"your computer is infected" en fond d'écFermé

Question

Bonjour,j'ai chopé une saloperie sur mon pc, pour résumé, j'ai plus de fond d'écran, à la place j'ai un message en anglais avec un gros warning me disant que mon pc est infecté par un spyware, et m'invite à télécharger un logiciel....Voici mon scan HijackThis :Logfile of HijackThis v1.99.1Scan saved at 14:55:29, on 18/08/2005Platform: Windows 2000 SP4 (WinNT 5.00.2195)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINNT\System32\smss.exeC:\WINNT\system32\winlogon.exeC:\WINNT\system32\services.exeC:\WINNT\system32\lsass.exeC:\WINNT\system32\svchost.exeC:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exeC:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exeC:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exeC:\WINNT\system32\spoolsv.exeC:\WINNT\wined.exeC:\Program Files\Linksys\Bluetooth Utility\bin\btwdins.exeC:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exeC:\WINNT\System32\CTSvcCDA.exeC:\WINNT\System32\svchost.exeC:\Program Files\Norton Internet Security Professional\Norton AntiVirus
avapsvc.exeC:\Program Files\Norton Internet Security Professional\Norton AntiVirus\AdvTools\NPROTECT.EXEC:\WINNT\System32
vsvc32.exeC:\WINNT\system32\IoctlSvc.exeC:\WINNT\system32egsvc.exeC:\Program Files\Norton Internet Security Professional\Norton AntiVirus\SAVScan.exeC:\WINNT\system32\MSTask.exeC:\Program Files\Photodex\ProShowGold\ScsiAccess.exeC:\WINNT\system32\stisvc.exeC:\WINNT\System32\WBEM\WinMgmt.exeC:\WINNT\Explorer.EXEC:\WINNT\system32\svchost.exeC:\WINNT\System32\svchost.exeC:\Program Files\Creative\ShareDLL\CtNotify.exeC:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXEC:\Program Files\Fichiers communs\Symantec Shared\ccApp.exeC:\Program Files\Creative\ShareDLL\MediaDet.ExeC:\Program Files\Fichiers communs\Real\Update_OBealsched.exeC:\Program Files\USB 2.0 Flash Drive Utility\PLBkMon.exeC:\WINNT\system32\HotfixQ0306270.exeC:\Program Files\e-Carte Bleue\Banque Populaire\ECB-BP.exeC:\Program Files\oneclick\oneclick.exeC:\WINNT\system\lsass.exeC:\Program Files\WildTangent\Apps\CDA\GameDrvr.exeC:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exeC:\WINNT\system32\intell32.exeC:\WINNT\d3mk.exeC:\Program Files\Microsoft ActiveSync\WCESCOMM.EXEC:\Program Files\Linksys\Bluetooth Utility\BTTray.exeC:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exeC:\PROGRA~1\Linksys\BLUETO~1\BTSTAC~1.EXEC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\Documents and Settings\CHEVRAT1\Mes documents\LOGICIELS\ERADICATION VIRUS SEB ET VIRGINIE\hijackthis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\dnjxw.dll/sp.html#83556R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\dnjxw.dll/sp.html#83556R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.fr/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blankR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINNT\dnjxw.dll/sp.html#83556R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\dnjxw.dll/sp.html#83556R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\dnjxw.dll/sp.html#83556R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\dnjxw.dll/sp.html#83556R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\dnjxw.dll/sp.html#83556R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.tiscali.fr/R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = LiensR3 - Default URLSearchHook is missingO2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINNT\system32\BhoECart.dllO2 - BHO: Class - {6EBA9AD0-2D90-4818-02E7-E6B343E2B598} - C:\WINNT\system32
etcu.dll (file missing)O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\NavShExt.dllO3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocxO3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\NavShExt.dllO4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logonO4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exeO4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXEO4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security Professional\UrlLstCk.exeO4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~3\NORTON~1\AdvTools\ADVCHK.EXEO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initializeO4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exeO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osbootO4 - HKLM\..\Run: [Configuration Loader] msgfix.exeO4 - HKLM\..\Run: [Windows Fix] integator.exeO4 - HKLM\..\Run: [Microsoft Synchronization Manager] netservice.exeO4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /ConsumerO4 - HKLM\..\Run: [Secure Microsoft Windows] integitor.exeO4 - HKLM\..\Run: [Bdwqwqdss] C:\WINNT\SYSTEM32\asddp.exeO4 - HKLM\..\Run: [DfqwSfS] ffsqsd.exeO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exeO4 - HKLM\..\Run: [TSE_PLUtil] C:\Program Files\USB 2.0 Flash Drive Utility\PLBkMon.exeO4 - HKLM\..\Run: [PLFFAP] C:\WINNT\system32\HotfixQ0306270.exeO4 - HKLM\..\Run: [eCarteBleue-BP] "C:\Program Files\e-Carte Bleue\Banque Populaire\ECB-BP.exe"  /dontopenmycardsO4 - HKLM\..\Run: [OneClick] "C:\Program Files\oneclick\oneclick.exe"O4 - HKLM\..\Run: [hASHSx] C:\WINNT\SYSTEM32\idesej.exeO4 - HKLM\..\Run: [Awir] fiwihun.exeO4 - HKLM\..\Run: [lsass Service] C:\WINNT\system\lsass.exeO4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"O4 - HKLM\..\Run: [Micrsoft Driver] windriver32.exeO4 - HKLM\..\Run: [smc32 Configuration Loader] smc32.exeO4 - HKLM\..\Run: [javahw32.exe] C:\WINNT\system32\javahw32.exeO4 - HKLM\..\Run: [intell32.exe] C:\WINNT\system32\intell32.exeO4 - HKLM\..\Run: [d3mk.exe] C:\WINNT\d3mk.exeO4 - HKLM\..\RunServices: [Windows Fix] integator.exeO4 - HKLM\..\RunServices: [Microsoft Synchronization Manager] netservice.exeO4 - HKLM\..\RunServices: [Secure Microsoft Windows] integitor.exeO4 - HKLM\..\RunServices: [DfqwSfS] ffsqsd.exeO4 - HKLM\..\RunServices: [Awir] fiwihun.exeO4 - HKLM\..\RunServices: [Micrsoft Driver] windriver32.exeO4 - HKLM\..\RunServices: [smc32 Configuration Loader] smc32.exeO4 - HKCU\..\Run: [Configuration Loader] msgfix.exeO4 - HKCU\..\Run: [Windows Fix] integator.exeO4 - HKCU\..\Run: [Microsoft Synchronization Manager] netservice.exeO4 - HKCU\..\Run: [Secure Microsoft Windows] integitor.exeO4 - HKCU\..\Run: [DfqwSfS] ffsqsd.exeO4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"O4 - HKCU\..\Run: [Awir] fiwihun.exeO4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Global Startup: BTTray.lnk = C:\Program Files\Linksys\Bluetooth Utility\BTTray.exeO4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exeO8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htmO8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htmO8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.htmlO8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.htmlO8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Linksys\Bluetooth Utility\btsendto_ie_ctx.htmO8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.htmlO9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLLO9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLLO9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLLO9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmesfr.dllO9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmesfr.dllO9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exeO9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Linksys\Bluetooth Utility\btsendto_ie.htmO9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Linksys\Bluetooth Utility\btsendto_ie.htmO16 - DPF: Interface Chat Voila - http://chat14.x-echo.com/version5/Applet/vchatsign.cabO16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cabO16 - DPF: {01347765-1965-426B-91A4-AA6BB342B9A3} (InstallerObj Class) - http://videohd.m6.fr.ipercast.net/installer-hidden.cabO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cabO16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - http://register.tiscali.fr/configurateur/AccountHelper.cabO16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://193.108.55.52/activex/AxisCamControl.cabO16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{69DAD19A-0EEB-4C55-844E-D25BC2E7F93C}: NameServer = 213.36.80.1 213.36.80.1O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINNT\wined.exeO23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Linksys\Bluetooth Utility\bin\btwdins.exeO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exeO23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exeO23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exeO23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTSvcCDA.exeO23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exeO23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus
avapsvc.exeO23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\AdvTools\NPROTECT.EXEO23 - Service: Leadtek Driver Helper Service (nvsvc) - NVIDIA Corporation - C:\WINNT\System32
vsvc32.exeO23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINNT\system32\IoctlSvc.exeO23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\SAVScan.exeO23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exeO23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exeO23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exeO23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exeSi quelqu'un pouvait me renseigner pour remettre tout ca au clair.....Merci d'avance

