A voir également:
- [instant access][magic control agent]
- File magic - Télécharger - Traitement de texte
- Instant gaming - Forum Jeux PC
- Adb app control - Guide
- Control center 4 - Télécharger - Divers Utilitaires
- Copytrans control center - Télécharger - Divers Utilitaires
32 réponses
Bonjour!
Ce matin j'ai cherché
c:\windows\system32\knrdsouitv.exe avec chaos shredder et j'ai trouvé
c:\windows\system32\knrdsouitv.dat et
c:\windows\system32\knrdsouitv_nav.dat
c:\windows\system32\knrdsouitv_navps.dat
c'est quoi?fo les enlever?
voilà silent runner
"Silent Runners.vbs", revision 41, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"Steam" = (empty string)
"msnmsgr" = ""C:\Program Files\MSN Messenger\msnmsgr.exe" /background" [MS]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
"Disk Monitor" = "C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe" ["Neodio Corp."]
"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe" ["Sun Microsystems, Inc."]
"AOLSAV" = "C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe" ["TechCity Solutions France"]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"HPDJ Taskbar Utility" = "C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe" ["HP"]
"HP Component Manager" = ""C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"" ["Hewlett-Packard Company"]
"HP Software Update" = ""C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"" ["Hewlett-Packard Company"]
"AOLDialer" = "C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe" ["America Online, Inc"]
"AVSCHED32" = "C:\Program Files\AVPersonal\AVSched32.EXE /min" ["H+BEDV Datentechnik GmbH"]
"AVGCtrl" = "C:\Program Files\AVPersonal\AVGNT.EXE /min" ["H+BEDV Datentechnik GmbH"]
"AVG7_CC" = "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP" ["GRISOFT, s.r.o."]
"AVG7_EMC" = "C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe" ["GRISOFT, s.r.o."]
"ATIPTA" = "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" ["ATI Technologies, Inc."]
"TkBellExe" = ""C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
"AOL Spyware Protection" = "C:\PROGRA~1\FICHIE~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [null data]
HKLM\Software\Microsoft\Active Setup\Installed Components\
>{26923b43-4d38-484f-9b9e-de460746276c}\(Default) = "Internet Explorer"
\StubPath = "C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigIE" [MS]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"
-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" [file not found]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]
"{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
AntiVir/Win\(Default) = "{a7cda720-84ee-11d0-b5c0-00001b3ca278}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\AVPersonal\AVShlExt.DLL" ["H+BEDV Datentechnik GmbH"]
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
AntiVir/Win\(Default) = "{a7cda720-84ee-11d0-b5c0-00001b3ca278}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\AVPersonal\AVShlExt.DLL" ["H+BEDV Datentechnik GmbH"]
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
Active Desktop and Wallpaper:
-----------------------------
Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Quentin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"
Startup items in "Quentin" & "All Users" startup folders:
---------------------------------------------------------
C:\Documents and Settings\Quentin\Menu Démarrer\Programmes\Démarrage
"wkcalrem" -> shortcut to: "C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe" ["Microsoft® Corporation"]
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
"Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l" [MS]
"AOL 9.0 Icône AOL" -> shortcut to: "C:\Program Files\AOL 9.0b\aoltray.exe -check" ["America Online, Inc."]
"Lancement rapide d'Adobe Reader" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]
"Logitech SetPoint" -> shortcut to: "C:\Program Files\Logitech\SetPoint\KEM.exe" ["Logitech Inc."]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 17
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{4982D40A-C53B-4615-B15B-B5B5E98D167C}" = "AOL Toolbar" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\AOL Toolbar\toolbar.dll" ["IE Toolbar"]
HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{4982D40A-C53B-4615-B15B-B5B5E98D167C}" = "AOL Toolbar" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\AOL Toolbar\toolbar.dll" ["IE Toolbar"]
Explorer Bars
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
{FE54FA40-D68C-11D2-98FA-00C0F0318AFE}\ = "Real.com" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Shdocvw.dll" [MS]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Console Java (Sun)"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll" ["Sun Microsystems, Inc."]
