[virus] impossible a supprimer
Résolu/Fermé
lorg03
Messages postés
99
Date d'inscription
mercredi 21 février 2007
Statut
Membre
Dernière intervention
18 octobre 2009
-
21 févr. 2007 à 02:07
sebteam24 - 22 déc. 2008 à 10:00
sebteam24 - 22 déc. 2008 à 10:00
A voir également:
- [virus] impossible a supprimer
- Fichier impossible à supprimer - Guide
- Impossible de supprimer une page word - Guide
- Supprimer compte instagram - Guide
- Comment supprimer fausse alerte virus mcafee - Accueil - Piratage
- Supprimer pub youtube - Accueil - Streaming
41 réponses
lorg03
Messages postés
99
Date d'inscription
mercredi 21 février 2007
Statut
Membre
Dernière intervention
18 octobre 2009
23 févr. 2007 à 21:52
23 févr. 2007 à 21:52
rubstick n a pas trouvé d infection...
lorg03
Messages postés
99
Date d'inscription
mercredi 21 février 2007
Statut
Membre
Dernière intervention
18 octobre 2009
24 févr. 2007 à 00:04
24 févr. 2007 à 00:04
je viens de refaire une analyse hijackthis, et j ai l impression que les programmes que j efface sont impossible a supprimer, je sais pas comment faire pr enlever un bonne fois pour tout les virus...
je suis infecté que sur IE, peut etre qu effacer IE et le retelecharger serait une solution mais ca parait trop facile, et en plus j aimerai pas faire planter car bcp de programme se remette a jour avec IE...
merci
je suis infecté que sur IE, peut etre qu effacer IE et le retelecharger serait une solution mais ca parait trop facile, et en plus j aimerai pas faire planter car bcp de programme se remette a jour avec IE...
merci
Utilisateur anonyme
24 févr. 2007 à 00:07
24 févr. 2007 à 00:07
Ok merci. ce qui m'intrigue c'est ce dossier et les pubs Asiatique dont tu me parles. J'ai cru que tu en etais un lol !
¤ - Ouvre HijackThis
Clic sur "open the misc tools section"
Clic sur "open uninstall manager"
Clic sur "Save list" dans la fenêtre qui va s'ouvrir enregistre le fichier à un endroit ou tu le retrouvera facilement.
¤ Télécharge Silent Runners
https://www.silentrunners.org/Silent%20Runners.vbs
clic sur "fichier" en haut à droite de ton navigateur puis "enregistrer sous".
Double-clic dessus puis 2 fois sur "yes"
Laisse lui le temps de faire son analyse puis poste le rapport qu'il va t'afficher (après quelques minutes)
¤ Tu as quoi comme anti-spywares ?
¤ - Ouvre HijackThis
Clic sur "open the misc tools section"
Clic sur "open uninstall manager"
Clic sur "Save list" dans la fenêtre qui va s'ouvrir enregistre le fichier à un endroit ou tu le retrouvera facilement.
¤ Télécharge Silent Runners
https://www.silentrunners.org/Silent%20Runners.vbs
clic sur "fichier" en haut à droite de ton navigateur puis "enregistrer sous".
Double-clic dessus puis 2 fois sur "yes"
Laisse lui le temps de faire son analyse puis poste le rapport qu'il va t'afficher (après quelques minutes)
¤ Tu as quoi comme anti-spywares ?
lorg03
Messages postés
99
Date d'inscription
mercredi 21 février 2007
Statut
Membre
Dernière intervention
18 octobre 2009
24 févr. 2007 à 04:37
24 févr. 2007 à 04:37
comme antoi spyware, je sai spas vraiment, j ai telecharger pas mal de truc, mais avant j avais que norton, et j ai rajouter depuis spyboot et adware...
sinon je ne suis pas asiatique lol, mais c est ce foutu programme asiatique qui m a filé c est fenetre de pub qui s ouvre...et je sais pas comment en finir a bout...
voici le long rapport de silent runners:
"Silent Runners.vbs", revision R50, https://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"Skype" = ""C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."]
"Creative Detector" = "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R" ["Creative Technology Ltd"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"Windows Defender" = ""C:\Program Files\Windows Defender\MSASCui.exe" -hide" [MS]
"SynTPLpr" = "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" ["Synaptics, Inc."]
"SynTPEnh" = "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" ["Synaptics, Inc."]
"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
"SiSPower" = "Rundll32.exe SiSPower.dll,ModeAgent" [MS]
"SiS Windows KeyHook" = "C:\WINDOWS\system32\keyhook.exe" ["Silicon Integrated Systems Corporation"]
"PHIME2002ASync" = "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC" [MS]
"PHIME2002A" = "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName" [MS]
"PCMService" = ""C:\Program Files\Arcade\PCMService.exe"" ["CyberLink Corp."]
"osCheck" = ""C:\Program Files\Norton Internet Security\osCheck.exe"" ["Symantec Corporation"]
"MSPY2002" = "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC" [null data]
"LManager" = "C:\Program Files\Launch Manager\QtZgAcer.EXE" ["Dritek System Inc."]
"LaunchApp" = "Alaunch" ["Acer Inc."]
"IMJPMIG8.1" = ""C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32" [MS]
"Google Desktop Search" = ""C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup" ["Google"]
"eRecoveryService" = "C:\Acer\Empowering Technology\eRecovery\Monitor.exe" ["acer Inc."]
"ccApp" = ""C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]
"Internet Sweeper" = "C:\WINDOWS\SYSTEM32\SWEEPER.EXE /Q" ["Emery Info-Engineering <brettemery@bmesite.com>"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{1E8A6170-7264-4D0F-BEAE-D42A53123C75}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.0\NppBho.dll" ["Symantec Corporation"]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Windows Live Toolbar Helper"
\InProcServer32\(Default) = "C:\Program Files\Windows Live Toolbar\msntb.dll" [MS]
{EEC7E620-B32A-4E3B-B200-291660803474}\(Default) = "TBSB03263"
-> {HKLM...CLSID} = "TBSB03263 Class"
\InProcServer32\(Default) = "C:\PROGRA~1\ËÑË÷À¸\eqiso.dll" [empty string]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"
-> {HKLM...CLSID} = "Extension Affichage Panorama du Panneau de configuration"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{2F603045-309F-11CF-9774-0020AFD0CFF6}" = "Synaptics Control Panel"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Synaptics\SynTP\SynTPCpl.dll" ["Synaptics, Inc."]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {HKLM...CLSID} = "Microsoft Office Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook File Icon Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{32A9D769-5B55-4a25-9A62-86B5683FE50A}" = "NikonView Drop Extension"
-> {HKLM...CLSID} = "NikonView Drop Extension"
\InProcServer32\(Default) = "C:\Program Files\Nikon\NkView6\NkvDropExt.dll" ["Nikon Corporation"]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {HKLM...CLSID} = "RealOne Player Context Menu Class"
\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {HKLM...CLSID} = "Portable Media Devices Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{A155339D-CCCD-4714-85EB-3754B804C9DF}" = "a-squared Free Context Menu Shell Extension"
-> {HKLM...CLSID} = "a-squared Free Context Menu"
\InProcServer32\(Default) = "C:\PROGRA~1\A-SQUA~1\A2FREE~1.DLL" ["Emsi Software GmbH"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
<<!>> "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}" = "Microsoft AntiMalware ShellExecuteHook"
-> {HKLM...CLSID} = "Microsoft AntiMalware ShellExecuteHook"
\InProcServer32\(Default) = "C:\PROGRA~1\WIFD1F~1\MpShHook.dll" [MS]
<<!>> "{4ED6E0B5-F47A-4609-A940-11CF60FDC3C3}" = "NetCache"
-> {HKLM...CLSID} = "NetCache"
\InProcServer32\(Default) = "C:\WINDOWS\system32\mctet.dll" [file not found]
<<!>> "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "AVG Anti-Spyware 7.5"
-> {HKLM...CLSID} = "CShellExecuteHookImpl Object"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" ["Anti-Malware Development a.s."]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\
<<!>> "AppInit_DLLs" = "C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL" ["Google"]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> cryptimg\DLLName = "cryptimg.dll" [MS]
HKLM\Software\Classes\PROTOCOLS\Filter\
<<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]
HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "c:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["Anti-Malware Development a.s."]
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}"
-> {HKLM...CLSID} = "IEContextMenu Class"
\InProcServer32\(Default) = "C:\PROGRA~1\NORTON~2\NORTON~1\NavShExt.dll" ["Symantec Corporation"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["Anti-Malware Development a.s."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
a2FreeContMenu\(Default) = "{A155339D-CCCD-4714-85EB-3754B804C9DF}"
-> {HKLM...CLSID} = "a-squared Free Context Menu"
\InProcServer32\(Default) = "C:\PROGRA~1\A-SQUA~1\A2FREE~1.DLL" ["Emsi Software GmbH"]
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}"
-> {HKLM...CLSID} = "IEContextMenu Class"
\InProcServer32\(Default) = "C:\PROGRA~1\NORTON~2\NORTON~1\NavShExt.dll" ["Symantec Corporation"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\
a2FreeContMenu\(Default) = "{A155339D-CCCD-4714-85EB-3754B804C9DF}"
-> {HKLM...CLSID} = "a-squared Free Context Menu"
\InProcServer32\(Default) = "C:\PROGRA~1\A-SQUA~1\A2FREE~1.DLL" ["Emsi Software GmbH"]
Group Policies {policy setting}:
--------------------------------
Note: detected settings may not have any effect.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\
"DisableRegistryTools" = (REG_DWORD) hex:0x00000000
{Prevent access to registry editing tools}
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\
"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Shutdown: Allow system to be shut down without having to log on}
"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Devices: Allow undock without having to log on}
Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\Windows\Web\Wallpaper\Acer.bmp"
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\WINDOWS\WEB\WALLPAPER\ACER.BMP"
Startup items in "bayle" & "All Users" startup folders:
-------------------------------------------------------
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
"Utility Tray" -> shortcut to: "C:\WINDOWS\system32\sistray.exe" ["Silicon Integrated Systems Corporation"]
"NkvMon.exe" -> shortcut to: "C:\Program Files\Nikon\NkView6\NkvMon.exe" ["Nikon Corporation"]
Enabled Scheduled Tasks:
------------------------
"Norton Internet Security - Run Full System Scan - bayle" -> launches: "C:\PROGRA~1\NORTON~2\NORTON~1\Navw32.exe /TASK:"C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Tasks\mycomp.sca"" ["Symantec Corporation"]
"MP Scheduled Scan" -> launches: "C:\Program Files\Windows Defender\MpCmdRun.exe Scan -RestrictPrivileges" [MS]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 13
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}"
-> {HKLM...CLSID} = "Windows Live Toolbar"
\InProcServer32\(Default) = "C:\Program Files\Windows Live Toolbar\msntb.dll" [MS]
"{33E640D8-EB95-4B22-B475-1852B7D35993}"
-> {HKLM...CLSID} = "???"
\InProcServer32\(Default) = "C:\Program Files\ËÑË÷À¸\eqiso.dll" [empty string]
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}"
-> {HKLM...CLSID} = "Windows Live Toolbar"
\InProcServer32\(Default) = "C:\Program Files\Windows Live Toolbar\msntb.dll" [MS]
"{33E640D8-EB95-4B22-B475-1852B7D35993}"
-> {HKLM...CLSID} = "???"
\InProcServer32\(Default) = "C:\Program Files\ËÑË÷À¸\eqiso.dll" [empty string]
HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" = (no title provided)
-> {HKLM...CLSID} = "Windows Live Toolbar"
\InProcServer32\(Default) = "C:\Program Files\Windows Live Toolbar\msntb.dll" [MS]
"{90222687-F593-4738-B738-FBEE9C7B26DF}" = "NCO Toolbar"
-> {HKLM...CLSID} = "Show Norton Toolbar"
\InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.0\UIBHO.dll" ["Symantec Corporation"]
Explorer Bars
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
HKLM\Software\Classes\CLSID\{841B2B65-118D-4FF2-AD63-4CFF44B8B68F}\(Default) = "KeyWordBand Class"
Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]
InProcServer32\(Default) = "C:\WINDOWS\system32\4153ntos.dll" [file not found]
HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Rechercher"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS]
Extensions (Tools menu items, main toolbar menu buttons)
HKCU\Software\Microsoft\Internet Explorer\Extensions\
{C1F0024B-8278-4999-B7E6-2718426D9FE6}\
"ButtonText" = "²Æ¸»Í¨"
"CLSIDExtension" = "{E36884E3-42E9-4A8E-A7F8-6DE700903E5C}"
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{85D1F590-48F4-11D9-9669-0800200C9A66}\
"MenuText" = "Uninstall BitDefender Online Scanner v8"
"Exec" = "%windir%\bdoscandel.exe" [null data]
Miscellaneous IE Hijack Points
------------------------------
C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")
Added lines (compared with English-language version):
[Strings]: SAFESITE_VALUE="https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fhome.microsoft.com%2fintl%2ffr%2f%3f"
Missing lines (compared with English-language version):
[Strings]: 1 line
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\
<<H>> "{CA3EB689-8F09-4026-AA10-B9534C691CE0}" = (no title provided)
-> {HKLM...CLSID} = "ToolbarURLSearchHook Class"
\InProcServer32\(Default) = "C:\PROGRA~1\ËÑË÷À¸\tbhelper.dll" [empty string]
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
Automatic LiveUpdate Scheduler, Automatic LiveUpdate Scheduler, ""C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"" ["Symantec Corporation"]
AVG Anti-Spyware Guard, AVG Anti-Spyware Guard, "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe" ["Anti-Malware Development a.s."]
