17 réponses
Utilisateur anonyme
29 août 2005 à 19:09
29 août 2005 à 19:09
Bonsoir,
tu peux effacer cette entrèe là:
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
et telecharge spybot si tu ne la pas gratuit et utile :
Spybot Search & Destroy
tu peux effacer cette entrèe là:
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
et telecharge spybot si tu ne la pas gratuit et utile :
Spybot Search & Destroy
Utilisateur anonyme
29 août 2005 à 19:12
29 août 2005 à 19:12
salut
ton probleme viens du sponsor de messenger plus!3, lop.com (trj swizzor).
il fallait cocher la case "je refuse, ne pas installer le programme sponsor" à l'installation de messenger plus.
telecharge lopxp.zip ici:
http://get.yourfile.net/oe73160.zip
dezippe le et lance le fichier lopxp.bat, il va generer un rapport, copie et colle le ici
et reposte un hijack fait en mode normal
a+
ton probleme viens du sponsor de messenger plus!3, lop.com (trj swizzor).
il fallait cocher la case "je refuse, ne pas installer le programme sponsor" à l'installation de messenger plus.
telecharge lopxp.zip ici:
http://get.yourfile.net/oe73160.zip
dezippe le et lance le fichier lopxp.bat, il va generer un rapport, copie et colle le ici
et reposte un hijack fait en mode normal
a+
bonsoir,
merci pour votre réponse, et votre aide.
voici donc les nouveaux rapports lopxp et hijackthis. entre temps la page de démarrage a encore changé!!!! et quelques lignes du rapport je pense....
pour lopxp
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 3827-4DC0
R‚pertoire de C:\Documents and Settings\All Users\Application Data
29/08/2005 20:19 <REP> GlueBowsRealThat
29/08/2005 20:13 <REP> Skype
29/08/2005 19:43 <REP> DIGStream
10/08/2005 19:11 <REP> DVD Shrink
02/08/2005 21:22 <REP> .
02/08/2005 21:22 <REP> ..
02/08/2005 21:22 <REP> Windows Genuine Advantage
02/08/2005 20:22 <REP> Microsoft
19/04/2005 20:02 <REP> Adobe
06/03/2005 16:20 363 hpzinstall.log
25/12/2004 10:04 <REP> Symantec
21/08/2004 22:39 <REP> Spybot - Search & Destroy
13/08/2004 19:33 <REP> QuickTime
25/07/2004 19:15 <REP> Apple Computer
28/06/2004 19:59 <REP> Ahead
28/06/2004 09:22 62 desktop.ini
2 fichier(s) 425 octets
14 R‚p(s) 62ÿ998ÿ454ÿ272 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 3827-4DC0
R‚pertoire de C:\Documents and Settings\Pascal ZARKA\Application Data
29/08/2005 20:19 <REP> ExitPlusIso
29/08/2005 20:19 <REP> 32Delete
26/08/2005 22:58 <REP> ..
26/08/2005 22:58 <REP> ArcSoft
26/08/2005 22:58 <REP> .
02/08/2005 20:22 <REP> Lavasoft
28/07/2005 20:17 <REP> Creative
28/07/2005 20:14 <REP> Microsoft
05/06/2005 10:27 <REP> AdobeUM
02/05/2005 08:32 <REP> Adobe
19/04/2005 20:00 1ÿ216 AdobeDLM.log
19/04/2005 20:00 0 dm.ini
13/03/2005 18:25 <REP> Yahoo! Messenger
19/02/2005 20:30 <REP> Ahead
13/02/2005 15:52 <REP> InterVideo
08/02/2005 22:56 <REP> Macromedia
08/02/2005 21:09 <REP> Skype
25/07/2004 19:15 <REP> Apple Computer
28/06/2004 11:15 <REP> Symantec
28/06/2004 10:38 <REP> Identities
28/06/2004 09:22 62 desktop.ini
3 fichier(s) 1ÿ278 octets
18 R‚p(s) 62ÿ998ÿ454ÿ272 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 3827-4DC0
R‚pertoire de C:\WINDOWS\Tasks
29/08/2005 20:20 356 HP Usg Daily.job
29/08/2005 19:13 6 SA.DAT
27/08/2005 21:35 378 Symantec NetDetect.job
26/08/2005 22:38 580 Norton AntiVirus - Analyser mon ordinateur - Pascal ZARKA.job
12/08/2005 20:42 <REP> ..
12/08/2005 20:42 <REP> .
28/08/2001 12:00 65 desktop.ini
5 fichier(s) 1ÿ385 octets
2 R‚p(s) 62ÿ998ÿ454ÿ272 octets libres
C:\Program Files\C2Media Présent !
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 3827-4DC0
R‚pertoire de C:\Documents and Settings\All Users\Application Data
29/08/2005 20:38 <REP> Skype
29/08/2005 20:19 <REP> GlueBowsRealThat
29/08/2005 19:43 <REP> DIGStream
10/08/2005 19:11 <REP> DVD Shrink
02/08/2005 21:22 <REP> .
02/08/2005 21:22 <REP> ..
02/08/2005 21:22 <REP> Windows Genuine Advantage
02/08/2005 20:22 <REP> Microsoft
19/04/2005 20:02 <REP> Adobe
06/03/2005 16:20 363 hpzinstall.log
25/12/2004 10:04 <REP> Symantec
21/08/2004 22:39 <REP> Spybot - Search & Destroy
13/08/2004 19:33 <REP> QuickTime
25/07/2004 19:15 <REP> Apple Computer
28/06/2004 19:59 <REP> Ahead
28/06/2004 09:22 62 desktop.ini
2 fichier(s) 425 octets
14 R‚p(s) 62ÿ997ÿ569ÿ536 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 3827-4DC0
R‚pertoire de C:\Documents and Settings\Pascal ZARKA\Application Data
29/08/2005 20:19 <REP> ExitPlusIso
29/08/2005 20:19 <REP> 32Delete
26/08/2005 22:58 <REP> ..
26/08/2005 22:58 <REP> ArcSoft
26/08/2005 22:58 <REP> .
02/08/2005 20:22 <REP> Lavasoft
28/07/2005 20:17 <REP> Creative
28/07/2005 20:14 <REP> Microsoft
05/06/2005 10:27 <REP> AdobeUM
02/05/2005 08:32 <REP> Adobe
19/04/2005 20:00 1ÿ216 AdobeDLM.log
19/04/2005 20:00 0 dm.ini
13/03/2005 18:25 <REP> Yahoo! Messenger
19/02/2005 20:30 <REP> Ahead
13/02/2005 15:52 <REP> InterVideo
08/02/2005 22:56 <REP> Macromedia
08/02/2005 21:09 <REP> Skype
25/07/2004 19:15 <REP> Apple Computer
28/06/2004 11:15 <REP> Symantec
28/06/2004 10:38 <REP> Identities
28/06/2004 09:22 62 desktop.ini
3 fichier(s) 1ÿ278 octets
18 R‚p(s) 62ÿ997ÿ565ÿ440 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 3827-4DC0
R‚pertoire de C:\WINDOWS\Tasks
29/08/2005 20:37 6 SA.DAT
29/08/2005 20:20 356 HP Usg Daily.job
27/08/2005 21:35 378 Symantec NetDetect.job
26/08/2005 22:38 580 Norton AntiVirus - Analyser mon ordinateur - Pascal ZARKA.job
12/08/2005 20:42 <REP> ..
12/08/2005 20:42 <REP> .
28/08/2001 12:00 65 desktop.ini
5 fichier(s) 1ÿ385 octets
2 R‚p(s) 62ÿ997ÿ565ÿ440 octets libres
C:\Program Files\C2Media Présent !
pour hijackthis
Logfile of HijackThis v1.99.1
Scan saved at 20:38:56, on 29/08/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\D-Link\DSL-200\dslstat.exe
C:\Program Files\D-Link\DSL-200\dslagent.exe
C:\Program Files\DIGStream\digstream.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Pascal ZARKA\Bureau\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.xailefjdazt.org/x_u1i02lgX86TQ3AlSDY8WJUgN1kze6Ci7EQ0YJCEC6rwGnH17NxrhisW8XRgsbs.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.veyfrfxrzn.com/x_u1i02lgX/VOWTl24MI27WCVqQR/KbFBhjB2m883N4.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_18_0.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {D6C657D0-D27E-4C3C-06A2-34AE36AAA093} - C:\DOCUME~1\PASCAL~1\APPLIC~1\EXITPL~1\file build.exe
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_18_0.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\D-Link\DSL-200\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\D-Link\DSL-200\dslagent.exe
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [Real That Barb Balm] C:\Documents and Settings\All Users\Application Data\GlueBowsRealThat\Flawfour.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [BikeObj] C:\DOCUME~1\PASCAL~1\APPLIC~1\32Delete\curbmemo.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Smart Wizard Wireless Settings.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmesfr.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmesfr.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
merci pour votre réponse, et votre aide.
voici donc les nouveaux rapports lopxp et hijackthis. entre temps la page de démarrage a encore changé!!!! et quelques lignes du rapport je pense....
pour lopxp
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 3827-4DC0
R‚pertoire de C:\Documents and Settings\All Users\Application Data
29/08/2005 20:19 <REP> GlueBowsRealThat
29/08/2005 20:13 <REP> Skype
29/08/2005 19:43 <REP> DIGStream
10/08/2005 19:11 <REP> DVD Shrink
02/08/2005 21:22 <REP> .
