Sujet Précédent Sujet Suivant

"your computer is infected" en fond d'éc

Fermé
Horus25 - 18 août 2005 à 15:00
 Utilisateur anonyme - 5 sept. 2005 à 22:41
Bonjour,

j'ai chopé une saloperie sur mon pc, pour résumé, j'ai plus de fond d'écran, à la place j'ai un message en anglais avec un gros warning me disant que mon pc est infecté par un spyware, et m'invite à télécharger un logiciel....

Voici mon scan HijackThis :

Logfile of HijackThis v1.99.1
Scan saved at 14:55:29, on 18/08/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\wined.exe
C:\Program Files\Linksys\Bluetooth Utility\bin\btwdins.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\WINNT\System32\CTSvcCDA.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\IoctlSvc.exe
C:\WINNT\system32\regsvc.exe
C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\SAVScan.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\USB 2.0 Flash Drive Utility\PLBkMon.exe
C:\WINNT\system32\HotfixQ0306270.exe
C:\Program Files\e-Carte Bleue\Banque Populaire\ECB-BP.exe
C:\Program Files\oneclick\oneclick.exe
C:\WINNT\system\lsass.exe
C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe
C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
C:\WINNT\system32\intell32.exe
C:\WINNT\d3mk.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Linksys\Bluetooth Utility\BTTray.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\PROGRA~1\Linksys\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\CHEVRAT1\Mes documents\LOGICIELS\ERADICATION VIRUS SEB ET VIRGINIE\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\dnjxw.dll/sp.html#83556
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\dnjxw.dll/sp.html#83556
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINNT\dnjxw.dll/sp.html#83556
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\dnjxw.dll/sp.html#83556
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\dnjxw.dll/sp.html#83556
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\dnjxw.dll/sp.html#83556
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\dnjxw.dll/sp.html#83556
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.tiscali.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINNT\system32\BhoECart.dll
O2 - BHO: Class - {6EBA9AD0-2D90-4818-02E7-E6B343E2B598} - C:\WINNT\system32\netcu.dll (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security Professional\UrlLstCk.exe
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~3\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Configuration Loader] msgfix.exe
O4 - HKLM\..\Run: [Windows Fix] integator.exe
O4 - HKLM\..\Run: [Microsoft Synchronization Manager] netservice.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Secure Microsoft Windows] integitor.exe
O4 - HKLM\..\Run: [Bdwqwqdss] C:\WINNT\SYSTEM32\asddp.exe
O4 - HKLM\..\Run: [DfqwSfS] ffsqsd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TSE_PLUtil] C:\Program Files\USB 2.0 Flash Drive Utility\PLBkMon.exe
O4 - HKLM\..\Run: [PLFFAP] C:\WINNT\system32\HotfixQ0306270.exe
O4 - HKLM\..\Run: [eCarteBleue-BP] "C:\Program Files\e-Carte Bleue\Banque Populaire\ECB-BP.exe" /dontopenmycards
O4 - HKLM\..\Run: [OneClick] "C:\Program Files\oneclick\oneclick.exe"
O4 - HKLM\..\Run: [hASHSx] C:\WINNT\SYSTEM32\idesej.exe
O4 - HKLM\..\Run: [Awir] fiwihun.exe
O4 - HKLM\..\Run: [lsass Service] C:\WINNT\system\lsass.exe
O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
O4 - HKLM\..\Run: [Micrsoft Driver] windriver32.exe
O4 - HKLM\..\Run: [smc32 Configuration Loader] smc32.exe
O4 - HKLM\..\Run: [javahw32.exe] C:\WINNT\system32\javahw32.exe
O4 - HKLM\..\Run: [intell32.exe] C:\WINNT\system32\intell32.exe
O4 - HKLM\..\Run: [d3mk.exe] C:\WINNT\d3mk.exe
O4 - HKLM\..\RunServices: [Windows Fix] integator.exe
O4 - HKLM\..\RunServices: [Microsoft Synchronization Manager] netservice.exe
O4 - HKLM\..\RunServices: [Secure Microsoft Windows] integitor.exe
O4 - HKLM\..\RunServices: [DfqwSfS] ffsqsd.exe
O4 - HKLM\..\RunServices: [Awir] fiwihun.exe
O4 - HKLM\..\RunServices: [Micrsoft Driver] windriver32.exe
O4 - HKLM\..\RunServices: [smc32 Configuration Loader] smc32.exe
O4 - HKCU\..\Run: [Configuration Loader] msgfix.exe
O4 - HKCU\..\Run: [Windows Fix] integator.exe
O4 - HKCU\..\Run: [Microsoft Synchronization Manager] netservice.exe
O4 - HKCU\..\Run: [Secure Microsoft Windows] integitor.exe
O4 - HKCU\..\Run: [DfqwSfS] ffsqsd.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Awir] fiwihun.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = C:\Program Files\Linksys\Bluetooth Utility\BTTray.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Linksys\Bluetooth Utility\btsendto_ie_ctx.htm
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmesfr.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmesfr.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Linksys\Bluetooth Utility\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Linksys\Bluetooth Utility\btsendto_ie.htm
O16 - DPF: Interface Chat Voila - http://chat14.x-echo.com/version5/Applet/vchatsign.cab
O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cab
O16 - DPF: {01347765-1965-426B-91A4-AA6BB342B9A3} (InstallerObj Class) - http://videohd.m6.fr.ipercast.net/installer-hidden.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - http://register.tiscali.fr/configurateur/AccountHelper.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://193.108.55.52/activex/AxisCamControl.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{69DAD19A-0EEB-4C55-844E-D25BC2E7F93C}: NameServer = 213.36.80.1 213.36.80.1
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINNT\wined.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Linksys\Bluetooth Utility\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTSvcCDA.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: Leadtek Driver Helper Service (nvsvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINNT\system32\IoctlSvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe

Si quelqu'un pouvait me renseigner pour remettre tout ca au clair.....

Merci d'avance

70 réponses

Précédent
Réponse 21 / 70
valou62 Messages postés 22 Date d'inscription dimanche 4 septembre 2005 Statut Membre Dernière intervention 5 septembre 2005
4 sept. 2005 à 01:09
voilà je me suis inscrite mais dudu est deja pris alors maintenant c'est valou62
"Silent Runners.vbs", revision 40.1, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"NBJ" = ""C:\nero 1\Nero BackItUp\NBJ.exe"" ["Ahead Software AG"]
"ItLauncherAutoStart" = "C:\PROGRA~1\INSTAN~1\bin\ITLAUN~1.EXE -Embedding /AutoStart" ["Winwise"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe" ["Sun Microsystems, Inc."]
"EPSON Stylus CX3200" = "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"" ["SEIKO EPSON CORPORATION"]
"TSE_PLUtil" = "C:\Program Files\USB 2.0 Flash Drive Utility\PLBkMon.exe" ["Taiwan Silicon Electronics Corp."]
"PLFFAP" = "C:\WINDOWS\system32\HotfixQ0306270.exe" ["Prolific Technology Inc."]
"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"avast!" = "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [null data]
"LVCOMSX" = "C:\WINDOWS\system32\LVCOMSX.EXE" ["Labtec Inc."]
"LogitechVideoRepair" = "C:\Program Files\Logitech\Video\ISStart.exe " ["Labtec Inc."]
"LogitechVideoTray" = "C:\Program Files\Logitech\Video\LogiTray.exe" ["Labtec Inc."]
"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
"UserFaultCheck" = "C:\WINDOWS\system32\dumprep 0 -u" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll" ["Safer Networking Limited"]
{9394EDE7-C8B5-483E-8773-474BF36AF6E4}\(Default) = "ST" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll" [MS]
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = "Google Toolbar Helper" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\(Default) = "MSNToolBandBHO" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"
-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{63542C48-9552-494A-84F7-73AA6A7C99C1}" = "OpenOffice Property Sheet Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\OpenOffice.org1.1.4\program\shlxthdl.dll" ["Sun Microsystems, Inc."]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0}" = "TuneUp Shredder Shell Context Menu Extension"
-> {CLSID}\InProcServer32\(Default) = ""C:\tune utilities\sdshelex.dll"" ["TuneUp Software GmbH"]
"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
"{400CFEE2-39D0-46DC-96DF-E0BB5A4324B3}" = "My Labtec Pictures"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Logitech\Video\Namespc2.dll" ["Labtec Inc."]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\7-Zip\7-zipn.dll" ["Igor Pavlov"]
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
TuneUp Shredder\(Default) = "{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0}"
-> {CLSID}\InProcServer32\(Default) = ""C:\tune utilities\sdshelex.dll"" ["TuneUp Software GmbH"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\7-Zip\7-zipn.dll" ["Igor Pavlov"]
TuneUp Shredder\(Default) = "{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0}"
-> {CLSID}\InProcServer32\(Default) = ""C:\tune utilities\sdshelex.dll"" ["TuneUp Software GmbH"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\7-Zip\7-zipn.dll" ["Igor Pavlov"]
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


