Popup avec adresse contenant yyy102.html
Dernière réponse : dans Sécurité
Bonjour,
Depuis quelque jours je n'arrête pas d'avoir des popup avec une adresse qui change mais dont la terminaison est toutjours la même yyy102.html ou yyy65.html et d'autres popup sans ces 2 terminaison. J'ai essayé spybot, spy sweeper, lm2fix, norton, trojan remover et rien à faire. Ces satanés popup sont toujours là. Quelqu'un peut-il m'aider. Ci-dessous le hijackthis.
Logfile of HijackThis v1.99.1
Scan saved at 15:24:03, on 07/02/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Canon\VDC\AuVdc.exe
C:\Program Files\NavNT\DefWatch.exe
C:\WINNT\SYSTEM32\DWRCS.EXE
C:\WINNT\System32\svchost.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\SUSS.EXE
C:\WINNT\TIREMOTE\wuser32.exe
C:\WINNT\TIREMOTE\TIRemoteService.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\inetsrv\inetinfo.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\Explorer.EXE
C:\Program Files\ScanSoft\OmniPage15.0\Opware15.exe
C:\WINNT\TIREMOTE\TIServiceMonitor.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
c:\Program Files\Internet Explorer\IEXPLORE.EXE
c:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
C:\Program Files\Fichiers communs\System\MAPI\1036\nt\MAPISP32.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\Install Applications\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=172.16.30.4:80;gopher=172.16.30.4:80;http=172.16.30.4:80;https=172.16.30.4:443
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://phenix.local;http://gestion-client.local;http://sfr1.gestion-client.local;http://ent.gestion-client.local;http://ent1.gestion-client.local;http://sfr.gestion-client.local;http://ag.gestion-client.local;http://brc.gestion-client.local;http://dv.gestion-client.local;http://intranet.local;http://pccweb;http://172.21.52.205;http://172.21.52.8;http://172.16.2.90;http://boutique.phenix.local;http://ps-agence.ad.domaine;http://ps-siege.ad.domaine;http://ps-stock.ad.domaine;http://ps-guillaumet.ad.domaine;http://ps-siege1.ad.domaine;http://ps-picasso.ad.domaine;http://backoffice.coriolis.fr;http://agences.local;http://backoffice.local;http://reporting.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [Opware15] "C:\Program Files\ScanSoft\OmniPage15.0\Opware15.exe"
O4 - HKLM\..\Run: [OpScheduler] "C:\Program Files\ScanSoft\OmniPage15.0\OpScheduler.exe"
O4 - HKLM\..\Run: [PDF3 Registry Controller] "C:\Program Files\ScanSoft\OmniPage15.0\PDFConverter3\\RegistryController.exe"
O4 - HKLM\..\Run: [Track-It! Workstation Manager Service Monitor] C:\WINNT\TIREMOTE\TIServiceMonitor.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ntdll.dll] C:\WINNT\system32\msvcp.exe
O4 - HKLM\..\Run: [gimmygames] C:\windows\gimmygames.exe
O4 - HKLM\..\Run: [xp_system] C:\WINNT\inet20010\winlogon.exe
O4 - HKLM\..\Run: [Microsoft Office] C:\WINNT\system32\msvcp.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [OpAgent] "C:\Program Files\ScanSoft\OmniPage15.0\OpAgent.exe" /agent
O4 - HKCU\..\Run: [ntdll.dll] C:\WINNT\inet20010\winlogon.exe
O4 - HKCU\..\Run: [xp_system] C:\WINNT\inet20010\winlogon.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Ouvrir le fichier PDF dans Word (PDF Converter 3.0) - res://C:\Program Files\ScanSoft\OmniPage15.0\PDFConverter3\IEShellExt.dll /300
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O16 - DPF: fdjeux - https://www.fdjeux.net/classes/fdjeux.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.photoways.com/clients/ImageUploader3.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ad.domaine
O17 - HKLM\System\CCS\Services\Tcpip\..\{EBED0B2F-02FD-4A45-97D2-97F9C0BA8750}: Domain = coriolis.fr
O17 - HKLM\System\CCS\Services\Tcpip\..\{EBED0B2F-02FD-4A45-97D2-97F9C0BA8750}: NameServer = 172.16.2.13,172.16.2.14
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ad.domaine
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ad.domaine
O20 - Winlogon Notify: Dynamic Directory - C:\WINNT\system32\q2rq0c95ef.dll
O20 - Winlogon Notify: htproc - htproc32.dll (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll
O20 - Winlogon Notify: ssldr - C:\WINNT\SYSTEM32\ssldr32.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Canon NetSpot Suite Service - CANON INC. - C:\Program Files\Canon\VDC\AuVdc.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\DefWatch.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINNT\SYSTEM32\DWRCS.EXE
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: Track-It! Remote Control (TIRmtCtl) - Intuit Track-It! - C:\WINNT\TIREMOTE\wuser32.exe
O23 - Service: Track-It! Workstation Manager (TIRmtSvc) - Intuit, Inc. - C:\WINNT\TIREMOTE\TIRemoteService.exe
Depuis quelque jours je n'arrête pas d'avoir des popup avec une adresse qui change mais dont la terminaison est toutjours la même yyy102.html ou yyy65.html et d'autres popup sans ces 2 terminaison. J'ai essayé spybot, spy sweeper, lm2fix, norton, trojan remover et rien à faire. Ces satanés popup sont toujours là. Quelqu'un peut-il m'aider. Ci-dessous le hijackthis.
