Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

help : analyse log hijackthis

kimy

Par kimy
dans Analyses et éradication malwares

 Partager

Messages recommandés

kimy Member

kimy

Posté(e)
  • Auteur
Posté(e)

pour ton PC il se peut qu'il redemarre plus vite car lop se met dans les lignes 04(les programmes qui selancent au demarrage),refais un scan avec silent runners et poste le rapport s'il te plait

 

Une petite remarque surprenante Norton a réagi (plutôt tardivement) il y a quelques minutes en me disant que lopremover.exe est un adeware et qu'il faut le supprimer !

 

Voilà le nouveau rapport silent runner :P

 

"Silent Runners.vbs", revision 44, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by "{++}"

 

 

Startup items buried in registry:

---------------------------------

 

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"BackupNotify" = "c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe" [null data]

"Creative Detector" = "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R" ["Creative Technology Ltd"]

"NVIEW" = "rundll32.exe nview.dll,nViewLoadHook" [MS]

"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit" [MS]

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"ehTray" = "C:\WINDOWS\ehome\ehtray.exe" [MS]

"hpsysdrv" = "c:\windows\system\hpsysdrv.exe" ["Hewlett-Packard Company"]

"CamMonitor" = "c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe" [empty string]

"HPHUPD05" = "c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" ["Hewlett-Packard"]

"HPHmon05" = "C:\WINDOWS\System32\hphmon05.exe" ["Hewlett-Packard"]

"KBD" = "C:\HP\KBD\KBD.EXE" ["Hewlett-Packard Company"]

"StorageGuard" = ""C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r" ["Sonic Solutions"]

"Recguard" = "C:\WINDOWS\SMINST\RECGUARD.EXE" [empty string]

"HotKeysCmds" = "C:\WINDOWS\System32\hkcmd.exe" ["Intel Corporation"]

"PS2" = "C:\WINDOWS\system32\ps2.exe" ["Hewlett-Packard Company"]

"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]

"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]

"CTHelper" = "CTHELPER.EXE" ["Creative Technology Ltd"]

"Sunkist2k" = "C:\Program Files\Multimedia Card Reader\shwicon2k.exe" ["Alcor Micro, Corp."]

"CTSysVol" = "C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" ["Creative Technology Ltd"]

"CTDVDDet" = "C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE" ["Creative Technology Ltd"]

"UpdReg" = "C:\WINDOWS\UpdReg.EXE" ["Creative Technology Ltd."]

"MessagerStarter Wanadoo" = "C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo" ["France Telecom"]

"Microsoft Works Update Detection" = "C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe" ["Microsoft® Corporation"]

"MessengerPlus3" = ""C:\Program Files\Messenger Plus! 3\MsgPlus.exe"" ["Patchou"]

"iTunesHelper" = ""C:\Program Files\iTunes\iTunesHelper.exe"" ["Apple Computer, Inc."]

"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]

"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit" [MS]

"ccApp" = ""C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)

-> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"

\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]

{243B17DE-77C7-46BF-B94B-0B5F309A0E64}\(Default) = (no title provided)

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "c:\Program Files\Microsoft Money\System\mnyside.dll" [MS]

{9394EDE7-C8B5-483E-8773-474BF36AF6E4}\(Default) = (no title provided)

-> {HKLM...CLSID} = "ST"

\InProcServer32\(Default) = "C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll" [MS]

{9ECB9560-04F9-4bbc-943D-298DDF1699E1}\(Default) = "Norton Internet Security 2006"

-> {HKLM...CLSID} = "CNisExtBho Class"

\InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll" ["Symantec Corporation"]

{A8F38D8D-E480-4D52-B7A2-731BB6995FDD}\(Default) = "NAV Helper"

-> {HKLM...CLSID} = "CNavExtBho Class"

\InProcServer32\(Default) = "C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)

-> {HKLM...CLSID} = "Google Toolbar Helper"

\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]

{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\(Default) = (no title provided)

-> {HKLM...CLSID} = "MSNToolBandBHO"

