UC
P03tic
-
balltrap34 Messages postés 16241 Statut Contributeur sécurité -
balltrap34 Messages postés 16241 Statut Contributeur sécurité -
Salut
Voila mon UC ne descend plus en dessous de 22% se qui n est pas un probleme quand on sait quel programme l utilise. Malheureusement mes processus inactif sont toujours a 98%...
donc ma question c est : comment retrouver le programme qui utile mon UC?
Voila mon UC ne descend plus en dessous de 22% se qui n est pas un probleme quand on sait quel programme l utilise. Malheureusement mes processus inactif sont toujours a 98%...
donc ma question c est : comment retrouver le programme qui utile mon UC?
A voir également:
- UC
- Uc browser - Télécharger - Navigateurs
- Uc informatique ✓ - Forum Windows
- Utilisation importante de uc - Forum Matériel & Système
- Uc ordinateur - Forum Windows
- Cpu vs. uc - Forum Windows
20 réponses
lol
quand tu fait ctrl alt suppr /onglet processus
dans la colonne process regarde si tu peut voir lequel le fait
quand tu fait ctrl alt suppr /onglet processus
dans la colonne process regarde si tu peut voir lequel le fait
Mon hijack au cas ou :
Logfile of HijackThis v1.99.1
Scan saved at 18:51:00, on 06/16/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\system32\wdfmgr.exe
C:\PROGRA~1\Wanadoo\CnxMon.exe
C:\PROGRA~1\MESSAG~1\Demon.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\msnappau.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Wanadoo\EspaceWanadoo.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\P03tic\Bureau\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [Demon] C:\PROGRA~1\MESSAG~1\Demon.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\msnappau.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4C639A08-FAE6-4302-8F62-BC6A74E66691}: NameServer = 80.10.246.130 80.10.246.3
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
Logfile of HijackThis v1.99.1
Scan saved at 18:51:00, on 06/16/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\system32\wdfmgr.exe
C:\PROGRA~1\Wanadoo\CnxMon.exe
C:\PROGRA~1\MESSAG~1\Demon.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\msnappau.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Wanadoo\EspaceWanadoo.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\P03tic\Bureau\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [Demon] C:\PROGRA~1\MESSAG~1\Demon.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\msnappau.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4C639A08-FAE6-4302-8F62-BC6A74E66691}: NameServer = 80.10.246.130 80.10.246.3
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
rien de mechant dedans
fait ceci ont auras plus de detail
Télécharge ce fichier. http://www.niksoft.at/php/dl.php?f=startdreck.zip
Startdreck.exe
decompresse le et execute le
paramettre le comme ceci
- clik "Config" -> "Unmark all"
- Coche:
Registry -> Run Keys
System/drivers -> Running processes
- clik "Ok".
- clik sur "Save" et donne nous le rapport stp
fait ceci ont auras plus de detail
Télécharge ce fichier. http://www.niksoft.at/php/dl.php?f=startdreck.zip
Startdreck.exe
decompresse le et execute le
paramettre le comme ceci
- clik "Config" -> "Unmark all"
- Coche:
Registry -> Run Keys
System/drivers -> Running processes
- clik "Ok".
- clik sur "Save" et donne nous le rapport stp
StartDreck (build 2.1.7 public stable) - 2005-06-16 @ 18:58:44 (GMT +02:00)
Platform: Windows XP (Win NT 5.1.2600 Service Pack 2)
Internet Explorer: 6.0.2900.2180
Logged in as P03tic at WORLD-COMPAGNY
»Registry
»Run Keys
»Current User
»Run
*msnmsgr="C:\Program Files\MSN Messenger\msnmsgr.exe" /background
*SpySweeper="C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
»RunOnce
»Default User
»Run
*CTFMON.EXE=C:\WINDOWS\System32\CTFMON.EXE
»RunOnce
»Local Machine
»Run
*WooCnxMon=C:\PROGRA~1\Wanadoo\CnxMon.exe
*WOOWATCH=C:\PROGRA~1\Wanadoo\Watch.exe
*Demon=C:\PROGRA~1\MESSAG~1\Demon.exe
*msnappau="C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\msnappau.exe"
*WinampAgent=C:\Program Files\Winamp\winampa.exe
*AVGCtrl="C:\Program Files\AVPersonal\AVGNT.EXE" /min
»RunOnce
»RunServices
»RunServicesOnce
»RunOnceEx
»RunServicesOnceEx
»Files
»System/Drivers
»Running Processes
+0=<idle>
+4=<system>
+420=\SystemRoot\System32\smss.exe
+484=\??\C:\WINDOWS\system32\csrss.exe
