[virus] impossible a supprimer
lorg03
Messages postés
99
Statut
Membre
-
lorg03 Messages postés 99 Statut Membre -
lorg03 Messages postés 99 Statut Membre -
bonjour, j ai depuis deux semaines mon ordinateur qui est infecté; IE est pollué de fenetre publicitaire asiatique, et mon par feu est tres solliciter je trouve, j ai tres souvent des fenetres qui s ouvrent me disant qu un programme suspect essai de se mettre en route.
j aimerai pouvoir me debarrasser de tout ca; comme anti virus, j ai Norton, et j ai rajouté un par feu que l on m a conseillé, Kerio. J ai aussi spycatche rqui m envoit tres souvant des alertes...
j ai fait un rapport Hijackthis que voici:
Logfile of HijackThis v1.99.1
Scan saved at 22:58:57, on 06/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\system32\keyhook.exe
C:\Program Files\Arcade\PCMService.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\WINDOWS\SYSTEM32\SWEEPER.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\bayle\Bureau\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hao123.union123.com/index.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hao123.union123.com/index.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: 57a1 - {DFCB34B6-902D-426E-AE2B-1B294AE19F4F} - C:\WINDOWS\system32\4c13ntos.dll
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\SpyCatcher 2006\SCActiveBlock.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5853b8b6-d774-4ed5-8b0d-4e03f37a8dbf} - C:\WINDOWS\system32\4ed5cfsb.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {c4cc6cd0-57a1-4c13-ae2b-1b294ae19f4f} - C:\WINDOWS\system32\4c13ntos.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: 57a1 - {DFCB34B6-902D-426E-AE2B-1B294AE19F4F} - C:\WINDOWS\system32\4c13ntos.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SpyCatcher Reminder] "C:\Program Files\SpyCatcher 2006\SpyCatcher.exe" reminder
O4 - HKLM\..\Run: [Internet Sweeper] C:\WINDOWS\SYSTEM32\SWEEPER.EXE /Q
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O4 - Global Startup: SpyCatcher Protector.lnk = C:\Program Files\SpyCatcher 2006\Protector.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: ²Æ¸»Í¨ - {C1F0024B-8278-4999-B7E6-2718426D9FE6} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O20 - AppInit_DLLs: interceptor.dll,c:\progra~1\google\google~1\goec62~1.dll c:\progra~1\google\google~1\goec62~1.dll
O20 - Winlogon Notify: cryptimg - cryptimg.dll (file missing)
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Local Connection Manager (Mercha2) - Unknown owner - C:\WINDOWS\SYSTEM32\RUNDLLFROMWIN2000.EXE (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
si quelqu un a uen solution il sera le bienvenue
merci
j aimerai pouvoir me debarrasser de tout ca; comme anti virus, j ai Norton, et j ai rajouté un par feu que l on m a conseillé, Kerio. J ai aussi spycatche rqui m envoit tres souvant des alertes...
j ai fait un rapport Hijackthis que voici:
Logfile of HijackThis v1.99.1
Scan saved at 22:58:57, on 06/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\system32\keyhook.exe
C:\Program Files\Arcade\PCMService.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\WINDOWS\SYSTEM32\SWEEPER.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\bayle\Bureau\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hao123.union123.com/index.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hao123.union123.com/index.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: 57a1 - {DFCB34B6-902D-426E-AE2B-1B294AE19F4F} - C:\WINDOWS\system32\4c13ntos.dll
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\SpyCatcher 2006\SCActiveBlock.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5853b8b6-d774-4ed5-8b0d-4e03f37a8dbf} - C:\WINDOWS\system32\4ed5cfsb.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {c4cc6cd0-57a1-4c13-ae2b-1b294ae19f4f} - C:\WINDOWS\system32\4c13ntos.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: 57a1 - {DFCB34B6-902D-426E-AE2B-1B294AE19F4F} - C:\WINDOWS\system32\4c13ntos.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SpyCatcher Reminder] "C:\Program Files\SpyCatcher 2006\SpyCatcher.exe" reminder
O4 - HKLM\..\Run: [Internet Sweeper] C:\WINDOWS\SYSTEM32\SWEEPER.EXE /Q
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O4 - Global Startup: SpyCatcher Protector.lnk = C:\Program Files\SpyCatcher 2006\Protector.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: ²Æ¸»Í¨ - {C1F0024B-8278-4999-B7E6-2718426D9FE6} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O20 - AppInit_DLLs: interceptor.dll,c:\progra~1\google\google~1\goec62~1.dll c:\progra~1\google\google~1\goec62~1.dll
O20 - Winlogon Notify: cryptimg - cryptimg.dll (file missing)
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Local Connection Manager (Mercha2) - Unknown owner - C:\WINDOWS\SYSTEM32\RUNDLLFROMWIN2000.EXE (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
si quelqu un a uen solution il sera le bienvenue
merci
A voir également:
- [virus] impossible a supprimer
- Supprimer rond bleu whatsapp - Guide
- Fichier impossible à supprimer - Guide
- Impossible de supprimer une page word - Guide
- Comment supprimer fausse alerte virus mcafee - Accueil - Piratage
- Supprimer pub youtube - Accueil - Streaming
47 réponses
normalement je suis protégé avec norton que j ai payé, je sais qu il est pas genail mais c est trop tard...mais je peux tjs le desinstaller et le remplacer par avast qui est gratuit et appremment pas mal...