Active Desktop and Wallpaper:
-----------------------------

Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\dominique dumarey\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]


Startup items in "dominique dumarey" & "All Users" startup folders:
-------------------------------------------------------------------

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
"Lancement rapide d'Adobe Reader" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]


Enabled Scheduled Tasks:
------------------------

"Maintenance en 1 clic" -> launches: "C:\Program Files\TuneUp Utilities 2004\SystemOptimizer.exe /schedulestart" [file not found]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 18
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]

"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" = "MSN" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll" [MS]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" = "0"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll" [MS]

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Console Java (Sun)"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll" ["Sun Microsystems, Inc."]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]


Miscellaneous IE Hijack Points
------------------------------

C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")

Added lines (compared with English-language version):
[Strings]: START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
[Strings]: SAFESITE_VALUE="http://home.microsoft.com/intl/fr/"

Missing lines (compared with English-language version):
[Strings]: 2 lines


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

avast! Antivirus, avast! Antivirus, ""C:\Program Files\Alwil Software\Avast4\ashServ.exe"" [null data]
avast! iAVS4 Control Service, aswUpdSv, ""C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"" [null data]
avast! Mail Scanner, avast! Mail Scanner, ""C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"]
avast! Web Scanner, avast! Web Scanner, ""C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"]
C-DillaCdaC11BA, C-DillaCdaC11BA, "C:\WINDOWS\system32\drivers\CDAC11BA.EXE" ["Macrovision"]
EPSON Printer Status Agent2, EPSONStatusAgent2, "C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe" ["SEIKO EPSON CORPORATION"]
GEARSecurity, GEARSecurity, "SYSTEM32\GEARSEC.EXE" ["GEAR Software"]
PLFlash DeviceIoControl Service, PLFlash DeviceIoControl Service, "C:\WINDOWS\system32\IoctlSvc.exe" ["Prolific Technology Inc."]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]


----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the -supp parameter or answer "No" at the first message box.
---------- (total run time: 24 seconds, including 6 seconds for message boxes)
a+
0
Réponse 22 / 70
valou62 Messages postés 22 Date d'inscription dimanche 4 septembre 2005 Statut Membre Dernière intervention 5 septembre 2005
4 sept. 2005 à 01:37
je ne sais pas pour toi mais moi la fatigue commence a peser si ça ne te derange pas on peut continuer plus tard jete remercie de tout et je souhaites une bonne nuit slt
a+
0
Réponse 23 / 70
Utilisateur anonyme
4 sept. 2005 à 13:39
salut
Une recherche de worldantispy avec regsearch:
http://www.billsway.com/vbspage/vbsfiles/RegSrch.zip
pour avoir la liste des clés a effacer.
Execute le et colle le rapport

A+
0
Réponse 24 / 70
valou62 Messages postés 22 Date d'inscription dimanche 4 septembre 2005 Statut Membre Dernière intervention 5 septembre 2005
4 sept. 2005 à 15:00
salut
voilà ce que tu as demande:
SmitFraudFix v1.84

Rapport fait à 14:53:29,59 le 04/09/2005
Executé à partir de C:\Documents and Settings\dominique dumarey\Mes documents\utilitaires\Nouveau dossier\aide de regis\smit\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600]

»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\


»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\Documents and Settings\dominique dumarey\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\Documents and Settings\dominique dumarey\Bureau


»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Recherche présence de la clé HKLM\SOFTWARE\SHUDDERLTD

HKLM\SOFTWARE\SHUDDERLTD non trouvé.

