

prisc
Membres-
Compteur de contenus
7 -
Inscription
-
Dernière visite
Type de contenu
Profils
Forums
Blogs
Tout ce qui a été posté par prisc
-
Bonjour rapport hijacthis
prisc a répondu à un(e) sujet de prisc dans Analyses et éradication malwares
re ça à l'aire chouette ton petit programme mais c'est pour winxp et je possède win2000pro sp4 Pense tu que ça pourrais quand même faire l'affaire? -
Bonjour rapport hijacthis
prisc a répondu à un(e) sujet de prisc dans Analyses et éradication malwares
re pas de soucis c'est déjà très sympas de t'occuper de mon problème et puis je supose que tu as ta vie aussi oui il y a bien eu une mise à jour il y a +/- 3 semaines mais mon problème était déjà présent avant de l'installer. Je te met le rapport de Silent Runners comme demandé "Silent Runners.vbs", revision 46, http://www.silentrunners.org/ Operating System: Windows 2000 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "ctfmon.exe" = "ctfmon.exe" [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "Synchronization Manager" = "mobsync.exe /logon" [MS] "Smapp" = "C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" ["Analog Devices, Inc."] "NvCplDaemon" = "RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup" [MS] "nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"] "Look 'n' Stop" = ""C:\Program Files\Soft4Ever\looknstop\looknstop.exe" -auto" ["Soft4Ever"] "NeroFilterCheck" = "C:\WINNT\system32\NeroCheck.exe" ["Ahead Software Gmbh"] "ccApp" = ""C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"" ["Symantec Corporation"] "PestPatrol Control Center" = "C:\PROGRA~1\PESTPA~1\PPControl.exe" ["Computer Associates International"] "PestPatrolCL" = (empty string) "Symantec NetDriver Monitor" = "C:\PROGRA~1\SYMNET~1\SNDMon.exe" ["Symantec Corporation"] "SSC_UserPrompt" = "C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe" ["Symantec Corporation"] "LoadQM" = "loadqm.exe" [MS] "PPMemCheck" = "C:\PROGRA~1\PESTPA~1\PPMemCheck.exe" [null data] "CookiePatrol" = "C:\PROGRA~1\PESTPA~1\CookiePatrol.exe" ["Computer Associates International"] "WinampAgent" = "C:\Program Files\Winamp\winampa.exe" [null data] "DAEMON Tools-1033" = ""C:\Program Files\D-Tools\daemon.exe" -lang 1033" ["DAEMON'S HOME"] "FLMBROWSEMOUSE" = "C:\Program Files\Trust\302KS\Mouse\mouse32a.exe" [empty string] "FLMK08KB" = "C:\Program Files\Trust\302KS\Keyboard\MMKEYBD.EXE" [empty string] "TrustInstaller" = "F:\Setup.exe" ["InstallShield Software Corporation"] "Lexmark X1100 Series" = ""C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"" ["Lexmark International, Inc."] "NvMediaCenter" = "RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit" [MS] "!ewido" = ""C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized" ["Anti-Malware Development a.s."] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "AcroIEHlprObj Class" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"] {53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided) -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"] {AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided) -> {HKLM...CLSID} = "Google Toolbar Helper" \InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."] {BDF3E430-B101-42AD-A544-FADC6B084872}\(Default) = (no title provided) -> {HKLM...CLSID} = "CNavExtBho Class" \InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration" -> {HKLM...CLSID} = "Extension Affichage Panorama du Panneau de configuration" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINNT\System32\hticons.dll" ["Hilgraeve, Inc."] "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer" -> {HKLM...CLSID} = "Desktop