Logfile of HijackThis v1.99.1
Scan saved at 15:24:03, on 07/02/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Canon\VDC\AuVdc.exe
C:\Program Files\NavNT\DefWatch.exe
C:\WINNT\SYSTEM32\DWRCS.EXE
C:\WINNT\System32\svchost.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\SUSS.EXE
C:\WINNT\TIREMOTE\wuser32.exe
C:\WINNT\TIREMOTE\TIRemoteService.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\inetsrv\inetinfo.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\Explorer.EXE
C:\Program Files\ScanSoft\OmniPage15.0\Opware15.exe
C:\WINNT\TIREMOTE\TIServiceMonitor.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
c:\Program Files\Internet Explorer\IEXPLORE.EXE
c:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
C:\Program Files\Fichiers communs\System\MAPI\1036\nt\MAPISP32.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\Install Applications\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=172.16.30.4:80;gopher=172.16.30.4:80;http=172.16.30.4:80;https=172.16.30.4:443
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://phenix.local;http://gestion-client.local;http://sfr1.gestion-client.local;http://ent.gestion-client.local;http://ent1.gestion-client.local;http://sfr.gestion-client.local;http://ag.gestion-client.local;http://brc.gestion-client.local;http://dv.gestion-client.local;http://intranet.local;http://pccweb;http://172.21.52.205;http://172.21.52.8;http://172.16.2.90;http://boutique.phenix.local;http://ps-agence.ad.domaine;http://ps-siege.ad.domaine;http://ps-stock.ad.domaine;http://ps-guillaumet.ad.domaine;http://ps-siege1.ad.domaine;http://ps-picasso.ad.domaine;http://backoffice.coriolis.fr;http://agences.local;http://backoffice.local;http://reporting.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [Opware15] "C:\Program Files\ScanSoft\OmniPage15.0\Opware15.exe"
O4 - HKLM\..\Run: [OpScheduler] "C:\Program Files\ScanSoft\OmniPage15.0\OpScheduler.exe"
O4 - HKLM\..\Run: [PDF3 Registry Controller] "C:\Program Files\ScanSoft\OmniPage15.0\PDFConverter3\\RegistryController.exe"
O4 - HKLM\..\Run: [Track-It! Workstation Manager Service Monitor] C:\WINNT\TIREMOTE\TIServiceMonitor.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ntdll.dll] C:\WINNT\system32\msvcp.exe
O4 - HKLM\..\Run: [gimmygames] C:\windows\gimmygames.exe
O4 - HKLM\..\Run: [xp_system] C:\WINNT\inet20010\winlogon.exe
O4 - HKLM\..\Run: [Microsoft Office] C:\WINNT\system32\msvcp.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [OpAgent] "C:\Program Files\ScanSoft\OmniPage15.0\OpAgent.exe" /agent
O4 - HKCU\..\Run: [ntdll.dll] C:\WINNT\inet20010\winlogon.exe
O4 - HKCU\..\Run: [xp_system] C:\WINNT\inet20010\winlogon.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Ouvrir le fichier PDF dans Word (PDF Converter 3.0) - res://C:\Program Files\ScanSoft\OmniPage15.0\PDFConverter3\IEShellExt.dll /300
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O16 - DPF: fdjeux - https://www.fdjeux.net/classes/fdjeux.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.photoways.com/clients/ImageUploader3.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ad.domaine
O17 - HKLM\System\CCS\Services\Tcpip\..\{EBED0B2F-02FD-4A45-97D2-97F9C0BA8750}: Domain = coriolis.fr
O17 - HKLM\System\CCS\Services\Tcpip\..\{EBED0B2F-02FD-4A45-97D2-97F9C0BA8750}: NameServer = 172.16.2.13,172.16.2.14
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ad.domaine
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ad.domaine
O20 - Winlogon Notify: Dynamic Directory - C:\WINNT\system32\q2rq0c95ef.dll
O20 - Winlogon Notify: htproc - htproc32.dll (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll
O20 - Winlogon Notify: ssldr - C:\WINNT\SYSTEM32\ssldr32.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Canon NetSpot Suite Service - CANON INC. - C:\Program Files\Canon\VDC\AuVdc.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\DefWatch.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINNT\SYSTEM32\DWRCS.EXE
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: Track-It! Remote Control (TIRmtCtl) - Intuit Track-It! - C:\WINNT\TIREMOTE\wuser32.exe
O23 - Service: Track-It! Workstation Manager (TIRmtSvc) - Intuit, Inc. - C:\WINNT\TIREMOTE\TIRemoteService.exe
Autres pages sur : popup adresse contenant yyy102 html
Lassé par la pub ? Créez un compte
Salut,
Tu as une infection type LookToMe :
1/ Essaye l'uninstaller de cette cochonnerie
http://www.ad-w-a-r-e.com/cgi-bin/UnInstaller
2/Télécharge, installe et mets à jour ewido
http://www.infos-du-net.com/telecharger/Ewido-Security-...
