balltrap/moeFermé

Question

Je cherche un prog que moe a utiliser pour supprimer une adresse de ce styleR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.pfvxyldiabhxfgxjeo.com/5KQW0ewB4MGfsjeOIRlksBz09FVOGto1p9jOQHk9pHrPo06OPjRWHXBBynCNm9qKJe me souviens que moe avait utiliser un prog qui permettait de virer cela !****Ensuite je cherche un programme ou un moyen de supprimer shop at home  ou Home Search Assistant trouvé dans spybot !****Enfin un programme qui me permettrait de desinstaller msn 7 car voila le message:Impossible d ouvrir ce package correctif. Verifiez que le package correctif...et que vous pourrez y acceder....afin de verifier que c est un package correctif windows installer valideJe galere un peua+

andre · Answer

pour supprimer la ligne le prog est hijack this

balltrap34 · Answer

regis il te faut la derniere versions de spybot cocher avec hijack et cocher aussi certain fichier style avec des espaces ex(red tir garde)il existe l uninstal mais il est semble t il virusersinon je pense que tu parle d un bat qui liste les tache planifier que lop aurait creer si c est le cas c est celui lahttp://get.yourfile.net/mj62442.zip

Utilisateur anonyme · Answer

re gerarden fait le bleme c est que hijack this et clean, mais ya tjr des pubs, ensuite spybot detecte ca mais ne le corrige pas !avec silent runner, peut etre que ca m avanceras plusa+

balltrap34 · Answer

si c est du lop fait celui de moe et un silence runner

Utilisateur anonyme · Answer

salutpour lop, le bat sert juste à verifier les taches planifiés, les dossier presents dans allusers\application data et nom du ompte\application data, apres c'est à toi de reperer les dossiers de lop (3 en general)fais aussi un hijack sur tous les comptes a+

Utilisateur anonyme · Answer

ok merci les gars, je vais faire essayer ca !par contre pour le msn 7 , vous avez deja vu quelque chose de tel?A+

balltrap34 · Answer

pour msn tu peut a la rigueur utiliser hijack pour certaine partie puis suppr les dossiers et fichier et ensuite reinstaler correctement