les fichiers se sont bien supprimés,
voici le rapport comboscan:
-- HijackThis (run as bayle.exe) ------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 23:50:41, on 10/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\keyhook.exe
C:\Program Files\Arcade\PCMService.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Documents and Settings\bayle\Bureau\comboscan.exe
C:\DOCUME~1\bayle\Bureau\HIJACK~1\bayle.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\SpyCatcher 2006\SCActiveBlock.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O20 - AppInit_DLLs: interceptor.dll,c:\progra~1\google\google~1\goec62~1.dll c:\progra~1\google\google~1\goec62~1.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
-- Files created between 2007-02-10 and 2007-03-10 ------------------------------
2007-03-10 19:55:12 0 d-------- C:\WINDOWS\LastGood
2007-02-27 01:33:24 0 d-------- C:\Documents and Settings\bayle\Application Data\Tenebril
2007-02-27 01:23:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Tenebril
2007-02-27 01:23:37 0 d-------- C:\WINDOWS\system32\tenarchlib<TENARC~1>
2007-02-27 01:23:37 176128 --a-s---- C:\WINDOWS\system32\Interceptor.dll<INTERC~1.DLL>
2007-02-27 01:23:37 307200 --a-s---- C:\WINDOWS\system32\InterceptHelper.dll<INTERC~2.DLL>
2007-02-27 01:23:36 180224 --a-s---- C:\WINDOWS\system32\archlib.dll
2007-02-27 01:23:36 0 d-------- C:\Program Files\SpyCatcher 2006<SPYCAT~1>
2007-02-26 04:38:00 0 d-------- C:\WINDOWS\WBEM
2007-02-26 04:37:58 0 d-------- C:\WINDOWS\system32\fr-fr
2007-02-26 04:36:28 0 d--h----- C:\WINDOWS\ie7
2007-02-26 04:35:43 22752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-02-26 04:34:57 121856 -----n--- C:\WINDOWS\system32\xmllite.dll
2007-02-26 04:24:11 14826288 --a------ C:\Program Files\IE7-WindowsXP-x86-fra.exe<IE7-WI~1.EXE>
2007-02-25 18:58:50 0 d-------- C:\Program Files\Sunbelt Software<SUNBEL~1>
2007-02-24 21:48:22 0 d-------- C:\Rustbfix
2007-02-24 19:37:45 80 --a------ C:\WINDOWS\gmer_uninstall.cmd<GMER_U~1.CMD>
2007-02-24 19:30:37 0 d-------- C:\_OTMoveIt<_OTMOV~1>
2007-02-23 21:18:30 3968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-02-23 21:18:28 0 d-------- C:\Program Files\Grisoft
2007-02-22 21:02:11 0 d-------- C:\WINDOWS\system32\Kaspersky Lab<KASPER~1>
2007-02-22 09:48:18 0 d-------- C:\Program Files\a-squared Free<A-SQUA~1>
2007-02-22 08:01:22 0 d-------- C:\WINDOWS\BDOSCAN8
2007-02-21 03:33:39 0 d--h----- C:\WINDOWS\$hf_mig$
2007-02-21 00:04:49 1 --a------ C:\WINDOWS\system32\index.dat
2007-02-20 18:48:19 0 d-------- C:\Program Files\CCleaner
2007-02-20 13:34:08 71088 --a------ C:\WINDOWS\system32\drivers\khips.sys
2007-02-20 13:34:02 302000 --a------ C:\WINDOWS\system32\drivers\fwdrv.sys
2007-02-19 21:08:45 0 d-------- C:\WINDOWS\pss
2007-02-15 21:02:47 0 d-------- C:\Program Files\Windows Defender<WIFD1F~1>
2007-02-15 20:58:40 0 d-------- C:\Documents and Settings\bayle\Application Data\Lavasoft
2007-02-15 19:12:13 28672 --a------ C:\WINDOWS\system32\drivers\CO_Mon.sys
2007-02-15 00:05:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy<SPYBOT~1>
2007-02-14 00:36:40 0 d-------- C:\Program Files\BitComet
2007-02-13 23:41:59 0 d-------- C:\Program Files\Western Digital Technologies<WESTER~1>
-- Find3M Report ----------------------------------------------------------------
2007-02-17 19:12:36 369864 --a------ C:\WINDOWS\system32\perfh00C.dat
2007-02-17 19:12:36 49924 --a------ C:\WINDOWS\system32\perfc00C.dat
2007-01-15 06:28:54 48776 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
-- Registry Dump ----------------------------------------------------------------
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Creative Detector"="C:\\Program Files\\Creative\\MediaSource\\Detector\\CTDetect.exe /R"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"SoundMan"="SOUNDMAN.EXE"
"SiSPower"="Rundll32.exe SiSPower.dll,ModeAgent"
"SiS Windows KeyHook"="C:\\WINDOWS\\system32\\keyhook.exe"
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"PCMService"="\"C:\\Program Files\\Arcade\\PCMService.exe\""
"osCheck"="\"C:\\Program Files\\Norton Internet Security\\osCheck.exe\""
"MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
"LManager"="C:\\Program Files\\Launch Manager\\QtZgAcer.EXE"