Creative Service for CDROM Access, Creative Service for CDROM Access, "C:\WINDOWS\system32\CTsvcCDA.EXE" ["Creative Technology Ltd"]
Local Connection Manager, Mercha2, "C:\WINDOWS\SYSTEM32\RUNDLLFROMWIN2000.EXE C:\WINDOWS\SYSTEM32\WBEM\CROTE.DLL,Export 1087" [MS]
Notebook Manager Service, anbmService, "C:\Acer\eManager\anbmServ.exe" ["OSA Technologies Inc."]
Std datl Service, datl, "C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\yvld\ifvq.dll,Service -s" [MS]
Symantec AppCore Service, SymAppCore, ""C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe"" ["Symantec Corporation"]
Symantec Core LC, Symantec Core LC, ""C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe"" ["Symantec Corporation"]
Symantec Event Manager, ccEvtMgr, ""C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon" ["Symantec Corporation"]
Symantec Lic NetConnect service, CLTNetCnService, ""C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon" ["Symantec Corporation"]
Symantec Settings Manager, ccSetMgr, ""C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon" ["Symantec Corporation"]
System Administrator, Tech, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\system32\xenty.dll" [MS]}
Windows Defender, WinDefend, ""C:\Program Files\Windows Defender\MsMpEng.exe"" [MS]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]
Print Monitors:
---------------
HKLM\System\CurrentControlSet\Control\Print\Monitors\
Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]
Microsoft Shared Fax Monitor\Driver = "FXSMON.DLL" [MS]
----------
<<!>>: Suspicious data at a malware launch point.
<<H>>: Suspicious data at a browser hijack point.
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 70 seconds, including 4 seconds for message boxes)
sinon je ne suis pas asiatique lol, mais c est ce foutu programme asiatique qui m a filé c est fenetre de pub qui s ouvre...et je sais pas comment en finir a bout...
voici le long rapport de silent runners:
"Silent Runners.vbs", revision R50, https://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"Skype" = ""C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."]
"Creative Detector" = "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R" ["Creative Technology Ltd"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"Windows Defender" = ""C:\Program Files\Windows Defender\MSASCui.exe" -hide" [MS]
"SynTPLpr" = "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" ["Synaptics, Inc."]
"SynTPEnh" = "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" ["Synaptics, Inc."]
"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
"SiSPower" = "Rundll32.exe SiSPower.dll,ModeAgent" [MS]
"SiS Windows KeyHook" = "C:\WINDOWS\system32\keyhook.exe" ["Silicon Integrated Systems Corporation"]
"PHIME2002ASync" = "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC" [MS]
"PHIME2002A" = "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName" [MS]
"PCMService" = ""C:\Program Files\Arcade\PCMService.exe"" ["CyberLink Corp."]
"osCheck" = ""C:\Program Files\Norton Internet Security\osCheck.exe"" ["Symantec Corporation"]
"MSPY2002" = "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC" [null data]
"LManager" = "C:\Program Files\Launch Manager\QtZgAcer.EXE" ["Dritek System Inc."]
"LaunchApp" = "Alaunch" ["Acer Inc."]
"IMJPMIG8.1" = ""C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32" [MS]
"Google Desktop Search" = ""C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup" ["Google"]
"eRecoveryService" = "C:\Acer\Empowering Technology\eRecovery\Monitor.exe" ["acer Inc."]
"ccApp" = ""C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]
"Internet Sweeper" = "C:\WINDOWS\SYSTEM32\SWEEPER.EXE /Q" ["Emery Info-Engineering <brettemery@bmesite.com>"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{1E8A6170-7264-4D0F-BEAE-D42A53123C75}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.0\NppBho.dll" ["Symantec Corporation"]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Windows Live Toolbar Helper"
\InProcServer32\(Default) = "C:\Program Files\Windows Live Toolbar\msntb.dll" [MS]
{EEC7E620-B32A-4E3B-B200-291660803474}\(Default) = "TBSB03263"
-> {HKLM...CLSID} = "TBSB03263 Class"
\InProcServer32\(Default) = "C:\PROGRA~1\ËÑË÷À¸\eqiso.dll" [empty string]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"
-> {HKLM...CLSID} = "Extension Affichage Panorama du Panneau de configuration"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{2F603045-309F-11CF-9774-0020AFD0CFF6}" = "Synaptics Control Panel"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Synaptics\SynTP\SynTPCpl.dll" ["Synaptics, Inc."]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {HKLM...CLSID} = "Microsoft Office Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook File Icon Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{32A9D769-5B55-4a25-9A62-86B5683FE50A}" = "NikonView Drop Extension"
-> {HKLM...CLSID} = "NikonView Drop Extension"
\InProcServer32\(Default) = "C:\Program Files\Nikon\NkView6\NkvDropExt.dll" ["Nikon Corporation"]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {HKLM...CLSID} = "RealOne Player Context Menu Class"
\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {HKLM...CLSID} = "Portable Media Devices Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{A155339D-CCCD-4714-85EB-3754B804C9DF}" = "a-squared Free Context Menu Shell Extension"
-> {HKLM...CLSID} = "a-squared Free Context Menu"
\InProcServer32\(Default) = "C:\PROGRA~1\A-SQUA~1\A2FREE~1.DLL" ["Emsi Software GmbH"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
<<!>> "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}" = "Microsoft AntiMalware ShellExecuteHook"
-> {HKLM...CLSID} = "Microsoft AntiMalware ShellExecuteHook"
\InProcServer32\(Default) = "C:\PROGRA~1\WIFD1F~1\MpShHook.dll" [MS]
<<!>> "{4ED6E0B5-F47A-4609-A940-11CF60FDC3C3}" = "NetCache"
-> {HKLM...CLSID} = "NetCache"
\InProcServer32\(Default) = "C:\WINDOWS\system32\mctet.dll" [file not found]
<<!>> "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "AVG Anti-Spyware 7.5"
-> {HKLM...CLSID} = "CShellExecuteHookImpl Object"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" ["Anti-Malware Development a.s."]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\
<<!>> "AppInit_DLLs" = "C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL" ["Google"]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> cryptimg\DLLName = "cryptimg.dll" [MS]
HKLM\Software\Classes\PROTOCOLS\Filter\
<<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]
HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "c:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["Anti-Malware Development a.s."]
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}"
-> {HKLM...CLSID} = "IEContextMenu Class"
\InProcServer32\(Default) = "C:\PROGRA~1\NORTON~2\NORTON~1\NavShExt.dll" ["Symantec Corporation"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["Anti-Malware Development a.s."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
a2FreeContMenu\(Default) = "{A155339D-CCCD-4714-85EB-3754B804C9DF}"
-> {HKLM...CLSID} = "a-squared Free Context Menu"
\InProcServer32\(Default) = "C:\PROGRA~1\A-SQUA~1\A2FREE~1.DLL" ["Emsi Software GmbH"]
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}"
-> {HKLM...CLSID} = "IEContextMenu Class"
\InProcServer32\(Default) = "C:\PROGRA~1\NORTON~2\NORTON~1\NavShExt.dll" ["Symantec Corporation"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\
a2FreeContMenu\(Default) = "{A155339D-CCCD-4714-85EB-3754B804C9DF}"
-> {HKLM...CLSID} = "a-squared Free Context Menu"
\InProcServer32\(Default) = "C:\PROGRA~1\A-SQUA~1\A2FREE~1.DLL" ["Emsi Software GmbH"]
Group Policies {policy setting}:
--------------------------------
Note: detected settings may not have any effect.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\
"DisableRegistryTools" = (REG_DWORD) hex:0x00000000
{Prevent access to registry editing tools}
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\
"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Shutdown: Allow system to be shut down without having to log on}
"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Devices: Allow undock without having to log on}
Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\Windows\Web\Wallpaper\Acer.bmp"
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\WINDOWS\WEB\WALLPAPER\ACER.BMP"
Startup items in "bayle" & "All Users" startup folders:
-------------------------------------------------------
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
"Utility Tray" -> shortcut to: "C:\WINDOWS\system32\sistray.exe" ["Silicon Integrated Systems Corporation"]
"NkvMon.exe" -> shortcut to: "C:\Program Files\Nikon\NkView6\NkvMon.exe" ["Nikon Corporation"]
Enabled Scheduled Tasks:
------------------------
"Norton Internet Security - Run Full System Scan - bayle" -> launches: "C:\PROGRA~1\NORTON~2\NORTON~1\Navw32.exe /TASK:"C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Tasks\mycomp.sca"" ["Symantec Corporation"]
"MP Scheduled Scan" -> launches: "C:\Program Files\Windows Defender\MpCmdRun.exe Scan -RestrictPrivileges" [MS]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 13
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}"
-> {HKLM...CLSID} = "Windows Live Toolbar"
\InProcServer32\(Default) = "C:\Program Files\Windows Live Toolbar\msntb.dll" [MS]
"{33E640D8-EB95-4B22-B475-1852B7D35993}"
-> {HKLM...CLSID} = "???"
\InProcServer32\(Default) = "C:\Program Files\ËÑË÷À¸\eqiso.dll" [empty string]
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}"
-> {HKLM...CLSID} = "Windows Live Toolbar"
\InProcServer32\(Default) = "C:\Program Files\Windows Live Toolbar\msntb.dll" [MS]
"{33E640D8-EB95-4B22-B475-1852B7D35993}"
-> {HKLM...CLSID} = "???"
\InProcServer32\(Default) = "C:\Program Files\ËÑË÷À¸\eqiso.dll" [empty string]
HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" = (no title provided)
-> {HKLM...CLSID} = "Windows Live Toolbar"
\InProcServer32\(Default) = "C:\Program Files\Windows Live Toolbar\msntb.dll" [MS]
"{90222687-F593-4738-B738-FBEE9C7B26DF}" = "NCO Toolbar"
-> {HKLM...CLSID} = "Show Norton Toolbar"
\InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.0\UIBHO.dll" ["Symantec Corporation"]
Explorer Bars
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
HKLM\Software\Classes\CLSID\{841B2B65-118D-4FF2-AD63-4CFF44B8B68F}\(Default) = "KeyWordBand Class"
Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]
InProcServer32\(Default) = "C:\WINDOWS\system32\4153ntos.dll" [file not found]
HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Rechercher"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS]
Extensions (Tools menu items, main toolbar menu buttons)
HKCU\Software\Microsoft\Internet Explorer\Extensions\
{C1F0024B-8278-4999-B7E6-2718426D9FE6}\
"ButtonText" = "²Æ¸»Í¨"
"CLSIDExtension" = "{E36884E3-42E9-4A8E-A7F8-6DE700903E5C}"
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{85D1F590-48F4-11D9-9669-0800200C9A66}\
"MenuText" = "Uninstall BitDefender Online Scanner v8"
"Exec" = "%windir%\bdoscandel.exe" [null data]
Miscellaneous IE Hijack Points
------------------------------
C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")
Added lines (compared with English-language version):
[Strings]: SAFESITE_VALUE="https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fhome.microsoft.com%2fintl%2ffr%2f%3f"
Missing lines (compared with English-language version):
[Strings]: 1 line
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\
<<H>> "{CA3EB689-8F09-4026-AA10-B9534C691CE0}" = (no title provided)
-> {HKLM...CLSID} = "ToolbarURLSearchHook Class"
\InProcServer32\(Default) = "C:\PROGRA~1\ËÑË÷À¸\tbhelper.dll" [empty string]
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
Automatic LiveUpdate Scheduler, Automatic LiveUpdate Scheduler, ""C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"" ["Symantec Corporation"]
AVG Anti-Spyware Guard, AVG Anti-Spyware Guard, "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe" ["Anti-Malware Development a.s."]