{4982D40A-C53B-4615-B15B-B5B5E98D167C}\
"ButtonText" = "AOL Toolbar"
"MenuText" = "AOL Toolbar"
{CD67F990-D8E9-11D2-98FE-00C0F0318AFE}\
"ButtonText" = "Real.com"
{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]
Miscellaneous IE Hijack Points
------------------------------
C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")
Added lines (compared with English-language version):
[Strings]: START_PAGE_URL=http://GLOBAL.ACER.COM/
[Strings]: SAFESITE_VALUE="http://home.microsoft.com/intl/fr/"
Missing lines (compared with English-language version):
[Strings]: 2 lines
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
AntiVir Service, AntiVirService, ""C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE"" ["H+BEDV Datentechnik GmbH"]
AntiVir Update, AVWUpSrv, ""C:\Program Files\AVPersonal\AVWUPSRV.EXE"" ["H+BEDV Datentechnik GmbH, Germany"]
AOL Connectivity Service, AOL ACS, "C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLACSD.EXE" ["America Online, Inc."]
Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."]
AVG7 Alert Manager Server, Avg7Alrt, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe" ["GRISOFT, s.r.o."]
AVG7 Update Service, Avg7UpdSvc, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe" ["GRISOFT, s.r.o."]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]
Print Monitors:
---------------
HKLM\System\CurrentControlSet\Control\Print\Monitors\
hpzsnt10\Driver = "hpzsnt10.dll" ["HP"]
----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the -supp parameter or answer "No" at the first message box.
---------- (total run time: 42 seconds, including 4 seconds for message boxes)
merci!!!
Ce matin j'ai cherché
c:\windows\system32\knrdsouitv.exe avec chaos shredder et j'ai trouvé
c:\windows\system32\knrdsouitv.dat et
c:\windows\system32\knrdsouitv_nav.dat
c:\windows\system32\knrdsouitv_navps.dat
c'est quoi?fo les enlever?
voilà silent runner
"Silent Runners.vbs", revision 41, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"Steam" = (empty string)
"msnmsgr" = ""C:\Program Files\MSN Messenger\msnmsgr.exe" /background" [MS]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
"Disk Monitor" = "C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe" ["Neodio Corp."]
"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe" ["Sun Microsystems, Inc."]
"AOLSAV" = "C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe" ["TechCity Solutions France"]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"HPDJ Taskbar Utility" = "C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe" ["HP"]
"HP Component Manager" = ""C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"" ["Hewlett-Packard Company"]
"HP Software Update" = ""C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"" ["Hewlett-Packard Company"]
"AOLDialer" = "C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe" ["America Online, Inc"]
"AVSCHED32" = "C:\Program Files\AVPersonal\AVSched32.EXE /min" ["H+BEDV Datentechnik GmbH"]
"AVGCtrl" = "C:\Program Files\AVPersonal\AVGNT.EXE /min" ["H+BEDV Datentechnik GmbH"]
"AVG7_CC" = "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP" ["GRISOFT, s.r.o."]
"AVG7_EMC" = "C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe" ["GRISOFT, s.r.o."]
"ATIPTA" = "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" ["ATI Technologies, Inc."]
"TkBellExe" = ""C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
"AOL Spyware Protection" = "C:\PROGRA~1\FICHIE~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [null data]
HKLM\Software\Microsoft\Active Setup\Installed Components\
>{26923b43-4d38-484f-9b9e-de460746276c}\(Default) = "Internet Explorer"
\StubPath = "C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigIE" [MS]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"
-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" [file not found]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]
"{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
AntiVir/Win\(Default) = "{a7cda720-84ee-11d0-b5c0-00001b3ca278}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\AVPersonal\AVShlExt.DLL" ["H+BEDV Datentechnik GmbH"]
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
AntiVir/Win\(Default) = "{a7cda720-84ee-11d0-b5c0-00001b3ca278}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\AVPersonal\AVShlExt.DLL" ["H+BEDV Datentechnik GmbH"]
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
Active Desktop and Wallpaper:
-----------------------------
Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Quentin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"
Startup items in "Quentin" & "All Users" startup folders:
---------------------------------------------------------
C:\Documents and Settings\Quentin\Menu Démarrer\Programmes\Démarrage
"wkcalrem" -> shortcut to: "C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe" ["Microsoft® Corporation"]
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
"Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l" [MS]
"AOL 9.0 Icône AOL" -> shortcut to: "C:\Program Files\AOL 9.0b\aoltray.exe -check" ["America Online, Inc."]
