Problème HCLEAN32.exe

Résolu
godzillas001 Messages postés 25 Statut Membre -  
godzillas001 Messages postés 25 Statut Membre -
Bonjour à tous;
comme mentionner dans le titre, mon problème est également lier à HCLEAN32.exe. J'ai pu lire sur le site que d'autres personnes ont connus le même problème. Ne faisant pas parti des petits génies de l'informatique(malheureusement), j'aimerais savoir si quelqu'un dispose de la bonne procédure pour être enfin débarasser de ce problème qui ralenti énormément le PC et qui me bloque certains programmes.

Un grand merci d'avance.

Stéphane
Configuration: win xp pro

37 réponses

  • 1
  • 2
Résumé de la discussion

HCLEAN32.exe est l'élément central du problème décrit, un malware qui ralentit l'ordinateur et bloque certains programmes sous Windows XP et qui apparaît dans les analyses HijackThis du fil. Des utilisateurs suggèrent d'utiliser HijackThis pour identifier les entrées de démarrage et de créer ou fusionner des scripts de correction (fix.reg) pour supprimer les éléments malveillants. En cas de doute, SilentRunners est proposé pour générer un rapport et guider l'élimination, tandis que les échanges évoquent l'acceptation des scripts signés par Norton et les avertissements liés à des scripts perçus comme malveillants. Des témoignages ajoutent que l'infection évolue et que plus le délai est long, plus le nettoyage implique de fichiers à supprimer et que certains fichiers se renomment à chaque démarrage.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. Utilisateur anonyme
     
    salut

    pas facile à virer en plus...

    telecharge hc.zip ici
    http://cjoint.com/?jAu7RJ0V1J
    dezippe le, redemarre en mode sans echecs et lance hc.bat
    le bloc note va s'ouvrir, sauvegarde le rapport.
    redemarre normallement et poste le rapport ici.

    ensuite:
    telecharge hijackthis:
    http://www.merijn.org/files/hijackthis.zip
    Dezippe le dans un dossier prévu a cet effet.
    Par exemple C:\hijack
    et surtout pas dans un dossier temporaire (temp)
    lance le puis:
    clic sur "do a system scan and save logfile" et pas autre chose
    Le bloc note va s'ouvrir, copie tout le contenu et colle le ici a la suite de ton message.
    Si tu as du mal, regarde ceci:
    http://pageperso.aol.fr/balltrap34/demohijack.htm

    Silentrunners
    http://www.silentrunners.org/Silent%20Runners.vbs
    lance le et poste le rapport

    a+
    0
    1. godzillas001 Messages postés 25 Statut Membre
       
      salut moe31, voici le rapport comme tu me l'as demander.
      stéphane

      Rapport fait à 16:51:29,04 le dim. 02/10/2005
      Executé à partir de C:\Documents and Settings\GODZILLA\Mes documents\sauvegarde\programmes t‚l‚charg‚s\sp‚cial
      OS: Microsoft Windows XP [version 5.1.2600]