»»»»»»»»»»»»»»»»»»»»»»»» Fin du rapport

merci a+
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 70
Utilisateur anonyme
4 sept. 2005 à 15:14
telecharge ceci
http://www.billsway.com/vbspage/vbsfiles/RegSrch.zip
tape worldantispy
colle le rapport

A+
0
Réponse 26 / 70
valou62 Messages postés 22 Date d'inscription dimanche 4 septembre 2005 Statut Membre Dernière intervention 5 septembre 2005
4 sept. 2005 à 15:20
re
REGEDIT4
; RegSrch.vbs © Bill James

; Registry search results for string "worldantispy" 04/09/2005 15:14:24

; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)


[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Log]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Log]
"LogFilePath"="C:\\Program Files\\WorldAntiSpy\\Log\\was.log"

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor]
"SnapshotFolder"="C:\\Program Files\\WorldAntiSpy\\Monitor\\Snapshot"

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Actions]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Snapshot]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\ConnectionSettings]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\ConnectionSettings\checkboxes]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\ConnectionSettings\textinputs]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\IEShield]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\IEShield\checkboxes]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\IEShield\flags]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\IEShield\strings]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\IEShield\textinputs]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\PCShield]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\PCShield\checkboxes]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\PCShield\flags]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\PCShield\strings]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\PCShield\textinputs]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\Preferences]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\Preferences\checkboxes]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\Preferences\flags]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\Preferences\strings]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\Preferences\textinputs]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\Scan]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\Scan\checkboxes]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\Scan\flags]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\Scan\strings]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\Scan\textinputs]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\Update]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\Update\checkboxes]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\Update\textinputs]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\UpdateOptions]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\UpdateOptions\checkboxes]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\UpdateOptions\flags]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\UpdateOptions\strings]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\UpdateOptions\textinputs]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\WASOptions]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\WASOptions\checkboxes]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\WASOptions\flags]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\WASOptions\strings]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\WASOptions\textinputs]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Quarantine]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Quarantine]
"QuarantineFolder"="C:\\Program Files\\WorldAntiSpy\\Quarantine"

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Scanner]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Scanner]
"Base"="C:\\Program Files\\WorldAntiSpy\\Scanner\\Base\\Base.dat"

[HKEY_USERS\S-1-5-21-3495054330-809299238-1685927933-1005\Software\Microsoft\Search Assistant\ACMru\5603]
"002"="worldantispy"
a+
0
Réponse 27 / 70
Utilisateur anonyme
4 sept. 2005 à 15:37
ouvre le bloc note et copie colle ceci entre les etoiles
**********
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Log]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Actions]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Snapshot]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\ConnectionSettings]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\ConnectionSettings\checkboxes]
[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\ConnectionSettings\textinputs]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\IEShield]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\IEShield\checkboxes]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\IEShield\flags]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\IEShield\strings]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\IEShield\textinputs]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\PCShield]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\PCShield\checkboxes]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\PCShield\flags]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\PCShield\strings]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\PCShield\textinputs]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\Preferences]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\Preferences\checkboxes]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\Preferences\flags]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\Preferences\strings]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\Preferences\textinputs]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\Scan]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\Scan\checkboxes]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\Scan\flags]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\Scan\strings]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\Scan\textinputs]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\Update]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\Update\checkboxes]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\Update\textinputs]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\UpdateOptions]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\UpdateOptions\checkboxes]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\UpdateOptions\flags]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\UpdateOptions\strings]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\UpdateOptions\textinputs]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\WASOptions]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\WASOptions\checkboxes]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\WASOptions\flags]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\WASOptions\strings]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\WASOptions\textinputs]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Quarantine]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Scanner]

[HKEY_USERS\S-1-5-21-3495054330-809299238-1685927933-1005\Software\Microsoft\Search Assistant\ACMru\5603]