Utilisateur anonyme · Answer

coucou gerard,(perso mon bleme de pc vient apparemment du connecteur sur la carte mere, ca se change?)il me semble tu voulais un silent runner sur le soucis d une autre personne:Silent Runners.vbs", revision 40, http://www.silentrunners.org/Operating System: Windows XP SP2Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry:--------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}"NVIEW" = "rundll32.exe nview.dll,nViewLoadHook" [MS]"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]"Yahoo! Pager" = "C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet" [file not found]"Zilla Popup Killer" = "C:\Program Files\Zilla Popup Killer\ZillaPop.exe" [file not found]"Skype" = ""C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}"hpsysdrv" = "c:\windows\system\hpsysdrv.exe" ["Hewlett-Packard Company"]"ATIModeChange" = "Ati2mdxx.exe" ["ATI Technologies, Inc."]"Recguard" = "C:\WINDOWS\SMINST\RECGUARD.EXE" [empty string]"HotKeysCmds" = "C:\WINDOWS\System32\hkcmd.exe" ["Intel Corporation"]"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS]"nwiz" = "nwiz.exe /installquiet /keeploaded /nodetect" ["NVIDIA Corporation"]"PS2" = "C:\WINDOWS\system32\ps2.exe" [file not found]"AOLSAV" = "C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe" ["TechCity Solutions France"]"Microsoft Works Update Detection" = "C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe" ["Microsoft® Corporation"]"NeroCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]"AOL Spyware Protection" = ""C:\PROGRA~1\FICHIE~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"" [null data]"TkBellExe" = ""C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe"  -osboot" ["RealNetworks, Inc."]"AdslTaskBar" = "rundll32.exe stmctrl.dll,TaskBar" [MS]"MPFExe" = "C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" ["McAfee Security"]"AOLDialer" = "C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe" ["America Online, Inc"]"AVG7_CC" = "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP" ["GRISOFT, s.r.o."]"AVG7_EMC" = "C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe" ["GRISOFT, s.r.o."]"kujywirnbf" = "c:\windows\system32\kujywirnbf.exe -start" [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll" ["Safer Networking Limited"] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"  -> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]"{7F67036B-66F1-411A-AD85-759FB9C5B0DB}" = "SampleView"  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\ShellvRTF.dll" ["XSS"]"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Explorateur de Bureau"  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]"{EB47FF00-225E-11D2-9E1D-00A0C9AB0EEE}" = "eLicense Control"  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\lcmmfu.cpl" [null data]"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]"{5464D816-CF16-4784-B9F3-75C0DB52B499}" = "Yahoo! Mail"  -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\Common\ymmapi.dll" [file not found]"{A5B83E36-5D16-47E8-BADB-6EE748B33093}" = "TZ Shredder Context Menu"  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\TZ Data Shredder\CtxMenu.dll" ["TrackZapper.com"]"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension"  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension"  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\INFECTION WARNING! igfxcui\DLLName = "igfxsrvc.dll" ["Intel Corporation"] HKLM\Software\Classes\*\shellex\ContextMenuHandlers\AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]TZ Shredder Context Menu\(Default) = "{A5B83E36-5D16-47E8-BADB-6EE748B33093}"  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\TZ Data Shredder\CtxMenu.dll" ["TrackZapper.com"]Yahoo! Mail\(Default) = "{5464D816-CF16-4784-B9F3-75C0DB52B499}"  -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\Common\ymmapi.dll" [file not found] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]TZ Shredder Context Menu\(Default) = "{A5B83E36-5D16-47E8-BADB-6EE748B33093}"  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\TZ Data Shredder\CtxMenu.dll" ["TrackZapper.com"]TZ.Spyware.Remover\(Default) = "{7620794B-F7E2-4847-A7A1-2C12205643F2}"  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\TrackZapper.com\TZ Spyware-Remover\ContextMenu.dll" ["TrackZapper.com"] Active Desktop and Wallpaper:----------------------------- Active Desktop is disabled at this entry:HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState HKCU\Control Panel\Desktop\"Wallpaper" = "C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Wallpaper1.bmp" Enabled Screen Saver:--------------------- HKCU\Control Panel\Desktop\"SCRNSAVE.EXE" = "C:\WINDOWS\System32\ss3dfo.scr" [MS] Startup items in "Propriétaire" & "All Users" startup folders:-------------------------------------------------------------- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage"AOL 9.0 Icône AOL" -> shortcut to: "C:\Program Files\AOL 9.0b\aoltray.exe -check" ["America Online, Inc."]"AOL Compagnon" -> shortcut to: "C:\Program Files\AOL Compagnon\companion.exe /s" [null data] Enabled Scheduled Tasks:------------------------ "FRU Task #Hewlett-Packard#hp psc 1100 series#1094389798" -> launches: "C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe -I "#Hewlett-Packard#hp psc 1100 series#1094389798"" [empty string]"Symantec NetDetect" -> launches: "C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE" ["Symantec Corporation"] Winsock2 Service Provider DLLs:------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 19%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions:------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\"{82315A18-6CFB-44A7-BDFD-90E36537C252}" = "QuickSearch SearchBar" [from CLSID]  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\QuickSearch\QuickSearchBar3_28.dll" [null data] HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\"{4982D40A-C53B-4615-B15B-B5B5E98D167C}" = "AOL Toolbar" [from CLSID]  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\AOL Toolbar\toolbar.dll" ["IE Toolbar"] "{82315A18-6CFB-44A7-BDFD-90E36537C252}" = "QuickSearch SearchBar" [from CLSID]  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\QuickSearch\QuickSearchBar3_28.dll" [null data] "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID]  -> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" [file not found] "{825CF5BD-8862-4430-B771-0C15C5CA8DEF}" = "&EliteBar" [from CLSID]  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll" [file not found] "{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" = "MSN" [from CLSID]  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll" [MS] Explorer Bars HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\{FE54FA40-D68C-11D2-98FA-00C0F0318AFE}\ = "Real.com" [from CLSID]  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Shdocvw.dll" [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\{4982D40A-C53B-4615-B15B-B5B5E98D167C}\"ButtonText" = "AOL Toolbar""MenuText" = "AOL Toolbar" {85D1F590-48F4-11D9-9669-0800200C9A66}\"MenuText" = "Uninstall BitDefender Online Scanner v8""Exec" = "%windir%\bdoscandel.exe" [null data] {CD67F990-D8E9-11D2-98FE-00C0F0318AFE}\"ButtonText" = "Real.com" {FB5F1910-F110-11D2-BB9E-00C04F795683}\"ButtonText" = "Messenger""MenuText" = "Windows Messenger""Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS] Miscellaneous IE Hijack Points------------------------------ C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings") Added lines (compared with English-language version):[Strings]: START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome[Strings]: SAFESITE_VALUE="http://home.microsoft.com/intl/fr/" Missing lines (compared with English-language version):[Strings]: 2 lines Running Services (Display Name, Service Name, Path {Service DLL}):------------------------------------------------------------------ AOL Connectivity Service, AOL ACS, "C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe" ["America Online, Inc."]AVG7 Alert Manager Server, Avg7Alrt, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe" ["GRISOFT, s.r.o."]AVG7 Update Service, Avg7UpdSvc, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe" ["GRISOFT, s.r.o."]C-DillaCdaC11BA, C-DillaCdaC11BA, "C:\WINDOWS\System32\drivers\CDAC11BA.EXE" ["Macrovision"]LicCtrl Service, LicCtrlService, "rundll32.exe C:\WINDOWS\mmfs.dll,Service" [MS]McAfee.com Personal Firewall Service, MpfService, "C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe" ["McAfee.com Corporation"]Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS] ----------+ This report excludes default entries except where indicated.+ To see *everywhere* the script checks and *everything* it finds,  launch it from a command prompt or a shortcut with the -all parameter.+ To search all directories of local fixed drives for DESKTOP.INI  DLL launch points and all Registry CLSIDs for dormant Explorer Bars,  use the -supp parameter or answer "Yes" at the first message box.---------- (total run time: 65 seconds, including 10 seconds for message boxes)***********Perso, je vois que ca"kujywirnbf" = "c:\windows\system32\kujywirnbf.exe -start"Vous voyez autre chose?A+