sebsauvage · Answer

Avant tout hijackthis:http://sebsauvage.net/safehex.html

archfab · Answer

et bien tout le monde semble être dans la même galère....

sebsauvage · Answer

Est-ce que vous avez essayé avec les scanners en ligne ?

Utilisateur anonyme · Answer

Bonjour, Méthode a suivre dans l'ordre... ---------------------------------------------------------------------------- ¤Télécharge ces logiciels mais que tu n utilises pas tout de suite: 1/Spybot S&D 1.4 <exécuter->tape: services.msc Double-clique: Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) Règle-le sur "Arrêté" et "Désactivé". ---------------------------------------------------------------------------- ¤ Passe about buster autant de fois qu il trouve qq chose (5/10/15 fois si besoin) ---------------------------------------------------------------------------- ¤ Passe adaware et vire tous se qu il trouve ---------------------------------------------------------------------------- ¤ Passe spybot et vire tous se qu il trouve ---------------------------------------------------------------------------- > Tu vide ta poubelle et tu redémarre en mode normal et refait un Hijack Précise tes soucis si il en restes.... Tiens moi au courant a+

Utilisateur anonyme · Answer

Ravi pr toibon surfa+

dumarey · Answer

j'ai le meme problème je cherche une aide worldantispy s'instal tout seul Logfile of HijackThis v1.99.1Scan saved at 22:07:06, on 03/09/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32\drivers\CDAC11BA.EXEC:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exeC:\Program Files\ewido\security suite\ewidoctrl.exeC:\Program Files\ewido\security suite\ewidoguard.exeC:\WINDOWS\SYSTEM32\GEARSEC.EXEC:\WINDOWS\system32\IoctlSvc.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Java\jre1.5.0_04\bin\jusched.exeC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXEC:\Program Files\USB 2.0 Flash Drive Utility\PLBkMon.exeC:\WINDOWS\system32\HotfixQ0306270.exeC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\WINDOWS\system32\LVCOMSX.EXEC:\Program Files\Logitech\Video\LogiTray.exeC:\WINDOWS\SOUNDMAN.EXEC:\Program Files\Logitech\Video\FxSvr2.exeC:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exeC:\Program Files\Alwil Software\Avast4\ashMaiSv.exeC:\Program Files\Alwil Software\Avast4\ashWebSv.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXER1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.neuf.frR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neuf.fr/R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = LiensO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dllO2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dllO3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dllO4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exeO4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"O4 - HKLM\..\Run: [TSE_PLUtil] C:\Program Files\USB 2.0 Flash Drive Utility\PLBkMon.exeO4 - HKLM\..\Run: [PLFFAP] C:\WINDOWS\system32\HotfixQ0306270.exeO4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeO4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXEO4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exeO4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXEO4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -uO4 - HKCU\..\Run: [NBJ] "C:
ero 1\Nero BackItUp\NBJ.exe"O4 - HKCU\..\Run: [ItLauncherAutoStart] C:\PROGRA~1\INSTAN~1\bin\ITLAUN~1.EXE -Embedding /AutoStartO4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exeO8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.htmlO8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.htmlO8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.htmlO8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.htmlO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin
pjpi150_04.dllO9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin
pjpi150_04.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO10 - Broken Internet access because of LSP provider 'c:\program files
ewdotnet
ewdotnet6_38.dll' missingO12 - Plugin for .fpx: C:\Program Files\Internet Explorer\PLUGINS\NPRVRT32.dllO12 - Plugin for .ivr: C:\Program Files\Internet Explorer\PLUGINS\NPRVRT32.dllO16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cabO16 - DPF: {084DAC27-6FA3-4F55-9005-033F2F102F5C} (ITPPDiagIE Class) - http://data.jeuxclassiques.com/npwwg.cabO16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cabO16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cabO16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cabO16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cabO16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cabO16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://game19.zylomgames.com/activex/zylomloader.cabO16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cabO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exeO23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exeO23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXEO23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exeO23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exeO23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exeO23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\SYSTEM32\GEARSEC.EXEO23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exeO23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exeO23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:	une utilities\WinStylerThemeSvc.exemerci d'avance

