help : analyse log hijackthis

[kimy]

salut tout le monde

 

 

 

Slaut Charles

ton lien ne marche pas (en tout cas, moi j'ai une page blanche)

en -as-tu un autre

[Thanos]

Bizarre il marche bien pourtant! Essaie ici=>

 

http://cwshredder.net/bin/CWShredder.exe

 

@+ tard, je pars bosser

[kimy]

Bizarre il marche bien pourtant! Essaie ici=>

 

http://cwshredder.net/bin/CWShredder.exe

 

@+ tard, je pars bosser

 

OK, je viens de le trouver sur http://telechargement.journaldunet.com/tel...dder/index.html

 

a+

[kimy]

Bizarre il marche bien pourtant! Essaie ici=>

 

http://cwshredder.net/bin/CWShredder.exe

 

@+ tard, je pars bosser

 

C'était une bonne idée, mais apperement ce n'est pas CoolWebSearch qui bloqie ma page de démarrage, cwsshredder n'a rien trouvé

 

Bosse bien

Moi, j'arrête là pour ce soie.

Je reviendrai demain

[bruce lee]

bonjour,

 

j'aimerai verifier que tu n'es pas une bestiole qui se lance en silence

 

1/telecharge silent runners http://www.silentrunners.org/Silent%20Runners.vbs

 

2/déconnecte toi du net et ferme toutes les applications en cours.

 

3/lance silent runners laisse le travailler quand il aura finit de scanner tu en sauras averti par un message et un nouveau fichier texte sera crée ouvre ce fichier texte et colle nous la totalité du rapport.

[kimy]

Bonjour Bruce-Lee,

 

Voici le rapport silentrunners (beaucoup trop compliqué pour moi )

 

Bon courage pour l'analyse !

 

"Silent Runners.vbs", revision 44, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by "{++}"

 

 

Startup items buried in registry:

---------------------------------

 

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"BackupNotify" = "c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe" [null data]

"Creative Detector" = "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R" ["Creative Technology Ltd"]

"NVIEW" = "rundll32.exe nview.dll,nViewLoadHook" [MS]

"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit" [MS]

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"ehTray" = "C:\WINDOWS\ehome\ehtray.exe" [MS]

"hpsysdrv" = "c:\windows\system\hpsysdrv.exe" ["Hewlett-Packard Company"]

"CamMonitor" = "c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe" [empty string]

"HPHUPD05" = "c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" ["Hewlett-Packard"]

"HPHmon05" = "C:\WINDOWS\System32\hphmon05.exe" ["Hewlett-Packard"]

"KBD" = "C:\HP\KBD\KBD.EXE" ["Hewlett-Packard Company"]

"StorageGuard" = ""C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r" ["Sonic Solutions"]

"Recguard" = "C:\WINDOWS\SMINST\RECGUARD.EXE" [empty string]

"HotKeysCmds" = "C:\WINDOWS\System32\hkcmd.exe" ["Intel Corporation"]

"PS2" = "C:\WINDOWS\system32\ps2.exe" ["Hewlett-Packard Company"]

"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]

"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]

"CTHelper" = "CTHELPER.EXE" ["Creative Technology Ltd"]

"Sunkist2k" = "C:\Program Files\Multimedia Card Reader\shwicon2k.exe" ["Alcor Micro, Corp."]

"CTSysVol" = "C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" ["Creative Technology Ltd"]

"CTDVDDet" = "C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE" ["Creative Technology Ltd"]

"UpdReg" = "C:\WINDOWS\UpdReg.EXE" ["Creative Technology Ltd."]

"MessagerStarter Wanadoo" = "C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo" ["France Telecom"]

"Microsoft Works Update Detection" = "C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe" ["Microsoft® Corporation"]

"MessengerPlus3" = ""C:\Program Files\Messenger Plus! 3\MsgPlus.exe"" ["Patchou"]

"iTunesHelper" = ""C:\Program Files\iTunes\iTunesHelper.exe"" ["Apple Computer, Inc."]