"LaunchApp"="Alaunch"
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
"eRecoveryService"="C:\\Acer\\Empowering Technology\\eRecovery\\Monitor.exe"
"ccApp"="\"C:\\Program Files\\Fichiers communs\\Symantec Shared\\ccApp.exe\""
"TkBellExe"="\"C:\\Program Files\\Fichiers communs\\Real\\Update_OB\\realsched.exe\" -osboot"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="interceptor.dll,c:\progra~1\google\google~1\goec62~1.dll c:\progra~1\google\google~1\goec62~1.dll"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\i82440bx
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HKLM\software\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs*
Tech
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_COMHOST
-- End of ComboScan: finished at 2007-03-10 at 23:53:06 -------------------------
les fichiers se sont bien supprimés,
voici le rapport comboscan:
-- HijackThis (run as bayle.exe) ------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 23:50:41, on 10/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\keyhook.exe
C:\Program Files\Arcade\PCMService.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Documents and Settings\bayle\Bureau\comboscan.exe
C:\DOCUME~1\bayle\Bureau\HIJACK~1\bayle.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\SpyCatcher 2006\SCActiveBlock.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O20 - AppInit_DLLs: interceptor.dll,c:\progra~1\google\google~1\goec62~1.dll c:\progra~1\google\google~1\goec62~1.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
-- Files created between 2007-02-10 and 2007-03-10 ------------------------------
2007-03-10 19:55:12 0 d-------- C:\WINDOWS\LastGood
2007-02-27 01:33:24 0 d-------- C:\Documents and Settings\bayle\Application Data\Tenebril
2007-02-27 01:23:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Tenebril
2007-02-27 01:23:37 0 d-------- C:\WINDOWS\system32\tenarchlib<TENARC~1>
2007-02-27 01:23:37 176128 --a-s---- C:\WINDOWS\system32\Interceptor.dll<INTERC~1.DLL>
2007-02-27 01:23:37 307200 --a-s---- C:\WINDOWS\system32\InterceptHelper.dll<INTERC~2.DLL>
2007-02-27 01:23:36 180224 --a-s---- C:\WINDOWS\system32\archlib.dll
2007-02-27 01:23:36 0 d-------- C:\Program Files\SpyCatcher 2006<SPYCAT~1>
2007-02-26 04:38:00 0 d-------- C:\WINDOWS\WBEM
2007-02-26 04:37:58 0 d-------- C:\WINDOWS\system32\fr-fr
2007-02-26 04:36:28 0 d--h----- C:\WINDOWS\ie7
2007-02-26 04:35:43 22752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-02-26 04:34:57 121856 -----n--- C:\WINDOWS\system32\xmllite.dll
2007-02-26 04:24:11 14826288 --a------ C:\Program Files\IE7-WindowsXP-x86-fra.exe<IE7-WI~1.EXE>
2007-02-25 18:58:50 0 d-------- C:\Program Files\Sunbelt Software<SUNBEL~1>
2007-02-24 21:48:22 0 d-------- C:\Rustbfix
2007-02-24 19:37:45 80 --a------ C:\WINDOWS\gmer_uninstall.cmd<GMER_U~1.CMD>
2007-02-24 19:30:37 0 d-------- C:\_OTMoveIt<_OTMOV~1>
2007-02-23 21:18:30 3968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-02-23 21:18:28 0 d-------- C:\Program Files\Grisoft
2007-02-22 21:02:11 0 d-------- C:\WINDOWS\system32\Kaspersky Lab<KASPER~1>
2007-02-22 09:48:18 0 d-------- C:\Program Files\a-squared Free<A-SQUA~1>
2007-02-22 08:01:22 0 d-------- C:\WINDOWS\BDOSCAN8
2007-02-21 03:33:39 0 d--h----- C:\WINDOWS\$hf_mig$
2007-02-21 00:04:49 1 --a------ C:\WINDOWS\system32\index.dat
2007-02-20 18:48:19 0 d-------- C:\Program Files\CCleaner
2007-02-20 13:34:08 71088 --a------ C:\WINDOWS\system32\drivers\khips.sys
2007-02-20 13:34:02 302000 --a------ C:\WINDOWS\system32\drivers\fwdrv.sys
2007-02-19 21:08:45 0 d-------- C:\WINDOWS\pss
2007-02-15 21:02:47 0 d-------- C:\Program Files\Windows Defender<WIFD1F~1>
2007-02-15 20:58:40 0 d-------- C:\Documents and Settings\bayle\Application Data\Lavasoft
2007-02-15 19:12:13 28672 --a------ C:\WINDOWS\system32\drivers\CO_Mon.sys
2007-02-15 00:05:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy<SPYBOT~1>
2007-02-14 00:36:40 0 d-------- C:\Program Files\BitComet
2007-02-13 23:41:59 0 d-------- C:\Program Files\Western Digital Technologies<WESTER~1>
-- Find3M Report ----------------------------------------------------------------
2007-02-17 19:12:36 369864 --a------ C:\WINDOWS\system32\perfh00C.dat
2007-02-17 19:12:36 49924 --a------ C:\WINDOWS\system32\perfc00C.dat
