Security tool
snefpep
-
eZula Messages postés 3509 Statut Contributeur -
eZula Messages postés 3509 Statut Contributeur -
Bonjour,
J'ai été infecté recemment par security tool bar que norton ne m'a pas arreté, j'ai réussi à le supprimer via le site marekal ( merci bcp) mais à deux nouvelles reprises security tool a tenter revenir j'ai bloqué mais comment faire pour qu'il ne revienne plus du tout ni norton 360 ni avast ne le bloque avant qu'il ne tente de s'installer cela est il impossible ce truc est une véritable m*****
J'ai été infecté recemment par security tool bar que norton ne m'a pas arreté, j'ai réussi à le supprimer via le site marekal ( merci bcp) mais à deux nouvelles reprises security tool a tenter revenir j'ai bloqué mais comment faire pour qu'il ne revienne plus du tout ni norton 360 ni avast ne le bloque avant qu'il ne tente de s'installer cela est il impossible ce truc est une véritable m*****
A voir également:
- Security tool
- Hp usb disk storage format tool - Télécharger - Stockage
- Ds3 tool - Télécharger - Émulation
- Microsoft security essentials - Télécharger - Antivirus & Antimalwares
- Media creation tool - Télécharger - Systèmes d'exploitation
- Windows usb/dvd download tool - Télécharger - Systèmes d'exploitation
3 réponses
Bonjour,
Télécharge le script "Silent Runners" (Andrew Aronoff) : clic droit > "enregistrer sous" (et non pas clic gauche) sur le lien suivant :
https://www.silentrunners.org/Silent%20Runners.vbs
clique ensuite 2 fois sur "yes"
Laisse lui le temps de faire son analyse (compte une minute, montre en main)
Poste le rapport généré qui se trouve dans le meme dossier que Silent Runners...
Télécharge le script "Silent Runners" (Andrew Aronoff) : clic droit > "enregistrer sous" (et non pas clic gauche) sur le lien suivant :
https://www.silentrunners.org/Silent%20Runners.vbs
clique ensuite 2 fois sur "yes"
Laisse lui le temps de faire son analyse (compte une minute, montre en main)
Poste le rapport généré qui se trouve dans le meme dossier que Silent Runners...
"Silent Runners.vbs", revision 60, https://www.silentrunners.org/
Operating System: Windows Vista SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"Sidebar" = "C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" [MS]
"WindowsWelcomeCenter" = "rundll32.exe oobefldr.dll,ShowWelcomeCenter" [MS]
"msnmsgr" = ""C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background" [MS]
"Search Protection" = "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" ["Yahoo! Inc"]
"YSearchProtection" = "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" ["Yahoo! Inc"]
"WMPNSCFG" = "C:\Program Files\Windows Media Player\WMPNSCFG.exe" [MS]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"Apoint" = "C:\Program Files\Apoint2K\Apoint.exe" ["Alps Electric Co., Ltd."]
"QlbCtrl" = "C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start"
"HP Health Check Scheduler" = "C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [null data]
"hpWirelessAssistant" = "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe"
"WAWifiMessage" = "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe"
"IgfxTray" = "C:\Windows\system32\igfxtray.exe" ["Intel Corporation"]
"HotKeysCmds" = "C:\Windows\system32\hkcmd.exe" ["Intel Corporation"]
"Persistence" = "C:\Windows\system32\igfxpers.exe" ["Intel Corporation"]
"fssui" = ""C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun" [MS]
"YSearchProtection" = ""C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"" ["Yahoo! Inc"]
"HP Software Update" = "C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" ["Hewlett-Packard"]
"(Default)" = "(empty string)" [file not found]
"avast!" = "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" ["ALWIL Software"]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{02478D38-C3F9-4efb-9B51-7695ECA05670}\(Default) = (no title provided)
-> {HKLM...CLSID} = "&Yahoo! Toolbar Helper"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll" ["Yahoo! Inc."]
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\(Default) = "AcroIEHelperStub"
-> {HKLM...CLSID} = "Adobe PDF Link Helper"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll" ["Adobe Systems Incorporated"]
{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}\(Default) = "Windows Live Family Safety Browser Helper"
-> {HKLM...CLSID} = "Windows Live Family Safety Browser Helper Class"
\InProcServer32\(Default) = "C:\Program Files\Windows Live\Family Safety\fssbho.dll" [MS]
{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\(Default) = "Symantec NCO BHO"
-> {HKLM...CLSID} = "Symantec NCO BHO"
\InProcServer32\(Default) = "C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll" ["Symantec Corporation"]
{6D53EC84-6AAE-4787-AEEE-F4628F01010C}\(Default) = "Symantec Intrusion Prevention"
-> {HKLM...CLSID} = "Symantec Intrusion Prevention"
\InProcServer32\(Default) = "C:\Program Files\Norton 360\Engine\3.5.2.11\IPSBHO.DLL" ["Symantec Corporation"]
{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}\(Default) = "Search Helper"
-> {HKLM...CLSID} = "Search Helper"
\InProcServer32\(Default) = "C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll" [MS]
{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Programme d'aide de l'Assistant de connexion Windows Live"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS]
{DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Java(tm) Plug-In 2 SSV Helper"
\InProcServer32\(Default) = "C:\Program Files\Java\jre6\bin\jp2ssv.dll" ["Sun Microsystems, Inc."]
{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Windows Live Toolbar Helper"
\InProcServer32\(Default) = "C:\Program Files\Windows Live\Toolbar\wltcore.dll" [MS]
{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\(Default) = "Yontoo Layers"
-> {HKLM...CLSID} = "Yontoo Layers"
\InProcServer32\(Default) = "C:\Program Files\Yontoo Layers Client for Internet Explorer\YontooIEClient.dll" ["Yontoo Technology, Inc."]
