - HKLM\System\CCS\Services\Tcpip\..\{BBD9C008-4DF4-4843-88B3-4E2C8DC40766}: NameServer = 85.255.114.52,85.255.112.12

O17 - HKLM\System\CCS\Services\Tcpip\..\{CEC19058-8439-430B-8F58-E7F840FA9C33}: NameServer = 85.255.114.52,85.255.112.12

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe

O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE

O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe

O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe

O23 - Service: Service de sécurité matérielle (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\GEARSec.exe

O23 - Service: IAA Event Monitor (IAANTMon) - Intel - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton Ghost - Symantec Corporation - D:\Symantec\Norton Ghost\Agent\PQV2iSvc.exe

O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~4\NPROTECT.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe

O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~4\SPEEDD~1\NOPDB.EXE

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe

O23 - Service: wampmysqld - Unknown owner - D:\Wamp\mysql\bin\mysqld-nt.exe

 

Aprés avoir suivi les instruction précité trouvé 60 saletées > virées < mais plein de truc ne marchent plus

[Saleté de dofgnqmsld!fjdfg Spyware [résolu]]

Salut babar91 et bienvenue sur le forum de zébulon,

Pas de "bonjour", ni de "salut" ...

 

Ton log hijackthis montre que ton système est multi-infecté, mais ne t'inquiète, on va y remédier

Pour commencer à faire le ménage sur ton système, je t'invite à suivre la procédure suivante --> http://forum.zebulon.fr/index.php?showtopic=83986

 

Et poste un rapport hijackthis, après application de la procédure.

Bon courage

 

:love:merci beaucoup je mi attelle tout de suite

[Saleté de dofgnqmsld!fjdfg Spyware [résolu]]

[ résolu ]

 

Logfile of HijackThis v1.99.1

Scan saved at 11:48:00, on 22/04/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe

C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe

C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Anvshell.exe

C:\WINDOWS\ATKKBService.exe

C:\WINDOWS\system32\drivers\CDAC11BA.EXE

C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE

C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe

C:\WINDOWS\system32\cisvc.exe

C:\WINDOWS\System32\DVDRAMSV.exe

C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe

C:\Program Files\ASUS\Probe\AsusProb.exe

C:\WINDOWS\System32\GEARSec.exe

C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe

C:\Program Files\Microsoft Partner Pack\Onfolio Express\onfserv.exe

C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

D:\Symantec\Norton Ghost\Agent\GhostTray.exe

C:\Program Files\Microsoft IntelliPoint\point32.exe

C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe

D:\Symantec\Norton Ghost\Agent\PQV2iSvc.exe

D:\ASUSTek\ASUSDVD\PDVDServ.exe

C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe

C:\Program Files\Microsoft IntelliType Pro\type32.exe

C:\WINDOWS\system32\kernels8.exe

C:\PROGRA~1\NORTON~1\NORTON~4\NPROTECT.EXE

C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

C:\Program Files\Microsoft Money\System\mnyexpr.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe

D:\Copernic Desktop Search\CopernicDesktopSearch.exe

C:\PROGRA~1\NORTON~1\NORTON~4\SPEEDD~1\NOPDB.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Norton SystemWorks\Norton CleanSweep\CsinsmNT.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\RAMASST.exe

D:\Change Ecran\Change Ecran.exe

C:\WINDOWS\system32\wdfmgr.exe

D:\Wamp\mysql\bin\mysqld-nt.exe

D:\HotKeys\HotKeys.exe

D:\MB Softs\MB Clock\mbclock.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Program Files\Microsoft Office\Office10\msoffice.exe

C:\WINDOWS\system32\ntvdm.exe

C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe

C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\cidaemon.exe

D:\Winpooch\Winpooch.exe

C:\WINDOWS\explorer.exe

D:\Mozilla\mozilla.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

D:\GetRight\getright.exe

D:\GetRight\getright.exe

C:\Program Files\Messenger\msmsgs.exe

D:\Hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - D:\GetRight\xx2gr.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: BHO pour Compagnon Web Encarta - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL

O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll (file missing)

O2 - BHO: Onfolio Helper - {ba727652-f90e-4d82-9ce4-98766dffc375} - C:\Program Files\Microsoft Partner Pack\Onfolio Express\onfoliox.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - D:\STARDO~1\SDIEInt.dll

O3 - Toolbar: Onfolio - {1fea1109-9f65-4fdc-aec5-033f6cc60641} - mscoree.dll (file missing)

O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (file missing)

O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL

O3 - Toolbar: Copernic Desktop Search - {C5F7A735-70F1-477F-8C36-6FF3C736017B} - D:\Copernic Desktop Search\CopernicDesktopSearchIntegration974.dll

O4 - HKLM\..\Run: [Anvshell] C:\WINDOWS\Anvshell.exe

O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe

O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe

O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp

O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup

O4 - HKLM\..\Run: [OnfolioStorage] "C:\Program Files\Microsoft Partner Pack\Onfolio Express\onfserv.exe" nosignal

O4 - HKLM\..\Run: [Norton Ghost 9.0] D:\Symantec\Norton Ghost\Agent\GhostTray.exe

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [urlLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [RemoteControl] D:\ASUSTek\ASUSDVD\PDVDServ.exe

O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"

O4 - HKLM\..\Run: [system] C:\WINDOWS\system32\kernels8.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [bnui] porka_.exe

O4 - HKLM\..\Run: [boundRec] ERTYDF.exe

O4 - HKLM\..\Run: [Winpooch] D:\Winpooch\Winpooch.exe

O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"

O4 - HKCU\..\Run: [Copernic Desktop Search] "D:\Copernic Desktop Search\CopernicDesktopSearch.exe" /tray

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [ActionScr] runload32.exe

O4 - HKCU\..\Run: [Kargo] Uint32.exe

O4 - HKCU\..\Run: [backd] clamav.exe

O4 - Startup: Change Ecran.LNK = D:\Change Ecran\Change Ecran.exe

O4 - Startup: HotKeys.lnk = ?

O4 - Startup: mbclock.lnk = D:\MB Softs\MB Clock\mbclock.exe

O4 - Startup: Mezaniv.lnk = D:\Mezaniv\MEZANIV.EXE

O4 - Startup: MSN Pictures Displayer.lnk = D:\MSN Pictures Displayer\MSN Pictures Displayer.exe

O4 - Startup: Norton System Doctor.LNK = C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = C:\Program Files\Norton SystemWorks\Norton CleanSweep\CsinsmNT.exe

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = D:\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe

O4 - Global Startup: Thumbs.db

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html

O8 - Extra context menu item: Capture &Image To Onfolio... - res://C:\Program Files\Microsoft Partner Pack\Onfolio Express\Onfolio.WindowsResources.dll/AddEntryFromDocumentElement.html

O8 - Extra context menu item: Capture &Page To Onfolio... - res://C:\Program Files\Microsoft Partner Pack\Onfolio Express\Onfolio.WindowsResources.dll/AddLinkEntryFromDocument.html

O8 - Extra context menu item: Capture &Snippet To Onfolio... - res://C:\Program Files\Microsoft Partner Pack\Onfolio Express\Onfolio.WindowsResources.dll/AddEntryFromDocumentSelection.html

O8 - Extra context menu item: Capture &Target To Onfolio... - res://C:\Program Files\Microsoft Partner Pack\Onfolio Express\Onfolio.WindowsResources.dll/AddEntryFromDocumentElement.html

O8 - Extra context menu item: Chercher avec Copernic Agent - D:\Copernic Agent\Web\SearchExt.htm

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Ouvrir avec GetRight - D:\GetRight\GRbrowse.htm

O8 - Extra context menu item: Ouvrir le cadre dans une nouvelle fenêtre - file://C:\WINDOWS\web\nvcadre.html