3/ Redemarre en Mode sans Echec
Redémarre l'ordinateur. Après les écritures du BIOS, appuies sur F8 (ou F5 si F8 marche pas) pour arriver à un menu avec des écritures blanches sur un fond noir.
Dans ce menu, tu dois pouvoir choisir le mode sans échec (celà se passe avec les flèches et Entrée pour valider).
Le démarrage en mode sans échec est souvent relativement long. Si tu as des écritures blanches bizarres, ne t'inquiètes pas.
Prend juste ton mal en patience.
Lance ewido (Scan complet du système) et supprime tout ce qu'il trouve. Sauvegarde le rapport sur le bureau.
Redémarre normalement et poste le rapport d'ewido ainsi qu'un nouveau log HijackThis.
Tu as une infection type LookToMe :
1/ Essaye l'uninstaller de cette cochonnerie
http://www.ad-w-a-r-e.com/cgi-bin/UnInstaller
2/Télécharge, installe et mets à jour ewido
http://www.infos-du-net.com/telecharger/Ewido-Security-...
3/ Redemarre en Mode sans Echec
Redémarre l'ordinateur. Après les écritures du BIOS, appuies sur F8 (ou F5 si F8 marche pas) pour arriver à un menu avec des écritures blanches sur un fond noir.
Dans ce menu, tu dois pouvoir choisir le mode sans échec (celà se passe avec les flèches et Entrée pour valider).
Le démarrage en mode sans échec est souvent relativement long. Si tu as des écritures blanches bizarres, ne t'inquiètes pas.
Prend juste ton mal en patience.
Lance ewido (Scan complet du système) et supprime tout ce qu'il trouve. Sauvegarde le rapport sur le bureau.
Redémarre normalement et poste le rapport d'ewido ainsi qu'un nouveau log HijackThis.
Je crois que j'ai parlé un peu trop vite. Les popups en yyy102.html s'affichent toujours. Pour info je suis sous windows 2000 professional et je ne peux ouvrir mon pc en mode sans echec. Ci-dessous le scan Hijackthis après avoir fait tourné ewido.
Logfile of HijackThis v1.99.1
Scan saved at 10:53:13, on 13/02/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Canon\VDC\AuVdc.exe
C:\Program Files\NavNT\DefWatch.exe
C:\WINNT\SYSTEM32\DWRCS.EXE
C:\WINNT\System32\svchost.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\SUSS.EXE
C:\WINNT\TIREMOTE\wuser32.exe
C:\WINNT\TIREMOTE\TIRemoteService.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\inetsrv\inetinfo.exe
C:\WINNT\Explorer.EXE
C:\Program Files\ScanSoft\OmniPage15.0\Opware15.exe
C:\WINNT\TIREMOTE\TIServiceMonitor.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
c:\Program Files\Internet Explorer\IEXPLORE.EXE
c:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
C:\Program Files\Fichiers communs\System\MAPI\1036\nt\MAPISP32.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Install Applications\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://intranet.local/dv
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=172.16.30.4:80;gopher=172.16.30.4:80;http=172.16.30.4:80;https=172.16.30.4:443
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://phenix.local;http://gestion-client.local;http://sfr1.gestion-client.local;http://ent.gestion-client.local;http://ent1.gestion-client.local;http://sfr.gestion-client.local;http://ag.gestion-client.local;http://brc.gestion-client.local;http://dv.gestion-client.local;http://intranet.local;http://pccweb;http://172.21.52.205;http://172.21.52.8;http://172.16.2.90;http://boutique.phenix.local;http://ps-agence.ad.domaine;http://ps-siege.ad.domaine;http://ps-stock.ad.domaine;http://ps-guillaumet.ad.domaine;http://ps-siege1.ad.domaine;http://ps-picasso.ad.domaine;http://backoffice.coriolis.fr;http://agences.local;http://backoffice.local;http://reporting.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [Opware15] "C:\Program Files\ScanSoft\OmniPage15.0\Opware15.exe"
O4 - HKLM\..\Run: [OpScheduler] "C:\Program Files\ScanSoft\OmniPage15.0\OpScheduler.exe"
O4 - HKLM\..\Run: [PDF3 Registry Controller] "C:\Program Files\ScanSoft\OmniPage15.0\PDFConverter3\\RegistryController.exe"
O4 - HKLM\..\Run: [Track-It! Workstation Manager Service Monitor] C:\WINNT\TIREMOTE\TIServiceMonitor.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ntdll.dll] C:\WINNT\system32\msvcp.exe
O4 - HKLM\..\Run: [xp_system] C:\WINNT\inet20010\winlogon.exe
O4 - HKLM\..\Run: [Microsoft Office] C:\WINNT\system32\msvcp.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [OpAgent] "C:\Program Files\ScanSoft\OmniPage15.0\OpAgent.exe" /agent