"Lancement rapide d'Adobe Reader" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]
"Logitech SetPoint" -> shortcut to: "C:\Program Files\Logitech\SetPoint\KEM.exe" ["Logitech Inc."]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 17
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{4982D40A-C53B-4615-B15B-B5B5E98D167C}" = "AOL Toolbar" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\AOL Toolbar\toolbar.dll" ["IE Toolbar"]
HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{4982D40A-C53B-4615-B15B-B5B5E98D167C}" = "AOL Toolbar" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\AOL Toolbar\toolbar.dll" ["IE Toolbar"]
Explorer Bars
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
{FE54FA40-D68C-11D2-98FA-00C0F0318AFE}\ = "Real.com" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Shdocvw.dll" [MS]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Console Java (Sun)"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll" ["Sun Microsystems, Inc."]
{4982D40A-C53B-4615-B15B-B5B5E98D167C}\
"ButtonText" = "AOL Toolbar"
"MenuText" = "AOL Toolbar"
{CD67F990-D8E9-11D2-98FE-00C0F0318AFE}\
"ButtonText" = "Real.com"
{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]
Miscellaneous IE Hijack Points
------------------------------
C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")
Added lines (compared with English-language version):
[Strings]: START_PAGE_URL=http://GLOBAL.ACER.COM/
[Strings]: SAFESITE_VALUE="http://home.microsoft.com/intl/fr/"
Missing lines (compared with English-language version):
[Strings]: 2 lines
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
AntiVir Service, AntiVirService, ""C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE"" ["H+BEDV Datentechnik GmbH"]
AntiVir Update, AVWUpSrv, ""C:\Program Files\AVPersonal\AVWUPSRV.EXE"" ["H+BEDV Datentechnik GmbH, Germany"]
AOL Connectivity Service, AOL ACS, "C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLACSD.EXE" ["America Online, Inc."]
Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."]
AVG7 Alert Manager Server, Avg7Alrt, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe" ["GRISOFT, s.r.o."]
AVG7 Update Service, Avg7UpdSvc, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe" ["GRISOFT, s.r.o."]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]
Print Monitors:
---------------
HKLM\System\CurrentControlSet\Control\Print\Monitors\
hpzsnt10\Driver = "hpzsnt10.dll" ["HP"]
----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the -supp parameter or answer "No" at the first message box.
---------- (total run time: 42 seconds, including 4 seconds for message boxes)
merci!!!
Utilisateur anonyme
14 oct. 2005 à 17:27
14 oct. 2005 à 17:27
ah enfin, je me disais que c etait pas possible tu les trouves pas...
Relance hijack this, si tu as ca, fixe le
O4 - HKLM\..\Run: [knrdsouitv] c:\windows\system32\knrdsouitv.exe -start
et supprime:
c:\windows\system32\knrdsouitv.exe
c:\windows\system32\knrdsouitv.dat et
c:\windows\system32\knrdsouitv_nav.dat
c:\windows\system32\knrdsouitv_navps.dat
Avec chaos shredder...
A+
Relance hijack this, si tu as ca, fixe le
O4 - HKLM\..\Run: [knrdsouitv] c:\windows\system32\knrdsouitv.exe -start
et supprime:
c:\windows\system32\knrdsouitv.exe
c:\windows\system32\knrdsouitv.dat et
c:\windows\system32\knrdsouitv_nav.dat
c:\windows\system32\knrdsouitv_navps.dat
Avec chaos shredder...