      *********************************************

      Vérification HKLM\...\...\...\...\ruins

      Windows Registry Editor Version 5.00

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins]
      "pgtshlld"=hex:96,58,00,00,6f,9f,a7,53,bc,b7,38,cb,11,26,eb,16,14,00,00,00
      "nidnsdr"=hex:fa,59,00,00,f9,c3,c8,c5,eb,de,ad,e5,8a,af,ba,13,00,00,00
      "23naelch"=hex:9d,24,00,00,90,9d,ac,af,4b,b6,15,02,1e,df,f0,ef,14,00,00,00
      "aplnsftn"=hex:b7,54,00,00,b0,b6,b8,87,90,9e,e2,d5,30,c1,ca,f1,14,00,00,00
      "23rtcdaol"=hex:51,55,00,00,28,5d,17,18,01,78,06,49,56,a2,53,24,43,15,00,00,00
      "umeay"=hex:6e,22,00,00,72,52,76,76,56,21,16,2b,06,11,00,00,00
      "8"=hex:88,5a,00,00,65,76,51,40,5c,4b,7e,77,63,30,e5,00,14,00,00,00
      "9"=hex:88,5a,00,00,6f,71,5e,5b,59,4c,33,7b,38,dd,08,13,00,00,00
      "10"=hex:bc,5a,00,00,bf,ad,87,82,9f,95,e9,d0,3f,fc,d1,cc,14,00,00,00
      "11"=hex:75,18,00,00,48,45,44,77,63,5e,6d,6a,76,07,08,37,14,00,00,00
      "12"=hex:75,18,00,00,72,44,4d,4e,6c,63,26,6e,0f,30,3f,13,00,00,00
      "13"=hex:75,18,00,00,76,74,7e,45,56,5c,20,1b,76,07,08,37,14,00,00,00
      "14"=hex:29,22,00,00,04,11,30,23,3f,2a,99,96,82,53,44,63,14,00,00,00
      "15"=hex:29,22,00,00,0e,10,39,3a,38,2f,52,9a,5b,7c,6b,13,00,00,00
      "16"=hex:5d,22,00,00,5e,4c,66,7d,7e,74,08,73,5e,1f,30,2f,14,00,00,00
      "17"=hex:c0,6a,00,00,bd,be,89,88,94,93,36,3f,3b,f8,dd,c8,14,00,00,00
      "18"=hex:28,6b,00,00,0f,11,3e,3b,39,2c,53,9b,58,7d,68,13,00,00,00
      "19"=hex:8e,6b,00,00,69,9f,51,ac,49,47,3b,22,69,2e,e3,1e,14,00,00,00
      "20"=hex:51,79,00,00,2c,29,18,1b,07,02,41,4e,aa,6b,2c,5b,14,00,00,00
      "21"=hex:85,79,00,00,62,74,5d,5e,5c,53,36,7e,3f,20,0f,13,00,00,00
      "22"=hex:85,79,00,00,66,64,4e,55,46,4c,30,2b,66,37,18,07,14,00,00,00
      "23"=hex:4d,5e,00,00,20,2d,1c,1f,1b,06,45,b2,ae,6f,20,5f,14,00,00,00
      "24"=hex:7e,5e,00,00,65,7f,54,41,57,5a,29,61,36,2b,06,13,00,00,00
      "25"=hex:7e,5e,00,00,79,6f,41,5c,59,57,2b,12,79,3e,13,0e,14,00,00,00
      "26"=hex:96,18,00,00,6b,64,a7,56,42,b9,0c,05,11,26,eb,16,14,00,00,00
      "27"=hex:ca,18,00,00,a9,b3,98,95,9b,8e,fd,35,fa,9f,ca,13,00,00,00
      "28"=hex:ff,18,00,00,f8,ee,c0,df,d8,d6,aa,ad,f8,b9,92,89,14,00,00,00
      "29"=hex:9c,5c,00,00,91,62,ad,ac,48,b7,0a,03,1f,dc,f1,ec,14,00,00,00
      "30"=hex:cd,5c,00,00,aa,ac,e5,96,84,8b,fe,36,e7,98,d7,13,00,00,00
      "31"=hex:02,5d,00,00,e5,eb,cd,d8,c5,d3,b7,ae,e5,ba,9f,8a,14,00,00,00
      "32"=hex:b3,36,00,00,8e,8b,ba,b5,a1,9c,23,28,34,c5,ce,f5,14,00,00,00
      "33"=hex:e8,36,00,00,cf,d1,fe,fb,f9,ec,93,db,98,bd,a8,13,00,00,00
      "34"=hex:19,37,00,00,12,10,da,21,32,38,4c,b7,92,a3,74,93,14,00,00,00
      "35"=hex:9e,15,00,00,93,9c,af,ae,4a,b1,14,1d,19,de,f3,ee,14,00,00,00
      "36"=hex:04,16,00,00,e3,f5,d2,df,dd,d0,b7,ff,bc,a1,8c,13,00,00,00
      "37"=hex:6c,16,00,00,4f,7d,77,72,6f,65,19,00,4f,0c,01,3c,14,00,00,00
      "38"=hex:db,0f,00,00,d6,a3,e2,ed,89,f4,cb,c0,dc,9d,b6,ad,14,00,00,00
      "39"=hex:40,10,00,00,27,39,16,03,11,14,6b,a3,70,65,40,13,00,00,00
      "40"=hex:a5,10,00,00,86,84,ae,b5,a6,ac,d0,cb,06,d7,f8,e7,14,00,00,00