+508=\??\C:\WINDOWS\system32\winlogon.exe
+644=C:\WINDOWS\system32\services.exe
+664=C:\WINDOWS\system32\lsass.exe
+808=C:\WINDOWS\system32\svchost.exe
+868=C:\WINDOWS\system32\svchost.exe
+908=C:\WINDOWS\System32\svchost.exe
+956=C:\WINDOWS\system32\svchost.exe
+1004=C:\WINDOWS\system32\svchost.exe
+1416=C:\WINDOWS\Explorer.EXE
+1548=C:\WINDOWS\system32\spoolsv.exe
+1640=C:\WINDOWS\system32\Ati2evxx.exe
+1652=C:\Program Files\AVPersonal\AVWUPSRV.EXE
+1788=C:\WINDOWS\system32\wdfmgr.exe
+212=C:\PROGRA~1\Wanadoo\CnxMon.exe
+252=C:\PROGRA~1\MESSAG~1\Demon.exe
+264=C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\msnappau.exe
+280=C:\Program Files\Winamp\winampa.exe
+288=C:\Program Files\AVPersonal\AVGNT.EXE
+696=C:\WINDOWS\System32\alg.exe
+1452=C:\WINDOWS\system32\wscntfy.exe
+1512=C:\WINDOWS\System32\svchost.exe
+1728=C:\WINDOWS\system32\taskmgr.exe
+3568=C:\Program Files\Wanadoo\EspaceWanadoo.exe
+3580=C:\Program Files\Wanadoo\ComComp.exe
+3656=C:\Program Files\Wanadoo\Watch.exe
+3860=C:\Program Files\Internet Explorer\iexplore.exe
+1976=C:\Program Files\Internet Explorer\iexplore.exe
+2612=C:\Program Files\Internet Explorer\iexplore.exe
+2064=C:\Documents and Settings\P03tic\Bureau\StartDreck.exe
»Application specific
Platform: Windows XP (Win NT 5.1.2600 Service Pack 2)
Internet Explorer: 6.0.2900.2180
Logged in as P03tic at WORLD-COMPAGNY
»Registry
»Run Keys
»Current User
»Run
*msnmsgr="C:\Program Files\MSN Messenger\msnmsgr.exe" /background
*SpySweeper="C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
»RunOnce
»Default User
»Run
*CTFMON.EXE=C:\WINDOWS\System32\CTFMON.EXE
»RunOnce
»Local Machine
»Run
*WooCnxMon=C:\PROGRA~1\Wanadoo\CnxMon.exe
*WOOWATCH=C:\PROGRA~1\Wanadoo\Watch.exe
*Demon=C:\PROGRA~1\MESSAG~1\Demon.exe
*msnappau="C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\msnappau.exe"
*WinampAgent=C:\Program Files\Winamp\winampa.exe
*AVGCtrl="C:\Program Files\AVPersonal\AVGNT.EXE" /min
»RunOnce
»RunServices
»RunServicesOnce
»RunOnceEx
»RunServicesOnceEx
»Files
»System/Drivers
»Running Processes
+0=<idle>
+4=<system>
+420=\SystemRoot\System32\smss.exe
+484=\??\C:\WINDOWS\system32\csrss.exe
+508=\??\C:\WINDOWS\system32\winlogon.exe
+644=C:\WINDOWS\system32\services.exe
+664=C:\WINDOWS\system32\lsass.exe
+808=C:\WINDOWS\system32\svchost.exe
+868=C:\WINDOWS\system32\svchost.exe
+908=C:\WINDOWS\System32\svchost.exe
+956=C:\WINDOWS\system32\svchost.exe
+1004=C:\WINDOWS\system32\svchost.exe
+1416=C:\WINDOWS\Explorer.EXE
+1548=C:\WINDOWS\system32\spoolsv.exe
+1640=C:\WINDOWS\system32\Ati2evxx.exe
+1652=C:\Program Files\AVPersonal\AVWUPSRV.EXE
+1788=C:\WINDOWS\system32\wdfmgr.exe
+212=C:\PROGRA~1\Wanadoo\CnxMon.exe
+252=C:\PROGRA~1\MESSAG~1\Demon.exe
+264=C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\msnappau.exe
+280=C:\Program Files\Winamp\winampa.exe
+288=C:\Program Files\AVPersonal\AVGNT.EXE
+696=C:\WINDOWS\System32\alg.exe
+1452=C:\WINDOWS\system32\wscntfy.exe
+1512=C:\WINDOWS\System32\svchost.exe
+1728=C:\WINDOWS\system32\taskmgr.exe
+3568=C:\Program Files\Wanadoo\EspaceWanadoo.exe
+3580=C:\Program Files\Wanadoo\ComComp.exe
+3656=C:\Program Files\Wanadoo\Watch.exe
+3860=C:\Program Files\Internet Explorer\iexplore.exe
+1976=C:\Program Files\Internet Explorer\iexplore.exe
+2612=C:\Program Files\Internet Explorer\iexplore.exe
+2064=C:\Documents and Settings\P03tic\Bureau\StartDreck.exe
»Application specific
"quand tu fait ctrl alt suppr /onglet processus
dans la colonne process regarde si tu peut voir lequel le fait "
Bah j ai : processus ina : 98%
explorer 2%
et c est tout , c est ca le prob
dans la colonne process regarde si tu peut voir lequel le fait "
Bah j ai : processus ina : 98%
explorer 2%
et c est tout , c est ca le prob
c est super chiant car ca me fait un lag toute les 5 secondes, donc plus de film, de jeu, de log en gros je peux quasi rien faire
a tous hazard
Faite scan en ligne et coller le rapport ici sur le post
utiliser l'antivirus en ligne suivant :
http://www.ravantivirus.com/scan/
Cliquer sur "To continue without subscribing click here" et attendre quelques minutes.
Lorsque "Ready" est affiché dans "status", cocher la case "Autoclean" puis cliquer sur "Scan my PC"
A la fin de l'analyse, copier/coller le rapport ici.