A+
Coucou!
D'solée de pas avoir répondu plus tôt...
Bon, maintenant j'ai un gros problème, j'espère que j'ai pas supprimé un truc qui fallait pas parce que je ne peux plus lancer mes jeux... soit le pc ne fait rien, soit l'affichage bug et la souris n'appara^t pas.
Voilà par exemple ce que me dit le jeux castle wolfenstein:
ET 2.55 win-x86 May 27 2003
----- FS_Startup -----
Current search path:
C:\PROGRA~1\WOLFEN~1\etmain\pak0.pk3 (3725 files)
C:\PROGRA~1\WOLFEN~1\etmain\mp_bin.pk3 (4 files)
C:\PROGRA~1\WOLFEN~1/etmain
----------------------
3729 files in pk3 files
execing default.cfg
couldn't exec language.cfg
couldn't exec autoexec.cfg
Hunk_Clear: reset the hunk ok
...detecting CPU, found AMD w/ 3DNow!
Bypassing CD checks
----- Client Initialization -----
----- Initializing Renderer ----
-------------------------------
----- Client Initialization Complete -----
----- R_Init -----
Initializing OpenGL subsystem
...initializing QGL
...calling LoadLibrary( 'C:\WINDOWS\system32\opengl32.dll' ): succeeded
...setting mode 4: 800 600 FS
...using desktop display depth of 32
...calling CDS: ok
...registered window class
...created window@0,0 (800x600)
Initializing OpenGL driver
...getting DC: succeeded
...GLW_ChoosePFD( 32, 24, 0 )
...35 PFDs found
...GLW_ChoosePFD failed
...GLW_ChoosePFD( 32, 24, 0 )
...35 PFDs found
...GLW_ChoosePFD failed
...failed to find an appropriate PIXELFORMAT
...restoring display settings
...WARNING: could not set the given mode (4)
...setting mode 4: 800 600 FS
...using colorsbits of 16
...calling CDS: ok
...created window@0,0 (800x600)
Initializing OpenGL driver
...getting DC: succeeded
...GLW_ChoosePFD( 16, 16, 0 )
...35 PFDs found
...GLW_ChoosePFD failed
...GLW_ChoosePFD( 16, 16, 0 )
...35 PFDs found
...GLW_ChoosePFD failed
...failed to find an appropriate PIXELFORMAT
...restoring display settings
...WARNING: could not set the given mode (3)
...shutting down QGL
...unloading OpenGL DLL
...assuming '3dfxvgl' is a standalone driver
...initializing QGL
...WARNING: missing Glide installation, assuming no 3Dfx available
...shutting down QGL
----- CL_Shutdown -----
RE_Shutdown( 1 )
-----------------------
GLW_StartOpenGL() - could not load OpenGL subsystem
Pitié dis-moi que j'ai pas fait une connerie!
Merci.
D'solée de pas avoir répondu plus tôt...
Bon, maintenant j'ai un gros problème, j'espère que j'ai pas supprimé un truc qui fallait pas parce que je ne peux plus lancer mes jeux... soit le pc ne fait rien, soit l'affichage bug et la souris n'appara^t pas.
Voilà par exemple ce que me dit le jeux castle wolfenstein:
ET 2.55 win-x86 May 27 2003
----- FS_Startup -----
Current search path:
C:\PROGRA~1\WOLFEN~1\etmain\pak0.pk3 (3725 files)
C:\PROGRA~1\WOLFEN~1\etmain\mp_bin.pk3 (4 files)
C:\PROGRA~1\WOLFEN~1/etmain
----------------------
3729 files in pk3 files
execing default.cfg
couldn't exec language.cfg
couldn't exec autoexec.cfg
Hunk_Clear: reset the hunk ok
...detecting CPU, found AMD w/ 3DNow!