\InProcServer32\(Default) = "C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll" [MS]

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"

-> {HKLM...CLSID} = "Extension Affichage Panorama du Panneau de configuration"

\InProcServer32\(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"

-> {HKLM...CLSID} = "HyperTerminal Icon Ext"

\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]

"{19CC43A1-6925-4B48-B292-830291F393A6}" = "HPNSView"

-> {HKLM...CLSID} = "My Kahuna"

\InProcServer32\(Default) = "c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdns_01.dll" [empty string]

"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]

"{7F67036B-66F1-411A-AD85-759FB9C5B0DB}" = "SampleView"

-> {HKLM...CLSID} = "SampleView"

\InProcServer32\(Default) = "C:\WINDOWS\System32\ShellvRTF.dll" ["XSS"]

"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Explorateur de Bureau"

-> {HKLM...CLSID} = "Explorateur de Bureau"

\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{B446400D-0030-457b-8F64-422A19605186}" = "Logitech Gallery"

-> {HKLM...CLSID} = "Logitech Gallery"

\InProcServer32\(Default) = "C:\Program Files\Logitech\ImageStudio\NameSpc.dll" ["Logitech Inc."]

"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"

-> {HKLM...CLSID} = "Portable Media Devices"

\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]

"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"

-> {HKLM...CLSID} = "Portable Media Devices Menu"

\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]

"{BF05BB6E-442C-428B-8025-82280B7BC26C}" = "Zen Micro Media Explorer"

-> {HKLM...CLSID} = "Zen Micro Media Explorer"

\InProcServer32\(Default) = "C:\Program Files\Creative\Creative Zen Micro\Zen Micro Media Explorer\CTJBNS2.dll" ["Creative Technology Ltd"]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"

-> {HKLM...CLSID} = "iTunes"

\InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Computer, Inc."]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"

-> {HKLM...CLSID} = "nView Desktop Context Menu"

\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]

"{e57ce731-33e8-4c51-8354-bb4de9d215d1}" = "Périphériques Plug and Play universels"

-> {HKLM...CLSID} = "Périphériques Plug and Play universels"

\InProcServer32\(Default) = "C:\WINDOWS\system32\upnpui.dll" [MS]

"{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"

-> {HKLM...CLSID} = "Shell Search Band"

\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\

INFECTION WARNING! "{54D9498B-CF93-414F-8984-8CE7FDE0D391}" = "ewido shell guard"

-> {HKLM...CLSID} = "CShellExecuteHookImpl Object"

\InProcServer32\(Default) = "C:\Program Files\ewido anti-malware\shellhook.dll" ["TODO: <Firmenname>"]

 

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\

INFECTION WARNING! igfxcui\DLLName = "igfxsrvc.dll" ["Intel Corporation"]

 

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\

{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"

-> {HKLM...CLSID} = "PDF Shell Extension"

\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

 

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\

Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}"

-> {HKLM...CLSID} = "IEContextMenu Class"

\InProcServer32\(Default) = "C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

 

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

 

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}"

-> {HKLM...CLSID} = "IEContextMenu Class"

\InProcServer32\(Default) = "C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

 

 

Active Desktop and Wallpaper:

-----------------------------

 

Active Desktop is enabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

 

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\

"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"

 

 

Enabled Screen Saver:

---------------------

 

HKCU\Control Panel\Desktop\

 

HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\0\

"SCRNSAVE.EXE" = "C:\WINDOWS\System32\ssstars.scr" [MS]

 

 

Startup items in "Administrateur" & "All Users" startup folders:

----------------------------------------------------------------

 

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage

"DSLMON" -> shortcut to: "C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe /W" [empty string]

"HP Digital Imaging Monitor" -> shortcut to: "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe" ["Hewlett-Packard Co."]