------------------------------
Faite scan en ligne et coller le rapport ici sur le post
utiliser l'antivirus en ligne suivant :
http://www.ravantivirus.com/scan/
Cliquer sur "To continue without subscribing click here" et attendre quelques minutes.
Lorsque "Ready" est affiché dans "status", cocher la case "Autoclean" puis cliquer sur "Scan my PC"
A la fin de l'analyse, copier/coller le rapport ici.
------------------------------
Scan started at 06/16/2005 19:17:05
Scanning memory...
Scanning boot sectors...
Scanning files...
C:\Program Files\WinRAR\Uninstall.exe - Backdoor:Win32/Poebot.E -> Suspicious
Scanned
============================
Objects: 32685
Directories: 2897
Archives: 904
Size(Kb): 287753
Infected files: 0
Found
============================
Viruses found: 0
Suspicious files: 1
Disinfected files: 0
Mail files: 53
Scanning memory...
Scanning boot sectors...
Scanning files...
C:\Program Files\WinRAR\Uninstall.exe - Backdoor:Win32/Poebot.E -> Suspicious
Scanned
============================
Objects: 32685
Directories: 2897
Archives: 904
Size(Kb): 287753
Infected files: 0
Found
============================
Viruses found: 0
Suspicious files: 1
Disinfected files: 0
Mail files: 53
Je sais vraiment pas quoi faire, maintenant meme sur le reboot il lag toute les 2 secondes... en faite des le demarrage mon UC est a 20 %
fait ceci
Télécharge ceci SilentRunners.
http://www.silentrunners.org/
Lance-le
Copie/colle-le rapport ici
Télécharge ceci SilentRunners.
http://www.silentrunners.org/
Lance-le
Copie/colle-le rapport ici
"Silent Runners.vbs", revision 38, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"msnmsgr" = ""C:\Program Files\MSN Messenger\msnmsgr.exe" /background" [MS]
"SpySweeper" = ""C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0" ["Webroot Software, Inc."]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"WooCnxMon" = "C:\PROGRA~1\Wanadoo\CnxMon.exe" [empty string]
"WOOWATCH" = "C:\PROGRA~1\Wanadoo\Watch.exe" ["France Télécom R&D"]
"Demon" = "C:\PROGRA~1\MESSAG~1\Demon.exe" ["France Telecom"]
"msnappau" = ""C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\msnappau.exe"" [MS]
"WinampAgent" = "C:\Program Files\Winamp\winampa.exe" [null data]
"AVGCtrl" = ""C:\Program Files\AVPersonal\AVGNT.EXE" /min" ["H+BEDV Datentechnik GmbH"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"
-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll" ["Alcohol Soft Development Team"]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{7C9D5882-CB4A-4090-96C8-430BFE8B795B}" = "Webroot Spy Sweeper Context Menu Integration"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll" ["Webroot Software, Inc."]
Active Desktop and Wallpaper:
-----------------------------
Active Desktop is enabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"
Enabled Screen Saver:
---------------------
HKCU\Control Panel\Desktop\
HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\0\
"SCRNSAVE.EXE" = "C:\WINDOWS\system32\ssmyst.scr" [MS]
Startup items in "P03tic" & "All Users" startup folders:
--------------------------------------------------------
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
"Adobe Gamma Loader" -> shortcut to: "C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 20
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" = "MSN" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll" [MS]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]
"{804DB5C7-31E6-4885-850A-F1941B58A4C7}" = "Oemji" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Oemji\Toolbar\OemjiSrc.dll" [null data]
Explorer Bars
Dormant Explorer Bars in "View, Explorer Bar" menu
HKLM\Software\Classes\CLSID\{01002DB2-8170-4D9B-A8B1-DDC9DD114E03}\ = "Volet Wanadoo"
Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]
InProcServer32\(Default) = "C:\PROGRA~1\Wanadoo\audience\audience.dll" [empty string]
HKLM\Software\Classes\CLSID\{3BAF4A27-C764-4E1A-A6F4-62F7A7E5E51C}\ = "ToolBand Class"
Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]
InProcServer32\(Default) = "C:\PROGRA~1\Wanadoo\audience\audience.dll" [empty string]
HKLM\Software\Classes\CLSID\{5BF498C0-931E-4A4F-B33F-456D07137EAA}\ = "Volet Wanadoo"
Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]
InProcServer32\(Default) = "C:\PROGRA~1\Wanadoo\audience\audience.dll" [empty string]
Miscellaneous IE Hijack Points
------------------------------
C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")
Added lines (compared with English-language version):
: ÿþ[ V e r s i o n ]
: S i g n a t u r e = " $ C H I C A G O $ "
: A d v a n c e d I N F = 2 . 5 , " Y o u n e e d a n e w v e r s i o n o f a d v p a c k . d l l "
:
: [ R e s t o r e H o m e P a g e ]
: A d d R e g = R e s t o r e H o m e P a g e . r e g
:
: [ R e s t o r e B r o w s e r S e t t i n g s ]
: A d d R e g = R e s t o r e B r o w s e r S e t t i n g s . r e g
: D e l R e g = D e l e t e T e m p l a t e s . r e g , D e l e t e A u t o s e a r c h . r e g
:
: [ R e s t o r e H o m e P a g e . r e g ]
: H K C U , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n " , " S t a r t P a g e " , 0 , % S T A R T _ P A G E _ U R L %
:
: [ R e s t o r e B r o w s e r S e t t i n g s . r e g ]
: H K L M , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n " , " D e f a u l t _ P a g e _ U R L " , 0 , % S T A R T _ P A G E _ U R L %
: H K L M , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n " , " D e f a u l t _ S e a r c h _ U R L " , 0 , % S E A R C H _ P A G E _ U R L %
: H K L M , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n " , " S e a r c h P a g e " , 0 , % S E A R C H _ P A G E _ U R L %
: H K L M , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n \ U r l T e m p l a t e " , " 1 " , 0 , " w w w . % s . c o m "
: H K L M , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n \ U r l T e m p l a t e " , " 2 " , 0 , " w w w . % s . o r g "
: H K L M , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n \ U r l T e m p l a t e " , " 3 " , 0 , " w w w . % s . n e t "
: H K L M , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n \ U r l T e m p l a t e " , " 4 " , 0 , " w w w . % s . e d u "
: H K C U , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n " , " S e a r c h P a g e " , 0 , % S E A R C H _ P A G E _ U R L %
:
: ; N O T E ( a n d r e w g u ) i e 5 . 5 b # 1 0 8 2 5 9 - a u t o s e a r c h s e t t i n g s a r e n o t p r o p e r l y r e s e t
: H K C U , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ S e a r c h U r l " , " P r o v i d e r " , 0 , " "
:
: t m "
: t m "
: H K L M , " S o f t w a r e \ M i c r o s o f t \ W i n d o w s \ C u r r e n t V e r s i o n \ I n t e r n e t S e t t i n g s \ S a f e S i t e s " , % S A F E S I T E _ V A L U E % , 0 , " h t t p : / / i e . s e a r c h . m s n . c o m / * "
:
: [ D e l e t e T e m p l a t e s . r e g ]
: H K L M , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n \ U r l T e m p l a t e " , " 5 "
: H K L M , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n \ U r l T e m p l a t e " , " 6 "
: H K L M , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n \ U r l T e m p l a t e " , " 7 "
: H K L M , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n \ U r l T e m p l a t e " , " 8 "
: H K L M , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n \ U r l T e m p l a t e " , " 9 "
:
: [ D e l e t e A u t o s e a r c h . r e g ]
: ; N O T E ( a n d r e w g u ) i e 5 . 5 b # 1 0 8 2 5 9 - a u t o s e a r c h s e t t i n g s a r e n o t p r o p e r l y r e s e t
: H K C U , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n " , " A u t o S e a r c h "
:
: [ S t r i n g s ]
: S T A R T _ P A G E _ U R L = " h t t p : / / w w w . m i c r o s o f t . c o m / i s a p i / r e d i r . d l l ? p r d = i e & p v e r = 6 & a r = m s n h o m e "
: S E A R C H _ P A G E _ U R L = " h t t p : / / w w w . m i c r o s o f t . c o m / i s a p i / r e d i r . d l l ? p r d = i e & a r = i e s e a r c h "
: S A F E S I T E _ V A L U E = " h t t p : / / h o m e . m i c r o s o f t . c o m / i n t l / f r / "
:
: ; I M P O R T A N T N O T E :
: ; I E b r a n d i n g d l l ( i e d k c s 3 2 . d l l ) u s e s t h e f o l l o w i n g e n t r i e s t o r e s t o r e t h e d e f a u l t M S v a l u e s .
: ; I n t h e v a n i l l a v e r s i o n o f I E , t h e v a l u e s m u s t b e t h e s a m e a s t h e i r c o r r e s p o n d i n g n o n M S _ * v a l u e s .
: ; F o r e x a m p l e , S T A R T _ P A G E _ U R L a n d M S _ S T A R T _ P A G E _ U R L m u s t h a v e t h e s a m e U R L i n t h e I E v e r s i o n r e l e a s e d b y M S .
: M S _ S T A R T _ P A G E _ U R L = " h t t p : / / w w w . m i c r o s o f t . c o m / i s a p i / r e d i r . d l l ? p r d = i e & p v e r = 6 & a r = m s n h o m e "
:
Missing lines (compared with English-language version):
[Version]: 2 lines
[RestoreHomePage]: 1 line
[RestoreHomePage.reg]: 1 line
[RestoreBrowserSettings.reg]: 12 lines
[DeleteTemplates.reg]: 5 lines
[DeleteAutosearch.reg]: 1 line
[Strings]: 1 line
[RestoreBrowserSettings]: 2 lines
[Strings]: 3 lines
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
AntiVir Update, AVWUpSrv, ""C:\Program Files\AVPersonal\AVWUPSRV.EXE"" ["H+BEDV Datentechnik GmbH, Germany"]
Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."]
HTTP SSL, HTTPFilter, "C:\WINDOWS\System32\svchost.exe -k HTTPFilter" {"C:\WINDOWS\System32\w3ssl.dll" [MS]}
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]
----------
This report excludes default entries except where indicated.