O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: Surligner en Jaune - C:\WINDOWS\web\MarqueurFluoYellow.htm

O8 - Extra context menu item: Télecharger avec GetRight - D:\GetRight\GRdownload.htm

O8 - Extra context menu item: Télécharger avec Star Downloader - D:\Star Downloader\sdie.htm

O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: Voir les cookies - C:\WINDOWS\web\showcookies.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - D:\COPERN~1\COPERN~1.EXE

O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - D:\COPERN~1\COPERN~1.EXE

O9 - Extra button: (no name) - {2fc2f9a4-c43e-42c0-9490-19d6be8b1726} - mscoree.dll (file missing)

O9 - Extra 'Tools' menuitem: Onfolio Capture... - {2fc2f9a4-c43e-42c0-9490-19d6be8b1726} - mscoree.dll (file missing)

O9 - Extra button: Onfolio - {30e2a68b-20f5-419d-bbb9-dce92edc4e67} - mscoree.dll (file missing)

O9 - Extra 'Tools' menuitem: Onfolio Collection Explorer - {30e2a68b-20f5-419d-bbb9-dce92edc4e67} - mscoree.dll (file missing)

O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - D:\COPERN~1\COPERN~1.EXE

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\AIM95\aim.exe

O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: Downloads - {FA89F458-2DF1-494a-A66D-47BF7F04E713} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: Interface Chat Voila - http://chat14.x-echo.com/version6/Applet/vchatsign.cab

O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure...teleir_cert.cab

O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...etup1.0.0.8.cab

O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/insta...staller_gmn.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://G:\content\include\XPPatchInstaller.CAB

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by12fd.bay12.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {5F05A225-0F66-43DE-89E4-6FFD589C4F01} (OC web Installer) - http://www.objectcube.com/dc5/aebn/files/o...CubeInstall.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {68A2C3BD-7809-11D3-8ACF-0050046F2F9A} (AXELPlayer Class) - http://www.mindavenue.com/Downloads/AXELPlayerAX_Win32.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1122828321359

O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{30C6946C-45EC-43AE-A2CB-7F98C467FF0F}: NameServer = 85.255.114.52,85.255.112.12

O17 - HKLM\System\CCS\Services\Tcpip\..\{6E8D2A18-EE09-44BA-9C6B-8846EBCB8C8C}: NameServer = 85.255.114.52,85.255.112.12

O17 - HKLM\System\CCS\Services\Tcpip\..\{B3CE9BC5-874D-45F3-9AC9-DAC5C25C1426}: NameServer = 85.255.114.52,85.255.112.12

O17 - HKLM\System\CCS\Services\Tcpip\..\{BBD9C008-4DF4-4843-88B3-4E2C8DC40766}: NameServer = 85.255.114.52,85.255.112.12

O17 - HKLM\System\CCS\Services\Tcpip\..\{CEC19058-8439-430B-8F58-E7F840FA9C33}: NameServer = 85.255.114.52,85.255.112.12

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe

O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE

O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe

O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe

O23 - Service: Service de sécurité matérielle (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\GEARSec.exe

O23 - Service: IAA Event Monitor (IAANTMon) - Intel - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton Ghost - Symantec Corporation - D:\Symantec\Norton Ghost\Agent\PQV2iSvc.exe

O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~4\NPROTECT.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe

O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~4\SPEEDD~1\NOPDB.EXE

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe

O23 - Service: wampmysqld - Unknown owner - D:\Wamp\mysql\bin\mysqld-nt.exe

 

 

avec ad-Aware j'ai trouvé ca > Fournisseur:Adware.Toolband

Catégorie :Malware

Type d'objet :Fichier

Taille :155648 Bytes

Emplacement :C:\...\RP733\A0171024.dll

Der. activité :22-04-2006 09:56:20

Niveau de risque :Faible

Index TAC :3

Comm. :

Description:a browser helper object, adds a tool bar on windows explorer and Internet Explorer