O4 - HKCU\..\Run: [ntdll.dll] C:\WINNT\inet20010\winlogon.exe
O4 - HKCU\..\Run: [xp_system] C:\WINNT\inet20010\winlogon.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Ouvrir le fichier PDF dans Word (PDF Converter 3.0) - res://C:\Program Files\ScanSoft\OmniPage15.0\PDFConverter3\IEShellExt.dll /300
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O16 - DPF: fdjeux - https://www.fdjeux.net/classes/fdjeux.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.photoways.com/clients/ImageUploader3.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ad.domaine
O17 - HKLM\System\CCS\Services\Tcpip\..\{EBED0B2F-02FD-4A45-97D2-97F9C0BA8750}: Domain = coriolis.fr
O17 - HKLM\System\CCS\Services\Tcpip\..\{EBED0B2F-02FD-4A45-97D2-97F9C0BA8750}: NameServer = 172.16.2.13,172.16.2.14
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ad.domaine
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ad.domaine
O20 - Winlogon Notify: htproc - htproc32.dll (file missing)
O20 - Winlogon Notify: IPConfTSP - C:\WINNT\system32\kt4ol7h31.dll
O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll
O20 - Winlogon Notify: ssldr - ssldr32.dll (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Canon NetSpot Suite Service - CANON INC. - C:\Program Files\Canon\VDC\AuVdc.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\DefWatch.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINNT\SYSTEM32\DWRCS.EXE
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: Track-It! Remote Control (TIRmtCtl) - Intuit Track-It! - C:\WINNT\TIREMOTE\wuser32.exe
O23 - Service: Track-It! Workstation Manager (TIRmtSvc) - Intuit, Inc. - C:\WINNT\TIREMOTE\TIRemoteService.exe
Logfile of HijackThis v1.99.1
Scan saved at 10:53:13, on 13/02/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Canon\VDC\AuVdc.exe
C:\Program Files\NavNT\DefWatch.exe
C:\WINNT\SYSTEM32\DWRCS.EXE
C:\WINNT\System32\svchost.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\SUSS.EXE
C:\WINNT\TIREMOTE\wuser32.exe
C:\WINNT\TIREMOTE\TIRemoteService.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\inetsrv\inetinfo.exe
C:\WINNT\Explorer.EXE
C:\Program Files\ScanSoft\OmniPage15.0\Opware15.exe
C:\WINNT\TIREMOTE\TIServiceMonitor.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
c:\Program Files\Internet Explorer\IEXPLORE.EXE
c:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
C:\Program Files\Fichiers communs\System\MAPI\1036\nt\MAPISP32.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Install Applications\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://intranet.local/dv
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=172.16.30.4:80;gopher=172.16.30.4:80;http=172.16.30.4:80;https=172.16.30.4:443
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://phenix.local;http://gestion-client.local;http://sfr1.gestion-client.local;http://ent.gestion-client.local;http://ent1.gestion-client.local;http://sfr.gestion-client.local;http://ag.gestion-client.local;http://brc.gestion-client.local;http://dv.gestion-client.local;http://intranet.local;http://pccweb;http://172.21.52.205;http://172.21.52.8;http://172.16.2.90;http://boutique.phenix.local;http://ps-agence.ad.domaine;http://ps-siege.ad.domaine;http://ps-stock.ad.domaine;http://ps-guillaumet.ad.domaine;http://ps-siege1.ad.domaine;http://ps-picasso.ad.domaine;http://backoffice.coriolis.fr;http://agences.local;http://backoffice.local;http://reporting.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [Opware15] "C:\Program Files\ScanSoft\OmniPage15.0\Opware15.exe"
O4 - HKLM\..\Run: [OpScheduler] "C:\Program Files\ScanSoft\OmniPage15.0\OpScheduler.exe"
O4 - HKLM\..\Run: [PDF3 Registry Controller] "C:\Program Files\ScanSoft\OmniPage15.0\PDFConverter3\\RegistryController.exe"
O4 - HKLM\..\Run: [Track-It! Workstation Manager Service Monitor] C:\WINNT\TIREMOTE\TIServiceMonitor.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ntdll.dll] C:\WINNT\system32\msvcp.exe
O4 - HKLM\..\Run: [xp_system] C:\WINNT\inet20010\winlogon.exe
O4 - HKLM\..\Run: [Microsoft Office] C:\WINNT\system32\msvcp.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [OpAgent] "C:\Program Files\ScanSoft\OmniPage15.0\OpAgent.exe" /agent
O4 - HKCU\..\Run: [ntdll.dll] C:\WINNT\inet20010\winlogon.exe
O4 - HKCU\..\Run: [xp_system] C:\WINNT\inet20010\winlogon.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Ouvrir le fichier PDF dans Word (PDF Converter 3.0) - res://C:\Program Files\ScanSoft\OmniPage15.0\PDFConverter3\IEShellExt.dll /300