"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]

"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit" [MS]

"ccApp" = ""C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)

-> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"

\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]

{243B17DE-77C7-46BF-B94B-0B5F309A0E64}\(Default) = (no title provided)

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "c:\Program Files\Microsoft Money\System\mnyside.dll" [MS]

{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]

{9394EDE7-C8B5-483E-8773-474BF36AF6E4}\(Default) = (no title provided)

-> {HKLM...CLSID} = "ST"

\InProcServer32\(Default) = "C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll" [MS]

{9ECB9560-04F9-4bbc-943D-298DDF1699E1}\(Default) = "Norton Internet Security 2006"

-> {HKLM...CLSID} = "CNisExtBho Class"

\InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll" ["Symantec Corporation"]

{A8F38D8D-E480-4D52-B7A2-731BB6995FDD}\(Default) = "NAV Helper"

-> {HKLM...CLSID} = "CNavExtBho Class"

\InProcServer32\(Default) = "C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)

-> {HKLM...CLSID} = "Google Toolbar Helper"

\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]

{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\(Default) = (no title provided)

-> {HKLM...CLSID} = "MSNToolBandBHO"

\InProcServer32\(Default) = "C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll" [MS]

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"

-> {HKLM...CLSID} = "Extension Affichage Panorama du Panneau de configuration"

\InProcServer32\(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"

-> {HKLM...CLSID} = "HyperTerminal Icon Ext"

\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]

"{19CC43A1-6925-4B48-B292-830291F393A6}" = "HPNSView"

-> {HKLM...CLSID} = "My Kahuna"

\InProcServer32\(Default) = "c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdns_01.dll" [empty string]

"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]

"{7F67036B-66F1-411A-AD85-759FB9C5B0DB}" = "SampleView"

-> {HKLM...CLSID} = "SampleView"

\InProcServer32\(Default) = "C:\WINDOWS\System32\ShellvRTF.dll" ["XSS"]

"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Explorateur de Bureau"

-> {HKLM...CLSID} = "Explorateur de Bureau"

\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{B446400D-0030-457b-8F64-422A19605186}" = "Logitech Gallery"

-> {HKLM...CLSID} = "Logitech Gallery"

\InProcServer32\(Default) = "C:\Program Files\Logitech\ImageStudio\NameSpc.dll" ["Logitech Inc."]

"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"

-> {HKLM...CLSID} = "Portable Media Devices"

\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]

"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"

-> {HKLM...CLSID} = "Portable Media Devices Menu"

\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]

"{BF05BB6E-442C-428B-8025-82280B7BC26C}" = "Zen Micro Media Explorer"

-> {HKLM...CLSID} = "Zen Micro Media Explorer"

\InProcServer32\(Default) = "C:\Program Files\Creative\Creative Zen Micro\Zen Micro Media Explorer\CTJBNS2.dll" ["Creative Technology Ltd"]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"

-> {HKLM...CLSID} = "iTunes"

\InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Computer, Inc."]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"

-> {HKLM...CLSID} = "nView Desktop Context Menu"

\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]

"{e57ce731-33e8-4c51-8354-bb4de9d215d1}" = "Périphériques Plug and Play universels"

-> {HKLM...CLSID} = "Périphériques Plug and Play universels"

\InProcServer32\(Default) = "C:\WINDOWS\system32\upnpui.dll" [MS]

"{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"

-> {HKLM...CLSID} = "Shell Search Band"

\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\

INFECTION WARNING! "{54D9498B-CF93-414F-8984-8CE7FDE0D391}" = "ewido shell guard"

-> {HKLM...CLSID} = "CShellExecuteHookImpl Object"

\InProcServer32\(Default) = "C:\Program Files\ewido anti-malware\shellhook.dll" ["TODO: <Firmenname>"]

 

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\

INFECTION WARNING! igfxcui\DLLName = "igfxsrvc.dll" ["Intel Corporation"]

 

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\

{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"

-> {HKLM...CLSID} = "PDF Shell Extension"

\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

 

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\

Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}"

-> {HKLM...CLSID} = "IEContextMenu Class"

\InProcServer32\(Default) = "C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

 

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

 

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}"

-> {HKLM...CLSID} = "IEContextMenu Class"

\InProcServer32\(Default) = "C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

 

 

Active Desktop and Wallpaper:

-----------------------------

 

Active Desktop is enabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

 

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\

"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"

 

 

Enabled Screen Saver:

---------------------

 

HKCU\Control Panel\Desktop\

 

HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\0\

"SCRNSAVE.EXE" = "C:\WINDOWS\System32\ssstars.scr" [MS]

 

 

Startup items in "Administrateur" & "All Users" startup folders:

----------------------------------------------------------------

 

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage

"DSLMON" -> shortcut to: "C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe /W" [empty string]

"HP Digital Imaging Monitor" -> shortcut to: "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe" ["Hewlett-Packard Co."]