Utilisateur anonyme · Answer

salut,tu penses avoir bcp d aide ainsi?SOIT PLUS POLI !! (ca donne pas envie de t aider tu sais)***Dans ajout/supp de programmesDesinstalle newdotnet si il s y trouve***Telecharge LspFix : http://translate.google.com/translate?hl=fr&sl=en&u=http://www.cexx.org/lspfix.htm&prev=/search%3Fq%3Dlspfix%26num%3D100%26hl%3Dfr%26lr%3D%26ie%3DUTF-8 http://www.cexx.org/LSPFix.exe  Tu le lances. Tu coches "I know what I'm doing" Tu fais passer dans "remove" tout ce qui a trait à newdotnet6_38.dll'  Et surtout rien d'autre! Tu cliques "finish »***Rend toi ici'c:\program files
ewdotnet(supprime le dossier et vide la poubelle)***Redemarre et remet un hijack thisA+

pouchke · Answer

bonsoir regisc quoi exactement "about buster stpmerci d'avance

Utilisateur anonyme · Answer

salut poushkej apprecie les personnes comme toi qui poses des questionsabout buster= Utilitaire écrit pour contrer le cas de détournement de page de démarrage IE de type Home Search Assistant - res://random.dll/index.html#randomnumber, res://random.dll/sp.html#randomnumber ou res://random.dll/random.Comme par exemple sur le 1er log, il permet de desinfecter ce genre d infection finissant par sp.htlmR0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\dnjxw.dll/sp.html#83556 a+

dudu · Answer

bonsoir mille excuses j'ecris pour la première fois sur un forum il y a une semaine que je cherche a retirer ce truc peux tu m'expliquer ce que sait j'ai toujours un point d'exclamation dans ma barre de tache je suis bien contente que tu es bien voulu m'aider encor merci je ferais attention a l'avenirLogfile of HijackThis v1.99.1Scan saved at 22:58:02, on 03/09/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\drivers\CDAC11BA.EXEC:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exeC:\Program Files\ewido\security suite\ewidoctrl.exeC:\Program Files\ewido\security suite\ewidoguard.exeC:\WINDOWS\SYSTEM32\GEARSEC.EXEC:\WINDOWS\system32\IoctlSvc.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Java\jre1.5.0_04\bin\jusched.exeC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXEC:\Program Files\USB 2.0 Flash Drive Utility\PLBkMon.exeC:\WINDOWS\system32\HotfixQ0306270.exeC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\WINDOWS\system32\LVCOMSX.EXEC:\Program Files\Logitech\Video\LogiTray.exeC:\WINDOWS\SOUNDMAN.EXEC:\Program Files\Logitech\Video\FxSvr2.exeC:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exeC:\Program Files\Alwil Software\Avast4\ashMaiSv.exeC:\Program Files\Alwil Software\Avast4\ashWebSv.exeC:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXEC:\WINDOWS\system32\wuauclt.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.neuf.frR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neuf.fr/R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = LiensO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dllO2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dllO3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dllO4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exeO4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"O4 - HKLM\..\Run: [TSE_PLUtil] C:\Program Files\USB 2.0 Flash Drive Utility\PLBkMon.exeO4 - HKLM\..\Run: [PLFFAP] C:\WINDOWS\system32\HotfixQ0306270.exeO4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeO4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXEO4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exeO4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXEO4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -uO4 - HKCU\..\Run: [NBJ] "C:
ero 1\Nero BackItUp\NBJ.exe"O4 - HKCU\..\Run: [ItLauncherAutoStart] C:\PROGRA~1\INSTAN~1\bin\ITLAUN~1.EXE -Embedding /AutoStartO4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exeO8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.htmlO8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.htmlO8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.htmlO8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.htmlO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin
pjpi150_04.dllO9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin
pjpi150_04.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO12 - Plugin for .fpx: C:\Program Files\Internet Explorer\PLUGINS\NPRVRT32.dllO12 - Plugin for .ivr: C:\Program Files\Internet Explorer\PLUGINS\NPRVRT32.dllO16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cabO16 - DPF: {084DAC27-6FA3-4F55-9005-033F2F102F5C} (ITPPDiagIE Class) - http://data.jeuxclassiques.com/npwwg.cabO16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cabO16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cabO16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cabO16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cabO16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cabO16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://game19.zylomgames.com/activex/zylomloader.cabO16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cabO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exeO23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exeO23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXEO23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exeO23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exeO23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exeO23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\SYSTEM32\GEARSEC.EXEO23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exeO23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exeO23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:	une utilities\WinStylerThemeSvc.exe

Utilisateur anonyme · Answer

coucoupas grave du tout loldis moi en plus sur ton soucis stp un triangle jaune avec un point d'exclamation apparait et lorsque tu pointe de ma souris il dit:" etat: connectivité limitée ou inexistante." ????A+

dudu · Answer

j'ai un rond rouge avec un point d'exclamation qui m'informe du message suivant:your computer is infected et qui instal worldantispy tout le temps je le desinstal et quand je me reconect il recommence c'est un vrai petit pot de colle

Utilisateur anonyme · Answer

re dudu (repond a ttes mes questions stp)telecharge cecihttp://siri.urz.free.fr/Fix/SmitfraudFix.zipchoisit l option 1 et copie/colle le rapport trouvé*Il y a un point d exclamation mais ton fond d ecran est normal?A+

dudu · Answer

la premiere fois j'ai eu un ecrant tout noir avec le meme message j'ai reussi a le suprimer dans les propriètèes de l'ecran voila je ne sait pas tres bien si c'est ça que tu voulaisSmitFraudFix v1.84Rapport fait à  0:05:29,17 le 04/09/2005Executé à partir de C:\Documents and Settings\dominique dumarey\Mes documents\utilitaires\Nouveau dossier\smit\SmitfraudFixOS: Microsoft Windows XP [version 5.1.2600]»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWSC:\WINDOWS	ool5.exe PRESENT !»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\system»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\Web»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\system32»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\system32\LogFiles»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\Documents and Settings\dominique dumarey\Application Data»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\Documents and Settings\dominique dumarey\Bureau»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\Program Files»»»»»»»»»»»»»»»»»»»»»»»» Recherche présence de la clé HKLM\SOFTWARE\SHUDDERLTDHKLM\SOFTWARE\SHUDDERLTD non trouvé.»»»»»»»»»»»»»»»»»»»»»»»» Fin du rapport

Utilisateur anonyme · Answer

re,relance le et choisit l option 2repond oui a tout et copie/colle le rapportet vérifie ceci: Démarrer > panneau de configuration > affichage clic sur l'onglet bureau clic sur personnalisation du bureau clic sur l'onglet Web supprime tout ce qui se trouve ici, sauf "Ma page d'acceuil" qui doit rester DECOCHE une fois fait, ca doit etre comme sur cette image: http://get.yourfile.net/ie52977.gif a+

dudu · Answer

voila le rapport:SmitFraudFix v1.84Rapport fait à  0:32:28,35 le 04/09/2005Executé à partir de C:\Documents and Settings\dominique dumarey\Mes documents\utilitaires\Nouveau dossier\aide de regis\SmitfraudFixOS: Microsoft Windows XP [version 5.1.2600]»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectésC:\WINDOWS	ool5.exe supprimé »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre Nettoyage terminé. »»»»»»»»»»»»»»»»»»»»»»»» Fin du rapportmon ecran est devenu tout bleu j'ai verifier ce que tu ma demande tout est ok je te remercie encore pour tout ce que tu faita+