************
enregistre le sur ton bureau et nomme le www.reg
et dans la case en dessous type met sur tous fichiers

la vas sur ton bureau et double clik sur se fichier que tu vient de faire et accepte la fusion avec le registre

ensuite recherche et suppr ceci
C:\\Program Files\\WorldAntiSpy

a+
0
Réponse 28 / 70
valou62 Messages postés 22 Date d'inscription dimanche 4 septembre 2005 Statut Membre Dernière intervention 5 septembre 2005
4 sept. 2005 à 16:00
comment fais tu pour l'enregistrer sur le burreau?
a+
0
Réponse 29 / 70
Utilisateur anonyme
4 sept. 2005 à 16:03
Quand tu es dans le bloc note, colle ceci
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Log]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Actions]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Snapshot]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\ConnectionSettings]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\ConnectionSettings\checkboxes]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\ConnectionSettings\textinputs]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\IEShield]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\IEShield\checkboxes]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\IEShield\flags]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\IEShield\strings]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\IEShield\textinputs]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\PCShield]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\PCShield\checkboxes]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\PCShield\flags]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\PCShield\strings]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\PCShield\textinputs]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\Preferences]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\Preferences\checkboxes]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\Preferences\flags]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\Preferences\strings]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\Preferences\textinputs]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\Scan]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\Scan\checkboxes]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\Scan\flags]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\Scan\strings]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\Scan\textinputs]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\Update]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\Update\checkboxes]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\Update\textinputs]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\UpdateOptions]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\UpdateOptions\checkboxes]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\UpdateOptions\flags]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\UpdateOptions\strings]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\UpdateOptions\textinputs]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\WASOptions]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\WASOptions\checkboxes]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\WASOptions\flags]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\WASOptions\strings]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\WASOptions\textinputs]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Quarantine]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Scanner]

[HKEY_USERS\S-1-5-21-3495054330-809299238-1685927933-1005\Software\Microsoft\Search Assistant\ACMru\5603]


***
Une fois fait, tu fais fichier et enregistrer sur ton bureau et nomme le www.reg
et dans la case en dessous type met sur tous fichiers

la vas sur ton bureau et double clik sur se fichier que tu vient de faire et accepte la fusion avec le registre

ensuite recherche et suppr ceci
C:\\Program Files\\WorldAntiSpy
0
Réponse 30 / 70
valou62 Messages postés 22 Date d'inscription dimanche 4 septembre 2005 Statut Membre Dernière intervention 5 septembre 2005
4 sept. 2005 à 16:20
j'ai reussi mais dans c program files il n'y a pas worldantispy je l'avais deja suprime apres son installation et il n'y a plus rien
a+
0
Réponse 31 / 70
Utilisateur anonyme
4 sept. 2005 à 16:34
re,
ou en sont tes soucis?

a+
0
Réponse 32 / 70
valou62 Messages postés 22 Date d'inscription dimanche 4 septembre 2005 Statut Membre Dernière intervention 5 septembre 2005
4 sept. 2005 à 16:44
j'ai toujour ce point d'exclamation a cote de l'heure mais je n'est plus aucun dossier worldantispy a suprimer dans program files il n'y a plus rien
0
Réponse 33 / 70
Utilisateur anonyme
4 sept. 2005 à 16:54
ok,
donc l affaire worlanti spy est reglé?
Ce point d exclamation, quand tu vas dessu (sans cliker) il marque quoi?

Redemarre ton pc aussi*

a+
0
Réponse 34 / 70
valou62 Messages postés 22 Date d'inscription dimanche 4 septembre 2005 Statut Membre Dernière intervention 5 septembre 2005
4 sept. 2005 à 17:03
mon pc redemaré toujours le point d'exclation
quand je vais dessus il est écrit your computer is infected!
a+
0
Réponse 35 / 70
Utilisateur anonyme
4 sept. 2005 à 17:28
salut
essai tout simplement de supprimer l icone lol
Recommence la manip avec ce programme
http://www.billsway.com/vbspage/vbsfiles/RegSrch.zip
tape worldantispy
colle le rapport

A+
0
Réponse 36 / 70
valou62 Messages postés 22 Date d'inscription dimanche 4 septembre 2005 Statut Membre Dernière intervention 5 septembre 2005
4 sept. 2005 à 17:37
slt comment enlever l'icon il se met dans la barre de tache a l'ouverture de windows meme en mode sans echec ?
REGEDIT4
; RegSrch.vbs © Bill James

; Registry search results for string "worldantispy" 04/09/2005 17:28:57

; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)


[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Log]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Log]
"LogFilePath"="C:\\Program Files\\WorldAntiSpy\\Log\\was.log"

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor]
"SnapshotFolder"="C:\\Program Files\\WorldAntiSpy\\Monitor\\Snapshot"