Bypassing CD checks
----- Client Initialization -----
----- Initializing Renderer ----
-------------------------------
----- Client Initialization Complete -----
----- R_Init -----
Initializing OpenGL subsystem
...initializing QGL
...calling LoadLibrary( 'C:\WINDOWS\system32\opengl32.dll' ): succeeded
...setting mode 4: 800 600 FS
...using desktop display depth of 32
...calling CDS: ok
...registered window class
...created window@0,0 (800x600)
Initializing OpenGL driver
...getting DC: succeeded
...GLW_ChoosePFD( 32, 24, 0 )
...35 PFDs found
...GLW_ChoosePFD failed
...GLW_ChoosePFD( 32, 24, 0 )
...35 PFDs found
...GLW_ChoosePFD failed
...failed to find an appropriate PIXELFORMAT
...restoring display settings
...WARNING: could not set the given mode (4)
...setting mode 4: 800 600 FS
...using colorsbits of 16
...calling CDS: ok
...created window@0,0 (800x600)
Initializing OpenGL driver
...getting DC: succeeded
...GLW_ChoosePFD( 16, 16, 0 )
...35 PFDs found
...GLW_ChoosePFD failed
...GLW_ChoosePFD( 16, 16, 0 )
...35 PFDs found
...GLW_ChoosePFD failed
...failed to find an appropriate PIXELFORMAT
...restoring display settings
...WARNING: could not set the given mode (3)
...shutting down QGL
...unloading OpenGL DLL
...assuming '3dfxvgl' is a standalone driver
...initializing QGL
...WARNING: missing Glide installation, assuming no 3Dfx available
...shutting down QGL
----- CL_Shutdown -----
RE_Shutdown( 1 )
-----------------------
GLW_StartOpenGL() - could not load OpenGL subsystem
Pitié dis-moi que j'ai pas fait une connerie!
Merci.
Utilisateur anonyme
16 oct. 2005 à 18:20
16 oct. 2005 à 18:20
salut
t as essayer de le reinstaller?
tes soucis en sont ou ?
a+
t as essayer de le reinstaller?
tes soucis en sont ou ?
a+
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
HU!
Non en fait j'ai cherché sur le forum tout ça et en fait j'ai réglé mon problème! je suis allée voir l'accélération matérielle je l'ai mis sur 'complète' et voilà, tout marche... je sais pas comment c'était configuré avant mais bon. J'ai supprimé les trucs que tu m'as dit avec chaos shredder, je pense que c'est bon maintenant, je vais passer tous les antispywares, anti-virus et autres pour voir s'il reste qqch et je te redirais...
Non en fait j'ai cherché sur le forum tout ça et en fait j'ai réglé mon problème! je suis allée voir l'accélération matérielle je l'ai mis sur 'complète' et voilà, tout marche... je sais pas comment c'était configuré avant mais bon. J'ai supprimé les trucs que tu m'as dit avec chaos shredder, je pense que c'est bon maintenant, je vais passer tous les antispywares, anti-virus et autres pour voir s'il reste qqch et je te redirais...
Utilisateur anonyme
16 oct. 2005 à 18:38
16 oct. 2005 à 18:38
re,
d accord, passe tout ca et dis moi si tout est reglé
a+
d accord, passe tout ca et dis moi si tout est reglé
a+
slute,
il ya toujours aol spyware protection qui identifie winfixer comme un malware dangereux!
Sinon c'est tout, merci beaucoup pour avoir passé du temps à régler mes soucis!
il ya toujours aol spyware protection qui identifie winfixer comme un malware dangereux!
Sinon c'est tout, merci beaucoup pour avoir passé du temps à régler mes soucis!
Utilisateur anonyme
16 oct. 2005 à 19:19
16 oct. 2005 à 19:19
salut
tu le bloque et tu le supprime apres, et quand tu le relances tjr la?