Utilisateur anonyme · Answer

re duduremet un fond d ecran si c est pas fait...Tjr ce point d exclamation?a+

dudu · Answer

toujours là il ne me lache pas a+

Utilisateur anonyme · Answer

re,Telecharge Silentrunners http://www.silentrunners.org/Silent%20Runners.vbscopie/colle le rapporta+

valou62 · Answer

voilà je me suis inscrite mais dudu est deja pris alors maintenant c'est valou62"Silent Runners.vbs", revision 40.1, http://www.silentrunners.org/Operating System: Windows XP SP2Output limited to non-default values, except where indicated by "{++}"Startup items buried in registry:---------------------------------HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}"NBJ" = ""C:\nero 1\Nero BackItUp\NBJ.exe"" ["Ahead Software AG"]"ItLauncherAutoStart" = "C:\PROGRA~1\INSTAN~1\bin\ITLAUN~1.EXE -Embedding /AutoStart" ["Winwise"]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe" ["Sun Microsystems, Inc."]"EPSON Stylus CX3200" = "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"" ["SEIKO EPSON CORPORATION"]"TSE_PLUtil" = "C:\Program Files\USB 2.0 Flash Drive Utility\PLBkMon.exe" ["Taiwan Silicon Electronics Corp."]"PLFFAP" = "C:\WINDOWS\system32\HotfixQ0306270.exe" ["Prolific Technology Inc."]"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]"avast!" = "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [null data]"LVCOMSX" = "C:\WINDOWS\system32\LVCOMSX.EXE" ["Labtec Inc."]"LogitechVideoRepair" = "C:\Program Files\Logitech\Video\ISStart.exe " ["Labtec Inc."]"LogitechVideoTray" = "C:\Program Files\Logitech\Video\LogiTray.exe" ["Labtec Inc."]"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]"UserFaultCheck" = "C:\WINDOWS\system32\dumprep 0 -u" [MS]HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll" ["Safer Networking Limited"]{9394EDE7-C8B5-483E-8773-474BF36AF6E4}\(Default) = "ST" [from CLSID]  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll" [MS]{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = "Google Toolbar Helper" [from CLSID]  -> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\(Default) = "MSNToolBandBHO" [from CLSID]  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll" [MS]HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"  -> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]"{63542C48-9552-494A-84F7-73AA6A7C99C1}" = "OpenOffice Property Sheet Handler"  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\OpenOffice.org1.1.4\program\shlxthdl.dll" ["Sun Microsystems, Inc."]"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]"{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0}" = "TuneUp Shredder Shell Context Menu Extension"  -> {CLSID}\InProcServer32\(Default) = ""C:\tune utilities\sdshelex.dll"" ["TuneUp Software GmbH"]"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]"{400CFEE2-39D0-46DC-96DF-E0BB5A4324B3}" = "My Labtec Pictures"  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Logitech\Video\Namespc2.dll" ["Labtec Inc."]HKLM\Software\Classes\*\shellex\ContextMenuHandlers\7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}"  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\7-Zip\7-zipn.dll" ["Igor Pavlov"]avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]TuneUp Shredder\(Default) = "{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0}"  -> {CLSID}\InProcServer32\(Default) = ""C:\tune utilities\sdshelex.dll"" ["TuneUp Software GmbH"]WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}"  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\7-Zip\7-zipn.dll" ["Igor Pavlov"]TuneUp Shredder\(Default) = "{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0}"  -> {CLSID}\InProcServer32\(Default) = ""C:\tune utilities\sdshelex.dll"" ["TuneUp Software GmbH"]WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}"  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\7-Zip\7-zipn.dll" ["Igor Pavlov"]avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]Active Desktop and Wallpaper:-----------------------------Active Desktop is disabled at this entry:HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellStateHKCU\Control Panel\Desktop\"Wallpaper" = "C:\Documents and Settings\dominique dumarey\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"Enabled Screen Saver:---------------------HKCU\Control Panel\Desktop\"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]Startup items in "dominique dumarey" & "All Users" startup folders:-------------------------------------------------------------------C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage"Lancement rapide d'Adobe Reader" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]Enabled Scheduled Tasks:------------------------"Maintenance en 1 clic" -> launches: "C:\Program Files\TuneUp Utilities 2004\SystemOptimizer.exe /schedulestart" [file not found]Winsock2 Service Provider DLLs:-------------------------------Namespace Service ProvidersHKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]Transport Service ProvidersHKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 18%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05Toolbars, Explorer Bars, Extensions:------------------------------------ToolbarsHKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID]  -> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID]  -> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" = "MSN" [from CLSID]  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll" [MS]HKLM\Software\Microsoft\Internet Explorer\Toolbar\"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" = "0"  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll" [MS]"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID]  -> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]Extensions (Tools menu items, main toolbar menu buttons)HKLM\Software\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\"MenuText" = "Console Java (Sun)""CLSIDExtension" = "{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}"  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll" ["Sun Microsystems, Inc."]{FB5F1910-F110-11D2-BB9E-00C04F795683}\"ButtonText" = "Messenger""MenuText" = "Windows Messenger""Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]Miscellaneous IE Hijack Points------------------------------C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")Added lines (compared with English-language version):[Strings]: START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome[Strings]: SAFESITE_VALUE="http://home.microsoft.com/intl/fr/"Missing lines (compared with English-language version):[Strings]: 2 linesRunning Services (Display Name, Service Name, Path {Service DLL}):------------------------------------------------------------------avast! Antivirus, avast! Antivirus, ""C:\Program Files\Alwil Software\Avast4\ashServ.exe"" [null data]avast! iAVS4 Control Service, aswUpdSv, ""C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"" [null data]avast! Mail Scanner, avast! Mail Scanner, ""C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"]avast! Web Scanner, avast! Web Scanner, ""C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"]C-DillaCdaC11BA, C-DillaCdaC11BA, "C:\WINDOWS\system32\drivers\CDAC11BA.EXE" ["Macrovision"]EPSON Printer Status Agent2, EPSONStatusAgent2, "C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe" ["SEIKO EPSON CORPORATION"]GEARSecurity, GEARSecurity, "SYSTEM32\GEARSEC.EXE" ["GEAR Software"]PLFlash DeviceIoControl Service, PLFlash DeviceIoControl Service, "C:\WINDOWS\system32\IoctlSvc.exe" ["Prolific Technology Inc."]Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]----------+ This report excludes default entries except where indicated.+ To see *everywhere* the script checks and *everything* it finds,  launch it from a command prompt or a shortcut with the -all parameter.+ To search all directories of local fixed drives for DESKTOP.INI  DLL launch points and all Registry CLSIDs for dormant Explorer Bars,  use the -supp parameter or answer "No" at the first message box.---------- (total run time: 24 seconds, including 6 seconds for message boxes)a+