2007-01-15 06:28:54 48776 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
-- Registry Dump ----------------------------------------------------------------
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Creative Detector"="C:\\Program Files\\Creative\\MediaSource\\Detector\\CTDetect.exe /R"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"SoundMan"="SOUNDMAN.EXE"
"SiSPower"="Rundll32.exe SiSPower.dll,ModeAgent"
"SiS Windows KeyHook"="C:\\WINDOWS\\system32\\keyhook.exe"
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"PCMService"="\"C:\\Program Files\\Arcade\\PCMService.exe\""
"osCheck"="\"C:\\Program Files\\Norton Internet Security\\osCheck.exe\""
"MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
"LManager"="C:\\Program Files\\Launch Manager\\QtZgAcer.EXE"
"LaunchApp"="Alaunch"
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
"eRecoveryService"="C:\\Acer\\Empowering Technology\\eRecovery\\Monitor.exe"
"ccApp"="\"C:\\Program Files\\Fichiers communs\\Symantec Shared\\ccApp.exe\""
"TkBellExe"="\"C:\\Program Files\\Fichiers communs\\Real\\Update_OB\\realsched.exe\" -osboot"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="interceptor.dll,c:\progra~1\google\google~1\goec62~1.dll c:\progra~1\google\google~1\goec62~1.dll"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\i82440bx
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HKLM\software\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs*
Tech
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_COMHOST
-- End of ComboScan: finished at 2007-03-10 at 23:53:06 -------------------------
je voulais aussi savoir tant qu on y est, j ai ma connexio msn qui se coupe toute les heure environ (ca depend) depuis que j ai installé Norton en septembre, la fentre msn reste ouverte normalement mais quand je veux parler avec quelqu un, je clique et la, la fenetre se rouvre a nouveau et se connecte, car en fait je n etais pas connecté...c est assez genant car si je n envoi pas de message, je ne me rend pas compte que je suis deconnecté, je pense qu il faudrai que je configure norton mais comment? si jamais t as une reponse...
pour emule, c etait un truc tout simple, ca a l air de remarcher, en fait ca n avait rien a voir avec kerio; par contre je voudrais savoir si je peux pas effacer ce par feu, car ayant deja norton, celui ne devrait me servir a rien, mais ce qui est bizzar c est que tu ne vois pas td anti virus resident alors que normalement j ai norton, j aiemerai etre sur que je suis bien protégé...
enfin, mon centre de securité windows est tout el temps hors service, j aimerai le remettre en route mais je sais plus comment...je l avais fait au moment de l apparition de mes pb mais des que je rallumais mon ordinateur, il etait a nouveau hors service, comme si un progrmame le mettait hors service...peut etre que c etait un virus, ou peut etre que c est norton, j en ai aucune idee, mais je preferai le remettre en route, car il y a un par feu, et comme ca je peux effacer kerio...t en pense quoi toi?
merci
a++
pour emule, c etait un truc tout simple, ca a l air de remarcher, en fait ca n avait rien a voir avec kerio; par contre je voudrais savoir si je peux pas effacer ce par feu, car ayant deja norton, celui ne devrait me servir a rien, mais ce qui est bizzar c est que tu ne vois pas td anti virus resident alors que normalement j ai norton, j aiemerai etre sur que je suis bien protégé...
enfin, mon centre de securité windows est tout el temps hors service, j aimerai le remettre en route mais je sais plus comment...je l avais fait au moment de l apparition de mes pb mais des que je rallumais mon ordinateur, il etait a nouveau hors service, comme si un progrmame le mettait hors service...peut etre que c etait un virus, ou peut etre que c est norton, j en ai aucune idee, mais je preferai le remettre en route, car il y a un par feu, et comme ca je peux effacer kerio...t en pense quoi toi?
merci
a++
Salut Lorg
Bon, comboscan mentionne encore deux choses suspectes à mon avis.
lance RegSrch.vbs, et si ton antivirus te le demande autorise le script.
Dans la fenetre du programme tape
i82440bx
et valide avec ok
attend un peu et le bloc note va s'ouvrir, sauvegarde le rapport.