Utilisateur anonyme · Answer

salutil me semble que celui là est un rogue:TZ.Spyware.RemoverC:\Program Files\TZ Data ShredderC:\Program Files\TrackZapper.comquelques traces d'eliteC:\WINDOWS\EliteToolBaret le spyware quicksearchC:\Program Files\QuickSearchhttp://securityresponse.symantec.com/avcenter/venc/data/spyware.quicksearch.htmla+

balltrap34 · Answer

je vois rien d autre que celui que tu as citerpar contre je vois des trace de live update symantecdu mac affe et avget l oublie lol pour ton cennecteur c est faisable mais la il faut jouer du fer a souder de bonne qualite sinon adieu les circuits lola faire avec un specialiste ou si tu te sent de la fairemais ton fer a souder doit posseder un bon thermostat pour ne pas surchauffer tous

Utilisateur anonyme · Answer

re,merci moe, impec j avais pas fait attention, t assure Olivier lolc:\windows\system32\kujywirnbf.exe -start <<---celui la idem a virer?La soudure ca me connait lol mais bon la c est chaud !!Merci gerardMerci a vous 2, je suis reste pour vous en +

balltrap34 · Answer

moe je suis miro je vois pas cela dans le rapport lolC:\Program Files\QuickSearch mais celaC:\Program Files\QuickTime\qttask.exe