Creative Service for CDROM Access, Creative Service for CDROM Access, "C:\WINDOWS\system32\CTsvcCDA.EXE" ["Creative Technology Ltd"]
Local Connection Manager, Mercha2, "C:\WINDOWS\SYSTEM32\RUNDLLFROMWIN2000.EXE C:\WINDOWS\SYSTEM32\WBEM\CROTE.DLL,Export 1087" [MS]
Notebook Manager Service, anbmService, "C:\Acer\eManager\anbmServ.exe" ["OSA Technologies Inc."]
Std datl Service, datl, "C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\yvld\ifvq.dll,Service -s" [MS]
Symantec AppCore Service, SymAppCore, ""C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe"" ["Symantec Corporation"]
Symantec Core LC, Symantec Core LC, ""C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe"" ["Symantec Corporation"]
Symantec Event Manager, ccEvtMgr, ""C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon" ["Symantec Corporation"]
Symantec Lic NetConnect service, CLTNetCnService, ""C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon" ["Symantec Corporation"]
Symantec Settings Manager, ccSetMgr, ""C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon" ["Symantec Corporation"]
System Administrator, Tech, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\system32\xenty.dll" [MS]}
Windows Defender, WinDefend, ""C:\Program Files\Windows Defender\MsMpEng.exe"" [MS]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]
Print Monitors:
---------------
HKLM\System\CurrentControlSet\Control\Print\Monitors\
Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]
Microsoft Shared Fax Monitor\Driver = "FXSMON.DLL" [MS]
----------
<<!>>: Suspicious data at a malware launch point.
<<H>>: Suspicious data at a browser hijack point.
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 70 seconds, including 4 seconds for message boxes)
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Utilisateur anonyme
24 févr. 2007 à 06:45
24 févr. 2007 à 06:45
Salut, fait ça dans l'ordre stp !
¤ Installe ce pare-feu pour être protégé des attaques extérieures.
Désactive le pare-feu de Windows(SP2) il ne sert à rien puis installe celui ci pour plus de sécurité
Kerio (pare-feu) : reste gratuit après la période d'essai en français
----> http://www.infos-du-net.com/telecharger/Firewall-Kerio-Personal,0301-390.html
Regarde ce tutoriel si tu as besoin d'aide pour l'installation et la configuration de Kerio
--> http://kerio.probb.fr/Systemesd-exploitation-c1/Logiciels-et-tutoriels-gratuits-tries-par-categorie-f6/Tutoriel-pour-Kerio-4-version-gratuite-t201.htm
Plus d'info :
->https://kerio.probb.fr/
¤ Clic sur démarrer, rechercher, tous les fichiers et dossiers, cherche et supprime si présent :
- B3A2BF22.exe
- RUNDLLFROMWIN2000.EXE
- ffudf.exe
- SWEEPER.EXE
- cryptimg.dll
- ****ntos.dl (mets bien les * supprime tout ce qu'il te trouve)
- C:\Program Files\ËÑË÷À (le dosier bizarre, re-supprime le)
**Si un fichier/dossier persiste lors de la suppression fait ceci:
- Redémarre ton PC. Dès l'allumage laisse ton doigt appuyer sur la touche F8 (ou F5 si F8 ne fonctionne pas), à l'écran qui va apparaître choisis "mode sans echec" attends un peu..
Puis va supprimer les fichiers/dossiers, vide ta corbeille et redémarre ton PC normalement.
¤ Fait ceci :
Télécharge Spywareblaster
----> spyware blaster
Puis exécute le logiciel pour lui appliquer les protections.
Si tu as besoin d'aide, regarde ce tutoriel pour Spywareblaster
https://kerio.probb.fr/t241-tuto-spywareblaster
¤ Télécharge ce fichier pour corriger l'infection (en haut à droite "clik here for the dowload"
http://www.mediafire.com/?0w5zwaziyjc
Une fois téléchargé double clic dessus et accepte la fusion avec le registre.
Redémarre ton PC.
¤ Essai de refaire ceci :
Télécharge lopxp :
http://perso.numericable.fr/~altshift/Info/Fichiers/lopxpMH2.zip
dézippe-le sur ton bureau puis double-clic sur le fichier "lopxpMH.bat"
quand il a terminé, un rapport s'ouvre : fait un copier-coller du rapport puis mets le ici
¤ Puis remet un rapport Silent Runners et AVG antispyware stp !
J'espère que ça sera ok.
¤ Installe ce pare-feu pour être protégé des attaques extérieures.
Désactive le pare-feu de Windows(SP2) il ne sert à rien puis installe celui ci pour plus de sécurité
Kerio (pare-feu) : reste gratuit après la période d'essai en français
----> http://www.infos-du-net.com/telecharger/Firewall-Kerio-Personal,0301-390.html
Regarde ce tutoriel si tu as besoin d'aide pour l'installation et la configuration de Kerio
--> http://kerio.probb.fr/Systemesd-exploitation-c1/Logiciels-et-tutoriels-gratuits-tries-par-categorie-f6/Tutoriel-pour-Kerio-4-version-gratuite-t201.htm
Plus d'info :
->https://kerio.probb.fr/
¤ Clic sur démarrer, rechercher, tous les fichiers et dossiers, cherche et supprime si présent :
- B3A2BF22.exe
- RUNDLLFROMWIN2000.EXE
- ffudf.exe
- SWEEPER.EXE
- cryptimg.dll
- ****ntos.dl (mets bien les * supprime tout ce qu'il te trouve)
- C:\Program Files\ËÑË÷À (le dosier bizarre, re-supprime le)
**Si un fichier/dossier persiste lors de la suppression fait ceci:
- Redémarre ton PC. Dès l'allumage laisse ton doigt appuyer sur la touche F8 (ou F5 si F8 ne fonctionne pas), à l'écran qui va apparaître choisis "mode sans echec" attends un peu..
Puis va supprimer les fichiers/dossiers, vide ta corbeille et redémarre ton PC normalement.
¤ Fait ceci :
Télécharge Spywareblaster
----> spyware blaster
Puis exécute le logiciel pour lui appliquer les protections.
Si tu as besoin d'aide, regarde ce tutoriel pour Spywareblaster
https://kerio.probb.fr/t241-tuto-spywareblaster
¤ Télécharge ce fichier pour corriger l'infection (en haut à droite "clik here for the dowload"
http://www.mediafire.com/?0w5zwaziyjc
Une fois téléchargé double clic dessus et accepte la fusion avec le registre.
Redémarre ton PC.
¤ Essai de refaire ceci :
Télécharge lopxp :
http://perso.numericable.fr/~altshift/Info/Fichiers/lopxpMH2.zip
dézippe-le sur ton bureau puis double-clic sur le fichier "lopxpMH.bat"
quand il a terminé, un rapport s'ouvre : fait un copier-coller du rapport puis mets le ici
¤ Puis remet un rapport Silent Runners et AVG antispyware stp !
J'espère que ça sera ok.
lorg03
Messages postés
99
Date d'inscription
mercredi 21 février 2007
Statut
Membre
Dernière intervention
18 octobre 2009
24 févr. 2007 à 19:30
24 févr. 2007 à 19:30
j ai essayé de retalecharger lopxp, mais j obtient sur le bureau copie de lopxpMH2, et quand je le lance, une fenetre me disant les meme erreurs que l autre fois, je te colle le rapport du bloc note au cas ou:
Rapport fait à 19:21:18,23 le 25/02/2007
******************************************
## Répertoires Application Data
Le volume dans le lecteur C s'appelle ACER
Le num‚ro de s‚rie du volume est 320D-180E
R‚pertoire de C:\Documents and Settings\Default User\Application Data
21/03/2006 19:59 <REP> .
21/03/2006 19:59 <REP> ..
09/08/2006 21:15 <REP> Identities
06/08/2005 20:02 <REP> Microsoft
06/08/2005 20:02 62 desktop.ini
1 fichier(s) 62 octets
4 R‚p(s) 26ÿ650ÿ836ÿ992 octets libres
Le volume dans le lecteur C s'appelle ACER
Le num‚ro de s‚rie du volume est 320D-180E
R‚pertoire de C:\Documents and Settings\Default User\Local Settings\Application Data
21/03/2006 19:59 <REP> .
21/03/2006 19:59 <REP> ..
06/08/2005 20:09 <REP> Microsoft
09/08/2006 21:15 2ÿ690ÿ998 IconCache.db
1 fichier(s) 2ÿ690ÿ998 octets
3 R‚p(s) 26ÿ650ÿ836ÿ992 octets libres
Le volume dans le lecteur C s'appelle ACER
Le num‚ro de s‚rie du volume est 320D-180E
R‚pertoire de C:\Documents and Settings\All Users\Application Data
21/03/2006 19:59 <REP> .
21/03/2006 19:59 <REP> ..
06/08/2005 20:26 <REP> Adobe
11/09/2006 17:10 <REP> Apple Computer
22/09/2006 03:22 <REP> Google
06/08/2005 20:02 <REP> Microsoft
11/08/2006 18:53 <REP> NtiDvdCopy
12/08/2006 15:35 <REP> QuickTime
15/02/2007 00:05 <REP> Spybot - Search & Destroy
10/08/2006 01:10 <REP> Symantec
24/12/2006 02:36 <REP> Windows Genuine Advantage
25/08/2006 02:50 <REP> Windows Live Toolbar
06/08/2005 20:02 62 desktop.ini
11/09/2006 17:13 1ÿ362 QTSBandwidthCache
2 fichier(s) 1ÿ424 octets
12 R‚p(s) 26ÿ650ÿ836ÿ992 octets libres
Le volume dans le lecteur C s'appelle ACER
Le num‚ro de s‚rie du volume est 320D-180E
R‚pertoire de C:\Documents and Settings\NetworkService\Application Data
21/03/2006 19:59 <REP> .
21/03/2006 19:59 <REP> ..
06/08/2005 20:02 <REP> Microsoft
0 fichier(s) 0 octets
3 R‚p(s) 26ÿ650ÿ836ÿ992 octets libres
Le volume dans le lecteur C s'appelle ACER
Le num‚ro de s‚rie du volume est 320D-180E
R‚pertoire de C:\Documents and Settings\NetworkService\Local Settings\Application Data
21/03/2006 19:59 <REP> .
21/03/2006 19:59 <REP> ..
06/08/2005 20:13 <REP> Microsoft
0 fichier(s) 0 octets
3 R‚p(s) 26ÿ650ÿ836ÿ992 octets libres
Le volume dans le lecteur C s'appelle ACER
Le num‚ro de s‚rie du volume est 320D-180E
R‚pertoire de C:\Documents and Settings\LocalService\Application Data
21/03/2006 19:59 <REP> .
21/03/2006 19:59 <REP> ..
06/08/2005 20:02 <REP> Microsoft
0 fichier(s) 0 octets
3 R‚p(s) 26ÿ650ÿ836ÿ992 octets libres
Le volume dans le lecteur C s'appelle ACER
Le num‚ro de s‚rie du volume est 320D-180E
R‚pertoire de C:\Documents and Settings\LocalService\Local Settings\Application Data
21/03/2006 19:59 <REP> .
21/03/2006 19:59 <REP> ..
06/08/2005 20:13 <REP> Microsoft
0 fichier(s) 0 octets
3 R‚p(s) 26ÿ650ÿ836ÿ992 octets libres
Le volume dans le lecteur C s'appelle ACER
Le num‚ro de s‚rie du volume est 320D-180E
R‚pertoire de C:\Documents and Settings\bayle\Application Data
09/08/2006 21:16 <REP> .
09/08/2006 21:16 <REP> ..
12/08/2006 10:41 <REP> Adobe
12/08/2006 10:42 <REP> AdobeUM
11/09/2006 17:18 <REP> Apple Computer
23/12/2006 22:38 <REP> Creative
11/08/2006 11:26 <REP> CyberLink
19/08/2006 17:16 <REP> Google
11/08/2006 18:54 <REP> Help
09/08/2006 21:16 <REP> Identities
15/02/2007 20:58 <REP> Lavasoft
16/08/2006 19:15 <REP> Macromedia
09/08/2006 21:16 <REP> Microsoft
14/11/2006 05:23 <REP> Mozilla
29/08/2006 03:48 <REP> Nikon
19/08/2006 17:13 <REP> Real
24/08/2006 18:42 <REP> Skype
14/11/2006 18:25 <REP> Talkback
13/09/2006 00:27 <REP> vlc
09/08/2006 21:16 62 desktop.ini
1 fichier(s) 62 octets
19 R‚p(s) 26ÿ650ÿ836ÿ992 octets libres
Le volume dans le lecteur C s'appelle ACER
Le num‚ro de s‚rie du volume est 320D-180E
R‚pertoire de C:\Documents and Settings\bayle\Local Settings\Application Data
09/08/2006 21:16 <REP> .
09/08/2006 21:16 <REP> ..