To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
----------
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"msnmsgr" = ""C:\Program Files\MSN Messenger\msnmsgr.exe" /background" [MS]
"SpySweeper" = ""C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0" ["Webroot Software, Inc."]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"WooCnxMon" = "C:\PROGRA~1\Wanadoo\CnxMon.exe" [empty string]
"WOOWATCH" = "C:\PROGRA~1\Wanadoo\Watch.exe" ["France Télécom R&D"]
"Demon" = "C:\PROGRA~1\MESSAG~1\Demon.exe" ["France Telecom"]
"msnappau" = ""C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\msnappau.exe"" [MS]
"WinampAgent" = "C:\Program Files\Winamp\winampa.exe" [null data]
"AVGCtrl" = ""C:\Program Files\AVPersonal\AVGNT.EXE" /min" ["H+BEDV Datentechnik GmbH"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"
-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll" ["Alcohol Soft Development Team"]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{7C9D5882-CB4A-4090-96C8-430BFE8B795B}" = "Webroot Spy Sweeper Context Menu Integration"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll" ["Webroot Software, Inc."]
Active Desktop and Wallpaper:
-----------------------------
Active Desktop is enabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"
Enabled Screen Saver:
---------------------
HKCU\Control Panel\Desktop\
HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\0\
"SCRNSAVE.EXE" = "C:\WINDOWS\system32\ssmyst.scr" [MS]
Startup items in "P03tic" & "All Users" startup folders:
--------------------------------------------------------
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
"Adobe Gamma Loader" -> shortcut to: "C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 20
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" = "MSN" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll" [MS]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]
"{804DB5C7-31E6-4885-850A-F1941B58A4C7}" = "Oemji" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Oemji\Toolbar\OemjiSrc.dll" [null data]
Explorer Bars
Dormant Explorer Bars in "View, Explorer Bar" menu
HKLM\Software\Classes\CLSID\{01002DB2-8170-4D9B-A8B1-DDC9DD114E03}\ = "Volet Wanadoo"
Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]
InProcServer32\(Default) = "C:\PROGRA~1\Wanadoo\audience\audience.dll" [empty string]
HKLM\Software\Classes\CLSID\{3BAF4A27-C764-4E1A-A6F4-62F7A7E5E51C}\ = "ToolBand Class"
Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]
InProcServer32\(Default) = "C:\PROGRA~1\Wanadoo\audience\audience.dll" [empty string]
HKLM\Software\Classes\CLSID\{5BF498C0-931E-4A4F-B33F-456D07137EAA}\ = "Volet Wanadoo"
Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]
InProcServer32\(Default) = "C:\PROGRA~1\Wanadoo\audience\audience.dll" [empty string]
Miscellaneous IE Hijack Points
------------------------------
C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")
Added lines (compared with English-language version):
: ÿþ[ V e r s i o n ]
: S i g n a t u r e = " $ C H I C A G O $ "
: A d v a n c e d I N F = 2 . 5 , " Y o u n e e d a n e w v e r s i o n o f a d v p a c k . d l l "
:
: [ R e s t o r e H o m e P a g e ]
: A d d R e g = R e s t o r e H o m e P a g e . r e g
:
: [ R e s t o r e B r o w s e r S e t t i n g s ]
: A d d R e g = R e s t o r e B r o w s e r S e t t i n g s . r e g
: D e l R e g = D e l e t e T e m p l a t e s . r e g , D e l e t e A u t o s e a r c h . r e g
:
: [ R e s t o r e H o m e P a g e . r e g ]
: H K C U , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n " , " S t a r t P a g e " , 0 , % S T A R T _ P A G E _ U R L %
:
: [ R e s t o r e B r o w s e r S e t t i n g s . r e g ]
: H K L M , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n " , " D e f a u l t _ P a g e _ U R L " , 0 , % S T A R T _ P A G E _ U R L %
: H K L M , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n " , " D e f a u l t _ S e a r c h _ U R L " , 0 , % S E A R C H _ P A G E _ U R L %
: H K L M , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n " , " S e a r c h P a g e " , 0 , % S E A R C H _ P A G E _ U R L %
: H K L M , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n \ U r l T e m p l a t e " , " 1 " , 0 , " w w w . % s . c o m "
: H K L M , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n \ U r l T e m p l a t e " , " 2 " , 0 , " w w w . % s . o r g "
: H K L M , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n \ U r l T e m p l a t e " , " 3 " , 0 , " w w w . % s . n e t "
: H K L M , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n \ U r l T e m p l a t e " , " 4 " , 0 , " w w w . % s . e d u "
: H K C U , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n " , " S e a r c h P a g e " , 0 , % S E A R C H _ P A G E _ U R L %
:
: ; N O T E ( a n d r e w g u ) i e 5 . 5 b # 1 0 8 2 5 9 - a u t o s e a r c h s e t t i n g s a r e n o t p r o p e r l y r e s e t
: H K C U , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ S e a r c h U r l " , " P r o v i d e r " , 0 , " "
:
: t m "
: t m "
: H K L M , " S o f t w a r e \ M i c r o s o f t \ W i n d o w s \ C u r r e n t V e r s i o n \ I n t e r n e t S e t t i n g s \ S a f e S i t e s " , % S A F E S I T E _ V A L U E % , 0 , " h t t p : / / i e . s e a r c h . m s n . c o m / * "
:
: [ D e l e t e T e m p l a t e s . r e g ]
: H K L M , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n \ U r l T e m p l a t e " , " 5 "
: H K L M , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n \ U r l T e m p l a t e " , " 6 "
: H K L M , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n \ U r l T e m p l a t e " , " 7 "
: H K L M , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n \ U r l T e m p l a t e " , " 8 "
: H K L M , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n \ U r l T e m p l a t e " , " 9 "
:
: [ D e l e t e A u t o s e a r c h . r e g ]
: ; N O T E ( a n d r e w g u ) i e 5 . 5 b # 1 0 8 2 5 9 - a u t o s e a r c h s e t t i n g s a r e n o t p r o p e r l y r e s e t
: H K C U , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n " , " A u t o S e a r c h "
:
: [ S t r i n g s ]
: S T A R T _ P A G E _ U R L = " h t t p : / / w w w . m i c r o s o f t . c o m / i s a p i / r e d i r . d l l ? p r d = i e & p v e r = 6 & a r = m s n h o m e "
: S E A R C H _ P A G E _ U R L = " h t t p : / / w w w . m i c r o s o f t . c o m / i s a p i / r e d i r . d l l ? p r d = i e & a r = i e s e a r c h "
: S A F E S I T E _ V A L U E = " h t t p : / / h o m e . m i c r o s o f t . c o m / i n t l / f r / "
:
: ; I M P O R T A N T N O T E :
: ; I E b r a n d i n g d l l ( i e d k c s 3 2 . d l l ) u s e s t h e f o l l o w i n g e n t r i e s t o r e s t o r e t h e d e f a u l t M S v a l u e s .