Vas dans Démarrer >> exécuter et tape cmd
Dans la fen^tre de l'invite de commande, copie et colle:
reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost" /s >>/cle.txt
Poste le rapport Regsrch et le contenu du fichier c:\cle.txt
Pour ton antivirus, désolé c'est moi qui à besoin de lunettes lol, tu as bien norton en résident, pas de soucis.
Pour le centre de sécurité, il y a de forte chances que ce soit norton qui l'ai désactivé car beaucoup de suite de sécurité d'éditeurs av se permettent de le gérer à ta place...
Regarde dans l'aide ou les options de norton s'il n'y a pas quelque chose concernant le centre de sécurité.
Tu peux désinstaller Kério oui, en général il vaut mieux éviter d'avoir deux firewalls actifs en même temps.
J'utilise pas Msn, donc ca va m'être difficile de te t'aider à ce sujet lol, mais j'ai lu quelques topics ou la mule était responsable de ces deconnexions...
Fais un test sans utiliser emule en tâche de fond pour voir.
a++
Bon, comboscan mentionne encore deux choses suspectes à mon avis.
lance RegSrch.vbs, et si ton antivirus te le demande autorise le script.
Dans la fenetre du programme tape
i82440bx
et valide avec ok
attend un peu et le bloc note va s'ouvrir, sauvegarde le rapport.
Vas dans Démarrer >> exécuter et tape cmd
Dans la fen^tre de l'invite de commande, copie et colle:
reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost" /s >>/cle.txt
Poste le rapport Regsrch et le contenu du fichier c:\cle.txt
Pour ton antivirus, désolé c'est moi qui à besoin de lunettes lol, tu as bien norton en résident, pas de soucis.
Pour le centre de sécurité, il y a de forte chances que ce soit norton qui l'ai désactivé car beaucoup de suite de sécurité d'éditeurs av se permettent de le gérer à ta place...
Regarde dans l'aide ou les options de norton s'il n'y a pas quelque chose concernant le centre de sécurité.
Tu peux désinstaller Kério oui, en général il vaut mieux éviter d'avoir deux firewalls actifs en même temps.
J'utilise pas Msn, donc ca va m'être difficile de te t'aider à ce sujet lol, mais j'ai lu quelques topics ou la mule était responsable de ces deconnexions...
Fais un test sans utiliser emule en tâche de fond pour voir.
a++
bonjour zBr, alors voici le rapport reg:
REGEDIT4
; RegSrch.vbs © Bill James
; Registry search results for string "i82440bx" 11/03/2007 18:41:51
; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\i82440bx]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\i82440bx]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_I82440BX]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_I82440BX\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_I82440BX\0000]
"Service"="i82440bx"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_I82440BX\0000]
"DeviceDesc"="i82440bx"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\SafeBoot\Minimal\i82440bx]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\SafeBoot\Network\i82440bx]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_I82440BX]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_I82440BX\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_I82440BX\0000]
"Service"="i82440bx"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_I82440BX\0000]
"DeviceDesc"="i82440bx"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\i82440bx]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\i82440bx]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_I82440BX]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_I82440BX\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_I82440BX\0000]
"Service"="i82440bx"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_I82440BX\0000]
"DeviceDesc"="i82440bx"
pour ce qui est dereg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost" /s >>/cle.txt , je n ai rien qui c affiche, ca passe directement a une nouvelle ligne avec C document and setting, j ai pas l impression que ca ai fait qqchose, normalement je devrais avoir un mesage comme quoi ca a ete supprimer ou qq chose comme ca non?
pour msn, oui, c est vrai qu avec emule il se deconnecte bcp, je sais pas trop d ou ca vient,je ferai avec...sinon pour mon centre de securite,je vais essayer de voir ds les options de Norton si je peux pas ffaire en sorte qu il arrete d interferer dessus car je lis qu il est important que le centre de securite soit en marche...
REGEDIT4
; RegSrch.vbs © Bill James
; Registry search results for string "i82440bx" 11/03/2007 18:41:51
; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\i82440bx]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\i82440bx]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_I82440BX]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_I82440BX\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_I82440BX\0000]
"Service"="i82440bx"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_I82440BX\0000]
"DeviceDesc"="i82440bx"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\SafeBoot\Minimal\i82440bx]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\SafeBoot\Network\i82440bx]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_I82440BX]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_I82440BX\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_I82440BX\0000]
"Service"="i82440bx"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_I82440BX\0000]
"DeviceDesc"="i82440bx"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\i82440bx]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\i82440bx]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_I82440BX]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_I82440BX\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_I82440BX\0000]
"Service"="i82440bx"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_I82440BX\0000]
"DeviceDesc"="i82440bx"
pour ce qui est dereg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost" /s >>/cle.txt , je n ai rien qui c affiche, ca passe directement a une nouvelle ligne avec C document and setting, j ai pas l impression que ca ai fait qqchose, normalement je devrais avoir un mesage comme quoi ca a ete supprimer ou qq chose comme ca non?
pour msn, oui, c est vrai qu avec emule il se deconnecte bcp, je sais pas trop d ou ca vient,je ferai avec...sinon pour mon centre de securite,je vais essayer de voir ds les options de Norton si je peux pas ffaire en sorte qu il arrete d interferer dessus car je lis qu il est important que le centre de securite soit en marche...