02/08/2005 21:22 <REP> ..
02/08/2005 21:22 <REP> Windows Genuine Advantage
02/08/2005 20:22 <REP> Microsoft
19/04/2005 20:02 <REP> Adobe
06/03/2005 16:20 363 hpzinstall.log
25/12/2004 10:04 <REP> Symantec
21/08/2004 22:39 <REP> Spybot - Search & Destroy
13/08/2004 19:33 <REP> QuickTime
25/07/2004 19:15 <REP> Apple Computer
28/06/2004 19:59 <REP> Ahead
28/06/2004 09:22 62 desktop.ini
2 fichier(s) 425 octets
14 R‚p(s) 62ÿ998ÿ454ÿ272 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 3827-4DC0
R‚pertoire de C:\Documents and Settings\Pascal ZARKA\Application Data
29/08/2005 20:19 <REP> ExitPlusIso
29/08/2005 20:19 <REP> 32Delete
26/08/2005 22:58 <REP> ..
26/08/2005 22:58 <REP> ArcSoft
26/08/2005 22:58 <REP> .
02/08/2005 20:22 <REP> Lavasoft
28/07/2005 20:17 <REP> Creative
28/07/2005 20:14 <REP> Microsoft
05/06/2005 10:27 <REP> AdobeUM
02/05/2005 08:32 <REP> Adobe
19/04/2005 20:00 1ÿ216 AdobeDLM.log
19/04/2005 20:00 0 dm.ini
13/03/2005 18:25 <REP> Yahoo! Messenger
19/02/2005 20:30 <REP> Ahead
13/02/2005 15:52 <REP> InterVideo
08/02/2005 22:56 <REP> Macromedia
08/02/2005 21:09 <REP> Skype
25/07/2004 19:15 <REP> Apple Computer
28/06/2004 11:15 <REP> Symantec
28/06/2004 10:38 <REP> Identities
28/06/2004 09:22 62 desktop.ini
3 fichier(s) 1ÿ278 octets
18 R‚p(s) 62ÿ998ÿ454ÿ272 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 3827-4DC0
R‚pertoire de C:\WINDOWS\Tasks
29/08/2005 20:20 356 HP Usg Daily.job
29/08/2005 19:13 6 SA.DAT
27/08/2005 21:35 378 Symantec NetDetect.job
26/08/2005 22:38 580 Norton AntiVirus - Analyser mon ordinateur - Pascal ZARKA.job
12/08/2005 20:42 <REP> ..
12/08/2005 20:42 <REP> .
28/08/2001 12:00 65 desktop.ini
5 fichier(s) 1ÿ385 octets
2 R‚p(s) 62ÿ998ÿ454ÿ272 octets libres
C:\Program Files\C2Media Présent !
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 3827-4DC0
R‚pertoire de C:\Documents and Settings\All Users\Application Data
29/08/2005 20:38 <REP> Skype
29/08/2005 20:19 <REP> GlueBowsRealThat
29/08/2005 19:43 <REP> DIGStream
10/08/2005 19:11 <REP> DVD Shrink
02/08/2005 21:22 <REP> .
02/08/2005 21:22 <REP> ..
02/08/2005 21:22 <REP> Windows Genuine Advantage
02/08/2005 20:22 <REP> Microsoft
19/04/2005 20:02 <REP> Adobe
06/03/2005 16:20 363 hpzinstall.log
25/12/2004 10:04 <REP> Symantec
21/08/2004 22:39 <REP> Spybot - Search & Destroy
13/08/2004 19:33 <REP> QuickTime
25/07/2004 19:15 <REP> Apple Computer
28/06/2004 19:59 <REP> Ahead
28/06/2004 09:22 62 desktop.ini
2 fichier(s) 425 octets
14 R‚p(s) 62ÿ997ÿ569ÿ536 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 3827-4DC0
R‚pertoire de C:\Documents and Settings\Pascal ZARKA\Application Data
29/08/2005 20:19 <REP> ExitPlusIso
29/08/2005 20:19 <REP> 32Delete
26/08/2005 22:58 <REP> ..
26/08/2005 22:58 <REP> ArcSoft
26/08/2005 22:58 <REP> .
02/08/2005 20:22 <REP> Lavasoft
28/07/2005 20:17 <REP> Creative
28/07/2005 20:14 <REP> Microsoft
05/06/2005 10:27 <REP> AdobeUM
02/05/2005 08:32 <REP> Adobe
19/04/2005 20:00 1ÿ216 AdobeDLM.log
19/04/2005 20:00 0 dm.ini
13/03/2005 18:25 <REP> Yahoo! Messenger
19/02/2005 20:30 <REP> Ahead
13/02/2005 15:52 <REP> InterVideo
08/02/2005 22:56 <REP> Macromedia
08/02/2005 21:09 <REP> Skype
25/07/2004 19:15 <REP> Apple Computer
28/06/2004 11:15 <REP> Symantec
28/06/2004 10:38 <REP> Identities
28/06/2004 09:22 62 desktop.ini
3 fichier(s) 1ÿ278 octets
18 R‚p(s) 62ÿ997ÿ565ÿ440 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 3827-4DC0
R‚pertoire de C:\WINDOWS\Tasks
29/08/2005 20:37 6 SA.DAT
29/08/2005 20:20 356 HP Usg Daily.job
27/08/2005 21:35 378 Symantec NetDetect.job
26/08/2005 22:38 580 Norton AntiVirus - Analyser mon ordinateur - Pascal ZARKA.job
12/08/2005 20:42 <REP> ..
12/08/2005 20:42 <REP> .
28/08/2001 12:00 65 desktop.ini
5 fichier(s) 1ÿ385 octets
2 R‚p(s) 62ÿ997ÿ565ÿ440 octets libres
C:\Program Files\C2Media Présent !
pour hijackthis
Logfile of HijackThis v1.99.1
Scan saved at 20:38:56, on 29/08/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\D-Link\DSL-200\dslstat.exe
C:\Program Files\D-Link\DSL-200\dslagent.exe
C:\Program Files\DIGStream\digstream.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Pascal ZARKA\Bureau\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.xailefjdazt.org/x_u1i02lgX86TQ3AlSDY8WJUgN1kze6Ci7EQ0YJCEC6rwGnH17NxrhisW8XRgsbs.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.veyfrfxrzn.com/x_u1i02lgX/VOWTl24MI27WCVqQR/KbFBhjB2m883N4.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_18_0.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {D6C657D0-D27E-4C3C-06A2-34AE36AAA093} - C:\DOCUME~1\PASCAL~1\APPLIC~1\EXITPL~1\file build.exe
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_18_0.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\D-Link\DSL-200\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\D-Link\DSL-200\dslagent.exe
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [Real That Barb Balm] C:\Documents and Settings\All Users\Application Data\GlueBowsRealThat\Flawfour.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [BikeObj] C:\DOCUME~1\PASCAL~1\APPLIC~1\32Delete\curbmemo.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Smart Wizard Wireless Settings.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmesfr.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmesfr.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
Utilisateur anonyme
29 août 2005 à 23:08
29 août 2005 à 23:08
salut pascal
Imprime, ou enregistre la manip dans le bloc note pour etre sur ne rien oublier et de tout faire dans l'ordre
Déconnecte toi d'internet:
Ferme tout les programmes en cours
Vide le cache de tous tes navigateurs et supprime les cookies:
Pour Internet Explorer:
* Panneau de configuration >> Options internet >> Onglet "Général"
- Clic sur [supprimer les cookies]
- Clic sur [Supprimer les fichiers] et coche la case "Supprimer tout le contenu hors connexion"
Valide avec ok
Pour Firefox:
menu 'Outils' > Options
icône 'Vie privée'
rubrique Cache, appuyer sur le bouton "Vider le cache"
rubrique Cookies appuyer sur le bouton "Effacer"
valide ok
Pour Mozilla
Edition > Préférences > Avancé > Cache
clic sur "Vider le cache"
et pour les cookies:
Outils > Gestionnaire de cookies > Gérer les cookies stockés
clic sur "Supprimer les cookies"
valider ok
-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_
Redémarre en mode sans échec
Redemarre le pc, laisse passer l'écran du bios, puis tapote sur la touche F8 avant qu'apparaisse l'écran de chargement de windows.