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Actions]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Snapshot]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\ConnectionSettings]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\ConnectionSettings\checkboxes]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\ConnectionSettings\textinputs]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\IEShield]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\IEShield\checkboxes]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\IEShield\flags]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\IEShield\strings]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\IEShield\textinputs]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\PCShield]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\PCShield\checkboxes]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\PCShield\flags]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\PCShield\strings]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\PCShield\textinputs]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\Preferences]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\Preferences\checkboxes]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\Preferences\flags]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\Preferences\strings]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\Preferences\textinputs]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\Scan]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\Scan\checkboxes]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\Scan\flags]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\Scan\strings]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\Scan\textinputs]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\Update]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\Update\checkboxes]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\Update\textinputs]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\UpdateOptions]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\UpdateOptions\checkboxes]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\UpdateOptions\flags]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\UpdateOptions\strings]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\UpdateOptions\textinputs]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\WASOptions]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\WASOptions\checkboxes]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\WASOptions\flags]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\WASOptions\strings]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\WASOptions\textinputs]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Quarantine]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Quarantine]
"QuarantineFolder"="C:\\Program Files\\WorldAntiSpy\\Quarantine"

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Scanner]

[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Scanner]
"Base"="C:\\Program Files\\WorldAntiSpy\\Scanner\\Base\\Base.dat"

[HKEY_USERS\S-1-5-21-3495054330-809299238-1685927933-1005\Software\Microsoft\Search Assistant\ACMru\5603]
"000"="worldantispy"

[HKEY_USERS\S-1-5-21-3495054330-809299238-1685927933-1005\Software\Microsoft\Search Assistant\ACMru\5604]
"000"="worldantispy"
a+
0
Réponse 37 / 70
balltrap34 Messages postés 16240 Date d'inscription jeudi 8 janvier 2004 Statut Contributeur sécurité Dernière intervention 28 novembre 2009 331
4 sept. 2005 à 18:57
regis tu as un message
0
Réponse 38 / 70
Utilisateur anonyme
4 sept. 2005 à 19:10
(lol balltrap)

On va tenter ceci
------------------------------------------------------------

ouvre le bloc note et copie colle ceci entre les etoiles (pas les etoiles, que ce qu il y a entre les 2)

**********
REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com]

************
enregistre le sur ton bureau et nomme le xxx.reg
et dans la case en dessous type met sur tous fichiers

la vas sur ton bureau et double clik sur se fichier que tu vient de faire et accepte la fusion avec le registre

ensuite recherche et suppr ceci
C:\\Program Files\\WorldAntiSpy

***
Une fois cela fait, redemarre ton pc

***
Recommence la manip avec ce programme
http://www.billsway.com/vbspage/vbsfiles/RegSrch.zip
tape worldantispy
colle le rapport

A+


a+
0
Réponse 39 / 70
valou62 Messages postés 22 Date d'inscription dimanche 4 septembre 2005 Statut Membre Dernière intervention 5 septembre 2005
4 sept. 2005 à 19:39
salut
le point d'exclation est toujour là
REGEDIT4
; RegSrch.vbs © Bill James

; Registry search results for string "worldantispy" 04/09/2005 19:32:37

; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)


[HKEY_USERS\S-1-5-21-3495054330-809299238-1685927933-1005\Software\Microsoft\Search Assistant\ACMru\5603]
"000"="worldantispy"

[HKEY_USERS\S-1-5-21-3495054330-809299238-1685927933-1005\Software\Microsoft\Search Assistant\ACMru\5604]
"000"="worldantispy"
a+
0
Réponse 40 / 70
Utilisateur anonyme
4 sept. 2005 à 21:07
re,
juste une tite question
ds ajout/supp de programme, y a t il searsh assistant?

a+
0

Discussions similaires

Spam SMS : your messenger vérification code is ***
Metheor -
Radinoz -

1 réponse
Problème démarrage hard disk
lolo93 -
chgon -

29 réponses
Fond d'écran rogné et zoomé
DeeJay-TheBot -
DeeJay-TheBot -

2 réponses
Comment résoudre "The requested URL was rejected"
Cguya -
jeannets -

3 réponses
Sms étranges "... is your instagram code"
Anon_4067 -
lablg23 -

5 réponses