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Salut lorg
pour ce qui est dereg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost" /s >>/cle.txt , je n ai rien qui c affiche, ca passe directement a une nouvelle ligne avec C document and setting, j ai pas l impression que ca ai fait qqchose, normalement je devrais avoir un mesage comme quoi ca a ete supprimer ou qq chose comme ca non?
Hé non, justement lol
Cette commande sert à lister dans un fichier texte le contenu de la clé :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost
Donc, pour avoir ce rapport il faut que tu ouvres le fichier C:\cle.txt (à la racine de ton disque dur) et que tu copie et colle le contenu de ce fichier sur le forum.
Je repasserais en milieu de soirée pour voir si tu as trouvé ce fichier et posté son contenu.
a++
pour ce qui est dereg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost" /s >>/cle.txt , je n ai rien qui c affiche, ca passe directement a une nouvelle ligne avec C document and setting, j ai pas l impression que ca ai fait qqchose, normalement je devrais avoir un mesage comme quoi ca a ete supprimer ou qq chose comme ca non?
Hé non, justement lol
Cette commande sert à lister dans un fichier texte le contenu de la clé :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost
Donc, pour avoir ce rapport il faut que tu ouvres le fichier C:\cle.txt (à la racine de ton disque dur) et que tu copie et colle le contenu de ce fichier sur le forum.
Je repasserais en milieu de soirée pour voir si tu as trouvé ce fichier et posté son contenu.
a++
ok, la je vois...alors voici le rapport cle qu ej ai trouvé:
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
netsvcs REG_MULTI_SZ 6to4\0AppMgmt\0AudioSrv\0Browser\0CryptSvc\0DMServer\0DHCP\0ERSvc\0EventSystem\0FastUserSwitchingCompatibility\0HidServ\0Ias\0Iprip\0Irmon\0LanmanServer\0Tech\0LanmanWorkstation\0Messenger\0Netman\0Nla\0Ntmssvc\0NWCWorkstation\0Nwsapagent\0Rasauto\0Rasman\0Remoteaccess\0Schedule\0Seclogon\0SENS\0Sharedaccess\0SRService\0Tapisrv\0Themes\0TrkWks\0W32Time\0WZCSVC\0Wmi\0WmdmPmSp\0winmgmt\0wscsvc\0xmlprov\0BITS\0wuauserv\0ShellHWDetection\0helpsvc\0WmdmPmSN\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\DComLaunch
CoInitializeSecurityParam REG_DWORD 0x1
DefaultRpcStackSize REG_DWORD 0x8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\HTTPFilter
CoInitializeSecurityParam REG_DWORD 0x1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService
CoInitializeSecurityParam REG_DWORD 0x1
AuthenticationCapabilities REG_DWORD 0x2000
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs
CoInitializeSecurityParam REG_DWORD 0x1
AuthenticationCapabilities REG_DWORD 0x3020
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\PCHealth
CoInitializeSecurityParam REG_DWORD 0x2
AuthenticationCapabilities REG_DWORD 0x40
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs
CoInitializeSecurityParam REG_DWORD 0x1
DefaultRpcStackSize REG_DWORD 0x8
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
netsvcs REG_MULTI_SZ 6to4\0AppMgmt\0AudioSrv\0Browser\0CryptSvc\0DMServer\0DHCP\0ERSvc\0EventSystem\0FastUserSwitchingCompatibility\0HidServ\0Ias\0Iprip\0Irmon\0LanmanServer\0Tech\0LanmanWorkstation\0Messenger\0Netman\0Nla\0Ntmssvc\0NWCWorkstation\0Nwsapagent\0Rasauto\0Rasman\0Remoteaccess\0Schedule\0Seclogon\0SENS\0Sharedaccess\0SRService\0Tapisrv\0Themes\0TrkWks\0W32Time\0WZCSVC\0Wmi\0WmdmPmSp\0winmgmt\0wscsvc\0xmlprov\0BITS\0wuauserv\0ShellHWDetection\0helpsvc\0WmdmPmSN\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\DComLaunch
CoInitializeSecurityParam REG_DWORD 0x1
DefaultRpcStackSize REG_DWORD 0x8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\HTTPFilter
CoInitializeSecurityParam REG_DWORD 0x1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService
CoInitializeSecurityParam REG_DWORD 0x1
AuthenticationCapabilities REG_DWORD 0x2000
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs
CoInitializeSecurityParam REG_DWORD 0x1
AuthenticationCapabilities REG_DWORD 0x3020
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\PCHealth
CoInitializeSecurityParam REG_DWORD 0x2