"Lancement rapide d'Adobe Reader" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]

"Logitech Desktop Messenger" -> shortcut to: "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe /start" ["Logitech"]

"Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l" [MS]

 

 

Enabled Scheduled Tasks:

------------------------

 

"A459A2E7914A222F" -> launches: "c:\docume~1\admini~1\applic~1\slowcl~1\soap eq stupid.exe" [file not found]

"Norton AntiVirus - Effectuer une analyse complète du système - Administrateur" -> launches: "C:\PROGRA~1\NORTON~3\NORTON~1\Navw32.exe /TASK:"C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Tasks\mycomp.sca"" ["Symantec Corporation"]

"Norton AntiVirus - Exécuter Norton QuickScan - Administrateur" -> launches: "C:\PROGRA~1\NORTON~3\NORTON~1\Navw32.exe /TASK:"C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Tasks\quick.sca"" ["Symantec Corporation"]

"Symantec NetDetect" -> launches: "C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE" ["Symantec Corporation"]

 

 

Winsock2 Service Provider DLLs:

-------------------------------

 

Namespace Service Providers

 

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

 

Transport Service Providers

 

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 20

%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

 

 

Toolbars, Explorer Bars, Extensions:

------------------------------------

 

Toolbars

 

HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\

"{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5}"

-> {HKLM...CLSID} = "Vue HP"

\InProcServer32\(Default) = "c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll" ["Hewlett-Packard Company"]

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"

-> {HKLM...CLSID} = "&Google"

\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]

 

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

"{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5}"

-> {HKLM...CLSID} = "Vue HP"

\InProcServer32\(Default) = "c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll" ["Hewlett-Packard Company"]

"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}"

-> {HKLM...CLSID} = "MSN"

\InProcServer32\(Default) = "C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll" [MS]

"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}"

-> {HKLM...CLSID} = "Norton Internet Security 2006"

\InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll" ["Symantec Corporation"]

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"

-> {HKLM...CLSID} = "&Google"

\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]

"{C4069E3A-68F1-403E-B40E-20066696354B}"

-> {HKLM...CLSID} = "Norton AntiVirus"

\InProcServer32\(Default) = "C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

 

HKLM\Software\Microsoft\Internet Explorer\Toolbar\

"{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5}" = (no title provided)

-> {HKLM...CLSID} = "Vue HP"

\InProcServer32\(Default) = "c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll" ["Hewlett-Packard Company"]

"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" = "0"

-> {HKLM...CLSID} = "MSN"

\InProcServer32\(Default) = "C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll" [MS]

"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" = "Norton Internet Security 2006"

-> {HKLM...CLSID} = "Norton Internet Security 2006"

\InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll" ["Symantec Corporation"]

"{C4069E3A-68F1-403E-B40E-20066696354B}" = "Norton AntiVirus"

-> {HKLM...CLSID} = "Norton AntiVirus"

\InProcServer32\(Default) = "C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)

-> {HKLM...CLSID} = "&Google"

\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]

 

Extensions (Tools menu items, main toolbar menu buttons)

 

HKLM\Software\Microsoft\Internet Explorer\Extensions\

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\

"MenuText" = "Console Java (Sun)"

"CLSIDExtension" = "{08B0E5C0-4FCB-11CF-AAA5-00401C608501}"

 

{653D93AF-C741-4E5E-8C1B-59BA43F93E16}\

"ButtonText" = "Panda ActiveScan"

"Exec" = "http://www.pandasoftware.com/activescan/fr/activescan_principal.htm" [file not found]

 

{E023F504-0C5A-4750-A1E7-A9046DEA8A21}\

"ButtonText" = "MoneySide"

"CLSIDExtension" = "{DD6687B5-CB43-4211-BFC9-2942CCBDCB3E}"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "c:\Program Files\Microsoft Money\System\mnyside.dll" [MS]

 

{FB5F1910-F110-11D2-BB9E-00C04F795683}\

"ButtonText" = "Messenger"

"MenuText" = "Windows Messenger"

"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]

 

 

Miscellaneous IE Hijack Points

------------------------------

 

HKLM\Software\Microsoft\Internet Explorer\Version = (invalid data)

The Internet Explorer version cannot be found!

 

C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")

The contents of IERESET.INF cannot be reliably checked!