Choisis le mode sans échec dans les options et valide avec entrée.
Rend visible les fichiers cachés et systeme
panneau de configuration > options des dossiers > onglet affichage
Cocher la case devant " afficher les fichiers et dossiers cachés "
Décocher la case devant " masquer les extentions des fichiers dont le type est connu"
Décocher la case devant " masquer les fichiers protégés du système"
clic sur [Appliquer] puis sur [ok] pour valider
-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_
Lance hijackthis et clic sur [do a system scan only]
cocher la case au début des lignes suivantes:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.xailefjdazt.org/x_u1i02lgX86TQ3AlSDY8WJUgN1kze6Ci7EQ0YJCEC6rwGnH17NxrhisW8XRgsbs.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.veyfrfxrzn.com/x_u1i02lgX/VOWTl24MI27WCVqQR/KbFBhjB2m883N4.html
O2 - BHO: (no name) - {D6C657D0-D27E-4C3C-06A2-34AE36AAA093} - C:\DOCUME~1\PASCAL~1\APPLIC~1\EXITPL~1\file build.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKLM\..\Run: [Real That Barb Balm] C:\Documents and Settings\All Users\Application Data\GlueBowsRealThat\Flawfour.exe
O4 - HKCU\..\Run: [BikeObj] C:\DOCUME~1\PASCAL~1\APPLIC~1\32Delete\curbmemo.exe
valider en cliquant sur [fix checked]
-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_
Recherche et supprime:
C:\Documents and Settings\All Users\Application Data\GlueBowsRealThat <-le dossier
C:\Documents and Settings\Pascal ZARKA\Application Data\ExitPlusIso <-le dossier
C:\Documents and Settings\Pascal ZARKA\Application Data\32Delete <-le dossier
C:\Program Files\C2Media <-le dossier
-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_
Ensuite, tres important:
:: Supprimer les fichiers temporaires ::
vider tout le contenu des dossiers Temp:
* C:\Documents and Settings\Pascal ZARKA\Local Settings\Temp
* C:\Windows\Temp
-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_
Redemarre normalement et reposte un log hijack pour vérifier l'évolution
a+
Imprime, ou enregistre la manip dans le bloc note pour etre sur ne rien oublier et de tout faire dans l'ordre
Déconnecte toi d'internet:
Ferme tout les programmes en cours
Vide le cache de tous tes navigateurs et supprime les cookies:
Pour Internet Explorer:
* Panneau de configuration >> Options internet >> Onglet "Général"
- Clic sur [supprimer les cookies]
- Clic sur [Supprimer les fichiers] et coche la case "Supprimer tout le contenu hors connexion"
Valide avec ok
Pour Firefox:
menu 'Outils' > Options
icône 'Vie privée'
rubrique Cache, appuyer sur le bouton "Vider le cache"
rubrique Cookies appuyer sur le bouton "Effacer"
valide ok
Pour Mozilla
Edition > Préférences > Avancé > Cache
clic sur "Vider le cache"
et pour les cookies:
Outils > Gestionnaire de cookies > Gérer les cookies stockés
clic sur "Supprimer les cookies"
valider ok
-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_
Redémarre en mode sans échec
Redemarre le pc, laisse passer l'écran du bios, puis tapote sur la touche F8 avant qu'apparaisse l'écran de chargement de windows.
Choisis le mode sans échec dans les options et valide avec entrée.
Rend visible les fichiers cachés et systeme
panneau de configuration > options des dossiers > onglet affichage
Cocher la case devant " afficher les fichiers et dossiers cachés "
Décocher la case devant " masquer les extentions des fichiers dont le type est connu"
Décocher la case devant " masquer les fichiers protégés du système"
clic sur [Appliquer] puis sur [ok] pour valider
-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_
Lance hijackthis et clic sur [do a system scan only]
cocher la case au début des lignes suivantes:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.xailefjdazt.org/x_u1i02lgX86TQ3AlSDY8WJUgN1kze6Ci7EQ0YJCEC6rwGnH17NxrhisW8XRgsbs.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.veyfrfxrzn.com/x_u1i02lgX/VOWTl24MI27WCVqQR/KbFBhjB2m883N4.html
O2 - BHO: (no name) - {D6C657D0-D27E-4C3C-06A2-34AE36AAA093} - C:\DOCUME~1\PASCAL~1\APPLIC~1\EXITPL~1\file build.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKLM\..\Run: [Real That Barb Balm] C:\Documents and Settings\All Users\Application Data\GlueBowsRealThat\Flawfour.exe
O4 - HKCU\..\Run: [BikeObj] C:\DOCUME~1\PASCAL~1\APPLIC~1\32Delete\curbmemo.exe
valider en cliquant sur [fix checked]
-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_
Recherche et supprime:
C:\Documents and Settings\All Users\Application Data\GlueBowsRealThat <-le dossier
C:\Documents and Settings\Pascal ZARKA\Application Data\ExitPlusIso <-le dossier
C:\Documents and Settings\Pascal ZARKA\Application Data\32Delete <-le dossier
C:\Program Files\C2Media <-le dossier
-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_
Ensuite, tres important:
:: Supprimer les fichiers temporaires ::
vider tout le contenu des dossiers Temp:
* C:\Documents and Settings\Pascal ZARKA\Local Settings\Temp
* C:\Windows\Temp
-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_
Redemarre normalement et reposte un log hijack pour vérifier l'évolution
a+
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
salut à toi moe31,
merci pour cette analyse,
je suis au boulot, je fais toutes ces manips dès que je rentre chez moi et que je suis devant mon PC, je te tiens au courant.
Bonne journée
merci pour cette analyse,
je suis au boulot, je fais toutes ces manips dès que je rentre chez moi et que je suis devant mon PC, je te tiens au courant.
Bonne journée
salut, voici le nouveau log après les manips que tu as dis de faire.
Logfile of HijackThis v1.99.1
Scan saved at 13:23:44, on 30/08/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\D-Link\DSL-200\dslstat.exe
C:\Program Files\D-Link\DSL-200\dslagent.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\DIGStream\digstream.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\Program Files\dvd43\dvd43_tray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Pascal ZARKA\Bureau\HijackThis.exe
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_18_0.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_18_0.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\D-Link\DSL-200\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\D-Link\DSL-200\dslagent.exe
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Smart Wizard Wireless Settings.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmesfr.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmesfr.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
merci
pascal
Logfile of HijackThis v1.99.1
Scan saved at 13:23:44, on 30/08/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\D-Link\DSL-200\dslstat.exe
C:\Program Files\D-Link\DSL-200\dslagent.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\DIGStream\digstream.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\Program Files\dvd43\dvd43_tray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Pascal ZARKA\Bureau\HijackThis.exe
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_18_0.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_18_0.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\D-Link\DSL-200\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\D-Link\DSL-200\dslagent.exe
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Smart Wizard Wireless Settings.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmesfr.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmesfr.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
merci
pascal
Utilisateur anonyme
30 août 2005 à 18:10
30 août 2005 à 18:10
salut
pour moi c'est ok, est de ton coté, toujour des soucis ?
a+
pour moi c'est ok, est de ton coté, toujour des soucis ?
a+
salut moe31,
en fait, les premiers constats sont les suivants :
favories de IE bien nettoyé, mais reste encore une ligne ne faisant pas partie de mes favs intitulée "links". et impossible de la supprimer. Ensuite, j'ai relancé un ad aware (il a trouvé des trucs et les a supprimé) et un spybot. la il a trouvé un truc qui se nomme LSA. il a pas reussi a le virer et a demandé de redamarrer pour scanner au demarrage, il a fait cela mais sans succés.
tu as une idée de ce que cela peut être?
Merci encore,
pascal
en fait, les premiers constats sont les suivants :
favories de IE bien nettoyé, mais reste encore une ligne ne faisant pas partie de mes favs intitulée "links". et impossible de la supprimer. Ensuite, j'ai relancé un ad aware (il a trouvé des trucs et les a supprimé) et un spybot. la il a trouvé un truc qui se nomme LSA. il a pas reussi a le virer et a demandé de redamarrer pour scanner au demarrage, il a fait cela mais sans succés.
tu as une idée de ce que cela peut être?