AuthenticationCapabilities REG_DWORD 0x40
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs
CoInitializeSecurityParam REG_DWORD 0x1
DefaultRpcStackSize REG_DWORD 0x8
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
netsvcs REG_MULTI_SZ 6to4\0AppMgmt\0AudioSrv\0Browser\0CryptSvc\0DMServer\0DHCP\0ERSvc\0EventSystem\0FastUserSwitchingCompatibility\0HidServ\0Ias\0Iprip\0Irmon\0LanmanServer\0Tech\0LanmanWorkstation\0Messenger\0Netman\0Nla\0Ntmssvc\0NWCWorkstation\0Nwsapagent\0Rasauto\0Rasman\0Remoteaccess\0Schedule\0Seclogon\0SENS\0Sharedaccess\0SRService\0Tapisrv\0Themes\0TrkWks\0W32Time\0WZCSVC\0Wmi\0WmdmPmSp\0winmgmt\0wscsvc\0xmlprov\0BITS\0wuauserv\0ShellHWDetection\0helpsvc\0WmdmPmSN\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\DComLaunch
CoInitializeSecurityParam REG_DWORD 0x1
DefaultRpcStackSize REG_DWORD 0x8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\HTTPFilter
CoInitializeSecurityParam REG_DWORD 0x1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService
CoInitializeSecurityParam REG_DWORD 0x1
AuthenticationCapabilities REG_DWORD 0x2000
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs
CoInitializeSecurityParam REG_DWORD 0x1
AuthenticationCapabilities REG_DWORD 0x3020
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\PCHealth
CoInitializeSecurityParam REG_DWORD 0x2
AuthenticationCapabilities REG_DWORD 0x40
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs
CoInitializeSecurityParam REG_DWORD 0x1
DefaultRpcStackSize REG_DWORD 0x8
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
netsvcs REG_MULTI_SZ 6to4\0AppMgmt\0AudioSrv\0Browser\0CryptSvc\0DMServer\0DHCP\0ERSvc\0EventSystem\0FastUserSwitchingCompatibility\0HidServ\0Ias\0Iprip\0Irmon\0LanmanServer\0Tech\0LanmanWorkstation\0Messenger\0Netman\0Nla\0Ntmssvc\0NWCWorkstation\0Nwsapagent\0Rasauto\0Rasman\0Remoteaccess\0Schedule\0Seclogon\0SENS\0Sharedaccess\0SRService\0Tapisrv\0Themes\0TrkWks\0W32Time\0WZCSVC\0Wmi\0WmdmPmSp\0winmgmt\0wscsvc\0xmlprov\0BITS\0wuauserv\0ShellHWDetection\0helpsvc\0WmdmPmSN\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\DComLaunch
CoInitializeSecurityParam REG_DWORD 0x1
DefaultRpcStackSize REG_DWORD 0x8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\HTTPFilter
CoInitializeSecurityParam REG_DWORD 0x1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService
CoInitializeSecurityParam REG_DWORD 0x1
AuthenticationCapabilities REG_DWORD 0x2000
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs
CoInitializeSecurityParam REG_DWORD 0x1
AuthenticationCapabilities REG_DWORD 0x3020
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\PCHealth
CoInitializeSecurityParam REG_DWORD 0x2
AuthenticationCapabilities REG_DWORD 0x40
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs
CoInitializeSecurityParam REG_DWORD 0x1
DefaultRpcStackSize REG_DWORD 0x8
en esperant que c est bien ca!!
merci pr ta patience lol
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
netsvcs REG_MULTI_SZ 6to4\0AppMgmt\0AudioSrv\0Browser\0CryptSvc\0DMServer\0DHCP\0ERSvc\0EventSystem\0FastUserSwitchingCompatibility\0HidServ\0Ias\0Iprip\0Irmon\0LanmanServer\0Tech\0LanmanWorkstation\0Messenger\0Netman\0Nla\0Ntmssvc\0NWCWorkstation\0Nwsapagent\0Rasauto\0Rasman\0Remoteaccess\0Schedule\0Seclogon\0SENS\0Sharedaccess\0SRService\0Tapisrv\0Themes\0TrkWks\0W32Time\0WZCSVC\0Wmi\0WmdmPmSp\0winmgmt\0wscsvc\0xmlprov\0BITS\0wuauserv\0ShellHWDetection\0helpsvc\0WmdmPmSN\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\DComLaunch
CoInitializeSecurityParam REG_DWORD 0x1
DefaultRpcStackSize REG_DWORD 0x8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\HTTPFilter
CoInitializeSecurityParam REG_DWORD 0x1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService
CoInitializeSecurityParam REG_DWORD 0x1
AuthenticationCapabilities REG_DWORD 0x2000
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs
CoInitializeSecurityParam REG_DWORD 0x1
AuthenticationCapabilities REG_DWORD 0x3020
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\PCHealth
CoInitializeSecurityParam REG_DWORD 0x2
AuthenticationCapabilities REG_DWORD 0x40
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs
CoInitializeSecurityParam REG_DWORD 0x1
DefaultRpcStackSize REG_DWORD 0x8
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
netsvcs REG_MULTI_SZ 6to4\0AppMgmt\0AudioSrv\0Browser\0CryptSvc\0DMServer\0DHCP\0ERSvc\0EventSystem\0FastUserSwitchingCompatibility\0HidServ\0Ias\0Iprip\0Irmon\0LanmanServer\0Tech\0LanmanWorkstation\0Messenger\0Netman\0Nla\0Ntmssvc\0NWCWorkstation\0Nwsapagent\0Rasauto\0Rasman\0Remoteaccess\0Schedule\0Seclogon\0SENS\0Sharedaccess\0SRService\0Tapisrv\0Themes\0TrkWks\0W32Time\0WZCSVC\0Wmi\0WmdmPmSp\0winmgmt\0wscsvc\0xmlprov\0BITS\0wuauserv\0ShellHWDetection\0helpsvc\0WmdmPmSN\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\DComLaunch
CoInitializeSecurityParam REG_DWORD 0x1
DefaultRpcStackSize REG_DWORD 0x8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\HTTPFilter
CoInitializeSecurityParam REG_DWORD 0x1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService
CoInitializeSecurityParam REG_DWORD 0x1
AuthenticationCapabilities REG_DWORD 0x2000
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs
CoInitializeSecurityParam REG_DWORD 0x1
AuthenticationCapabilities REG_DWORD 0x3020
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\PCHealth
CoInitializeSecurityParam REG_DWORD 0x2
AuthenticationCapabilities REG_DWORD 0x40
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs
CoInitializeSecurityParam REG_DWORD 0x1
DefaultRpcStackSize REG_DWORD 0x8
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
netsvcs REG_MULTI_SZ 6to4\0AppMgmt\0AudioSrv\0Browser\0CryptSvc\0DMServer\0DHCP\0ERSvc\0EventSystem\0FastUserSwitchingCompatibility\0HidServ\0Ias\0Iprip\0Irmon\0LanmanServer\0Tech\0LanmanWorkstation\0Messenger\0Netman\0Nla\0Ntmssvc\0NWCWorkstation\0Nwsapagent\0Rasauto\0Rasman\0Remoteaccess\0Schedule\0Seclogon\0SENS\0Sharedaccess\0SRService\0Tapisrv\0Themes\0TrkWks\0W32Time\0WZCSVC\0Wmi\0WmdmPmSp\0winmgmt\0wscsvc\0xmlprov\0BITS\0wuauserv\0ShellHWDetection\0helpsvc\0WmdmPmSN\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\DComLaunch
CoInitializeSecurityParam REG_DWORD 0x1
DefaultRpcStackSize REG_DWORD 0x8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\HTTPFilter
CoInitializeSecurityParam REG_DWORD 0x1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService
CoInitializeSecurityParam REG_DWORD 0x1
AuthenticationCapabilities REG_DWORD 0x2000
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs
CoInitializeSecurityParam REG_DWORD 0x1
AuthenticationCapabilities REG_DWORD 0x3020
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\PCHealth
CoInitializeSecurityParam REG_DWORD 0x2
AuthenticationCapabilities REG_DWORD 0x40
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs
CoInitializeSecurityParam REG_DWORD 0x1
DefaultRpcStackSize REG_DWORD 0x8
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
netsvcs REG_MULTI_SZ 6to4\0AppMgmt\0AudioSrv\0Browser\0CryptSvc\0DMServer\0DHCP\0ERSvc\0EventSystem\0FastUserSwitchingCompatibility\0HidServ\0Ias\0Iprip\0Irmon\0LanmanServer\0Tech\0LanmanWorkstation\0Messenger\0Netman\0Nla\0Ntmssvc\0NWCWorkstation\0Nwsapagent\0Rasauto\0Rasman\0Remoteaccess\0Schedule\0Seclogon\0SENS\0Sharedaccess\0SRService\0Tapisrv\0Themes\0TrkWks\0W32Time\0WZCSVC\0Wmi\0WmdmPmSp\0winmgmt\0wscsvc\0xmlprov\0BITS\0wuauserv\0ShellHWDetection\0helpsvc\0WmdmPmSN\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\DComLaunch
CoInitializeSecurityParam REG_DWORD 0x1
DefaultRpcStackSize REG_DWORD 0x8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\HTTPFilter
CoInitializeSecurityParam REG_DWORD 0x1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService
CoInitializeSecurityParam REG_DWORD 0x1
AuthenticationCapabilities REG_DWORD 0x2000
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs
CoInitializeSecurityParam REG_DWORD 0x1
AuthenticationCapabilities REG_DWORD 0x3020
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\PCHealth
CoInitializeSecurityParam REG_DWORD 0x2
AuthenticationCapabilities REG_DWORD 0x40
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs
CoInitializeSecurityParam REG_DWORD 0x1
DefaultRpcStackSize REG_DWORD 0x8
en esperant que c est bien ca!!
merci pr ta patience lol