{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SingleInstance Class"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll" ["Yahoo! Inc"]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\
OverlayExcluded\(Default) = "{4433A54A-1AC8-432F-90FC-85F045CF383C}"
-> {HKLM...CLSID} = "OverlayExcluded Class"
\InProcServer32\(Default) = "C:\Program Files\Norton 360\Engine\3.5.2.11\buShell.dll" ["Symantec Corporation"]
OverlayPending\(Default) = "{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}"
-> {HKLM...CLSID} = "OverlayPending Class"
\InProcServer32\(Default) = "C:\Program Files\Norton 360\Engine\3.5.2.11\buShell.dll" ["Symantec Corporation"]
OverlayProtected\(Default) = "{476D0EA3-80F9-48B5-B70B-05E677C9C148}"
-> {HKLM...CLSID} = "OverlayProtected Class"
\InProcServer32\(Default) = "C:\Program Files\Norton 360\Engine\3.5.2.11\buShell.dll" ["Symantec Corporation"]
Operating System: Windows Vista SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"Sidebar" = "C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" [MS]
"WindowsWelcomeCenter" = "rundll32.exe oobefldr.dll,ShowWelcomeCenter" [MS]
"msnmsgr" = ""C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background" [MS]
"Search Protection" = "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" ["Yahoo! Inc"]
"YSearchProtection" = "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" ["Yahoo! Inc"]
"WMPNSCFG" = "C:\Program Files\Windows Media Player\WMPNSCFG.exe" [MS]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"Apoint" = "C:\Program Files\Apoint2K\Apoint.exe" ["Alps Electric Co., Ltd."]
"QlbCtrl" = "C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start"
"HP Health Check Scheduler" = "C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [null data]
"hpWirelessAssistant" = "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe"
"WAWifiMessage" = "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe"
"IgfxTray" = "C:\Windows\system32\igfxtray.exe" ["Intel Corporation"]
"HotKeysCmds" = "C:\Windows\system32\hkcmd.exe" ["Intel Corporation"]
"Persistence" = "C:\Windows\system32\igfxpers.exe" ["Intel Corporation"]
"fssui" = ""C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun" [MS]
"YSearchProtection" = ""C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"" ["Yahoo! Inc"]
"HP Software Update" = "C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" ["Hewlett-Packard"]
"(Default)" = "(empty string)" [file not found]
"avast!" = "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" ["ALWIL Software"]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{02478D38-C3F9-4efb-9B51-7695ECA05670}\(Default) = (no title provided)
-> {HKLM...CLSID} = "&Yahoo! Toolbar Helper"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll" ["Yahoo! Inc."]
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\(Default) = "AcroIEHelperStub"
-> {HKLM...CLSID} = "Adobe PDF Link Helper"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll" ["Adobe Systems Incorporated"]
{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}\(Default) = "Windows Live Family Safety Browser Helper"
-> {HKLM...CLSID} = "Windows Live Family Safety Browser Helper Class"
\InProcServer32\(Default) = "C:\Program Files\Windows Live\Family Safety\fssbho.dll" [MS]
{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\(Default) = "Symantec NCO BHO"
-> {HKLM...CLSID} = "Symantec NCO BHO"
\InProcServer32\(Default) = "C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll" ["Symantec Corporation"]
{6D53EC84-6AAE-4787-AEEE-F4628F01010C}\(Default) = "Symantec Intrusion Prevention"
-> {HKLM...CLSID} = "Symantec Intrusion Prevention"
\InProcServer32\(Default) = "C:\Program Files\Norton 360\Engine\3.5.2.11\IPSBHO.DLL" ["Symantec Corporation"]
{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}\(Default) = "Search Helper"
-> {HKLM...CLSID} = "Search Helper"
\InProcServer32\(Default) = "C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll" [MS]
{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Programme d'aide de l'Assistant de connexion Windows Live"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS]
{DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Java(tm) Plug-In 2 SSV Helper"
\InProcServer32\(Default) = "C:\Program Files\Java\jre6\bin\jp2ssv.dll" ["Sun Microsystems, Inc."]
{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Windows Live Toolbar Helper"
\InProcServer32\(Default) = "C:\Program Files\Windows Live\Toolbar\wltcore.dll" [MS]
{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\(Default) = "Yontoo Layers"
-> {HKLM...CLSID} = "Yontoo Layers"
\InProcServer32\(Default) = "C:\Program Files\Yontoo Layers Client for Internet Explorer\YontooIEClient.dll" ["Yontoo Technology, Inc."]
{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SingleInstance Class"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll" ["Yahoo! Inc"]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\
OverlayExcluded\(Default) = "{4433A54A-1AC8-432F-90FC-85F045CF383C}"
-> {HKLM...CLSID} = "OverlayExcluded Class"
\InProcServer32\(Default) = "C:\Program Files\Norton 360\Engine\3.5.2.11\buShell.dll" ["Symantec Corporation"]
OverlayPending\(Default) = "{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}"
-> {HKLM...CLSID} = "OverlayPending Class"
\InProcServer32\(Default) = "C:\Program Files\Norton 360\Engine\3.5.2.11\buShell.dll" ["Symantec Corporation"]
OverlayProtected\(Default) = "{476D0EA3-80F9-48B5-B70B-05E677C9C148}"
-> {HKLM...CLSID} = "OverlayProtected Class"
\InProcServer32\(Default) = "C:\Program Files\Norton 360\Engine\3.5.2.11\buShell.dll" ["Symantec Corporation"]