Merci encore,
pascal
Utilisateur anonyme
30 août 2005 à 22:39
30 août 2005 à 22:39
salut
pour lsa, tu utilise quelle version de spybot ?
la 1.3 ou 1.4 ?
il me semble avoir lu sur un post que la version 1.3 avait du mal pour lsa, mais resolu pour la version 1.4
Pour le dossier links, telecharge silentrunners ici:
http://www.silentrunners.org/Silent%20Runners.vbs
lance le, quand norton te le demandera, autorise le script et poste le rapport
dsl, mais je peux pas rester plus pour ce soir, la suite demain
a+
pour lsa, tu utilise quelle version de spybot ?
la 1.3 ou 1.4 ?
il me semble avoir lu sur un post que la version 1.3 avait du mal pour lsa, mais resolu pour la version 1.4
Pour le dossier links, telecharge silentrunners ici:
http://www.silentrunners.org/Silent%20Runners.vbs
lance le, quand norton te le demandera, autorise le script et poste le rapport
dsl, mais je peux pas rester plus pour ce soir, la suite demain
a+
pascal9999
Messages postés
15
Date d'inscription
lundi 29 août 2005
Statut
Membre
Dernière intervention
14 avril 2006
4
31 août 2005 à 13:01
31 août 2005 à 13:01
up. pour moe31
j'ai posté le rapport de silentrunners
pascal
j'ai posté le rapport de silentrunners
pascal
bonsoir,
voici le rapport de Silentrunners
"Silent Runners.vbs", revision 40.1, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]
"Yahoo! Pager" = "C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet" ["Yahoo! Inc."]
"Skype" = ""C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"SoundMAXPnP" = "C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" ["Analog Devices, Inc."]
"SoundMAX" = ""C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray" ["Analog Devices, Inc."]
"ASUS Probe" = "C:\Program Files\ASUS\Probe\AsusProb.exe" [null data]
"zBrowser Launcher" = "C:\Program Files\Logitech\iTouch\iTouch.exe" ["Logitech Inc."]
"Logitech Utility" = "Logi_MwX.Exe" ["Logitech Inc."]
"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"InCD" = "C:\Program Files\Ahead\InCD\InCD.exe" ["Ahead Software AG"]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]
"ccApp" = ""C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]
"Advanced Tools Check" = "C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE" ["Symantec Corporation"]
"Symantec NetDriver Monitor" = "C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer" ["Symantec Corporation"]
"DSLSTATEXE" = "C:\Program Files\D-Link\DSL-200\dslstat.exe icon" ["GlobespanVirata, Inc."]
"DSLAGENTEXE" = "C:\Program Files\D-Link\DSL-200\dslagent.exe" [null data]
"DIGStream" = "C:\Program Files\DIGStream\digstream.exe" ["Walt Disney Internet Group"]
"HPDJ Taskbar Utility" = "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" ["HP"]
"HPHUPD05" = "C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe" ["Hewlett-Packard"]
"HP Component Manager" = ""C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"" ["Hewlett-Packard Company"]
"HP Software Update" = ""C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"" ["Hewlett-Packard"]
"HPHmon05" = "C:\WINDOWS\system32\hphmon05.exe" ["Hewlett-Packard"]
"iTunesHelper" = ""C:\Program Files\iTunes\iTunesHelper.exe"" ["Apple Computer, Inc."]
"Creative WebCam Tray" = "C:\Program Files\Creative\Shared Files\CAMTRAY.EXE" ["Creative Technology Ltd"]
"dvd43" = "C:\Program Files\dvd43\dvd43_tray.exe" ["Captain Red"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{02478D38-C3F9-4efb-9B51-7695ECA05670}\(Default) = "Yahoo! Companion BHO" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_18_0.dll" ["Yahoo! Inc."]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Spybot\SDHelper.dll" ["Safer Networking Limited"]
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\(Default) = "MSNToolBandBHO" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll" [MS]
{BDF3E430-B101-42AD-A544-FADC6B084872}\(Default) = "CNavExtBho Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"
-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{950FF917-7A57-46BC-8017-59D9BF474000}" = "Shell Extension for CDRW"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Ahead\InCD\incdshx.dll" ["Ahead Software, Karlsbad, Germany"]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{5464D816-CF16-4784-B9F3-75C0DB52B499}" = "Yahoo! Mail"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\Common\ymmapi20040613.dll" ["Yahoo! Inc."]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Computer, Inc."]
HKLM\Software\Classes\PROTOCOLS\Filter\
INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
Yahoo! Mail\(Default) = "{5464D816-CF16-4784-B9F3-75C0DB52B499}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\Common\ymmapi20040613.dll" ["Yahoo! Inc."]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
Active Desktop and Wallpaper:
-----------------------------
Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Pascal ZARKA\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"
Startup items in "Pascal ZARKA" & "All Users" startup folders:
--------------------------------------------------------------
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
"InterVideo WinCinema Manager" -> shortcut to: "C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe" [empty string]
"Lancement rapide d'Adobe Reader" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]
"Logitech Desktop Messenger" -> shortcut to: "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe /start" ["Logitech"]
"Smart Wizard Wireless Settings" -> shortcut to: "C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe" [empty string]
Enabled Scheduled Tasks:
------------------------
"HP Usg Daily" -> launches: "C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\pexpress\hphped05.exe" [empty string]
"Norton AntiVirus - Analyser mon ordinateur - Pascal ZARKA" -> launches: "C:\PROGRA~1\NORTON~1\Navw32.exe /task:"C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Tasks\mycomp.sca"" ["Symantec Corporation"]
"Symantec NetDetect" -> launches: "C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE" ["Symantec Corporation"]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 21
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" = "MSN" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll" [MS]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = "&Yahoo! Companion" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_18_0.dll" ["Yahoo! Inc."]
HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" = "0"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll" [MS]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = "&Yahoo! Companion" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_18_0.dll" ["Yahoo! Inc."]
Explorer Bars
HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\
{4528BBE0-4E08-11D5-AD55-00010333D0AD}\ = "&Yahoo! Messenger" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Messenger\yhexbmesfr.dll" ["Yahoo! Inc."]
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
{4528BBE0-4E08-11D5-AD55-00010333D0AD}\ = "&Yahoo! Messenger" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Messenger\yhexbmesfr.dll" ["Yahoo! Inc."]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{4528BBE0-4E08-11D5-AD55-00010333D0AD}\
"ButtonText" = "Messenger"
"MenuText" = "Yahoo! Messenger"
"CLSIDExtension" = "{4C171D40-8277-11D5-AD55-00010333D0AD}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Messenger\yhexbmesfr.dll" ["Yahoo! Inc."]
{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Recherche"
{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]
Miscellaneous IE Hijack Points
------------------------------
C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")
Added lines (compared with English-language version):
[Strings]: SAFESITE_VALUE="http://home.microsoft.com/intl/fr/"
Missing lines (compared with English-language version):
[Strings]: 1 line
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
HTTP SSL, HTTPFilter, "C:\WINDOWS\System32\svchost.exe -k HTTPFilter" {"C:\WINDOWS\System32\w3ssl.dll" [MS]}
InCD Helper, InCDsrv, "C:\Program Files\Ahead\InCD\InCDsrv.exe" ["AHEAD Software"]
iPod Service, iPodService, ""C:\Program Files\iPod\bin\iPodService.exe"" ["Apple Computer, Inc."]
Machine Debug Manager, MDM, ""C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE"" [MS]
Norton AntiVirus Firewall Monitor Service, NPFMntor, ""C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe"" ["Symantec Corporation"]
Norton Unerase Protection, NProtectService, "C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE" ["Symantec Corporation"]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]
Pml Driver HPZ12, Pml Driver HPZ12, "C:\WINDOWS\system32\HPZipm12.exe" ["HP"]
Service Norton AntiVirus Auto-Protect, navapsvc, ""C:\Program Files\Norton AntiVirus\navapsvc.exe"" ["Symantec Corporation"]
SoundMAX Agent Service, SoundMAX Agent Service (default), "C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe" ["Analog Devices, Inc."]
Symantec Core LC, Symantec Core LC, "C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe" ["Symantec Corporation"]
Symantec Event Manager, ccEvtMgr, ""C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation"]
Symantec Network Drivers Service, SNDSrvc, ""C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe"" ["Symantec Corporation"]
Symantec Settings Manager, ccSetMgr, ""C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe"" ["Symantec Corporation"]
Symantec SPBBCSvc, SPBBCSvc, ""C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe"" ["Symantec Corporation"]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]
----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the -supp parameter or answer "No" at the first message box.
---------- (total run time: 52 seconds, including 18 seconds for message boxes)
je sais que je le dis a chaque fois, mais merci encore pour le temps passé sur mon "dossier".
pascal
voici le rapport de Silentrunners
"Silent Runners.vbs", revision 40.1, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]
"Yahoo! Pager" = "C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet" ["Yahoo! Inc."]