Explorer" \InProcServer32\(Default) = "C:\WINNT\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINNT\system32\nvshell.dll" ["NVIDIA Corporation"] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler" -> {HKLM...CLSID} = "Outlook File Icon Extension" \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL" [MS] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS] "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu" -> {HKLM...CLSID} = "nView Desktop Context Menu" \InProcServer32\(Default) = "C:\WINNT\system32\nvshell.dll" ["NVIDIA Corporation"] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ INFECTION WARNING! "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "ewido anti-spyware 4.0" -> {HKLM...CLSID} = "CShellExecuteHookImpl Object" \InProcServer32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll" ["Anti-Malware Development a.s."] HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}" -> {HKLM...CLSID} = "CContextScan Object" \InProcServer32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."] Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}" -> {HKLM...CLSID} = "IEContextMenu Class" \InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}" -> {HKLM...CLSID} = "CContextScan Object" \InProcServer32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}" -> {HKLM...CLSID} = "IEContextMenu Class" \InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] Active Desktop and Wallpaper: ----------------------------- Active Desktop is enabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ "Wallpaper" = "D:\Mes images\331167.jpg" Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\0\ "SCRNSAVE.EXE" = "C:\WINNT\FEEDIN~1.SCR" (FeedingFrenzy.scr) ["Sprout Games, LLC"] Startup items in "Anne-marie" & "All Users" startup folders: ------------------------------------------------------------ C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage "Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l" [MS] Enabled Scheduled Tasks: ------------------------ "Norton AntiVirus - Analyser mon ordinateur - Anne-marie" -> launches: "C:\PROGRA~1\NORTON~1\NAVW32.EXE /task:"C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Tasks\mycomp.sca"" ["Symantec Corporation"] "Norton AntiVirus - Analyser mon ordinateur" -> launches: "C:\PROGRA~1\NORTON~1\Navw32.exe /task:"C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Tasks\mycomp.sca"" ["Symantec Corporation"] "Symantec NetDetect" -> launches: "C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE" ["Symantec Corporation"] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\rnr20.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\msafd.dll [MS], 01 - 03, 06 - 15 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ "{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" -> {HKLM...CLSID} = "Norton AntiVirus" \InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"] HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ "{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" -> {HKLM...CLSID} = "Norton AntiVirus" \InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"] "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" -> {HKLM...CLSID} = "&Google" \InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ "{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus" -> {HKLM...CLSID} = "Norton AntiVirus" \InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"] "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided) -> {HKLM...CLSID} = "&Google" \InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."] Miscellaneous IE Hijack Points ------------------------------ C:\WINNT\INF\IERESET.INF (used to "Reset Web Settings") Added lines (compared with English-language version): [strings]: SAFESITE_VALUE="http://home.microsoft.com/intl/fr/" Missing lines (compared with English-language version): [strings]: 1 line Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ C-DillaCdaC11BA, C-DillaCdaC11BA, "C:\WINNT\system32\drivers\CDAC11BA.EXE" ["Macrovision"] ewido anti-spyware 4.0 guard, ewido anti-spyware 4.0 guard, "C:\Program Files\ewido anti-spyware 4.0\guard.exe" ["Anti-Malware Development a.s."] LexBce Server, LexBceS, "C:\WINNT\system32\LEXBCES.EXE" ["Lexmark International, Inc."] Machine Debug Manager, MDM, ""C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe"" [MS] NVIDIA Display Driver Service, NVSvc, "C:\WINNT\system32\nvsvc32.exe" ["NVIDIA Corporation"] SAVScan, SAVScan, "C:\Program Files\Norton AntiVirus\SAVScan.exe" ["Symantec Corporation"] Service Norton AntiVirus Auto-Protect, navapsvc, ""C:\Program Files\Norton AntiVirus\navapsvc.exe"" ["Symantec Corporation"] SoundMAX Agent Service, SoundMAX Agent Service (default), "C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe" ["Analog Devices, Inc."] Symantec Event Manager, ccEvtMgr, ""C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation"] Symantec Settings Manager, ccSetMgr, ""C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe"" ["Symantec Corporation"] Système d'événements de COM+, EventSystem, "C:\WINNT\System32\svchost.exe -k netsvcs" {"C:\WINNT\System32\es.dll" [null data]} Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ Lexmark Network Port\Driver = "LEXLMPM.DLL" ["Lexmark International, Inc."] ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points and all Registry CLSIDs for dormant Explorer Bars, use the -supp parameter or answer "No" at the first message box. ---------- (total run time: 25 seconds, including 4 seconds for message boxes) -
Bonjour rapport hijacthis
prisc a répondu à un(e) sujet de prisc dans Analyses et éradication malwares
re Après avoir essayer plusieurs fois d'installer activex pour l'anti-virus Panda (celui-ci s'arrête à chaque fois à 68% du téléchargement) j'ai scanner mon HDD avec secuser.com, Kaspersky et blacklight. Secuser.com : pas de rapport, il n'a rien trouvé Kaspersky : Tuesday, August 22, 2006 9:46:21 PM Système d'exploitation : Microsoft Windows 2000 Professional, Service Pack 4 (Build 2195) Kaspersky On-line Scanner version : 5.0.83.0 Dernière mise à jour de la base antivirus Kaspersky : 22/08/2006 Enregistrements dans la base antivirus Kaspersky : 204519 Paramètres d'analyse Analyser avec la base antivirus suivante standard Analyser les archives vrai Analyser les bases de messagerie vrai Cible de l'analyse Poste de travail A:\ C:\ D:\ E:\ F:\ G:\ H:\ Statistiques de l'analyse Total d'objets analysés 66507 Nombre de virus trouvés 3 Nombre d'objets infectés 3 / 0 Nombre d'objets suspects 0 Durée de l'analyse 00:45:29 Nom de l'objet infecté Nom du virus Dernière action C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat L'objet est verrouillé ignoré C:\Documents and Settings\Anne-marie\Cookies\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\Anne-marie\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\Anne-marie\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\Anne-marie\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\Anne-marie\Local Settings\Temporary Internet Files\Content.IE5\77526ARN\CA0PSQPX.htm L'objet est verrouillé ignoré C:\Documents and Settings\Anne-marie\Local Settings\Temporary Internet Files\Content.IE5\77526ARN\CAI1OPUF.htm L'objet est verrouillé ignoré C:\Documents and Settings\Anne-marie\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\Anne-marie\Local Settings\Temporary Internet Files\Content.IE5\JZTJF5KS\CAUPAZM1.htm L'objet est