12/08/2006 10:41 <REP> Adobe
11/09/2006 17:13 <REP> Apple Computer
19/08/2006 17:16 <REP> Google
11/08/2006 18:54 <REP> Help
21/08/2006 16:22 <REP> Identities
09/08/2006 21:16 <REP> Microsoft
14/11/2006 18:24 <REP> Mozilla
11/08/2006 11:26 <REP> Powercinema
11/08/2006 22:46 <REP> WMTools Downloaded Files
12/08/2006 10:41 87ÿ552 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
04/10/2006 03:22 64ÿ072 GDIPFONTCACHEV1.DAT
19/08/2006 17:23 3ÿ791ÿ222 IconCache.db
3 fichier(s) 3ÿ942ÿ846 octets
11 R‚p(s) 26ÿ650ÿ836ÿ992 octets libres
Le volume dans le lecteur C s'appelle ACER
Le num‚ro de s‚rie du volume est 320D-180E
R‚pertoire de C:\WINDOWS\system32\config\systemprofile\Application Data
21/03/2006 19:57 <REP> .
21/03/2006 19:57 <REP> ..
09/08/2006 21:15 <REP> Identities
06/08/2005 20:02 <REP> Microsoft
06/08/2005 20:02 62 desktop.ini
1 fichier(s) 62 octets
4 R‚p(s) 26ÿ650ÿ836ÿ992 octets libres
Le volume dans le lecteur C s'appelle ACER
Le num‚ro de s‚rie du volume est 320D-180E
R‚pertoire de C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data
21/03/2006 19:57 <REP> .
21/03/2006 19:57 <REP> ..
06/08/2005 20:09 <REP> Microsoft
09/08/2006 21:15 2ÿ690ÿ998 IconCache.db
1 fichier(s) 2ÿ690ÿ998 octets
3 R‚p(s) 26ÿ650ÿ836ÿ992 octets libres
******************************************
Recherche des taches planifiées dans C:\WINDOWS\tasks
Le volume dans le lecteur C s'appelle ACER
Le num‚ro de s‚rie du volume est 320D-180E
R‚pertoire de C:\WINDOWS\Tasks
15/02/2007 21:06 330 MP Scheduled Scan.job
07/11/2006 04:38 564 Norton Internet Security - Run Full System Scan - bayle.job
21/03/2006 19:59 <REP> ..
21/03/2006 19:59 <REP> .
09/08/2005 08:54 6 SA.DAT
05/08/2004 05:00 65 desktop.ini
4 fichier(s) 965 octets
2 R‚p(s) 26ÿ650ÿ836ÿ992 octets libres
******************************************
## Répertoires de C:\Program Files
Le volume dans le lecteur C s'appelle ACER
Le num‚ro de s‚rie du volume est 320D-180E
R‚pertoire de C:\Program Files
21/03/2006 19:59 <REP> .
21/03/2006 19:59 <REP> ..
06/08/2005 20:26 <REP> Acer Inc
06/08/2005 20:26 <REP> Adobe
06/08/2005 20:27 <REP> Arcade
12/08/2006 15:34 <REP> ArcSoft
22/02/2007 09:48 <REP> a-squared Free
06/08/2005 20:18 <REP> AvRack
14/02/2007 00:36 <REP> BitComet
20/02/2007 18:48 <REP> CCleaner
06/08/2005 20:07 <REP> ComPlus Applications
06/08/2005 20:21 <REP> CONEXANT
23/12/2006 21:52 <REP> Creative
06/08/2005 20:28 <REP> CyberLink
11/09/2006 17:58 <REP> DivX
25/02/2007 19:20 <REP> Ó¥Óö·÷
06/08/2005 20:02 <REP> Fichiers communs
19/09/2006 16:39 <REP> Free Audio Pack
19/08/2006 17:16 <REP> Google
23/02/2007 21:18 <REP> Grisoft
10/10/2006 05:37 <REP> InterActual
06/08/2005 20:08 <REP> Internet Explorer
09/08/2006 21:16 <REP> Launch Manager
14/11/2006 05:23 <REP> Lavasoft
06/08/2005 20:06 <REP> Messenger
06/08/2005 20:09 <REP> microsoft frontpage
10/08/2006 21:54 <REP> Microsoft Office
10/08/2006 21:56 <REP> Microsoft.NET
06/08/2005 20:08 <REP> Movie Maker
14/11/2006 05:23 <REP> Mozilla Firefox
06/08/2005 20:06 <REP> MSN
06/08/2005 20:06 <REP> MSN Gaming Zone
06/08/2005 20:08 <REP> NetMeeting
06/08/2005 20:34 <REP> NewTech Infosystems
12/08/2006 15:36 <REP> Nikon
10/08/2006 01:10 <REP> Norton AntiVirus
07/11/2006 04:09 <REP> Norton Internet Security
06/08/2005 20:07 <REP> Online Services
06/08/2005 20:08 <REP> Outlook Express
12/08/2006 15:34 <REP> Panorama Maker
19/09/2006 01:47 <REP> PCFriendly
14/11/2006 05:22 <REP> Picasa2
12/08/2006 15:35 <REP> QuickTime
19/08/2006 17:14 <REP> Real
06/08/2005 20:18 <REP> Realtek Sound Manager
06/08/2005 20:08 <REP> Services en ligne
06/08/2005 20:15 <REP> SiS VGA Utilities V3.65f
06/08/2005 20:15 <REP> sisagp
24/08/2006 18:41 <REP> Skype
15/02/2007 00:05 <REP> Spybot - Search & Destroy
22/02/2007 09:49 <REP> SpywareBlaster
25/02/2007 18:58 <REP> Sunbelt Software
10/08/2006 01:10 <REP> Symantec
06/08/2005 20:24 <REP> Synaptics
13/09/2006 00:27 <REP> VideoLAN
13/02/2007 23:42 <REP> Western Digital Technologies
15/02/2007 21:02 <REP> Windows Defender
25/08/2006 02:50 <REP> Windows Live Toolbar
06/08/2005 20:07 <REP> Windows Media Player
06/08/2005 20:06 <REP> Windows NT
12/09/2006 22:52 <REP> WinRAR
06/08/2005 20:09 <REP> xerox
11/09/2006 17:58 <REP> XviD
19/09/2006 05:58 <REP> Yahoo!
22/02/2007 21:23 <REP> yvld
0 fichier(s) 0 octets
65 R‚p(s) 26ÿ650ÿ836ÿ992 octets libres
******************************************
## Popups autorisées
* Internet Explorer
! REG.EXE VERSION 3.0
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow
* Mozilla Firefox (1 autorisé 2 interdit)
---------- C:\DOCUMENTS AND SETTINGS\BAYLE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\G0504VTX.DEFAULT\HOSTPERM.1
host popup 1 oumail.ou.edu
host cookie 2 paypopup.com
host cookie 2 popupsponsor.com
host cookie 2 popuptraffic.com
******************************************
## Registre
* [HKEY_CURRENT_USER\\Software\Microsoft\Internet Explorer\Main]
Search Bar REG_SZ
******************************************
## Zones de sécurité
* HKCU Domains (4)
* P3P History (5)
******************************************
## Recherche C:\WINDOWS\*.htm, "C:\WINDOWS\*.gif"
*************** Fin du rapport ****************
voila, je vais faire les analyse avg et antispyware...
depuis la semaine derniere, quand j allume l ordinateur,avant que le sprogrammes se chargent, j ai une fentre qui me dit que les emplacements suivants sont introuvables: C:\WINDOWS\system32\cievz.dll et meme chose mais \fowf.n.dll
je sais pas si c est que j ai supprimer des fichiers importants ou si c est un pb de virus...
Rapport fait à 19:21:18,23 le 25/02/2007
******************************************
## Répertoires Application Data
Le volume dans le lecteur C s'appelle ACER
Le num‚ro de s‚rie du volume est 320D-180E
R‚pertoire de C:\Documents and Settings\Default User\Application Data
21/03/2006 19:59 <REP> .
21/03/2006 19:59 <REP> ..
09/08/2006 21:15 <REP> Identities
06/08/2005 20:02 <REP> Microsoft
06/08/2005 20:02 62 desktop.ini
1 fichier(s) 62 octets
4 R‚p(s) 26ÿ650ÿ836ÿ992 octets libres
Le volume dans le lecteur C s'appelle ACER
Le num‚ro de s‚rie du volume est 320D-180E
R‚pertoire de C:\Documents and Settings\Default User\Local Settings\Application Data
21/03/2006 19:59 <REP> .
21/03/2006 19:59 <REP> ..
06/08/2005 20:09 <REP> Microsoft
09/08/2006 21:15 2ÿ690ÿ998 IconCache.db
1 fichier(s) 2ÿ690ÿ998 octets
3 R‚p(s) 26ÿ650ÿ836ÿ992 octets libres
Le volume dans le lecteur C s'appelle ACER
Le num‚ro de s‚rie du volume est 320D-180E
R‚pertoire de C:\Documents and Settings\All Users\Application Data
21/03/2006 19:59 <REP> .
21/03/2006 19:59 <REP> ..
06/08/2005 20:26 <REP> Adobe
11/09/2006 17:10 <REP> Apple Computer
22/09/2006 03:22 <REP> Google
06/08/2005 20:02 <REP> Microsoft
11/08/2006 18:53 <REP> NtiDvdCopy
12/08/2006 15:35 <REP> QuickTime
15/02/2007 00:05 <REP> Spybot - Search & Destroy
10/08/2006 01:10 <REP> Symantec
24/12/2006 02:36 <REP> Windows Genuine Advantage
25/08/2006 02:50 <REP> Windows Live Toolbar
06/08/2005 20:02 62 desktop.ini
11/09/2006 17:13 1ÿ362 QTSBandwidthCache
2 fichier(s) 1ÿ424 octets
12 R‚p(s) 26ÿ650ÿ836ÿ992 octets libres
Le volume dans le lecteur C s'appelle ACER
Le num‚ro de s‚rie du volume est 320D-180E
R‚pertoire de C:\Documents and Settings\NetworkService\Application Data
21/03/2006 19:59 <REP> .
21/03/2006 19:59 <REP> ..
06/08/2005 20:02 <REP> Microsoft
0 fichier(s) 0 octets
3 R‚p(s) 26ÿ650ÿ836ÿ992 octets libres
Le volume dans le lecteur C s'appelle ACER
Le num‚ro de s‚rie du volume est 320D-180E
R‚pertoire de C:\Documents and Settings\NetworkService\Local Settings\Application Data
21/03/2006 19:59 <REP> .
21/03/2006 19:59 <REP> ..
06/08/2005 20:13 <REP> Microsoft
0 fichier(s) 0 octets
3 R‚p(s) 26ÿ650ÿ836ÿ992 octets libres
Le volume dans le lecteur C s'appelle ACER
Le num‚ro de s‚rie du volume est 320D-180E
R‚pertoire de C:\Documents and Settings\LocalService\Application Data
21/03/2006 19:59 <REP> .
21/03/2006 19:59 <REP> ..
06/08/2005 20:02 <REP> Microsoft
0 fichier(s) 0 octets
3 R‚p(s) 26ÿ650ÿ836ÿ992 octets libres
Le volume dans le lecteur C s'appelle ACER
Le num‚ro de s‚rie du volume est 320D-180E
R‚pertoire de C:\Documents and Settings\LocalService\Local Settings\Application Data
21/03/2006 19:59 <REP> .
21/03/2006 19:59 <REP> ..
06/08/2005 20:13 <REP> Microsoft
0 fichier(s) 0 octets
3 R‚p(s) 26ÿ650ÿ836ÿ992 octets libres
Le volume dans le lecteur C s'appelle ACER
Le num‚ro de s‚rie du volume est 320D-180E
R‚pertoire de C:\Documents and Settings\bayle\Application Data
09/08/2006 21:16 <REP> .
09/08/2006 21:16 <REP> ..
12/08/2006 10:41 <REP> Adobe
12/08/2006 10:42 <REP> AdobeUM
11/09/2006 17:18 <REP> Apple Computer
23/12/2006 22:38 <REP> Creative
11/08/2006 11:26 <REP> CyberLink
19/08/2006 17:16 <REP> Google
11/08/2006 18:54 <REP> Help
09/08/2006 21:16 <REP> Identities
15/02/2007 20:58 <REP> Lavasoft
16/08/2006 19:15 <REP> Macromedia
09/08/2006 21:16 <REP> Microsoft
14/11/2006 05:23 <REP> Mozilla
29/08/2006 03:48 <REP> Nikon
19/08/2006 17:13 <REP> Real
24/08/2006 18:42 <REP> Skype
14/11/2006 18:25 <REP> Talkback
13/09/2006 00:27 <REP> vlc
09/08/2006 21:16 62 desktop.ini
1 fichier(s) 62 octets
19 R‚p(s) 26ÿ650ÿ836ÿ992 octets libres
Le volume dans le lecteur C s'appelle ACER
Le num‚ro de s‚rie du volume est 320D-180E
R‚pertoire de C:\Documents and Settings\bayle\Local Settings\Application Data
09/08/2006 21:16 <REP> .