"Skype" = ""C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"SoundMAXPnP" = "C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" ["Analog Devices, Inc."]
"SoundMAX" = ""C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray" ["Analog Devices, Inc."]
"ASUS Probe" = "C:\Program Files\ASUS\Probe\AsusProb.exe" [null data]
"zBrowser Launcher" = "C:\Program Files\Logitech\iTouch\iTouch.exe" ["Logitech Inc."]
"Logitech Utility" = "Logi_MwX.Exe" ["Logitech Inc."]
"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"InCD" = "C:\Program Files\Ahead\InCD\InCD.exe" ["Ahead Software AG"]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]
"ccApp" = ""C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]
"Advanced Tools Check" = "C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE" ["Symantec Corporation"]
"Symantec NetDriver Monitor" = "C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer" ["Symantec Corporation"]
"DSLSTATEXE" = "C:\Program Files\D-Link\DSL-200\dslstat.exe icon" ["GlobespanVirata, Inc."]
"DSLAGENTEXE" = "C:\Program Files\D-Link\DSL-200\dslagent.exe" [null data]
"DIGStream" = "C:\Program Files\DIGStream\digstream.exe" ["Walt Disney Internet Group"]
"HPDJ Taskbar Utility" = "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" ["HP"]
"HPHUPD05" = "C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe" ["Hewlett-Packard"]
"HP Component Manager" = ""C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"" ["Hewlett-Packard Company"]
"HP Software Update" = ""C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"" ["Hewlett-Packard"]
"HPHmon05" = "C:\WINDOWS\system32\hphmon05.exe" ["Hewlett-Packard"]
"iTunesHelper" = ""C:\Program Files\iTunes\iTunesHelper.exe"" ["Apple Computer, Inc."]
"Creative WebCam Tray" = "C:\Program Files\Creative\Shared Files\CAMTRAY.EXE" ["Creative Technology Ltd"]
"dvd43" = "C:\Program Files\dvd43\dvd43_tray.exe" ["Captain Red"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{02478D38-C3F9-4efb-9B51-7695ECA05670}\(Default) = "Yahoo! Companion BHO" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_18_0.dll" ["Yahoo! Inc."]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Spybot\SDHelper.dll" ["Safer Networking Limited"]
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\(Default) = "MSNToolBandBHO" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll" [MS]
{BDF3E430-B101-42AD-A544-FADC6B084872}\(Default) = "CNavExtBho Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"
-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{950FF917-7A57-46BC-8017-59D9BF474000}" = "Shell Extension for CDRW"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Ahead\InCD\incdshx.dll" ["Ahead Software, Karlsbad, Germany"]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{5464D816-CF16-4784-B9F3-75C0DB52B499}" = "Yahoo! Mail"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\Common\ymmapi20040613.dll" ["Yahoo! Inc."]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Computer, Inc."]
HKLM\Software\Classes\PROTOCOLS\Filter\
INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
Yahoo! Mail\(Default) = "{5464D816-CF16-4784-B9F3-75C0DB52B499}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\Common\ymmapi20040613.dll" ["Yahoo! Inc."]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
Active Desktop and Wallpaper:
-----------------------------
Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Pascal ZARKA\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"
Startup items in "Pascal ZARKA" & "All Users" startup folders:
--------------------------------------------------------------
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
"InterVideo WinCinema Manager" -> shortcut to: "C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe" [empty string]
"Lancement rapide d'Adobe Reader" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]
"Logitech Desktop Messenger" -> shortcut to: "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe /start" ["Logitech"]
"Smart Wizard Wireless Settings" -> shortcut to: "C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe" [empty string]
Enabled Scheduled Tasks:
------------------------
"HP Usg Daily" -> launches: "C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\pexpress\hphped05.exe" [empty string]
"Norton AntiVirus - Analyser mon ordinateur - Pascal ZARKA" -> launches: "C:\PROGRA~1\NORTON~1\Navw32.exe /task:"C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Tasks\mycomp.sca"" ["Symantec Corporation"]
"Symantec NetDetect" -> launches: "C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE" ["Symantec Corporation"]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 21
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" = "MSN" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll" [MS]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = "&Yahoo! Companion" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_18_0.dll" ["Yahoo! Inc."]
HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" = "0"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll" [MS]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = "&Yahoo! Companion" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_18_0.dll" ["Yahoo! Inc."]
Explorer Bars
HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\
{4528BBE0-4E08-11D5-AD55-00010333D0AD}\ = "&Yahoo! Messenger" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Messenger\yhexbmesfr.dll" ["Yahoo! Inc."]
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
{4528BBE0-4E08-11D5-AD55-00010333D0AD}\ = "&Yahoo! Messenger" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Messenger\yhexbmesfr.dll" ["Yahoo! Inc."]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{4528BBE0-4E08-11D5-AD55-00010333D0AD}\
"ButtonText" = "Messenger"
"MenuText" = "Yahoo! Messenger"
"CLSIDExtension" = "{4C171D40-8277-11D5-AD55-00010333D0AD}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Messenger\yhexbmesfr.dll" ["Yahoo! Inc."]
{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Recherche"
{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]
Miscellaneous IE Hijack Points
------------------------------
C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")
Added lines (compared with English-language version):
[Strings]: SAFESITE_VALUE="http://home.microsoft.com/intl/fr/"
Missing lines (compared with English-language version):
[Strings]: 1 line
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
HTTP SSL, HTTPFilter, "C:\WINDOWS\System32\svchost.exe -k HTTPFilter" {"C:\WINDOWS\System32\w3ssl.dll" [MS]}
InCD Helper, InCDsrv, "C:\Program Files\Ahead\InCD\InCDsrv.exe" ["AHEAD Software"]
iPod Service, iPodService, ""C:\Program Files\iPod\bin\iPodService.exe"" ["Apple Computer, Inc."]
Machine Debug Manager, MDM, ""C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE"" [MS]
Norton AntiVirus Firewall Monitor Service, NPFMntor, ""C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe"" ["Symantec Corporation"]
Norton Unerase Protection, NProtectService, "C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE" ["Symantec Corporation"]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]
Pml Driver HPZ12, Pml Driver HPZ12, "C:\WINDOWS\system32\HPZipm12.exe" ["HP"]
Service Norton AntiVirus Auto-Protect, navapsvc, ""C:\Program Files\Norton AntiVirus\navapsvc.exe"" ["Symantec Corporation"]
SoundMAX Agent Service, SoundMAX Agent Service (default), "C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe" ["Analog Devices, Inc."]
Symantec Core LC, Symantec Core LC, "C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe" ["Symantec Corporation"]
Symantec Event Manager, ccEvtMgr, ""C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation"]
Symantec Network Drivers Service, SNDSrvc, ""C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe"" ["Symantec Corporation"]
Symantec Settings Manager, ccSetMgr, ""C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe"" ["Symantec Corporation"]
Symantec SPBBCSvc, SPBBCSvc, ""C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe"" ["Symantec Corporation"]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]
----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the -supp parameter or answer "No" at the first message box.
---------- (total run time: 52 seconds, including 18 seconds for message boxes)
je sais que je le dis a chaque fois, mais merci encore pour le temps passé sur mon "dossier".
pascal
Utilisateur anonyme
31 août 2005 à 17:37
31 août 2005 à 17:37
salut pascal
bon, rien de suspect dans silentrunners, il se trouve ou exactement le dossier link ?
dans les favoris ?
fais ceci pour voir :
demarrer > executer et tape cmd
dans la fenetre dos, copie et colle ceci:
regedit /e log.txt "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar" & notepad log.txt
et poste le resultat
a+
bon, rien de suspect dans silentrunners, il se trouve ou exactement le dossier link ?
dans les favoris ?
fais ceci pour voir :
demarrer > executer et tape cmd
dans la fenetre dos, copie et colle ceci:
regedit /e log.txt "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar" & notepad log.txt
et poste le resultat
a+
jean38
Messages postés
2534
Date d'inscription
samedi 16 avril 2005
Statut
Contributeur
Dernière intervention
17 juillet 2017
47
31 août 2005 à 17:50
31 août 2005 à 17:50
salut Moe,
juste un passage pour te demander ton avis sur nail j'ai essayé de faire une synthèse des manip et il me semble que l'ordre suivant pourrait être judicieux, merci de ton avis
1) correction registre directe enregisterement correction balltrap.