verrouillé ignoré C:\Documents and Settings\Anne-marie\Local Settings\Temporary Internet Files\Content.IE5\UPBO5OJQ\CA4YZTLE.htm L'objet est verrouillé ignoré C:\Documents and Settings\Anne-marie\Local Settings\Temporary Internet Files\Content.IE5\YNIN630H\virusometro_std[1].xml L'objet est verrouillé ignoré C:\Documents and Settings\Anne-marie\Local Settings\Temporary Internet Files\Content.IE5\YNIN630H\virusometro_std[2].xml L'objet est verrouillé ignoré C:\Documents and Settings\Anne-marie\NTUSER.DAT L'objet est verrouillé ignoré C:\Documents and Settings\Anne-marie\ntuser.dat.LOG L'objet est verrouillé ignoré C:\Program Files\Norton AntiVirus\AVApp.log L'objet est verrouillé ignoré C:\Program Files\Norton AntiVirus\AVError.log L'objet est verrouillé ignoré C:\Program Files\Norton AntiVirus\AVVirus.log L'objet est verrouillé ignoré C:\Program Files\Norton AntiVirus\Quarantine\08177591 Infecté : Trojan.Win32.Dialer.fu ignoré C:\Program Files\Norton AntiVirus\Quarantine\3EA73D28 Infecté : Backdoor.Win32.Agobot.gen ignoré C:\Program Files\Norton AntiVirus\Quarantine\40436763 Infecté : Virus.Win32.Parite.b ignoré C:\WINNT\CSC\00000001 L'objet est verrouillé ignoré C:\WINNT\Debug\ipsecpa.log L'objet est verrouillé ignoré C:\WINNT\Debug\oakley.log L'objet est verrouillé ignoré C:\WINNT\Debug\PASSWD.LOG L'objet est verrouillé ignoré C:\WINNT\SchedLgU.Txt L'objet est verrouillé ignoré C:\WINNT\SoftwareDistribution\EventCache\{E27AB0AD-B596-4129-9B72-E82EEE85922D}.bin L'objet est verrouillé ignoré C:\WINNT\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré C:\WINNT\Sti_Trace.log L'objet est verrouillé ignoré C:\WINNT\system32\config\AppEvent.Evt L'objet est verrouillé ignoré C:\WINNT\system32\config\default L'objet est verrouillé ignoré C:\WINNT\system32\config\default.LOG L'objet est verrouillé ignoré C:\WINNT\system32\config\SAM L'objet est verrouillé ignoré C:\WINNT\system32\config\SAM.LOG L'objet est verrouillé ignoré C:\WINNT\system32\config\SecEvent.Evt L'objet est verrouillé ignoré C:\WINNT\system32\config\SECURITY L'objet est verrouillé ignoré C:\WINNT\system32\config\SECURITY.LOG L'objet est verrouillé ignoré C:\WINNT\system32\config\software L'objet est verrouillé ignoré C:\WINNT\system32\config\software.LOG L'objet est verrouillé ignoré C:\WINNT\system32\config\SysEvent.Evt L'objet est verrouillé ignoré C:\WINNT\system32\config\system L'objet est verrouillé ignoré C:\WINNT\system32\config\SYSTEM.ALT L'objet est verrouillé ignoré C:\WINNT\WindowsUpdate.log L'objet est verrouillé ignoré Analyse terminée. blacklight: 08/22/06 20:24:51 [info]: BlackLight Engine 1.0.46 initialized 08/22/06 20:24:51 [info]: OS: 5.0 build 2195 (Service Pack 4) 08/22/06 20:24:51 [Note]: 7019 4 08/22/06 20:24:51 [Note]: 7005 0 08/22/06 20:25:14 [Note]: 7006 0 08/22/06 20:25:14 [Note]: 7011 784 08/22/06 20:25:14 [Note]: 7026 0 08/22/06 20:25:14 [Note]: 7026 0 08/22/06 20:25:21 [Note]: FSRAW library version 1.7.1019 08/22/06 20:28:42 [Note]: 7007 0 J'en ai profité pour recopier une erreur que j'ai assez souvent et qui a peut être un rapport avec les plantage d'Internet explorer: runtime error! program:c:\winnt\feedin~1.scr this application has requested the runtime to terminate it in a unusual way. Encore un grand merçi pour ton aide -
Bonjour rapport hijacthis
prisc a répondu à un(e) sujet de prisc dans Analyses et éradication malwares