09/08/2006 21:16 <REP> ..
12/08/2006 10:41 <REP> Adobe
11/09/2006 17:13 <REP> Apple Computer
19/08/2006 17:16 <REP> Google
11/08/2006 18:54 <REP> Help
21/08/2006 16:22 <REP> Identities
09/08/2006 21:16 <REP> Microsoft
14/11/2006 18:24 <REP> Mozilla
11/08/2006 11:26 <REP> Powercinema
11/08/2006 22:46 <REP> WMTools Downloaded Files
12/08/2006 10:41 87ÿ552 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
04/10/2006 03:22 64ÿ072 GDIPFONTCACHEV1.DAT
19/08/2006 17:23 3ÿ791ÿ222 IconCache.db
3 fichier(s) 3ÿ942ÿ846 octets
11 R‚p(s) 26ÿ650ÿ836ÿ992 octets libres
Le volume dans le lecteur C s'appelle ACER
Le num‚ro de s‚rie du volume est 320D-180E
R‚pertoire de C:\WINDOWS\system32\config\systemprofile\Application Data
21/03/2006 19:57 <REP> .
21/03/2006 19:57 <REP> ..
09/08/2006 21:15 <REP> Identities
06/08/2005 20:02 <REP> Microsoft
06/08/2005 20:02 62 desktop.ini
1 fichier(s) 62 octets
4 R‚p(s) 26ÿ650ÿ836ÿ992 octets libres
Le volume dans le lecteur C s'appelle ACER
Le num‚ro de s‚rie du volume est 320D-180E
R‚pertoire de C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data
21/03/2006 19:57 <REP> .
21/03/2006 19:57 <REP> ..
06/08/2005 20:09 <REP> Microsoft
09/08/2006 21:15 2ÿ690ÿ998 IconCache.db
1 fichier(s) 2ÿ690ÿ998 octets
3 R‚p(s) 26ÿ650ÿ836ÿ992 octets libres
******************************************
Recherche des taches planifiées dans C:\WINDOWS\tasks
Le volume dans le lecteur C s'appelle ACER
Le num‚ro de s‚rie du volume est 320D-180E
R‚pertoire de C:\WINDOWS\Tasks
15/02/2007 21:06 330 MP Scheduled Scan.job
07/11/2006 04:38 564 Norton Internet Security - Run Full System Scan - bayle.job
21/03/2006 19:59 <REP> ..
21/03/2006 19:59 <REP> .
09/08/2005 08:54 6 SA.DAT
05/08/2004 05:00 65 desktop.ini
4 fichier(s) 965 octets
2 R‚p(s) 26ÿ650ÿ836ÿ992 octets libres
******************************************
## Répertoires de C:\Program Files
Le volume dans le lecteur C s'appelle ACER
Le num‚ro de s‚rie du volume est 320D-180E
R‚pertoire de C:\Program Files
21/03/2006 19:59 <REP> .
21/03/2006 19:59 <REP> ..
06/08/2005 20:26 <REP> Acer Inc
06/08/2005 20:26 <REP> Adobe
06/08/2005 20:27 <REP> Arcade
12/08/2006 15:34 <REP> ArcSoft
22/02/2007 09:48 <REP> a-squared Free
06/08/2005 20:18 <REP> AvRack
14/02/2007 00:36 <REP> BitComet
20/02/2007 18:48 <REP> CCleaner
06/08/2005 20:07 <REP> ComPlus Applications
06/08/2005 20:21 <REP> CONEXANT
23/12/2006 21:52 <REP> Creative
06/08/2005 20:28 <REP> CyberLink
11/09/2006 17:58 <REP> DivX
25/02/2007 19:20 <REP> Ó¥Óö·÷
06/08/2005 20:02 <REP> Fichiers communs
19/09/2006 16:39 <REP> Free Audio Pack
19/08/2006 17:16 <REP> Google
23/02/2007 21:18 <REP> Grisoft
10/10/2006 05:37 <REP> InterActual
06/08/2005 20:08 <REP> Internet Explorer
09/08/2006 21:16 <REP> Launch Manager
14/11/2006 05:23 <REP> Lavasoft
06/08/2005 20:06 <REP> Messenger
06/08/2005 20:09 <REP> microsoft frontpage
10/08/2006 21:54 <REP> Microsoft Office
10/08/2006 21:56 <REP> Microsoft.NET
06/08/2005 20:08 <REP> Movie Maker
14/11/2006 05:23 <REP> Mozilla Firefox
06/08/2005 20:06 <REP> MSN
06/08/2005 20:06 <REP> MSN Gaming Zone
06/08/2005 20:08 <REP> NetMeeting
06/08/2005 20:34 <REP> NewTech Infosystems
12/08/2006 15:36 <REP> Nikon
10/08/2006 01:10 <REP> Norton AntiVirus
07/11/2006 04:09 <REP> Norton Internet Security
06/08/2005 20:07 <REP> Online Services
06/08/2005 20:08 <REP> Outlook Express
12/08/2006 15:34 <REP> Panorama Maker
19/09/2006 01:47 <REP> PCFriendly
14/11/2006 05:22 <REP> Picasa2
12/08/2006 15:35 <REP> QuickTime
19/08/2006 17:14 <REP> Real
06/08/2005 20:18 <REP> Realtek Sound Manager
06/08/2005 20:08 <REP> Services en ligne
06/08/2005 20:15 <REP> SiS VGA Utilities V3.65f
06/08/2005 20:15 <REP> sisagp
24/08/2006 18:41 <REP> Skype
15/02/2007 00:05 <REP> Spybot - Search & Destroy
22/02/2007 09:49 <REP> SpywareBlaster
25/02/2007 18:58 <REP> Sunbelt Software
10/08/2006 01:10 <REP> Symantec
06/08/2005 20:24 <REP> Synaptics
13/09/2006 00:27 <REP> VideoLAN
13/02/2007 23:42 <REP> Western Digital Technologies
15/02/2007 21:02 <REP> Windows Defender
25/08/2006 02:50 <REP> Windows Live Toolbar
06/08/2005 20:07 <REP> Windows Media Player
06/08/2005 20:06 <REP> Windows NT
12/09/2006 22:52 <REP> WinRAR
06/08/2005 20:09 <REP> xerox
11/09/2006 17:58 <REP> XviD
19/09/2006 05:58 <REP> Yahoo!
22/02/2007 21:23 <REP> yvld
0 fichier(s) 0 octets
65 R‚p(s) 26ÿ650ÿ836ÿ992 octets libres
******************************************
## Popups autorisées
* Internet Explorer
! REG.EXE VERSION 3.0
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow
* Mozilla Firefox (1 autorisé 2 interdit)
---------- C:\DOCUMENTS AND SETTINGS\BAYLE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\G0504VTX.DEFAULT\HOSTPERM.1
host popup 1 oumail.ou.edu
host cookie 2 paypopup.com
host cookie 2 popupsponsor.com
host cookie 2 popuptraffic.com
******************************************
## Registre
* [HKEY_CURRENT_USER\\Software\Microsoft\Internet Explorer\Main]
Search Bar REG_SZ
******************************************
## Zones de sécurité
* HKCU Domains (4)
* P3P History (5)
******************************************
## Recherche C:\WINDOWS\*.htm, "C:\WINDOWS\*.gif"
*************** Fin du rapport ****************
voila, je vais faire les analyse avg et antispyware...
depuis la semaine derniere, quand j allume l ordinateur,avant que le sprogrammes se chargent, j ai une fentre qui me dit que les emplacements suivants sont introuvables: C:\WINDOWS\system32\cievz.dll et meme chose mais \fowf.n.dll
je sais pas si c est que j ai supprimer des fichiers importants ou si c est un pb de virus...
lorg03
Messages postés
99
Date d'inscription
mercredi 21 février 2007
Statut
Membre
Dernière intervention
18 octobre 2009
24 févr. 2007 à 19:55
24 févr. 2007 à 19:55
voici le rapport silentrunners :
Startup items buried in registry:
---------------------------------
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"Skype" = ""C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."]
"Creative Detector" = "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R" ["Creative Technology Ltd"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"Windows Defender" = ""C:\Program Files\Windows Defender\MSASCui.exe" -hide" [MS]
"SynTPLpr" = "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" ["Synaptics, Inc."]
"SynTPEnh" = "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" ["Synaptics, Inc."]
"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
"SiSPower" = "Rundll32.exe SiSPower.dll,ModeAgent" [MS]
"SiS Windows KeyHook" = "C:\WINDOWS\system32\keyhook.exe" ["Silicon Integrated Systems Corporation"]
"PHIME2002ASync" = "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC" [MS]
"PHIME2002A" = "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName" [MS]
"PCMService" = ""C:\Program Files\Arcade\PCMService.exe"" ["CyberLink Corp."]
"osCheck" = ""C:\Program Files\Norton Internet Security\osCheck.exe"" ["Symantec Corporation"]
"MSPY2002" = "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC" [null data]
"LManager" = "C:\Program Files\Launch Manager\QtZgAcer.EXE" ["Dritek System Inc."]
"LaunchApp" = "Alaunch" ["Acer Inc."]
"IMJPMIG8.1" = ""C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32" [MS]
"Google Desktop Search" = ""C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup" ["Google"]
"eRecoveryService" = "C:\Acer\Empowering Technology\eRecovery\Monitor.exe" ["acer Inc."]
"ccApp" = ""C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]
"Internet Sweeper" = "C:\WINDOWS\SYSTEM32\SWEEPER.EXE /Q" ["Emery Info-Engineering <brettemery@bmesite.com>"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{1E8A6170-7264-4D0F-BEAE-D42A53123C75}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.0\NppBho.dll" ["Symantec Corporation"]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Windows Live Toolbar Helper"
\InProcServer32\(Default) = "C:\Program Files\Windows Live Toolbar\msntb.dll" [MS]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"
-> {HKLM...CLSID} = "Extension Affichage Panorama du Panneau de configuration"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{2F603045-309F-11CF-9774-0020AFD0CFF6}" = "Synaptics Control Panel"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Synaptics\SynTP\SynTPCpl.dll" ["Synaptics, Inc."]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {HKLM...CLSID} = "Microsoft Office Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook File Icon Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{32A9D769-5B55-4a25-9A62-86B5683FE50A}" = "NikonView Drop Extension"
-> {HKLM...CLSID} = "NikonView Drop Extension"
\InProcServer32\(Default) = "C:\Program Files\Nikon\NkView6\NkvDropExt.dll" ["Nikon Corporation"]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {HKLM...CLSID} = "RealOne Player Context Menu Class"
\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {HKLM...CLSID} = "Portable Media Devices Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{A155339D-CCCD-4714-85EB-3754B804C9DF}" = "a-squared Free Context Menu Shell Extension"
-> {HKLM...CLSID} = "a-squared Free Context Menu"
\InProcServer32\(Default) = "C:\PROGRA~1\A-SQUA~1\A2FREE~1.DLL" ["Emsi Software GmbH"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
<<!>> "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}" = "Microsoft AntiMalware ShellExecuteHook"
-> {HKLM...CLSID} = "Microsoft AntiMalware ShellExecuteHook"
\InProcServer32\(Default) = "C:\PROGRA~1\WIFD1F~1\MpShHook.dll" [MS]
<<!>> "{4ED6E0B5-F47A-4609-A940-11CF60FDC3C3}" = "NetCache"
-> {HKLM...CLSID} = "NetCache"
\InProcServer32\(Default) = "C:\WINDOWS\system32\mctet.dll" [file not found]
<<!>> "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "AVG Anti-Spyware 7.5"
-> {HKLM...CLSID} = "CShellExecuteHookImpl Object"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" ["Anti-Malware Development a.s."]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\
<<!>> "AppInit_DLLs" = "C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL" ["Google"]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> cryptimg\DLLName = "cryptimg.dll" [MS]
HKLM\Software\Classes\PROTOCOLS\Filter\
<<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]
HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "c:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["Anti-Malware Development a.s."]