2)Lance L2mfix option2
à la fin le prog devrait redemarrer ton systeme, des le lancement du bios, tapotte sur la touche F8 afin de basculer en mode sans echec (attention c’est important)
3) Killbox
liste
C:\WINDOWS\Nail.exe
C:\WINDOWS\System32\dicsvu.exe
...
quand killbox redemarre le pc, appuie immediatement sur f8, pour passer en mode sans echecs
passe nailfix
lance hijackthis et supprime :
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O4 - HKLM\..\Run: [iuahpot] C:\WINDOWS\System32\dicsvu.exe r
....
Redemarre et refait un log hijack
bien amicalement
Jean
quentin me manque
juste un passage pour te demander ton avis sur nail j'ai essayé de faire une synthèse des manip et il me semble que l'ordre suivant pourrait être judicieux, merci de ton avis
1) correction registre directe enregisterement correction balltrap.
2)Lance L2mfix option2
à la fin le prog devrait redemarrer ton systeme, des le lancement du bios, tapotte sur la touche F8 afin de basculer en mode sans echec (attention c’est important)
3) Killbox
liste
C:\WINDOWS\Nail.exe
C:\WINDOWS\System32\dicsvu.exe
...
quand killbox redemarre le pc, appuie immediatement sur f8, pour passer en mode sans echecs
passe nailfix
lance hijackthis et supprime :
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O4 - HKLM\..\Run: [iuahpot] C:\WINDOWS\System32\dicsvu.exe r
....
Redemarre et refait un log hijack
bien amicalement
Jean
quentin me manque
Utilisateur anonyme
31 août 2005 à 17:59
31 août 2005 à 17:59
salut jean
ca me parait excellent, tu l'as faite tester ?
pour quentin, j'ai pas trop compris l'histoire, il me semble pas avoir vu d'accrochage sur un post avec qui tu sais.
C'est vraiment dommage, j'espere seulement qu'il fera un signe pour nous dire s'il est sur un autre forum.
a+
ca me parait excellent, tu l'as faite tester ?
pour quentin, j'ai pas trop compris l'histoire, il me semble pas avoir vu d'accrochage sur un post avec qui tu sais.
C'est vraiment dommage, j'espere seulement qu'il fera un signe pour nous dire s'il est sur un autre forum.
a+
jean38
Messages postés
2534
Date d'inscription
samedi 16 avril 2005
Statut
Contributeur
Dernière intervention
17 juillet 2017
47
31 août 2005 à 18:02
31 août 2005 à 18:02
pour la manip, encours sur michael mais il est parti à la piscine au milieu (je crois qu'il avait trop chaud).
je verrais les resultats.
pour quentin, hormis le post incendiaire qui fut retiré, je n'ai rien vu de majeur, il m'a laissé un message sur ma boite privée, sa tristesse vient plus de la non reaction de ccm que de l'attitude de qui tu sais.
c'est bien triste mais je suis sur que nous lui manquerons et que l'on verra un regisXX le retour.
jean
je verrais les resultats.
pour quentin, hormis le post incendiaire qui fut retiré, je n'ai rien vu de majeur, il m'a laissé un message sur ma boite privée, sa tristesse vient plus de la non reaction de ccm que de l'attitude de qui tu sais.
c'est bien triste mais je suis sur que nous lui manquerons et que l'on verra un regisXX le retour.
jean
Utilisateur anonyme
31 août 2005 à 18:33
31 août 2005 à 18:33
ah d'accord, je n'ai pas vu ce post.
je crois aussi qu'il reviendra, peut etre sous un autre pseudo ;-) ?
j'ai vu sur le post de ben que bmv et teebo ont tentés une mise en garde, mais ca en reste là à chaques fois...
je comprend sa tristesse, car il y a ici tous les elements pour faire un super forum, mais c'est vrai que c'est dur de se retenir quand on lis certains posts...
Je suis sur que ca doit lui demanger de se reconnecter lol, et j'espère qu'il le fera rapidement
a+
je crois aussi qu'il reviendra, peut etre sous un autre pseudo ;-) ?
j'ai vu sur le post de ben que bmv et teebo ont tentés une mise en garde, mais ca en reste là à chaques fois...
je comprend sa tristesse, car il y a ici tous les elements pour faire un super forum, mais c'est vrai que c'est dur de se retenir quand on lis certains posts...
Je suis sur que ca doit lui demanger de se reconnecter lol, et j'espère qu'il le fera rapidement
a+
jean38
Messages postés
2534
Date d'inscription
samedi 16 avril 2005
Statut
Contributeur
Dernière intervention
17 juillet 2017
47
31 août 2005 à 18:50
31 août 2005 à 18:50
Moi je pense qu'il est branché... le phantome planne sur CCM veillez vos post et ne vous ratez pas, l'oeil de quentin surveille abel....
pascal9999
Messages postés
15
Date d'inscription
lundi 29 août 2005
Statut
Membre
Dernière intervention
14 avril 2006
4
31 août 2005 à 23:52
31 août 2005 à 23:52
salut moe31,
voici le rapport de la commande que tu as demander sous dos
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
"LinksFolderName"="Links"
"Locked"=dword:00000001
"ShowDiscussionButton"="Yes"
"{1E796980-9CC5-11D1-A83F-00C04FC99D61}"=hex:07,00,00,00,f6,03,00,00,7e,69,79,\
1e,c5,9c,d1,11,a8,3f,00,c0,4f,c9,9d,61,20,01,00,00,04,00,00,00,f7,03,00,00,\
7e,69,79,1e,c5,9c,d1,11,a8,3f,00,c0,4f,c9,9d,61,21,01,00,00,00,00,00,00,f8,\
03,00,00,7e,69,79,1e,c5,9c,d1,11,a8,3f,00,c0,4f,c9,9d,61,24,01,00,00,04,00,\
00,00,f9,03,00,00,7e,69,79,1e,c5,9c,d1,11,a8,3f,00,c0,4f,c9,9d,61,25,01,00,\
00,04,00,00,00,fa,03,00,00,7e,69,79,1e,c5,9c,d1,11,a8,3f,00,c0,4f,c9,9d,61,\
22,01,00,00,04,00,00,00,ff,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,fd,03,00,00,7e,69,79,1e,c5,9c,d1,11,a8,3f,\
00,c0,4f,c9,9d,61,23,01,00,00,04,00,00,00,ff,03,00,00,7e,69,79,1e,c5,9c,d1,\
11,a8,3f,00,c0,4f,c9,9d,61,26,01,00,00,04,00,00,00,00,04,00,00,7e,69,79,1e,\
c5,9c,d1,11,a8,3f,00,c0,4f,c9,9d,61,34,01,00,00,04,00,00,00,01,04,00,00,7e,\
69,79,1e,c5,9c,d1,11,a8,3f,00,c0,4f,c9,9d,61,2e,01,00,00,04,00,00,00,ff,ff,\
ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,02,04,00,00,7e,69,79,1e,c5,9c,d1,11,a8,3f,00,c0,4f,c9,9d,61,28,01,00,00,\
04,00,00,00,03,04,00,00,80,69,79,1e,c5,9c,d1,11,a8,3f,00,c0,4f,c9,9d,61,71,\
01,00,00,04,00,00,00,05,04,00,00,80,69,79,1e,c5,9c,d1,11,a8,3f,00,c0,4f,c9,\
9d,61,04,01,00,00,04,00,00,00,06,04,00,00,80,69,79,1e,c5,9c,d1,11,a8,3f,00,\