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O16 - DPF: fdjeux - https://www.fdjeux.net/classes/fdjeux.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.photoways.com/clients/ImageUploader3.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ad.domaine
O17 - HKLM\System\CCS\Services\Tcpip\..\{EBED0B2F-02FD-4A45-97D2-97F9C0BA8750}: Domain = coriolis.fr
O17 - HKLM\System\CCS\Services\Tcpip\..\{EBED0B2F-02FD-4A45-97D2-97F9C0BA8750}: NameServer = 172.16.2.13,172.16.2.14
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ad.domaine
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ad.domaine
O20 - Winlogon Notify: htproc - htproc32.dll (file missing)
O20 - Winlogon Notify: IPConfTSP - C:\WINNT\system32\kt4ol7h31.dll
O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll
O20 - Winlogon Notify: ssldr - ssldr32.dll (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Canon NetSpot Suite Service - CANON INC. - C:\Program Files\Canon\VDC\AuVdc.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\DefWatch.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINNT\SYSTEM32\DWRCS.EXE
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: Track-It! Remote Control (TIRmtCtl) - Intuit Track-It! - C:\WINNT\TIREMOTE\wuser32.exe
O23 - Service: Track-It! Workstation Manager (TIRmtSvc) - Intuit, Inc. - C:\WINNT\TIREMOTE\TIRemoteService.exe
Je pense que cette fois c'est bon. Je te remercie beaucoup pour ton aide. Ci-dessous le hijackthis après passage de look2me remover.
Logfile of HijackThis v1.99.1
Scan saved at 11:50:13, on 14/02/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Canon\VDC\AuVdc.exe
C:\Program Files\NavNT\DefWatch.exe
C:\WINNT\SYSTEM32\DWRCS.EXE
C:\WINNT\System32\svchost.exe
C:\Program Files\Network Monitor\netmon.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\SUSS.EXE
C:\WINNT\TIREMOTE\wuser32.exe
C:\WINNT\TIREMOTE\TIRemoteService.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\inetsrv\inetinfo.exe
C:\WINNT\Explorer.EXE
c:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
C:\Program Files\Fichiers communs\System\MAPI\1036\nt\MAPISP32.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Adobe\Photoshop 6.0\Photoshp.exe
C:\Install Applications\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://intranet.local/dv
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=172.16.30.4:80;gopher=172.16.30.4:80;http=172.16.30.4:80;https=172.16.30.4:443
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://phenix.local;http://gestion-client.local;http://sfr1.gestion-client.local;http://ent.gestion-client.local;http://ent1.gestion-client.local;http://sfr.gestion-client.local;http://ag.gestion-client.local;http://brc.gestion-client.local;http://dv.gestion-client.local;http://intranet.local;http://pccweb;http://172.21.52.205;http://172.21.52.8;http://172.16.2.90;http://boutique.phenix.local;http://ps-agence.ad.domaine;http://ps-siege.ad.domaine;http://ps-stock.ad.domaine;http://ps-guillaumet.ad.domaine;http://ps-siege1.ad.domaine;http://ps-picasso.ad.domaine;http://backoffice.coriolis.fr;http://agences.local;http://backoffice.local;http://reporting.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: UCmore XP - The Search Accelerator - {44BE0690-5429-47f0-85BB-3FFD8020233E} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Microsoft Office] C:\WINNT\system32\msvcp.exe
O4 - HKCU\..\Run: [OpAgent] "C:\Program Files\ScanSoft\OmniPage15.0\OpAgent.exe" /agent
O4 - HKCU\..\Run: [services32] C:\Program Files\Fichiers communs\Windows\mc-110-12-0000228.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Ouvrir le fichier PDF dans Word (PDF Converter 3.0) - res://C:\Program Files\ScanSoft\OmniPage15.0\PDFConverter3\IEShellExt.dll /300
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O16 - DPF: fdjeux - https://www.fdjeux.net/classes/fdjeux.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://promo.dollarrevenue.com/webmasterexe/drsmartload...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.photoways.com/clients/ImageUploader3.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ad.domaine
O17 - HKLM\System\CCS\Services\Tcpip\..\{EBED0B2F-02FD-4A45-97D2-97F9C0BA8750}: Domain = coriolis.fr