"Lancement rapide d'Adobe Reader" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]

"Logitech Desktop Messenger" -> shortcut to: "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe /start" ["Logitech"]

"Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l" [MS]

 

 

Enabled Scheduled Tasks:

------------------------

 

"A459A2E7914A222F" -> launches: "c:\docume~1\admini~1\applic~1\slowcl~1\soap eq stupid.exe" [file not found]

"Norton AntiVirus - Effectuer une analyse complète du système - Administrateur" -> launches: "C:\PROGRA~1\NORTON~3\NORTON~1\Navw32.exe /TASK:"C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Tasks\mycomp.sca"" ["Symantec Corporation"]

"Norton AntiVirus - Exécuter Norton QuickScan - Administrateur" -> launches: "C:\PROGRA~1\NORTON~3\NORTON~1\Navw32.exe /TASK:"C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Tasks\quick.sca"" ["Symantec Corporation"]

"Symantec NetDetect" -> launches: "C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE" ["Symantec Corporation"]

 

 

Winsock2 Service Provider DLLs:

-------------------------------

 

Namespace Service Providers

 

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

 

Transport Service Providers

 

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 20

%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

 

 

Toolbars, Explorer Bars, Extensions:

------------------------------------

 

Toolbars

 

HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\

"{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5}"

-> {HKLM...CLSID} = "Vue HP"

\InProcServer32\(Default) = "c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll" ["Hewlett-Packard Company"]

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"

-> {HKLM...CLSID} = "&Google"

\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]

 

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

"{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5}"

-> {HKLM...CLSID} = "Vue HP"

\InProcServer32\(Default) = "c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll" ["Hewlett-Packard Company"]

"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}"

-> {HKLM...CLSID} = "MSN"

\InProcServer32\(Default) = "C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll" [MS]

"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}"

-> {HKLM...CLSID} = "Norton Internet Security 2006"

\InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll" ["Symantec Corporation"]

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"

-> {HKLM...CLSID} = "&Google"

\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]

"{C4069E3A-68F1-403E-B40E-20066696354B}"

-> {HKLM...CLSID} = "Norton AntiVirus"

\InProcServer32\(Default) = "C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

 

HKLM\Software\Microsoft\Internet Explorer\Toolbar\

"{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5}" = (no title provided)

-> {HKLM...CLSID} = "Vue HP"

\InProcServer32\(Default) = "c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll" ["Hewlett-Packard Company"]

"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" = "0"

-> {HKLM...CLSID} = "MSN"

\InProcServer32\(Default) = "C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll" [MS]

"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" = "Norton Internet Security 2006"

-> {HKLM...CLSID} = "Norton Internet Security 2006"

\InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll" ["Symantec Corporation"]

"{C4069E3A-68F1-403E-B40E-20066696354B}" = "Norton AntiVirus"

-> {HKLM...CLSID} = "Norton AntiVirus"

\InProcServer32\(Default) = "C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)

-> {HKLM...CLSID} = "&Google"

\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]

 

Extensions (Tools menu items, main toolbar menu buttons)

 

HKLM\Software\Microsoft\Internet Explorer\Extensions\

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\

"MenuText" = "Console Java (Sun)"

"CLSIDExtension" = "{08B0E5C0-4FCB-11CF-AAA5-00401C608501}"

 

{653D93AF-C741-4E5E-8C1B-59BA43F93E16}\

"ButtonText" = "Panda ActiveScan"

"Exec" = "http://www.pandasoftware.com/activescan/fr/activescan_principal.htm" [file not found]

 

{E023F504-0C5A-4750-A1E7-A9046DEA8A21}\

"ButtonText" = "MoneySide"

"CLSIDExtension" = "{DD6687B5-CB43-4211-BFC9-2942CCBDCB3E}"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "c:\Program Files\Microsoft Money\System\mnyside.dll" [MS]

 

{FB5F1910-F110-11D2-BB9E-00C04F795683}\

"ButtonText" = "Messenger"

"MenuText" = "Windows Messenger"

"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]

 

 

Miscellaneous IE Hijack Points

------------------------------

 

HKLM\Software\Microsoft\Internet Explorer\Version = (invalid data)

The Internet Explorer version cannot be found!