 

Added lines (compared with English-language version):

[strings]: START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

[strings]: SAFESITE_VALUE="http://home.microsoft.com/intl/fr/"

[strings]: MS_START_PAGE_URL="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"

 

Missing lines (compared with English-language version):

[strings]: 3 lines

 

 

Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------

 

Creative Service for CDROM Access, Creative Service for CDROM Access, "C:\WINDOWS\System32\CTsvcCDA.EXE" ["Creative Technology Ltd"]

ewido security suite control, ewido security suite control, "C:\Program Files\ewido anti-malware\ewidoctrl.exe" ["ewido networks"]

iPod Service, iPodService, "C:\Program Files\iPod\bin\iPodService.exe" ["Apple Computer, Inc."]

Norton Protection Center Service, NSCService, ""C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE"" ["Symantec Corporation"]

NVIDIA Driver Helper Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]

Service de planification Media Center, ehSched, "C:\WINDOWS\ehome\ehSched.exe" [MS]

Service Norton AntiVirus Auto-Protect, navapsvc, ""C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe"" ["Symantec Corporation"]

Symantec Core LC, Symantec Core LC, ""C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe"" ["Symantec Corporation"]

Symantec Event Manager, ccEvtMgr, ""C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation"]

Symantec Network Drivers Service, SNDSrvc, ""C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe"" ["Symantec Corporation"]

Symantec Network Proxy, ccProxy, ""C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe"" ["Symantec Corporation"]

Symantec Settings Manager, ccSetMgr, ""C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe"" ["Symantec Corporation"]

Symantec SPBBCSvc, SPBBCSvc, ""C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe"" ["Symantec Corporation"]

Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]

WMDM PMSP Service, WMDM PMSP Service, "C:\WINDOWS\System32\MsPMSPSv.exe" [MS]

 

 

Print Monitors:

---------------

 

HKLM\System\CurrentControlSet\Control\Print\Monitors\

Microsoft Shared Fax Monitor\Driver = "FXSMON.DLL" [MS]

 

 

----------

+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

launch it from a command prompt or a shortcut with the -all parameter.

+ To search all directories of local fixed drives for DESKTOP.INI

DLL launch points and all Registry CLSIDs for dormant Explorer Bars,

use the -supp parameter or answer "No" at the first message box.

---------- (total run time: 39 seconds, including 5 seconds for message boxes)

bruce lee Devil Member !

bruce lee

Posté(e)
Posté(e)

as tu fais ce que j'ai marqué?

 

car dans le nouveau rapport lop est encore present recommence ce que j'avais marqué plus haut et si il y a un probleme n'hesite a le dire :P

 

@+

kimy Member

kimy

Posté(e)
  • Auteur
Posté(e)

as tu fais ce que j'ai marqué?

 

car dans le nouveau rapport lop est encore present recommence ce que j'avais marqué plus haut et si il y a un probleme n'hesite a le dire :P

 

@+

 

J'ai bien faitce que tu as marqué sans sauté aucune étape.

Je recommence pour voir et je te refait un rapport. :P

bruce lee Devil Member !

bruce lee

Posté(e)
Posté(e)
Quoique, si lop est encore là il faut peut-être que je désactive la restauration windows avant ?

 

tu veux parler de la restauration de systeme? si oui je te le deconseil fortement

kimy Member

kimy

Posté(e)
  • Auteur
Posté(e)

tu veux parler de la restauration de systeme? si oui je te le deconseil fortement

 

C'est bien ce que je voulais dire. Je ne l'ai pas désactivé donc. :P

Bon, j'ai refait la manip exactement selon tes instructions, tout comme la première fois;

Il n'y a plus de dossier qui commence par slowcl et voici le nouveau rapport silent runner

 

"Silent Runners.vbs", revision 44, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by "{++}"

 

 

Startup items buried in registry:

---------------------------------

 

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"BackupNotify" = "c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe" [null data]

"Creative Detector" = "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R" ["Creative Technology Ltd"]