O17 - HKLM\System\CCS\Services\Tcpip\..\{EBED0B2F-02FD-4A45-97D2-97F9C0BA8750}: NameServer = 172.16.2.13,172.16.2.14
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ad.domaine
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ad.domaine
O20 - Winlogon Notify: htproc - htproc32.dll (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll
O20 - Winlogon Notify: ssldr - ssldr32.dll (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Canon NetSpot Suite Service - CANON INC. - C:\Program Files\Canon\VDC\AuVdc.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\DefWatch.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINNT\SYSTEM32\DWRCS.EXE
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: Track-It! Remote Control (TIRmtCtl) - Intuit Track-It! - C:\WINNT\TIREMOTE\wuser32.exe
O23 - Service: Track-It! Workstation Manager (TIRmtSvc) - Intuit, Inc. - C:\WINNT\TIREMOTE\TIRemoteService.exe
Logfile of HijackThis v1.99.1
Scan saved at 11:50:13, on 14/02/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Canon\VDC\AuVdc.exe
C:\Program Files\NavNT\DefWatch.exe
C:\WINNT\SYSTEM32\DWRCS.EXE
C:\WINNT\System32\svchost.exe
C:\Program Files\Network Monitor\netmon.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\SUSS.EXE
C:\WINNT\TIREMOTE\wuser32.exe
C:\WINNT\TIREMOTE\TIRemoteService.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\inetsrv\inetinfo.exe
C:\WINNT\Explorer.EXE
c:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
C:\Program Files\Fichiers communs\System\MAPI\1036\nt\MAPISP32.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Adobe\Photoshop 6.0\Photoshp.exe
C:\Install Applications\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://intranet.local/dv
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=172.16.30.4:80;gopher=172.16.30.4:80;http=172.16.30.4:80;https=172.16.30.4:443
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://phenix.local;http://gestion-client.local;http://sfr1.gestion-client.local;http://ent.gestion-client.local;http://ent1.gestion-client.local;http://sfr.gestion-client.local;http://ag.gestion-client.local;http://brc.gestion-client.local;http://dv.gestion-client.local;http://intranet.local;http://pccweb;http://172.21.52.205;http://172.21.52.8;http://172.16.2.90;http://boutique.phenix.local;http://ps-agence.ad.domaine;http://ps-siege.ad.domaine;http://ps-stock.ad.domaine;http://ps-guillaumet.ad.domaine;http://ps-siege1.ad.domaine;http://ps-picasso.ad.domaine;http://backoffice.coriolis.fr;http://agences.local;http://backoffice.local;http://reporting.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: UCmore XP - The Search Accelerator - {44BE0690-5429-47f0-85BB-3FFD8020233E} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Microsoft Office] C:\WINNT\system32\msvcp.exe
O4 - HKCU\..\Run: [OpAgent] "C:\Program Files\ScanSoft\OmniPage15.0\OpAgent.exe" /agent
O4 - HKCU\..\Run: [services32] C:\Program Files\Fichiers communs\Windows\mc-110-12-0000228.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Ouvrir le fichier PDF dans Word (PDF Converter 3.0) - res://C:\Program Files\ScanSoft\OmniPage15.0\PDFConverter3\IEShellExt.dll /300
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O16 - DPF: fdjeux - https://www.fdjeux.net/classes/fdjeux.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://promo.dollarrevenue.com/webmasterexe/drsmartload...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.photoways.com/clients/ImageUploader3.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ad.domaine
O17 - HKLM\System\CCS\Services\Tcpip\..\{EBED0B2F-02FD-4A45-97D2-97F9C0BA8750}: Domain = coriolis.fr
O17 - HKLM\System\CCS\Services\Tcpip\..\{EBED0B2F-02FD-4A45-97D2-97F9C0BA8750}: NameServer = 172.16.2.13,172.16.2.14
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ad.domaine
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ad.domaine
O20 - Winlogon Notify: htproc - htproc32.dll (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll
O20 - Winlogon Notify: ssldr - ssldr32.dll (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Canon NetSpot Suite Service - CANON INC. - C:\Program Files\Canon\VDC\AuVdc.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\DefWatch.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINNT\SYSTEM32\DWRCS.EXE
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: Track-It! Remote Control (TIRmtCtl) - Intuit Track-It! - C:\WINNT\TIREMOTE\wuser32.exe