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}"
-> {HKLM...CLSID} = "IEContextMenu Class"
\InProcServer32\(Default) = "C:\PROGRA~1\NORTON~2\NORTON~1\NavShExt.dll" ["Symantec Corporation"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["Anti-Malware Development a.s."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
a2FreeContMenu\(Default) = "{A155339D-CCCD-4714-85EB-3754B804C9DF}"
-> {HKLM...CLSID} = "a-squared Free Context Menu"
\InProcServer32\(Default) = "C:\PROGRA~1\A-SQUA~1\A2FREE~1.DLL" ["Emsi Software GmbH"]
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}"
-> {HKLM...CLSID} = "IEContextMenu Class"
\InProcServer32\(Default) = "C:\PROGRA~1\NORTON~2\NORTON~1\NavShExt.dll" ["Symantec Corporation"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\
a2FreeContMenu\(Default) = "{A155339D-CCCD-4714-85EB-3754B804C9DF}"
-> {HKLM...CLSID} = "a-squared Free Context Menu"
\InProcServer32\(Default) = "C:\PROGRA~1\A-SQUA~1\A2FREE~1.DLL" ["Emsi Software GmbH"]
Group Policies {policy setting}:
--------------------------------
Note: detected settings may not have any effect.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\
"DisableRegistryTools" = (REG_DWORD) hex:0x00000000
{Prevent access to registry editing tools}
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\
"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Shutdown: Allow system to be shut down without having to log on}
"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Devices: Allow undock without having to log on}
Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\Windows\Web\Wallpaper\Acer.bmp"
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\WINDOWS\WEB\WALLPAPER\ACER.BMP"
Startup items in "bayle" & "All Users" startup folders:
-------------------------------------------------------
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
"Utility Tray" -> shortcut to: "C:\WINDOWS\system32\sistray.exe" ["Silicon Integrated Systems Corporation"]
"NkvMon.exe" -> shortcut to: "C:\Program Files\Nikon\NkView6\NkvMon.exe" ["Nikon Corporation"]
Enabled Scheduled Tasks:
------------------------
"Norton Internet Security - Run Full System Scan - bayle" -> launches: "C:\PROGRA~1\NORTON~2\NORTON~1\Navw32.exe /TASK:"C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Tasks\mycomp.sca"" ["Symantec Corporation"]
"MP Scheduled Scan" -> launches: "C:\Program Files\Windows Defender\MpCmdRun.exe Scan -RestrictPrivileges" [MS]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 13
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}"
-> {HKLM...CLSID} = "Windows Live Toolbar"
\InProcServer32\(Default) = "C:\Program Files\Windows Live Toolbar\msntb.dll" [MS]
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}"
-> {HKLM...CLSID} = "Windows Live Toolbar"
\InProcServer32\(Default) = "C:\Program Files\Windows Live Toolbar\msntb.dll" [MS]
HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" = (no title provided)
-> {HKLM...CLSID} = "Windows Live Toolbar"
\InProcServer32\(Default) = "C:\Program Files\Windows Live Toolbar\msntb.dll" [MS]
"{90222687-F593-4738-B738-FBEE9C7B26DF}" = "NCO Toolbar"
-> {HKLM...CLSID} = "Show Norton Toolbar"
\InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.0\UIBHO.dll" ["Symantec Corporation"]
Explorer Bars
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Rechercher"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS]
Extensions (Tools menu items, main toolbar menu buttons)
HKCU\Software\Microsoft\Internet Explorer\Extensions\
{C1F0024B-8278-4999-B7E6-2718426D9FE6}\
"ButtonText" = "²Æ¸»Í¨"
"CLSIDExtension" = "{E36884E3-42E9-4A8E-A7F8-6DE700903E5C}"
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{85D1F590-48F4-11D9-9669-0800200C9A66}\
"MenuText" = "Uninstall BitDefender Online Scanner v8"
"Exec" = "%windir%\bdoscandel.exe" [null data]
Miscellaneous IE Hijack Points
------------------------------
C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")
Added lines (compared with English-language version):
[Strings]: SAFESITE_VALUE="https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fhome.microsoft.com%2fintl%2ffr%2f%3f"
Missing lines (compared with English-language version):
[Strings]: 1 line
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
Automatic LiveUpdate Scheduler, Automatic LiveUpdate Scheduler, ""C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"" ["Symantec Corporation"]
Creative Service for CDROM Access, Creative Service for CDROM Access, "C:\WINDOWS\system32\CTsvcCDA.EXE" ["Creative Technology Ltd"]
Local Connection Manager, Mercha2, "C:\WINDOWS\SYSTEM32\RUNDLLFROMWIN2000.EXE C:\WINDOWS\SYSTEM32\WBEM\CROTE.DLL,Export 1087" [MS]
Notebook Manager Service, anbmService, "C:\Acer\eManager\anbmServ.exe" ["OSA Technologies Inc."]
Std datl Service, datl, "C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\yvld\ifvq.dll,Service -s" [MS]
Sunbelt Kerio Personal Firewall 4, KPF4, ""C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe"" ["Sunbelt Software"]
Symantec AppCore Service, SymAppCore, ""C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe"" ["Symantec Corporation"]
Symantec Event Manager, ccEvtMgr, ""C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon" ["Symantec Corporation"]
Symantec Lic NetConnect service, CLTNetCnService, ""C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon" ["Symantec Corporation"]
Symantec Settings Manager, ccSetMgr, ""C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon" ["Symantec Corporation"]
System Administrator, Tech, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\system32\xenty.dll" [MS]}
Windows Defender, WinDefend, ""C:\Program Files\Windows Defender\MsMpEng.exe"" [MS]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]
Print Monitors:
---------------
HKLM\System\CurrentControlSet\Control\Print\Monitors\
Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]
Microsoft Shared Fax Monitor\Driver = "FXSMON.DLL" [MS]
----------
<<!>>: Suspicious data at a malware launch point.
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 95 seconds, including 4 seconds for message boxes)
en revecnhe, le dossier C:\Program Files\ËÑË÷À se supprime mais il revient tjs au meme endroit, je pige pas, car je pense que c est une des sources du probleme, ca serait bien de le virer...
Startup items buried in registry:
---------------------------------
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"Skype" = ""C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."]
"Creative Detector" = "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R" ["Creative Technology Ltd"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"Windows Defender" = ""C:\Program Files\Windows Defender\MSASCui.exe" -hide" [MS]
"SynTPLpr" = "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" ["Synaptics, Inc."]
"SynTPEnh" = "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" ["Synaptics, Inc."]
"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
"SiSPower" = "Rundll32.exe SiSPower.dll,ModeAgent" [MS]
"SiS Windows KeyHook" = "C:\WINDOWS\system32\keyhook.exe" ["Silicon Integrated Systems Corporation"]
"PHIME2002ASync" = "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC" [MS]
"PHIME2002A" = "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName" [MS]
"PCMService" = ""C:\Program Files\Arcade\PCMService.exe"" ["CyberLink Corp."]
"osCheck" = ""C:\Program Files\Norton Internet Security\osCheck.exe"" ["Symantec Corporation"]
"MSPY2002" = "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC" [null data]
"LManager" = "C:\Program Files\Launch Manager\QtZgAcer.EXE" ["Dritek System Inc."]
"LaunchApp" = "Alaunch" ["Acer Inc."]
"IMJPMIG8.1" = ""C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32" [MS]
"Google Desktop Search" = ""C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup" ["Google"]
"eRecoveryService" = "C:\Acer\Empowering Technology\eRecovery\Monitor.exe" ["acer Inc."]
"ccApp" = ""C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]
"Internet Sweeper" = "C:\WINDOWS\SYSTEM32\SWEEPER.EXE /Q" ["Emery Info-Engineering <brettemery@bmesite.com>"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{1E8A6170-7264-4D0F-BEAE-D42A53123C75}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.0\NppBho.dll" ["Symantec Corporation"]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Windows Live Toolbar Helper"
\InProcServer32\(Default) = "C:\Program Files\Windows Live Toolbar\msntb.dll" [MS]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"
-> {HKLM...CLSID} = "Extension Affichage Panorama du Panneau de configuration"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{2F603045-309F-11CF-9774-0020AFD0CFF6}" = "Synaptics Control Panel"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Synaptics\SynTP\SynTPCpl.dll" ["Synaptics, Inc."]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {HKLM...CLSID} = "Microsoft Office Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook File Icon Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{32A9D769-5B55-4a25-9A62-86B5683FE50A}" = "NikonView Drop Extension"
-> {HKLM...CLSID} = "NikonView Drop Extension"
\InProcServer32\(Default) = "C:\Program Files\Nikon\NkView6\NkvDropExt.dll" ["Nikon Corporation"]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {HKLM...CLSID} = "RealOne Player Context Menu Class"
\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {HKLM...CLSID} = "Portable Media Devices Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{A155339D-CCCD-4714-85EB-3754B804C9DF}" = "a-squared Free Context Menu Shell Extension"
-> {HKLM...CLSID} = "a-squared Free Context Menu"
\InProcServer32\(Default) = "C:\PROGRA~1\A-SQUA~1\A2FREE~1.DLL" ["Emsi Software GmbH"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
<<!>> "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}" = "Microsoft AntiMalware ShellExecuteHook"
-> {HKLM...CLSID} = "Microsoft AntiMalware ShellExecuteHook"
\InProcServer32\(Default) = "C:\PROGRA~1\WIFD1F~1\MpShHook.dll" [MS]
<<!>> "{4ED6E0B5-F47A-4609-A940-11CF60FDC3C3}" = "NetCache"
-> {HKLM...CLSID} = "NetCache"
\InProcServer32\(Default) = "C:\WINDOWS\system32\mctet.dll" [file not found]
<<!>> "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "AVG Anti-Spyware 7.5"
-> {HKLM...CLSID} = "CShellExecuteHookImpl Object"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" ["Anti-Malware Development a.s."]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\
<<!>> "AppInit_DLLs" = "C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL" ["Google"]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> cryptimg\DLLName = "cryptimg.dll" [MS]
HKLM\Software\Classes\PROTOCOLS\Filter\
<<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]
HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "c:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["Anti-Malware Development a.s."]
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}"
-> {HKLM...CLSID} = "IEContextMenu Class"
\InProcServer32\(Default) = "C:\PROGRA~1\NORTON~2\NORTON~1\NavShExt.dll" ["Symantec Corporation"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["Anti-Malware Development a.s."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
a2FreeContMenu\(Default) = "{A155339D-CCCD-4714-85EB-3754B804C9DF}"
-> {HKLM...CLSID} = "a-squared Free Context Menu"
\InProcServer32\(Default) = "C:\PROGRA~1\A-SQUA~1\A2FREE~1.DLL" ["Emsi Software GmbH"]
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}"
-> {HKLM...CLSID} = "IEContextMenu Class"
\InProcServer32\(Default) = "C:\PROGRA~1\NORTON~2\NORTON~1\NavShExt.dll" ["Symantec Corporation"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\
a2FreeContMenu\(Default) = "{A155339D-CCCD-4714-85EB-3754B804C9DF}"
-> {HKLM...CLSID} = "a-squared Free Context Menu"
\InProcServer32\(Default) = "C:\PROGRA~1\A-SQUA~1\A2FREE~1.DLL" ["Emsi Software GmbH"]
Group Policies {policy setting}:
--------------------------------
Note: detected settings may not have any effect.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\
"DisableRegistryTools" = (REG_DWORD) hex:0x00000000
{Prevent access to registry editing tools}
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\
"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Shutdown: Allow system to be shut down without having to log on}
"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Devices: Allow undock without having to log on}
Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\Windows\Web\Wallpaper\Acer.bmp"
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\WINDOWS\WEB\WALLPAPER\ACER.BMP"
Startup items in "bayle" & "All Users" startup folders:
-------------------------------------------------------
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
"Utility Tray" -> shortcut to: "C:\WINDOWS\system32\sistray.exe" ["Silicon Integrated Systems Corporation"]
"NkvMon.exe" -> shortcut to: "C:\Program Files\Nikon\NkView6\NkvMon.exe" ["Nikon Corporation"]
Enabled Scheduled Tasks:
------------------------
"Norton Internet Security - Run Full System Scan - bayle" -> launches: "C:\PROGRA~1\NORTON~2\NORTON~1\Navw32.exe /TASK:"C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Tasks\mycomp.sca"" ["Symantec Corporation"]
"MP Scheduled Scan" -> launches: "C:\Program Files\Windows Defender\MpCmdRun.exe Scan -RestrictPrivileges" [MS]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 13
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}"
-> {HKLM...CLSID} = "Windows Live Toolbar"
\InProcServer32\(Default) = "C:\Program Files\Windows Live Toolbar\msntb.dll" [MS]
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}"
-> {HKLM...CLSID} = "Windows Live Toolbar"
\InProcServer32\(Default) = "C:\Program Files\Windows Live Toolbar\msntb.dll" [MS]
HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" = (no title provided)
-> {HKLM...CLSID} = "Windows Live Toolbar"
\InProcServer32\(Default) = "C:\Program Files\Windows Live Toolbar\msntb.dll" [MS]
"{90222687-F593-4738-B738-FBEE9C7B26DF}" = "NCO Toolbar"
-> {HKLM...CLSID} = "Show Norton Toolbar"
\InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.0\UIBHO.dll" ["Symantec Corporation"]
Explorer Bars
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Rechercher"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS]
Extensions (Tools menu items, main toolbar menu buttons)
HKCU\Software\Microsoft\Internet Explorer\Extensions\
{C1F0024B-8278-4999-B7E6-2718426D9FE6}\
"ButtonText" = "²Æ¸»Í¨"
"CLSIDExtension" = "{E36884E3-42E9-4A8E-A7F8-6DE700903E5C}"
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{85D1F590-48F4-11D9-9669-0800200C9A66}\
"MenuText" = "Uninstall BitDefender Online Scanner v8"
"Exec" = "%windir%\bdoscandel.exe" [null data]
Miscellaneous IE Hijack Points
------------------------------
C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")
Added lines (compared with English-language version):
[Strings]: SAFESITE_VALUE="https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fhome.microsoft.com%2fintl%2ffr%2f%3f"
Missing lines (compared with English-language version):
[Strings]: 1 line
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
Automatic LiveUpdate Scheduler, Automatic LiveUpdate Scheduler, ""C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"" ["Symantec Corporation"]
Creative Service for CDROM Access, Creative Service for CDROM Access, "C:\WINDOWS\system32\CTsvcCDA.EXE" ["Creative Technology Ltd"]
Local Connection Manager, Mercha2, "C:\WINDOWS\SYSTEM32\RUNDLLFROMWIN2000.EXE C:\WINDOWS\SYSTEM32\WBEM\CROTE.DLL,Export 1087" [MS]
Notebook Manager Service, anbmService, "C:\Acer\eManager\anbmServ.exe" ["OSA Technologies Inc."]