: ; I n t h e v a n i l l a v e r s i o n o f I E , t h e v a l u e s m u s t b e t h e s a m e a s t h e i r c o r r e s p o n d i n g n o n M S _ * v a l u e s .
: ; F o r e x a m p l e , S T A R T _ P A G E _ U R L a n d M S _ S T A R T _ P A G E _ U R L m u s t h a v e t h e s a m e U R L i n t h e I E v e r s i o n r e l e a s e d b y M S .
: M S _ S T A R T _ P A G E _ U R L = " h t t p : / / w w w . m i c r o s o f t . c o m / i s a p i / r e d i r . d l l ? p r d = i e & p v e r = 6 & a r = m s n h o m e "
:
Missing lines (compared with English-language version):
[Version]: 2 lines
[RestoreHomePage]: 1 line
[RestoreHomePage.reg]: 1 line
[RestoreBrowserSettings.reg]: 12 lines
[DeleteTemplates.reg]: 5 lines
[DeleteAutosearch.reg]: 1 line
[Strings]: 1 line
[RestoreBrowserSettings]: 2 lines
[Strings]: 3 lines
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
AntiVir Update, AVWUpSrv, ""C:\Program Files\AVPersonal\AVWUPSRV.EXE"" ["H+BEDV Datentechnik GmbH, Germany"]
Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."]
HTTP SSL, HTTPFilter, "C:\WINDOWS\System32\svchost.exe -k HTTPFilter" {"C:\WINDOWS\System32\w3ssl.dll" [MS]}
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]
----------
This report excludes default entries except where indicated.
To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
----------
ont vas voir si un services ne serait pas responsable
Télécharger ce petit programme qui nous donnera la liste
des services : get active services
http://pageperso.aol.fr/balltrap34/page%20virus.htm
(ici) http://www.florensac-chasse-trap.com/ section virus
section virus
Le poser sur le bureau.
Le lancer.
Copier/coller le fichier texte qui apparaît
Télécharger ce petit programme qui nous donnera la liste
des services : get active services
http://pageperso.aol.fr/balltrap34/page%20virus.htm
(ici) http://www.florensac-chasse-trap.com/ section virus
section virus
Le poser sur le bureau.
Le lancer.
Copier/coller le fichier texte qui apparaît
These are the Current Active Services:
SERVICE DE LA PASSERELLE DE LA COUCHE APPLICATION: ALG
C:\WINDOWS\System32\alg.exe
ATI HOTKEY POLLER: Ati HotKey Poller
C:\WINDOWS\system32\Ati2evxx.exe
AUDIO WINDOWS: AudioSrv
C:\WINDOWS\System32\svchost.exe -k netsvcs
SERVICE DE TRANSFERT INTELLIGENT EN ARRIÈRE-PLAN: BITS
C:\WINDOWS\system32\svchost.exe -k netsvcs
EXPLORATEUR D'ORDINATEUR: Browser
C:\WINDOWS\system32\svchost.exe -k netsvcs
SERVICES DE CRYPTOGRAPHIE: CryptSvc
C:\WINDOWS\system32\svchost.exe -k netsvcs
CLIENT DHCP: Dhcp
C:\WINDOWS\system32\svchost.exe -k netsvcs
GESTIONNAIRE DE DISQUE LOGIQUE: dmserver
C:\WINDOWS\System32\svchost.exe -k netsvcs
SERVICE DE RAPPORT D'ERREURS: ERSvc
C:\WINDOWS\System32\svchost.exe -k netsvcs
SYSTÈME D'ÉVÉNEMENTS DE COM+: EventSystem
C:\WINDOWS\System32\svchost.exe -k netsvcs
COMPATIBILITÉ AVEC LE CHANGEMENT RAPIDE D'UTILISATEUR: FastUserSwitchingCompatibility
C:\WINDOWS\System32\svchost.exe -k netsvcs
SERVEUR: lanmanserver
C:\WINDOWS\system32\svchost.exe -k netsvcs
STATION DE TRAVAIL: lanmanworkstation
C:\WINDOWS\system32\svchost.exe -k netsvcs
CONNEXIONS RÉSEAU: Netman
C:\WINDOWS\System32\svchost.exe -k netsvcs
NLA (NETWORK LOCATION AWARENESS): Nla