O23 - Service: Track-It! Workstation Manager (TIRmtSvc) - Intuit, Inc. - C:\WINNT\TIREMOTE\TIRemoteService.exe
salut il l en reste
fixe ceci
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKCU\..\Run: [services32] C:\Program Files\Fichiers communs\Windows\mc-110-12-0000228.exe
O20 - Winlogon Notify: htproc - htproc32.dll (file missing)
O20 - Winlogon Notify: ssldr - ssldr32.dll (file missing)
supprime ses fichier
supprime ceci
C:\Program Files\Fichiers communs\Windows\mc-110-12-0000228.exe
redemare et reposte un log pour verification
fixe ceci
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKCU\..\Run: [services32] C:\Program Files\Fichiers communs\Windows\mc-110-12-0000228.exe
O20 - Winlogon Notify: htproc - htproc32.dll (file missing)
O20 - Winlogon Notify: ssldr - ssldr32.dll (file missing)
supprime ses fichier
supprime ceci
C:\Program Files\Fichiers communs\Windows\mc-110-12-0000228.exe
redemare et reposte un log pour verification
Comme convenu j'ai redemarré et fait un hijackthis. Le voici.
Logfile of HijackThis v1.99.1
Scan saved at 16:48:03, on 14/02/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Canon\VDC\AuVdc.exe
C:\Program Files\NavNT\DefWatch.exe
C:\WINNT\SYSTEM32\DWRCS.EXE
C:\WINNT\System32\svchost.exe
C:\Program Files\Network Monitor\netmon.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\SUSS.EXE
C:\WINNT\TIREMOTE\wuser32.exe
C:\WINNT\TIREMOTE\TIRemoteService.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\inetsrv\inetinfo.exe
C:\WINNT\Explorer.EXE
c:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
C:\Program Files\Fichiers communs\System\MAPI\1036\nt\MAPISP32.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Install Applications\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://intranet.local/dv
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=172.16.30.4:80;gopher=172.16.30.4:80;http=172.16.30.4:80;https=172.16.30.4:443
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://phenix.local;http://gestion-client.local;http://sfr1.gestion-client.local;http://ent.gestion-client.local;http://ent1.gestion-client.local;http://sfr.gestion-client.local;http://ag.gestion-client.local;http://brc.gestion-client.local;http://dv.gestion-client.local;http://intranet.local;http://pccweb;http://172.21.52.205;http://172.21.52.8;http://172.16.2.90;http://boutique.phenix.local;http://ps-agence.ad.domaine;http://ps-siege.ad.domaine;http://ps-stock.ad.domaine;http://ps-guillaumet.ad.domaine;http://ps-siege1.ad.domaine;http://ps-picasso.ad.domaine;http://backoffice.coriolis.fr;http://agences.local;http://backoffice.local;http://reporting.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: UCmore XP - The Search Accelerator - {44BE0690-5429-47f0-85BB-3FFD8020233E} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Microsoft Office] C:\WINNT\system32\msvcp.exe
O4 - HKCU\..\Run: [OpAgent] "C:\Program Files\ScanSoft\OmniPage15.0\OpAgent.exe" /agent
O4 - HKCU\..\Run: [services32] C:\Program Files\Fichiers communs\Windows\mc-110-12-0000228.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Ouvrir le fichier PDF dans Word (PDF Converter 3.0) - res://C:\Program Files\ScanSoft\OmniPage15.0\PDFConverter3\IEShellExt.dll /300
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O16 - DPF: fdjeux - https://www.fdjeux.net/classes/fdjeux.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://promo.dollarrevenue.com/webmasterexe/drsmartload...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.photoways.com/clients/ImageUploader3.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ad.domaine
O17 - HKLM\System\CCS\Services\Tcpip\..\{EBED0B2F-02FD-4A45-97D2-97F9C0BA8750}: Domain = coriolis.fr
O17 - HKLM\System\CCS\Services\Tcpip\..\{EBED0B2F-02FD-4A45-97D2-97F9C0BA8750}: NameServer = 172.16.2.13,172.16.2.14
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ad.domaine
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ad.domaine
O20 - Winlogon Notify: htproc - htproc32.dll (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll
O20 - Winlogon Notify: ssldr - ssldr32.dll (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Canon NetSpot Suite Service - CANON INC. - C:\Program Files\Canon\VDC\AuVdc.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\DefWatch.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINNT\SYSTEM32\DWRCS.EXE