Std datl Service, datl, "C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\yvld\ifvq.dll,Service -s" [MS]
Sunbelt Kerio Personal Firewall 4, KPF4, ""C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe"" ["Sunbelt Software"]
Symantec AppCore Service, SymAppCore, ""C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe"" ["Symantec Corporation"]
Symantec Event Manager, ccEvtMgr, ""C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon" ["Symantec Corporation"]
Symantec Lic NetConnect service, CLTNetCnService, ""C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon" ["Symantec Corporation"]
Symantec Settings Manager, ccSetMgr, ""C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon" ["Symantec Corporation"]
System Administrator, Tech, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\system32\xenty.dll" [MS]}
Windows Defender, WinDefend, ""C:\Program Files\Windows Defender\MsMpEng.exe"" [MS]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]
Print Monitors:
---------------
HKLM\System\CurrentControlSet\Control\Print\Monitors\
Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]
Microsoft Shared Fax Monitor\Driver = "FXSMON.DLL" [MS]
----------
<<!>>: Suspicious data at a malware launch point.
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 95 seconds, including 4 seconds for message boxes)
en revecnhe, le dossier C:\Program Files\ËÑË÷À se supprime mais il revient tjs au meme endroit, je pige pas, car je pense que c est une des sources du probleme, ca serait bien de le virer...
lorg03
Messages postés
99
Date d'inscription
mercredi 21 février 2007
Statut
Membre
Dernière intervention
18 octobre 2009
24 févr. 2007 à 20:17
24 févr. 2007 à 20:17
et voici le rapport avg :
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 20:14:43 25/02/2007
+ Résultat de l'analyse:
C:\Documents and Settings\bayle\Local Settings\Temp\AIS_1161_0.EXE -> Adware.Boran : Aucune action entreprise.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{6A512BF7-EC78-4e8d-9841-6C02E8FA9838} -> Adware.Generic : Aucune action entreprise.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6A512BF7-EC78-4e8d-9841-6C02E8FA9838} -> Adware.Generic : Aucune action entreprise.
C:\System Volume Information\_restore{3FFD409C-A779-4E68-83FD-8EA2CEAF0EFF}\RP7\A0000688.dll -> Adware.Softomate : Aucune action entreprise.
C:\System Volume Information\_restore{3FFD409C-A779-4E68-83FD-8EA2CEAF0EFF}\RP9\A0000790.dll -> Adware.Softomate : Aucune action entreprise.
C:\System Volume Information\_restore{3FFD409C-A779-4E68-83FD-8EA2CEAF0EFF}\RP9\A0000791.dll -> Adware.Softomate : Aucune action entreprise.
C:\System Volume Information\_restore{3FFD409C-A779-4E68-83FD-8EA2CEAF0EFF}\RP7\A0000691.exe -> Backdoor.Agent.ahj : Aucune action entreprise.
C:\System Volume Information\_restore{3FFD409C-A779-4E68-83FD-8EA2CEAF0EFF}\RP7\A0000733.exe -> Backdoor.Agent.ahj : Aucune action entreprise.
C:\System Volume Information\_restore{3FFD409C-A779-4E68-83FD-8EA2CEAF0EFF}\RP8\A0000770.exe -> Backdoor.Agent.ahj : Aucune action entreprise.
C:\System Volume Information\_restore{3FFD409C-A779-4E68-83FD-8EA2CEAF0EFF}\RP9\A0000806.exe -> Backdoor.Agent.ahj : Aucune action entreprise.
C:\WINDOWS\system32\B3A2BF22.exe -> Backdoor.Agent.ahj : Aucune action entreprise.
[2040] C:\WINDOWS\system32\B3A2BF22.exe -> Backdoor.Agent.ahj : Aucune action entreprise.
:mozilla.80:C:\Documents and Settings\bayle\Application Data\Mozilla\Firefox\Profiles\g0504vtx.default\cookies.txt -> TrackingCookie.Adbrite : Aucune action entreprise.
:mozilla.83:C:\Documents and Settings\bayle\Application Data\Mozilla\Firefox\Profiles\g0504vtx.default\cookies.txt -> TrackingCookie.Adbrite : Aucune action entreprise.
:mozilla.87:C:\Documents and Settings\bayle\Application Data\Mozilla\Firefox\Profiles\g0504vtx.default\cookies.txt -> TrackingCookie.Adbrite : Aucune action entreprise.
:mozilla.91:C:\Documents and Settings\bayle\Application Data\Mozilla\Firefox\Profiles\g0504vtx.default\cookies.txt -> TrackingCookie.Adrevolver : Aucune action entreprise.
:mozilla.92:C:\Documents and Settings\bayle\Application Data\Mozilla\Firefox\Profiles\g0504vtx.default\cookies.txt -> TrackingCookie.Adrevolver : Aucune action entreprise.
:mozilla.46:C:\Documents and Settings\bayle\Application Data\Mozilla\Firefox\Profiles\g0504vtx.default\cookies.txt -> TrackingCookie.Casalemedia : Aucune action entreprise.
:mozilla.47:C:\Documents and Settings\bayle\Application Data\Mozilla\Firefox\Profiles\g0504vtx.default\cookies.txt -> TrackingCookie.Casalemedia : Aucune action entreprise.
:mozilla.48:C:\Documents and Settings\bayle\Application Data\Mozilla\Firefox\Profiles\g0504vtx.default\cookies.txt -> TrackingCookie.Casalemedia : Aucune action entreprise.
:mozilla.49:C:\Documents and Settings\bayle\Application Data\Mozilla\Firefox\Profiles\g0504vtx.default\cookies.txt -> TrackingCookie.Casalemedia : Aucune action entreprise.
:mozilla.50:C:\Documents and Settings\bayle\Application Data\Mozilla\Firefox\Profiles\g0504vtx.default\cookies.txt -> TrackingCookie.Casalemedia : Aucune action entreprise.
:mozilla.51:C:\Documents and Settings\bayle\Application Data\Mozilla\Firefox\Profiles\g0504vtx.default\cookies.txt -> TrackingCookie.Casalemedia : Aucune action entreprise.
:mozilla.88:C:\Documents and Settings\bayle\Application Data\Mozilla\Firefox\Profiles\g0504vtx.default\cookies.txt -> TrackingCookie.Clickhype : Aucune action entreprise.
:mozilla.89:C:\Documents and Settings\bayle\Application Data\Mozilla\Firefox\Profiles\g0504vtx.default\cookies.txt -> TrackingCookie.Clickhype : Aucune action entreprise.
:mozilla.142:C:\Documents and Settings\bayle\Application Data\Mozilla\Firefox\Profiles\g0504vtx.default\cookies.txt -> TrackingCookie.Esomniture : Aucune action entreprise.
:mozilla.54:C:\Documents and Settings\bayle\Application Data\Mozilla\Firefox\Profiles\g0504vtx.default\cookies.txt -> TrackingCookie.Estat : Aucune action entreprise.
:mozilla.116:C:\Documents and Settings\bayle\Application Data\Mozilla\Firefox\Profiles\g0504vtx.default\cookies.txt -> TrackingCookie.Googleadservices : Aucune action entreprise.
:mozilla.63:C:\Documents and Settings\bayle\Application Data\Mozilla\Firefox\Profiles\g0504vtx.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
:mozilla.64:C:\Documents and Settings\bayle\Application Data\Mozilla\Firefox\Profiles\g0504vtx.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
:mozilla.65:C:\Documents and Settings\bayle\Application Data\Mozilla\Firefox\Profiles\g0504vtx.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
:mozilla.66:C:\Documents and Settings\bayle\Application Data\Mozilla\Firefox\Profiles\g0504vtx.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
:mozilla.67:C:\Documents and Settings\bayle\Application Data\Mozilla\Firefox\Profiles\g0504vtx.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
:mozilla.68:C:\Documents and Settings\bayle\Application Data\Mozilla\Firefox\Profiles\g0504vtx.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
:mozilla.149:C:\Documents and Settings\bayle\Application Data\Mozilla\Firefox\Profiles\g0504vtx.default\cookies.txt -> TrackingCookie.Weborama : Aucune action entreprise.
:mozilla.94:C:\Documents and Settings\bayle\Application Data\Mozilla\Firefox\Profiles\g0504vtx.default\cookies.txt -> TrackingCookie.Yieldmanager : Aucune action entreprise.
:mozilla.95:C:\Documents and Settings\bayle\Application Data\Mozilla\Firefox\Profiles\g0504vtx.default\cookies.txt -> TrackingCookie.Yieldmanager : Aucune action entreprise.
:mozilla.96:C:\Documents and Settings\bayle\Application Data\Mozilla\Firefox\Profiles\g0504vtx.default\cookies.txt -> TrackingCookie.Yieldmanager : Aucune action entreprise.
Fin du rapport
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 20:14:43 25/02/2007
+ Résultat de l'analyse:
C:\Documents and Settings\bayle\Local Settings\Temp\AIS_1161_0.EXE -> Adware.Boran : Aucune action entreprise.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{6A512BF7-EC78-4e8d-9841-6C02E8FA9838} -> Adware.Generic : Aucune action entreprise.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6A512BF7-EC78-4e8d-9841-6C02E8FA9838} -> Adware.Generic : Aucune action entreprise.
C:\System Volume Information\_restore{3FFD409C-A779-4E68-83FD-8EA2CEAF0EFF}\RP7\A0000688.dll -> Adware.Softomate : Aucune action entreprise.
C:\System Volume Information\_restore{3FFD409C-A779-4E68-83FD-8EA2CEAF0EFF}\RP9\A0000790.dll -> Adware.Softomate : Aucune action entreprise.
C:\System Volume Information\_restore{3FFD409C-A779-4E68-83FD-8EA2CEAF0EFF}\RP9\A0000791.dll -> Adware.Softomate : Aucune action entreprise.
C:\System Volume Information\_restore{3FFD409C-A779-4E68-83FD-8EA2CEAF0EFF}\RP7\A0000691.exe -> Backdoor.Agent.ahj : Aucune action entreprise.
C:\System Volume Information\_restore{3FFD409C-A779-4E68-83FD-8EA2CEAF0EFF}\RP7\A0000733.exe -> Backdoor.Agent.ahj : Aucune action entreprise.
C:\System Volume Information\_restore{3FFD409C-A779-4E68-83FD-8EA2CEAF0EFF}\RP8\A0000770.exe -> Backdoor.Agent.ahj : Aucune action entreprise.
C:\System Volume Information\_restore{3FFD409C-A779-4E68-83FD-8EA2CEAF0EFF}\RP9\A0000806.exe -> Backdoor.Agent.ahj : Aucune action entreprise.
C:\WINDOWS\system32\B3A2BF22.exe -> Backdoor.Agent.ahj : Aucune action entreprise.
[2040] C:\WINDOWS\system32\B3A2BF22.exe -> Backdoor.Agent.ahj : Aucune action entreprise.
:mozilla.80:C:\Documents and Settings\bayle\Application Data\Mozilla\Firefox\Profiles\g0504vtx.default\cookies.txt -> TrackingCookie.Adbrite : Aucune action entreprise.