valou62 · Answer

voilà je me suis inscrite mais dudu est deja pris alors maintenant c'est valou62"Silent Runners.vbs", revision 40.1, http://www.silentrunners.org/Operating System: Windows XP SP2Output limited to non-default values, except where indicated by "{++}"Startup items buried in registry:---------------------------------HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}"NBJ" = ""C:\nero 1\Nero BackItUp\NBJ.exe"" ["Ahead Software AG"]"ItLauncherAutoStart" = "C:\PROGRA~1\INSTAN~1\bin\ITLAUN~1.EXE -Embedding /AutoStart" ["Winwise"]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe" ["Sun Microsystems, Inc."]"EPSON Stylus CX3200" = "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"" ["SEIKO EPSON CORPORATION"]"TSE_PLUtil" = "C:\Program Files\USB 2.0 Flash Drive Utility\PLBkMon.exe" ["Taiwan Silicon Electronics Corp."]"PLFFAP" = "C:\WINDOWS\system32\HotfixQ0306270.exe" ["Prolific Technology Inc."]"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]"avast!" = "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [null data]"LVCOMSX" = "C:\WINDOWS\system32\LVCOMSX.EXE" ["Labtec Inc."]"LogitechVideoRepair" = "C:\Program Files\Logitech\Video\ISStart.exe " ["Labtec Inc."]"LogitechVideoTray" = "C:\Program Files\Logitech\Video\LogiTray.exe" ["Labtec Inc."]"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]"UserFaultCheck" = "C:\WINDOWS\system32\dumprep 0 -u" [MS]HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll" ["Safer Networking Limited"]{9394EDE7-C8B5-483E-8773-474BF36AF6E4}\(Default) = "ST" [from CLSID]  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll" [MS]{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = "Google Toolbar Helper" [from CLSID]  -> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\(Default) = "MSNToolBandBHO" [from CLSID]  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll" [MS]HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"  -> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]"{63542C48-9552-494A-84F7-73AA6A7C99C1}" = "OpenOffice Property Sheet Handler"  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\OpenOffice.org1.1.4\program\shlxthdl.dll" ["Sun Microsystems, Inc."]"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]"{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0}" = "TuneUp Shredder Shell Context Menu Extension"  -> {CLSID}\InProcServer32\(Default) = ""C:\tune utilities\sdshelex.dll"" ["TuneUp Software GmbH"]"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]"{400CFEE2-39D0-46DC-96DF-E0BB5A4324B3}" = "My Labtec Pictures"  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Logitech\Video\Namespc2.dll" ["Labtec Inc."]HKLM\Software\Classes\*\shellex\ContextMenuHandlers\7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}"  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\7-Zip\7-zipn.dll" ["Igor Pavlov"]avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]TuneUp Shredder\(Default) = "{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0}"  -> {CLSID}\InProcServer32\(Default) = ""C:\tune utilities\sdshelex.dll"" ["TuneUp Software GmbH"]WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}"  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\7-Zip\7-zipn.dll" ["Igor Pavlov"]TuneUp Shredder\(Default) = "{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0}"  -> {CLSID}\InProcServer32\(Default) = ""C:\tune utilities\sdshelex.dll"" ["TuneUp Software GmbH"]WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}"  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\7-Zip\7-zipn.dll" ["Igor Pavlov"]avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]Active Desktop and Wallpaper:-----------------------------Active Desktop is disabled at this entry:HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellStateHKCU\Control Panel\Desktop\"Wallpaper" = "C:\Documents and Settings\dominique dumarey\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"Enabled Screen Saver:---------------------HKCU\Control Panel\Desktop\"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]Startup items in "dominique dumarey" & "All Users" startup folders:-------------------------------------------------------------------C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage"Lancement rapide d'Adobe Reader" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]Enabled Scheduled Tasks:------------------------"Maintenance en 1 clic" -> launches: "C:\Program Files\TuneUp Utilities 2004\SystemOptimizer.exe /schedulestart" [file not found]Winsock2 Service Provider DLLs:-------------------------------Namespace Service ProvidersHKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]Transport Service ProvidersHKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 18%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05Toolbars, Explorer Bars, Extensions:------------------------------------ToolbarsHKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID]  -> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID]  -> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" = "MSN" [from CLSID]  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll" [MS]HKLM\Software\Microsoft\Internet Explorer\Toolbar\"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" = "0"  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll" [MS]"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID]  -> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]Extensions (Tools menu items, main toolbar menu buttons)HKLM\Software\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\"MenuText" = "Console Java (Sun)""CLSIDExtension" = "{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}"  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll" ["Sun Microsystems, Inc."]{FB5F1910-F110-11D2-BB9E-00C04F795683}\"ButtonText" = "Messenger""MenuText" = "Windows Messenger""Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]Miscellaneous IE Hijack Points------------------------------C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")Added lines (compared with English-language version):[Strings]: START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome[Strings]: SAFESITE_VALUE="http://home.microsoft.com/intl/fr/"Missing lines (compared with English-language version):[Strings]: 2 linesRunning Services (Display Name, Service Name, Path {Service DLL}):------------------------------------------------------------------avast! Antivirus, avast! Antivirus, ""C:\Program Files\Alwil Software\Avast4\ashServ.exe"" [null data]avast! iAVS4 Control Service, aswUpdSv, ""C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"" [null data]avast! Mail Scanner, avast! Mail Scanner, ""C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"]avast! Web Scanner, avast! Web Scanner, ""C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"]C-DillaCdaC11BA, C-DillaCdaC11BA, "C:\WINDOWS\system32\drivers\CDAC11BA.EXE" ["Macrovision"]EPSON Printer Status Agent2, EPSONStatusAgent2, "C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe" ["SEIKO EPSON CORPORATION"]GEARSecurity, GEARSecurity, "SYSTEM32\GEARSEC.EXE" ["GEAR Software"]PLFlash DeviceIoControl Service, PLFlash DeviceIoControl Service, "C:\WINDOWS\system32\IoctlSvc.exe" ["Prolific Technology Inc."]Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]----------+ This report excludes default entries except where indicated.+ To see *everywhere* the script checks and *everything* it finds,  launch it from a command prompt or a shortcut with the -all parameter.+ To search all directories of local fixed drives for DESKTOP.INI  DLL launch points and all Registry CLSIDs for dormant Explorer Bars,  use the -supp parameter or answer "No" at the first message box.---------- (total run time: 24 seconds, including 6 seconds for message boxes)a+

valou62 · Answer

je ne sais pas pour toi mais moi la fatigue commence a peser si ça ne te derange pas on peut continuer plus tard jete remercie de tout  et je souhaites une bonne nuit slta+