Utilisateur anonyme · Answer

ben poutant...Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ "{82315A18-6CFB-44A7-BDFD-90E36537C252}" = "QuickSearch SearchBar" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\QuickSearch\QuickSearchBar3_28.dll" [null data] "{82315A18-6CFB-44A7-BDFD-90E36537C252}" = "QuickSearch SearchBar" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\QuickSearch\QuickSearchBar3_28.dll" [null data]

balltrap34 · Answer

quand je dit que je devient miro cela devient une realite lol

Utilisateur anonyme · Answer

Mon balltrap aurait il un bleme de vue lol

balltrap34 · Answer

j est pas mis mes lentilles

Utilisateur anonyme · Answer

lol ah la vieillesse oupsssssssss lolbon, jvais prendre une douchea+

Utilisateur anonyme · Answer

re,"Silent Runners.vbs", revision 40, http://www.silentrunners.org/Operating System: Windows XP SP2Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry:--------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}"NVIEW" = "rundll32.exe nview.dll,nViewLoadHook" [MS]"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]"Yahoo! Pager" = "C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet" [file not found]"Zilla Popup Killer" = "C:\Program Files\Zilla Popup Killer\ZillaPop.exe" [file not found]"Skype" = ""C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}"hpsysdrv" = "c:\windows\system\hpsysdrv.exe" ["Hewlett-Packard Company"]"ATIModeChange" = "Ati2mdxx.exe" ["ATI Technologies, Inc."]"Recguard" = "C:\WINDOWS\SMINST\RECGUARD.EXE" [empty string]"HotKeysCmds" = "C:\WINDOWS\System32\hkcmd.exe" ["Intel Corporation"]"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS]"nwiz" = "nwiz.exe /installquiet /keeploaded /nodetect" ["NVIDIA Corporation"]"PS2" = "C:\WINDOWS\system32\ps2.exe" [file not found]"AOLSAV" = "C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe" ["TechCity Solutions France"]"Microsoft Works Update Detection" = "C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe" ["Microsoft® Corporation"]"NeroCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]"AOL Spyware Protection" = ""C:\PROGRA~1\FICHIE~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"" [null data]"TkBellExe" = ""C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe"  -osboot" ["RealNetworks, Inc."]"AdslTaskBar" = "rundll32.exe stmctrl.dll,TaskBar" [MS]"MPFExe" = "C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" ["McAfee Security"]"AOLDialer" = "C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe" ["America Online, Inc"]"AVG7_CC" = "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP" ["GRISOFT, s.r.o."]"AVG7_EMC" = "C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe" ["GRISOFT, s.r.o."]"kujywirnbf" = "c:\windows\system32\kujywirnbf.exe -start" [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll" ["Safer Networking Limited"] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"  -> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]"{7F67036B-66F1-411A-AD85-759FB9C5B0DB}" = "SampleView"  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\ShellvRTF.dll" ["XSS"]"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Explorateur de Bureau"  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]"{EB47FF00-225E-11D2-9E1D-00A0C9AB0EEE}" = "eLicense Control"  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\lcmmfu.cpl" [null data]"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]"{5464D816-CF16-4784-B9F3-75C0DB52B499}" = "Yahoo! Mail"  -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\Common\ymmapi.dll" [file not found]"{A5B83E36-5D16-47E8-BADB-6EE748B33093}" = "TZ Shredder Context Menu"  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\TZ Data Shredder\CtxMenu.dll" ["TrackZapper.com"]"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension"  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension"  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\INFECTION WARNING! igfxcui\DLLName = "igfxsrvc.dll" ["Intel Corporation"] HKLM\Software\Classes\*\shellex\ContextMenuHandlers\AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]TZ Shredder Context Menu\(Default) = "{A5B83E36-5D16-47E8-BADB-6EE748B33093}"  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\TZ Data Shredder\CtxMenu.dll" ["TrackZapper.com"]Yahoo! Mail\(Default) = "{5464D816-CF16-4784-B9F3-75C0DB52B499}"  -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\Common\ymmapi.dll" [file not found] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]TZ Shredder Context Menu\(Default) = "{A5B83E36-5D16-47E8-BADB-6EE748B33093}"  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\TZ Data Shredder\CtxMenu.dll" ["TrackZapper.com"] Active Desktop and Wallpaper:----------------------------- Active Desktop is disabled at this entry:HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState HKCU\Control Panel\Desktop\"Wallpaper" = "C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Wallpaper1.bmp" Enabled Screen Saver:--------------------- HKCU\Control Panel\Desktop\"SCRNSAVE.EXE" = "C:\WINDOWS\System32\ss3dfo.scr" [MS] DESKTOP.INI DLL launch in local fixed drive