re J'ai suivi la procédure comme décrit ci-dessus ( merçi pour les explications et la clarté de la procédure ) Et voici les rapports demandés --------------------------------------------------------- ewido anti-spyware - Scan Report--------------------------------------------------------- + Created at: 14:24:49 22/08/2006 + Scan result: C:\Program Files\PestPatrol\Quarantine\20051106184802.zip/WINNT/temp/altnet/setup.exe -> Adware.Altnet : Cleaned with backup (quarantined). C:\Program Files\PestPatrol\Quarantine\20051106194609.zip/Documents and Settings/Anne-marie/Local Settings/Temp/__unin__.exe -> Adware.Altnet : Cleaned with backup (quarantined). C:\Program Files\PestPatrol\Quarantine\20051106194609.zip/Program Files/altnet/download manager/altnetuninstall.exe -> Adware.Altnet : Cleaned with backup (quarantined). C:\Program Files\PestPatrol\Quarantine\20051106194609.zip/Program Files/altnet/download manager/asm.exe -> Adware.Altnet : Cleaned with backup (quarantined). C:\Program Files\PestPatrol\Quarantine\20051106194609.zip/Program Files/altnet/download manager/asm.to_be_deleted -> Adware.Altnet : Cleaned with backup (quarantined). C:\Program Files\PestPatrol\Quarantine\20051106194609.zip/Program Files/altnet/download manager/asmps.dll -> Adware.Altnet : Cleaned with backup (quarantined). C:\Program Files\PestPatrol\Quarantine\20051106194609.zip/Program Files/altnet/download manager/asmps.to_be_deleted -> Adware.Altnet : Cleaned with backup (quarantined). C:\Program Files\PestPatrol\Quarantine\20051106194609.zip/Program Files/altnet/points manager/points manager.exe -> Adware.Altnet : Cleaned with backup (quarantined). C:\Program Files\PestPatrol\Quarantine\20051106194609.zip/Program Files/kazaa/topsearch.dll -> Adware.Altnet : Cleaned with backup (quarantined). C:\Program Files\PestPatrol\Quarantine\20051106194609.zip/WINNT/temp/altnet/dmfiles.cab/AltnetUninstall.exe -> Adware.Altnet : Cleaned with backup (quarantined). C:\Program Files\PestPatrol\Quarantine\20051106194609.zip/WINNT/temp/altnet/pmexe.cab/Points Manager.exe -> Adware.Altnet : Cleaned with backup (quarantined). C:\Program Files\PestPatrol\Quarantine\20060129195823.zip/Program Files/altnet/Download Manager/asm.to_be_deleted -> Adware.Altnet : Cleaned with backup (quarantined). C:\Program Files\PestPatrol\Quarantine\20060129195823.zip/Program Files/altnet/Download Manager/asmps.to_be_deleted -> Adware.Altnet : Cleaned with backup (quarantined). C:\Program Files\PestPatrol\Quarantine\20060129200433.zip/Program Files/altnet/Download Manager/asm.to_be_deleted_x -> Adware.Altnet : Cleaned with backup (quarantined). C:\Program Files\PestPatrol\Quarantine\20060129200433.zip/Program Files/altnet/Download Manager/asmps.to_be_deleted_x -> Adware.Altnet : Cleaned with backup (quarantined). C:\Program Files\PestPatrol\Quarantine\20060129200956.zip/Program Files/altnet/Download Manager/asm.to_be_deleted -> Adware.Altnet : Cleaned with backup (quarantined). C:\Program Files\PestPatrol\Quarantine\20060129200956.zip/Program Files/altnet/Download Manager/asmps.to_be_deleted -> Adware.Altnet : Cleaned with backup (quarantined). C:\Program Files\PestPatrol\Quarantine\20060513153704.zip/Documents and Settings/Anne-marie/local settings/temp/asmfiles.cab/asm.exe -> Adware.Altnet : Cleaned with backup (quarantined). C:\Program Files\PestPatrol\Quarantine\20060513153704.zip/Documents and Settings/Anne-marie/local settings/temp/asmfiles.cab/asmps.dll -> Adware.Altnet : Cleaned with backup (quarantined). C:\Program Files\PestPatrol\Quarantine\20060513153704.zip/Program Files/altnet/Download Manager/asm.exe -> Adware.Altnet : Cleaned with backup (quarantined). C:\Program Files\PestPatrol\Quarantine\20060513153704.zip/Program Files/altnet/Download Manager/asmps.dll -> Adware.Altnet : Cleaned with backup (quarantined). HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AltnetDM -> Adware.Altnet : Cleaned with backup (quarantined). C:\Program