Utilisateur anonyme · Answer

salutUne recherche de worldantispy avec regsearch: http://www.billsway.com/vbspage/vbsfiles/RegSrch.zip pour avoir la liste des clés a effacer. Execute le et colle le rapportA+

valou62 · Answer

salut voilà ce que tu as demande:SmitFraudFix v1.84Rapport fait à 14:53:29,59 le 04/09/2005Executé à partir de C:\Documents and Settings\dominique dumarey\Mes documents\utilitaires\Nouveau dossier\aide de regis\smit\SmitfraudFixOS: Microsoft Windows XP [version 5.1.2600]»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\system»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\Web»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\system32»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\system32\LogFiles»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\Documents and Settings\dominique dumarey\Application Data»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\Documents and Settings\dominique dumarey\Bureau»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\Program Files»»»»»»»»»»»»»»»»»»»»»»»» Recherche présence de la clé HKLM\SOFTWARE\SHUDDERLTDHKLM\SOFTWARE\SHUDDERLTD non trouvé.»»»»»»»»»»»»»»»»»»»»»»»» Fin du rapportmerci a+

Utilisateur anonyme · Answer

telecharge  cecihttp://www.billsway.com/vbspage/vbsfiles/RegSrch.ziptape worldantispy colle le rapportA+

valou62 · Answer

reREGEDIT4; RegSrch.vbs © Bill James; Registry search results for string "worldantispy" 04/09/2005 15:14:24; NOTE: This file will be deleted when you close WordPad.; You must manually save this file to a new location if you want to refer to it again later.; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com][HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Log][HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Log]"LogFilePath"="C:\Program Files\WorldAntiSpy\Log\was.log"[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor][HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor]"SnapshotFolder"="C:\Program Files\WorldAntiSpy\Monitor\Snapshot"[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Actions][HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Snapshot][HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options][HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\ConnectionSettings][HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\ConnectionSettings\checkboxes][HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\ConnectionSettings	extinputs][HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\IEShield][HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\IEShield\checkboxes][HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\IEShield\flags][HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\IEShield\strings][HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\IEShield	extinputs][HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\PCShield][HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\PCShield\checkboxes][HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\PCShield\flags][HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\PCShield\strings][HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\PCShield	extinputs][HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\Preferences][HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\Preferences\checkboxes][HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\Preferences\flags][HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\Preferences\strings][HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\Preferences	extinputs][HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\Scan][HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\Scan\checkboxes][HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\Scan\flags][HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\Scan\strings][HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\Scan	extinputs][HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\Update][HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\Update\checkboxes][HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\Update	extinputs][HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\UpdateOptions][HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\UpdateOptions\checkboxes][HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\UpdateOptions\flags][HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\UpdateOptions\strings][HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\UpdateOptions	extinputs][HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\WASOptions][HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\WASOptions\checkboxes][HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\WASOptions\flags][HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\WASOptions\strings][HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\WASOptions	extinputs][HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Quarantine][HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Quarantine]"QuarantineFolder"="C:\Program Files\WorldAntiSpy\Quarantine"[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Scanner][HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Scanner]"Base"="C:\Program Files\WorldAntiSpy\Scanner\Base\Base.dat"[HKEY_USERS\S-1-5-21-3495054330-809299238-1685927933-1005\Software\Microsoft\Search Assistant\ACMru\5603]"002"="worldantispy"a+

Utilisateur anonyme · Answer

ouvre le bloc note et copie colle ceci entre les etoiles ********** REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com] [HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Log]  [HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor] [HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Actions] [HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Snapshot] [HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options] [HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\ConnectionSettings] [HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\ConnectionSettings\checkboxes] [HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\ConnectionSettings	extinputs] [HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\IEShield] [HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\IEShield\checkboxes] [HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\IEShield\flags] [HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\IEShield\strings] [HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\IEShield	extinputs] [HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\PCShield] [HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\PCShield\checkboxes] [HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\PCShield\flags] [HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\PCShield\strings] [HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\PCShield	extinputs] [HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\Preferences] [HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\Preferences\checkboxes] [HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\Preferences\flags] [HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\Preferences\strings] [HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\Preferences	extinputs] [HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\Scan] [HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\Scan\checkboxes] [HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\Scan\flags] [HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\Scan\strings] [HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\Scan	extinputs] [HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\Update] [HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\Update\checkboxes] [HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\Update	extinputs] [HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\UpdateOptions] [HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\UpdateOptions\checkboxes] [HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\UpdateOptions\flags] [HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\UpdateOptions\strings] [HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\UpdateOptions	extinputs] [HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\WASOptions] [HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\WASOptions\checkboxes] [HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\WASOptions\flags] [HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\WASOptions\strings] [HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\WASOptions	extinputs] [HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Quarantine] [HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Scanner] [HKEY_USERS\S-1-5-21-3495054330-809299238-1685927933-1005\Software\Microsoft\Search Assistant\ACMru\5603] ************ enregistre le sur ton bureau et nomme le www.reg et dans la case en dessous type met sur tous fichiers la vas sur ton bureau et double clik sur se fichier que tu vient de faire et accepte la fusion avec le registre ensuite recherche et suppr ceci C:\Program Files\WorldAntiSpya+

valou62 · Answer

comment fais tu pour l'enregistrer sur le burreau? a+

Utilisateur anonyme · Answer

Quand tu es dans le bloc note, colle ceciREGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com] [HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Log] [HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor] [HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Actions] [HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Snapshot] [HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options] [HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\ConnectionSettings] [HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\ConnectionSettings\checkboxes] [HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\ConnectionSettings	extinputs] [HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\IEShield] [HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\IEShield\checkboxes] [HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\IEShield\flags] [HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\IEShield\strings] [HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\IEShield	extinputs] [HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\PCShield] [HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\PCShield\checkboxes] [HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\PCShield\flags] [HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\PCShield\strings] [HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\PCShield	extinputs] [HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\Preferences] [HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\Preferences\checkboxes] [HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\Preferences\flags] [HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\Preferences\strings] [HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\Preferences	extinputs] [HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\Scan] [HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\Scan\checkboxes] [HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\Scan\flags] [HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\Scan\strings] [HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\Scan	extinputs] [HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\Update] [HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\Update\checkboxes] [HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\Update	extinputs] [HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\UpdateOptions] [HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\UpdateOptions\checkboxes] [HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\UpdateOptions\flags] [HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\UpdateOptions\strings] [HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\UpdateOptions	extinputs] [HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\WASOptions] [HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\WASOptions\checkboxes] [HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\WASOptions\flags] [HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\WASOptions\strings] [HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\WASOptions	extinputs] [HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Quarantine] [HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Scanner] [HKEY_USERS\S-1-5-21-3495054330-809299238-1685927933-1005\Software\Microsoft\Search Assistant\ACMru\5603] ***Une fois fait, tu fais fichier et enregistrer sur ton bureau et nomme le www.reg et dans la case en dessous type met sur tous fichiers la vas sur ton bureau et double clik sur se fichier que tu vient de faire et accepte la fusion avec le registre ensuite recherche et suppr ceci C:\Program Files\WorldAntiSpy

valou62 · Answer

j'ai reussi mais dans c program files il n'y a pas worldantispy je l'avais deja suprime apres son installation et il n'y a plus riena+