:mozilla.83:C:\Documents and Settings\bayle\Application Data\Mozilla\Firefox\Profiles\g0504vtx.default\cookies.txt -> TrackingCookie.Adbrite : Aucune action entreprise.
:mozilla.87:C:\Documents and Settings\bayle\Application Data\Mozilla\Firefox\Profiles\g0504vtx.default\cookies.txt -> TrackingCookie.Adbrite : Aucune action entreprise.
:mozilla.91:C:\Documents and Settings\bayle\Application Data\Mozilla\Firefox\Profiles\g0504vtx.default\cookies.txt -> TrackingCookie.Adrevolver : Aucune action entreprise.
:mozilla.92:C:\Documents and Settings\bayle\Application Data\Mozilla\Firefox\Profiles\g0504vtx.default\cookies.txt -> TrackingCookie.Adrevolver : Aucune action entreprise.
:mozilla.46:C:\Documents and Settings\bayle\Application Data\Mozilla\Firefox\Profiles\g0504vtx.default\cookies.txt -> TrackingCookie.Casalemedia : Aucune action entreprise.
:mozilla.47:C:\Documents and Settings\bayle\Application Data\Mozilla\Firefox\Profiles\g0504vtx.default\cookies.txt -> TrackingCookie.Casalemedia : Aucune action entreprise.
:mozilla.48:C:\Documents and Settings\bayle\Application Data\Mozilla\Firefox\Profiles\g0504vtx.default\cookies.txt -> TrackingCookie.Casalemedia : Aucune action entreprise.
:mozilla.49:C:\Documents and Settings\bayle\Application Data\Mozilla\Firefox\Profiles\g0504vtx.default\cookies.txt -> TrackingCookie.Casalemedia : Aucune action entreprise.
:mozilla.50:C:\Documents and Settings\bayle\Application Data\Mozilla\Firefox\Profiles\g0504vtx.default\cookies.txt -> TrackingCookie.Casalemedia : Aucune action entreprise.
:mozilla.51:C:\Documents and Settings\bayle\Application Data\Mozilla\Firefox\Profiles\g0504vtx.default\cookies.txt -> TrackingCookie.Casalemedia : Aucune action entreprise.
:mozilla.88:C:\Documents and Settings\bayle\Application Data\Mozilla\Firefox\Profiles\g0504vtx.default\cookies.txt -> TrackingCookie.Clickhype : Aucune action entreprise.
:mozilla.89:C:\Documents and Settings\bayle\Application Data\Mozilla\Firefox\Profiles\g0504vtx.default\cookies.txt -> TrackingCookie.Clickhype : Aucune action entreprise.
:mozilla.142:C:\Documents and Settings\bayle\Application Data\Mozilla\Firefox\Profiles\g0504vtx.default\cookies.txt -> TrackingCookie.Esomniture : Aucune action entreprise.
:mozilla.54:C:\Documents and Settings\bayle\Application Data\Mozilla\Firefox\Profiles\g0504vtx.default\cookies.txt -> TrackingCookie.Estat : Aucune action entreprise.
:mozilla.116:C:\Documents and Settings\bayle\Application Data\Mozilla\Firefox\Profiles\g0504vtx.default\cookies.txt -> TrackingCookie.Googleadservices : Aucune action entreprise.
:mozilla.63:C:\Documents and Settings\bayle\Application Data\Mozilla\Firefox\Profiles\g0504vtx.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
:mozilla.64:C:\Documents and Settings\bayle\Application Data\Mozilla\Firefox\Profiles\g0504vtx.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
:mozilla.65:C:\Documents and Settings\bayle\Application Data\Mozilla\Firefox\Profiles\g0504vtx.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
:mozilla.66:C:\Documents and Settings\bayle\Application Data\Mozilla\Firefox\Profiles\g0504vtx.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
:mozilla.67:C:\Documents and Settings\bayle\Application Data\Mozilla\Firefox\Profiles\g0504vtx.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
:mozilla.68:C:\Documents and Settings\bayle\Application Data\Mozilla\Firefox\Profiles\g0504vtx.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
:mozilla.149:C:\Documents and Settings\bayle\Application Data\Mozilla\Firefox\Profiles\g0504vtx.default\cookies.txt -> TrackingCookie.Weborama : Aucune action entreprise.
:mozilla.94:C:\Documents and Settings\bayle\Application Data\Mozilla\Firefox\Profiles\g0504vtx.default\cookies.txt -> TrackingCookie.Yieldmanager : Aucune action entreprise.
:mozilla.95:C:\Documents and Settings\bayle\Application Data\Mozilla\Firefox\Profiles\g0504vtx.default\cookies.txt -> TrackingCookie.Yieldmanager : Aucune action entreprise.
:mozilla.96:C:\Documents and Settings\bayle\Application Data\Mozilla\Firefox\Profiles\g0504vtx.default\cookies.txt -> TrackingCookie.Yieldmanager : Aucune action entreprise.
Fin du rapport
lorg03
Messages postés
99
Date d'inscription
mercredi 21 février 2007
Statut
Membre
Dernière intervention
18 octobre 2009
25 févr. 2007 à 00:04
25 févr. 2007 à 00:04
je pige pas, avec tout les trucs que j enleve avec les anti spyware et ce que vous me dites, j ai tjs les 3 memes fenetres pub qui s ouvre avec IE, ce sont des pages blanches, elles s ouvrent rarement mais tjs au moins une fois, et sinon si j utilise IE, alors elle s ouvre a chaque connexion...je sais pas coment faire pr me debarrasser de tout ca, ca commence a etre long...j aimerai eviter la restauration complete de l ordinateur, j espere qu on y arrivera...
merci de votre aide
merci de votre aide
Utilisateur anonyme
25 févr. 2007 à 00:19
25 févr. 2007 à 00:19
Salut
¤ Refait un nettoyage avec CCleaner, fais le plus souvent car vu on rapport AVG tu ne le fait pas assez souvent.
¤ pour AVG : Aucune action entreprise Refait le, à la fin du scan choisis "appliquer" pour tout supprimer car il y adeux infections.
¤ Clic sur C:, proragm fiels te supprime ce dossier si encore présent :
- Ó¥Óö·÷
¤ Télécharge à nouveau ce fichier, double clic dessus accepte la fusion au registre.
Redémarre ton PC et dis moi ce que ça donne.
http://www.mediafire.com/?6nm02zygi3y
A++ ;-)
¤ Refait un nettoyage avec CCleaner, fais le plus souvent car vu on rapport AVG tu ne le fait pas assez souvent.
¤ pour AVG : Aucune action entreprise Refait le, à la fin du scan choisis "appliquer" pour tout supprimer car il y adeux infections.
¤ Clic sur C:, proragm fiels te supprime ce dossier si encore présent :
- Ó¥Óö·÷
¤ Télécharge à nouveau ce fichier, double clic dessus accepte la fusion au registre.
Redémarre ton PC et dis moi ce que ça donne.
http://www.mediafire.com/?6nm02zygi3y
A++ ;-)
lorg03
Messages postés
99
Date d'inscription
mercredi 21 février 2007
Statut
Membre
Dernière intervention
18 octobre 2009
25 févr. 2007 à 02:55
25 févr. 2007 à 02:55
en fait pr avg, je copie le rapport et ensuite je supprime toutes les infections, mais des que je refais une analyse, il retrouve a peu pres les memes nom d infection...
Utilisateur anonyme
25 févr. 2007 à 03:14
25 févr. 2007 à 03:14
Ok, mais par exemple celui-la ne devrait plus être la (B3A2BF22.exe ) je te l'ai indiqué dès le 7éme post.
Fait tout ce que je t'ai demandé. Puis met à jour ton PC, Internet Explorer compris ça devrait régler le problème.
Fait tout ce que je t'ai demandé. Puis met à jour ton PC, Internet Explorer compris ça devrait régler le problème.
lorg03
Messages postés
99
Date d'inscription
mercredi 21 février 2007
Statut
Membre
Dernière intervention
18 octobre 2009
25 févr. 2007 à 03:36
25 févr. 2007 à 03:36
ok, mais c est quoi mettre a jour le pc et IE?
je pense avoir supprimer a chaque les infections avec avg, car ke met supprimer, appliquer, et je redemarre mon ordinateur...pr le moment je n ai pas retrouvé les dossiers effacés aujourd hui; j epsere que c est parti pr de bon, par contre tjs IE pollué cest 3 fenetre pub...
je pense avoir supprimer a chaque les infections avec avg, car ke met supprimer, appliquer, et je redemarre mon ordinateur...pr le moment je n ai pas retrouvé les dossiers effacés aujourd hui; j epsere que c est parti pr de bon, par contre tjs IE pollué cest 3 fenetre pub...
Utilisateur anonyme
25 févr. 2007 à 04:16
25 févr. 2007 à 04:16
Pour le mettre à jour :
Demarrer, tous les programmes, (tout en haut) Windows Update tu auras des mises à jour et IE7 que tu pourras télécharger.
Pense à mettre à jour ton FireFox la version 2.0.0.2 est sortie.
La mise à jour d'IE 7 devrait régler ton problème.
Demarrer, tous les programmes, (tout en haut) Windows Update tu auras des mises à jour et IE7 que tu pourras télécharger.
Pense à mettre à jour ton FireFox la version 2.0.0.2 est sortie.
La mise à jour d'IE 7 devrait régler ton problème.
lorg03
Messages postés
99
Date d'inscription
mercredi 21 février 2007
Statut
Membre
Dernière intervention
18 octobre 2009
25 févr. 2007 à 04:29
25 févr. 2007 à 04:29
ok, je viens de remttre a jour windows;ais pour IE7, esque je dois effacer IE6 ou ca le remplace automatiquement?
lorg03
Messages postés
99
Date d'inscription
mercredi 21 février 2007
Statut
Membre
Dernière intervention
18 octobre 2009
25 févr. 2007 à 20:51
25 févr. 2007 à 20:51
IE7 s est bien installé mais j ai tjs ces fenetre blanche qui s ouvre avec IE automatiquement, et le programme que je surrpime tout les jours qui ressemble a ca ??? est tjs la aussi, j aiemrai tellement m en debarrasser definitivement...
Utilisateur anonyme
26 févr. 2007 à 01:10
26 févr. 2007 à 01:10
Télécharge et installe ceci :
Spycatcher Express Free: (en Anglais, gratuit)
http://download.tenebril.com/pub/bin/spycatcher-express.exe
Met le a jour "updates" puis scan complétement ton PC et dis moi ce qu'il te trouve.
Tu pourras le désinstaller des que c'est terminé.
Spycatcher Express Free: (en Anglais, gratuit)
http://download.tenebril.com/pub/bin/spycatcher-express.exe
Met le a jour "updates" puis scan complétement ton PC et dis moi ce qu'il te trouve.
Tu pourras le désinstaller des que c'est terminé.
lorg03
Messages postés
99
Date d'inscription
mercredi 21 février 2007
Statut
Membre
Dernière intervention
18 octobre 2009
26 févr. 2007 à 03:51
26 févr. 2007 à 03:51
il a trouvé 37 spyware et dossier suspicieux...j ai tout mis sur quarantaine, par contre comment je fais pr appliquer les actions, ca se fait automatiquement? je n ai pas de bouton appliquer...dois je tout supprimer ou quarantaine?
il a aussi trouvé une trace, mais je sais pas si je peux supprimer ou pas car aucun bouton supprimer...
il a aussi trouvé une trace, mais je sais pas si je peux supprimer ou pas car aucun bouton supprimer...
lorg03
Messages postés
99
Date d'inscription
mercredi 21 février 2007
Statut
Membre
Dernière intervention
18 octobre 2009
27 févr. 2007 à 20:59
27 févr. 2007 à 20:59
salut,
avec tout les programmes antivirus, mon ordinateur est lent, j aimerai en effacer quelques uns...quels sont les scan le splus importants a garder?
de plus, depuis l installation du pare feu subelt kerio et de spycatcher, je ne trouve plus de serveur sur emule, je sais pas d ou ca vient...
enfin,j ai tjs des fenetres intempestive qui s ouvre sur IE, et le par feu kerio bloque tres souvent des attaques, esque c est normal, et esque c est possible d enlever les alertes car je dois cliquer a chaque fois...
merci
avec tout les programmes antivirus, mon ordinateur est lent, j aimerai en effacer quelques uns...quels sont les scan le splus importants a garder?
de plus, depuis l installation du pare feu subelt kerio et de spycatcher, je ne trouve plus de serveur sur emule, je sais pas d ou ca vient...
enfin,j ai tjs des fenetres intempestive qui s ouvre sur IE, et le par feu kerio bloque tres souvent des attaques, esque c est normal, et esque c est possible d enlever les alertes car je dois cliquer a chaque fois...
merci