 

C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")

The contents of IERESET.INF cannot be reliably checked!

 

Added lines (compared with English-language version):

[strings]: START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

[strings]: SAFESITE_VALUE="http://home.microsoft.com/intl/fr/"

[strings]: MS_START_PAGE_URL="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"

 

Missing lines (compared with English-language version):

[strings]: 3 lines

 

 

Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------

 

Creative Service for CDROM Access, Creative Service for CDROM Access, "C:\WINDOWS\System32\CTsvcCDA.EXE" ["Creative Technology Ltd"]

ewido security suite control, ewido security suite control, "C:\Program Files\ewido anti-malware\ewidoctrl.exe" ["ewido networks"]

iPod Service, iPodService, "C:\Program Files\iPod\bin\iPodService.exe" ["Apple Computer, Inc."]

Norton Protection Center Service, NSCService, ""C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE"" ["Symantec Corporation"]

NVIDIA Driver Helper Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]

Service de planification Media Center, ehSched, "C:\WINDOWS\ehome\ehSched.exe" [MS]

Service Norton AntiVirus Auto-Protect, navapsvc, ""C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe"" ["Symantec Corporation"]

Symantec Core LC, Symantec Core LC, ""C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe"" ["Symantec Corporation"]

Symantec Event Manager, ccEvtMgr, ""C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation"]

Symantec Network Drivers Service, SNDSrvc, ""C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe"" ["Symantec Corporation"]

Symantec Network Proxy, ccProxy, ""C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe"" ["Symantec Corporation"]

Symantec Settings Manager, ccSetMgr, ""C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe"" ["Symantec Corporation"]

Symantec SPBBCSvc, SPBBCSvc, ""C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe"" ["Symantec Corporation"]

Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]

WMDM PMSP Service, WMDM PMSP Service, "C:\WINDOWS\System32\MsPMSPSv.exe" [MS]

 

 

Print Monitors:

---------------

 

HKLM\System\CurrentControlSet\Control\Print\Monitors\

Microsoft Shared Fax Monitor\Driver = "FXSMON.DLL" [MS]

 

 

----------

+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

launch it from a command prompt or a shortcut with the -all parameter.

+ To search all directories of local fixed drives for DESKTOP.INI

DLL launch points and all Registry CLSIDs for dormant Explorer Bars,

use the -supp parameter or answer "No" at the first message box.

---------- (total run time: 60 seconds, including 18 seconds for message boxes)

[bruce lee]

bonjour,

 

analyse en cours retour dans 10 minutes

[bruce lee]

re,

 

le rapport de silent runners montre qu'il y a la presence de lop sur ton PC.

 

*télécharge lopremover

http://clairvoyant.p2pforum.it/tools/lopremover.zip

Dézippe le

 

2/ Redémarre en mode sans échec.

 

 

Démarrer, Poste de travail ou autre dossier, Menu Outils, Option des dossiers, onglet Affichage :

Activer la case : Afficher les fichiers et dossiers cachés

Désactiver la case : Masquer les extensions des fichiers dont le type est connu

Désactiver la case : Masquer les fichiers protégés du système d'exploitation

Puis Appliquer

 

supprime ce qui est en gras:

 

c:\Documents and Settings\admini~1\application data\ slowcl~1<== supprime le dossier qui

commence par slowcl

 

exécuter Lopremover

Tu le lances, tu inseres les chiffres dans la case,puis tu cliques sur UNINSTALL.

 

redemarre en mode normal.et essaye de changer ta page de demarrage

 

@+

 

EDIT: charles

Modifié le 12 avril 2006 par bruce lee

[kimy]

coucou,

 

J'ai supprimé slowclock et exécuter loperemover (encore un virus, spyware, ... ?)

Je n'arrive toujours pas à changer ma page de démarrage.

C'est un vrai casse-tête ce truc.

 

Par contre, il me semble que mon PC redémarre un peu plus vite. C'est peut-être qu'une impression.

 

a+

[bruce lee]

pour ton PC il se peut qu'il redemarre plus vite car lop se met dans les lignes 04(les programmes qui selancent au demarrage),refais un scan avec silent runners et poste le rapport s'il te plait