C:\WINDOWS\system32\svchost.exe -k netsvcs
GESTIONNAIRE DE CONNEXION AUTOMATIQUE D'ACCÈS DISTANT: RasAuto
C:\WINDOWS\system32\svchost.exe -k netsvcs
GESTIONNAIRE DE CONNEXIONS D'ACCÈS DISTANT: RasMan
C:\WINDOWS\system32\svchost.exe -k netsvcs
PLANIFICATEUR DE TÂCHES: Schedule
C:\WINDOWS\System32\svchost.exe -k netsvcs
CONNEXION SECONDAIRE: seclogon
C:\WINDOWS\System32\svchost.exe -k netsvcs
NOTIFICATION D'ÉVÉNEMENT SYSTÈME: SENS
C:\WINDOWS\system32\svchost.exe -k netsvcs
PARE-FEU WINDOWS / PARTAGE DE CONNEXION INTERNET: SharedAccess
C:\WINDOWS\system32\svchost.exe -k netsvcs
DÉTECTION MATÉRIEL NOYAU: ShellHWDetection
C:\WINDOWS\System32\svchost.exe -k netsvcs
TÉLÉPHONIE: TapiSrv
C:\WINDOWS\System32\svchost.exe -k netsvcs
THÈMES: Themes
C:\WINDOWS\System32\svchost.exe -k netsvcs
CLIENT DE SUIVI DE LIEN DISTRIBUÉ: TrkWks
C:\WINDOWS\system32\svchost.exe -k netsvcs
HORLOGE WINDOWS: W32Time
C:\WINDOWS\System32\svchost.exe -k netsvcs
INFRASTRUCTURE DE GESTION WINDOWS: winmgmt
C:\WINDOWS\system32\svchost.exe -k netsvcs
CENTRE DE SÉCURITÉ: wscsvc
C:\WINDOWS\System32\svchost.exe -k netsvcs
MISES À JOUR AUTOMATIQUES: wuauserv
C:\WINDOWS\system32\svchost.exe -k netsvcs
CONFIGURATION AUTOMATIQUE SANS FIL: WZCSVC
C:\WINDOWS\System32\svchost.exe -k netsvcs
ANTIVIR UPDATE: AVWUpSrv
"C:\Program Files\AVPersonal\AVWUPSRV.EXE"
LANCEUR DE PROCESSUS SERVEUR DCOM: DcomLaunch
C:\WINDOWS\system32\svchost -k DcomLaunch
SERVICES TERMINAL SERVER: TermService
C:\WINDOWS\System32\svchost -k DComLaunch
CLIENT DNS: Dnscache
C:\WINDOWS\system32\svchost.exe -k NetworkService
JOURNAL DES ÉVÉNEMENTS: Eventlog
C:\WINDOWS\system32\services.exe
PLUG-AND-PLAY: PlugPlay
C:\WINDOWS\system32\services.exe
HTTP SSL: HTTPFilter
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
ASSISTANCE TCP/IP NETBIOS: LmHosts
C:\WINDOWS\system32\svchost.exe -k LocalService
ACCÈS À DISTANCE AU REGISTRE: RemoteRegistry
C:\WINDOWS\system32\svchost.exe -k LocalService
SERVICE DE DÉCOUVERTES SSDP: SSDPSRV
C:\WINDOWS\system32\svchost.exe -k LocalService
HÔTE DE PÉRIPHÉRIQUE UNIVERSEL PLUG-AND-PLAY: upnphost
C:\WINDOWS\system32\svchost.exe -k LocalService
WEBCLIENT: WebClient
C:\WINDOWS\system32\svchost.exe -k LocalService
SERVICES IPSEC: PolicyAgent
C:\WINDOWS\system32\lsass.exe
EMPLACEMENT PROTÉGÉ: ProtectedStorage
C:\WINDOWS\system32\lsass.exe
GESTIONNAIRE DE COMPTES DE SÉCURITÉ: SamSs
C:\WINDOWS\system32\lsass.exe
APPEL DE PROCÉDURE DISTANTE (RPC): RpcSs
C:\WINDOWS\system32\svchost -k rpcss
SPOULEUR D'IMPRESSION: Spooler
C:\WINDOWS\system32\spoolsv.exe
WINDOWS USER MODE DRIVER FRAMEWORK: UMWdf
C:\WINDOWS\system32\wdfmgr.exe
SERVICE DE LA PASSERELLE DE LA COUCHE APPLICATION: ALG
C:\WINDOWS\System32\alg.exe
ATI HOTKEY POLLER: Ati HotKey Poller
C:\WINDOWS\system32\Ati2evxx.exe
AUDIO WINDOWS: AudioSrv
C:\WINDOWS\System32\svchost.exe -k netsvcs
SERVICE DE TRANSFERT INTELLIGENT EN ARRIÈRE-PLAN: BITS
C:\WINDOWS\system32\svchost.exe -k netsvcs
EXPLORATEUR D'ORDINATEUR: Browser
C:\WINDOWS\system32\svchost.exe -k netsvcs
SERVICES DE CRYPTOGRAPHIE: CryptSvc
C:\WINDOWS\system32\svchost.exe -k netsvcs
CLIENT DHCP: Dhcp
C:\WINDOWS\system32\svchost.exe -k netsvcs
GESTIONNAIRE DE DISQUE LOGIQUE: dmserver