Files\PestPatrol\Quarantine\20051106184802.zip/WINNT/system32/cd_clint.dll -> Adware.Cydoor : Cleaned with backup (quarantined). HKU\S-1-5-21-861567501-299502267-839522115-1000\Software\INSTAFINK -> Adware.InstaFinder : Cleaned with backup (quarantined). HKU\S-1-5-21-861567501-299502267-839522115-1000\Software\INSTAFINK\Reports -> Adware.InstaFinder : Cleaned with backup (quarantined). HKU\S-1-5-21-861567501-299502267-839522115-1000\Software\INSTAFINK\Reports\38493 -> Adware.InstaFinder : Cleaned with backup (quarantined). HKU\S-1-5-21-861567501-299502267-839522115-1000\Software\INSTAFINK\Reports\38494 -> Adware.InstaFinder : Cleaned with backup (quarantined). HKU\S-1-5-21-861567501-299502267-839522115-1000\Software\INSTAFINK\Reports\38495 -> Adware.InstaFinder : Cleaned with backup (quarantined). HKU\S-1-5-21-861567501-299502267-839522115-1000\Software\INSTAFINK\Stat -> Adware.InstaFinder : Cleaned with backup (quarantined). C:\WINNT\Downloaded Program Files\WebP2PInstaller3.dll -> Adware.PeerNet : Cleaned with backup (quarantined). C:\Program Files\PestPatrol\Quarantine\20060129195823.zip/Program Files/rxtoolbar/sfcont.to_be_deleted -> Adware.RXBar : Cleaned with backup (quarantined). C:\Program Files\PestPatrol\Quarantine\20060129200433.zip/Program Files/rxtoolbar/sfcont.to_be_deleted_x -> Adware.RXBar : Cleaned with backup (quarantined). C:\Program Files\PestPatrol\Quarantine\20060129200956.zip/Program Files/rxtoolbar/sfcont.to_be_deleted -> Adware.RXBar : Cleaned with backup (quarantined). HKU\S-1-5-21-861567501-299502267-839522115-1000\Software\GlobalCS -> Dialer.Generic : Cleaned with backup (quarantined). C:\Program Files\plugin_webcamLive\plugin_webcamLive.exe -> Dialer.Glodial : Cleaned with backup (quarantined). C:\WINNT\NsUpdate.exe -> Dialer.Glodial : Cleaned with backup (quarantined). C:\WINNT\temp_update.exe -> Dialer.Glodial : Cleaned with backup (quarantined). C:\Program Files\PestPatrol\Quarantine\20060129200433.zip/Documents and Settings/Anne-marie/Cookies/anne-marie@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned. C:\Program Files\PestPatrol\Quarantine\20060129200433.zip/Documents and Settings/Anne-marie/Cookies/anne-marie@fl01.ct2.comclick[1].txt -> TrackingCookie.Comclick : Cleaned. C:\Program Files\PestPatrol\Quarantine\20060730160943.zip/Documents and Settings/Anne-marie/Cookies/anne-marie@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned. C:\Program Files\PestPatrol\Quarantine\20060129200433.zip/Documents and Settings/Anne-marie/Cookies/anne-marie@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned. C:\Program Files\PestPatrol\Quarantine\20060129200433.zip/Documents and Settings/Anne-marie/Cookies/anne-marie@weborama[1].txt -> TrackingCookie.Weborama : Cleaned. C:\Program Files\PestPatrol\Quarantine\20060513153704.zip/Documents and Settings/Anne-marie/Cookies/anne-marie@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned. ::Report end Logfile of HijackThis v1.99.1 Scan saved at 14:43:50, on 22/08/2006 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\LEXBCES.EXE C:\WINNT\system32\spoolsv.exe C:\WINNT\system32\LEXPPS.EXE C:\WINNT\system32\drivers\CDAC11BA.EXE C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe C:\WINNT\System32\svchost.exe C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINNT\system32\nvsvc32.exe C:\WINNT\system32\regsvc.exe C:\Program Files\Norton AntiVirus\SAVScan.exe C:\WINNT\system32\MSTask.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINNT\system32\stisvc.