Utilisateur anonyme · Answer

re,ou en sont tes soucis?a+

valou62 · Answer

j'ai toujour ce point d'exclamation a cote de l'heure mais je n'est plus aucun dossier worldantispy a suprimer dans program files il n'y a plus rien

Utilisateur anonyme · Answer

ok,donc l affaire worlanti spy est reglé?Ce point d exclamation, quand tu vas dessu (sans cliker) il marque quoi?Redemarre ton pc aussi*a+

valou62 · Answer

mon pc redemaré toujours le point d'exclation quand je vais dessus il est écrit your computer is infected!a+

Utilisateur anonyme · Answer

salutessai tout simplement de supprimer l icone lolRecommence la manip avec ce programmehttp://www.billsway.com/vbspage/vbsfiles/RegSrch.zip tape worldantispy colle le rapport A+

valou62 · Answer

slt comment enlever l'icon il se met dans la barre de tache a l'ouverture de windows meme en mode sans echec ?REGEDIT4; RegSrch.vbs © Bill James; Registry search results for string "worldantispy" 04/09/2005 17:28:57; NOTE: This file will be deleted when you close WordPad.; You must manually save this file to a new location if you want to refer to it again later.; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com][HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Log][HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Log]"LogFilePath"="C:\Program Files\WorldAntiSpy\Log\was.log"[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor][HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor]"SnapshotFolder"="C:\Program Files\WorldAntiSpy\Monitor\Snapshot"[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Actions][HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Snapshot][HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options][HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\ConnectionSettings][HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\ConnectionSettings\checkboxes][HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\ConnectionSettings	extinputs][HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\IEShield][HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\IEShield\checkboxes][HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\IEShield\flags][HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\IEShield\strings][HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\IEShield	extinputs][HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\PCShield][HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\PCShield\checkboxes][HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\PCShield\flags][HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\PCShield\strings][HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\PCShield	extinputs][HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\Preferences][HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\Preferences\checkboxes][HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\Preferences\flags][HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\Preferences\strings][HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\Preferences	extinputs][HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\Scan][HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\Scan\checkboxes][HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\Scan\flags][HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\Scan\strings][HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\Scan	extinputs][HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\Update][HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\Update\checkboxes][HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\Update	extinputs][HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\UpdateOptions][HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\UpdateOptions\checkboxes][HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\UpdateOptions\flags][HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\UpdateOptions\strings][HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\UpdateOptions	extinputs][HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\WASOptions][HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\WASOptions\checkboxes][HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\WASOptions\flags][HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\WASOptions\strings][HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\WASOptions	extinputs][HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Quarantine][HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Quarantine]"QuarantineFolder"="C:\Program Files\WorldAntiSpy\Quarantine"[HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Scanner][HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Scanner]"Base"="C:\Program Files\WorldAntiSpy\Scanner\Base\Base.dat"[HKEY_USERS\S-1-5-21-3495054330-809299238-1685927933-1005\Software\Microsoft\Search Assistant\ACMru\5603]"000"="worldantispy"[HKEY_USERS\S-1-5-21-3495054330-809299238-1685927933-1005\Software\Microsoft\Search Assistant\ACMru\5604]"000"="worldantispy"a+

balltrap34 · Answer

regis tu as un message

Utilisateur anonyme · Answer

(lol balltrap)On va tenter ceci------------------------------------------------------------ouvre le bloc note et copie colle ceci entre les etoiles (pas les etoiles, que ce qu il y a entre les 2)********** REGEDIT4 [-HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com]************ enregistre le sur ton bureau et nomme le xxx.reg et dans la case en dessous type met sur tous fichiers la vas sur ton bureau et double clik sur se fichier que tu vient de faire et accepte la fusion avec le registre ensuite recherche et suppr ceci C:\Program Files\WorldAntiSpy ***Une fois cela fait, redemarre ton pc***Recommence la manip avec ce programme http://www.billsway.com/vbspage/vbsfiles/RegSrch.zip tape worldantispy colle le rapport A+a+

valou62 · Answer

salut le point d'exclation est toujour làREGEDIT4; RegSrch.vbs © Bill James; Registry search results for string "worldantispy" 04/09/2005 19:32:37; NOTE: This file will be deleted when you close WordPad.; You must manually save this file to a new location if you want to refer to it again later.; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)[HKEY_USERS\S-1-5-21-3495054330-809299238-1685927933-1005\Software\Microsoft\Search Assistant\ACMru\5603]"000"="worldantispy"[HKEY_USERS\S-1-5-21-3495054330-809299238-1685927933-1005\Software\Microsoft\Search Assistant\ACMru\5604]"000"="worldantispy"a+

Utilisateur anonyme · Answer

re,juste une tite questionds ajout/supp de programme, y a  t il searsh assistant?a+

valou62 · Answer

slt nona+

Utilisateur anonyme · Answer

salutregarde dans ajout/suppression de programme si il y a un prog qui s'appelle: InternetUpdate si oui, desinstalle le a+

valou62 · Answer

non désoléea+

balltrap34 · Answer

salut pour ces deux clef refait un reg

******
REGEDIT4

[HKEY_USERS\S-1-5-21-3495054330-809299238-1685927933-1005\Software\Microsoft\Search Assistant\ACMru\5603]
"000"=-

[HKEY_USERS\S-1-5-21-3495054330-809299238-1685927933-1005\Software\Microsoft\Search Assistant\ACMru\5604]
"000"=-

********
enregistre le sur ton bureau et nomme le aaa.reg
et dans la case en dessous type met sur tous fichiers

la vas sur ton bureau et double clik sur se fichier que tu vient de faire et accepte la fusion avec le registre

valou62 · Answer

salut balltrap
j'ai fais ce que tu ma dit rien ne change toujours ce rond rouge qui ne me lache pas
REGEDIT4
; RegSrch.vbs © Bill James

; Registry search results for string "worldantispy" 04/09/2005 21:41:11

; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)

[HKEY_USERS\S-1-5-21-3495054330-809299238-1685927933-1005\Software\Microsoft\Search Assistant\ACMru\5603]
"001"="worldantispy"

[HKEY_USERS\S-1-5-21-3495054330-809299238-1685927933-1005\Software\Microsoft\Search Assistant\ACMru\5604]
"002"="worldantispy"
a+

balltrap34 · Answer

idem avec cest clef

[HKEY_USERS\S-1-5-21-3495054330-809299238-1685927933-1005\Software\Microsoft\Search Assistant\ACMru\5603]
"001"=-

[HKEY_USERS\S-1-5-21-3495054330-809299238-1685927933-1005\Software\Microsoft\Search Assistant\ACMru\5604]
"002"=-

ensuite refait la recherche pour voir si il se recrer avec d autres clef
il faudrat chercher celui qui regenere ceci

valou62 · Answer

slt
REGEDIT4
; RegSrch.vbs © Bill James

; Registry search results for string "worldantispy" 04/09/2005 22:40:05

; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)

[HKEY_USERS\S-1-5-21-3495054330-809299238-1685927933-1005\Software\Microsoft\Search Assistant\ACMru\5603]
"001"="worldantispy"

[HKEY_USERS\S-1-5-21-3495054330-809299238-1685927933-1005\Software\Microsoft\Search Assistant\ACMru\5604]
"002"="worldantispy"
a+

valou62 · Answer

redemarage mais sont revenus

balltrap34 · Answer

Téléchargez le RKFILES.ZIP d'ici :
http://skads.org/special/rkfiles.zip

Créez un nouveau dossier appelé c:RKFiles
Extrayez le contenu de RKFILES.ZIP dans ce nouveau dossier RKFILES.