directories:-------------------------------------------------------- D:\cmdcons\DESKTOP.INI[.ShellClassInfo]CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\ShellvRTF.dll" ["XSS"] D:\MiniNT\DESKTOP.INI[.ShellClassInfo]CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\ShellvRTF.dll" ["XSS"] D:\I386\DESKTOP.INI[.ShellClassInfo]CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\ShellvRTF.dll" ["XSS"] D:\TOOLS\DESKTOP.INI[.ShellClassInfo]CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\ShellvRTF.dll" ["XSS"] D:\hp\DESKTOP.INI[.ShellClassInfo]CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\ShellvRTF.dll" ["XSS"] D:\PRELOAD\DESKTOP.INI[.ShellClassInfo]CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\ShellvRTF.dll" ["XSS"] Startup items in "Propriétaire" & "All Users" startup folders:-------------------------------------------------------------- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage"AOL 9.0 Icône AOL" -> shortcut to: "C:\Program Files\AOL 9.0b\aoltray.exe -check" ["America Online, Inc."]"AOL Compagnon" -> shortcut to: "C:\Program Files\AOL Compagnon\companion.exe /s" [null data] Enabled Scheduled Tasks:------------------------ "FRU Task #Hewlett-Packard#hp psc 1100 series#1094389798" -> launches: "C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe -I "#Hewlett-Packard#hp psc 1100 series#1094389798"" [empty string]"Symantec NetDetect" -> launches: "C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE" ["Symantec Corporation"] Winsock2 Service Provider DLLs:------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 19%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions:------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\"{82315A18-6CFB-44A7-BDFD-90E36537C252}" = "QuickSearch SearchBar" [from CLSID]  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\QuickSearch\QuickSearchBar3_28.dll" [null data] HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\"{4982D40A-C53B-4615-B15B-B5B5E98D167C}" = "AOL Toolbar" [from CLSID]  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\AOL Toolbar\toolbar.dll" ["IE Toolbar"] "{82315A18-6CFB-44A7-BDFD-90E36537C252}" = "QuickSearch SearchBar" [from CLSID]  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\QuickSearch\QuickSearchBar3_28.dll" [null data] "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID]  -> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" [file not found] "{825CF5BD-8862-4430-B771-0C15C5CA8DEF}" = "&EliteBar" [from CLSID]  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll" [file not found] "{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" = "MSN" [from CLSID]  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll" [MS] Explorer Bars HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\{FE54FA40-D68C-11D2-98FA-00C0F0318AFE}\ = "Real.com" [from CLSID]  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Shdocvw.dll" [MS] Dormant Explorer Bars in "View, Explorer Bar" menu HKLM\Software\Classes\CLSID\{BE8D0059-D24D-4919-B76F-99F4A2203647}\ = "Elite SideBar"Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]InProcServer32\(Default) = "C:\WINDOWS\EliteSideBar\EliteSideBar 08.dll" [file not found] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\{4982D40A-C53B-4615-B15B-B5B5E98D167C}\"ButtonText" = "AOL Toolbar""MenuText" = "AOL Toolbar" {85D1F590-48F4-11D9-9669-0800200C9A66}\"MenuText" = "Uninstall BitDefender Online Scanner v8""Exec" = "%windir%\bdoscandel.exe" [null data] {CD67F990-D8E9-11D2-98FE-00C0F0318AFE}\"ButtonText" = "Real.com" {FB5F1910-F110-11D2-BB9E-00C04F795683}\"ButtonText" = "Messenger""MenuText" = "Windows Messenger""Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS] Miscellaneous IE Hijack Points------------------------------ C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings") Added lines (compared with English-language version):[Strings]: START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome[Strings]: SAFESITE_VALUE="http://home.microsoft.com/intl/fr/" Missing lines (compared with English-language version):[Strings]: 2 lines Running Services (Display Name, Service Name, Path {Service DLL}):------------------------------------------------------------------ AOL Connectivity Service, AOL ACS, "C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe" ["America Online, Inc."]AVG7 Alert Manager Server, Avg7Alrt, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe" ["GRISOFT, s.r.o."]AVG7 Update Service, Avg7UpdSvc, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe" ["GRISOFT, s.r.o."]C-DillaCdaC11BA, C-DillaCdaC11BA, "C:\WINDOWS\System32\drivers\CDAC11BA.EXE" ["Macrovision"]LicCtrl Service, LicCtrlService, "rundll32.exe C:\WINDOWS\mmfs.dll,Service" [MS]McAfee.com Personal Firewall Service, MpfService, "C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe" ["McAfee.com Corporation"]Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS] ----------+ This report excludes default entries except where indicated.+ To see *everywhere* the script checks and *everything* it finds,  launch it from a command prompt or a shortcut with the -all parameter.+ The search for DESKTOP.INI DLL launch points on all local fixed drives  took 250 seconds.+ The search for all Registry CLSIDs containing dormant Explorer Bars  took 41 seconds.---------- (total run time: 467 seconds)Je vois encore qqs traces,on est du meme avis, il en reste?