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\Explorer.EXE C:\WINNT\system32\svchost.exe C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe C:\Program Files\Analog Devices\SoundMAX\SMTray.exe C:\Program Files\Soft4Ever\looknstop\looknstop.exe C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe C:\PROGRA~1\PESTPA~1\PPControl.exe C:\PROGRA~1\PESTPA~1\PPMemCheck.exe C:\PROGRA~1\PESTPA~1\CookiePatrol.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\D-Tools\daemon.exe C:\Program Files\Trust\302KS\Mouse\mouse32a.exe C:\WINNT\system32\ntvdm.exe C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe C:\WINNT\system32\RUNDLL32.EXE C:\Program Files\Trust\302KS\Keyboard\KbdAp32A.exe C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe C:\WINNT\system32\ctfmon.exe C:\Program Files\hijackthis\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: @msdxmLC.dll,-1@1036,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Look 'n' Stop] "C:\Program Files\Soft4Ever\looknstop\looknstop.exe" -auto O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\..\Run: [sSC_UserPrompt] C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [FLMBROWSEMOUSE] C:\Program Files\Trust\302KS\Mouse\mouse32a.exe O4 - HKLM\..\Run: [FLMK08KB] C:\Program Files\Trust\302KS\Keyboard\MMKEYBD.EXE O4 - HKLM\..\Run: [TrustInstaller] F:\Setup.exe O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O16 - DPF: Dexia netbanking - http://netbanking.dexia.be/PC//Dynamic/Sha...t//DexiaIIA.cab O16 - DPF: Yahoo! Euchre - http://download.games.yahoo.com/games/clients/y/et1_x.cab O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/games/clients/y/pyt1_x.cab O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game15.zylomgames.com/activex/zylomgamesplayer.cab O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.companion....ebio5_6_0_0.cab O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www2.incredimail.com/contents/setup...er/imloader.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{A4F7D765-D78E-4C98-9153-57E8CF0248FB}: NameServer = 195.130.131.6,195.130.130.1 O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINNT\system32\drivers\CDAC11BA.EXE O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe Je suppose qu'il doit rester quelques crasses, parceque mon problème avec internet explorer est malheureusement toujours d'actualité. Je me demande vraiement si ce n'est pas un problème de dll. En tous cas un grand merçi pour ton aide. -
Bonjour rapport hijacthis
prisc a répondu à un(e) sujet de prisc dans Analyses et éradication malwares
Oki T'es sur que je dois le faire pcq setup.exe sur le f c'est juste un jeu dans le CDROM et c'est pas une copie c'est un CD originale -
Bonjour rapport hijacthis
prisc a répondu à un(e) sujet de prisc dans Analyses et éradication malwares
Bonjour Tornado et merçi pour ta réponse J'ai effectivement appliqué la procédure de pré-nettoyage mais je n'ai malheureusement pas garder le log d'Antivir et celui-ci à été désinstaller. Mais le rapport Antivir indiquait ceci: Detections 1 Repaired 0 Deleted 1 Moved 0 Warning 6 J'espère que ça peut t'aider -
Bonjour, J'ai un petit soucis avec mon pc. J'ai des plantages consécutifs d'internet explorer. J'ai lancé Norton, Pestpatrol, Hadaware, Spybot...rien trouvé. J'ai finalement lancé en mode sans échec Antiv...il m'a trouvé un virus. Mais rien à faire j'ai toujours ces plantages. Lors de ces plantages il m'ouvre une fenêtre avec le message d'erreur suivant: Impossible de trouver la description de l'ID d'événement ( 1000 ) dans la source ( Microsoft Internet Explorer ). L'ordinateur local n'a peut-être pas les informations de Registre nécessaires ou les fichiers DLL de messagerie pour afficher les messages provenant d'un ordinateur distant iexplore.exe; 6.0.2800.1106; ntdll.dll; 5.0.2195.7006; 0004d79a. ou même message avec : 6.0.2800.1106; flash8.ocx; 8.0.22.0; 