Alors,

Redémarrez dans Mode sans echec

Ouvrez C:RKFiles dossier
double-cliquer RKFILES.BAT
attend qu il est fini
il vas crer un rapport donne moi le

Notez : Il devrait sauvegarder par défaut à C:\Log.txt
* Trouver ce journal, cliquez avec le bouton droit et renommez-le RKFiles_log.txt donc vous pouvez le poster.

valou62 · Answer

re voilà ce que tu as demandé
C:\Documents and Settings\dominique dumarey\Mes documents\utilitaires\Nouveau dossier\c RKFiles

PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, THERE MIGHT BE LEGIT FILES LISTED AND PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
Files Found in system Folder............
------------------------
C:\WINDOWS\system32\dvdaudio.ax: UPX!
C:\WINDOWS\system32\RLMPCDec.ax: UPX!
C:\WINDOWS\system32\Msvbvm60.dll: UPX!
C:\WINDOWS\system32\FraunhoferAudio.ax: UPX!
C:\WINDOWS\system32\FraunhoferVideo.ax: UPX!
C:\WINDOWS\system32\aswBoot.exe: UPX!t$
C:\WINDOWS\system32\dfrg.msc: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAwGpEc213
C:\WINDOWS\system32\DivX.dll: PEC2
C:\WINDOWS\system32\dfrg.msc: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAwGpEc213
C:\WINDOWS\system32\DivX.dll: PEC2

Files Found in all users startup Folder............
------------------------
C:\WINDOWS\system32\dvdaudio.ax: UPX!
C:\WINDOWS\system32\RLMPCDec.ax: UPX!
C:\WINDOWS\system32\Msvbvm60.dll: UPX!
C:\WINDOWS\system32\FraunhoferAudio.ax: UPX!
C:\WINDOWS\system32\FraunhoferVideo.ax: UPX!
C:\WINDOWS\system32\aswBoot.exe: UPX!t$
Files Found in all users windows Folder............
------------------------
Finished
bye
pour aujourd'hui je vais dormir demain boulot
merci a+

S!Ri · Answer

Salut,

Regarder ici:
http://www.commentcamarche.net/forum/affich-1741219-your-computer-is-infected#15

C'est une infection du fichier système wininet.dll qui semble être à l'origine de ce point d'exclamation.

a+

PS: merci d'envoyer le fichier wininet.dll infecté à cette adresse pour analyse: submitvirus@aim.com

balltrap34 · Answer

salut S!Ric est une cochonnerie de plus lier a smit???

S!Ri · Answer

Salut Balltrap.

Je ne sais pas si c'est lié a smitfraud. Mais on dirait que, comme lui, il utilise wininet.dll.
Une fois la dll infectée en mémoire, le point d'exclamation apparait.
On n'y vois aucun processus dans les O4 d'un HijackThis... la solution semblerait de remettre une version saine de wininet.dll

A creuser ... j'aimerai justement analyser ce wininet.dll infecté (Pour y trouver le nom d'une autre dll ou d'un process qui est responsable du point d'exclamation....)

a+

balltrap34 · Answer

okien esperent qu un des infecter veulle bien te l envoyer lol

S!Ri · Answer

lol, c'est pas gagné.

J'attendais de nouvelles version de smitfraud: cela faisait un moment qu'il n'y avait plus de nouveaux noms fichiers qui apparaissaient.

Ce qui est troublant/semblable, c'est l'icone du point d'exclamation comme PSGuard et l'infection du fichier systeme wininet.dll

On verra bien.
J'vais me coucher.
a++

balltrap34 · Answer

un gros doute sur les similitude ou un autre hac****a repris le truc pour faire le sien lolallez bonne nuit moi je bosse pas demain

valou62 · Answer

salut à tous comment trouver ce fichier?il y en a plusieurs et comment le remplacer d'apres la date d'infection j'en est un qui a etait modifier a la meme date esque se serai celui là?

balltrap34 · Answer

fait clik droit dessus et verifie la version si c est la meme ok

valou62 · Answer

re quelle version? là j'ai 6.0.2900.2713

balltrap34 · Answer

il faut que se soit la meme que c elle infecte

valou62 · Answer

re j'ai trouvé le meme numero de versioncomment je le remplace? je ne peut pas dire que je suis une pro en informatique merci

balltrap34 · Answer

tu passe par l explorateur et tu vas dans c/windows/systeme32et tu la met la

valou62 · Answer

j'ai fais ce que tu ma dit mais il me donne le message suivant impossible de déplacer wininet:un fichier portant ce nom existe déja que faire?

Utilisateur anonyme · Answer

salut tous les 2essaye ceci:1/Va dans C:\windows\system32, renomme wininet.dll en wininet.old2/Va dans le dossier qui contient celui de meme version:clic droit sur wininet.dll > Copier3/Reviens dans C:\WINDOWS\system32\clic droit dans un espace vide > Collerredemarre le pc et supprime wininet.old

balltrap34 · Answer

salutmoe c est vrai qua force de repeter j est tendance a raccoucir lol

Utilisateur anonyme · Answer

salut balltrapnouvelle variante on dirait ?

balltrap34 · Answer

salut moeoui je pense qu ont vas devoir rajouter worldantispy et se qui vas avec au fixS!Ri deciderat

valou62 · Answer

super! c'est dans la poche il a enfin disparu de ma barre de tache je vous remercies tous pour ce que vous faites c'est super sympas pouvez vous me confirmer que s'est fini maintenant que le sigle rouge est parti et que je peut retourner sur mon compte bancaire sans souci ?faut il l'envoyer a l'adresse ci dessus ?il est encore dans ma poubelle le wininet

balltrap34 · Answer

perso je te conseil de faire un scan iciScan bit defenderhttp://www.bitdefender.frclik sur scan on line a gauche et suis la procedure----------------

Utilisateur anonyme · Answer

oui, envoie le à s!riil a laissé l'adresse au post 53

"your computer is infected" en fond d'éc

70 réponses

Discussions similaires

Newsletters