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: Track-It! Remote Control (TIRmtCtl) - Intuit Track-It! - C:\WINNT\TIREMOTE\wuser32.exe
O23 - Service: Track-It! Workstation Manager (TIRmtSvc) - Intuit, Inc. - C:\WINNT\TIREMOTE\TIRemoteService.exe
Logfile of HijackThis v1.99.1
Scan saved at 16:48:03, on 14/02/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Canon\VDC\AuVdc.exe
C:\Program Files\NavNT\DefWatch.exe
C:\WINNT\SYSTEM32\DWRCS.EXE
C:\WINNT\System32\svchost.exe
C:\Program Files\Network Monitor\netmon.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\SUSS.EXE
C:\WINNT\TIREMOTE\wuser32.exe
C:\WINNT\TIREMOTE\TIRemoteService.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\inetsrv\inetinfo.exe
C:\WINNT\Explorer.EXE
c:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
C:\Program Files\Fichiers communs\System\MAPI\1036\nt\MAPISP32.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Install Applications\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://intranet.local/dv
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=172.16.30.4:80;gopher=172.16.30.4:80;http=172.16.30.4:80;https=172.16.30.4:443
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://phenix.local;http://gestion-client.local;http://sfr1.gestion-client.local;http://ent.gestion-client.local;http://ent1.gestion-client.local;http://sfr.gestion-client.local;http://ag.gestion-client.local;http://brc.gestion-client.local;http://dv.gestion-client.local;http://intranet.local;http://pccweb;http://172.21.52.205;http://172.21.52.8;http://172.16.2.90;http://boutique.phenix.local;http://ps-agence.ad.domaine;http://ps-siege.ad.domaine;http://ps-stock.ad.domaine;http://ps-guillaumet.ad.domaine;http://ps-siege1.ad.domaine;http://ps-picasso.ad.domaine;http://backoffice.coriolis.fr;http://agences.local;http://backoffice.local;http://reporting.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: UCmore XP - The Search Accelerator - {44BE0690-5429-47f0-85BB-3FFD8020233E} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Microsoft Office] C:\WINNT\system32\msvcp.exe
O4 - HKCU\..\Run: [OpAgent] "C:\Program Files\ScanSoft\OmniPage15.0\OpAgent.exe" /agent
O4 - HKCU\..\Run: [services32] C:\Program Files\Fichiers communs\Windows\mc-110-12-0000228.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Ouvrir le fichier PDF dans Word (PDF Converter 3.0) - res://C:\Program Files\ScanSoft\OmniPage15.0\PDFConverter3\IEShellExt.dll /300
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O16 - DPF: fdjeux - https://www.fdjeux.net/classes/fdjeux.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://promo.dollarrevenue.com/webmasterexe/drsmartload...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.photoways.com/clients/ImageUploader3.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ad.domaine
O17 - HKLM\System\CCS\Services\Tcpip\..\{EBED0B2F-02FD-4A45-97D2-97F9C0BA8750}: Domain = coriolis.fr
O17 - HKLM\System\CCS\Services\Tcpip\..\{EBED0B2F-02FD-4A45-97D2-97F9C0BA8750}: NameServer = 172.16.2.13,172.16.2.14
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ad.domaine
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ad.domaine
O20 - Winlogon Notify: htproc - htproc32.dll (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll
O20 - Winlogon Notify: ssldr - ssldr32.dll (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Canon NetSpot Suite Service - CANON INC. - C:\Program Files\Canon\VDC\AuVdc.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\DefWatch.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINNT\SYSTEM32\DWRCS.EXE
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: Track-It! Remote Control (TIRmtCtl) - Intuit Track-It! - C:\WINNT\TIREMOTE\wuser32.exe
O23 - Service: Track-It! Workstation Manager (TIRmtSvc) - Intuit, Inc. - C:\WINNT\TIREMOTE\TIRemoteService.exe
juste sa d inutil
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
et sa qui faut fixer
O4 - HKCU\..\Run: [services32] C:\Program Files\Fichiers communs\Windows\mc-110-12-0000228.exe
sinom c est propre enfin je crois
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
et sa qui faut fixer
O4 - HKCU\..\Run: [services32] C:\Program Files\Fichiers communs\Windows\mc-110-12-0000228.exe
sinom c est propre enfin je crois
Lassé par la pub ? Créez un compte