c0,4f,c9,9d,61,73,01,00,00,00,00,00,00,07,04,00,00,80,69,79,1e,c5,9c,d1,11,\
a8,3f,00,c0,4f,c9,9d,61,74,01,00,00,04,00,00,00,0d,04,00,00,80,69,79,1e,c5,\
9c,d1,11,a8,3f,00,c0,4f,c9,9d,61,01,20,00,00,04,00,00,00
"Theater"=hex:11,00,00,00,4c,00,00,00,00,00,00,00,32,00,00,00,09,00,00,00,1e,\
00,00,00,02,00,00,00,20,07,00,00,90,01,00,00,01,00,00,00,28,07,00,00,c8,00,\
00,00,04,00,00,00,28,01,00,00,2c,01,00,00,03,00,00,00,28,03,00,00,28,00,00,\
00,07,00,00,00,29,07,00,00,00,00,00,00,06,00,00,00,68,01,00,00,00,00,00,00,\
08,00,00,00,29,05,00,00,00,00,00,00,05,00,00,00,22,05,00,00,5a,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,bf,d1,cd,42,fb,3f,38,42,8a,d1,78,59,df,00,b1,d6,ad,1d,ad,bd,\
46,c9,17,4a,ad,c1,64,b5,b4,ff,55,d0,32,bd,99,ef,fb,c1,d2,11,89,2f,00,90,27,\
1d,4f,88,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Explorer]
"ITBarLayout"=hex:11,00,00,00,4c,00,00,00,00,00,00,00,24,00,00,00,1b,00,00,00,\
4e,00,00,00,01,00,00,00,20,07,00,00,a0,0f,00,00,05,00,00,00,62,05,00,00,26,\
00,00,00,02,00,00,00,21,07,00,00,a0,0f,00,00,04,00,00,00,21,01,00,00,a0,0f,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{01E04581-4EEE-11D0-BFE9-00AA005B4383}"=hex:81,45,e0,01,ee,4e,d0,11,bf,e9,00,\
aa,00,5b,43,83,10,00,00,00,00,00,00,00,01,e0,32,f4,01,00,00,00
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}"=hex:bf,d1,cd,42,fb,3f,38,42,8a,d1,78,\
59,df,00,b1,d6
"ITBarLayout"=hex:11,00,00,00,4c,00,00,00,00,00,00,00,24,00,00,00,1b,00,03,00,\
4e,00,00,00,01,00,00,00,20,07,00,00,a0,0f,00,00,05,00,00,00,62,05,00,00,26,\
00,00,00,02,00,00,00,21,07,00,00,a0,0f,00,00,04,00,00,00,21,01,00,00,a0,0f,\
00,00,07,00,00,00,60,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,bf,d1,cd,\
42,fb,3f,38,42,8a,d1,78,59,df,00,b1,d6,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{01E04581-4EEE-11D0-BFE9-00AA005B4383}"=hex:81,45,e0,01,ee,4e,d0,11,bf,e9,00,\
aa,00,5b,43,83,10,00,00,00,00,00,00,00,01,e0,32,f4,01,00,00,00
"{0E5CBF21-D15F-11D0-8301-00AA005B4383}"=hex:21,bf,5c,0e,5f,d1,d0,11,83,01,00,\
aa,00,5b,43,83,22,00,1c,00,08,00,00,00,06,00,00,00,01,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,4c,00,00,00,01,14,02,00,00,00,00,00,c0,00,00,00,00,\
00,00,46,81,00,00,00,10,00,00,00,02,ca,82,ac,99,ad,c5,01,6a,53,8c,ac,99,ad,\
c5,01,02,ca,82,ac,99,ad,c5,01,00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,59,01,14,00,1f,50,e0,4f,d0,20,ea,3a,69,10,a2,d8,\
08,00,2b,30,30,9d,19,00,2f,43,3a,5c,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,5c,00,31,00,00,00,00,00,31,31,89,59,10,00,44,4f,43,55,4d,\
45,7e,31,00,00,44,00,03,00,04,00,ef,be,dc,30,ca,4a,1e,33,08,9b,14,00,00,00,\
44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,00,73,00,20,00,61,00,6e,00,64,\
00,20,00,53,00,65,00,74,00,74,00,69,00,6e,00,67,00,73,00,00,00,18,00,48,00,\
31,00,00,00,00,00,0a,33,b8,a3,10,00,50,41,53,43,41,4c,7e,31,00,00,30,00,03,\
00,04,00,ef,be,dc,30,cc,54,1e,33,08,9b,14,00,00,00,50,00,61,00,73,00,63,00,\
61,00,6c,00,20,00,5a,00,41,00,52,00,4b,00,41,00,00,00,18,00,50,00,31,00,00,\
00,00,00,1e,33,2a,9c,11,00,46,61,76,6f,72,69,73,00,3a,00,03,00,04,00,ef,be,\
dc,30,cc,54,1e,33,2a,9c,14,00,24,00,46,00,61,00,76,00,6f,00,72,00,69,00,73,\
00,00,00,40,73,68,65,6c,6c,33,32,2e,64,6c,6c,2c,2d,31,32,36,39,33,00,16,00,\
36,00,31,00,00,00,00,00,1e,33,2a,9c,10,00,4c,69,6e,6b,73,00,22,00,03,00,04,\
00,ef,be,1e,33,2a,9c,1e,33,2a,9c,14,00,00,00,4c,00,69,00,6e,00,6b,00,73,00,\
00,00,14,00,00,00,60,00,00,00,03,00,00,a0,58,00,00,00,00,00,00,00,7a,61,72,\
6b,61,00,00,00,00,00,00,00,00,00,00,00,6a,f3,13,bb,c1,09,34,44,83,8f,6b,1a,\
2e,8b,23,14,7e,99,ad,1f,8c,19,da,11,bb,6f,00,0f,3d,30,01,01,6a,f3,13,bb,c1,\
09,34,44,83,8f,6b,1a,2e,8b,23,14,7e,99,ad,1f,8c,19,da,11,bb,6f,00,0f,3d,30,\
01,01,00,00,00,00
"ITBarLayout"=hex:11,00,00,00,4c,00,00,00,00,00,00,00,32,00,00,00,1f,00,07,00,\
88,00,00,00,01,00,00,00,20,07,00,00,a0,0f,00,00,05,00,00,00,62,05,00,00,26,\
00,00,00,02,00,00,00,21,07,00,00,a0,0f,00,00,04,00,00,00,21,01,00,00,a0,0f,\
00,00,03,00,00,00,20,03,00,00,00,00,00,00,07,00,00,00,21,07,00,00,00,00,00,\
00,06,00,00,00,60,01,00,00,00,00,00,00,08,00,00,00,21,05,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,bf,d1,cd,42,fb,3f,38,42,8a,d1,78,59,df,00,b1,d6,ad,1d,ad,\
bd,46,c9,17,4a,ad,c1,64,b5,b4,ff,55,d0,32,bd,99,ef,fb,c1,d2,11,89,2f,00,90,\
27,1d,4f,88,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}"=hex:ad,1d,ad,bd,46,c9,17,4a,ad,c1,64,\
b5,b4,ff,55,d0,4c,00,4f,00,41,00,44
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}"=hex:bf,d1,cd,42,fb,3f,38,42,8a,d1,78,\
59,df,00,b1,d6
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:32,bd,99,ef,fb,c1,d2,11,89,2f,00,\
90,27,1d,4f,88
bonne soirée
voici le rapport de la commande que tu as demander sous dos
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
"LinksFolderName"="Links"
"Locked"=dword:00000001
"ShowDiscussionButton"="Yes"
"{1E796980-9CC5-11D1-A83F-00C04FC99D61}"=hex:07,00,00,00,f6,03,00,00,7e,69,79,\
1e,c5,9c,d1,11,a8,3f,00,c0,4f,c9,9d,61,20,01,00,00,04,00,00,00,f7,03,00,00,\
7e,69,79,1e,c5,9c,d1,11,a8,3f,00,c0,4f,c9,9d,61,21,01,00,00,00,00,00,00,f8,\
03,00,00,7e,69,79,1e,c5,9c,d1,11,a8,3f,00,c0,4f,c9,9d,61,24,01,00,00,04,00,\
00,00,f9,03,00,00,7e,69,79,1e,c5,9c,d1,11,a8,3f,00,c0,4f,c9,9d,61,25,01,00,\
00,04,00,00,00,fa,03,00,00,7e,69,79,1e,c5,9c,d1,11,a8,3f,00,c0,4f,c9,9d,61,\
22,01,00,00,04,00,00,00,ff,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,fd,03,00,00,7e,69,79,1e,c5,9c,d1,11,a8,3f,\
00,c0,4f,c9,9d,61,23,01,00,00,04,00,00,00,ff,03,00,00,7e,69,79,1e,c5,9c,d1,\
11,a8,3f,00,c0,4f,c9,9d,61,26,01,00,00,04,00,00,00,00,04,00,00,7e,69,79,1e,\
c5,9c,d1,11,a8,3f,00,c0,4f,c9,9d,61,34,01,00,00,04,00,00,00,01,04,00,00,7e,\
69,79,1e,c5,9c,d1,11,a8,3f,00,c0,4f,c9,9d,61,2e,01,00,00,04,00,00,00,ff,ff,\
ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,02,04,00,00,7e,69,79,1e,c5,9c,d1,11,a8,3f,00,c0,4f,c9,9d,61,28,01,00,00,\