C:\WINDOWS\System32\svchost.exe -k netsvcs
SERVICE DE RAPPORT D'ERREURS: ERSvc
C:\WINDOWS\System32\svchost.exe -k netsvcs
SYSTÈME D'ÉVÉNEMENTS DE COM+: EventSystem
C:\WINDOWS\System32\svchost.exe -k netsvcs
COMPATIBILITÉ AVEC LE CHANGEMENT RAPIDE D'UTILISATEUR: FastUserSwitchingCompatibility
C:\WINDOWS\System32\svchost.exe -k netsvcs
SERVEUR: lanmanserver
C:\WINDOWS\system32\svchost.exe -k netsvcs
STATION DE TRAVAIL: lanmanworkstation
C:\WINDOWS\system32\svchost.exe -k netsvcs
CONNEXIONS RÉSEAU: Netman
C:\WINDOWS\System32\svchost.exe -k netsvcs
NLA (NETWORK LOCATION AWARENESS): Nla
C:\WINDOWS\system32\svchost.exe -k netsvcs
GESTIONNAIRE DE CONNEXION AUTOMATIQUE D'ACCÈS DISTANT: RasAuto
C:\WINDOWS\system32\svchost.exe -k netsvcs
GESTIONNAIRE DE CONNEXIONS D'ACCÈS DISTANT: RasMan
C:\WINDOWS\system32\svchost.exe -k netsvcs
PLANIFICATEUR DE TÂCHES: Schedule
C:\WINDOWS\System32\svchost.exe -k netsvcs
CONNEXION SECONDAIRE: seclogon
C:\WINDOWS\System32\svchost.exe -k netsvcs
NOTIFICATION D'ÉVÉNEMENT SYSTÈME: SENS
C:\WINDOWS\system32\svchost.exe -k netsvcs
PARE-FEU WINDOWS / PARTAGE DE CONNEXION INTERNET: SharedAccess
C:\WINDOWS\system32\svchost.exe -k netsvcs
DÉTECTION MATÉRIEL NOYAU: ShellHWDetection
C:\WINDOWS\System32\svchost.exe -k netsvcs
TÉLÉPHONIE: TapiSrv
C:\WINDOWS\System32\svchost.exe -k netsvcs
THÈMES: Themes
C:\WINDOWS\System32\svchost.exe -k netsvcs
CLIENT DE SUIVI DE LIEN DISTRIBUÉ: TrkWks
C:\WINDOWS\system32\svchost.exe -k netsvcs
HORLOGE WINDOWS: W32Time
C:\WINDOWS\System32\svchost.exe -k netsvcs
INFRASTRUCTURE DE GESTION WINDOWS: winmgmt
C:\WINDOWS\system32\svchost.exe -k netsvcs
CENTRE DE SÉCURITÉ: wscsvc
C:\WINDOWS\System32\svchost.exe -k netsvcs
MISES À JOUR AUTOMATIQUES: wuauserv
C:\WINDOWS\system32\svchost.exe -k netsvcs
CONFIGURATION AUTOMATIQUE SANS FIL: WZCSVC
C:\WINDOWS\System32\svchost.exe -k netsvcs
ANTIVIR UPDATE: AVWUpSrv
"C:\Program Files\AVPersonal\AVWUPSRV.EXE"
LANCEUR DE PROCESSUS SERVEUR DCOM: DcomLaunch
C:\WINDOWS\system32\svchost -k DcomLaunch
SERVICES TERMINAL SERVER: TermService
C:\WINDOWS\System32\svchost -k DComLaunch
CLIENT DNS: Dnscache
C:\WINDOWS\system32\svchost.exe -k NetworkService
JOURNAL DES ÉVÉNEMENTS: Eventlog
C:\WINDOWS\system32\services.exe
PLUG-AND-PLAY: PlugPlay
C:\WINDOWS\system32\services.exe
HTTP SSL: HTTPFilter
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
ASSISTANCE TCP/IP NETBIOS: LmHosts
C:\WINDOWS\system32\svchost.exe -k LocalService
ACCÈS À DISTANCE AU REGISTRE: RemoteRegistry
C:\WINDOWS\system32\svchost.exe -k LocalService
SERVICE DE DÉCOUVERTES SSDP: SSDPSRV
C:\WINDOWS\system32\svchost.exe -k LocalService
HÔTE DE PÉRIPHÉRIQUE UNIVERSEL PLUG-AND-PLAY: upnphost
C:\WINDOWS\system32\svchost.exe -k LocalService
WEBCLIENT: WebClient
C:\WINDOWS\system32\svchost.exe -k LocalService
SERVICES IPSEC: PolicyAgent
C:\WINDOWS\system32\lsass.exe
EMPLACEMENT PROTÉGÉ: ProtectedStorage
C:\WINDOWS\system32\lsass.exe
GESTIONNAIRE DE COMPTES DE SÉCURITÉ: SamSs
C:\WINDOWS\system32\lsass.exe
APPEL DE PROCÉDURE DISTANTE (RPC): RpcSs
C:\WINDOWS\system32\svchost -k rpcss
SPOULEUR D'IMPRESSION: Spooler
C:\WINDOWS\system32\spoolsv.exe
WINDOWS USER MODE DRIVER FRAMEWORK: UMWdf
C:\WINDOWS\system32\wdfmgr.exe