      "41"=hex:41,08,00,00,3c,39,08,0b,17,12,b1,be,ba,7b,5c,4b,14,00,00,00
      "42"=hex:75,08,00,00,72,44,4d,4e,6c,63,26,6e,0f,30,3f,13,00,00,00
      "43"=hex:da,08,00,00,dd,d3,e5,e0,fd,fb,8f,f6,dd,e2,b7,d2,14,00,00,00
      "44"=hex:77,4a,00,00,4a,47,46,71,6d,58,6f,64,70,01,0a,31,14,00,00,00
      "45"=hex:dc,4a,00,00,db,dd,ea,e7,f5,f8,8f,c7,94,89,a4,13,00,00,00
      "46"=hex:42,4b,00,00,25,2b,0d,18,05,13,77,6e,a5,7a,5f,4a,14,00,00,00
      "47"=hex:ca,0f,00,00,a7,b0,93,82,9e,85,38,31,2d,f2,a7,c2,14,00,00,00
      "48"=hex:32,10,00,00,31,0b,00,0d,23,26,65,ad,42,77,72,13,00,00,00
      "49"=hex:c9,10,00,00,a2,a0,8a,91,82,88,fc,e7,22,f3,a4,c3,14,00,00,00
      "50"=hex:5a,51,00,00,57,20,63,12,0e,75,48,41,5d,62,37,52,14,00,00,00
      "51"=hex:f3,51,00,00,f0,ca,c3,cc,e2,e1,a4,ec,8d,b6,bd,13,00,00,00
      "52"=hex:8d,52,00,00,6e,9c,56,ad,4e,44,38,23,6e,2f,e0,1f,14,00,00,00
      "53"=hex:4d,52,00,00,20,2d,1c,1f,1b,06,45,b2,ae,6f,20,5f,14,00,00,00
      "54"=hex:1b,53,00,00,18,e2,2b,24,ca,39,4c,84,55,4e,65,13,00,00,00
      "55"=hex:b5,53,00,00,b6,b4,be,85,96,9c,e0,db,36,c7,c8,f7,14,00,00,00
      "56"=hex:94,15,00,00,69,6a,a5,54,40,bf,02,0b,17,24,e9,14,14,00,00,00
      "57"=hex:2e,16,00,00,35,0f,04,31,27,2a,59,91,46,7b,76,13,00,00,00
      "58"=hex:93,16,00,00,94,9a,5c,ab,b4,42,c6,39,14,25,ee,15,14,00,00,00
      "59"=hex:9d,6d,00,00,90,9d,ac,af,4b,b6,15,02,1e,df,f0,ef,14,00,00,00
      "60"=hex:9c,6e,00,00,9b,9d,aa,a7,b5,b8,cf,07,d4,c9,e4,13,00,00,00
      "61"=hex:6a,6f,00,00,4d,43,75,70,6d,6b,1f,06,4d,12,07,22,14,00,00,00
      "62"=hex:61,65,00,00,5c,59,68,6b,77,72,51,5e,5a,1b,3c,2b,14,00,00,00
      "63"=hex:5f,66,00,00,44,5e,77,60,76,75,08,40,11,0a,21,13,00,00,00
      "64"=hex:5e,67,00,00,59,4f,61,7c,79,77,0b,72,59,1e,33,2e,14,00,00,00
      "65"=hex:62,6c,00,00,5f,58,6b,6a,76,6d,50,59,45,1a,3f,2a,14,00,00,00
      "66"=hex:61,6d,00,00,46,58,71,62,70,77,0a,42,13,04,23,13,00,00,00
      "67"=hex:60,6e,00,00,5b,49,63,7e,7b,71,15,0c,5b,18,3d,28,14,00,00,00
      "nspmd"=hex:a1,32,00,00,90,93,b4,b9,ba,72,c3,d4,d3,11,00,00,00
      "68"=hex:31,3b,00,00,0c,09,38,3b,27,22,a1,ae,8a,4b,4c,7b,14,00,00,00
      "69"=hex:30,3c,00,00,37,09,06,33,21,24,5b,93,40,75,70,13,00,00,00
      "70"=hex:c8,3d,00,00,a3,a1,8b,96,83,89,fd,e4,23,f0,a5,c0,14,00,00,00
      "71"=hex:2b,54,00,00,06,13,32,3d,39,24,9b,90,8c,4d,46,7d,14,00,00,00
      "72"=hex:5e,55,00,00,45,5f,74,61,77,7a,09,41,16,0b,26,13,00,00,00
      "73"=hex:91,56,00,00,6a,98,52,a9,4a,40,c4,3f,6a,2b,ec,1b,14,00,00,00
      "74"=hex:86,50,00,00,7b,74,57,46,52,49,7c,75,61,36,1b,06,14,00,00,00
      "75"=hex:84,51,00,00,63,75,52,5f,5d,50,37,7f,3c,21,0c,13,00,00,00
      "76"=hex:b7,52,00,00,b0,b6,b8,87,90,9e,e2,d5,30,c1,ca,f1,14,00,00,00
      "77"=hex:0b,6e,00,00,e6,f3,d2,dd,d9,c4,fb,f0,ec,ad,66,9d,14,00,00,00
      "78"=hex:a4,6f,00,00,83,95,b2,bf,bd,b0,d7,1f,dc,c1,ec,13,00,00,00
      "79"=hex:a4,71,00,00,87,85,af,ba,a7,ad,d1,c8,07,d4,f9,e4,14,00,00,00
      "80"=hex:e2,11,00,00,df,d8,eb,ea,f6,ed,d0,d9,c5,9a,bf,aa,14,00,00,00
      "81"=hex:7b,13,00,00,78,42,4b,44,6a,59,2c,64,35,2e,05,13,00,00,00
      "82"=hex:78,15,00,00,73,71,7b,46,53,59,2d,14,73,00,15,30,14,00,00,00