000c7a27. ou même message avec : 6.0.2800.1106; flash8.ocx; 8.0.22.0; 00106fa4. ou même message avec : 6.0.2800.1106; shlwapi.dll; 6.0.2800.1740; 000043c0. Alors j'ai fait un scan avec hijacthis mais je n'y comprends pas grand chose Si une bonne âme pouvait m'aider ce serait trop sympas Je vous met le log du scan: Logfile of HijackThis v1.99.1 Scan saved at 14:11:18, on 21/08/2006 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\LEXBCES.EXE C:\WINNT\system32\spoolsv.exe C:\WINNT\system32\LEXPPS.EXE C:\WINNT\system32\drivers\CDAC11BA.EXE C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe C:\WINNT\System32\svchost.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINNT\system32\nvsvc32.exe C:\WINNT\system32\regsvc.exe C:\Program Files\Norton AntiVirus\SAVScan.exe C:\WINNT\system32\MSTask.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINNT\system32\stisvc.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\Explorer.EXE C:\WINNT\system32\svchost.exe C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe C:\Program Files\Analog Devices\SoundMAX\SMTray.exe C:\WINNT\system32\mobsync.exe C:\Program Files\Soft4Ever\looknstop\looknstop.exe C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe C:\PROGRA~1\PESTPA~1\PPControl.exe C:\PROGRA~1\PESTPA~1\PPMemCheck.exe C:\PROGRA~1\PESTPA~1\CookiePatrol.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\D-Tools\daemon.exe C:\Program Files\Trust\302KS\Mouse\mouse32a.exe C:\Program Files\Trust\302KS\Keyboard\KbdAp32A.exe C:\WINNT\system32\ntvdm.exe C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe C:\WINNT\system32\RUNDLL32.EXE C:\WINNT\system32\ctfmon.exe C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe C:\Program Files\hijackthis\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: @msdxmLC.dll,-1@1036,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Look 'n' Stop] "C:\Program Files\Soft4Ever\looknstop\looknstop.exe" -auto O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\..\Run: [sSC_UserPrompt] C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [FLMBROWSEMOUSE] C:\Program Files\Trust\302KS\Mouse\mouse32a.exe O4 - HKLM\..\Run: [FLMK08KB] C:\Program Files\Trust\302KS\Keyboard\MMKEYBD.EXE O4 - HKLM\..\Run: [NsUpdate] C:\WINNT\NsUpdate.exe UPDATE O4 - HKLM\..\Run: [TrustInstaller] F:\Setup.exe O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Search - http://kt.bar.need2find.com/KT/menusearch.html?p=KT O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O16 - DPF: Dexia netbanking - http://netbanking.dexia.be/PC//Dynamic/Sha...t//DexiaIIA.cab O16 - DPF: Yahoo! Euchre - http://download.games.yahoo.com/games/clients/y/et1_x.cab O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/games/clients/y/pyt1_x.cab O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab O16 - DPF: {511F9316-771B-4953-A268-1C36DA667FE9} - http://ip.sponsoradulto.com/cab/3/en/SysWebTelecomInt.cab O16 - DPF: {AA760512-9BD8-4B1B-9E7A-DD9BBE3CF119} (PandoraBoxCtrl Class) - http://front.boonty.com/Prometheus/PandoraX.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game15.zylomgames.com/activex/zylomgamesplayer.cab O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.companion....ebio5_6_0_0.cab O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www2.incredimail.com/contents/setup...er/imloader.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{A4F7D765-D78E-4C98-9153-57E8CF0248FB}: NameServer = 195.130.131.6,195.130.130.1 O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file) O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINNT\system32\drivers\CDAC11BA.EXE O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe Un grand merçi d'avance