"NVIEW" = "rundll32.exe nview.dll,nViewLoadHook" [MS]

"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit" [MS]

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"ehTray" = "C:\WINDOWS\ehome\ehtray.exe" [MS]

"hpsysdrv" = "c:\windows\system\hpsysdrv.exe" ["Hewlett-Packard Company"]

"CamMonitor" = "c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe" [empty string]

"HPHUPD05" = "c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" ["Hewlett-Packard"]

"HPHmon05" = "C:\WINDOWS\System32\hphmon05.exe" ["Hewlett-Packard"]

"KBD" = "C:\HP\KBD\KBD.EXE" ["Hewlett-Packard Company"]

"StorageGuard" = ""C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r" ["Sonic Solutions"]

"Recguard" = "C:\WINDOWS\SMINST\RECGUARD.EXE" [empty string]

"HotKeysCmds" = "C:\WINDOWS\System32\hkcmd.exe" ["Intel Corporation"]

"PS2" = "C:\WINDOWS\system32\ps2.exe" ["Hewlett-Packard Company"]

"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]

"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]

"CTHelper" = "CTHELPER.EXE" ["Creative Technology Ltd"]

"Sunkist2k" = "C:\Program Files\Multimedia Card Reader\shwicon2k.exe" ["Alcor Micro, Corp."]

"CTSysVol" = "C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" ["Creative Technology Ltd"]

"CTDVDDet" = "C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE" ["Creative Technology Ltd"]

"UpdReg" = "C:\WINDOWS\UpdReg.EXE" ["Creative Technology Ltd."]

"MessagerStarter Wanadoo" = "C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo" ["France Telecom"]

"Microsoft Works Update Detection" = "C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe" ["Microsoft® Corporation"]

"MessengerPlus3" = ""C:\Program Files\Messenger Plus! 3\MsgPlus.exe"" ["Patchou"]

"iTunesHelper" = ""C:\Program Files\iTunes\iTunesHelper.exe"" ["Apple Computer, Inc."]

"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]

"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit" [MS]

"ccApp" = ""C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)

-> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"

\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]

{243B17DE-77C7-46BF-B94B-0B5F309A0E64}\(Default) = (no title provided)

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "c:\Program Files\Microsoft Money\System\mnyside.dll" [MS]

{9394EDE7-C8B5-483E-8773-474BF36AF6E4}\(Default) = (no title provided)

-> {HKLM...CLSID} = "ST"

\InProcServer32\(Default) = "C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll" [MS]

{9ECB9560-04F9-4bbc-943D-298DDF1699E1}\(Default) = "Norton Internet Security 2006"

-> {HKLM...CLSID} = "CNisExtBho Class"

\InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll" ["Symantec Corporation"]

{A8F38D8D-E480-4D52-B7A2-731BB6995FDD}\(Default) = "NAV Helper"

-> {HKLM...CLSID} = "CNavExtBho Class"

\InProcServer32\(Default) = "C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)

-> {HKLM...CLSID} = "Google Toolbar Helper"

\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]

{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\(Default) = (no title provided)

-> {HKLM...CLSID} = "MSNToolBandBHO"

\InProcServer32\(Default) = "C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll" [MS]

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"

-> {HKLM...CLSID} = "Extension Affichage Panorama du Panneau de configuration"

\InProcServer32\(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"

-> {HKLM...CLSID} = "HyperTerminal Icon Ext"

\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]

"{19CC43A1-6925-4B48-B292-830291F393A6}" = "HPNSView"

-> {HKLM...CLSID} = "My Kahuna"

\InProcServer32\(Default) = "c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdns_01.dll" [empty string]

"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]

"{7F67036B-66F1-411A-AD85-759FB9C5B0DB}" = "SampleView"

-> {HKLM...CLSID} = "SampleView"

\InProcServer32\(Default) = "C:\WINDOWS\System32\ShellvRTF.dll" ["XSS"]

"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Explorateur de Bureau"

-> {HKLM...CLSID} = "Explorateur de Bureau"

\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{B446400D-0030-457b-8F64-422A19605186}" = "Logitech Gallery"

-> {HKLM...CLSID} = "Logitech Gallery"

\InProcServer32\(Default) = "C:\Program Files\Logitech\ImageStudio\NameSpc.dll" ["Logitech Inc."]