04,00,00,00,03,04,00,00,80,69,79,1e,c5,9c,d1,11,a8,3f,00,c0,4f,c9,9d,61,71,\
01,00,00,04,00,00,00,05,04,00,00,80,69,79,1e,c5,9c,d1,11,a8,3f,00,c0,4f,c9,\
9d,61,04,01,00,00,04,00,00,00,06,04,00,00,80,69,79,1e,c5,9c,d1,11,a8,3f,00,\
c0,4f,c9,9d,61,73,01,00,00,00,00,00,00,07,04,00,00,80,69,79,1e,c5,9c,d1,11,\
a8,3f,00,c0,4f,c9,9d,61,74,01,00,00,04,00,00,00,0d,04,00,00,80,69,79,1e,c5,\
9c,d1,11,a8,3f,00,c0,4f,c9,9d,61,01,20,00,00,04,00,00,00
"Theater"=hex:11,00,00,00,4c,00,00,00,00,00,00,00,32,00,00,00,09,00,00,00,1e,\
00,00,00,02,00,00,00,20,07,00,00,90,01,00,00,01,00,00,00,28,07,00,00,c8,00,\
00,00,04,00,00,00,28,01,00,00,2c,01,00,00,03,00,00,00,28,03,00,00,28,00,00,\
00,07,00,00,00,29,07,00,00,00,00,00,00,06,00,00,00,68,01,00,00,00,00,00,00,\
08,00,00,00,29,05,00,00,00,00,00,00,05,00,00,00,22,05,00,00,5a,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,bf,d1,cd,42,fb,3f,38,42,8a,d1,78,59,df,00,b1,d6,ad,1d,ad,bd,\
46,c9,17,4a,ad,c1,64,b5,b4,ff,55,d0,32,bd,99,ef,fb,c1,d2,11,89,2f,00,90,27,\
1d,4f,88,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Explorer]
"ITBarLayout"=hex:11,00,00,00,4c,00,00,00,00,00,00,00,24,00,00,00,1b,00,00,00,\
4e,00,00,00,01,00,00,00,20,07,00,00,a0,0f,00,00,05,00,00,00,62,05,00,00,26,\
00,00,00,02,00,00,00,21,07,00,00,a0,0f,00,00,04,00,00,00,21,01,00,00,a0,0f,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{01E04581-4EEE-11D0-BFE9-00AA005B4383}"=hex:81,45,e0,01,ee,4e,d0,11,bf,e9,00,\
aa,00,5b,43,83,10,00,00,00,00,00,00,00,01,e0,32,f4,01,00,00,00
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}"=hex:bf,d1,cd,42,fb,3f,38,42,8a,d1,78,\
59,df,00,b1,d6
"ITBarLayout"=hex:11,00,00,00,4c,00,00,00,00,00,00,00,24,00,00,00,1b,00,03,00,\
4e,00,00,00,01,00,00,00,20,07,00,00,a0,0f,00,00,05,00,00,00,62,05,00,00,26,\
00,00,00,02,00,00,00,21,07,00,00,a0,0f,00,00,04,00,00,00,21,01,00,00,a0,0f,\
00,00,07,00,00,00,60,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,bf,d1,cd,\
42,fb,3f,38,42,8a,d1,78,59,df,00,b1,d6,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{01E04581-4EEE-11D0-BFE9-00AA005B4383}"=hex:81,45,e0,01,ee,4e,d0,11,bf,e9,00,\
aa,00,5b,43,83,10,00,00,00,00,00,00,00,01,e0,32,f4,01,00,00,00
"{0E5CBF21-D15F-11D0-8301-00AA005B4383}"=hex:21,bf,5c,0e,5f,d1,d0,11,83,01,00,\
aa,00,5b,43,83,22,00,1c,00,08,00,00,00,06,00,00,00,01,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,4c,00,00,00,01,14,02,00,00,00,00,00,c0,00,00,00,00,\
00,00,46,81,00,00,00,10,00,00,00,02,ca,82,ac,99,ad,c5,01,6a,53,8c,ac,99,ad,\
c5,01,02,ca,82,ac,99,ad,c5,01,00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,59,01,14,00,1f,50,e0,4f,d0,20,ea,3a,69,10,a2,d8,\
08,00,2b,30,30,9d,19,00,2f,43,3a,5c,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,5c,00,31,00,00,00,00,00,31,31,89,59,10,00,44,4f,43,55,4d,\
45,7e,31,00,00,44,00,03,00,04,00,ef,be,dc,30,ca,4a,1e,33,08,9b,14,00,00,00,\
44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,00,73,00,20,00,61,00,6e,00,64,\
00,20,00,53,00,65,00,74,00,74,00,69,00,6e,00,67,00,73,00,00,00,18,00,48,00,\
31,00,00,00,00,00,0a,33,b8,a3,10,00,50,41,53,43,41,4c,7e,31,00,00,30,00,03,\
00,04,00,ef,be,dc,30,cc,54,1e,33,08,9b,14,00,00,00,50,00,61,00,73,00,63,00,\
61,00,6c,00,20,00,5a,00,41,00,52,00,4b,00,41,00,00,00,18,00,50,00,31,00,00,\
00,00,00,1e,33,2a,9c,11,00,46,61,76,6f,72,69,73,00,3a,00,03,00,04,00,ef,be,\
dc,30,cc,54,1e,33,2a,9c,14,00,24,00,46,00,61,00,76,00,6f,00,72,00,69,00,73,\
00,00,00,40,73,68,65,6c,6c,33,32,2e,64,6c,6c,2c,2d,31,32,36,39,33,00,16,00,\
36,00,31,00,00,00,00,00,1e,33,2a,9c,10,00,4c,69,6e,6b,73,00,22,00,03,00,04,\
00,ef,be,1e,33,2a,9c,1e,33,2a,9c,14,00,00,00,4c,00,69,00,6e,00,6b,00,73,00,\
00,00,14,00,00,00,60,00,00,00,03,00,00,a0,58,00,00,00,00,00,00,00,7a,61,72,\
6b,61,00,00,00,00,00,00,00,00,00,00,00,6a,f3,13,bb,c1,09,34,44,83,8f,6b,1a,\
2e,8b,23,14,7e,99,ad,1f,8c,19,da,11,bb,6f,00,0f,3d,30,01,01,6a,f3,13,bb,c1,\
09,34,44,83,8f,6b,1a,2e,8b,23,14,7e,99,ad,1f,8c,19,da,11,bb,6f,00,0f,3d,30,\
01,01,00,00,00,00
"ITBarLayout"=hex:11,00,00,00,4c,00,00,00,00,00,00,00,32,00,00,00,1f,00,07,00,\
88,00,00,00,01,00,00,00,20,07,00,00,a0,0f,00,00,05,00,00,00,62,05,00,00,26,\
00,00,00,02,00,00,00,21,07,00,00,a0,0f,00,00,04,00,00,00,21,01,00,00,a0,0f,\
00,00,03,00,00,00,20,03,00,00,00,00,00,00,07,00,00,00,21,07,00,00,00,00,00,\
00,06,00,00,00,60,01,00,00,00,00,00,00,08,00,00,00,21,05,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,bf,d1,cd,42,fb,3f,38,42,8a,d1,78,59,df,00,b1,d6,ad,1d,ad,\
bd,46,c9,17,4a,ad,c1,64,b5,b4,ff,55,d0,32,bd,99,ef,fb,c1,d2,11,89,2f,00,90,\
27,1d,4f,88,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}"=hex:ad,1d,ad,bd,46,c9,17,4a,ad,c1,64,\
b5,b4,ff,55,d0,4c,00,4f,00,41,00,44
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}"=hex:bf,d1,cd,42,fb,3f,38,42,8a,d1,78,\
59,df,00,b1,d6
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:32,bd,99,ef,fb,c1,d2,11,89,2f,00,\
90,27,1d,4f,88
bonne soirée
Utilisateur anonyme
1 sept. 2005 à 19:05
1 sept. 2005 à 19:05
Salut pascal
dsl, j'avais pas vu ton post (fallait le faire remonter)
ouvre le bloc note et copie et colle ceci:
REGEDIT4
[HKEY_CURRENT_USER\ Software\ Microsoft\ Internet Explorer\ Toolbar]
"LinksFolderName"=""
"Locked"=dword:00000000
Puis enregistrer sous et dans:
Nom du fichier, met fix.reg
Type de fichier: selectionne "tous les fichiers"
clic sur enregistrer
ensuite double clic sur fix.reget accepte de fusionner
ouvre internet explorer, clic sur les favoris et tu devrais pouvoir supprimer ce dossier
a+
dsl, j'avais pas vu ton post (fallait le faire remonter)
ouvre le bloc note et copie et colle ceci:
REGEDIT4
[HKEY_CURRENT_USER\ Software\ Microsoft\ Internet Explorer\ Toolbar]
"LinksFolderName"=""
"Locked"=dword:00000000
Puis enregistrer sous et dans:
Nom du fichier, met fix.reg
Type de fichier: selectionne "tous les fichiers"
clic sur enregistrer
ensuite double clic sur fix.reget accepte de fusionner
ouvre internet explorer, clic sur les favoris et tu devrais pouvoir supprimer ce dossier
a+