Sinon essai ceci si il reapparait apres blocage + suppression
télécharge ceci Registry Search Tool
http://www.billsway.com/vbspage/
decompresse le et tape ou colle
winfixer
et copie colle le resultat dans le bloc note et donne le nous
--
a+
tu le bloque et tu le supprime apres, et quand tu le relances tjr la?
Sinon essai ceci si il reapparait apres blocage + suppression
télécharge ceci Registry Search Tool
http://www.billsway.com/vbspage/
decompresse le et tape ou colle
winfixer
et copie colle le resultat dans le bloc note et donne le nous
--
a+
hu!
Oui je le bloque et le supprime mais le lendemain il revient, même en désactivant la restauration système!
Il est dangereux ce truc?
à+
Oui je le bloque et le supprime mais le lendemain il revient, même en désactivant la restauration système!
Il est dangereux ce truc?
à+
Salut ! j' ai eu une grosse galere aussi avec ça...Impossible de le supprimer ! Enfin, plus maintenant ! telecharge un logiciel qui s' appel " spy sweeper" ( tu va trouver une version démo de 15 jours)
Ce logiciel est tout simplement BALAISE !
Voici le lien : http://www.01net.com/telecharger/windows/Utilitaire/antivirus/fiches/26411.html
En esperent t' avoir aidé...
@+
S.Pursang
Ce logiciel est tout simplement BALAISE !
Voici le lien : http://www.01net.com/telecharger/windows/Utilitaire/antivirus/fiches/26411.html
En esperent t' avoir aidé...
@+
S.Pursang
Bonjour!
J'ai eu le même probleme depuis que j'ai installé "Web Media Player", je l'ai desinstallé quelques minutes plutard mais j'ai continué à recevoir des pub intempestive, j'ai l'impression que dés que je faisais une recherche dans google le spyware me proposait des pages...s'était lassant à la fin!!!
j'ai essayé plein de programmes mais rien!! certains programmes (avg anti spyware ou Ashampoo antispyware arrivaient à detecter l'adware (PerfectNav/Magic Control...) mais apparement ils n'arrivaient pas à le supprimer (à la première tentative) à partir de la seconde tentative ils n'arrivaient plus à le detecter et donc pour eux mon pc était safe mais moi je continuais à avoir les pubs à la con!!! (sorry)
Je suis finalement tonbé sur la version beta de Blacklight que je ne connaissait pas du tout. Voici le lien: https://europe.f-secure.com/exclude/blacklight/blbeta.exe
trés simple d'utilisation, il permet de reperer les fichiers et processus cacher, puis on peut les renommer (il leur ajoute l'extension .ren) ce qui les rends innopérants (à manipuler avec précaution!!! donc bien lire l'aide)
Voilà j'espère que mon expérience pourra vous être utile!!!
Tout problème a sa solution
Nahnou :-)
J'ai eu le même probleme depuis que j'ai installé "Web Media Player", je l'ai desinstallé quelques minutes plutard mais j'ai continué à recevoir des pub intempestive, j'ai l'impression que dés que je faisais une recherche dans google le spyware me proposait des pages...s'était lassant à la fin!!!
j'ai essayé plein de programmes mais rien!! certains programmes (avg anti spyware ou Ashampoo antispyware arrivaient à detecter l'adware (PerfectNav/Magic Control...) mais apparement ils n'arrivaient pas à le supprimer (à la première tentative) à partir de la seconde tentative ils n'arrivaient plus à le detecter et donc pour eux mon pc était safe mais moi je continuais à avoir les pubs à la con!!! (sorry)
Je suis finalement tonbé sur la version beta de Blacklight que je ne connaissait pas du tout. Voici le lien: https://europe.f-secure.com/exclude/blacklight/blbeta.exe
trés simple d'utilisation, il permet de reperer les fichiers et processus cacher, puis on peut les renommer (il leur ajoute l'extension .ren) ce qui les rends innopérants (à manipuler avec précaution!!! donc bien lire l'aide)
Voilà j'espère que mon expérience pourra vous être utile!!!
Tout problème a sa solution
Nahnou :-)