"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"

-> {HKLM...CLSID} = "Portable Media Devices"

\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]

"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"

-> {HKLM...CLSID} = "Portable Media Devices Menu"

\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]

"{BF05BB6E-442C-428B-8025-82280B7BC26C}" = "Zen Micro Media Explorer"

-> {HKLM...CLSID} = "Zen Micro Media Explorer"

\InProcServer32\(Default) = "C:\Program Files\Creative\Creative Zen Micro\Zen Micro Media Explorer\CTJBNS2.dll" ["Creative Technology Ltd"]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"

-> {HKLM...CLSID} = "iTunes"

\InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Computer, Inc."]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"

-> {HKLM...CLSID} = "nView Desktop Context Menu"

\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]

"{e57ce731-33e8-4c51-8354-bb4de9d215d1}" = "Périphériques Plug and Play universels"

-> {HKLM...CLSID} = "Périphériques Plug and Play universels"

\InProcServer32\(Default) = "C:\WINDOWS\system32\upnpui.dll" [MS]

"{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"

-> {HKLM...CLSID} = "Shell Search Band"

\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\

INFECTION WARNING! "{54D9498B-CF93-414F-8984-8CE7FDE0D391}" = "ewido shell guard"

-> {HKLM...CLSID} = "CShellExecuteHookImpl Object"

\InProcServer32\(Default) = "C:\Program Files\ewido anti-malware\shellhook.dll" ["TODO: <Firmenname>"]

 

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\

INFECTION WARNING! igfxcui\DLLName = "igfxsrvc.dll" ["Intel Corporation"]

 

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\

{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"

-> {HKLM...CLSID} = "PDF Shell Extension"

\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

 

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\

Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}"

-> {HKLM...CLSID} = "IEContextMenu Class"

\InProcServer32\(Default) = "C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

 

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

 

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}"

-> {HKLM...CLSID} = "IEContextMenu Class"

\InProcServer32\(Default) = "C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

 

 

Active Desktop and Wallpaper:

-----------------------------

 

Active Desktop is enabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

 

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\

"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"

 

 

Enabled Screen Saver:

---------------------

 

HKCU\Control Panel\Desktop\

 

HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\0\

"SCRNSAVE.EXE" = "C:\WINDOWS\System32\ssstars.scr" [MS]

 

 

Startup items in "Administrateur" & "All Users" startup folders:

----------------------------------------------------------------

 

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage

"DSLMON" -> shortcut to: "C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe /W" [empty string]

"HP Digital Imaging Monitor" -> shortcut to: "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe" ["Hewlett-Packard Co."]

"Lancement rapide d'Adobe Reader" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]

"Logitech Desktop Messenger" -> shortcut to: "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe /start" ["Logitech"]

"Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l" [MS]

 

 

Enabled Scheduled Tasks:

------------------------

 

"A459A2E7914A222F" -> launches: "c:\docume~1\admini~1\applic~1\slowcl~1\soap eq stupid.exe" [file not found]

"Norton AntiVirus - Effectuer une analyse complète du système - Administrateur" -> launches: "C:\PROGRA~1\NORTON~3\NORTON~1\Navw32.exe /TASK:"C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Tasks\mycomp.sca"" ["Symantec Corporation"]

"Norton AntiVirus - Exécuter Norton QuickScan - Administrateur" -> launches: "C:\PROGRA~1\NORTON~3\NORTON~1\Navw32.exe /TASK:"C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Tasks\quick.sca"" ["Symantec Corporation"]

"Symantec NetDetect" -> launches: "C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE" ["Symantec Corporation"]

 

 

Winsock2 Service Provider DLLs:

-------------------------------

 

Namespace Service Providers

 

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

 

Transport Service Providers

 

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 20

%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

 

 

Toolbars, Explorer Bars, Extensions:

------------------------------------

 

Toolbars

 

HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\

"{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5}"

-> {HKLM...CLSID} = "Vue HP"

\InProcServer32\(Default) = "c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll" ["Hewlett-Packard Company"]

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"

-> {HKLM...CLSID} = "&Google"

\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]

 

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

"{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5}"

-> {HKLM...CLSID} = "Vue HP"

\InProcServer32\(Default) = "c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll" ["Hewlett-Packard Company"]

"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}"

-> {HKLM...CLSID} = "MSN"

\InProcServer32\(Default) = "C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll" [MS]

"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}"

-> {HKLM...CLSID} = "Norton Internet Security 2006"

\InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll" ["Symantec Corporation"]

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"

-> {HKLM...CLSID} = "&Google"

\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]

"{C4069E3A-68F1-403E-B40E-20066696354B}"

-> {HKLM...CLSID} = "Norton AntiVirus"

\InProcServer32\(Default) = "C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

 

HKLM\Software\Microsoft\Internet Explorer\Toolbar\

"{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5}" = (no title provided)

-> {HKLM...CLSID} = "Vue HP"

\InProcServer32\(Default) = "c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll" ["Hewlett-Packard Company"]

"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" = "0"

-> {HKLM...CLSID} = "MSN"

\InProcServer32\(Default) = "C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll" [MS]

"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" = "Norton Internet Security 2006"

-> {HKLM...CLSID} = "Norton Internet Security 2006"

\InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll" ["Symantec Corporation"]

"{C4069E3A-68F1-403E-B40E-20066696354B}" = "Norton AntiVirus"

-> {HKLM...CLSID} = "Norton AntiVirus"

\InProcServer32\(Default) = "C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)

-> {HKLM...CLSID} = "&Google"

\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]

 

Extensions (Tools menu items, main toolbar menu buttons)

 

HKLM\Software\Microsoft\Internet Explorer\Extensions\

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\

"MenuText" = "Console Java (Sun)"

"CLSIDExtension" = "{08B0E5C0-4FCB-11CF-AAA5-00401C608501}"

 

{653D93AF-C741-4E5E-8C1B-59BA43F93E16}\

"ButtonText" = "Panda ActiveScan"

"Exec" = "http://www.pandasoftware.com/activescan/fr/activescan_principal.htm" [file not found]

 

{E023F504-0C5A-4750-A1E7-A9046DEA8A21}\

"ButtonText" = "MoneySide"

"CLSIDExtension" = "{DD6687B5-CB43-4211-BFC9-2942CCBDCB3E}"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "c:\Program Files\Microsoft Money\System\mnyside.dll" [MS]

 

{FB5F1910-F110-11D2-BB9E-00C04F795683}\

"ButtonText" = "Messenger"

"MenuText" = "Windows Messenger"

"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]

 

 

Miscellaneous IE Hijack Points

------------------------------

 

HKLM\Software\Microsoft\Internet Explorer\Version = (invalid data)

The Internet Explorer version cannot be found!

 

C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")

The contents of IERESET.INF cannot be reliably checked!

 

Added lines (compared with English-language version):

[strings]: START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

[strings]: SAFESITE_VALUE="http://home.microsoft.com/intl/fr/"

[strings]: MS_START_PAGE_URL="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"

 

Missing lines (compared with English-language version):

[strings]: 3 lines

 

 

Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------

 

Creative Service for CDROM Access, Creative Service for CDROM Access, "C:\WINDOWS\System32\CTsvcCDA.EXE" ["Creative Technology Ltd"]

ewido security suite control, ewido security suite control, "C:\Program Files\ewido anti-malware\ewidoctrl.exe" ["ewido networks"]

iPod Service, iPodService, "C:\Program Files\iPod\bin\iPodService.exe" ["Apple Computer, Inc."]