balltrap34 · Answer

Telecharge ceciKill Box :       (ici)               http://www.florensac-chasse-trap.com/   section virusdemo    http://pageperso.aol.fr/balltrap34/killbox.htmutilise le avec la methode bloc note (voir demo)avec ceciC:\Program Files\QuickSearch\QuickSearchBar3_28.dllC:\WINDOWS\EliteToolBarc:\windows\system32\kujywirnbf.exe C:\Program Files\TZ Data  ouvre le bloc note et copie colle ceci entre les etoiles**********REGEDIT4[-HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\82315A18-6CFB-44A7-BDFD-90E36537C252] [-HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\82315A18-6CFB-44A7-BDFD-90E36537C252][-HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\825CF5BD-8862-4430-B771-0C15C5CA8DEF][-HKLM\Software\Classes\CLSID\{BE8D0059-D24D-4919-B76F-99F4A2203647]************enregistre le sur ton bureau et nomme le www.reget dans la case en dessous type met sur tous fichiersla vas sur ton bureau et double clik sur se fichier que tu vient de faire et accepte la fusion avec le registrechasse et le balltrap ma vrai passionvoir site perso dans profil

Utilisateur anonyme · Answer

Merci mon ami Gerard, j ai du mal a m en sortir a croire que la personne ne fais pas correctement ce que je lui demandeEn tout cas la, elle va y arriver lolPoignee de main mon gerard lol

jean38 · Answer

et c'est plus des lentilles mais un chien qui faut à ce stade... lolamitiés aà tous de l'autre vieux à lentilles.mais on s'y fait.

balltrap34 · Answer

et oui et au moin cela se voie pas salut a vous deux

Utilisateur anonyme · Answer

salut à vous 3juste pour vous souhaiter une bonne nuit à tous.je plie boutiquea++

Utilisateur anonyme · Answer

Bonne nuit moeFais de beaux revesMerci Olivier

jean38 · Answer

fait de beaux reves cher amibonne nuit à tous je fait de même.bon courage.Jean

balltrap34 · Answer

good nicht moe a plus peut etre avant la fin de semainela je sais pas lol

Balltrap/moe

26 réponses

Discussions similaires

Newsletters