Norton Protection Center Service, NSCService, ""C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE"" ["Symantec Corporation"]

NVIDIA Driver Helper Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]

Service de planification Media Center, ehSched, "C:\WINDOWS\ehome\ehSched.exe" [MS]

Service Norton AntiVirus Auto-Protect, navapsvc, ""C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe"" ["Symantec Corporation"]

Symantec Core LC, Symantec Core LC, ""C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe"" ["Symantec Corporation"]

Symantec Event Manager, ccEvtMgr, ""C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation"]

Symantec Network Drivers Service, SNDSrvc, ""C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe"" ["Symantec Corporation"]

Symantec Network Proxy, ccProxy, ""C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe"" ["Symantec Corporation"]

Symantec Settings Manager, ccSetMgr, ""C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe"" ["Symantec Corporation"]

Symantec SPBBCSvc, SPBBCSvc, ""C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe"" ["Symantec Corporation"]

Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]

WMDM PMSP Service, WMDM PMSP Service, "C:\WINDOWS\System32\MsPMSPSv.exe" [MS]

 

 

Print Monitors:

---------------

 

HKLM\System\CurrentControlSet\Control\Print\Monitors\

Microsoft Shared Fax Monitor\Driver = "FXSMON.DLL" [MS]

 

 

----------

+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

launch it from a command prompt or a shortcut with the -all parameter.

+ To search all directories of local fixed drives for DESKTOP.INI

DLL launch points and all Registry CLSIDs for dormant Explorer Bars,

use the -supp parameter or answer "No" at the first message box.

---------- (total run time: 77 seconds, including 5 seconds for message boxes)

bruce lee Devil Member !

bruce lee

Posté(e)
Posté(e) (modifié)

re,

 

fais ceci:

 

demarrer/panneau de configuration/ajouts et suppressions de programmes et desinstalle spybot

 

redemarre ton PC et essaye de regler ta page demarrage si ca ne marche toujours pas reinstalle spybot.

 

@+

Modifié par bruce lee
kimy Member

kimy

Posté(e)
  • Auteur
Posté(e)

re,

 

fais ceci:

 

demarrer/panneau de configuration/ajouts et suppressions de programmes et desinstalle spybot

 

redemarre ton PC et essaye de regler ta page demarrage si ca ne marche toujours pas reinstalle spybot.

 

@+

 

J'ai désinstaller spybot et ça ne change rien.

Je ne l'ai pas encore réinstaller.

Je l'avais installé récement à cause des problèmes avec ce PC.

J'ai juste une petite question : je peux l'utiliser en permanence (en manuel ou en automatique) en même tant que norton 2006 sans risque de conflit ?

Même qustion pour ewido ?

 

a+ :P

Mark Godlike Member

Mark

Posté(e)
Posté(e)

Bonsoir kimy ;

 

C'est bien étrange tout ça, en effet. Allons voir dans les réglages d'Internet Explorer.

 

Ouvre un fichier du Bloc-Notes, puis copie/colle tout le texte contenu à l'intérieur de la boîte Code ci-bas (sans le mot Code) :

 

cd %systemdrive%\
If not exist lsafiles MkDir lsafiles
regedit /a /e lsafiles\1.txt HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
regedit /a /e lsafiles\2.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform"
regedit /a /e lsafiles\3.txt HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies
regedit /a /e lsafiles\4.txt HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies
regedit /a /e lsafiles\5.txt "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main"
regedit /e /a lsafiles\6.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main"
reg.exe query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer" >  lsafiles\7.txt
Copy lsafiles\*.txt = %systemdrive%\lsa.txt
rmdir /s /q lsafiles
Notepad %systemdrive%\lsa.txt
del /q %systemdrive%\lsa.txt

 

Clique sur le menu "Fichier" >> "Enregister sous.." ;

- Choisis le Bureau comme destination

- Dans la boîte Nom du fichier :, inscris inspect.bat

- Dans la boîte Type :, choisis "Tous les fichiers"

- Clique "Enregistrer"

 

Du Bureau, double-clique inspect.bat

Un fichier texte apparaîtra à l'écran (lsa.txt) : colle tout son contenu ici, dans ta prochaine réponse.

 

@+

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...