      *********************************************

      Fichiers détectés :

      C:\WINDOWS\rdt.ini Présent !
      C:\WINDOWS\System32\loadctr32.exe Présent !
      C:\WINDOWS\System32\ntfsnlpa.exe Présent !
      C:\WINDOWS\System32\rdsndin.exe Présent !

      *********************************************

      Recherche des processus aleatoires
      d'après les modèles : cs***.exe, dm***.exe, ya***.exe

      C:\WINDOWS\System32
      cszia.exe

      *********************************************

      Recherche presence hclean32.exe...
      hclean.exe Présent !

      Recherche des processus crées à la meme date:
      C:\WINDOWS\.
      C:\WINDOWS\..
      C:\WINDOWS\0.log
      C:\WINDOWS\bootstat.dat
      C:\WINDOWS\Debug
      C:\WINDOWS\Installer
      C:\WINDOWS\MININU.LOG
      C:\WINDOWS\ntbtlog.txt
      C:\WINDOWS\Prefetch
      C:\WINDOWS\SchedLgU.Txt
      C:\WINDOWS\setupapi.log
      C:\WINDOWS\system32
      C:\WINDOWS\Temp
      C:\WINDOWS\wiadebug.log
      C:\WINDOWS\wiaservc.log
      C:\WINDOWS\WindowsUpdate.log
      C:\WINDOWS\System32\.
      C:\WINDOWS\System32\..
      C:\WINDOWS\System32\CatRoot2
      C:\WINDOWS\System32\config
      C:\WINDOWS\System32\hclean32.exe
      C:\WINDOWS\System32\ntfsnlpa.exe
      C:\WINDOWS\System32\rdsndin.exe

      *************** Fin du rapport ******************

      0
  2. Utilisateur anonyme
     
    ok

    a partir de maintenant, ne redemarre pas le pc et poste le rapport d'hijackthis et silentrunners
    0
    1. godzillas001 Messages postés 25 Statut Membre
       
      lorsque je veux ouvrir silentrunners, norton m'averti d'un script malveillant. dois-je autoriser ce script?
      0
      1. Utilisateur anonyme > godzillas001 Messages postés 25 Statut Membre
         
        oui pas de problemes, norton fais son boulot en te prévenant
        0
  3. godzillas001 Messages postés 25 Statut Membre
     
    Logfile of HijackThis v1.99.1
    Scan saved at 17:14:02, on 2/10/2005
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
    C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Support.com\bin\tgcmd.exe
    C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
    C:\WINDOWS\htpatch.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0K2.EXE
    C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
    C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\wdfmgr.exe
    C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\SAVScan.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Fichiers communs\ACD Systems\FR\DevDetect.exe
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    C:\Program Files\Alturion\Alturion Auto Update\Alturion Auto Update.exe
    C:\PROGRA~1\SPYWAR~1\swdoctor.exe
    C:\Program Files\Logitech\SetPoint\KEM.exe
    C:\Program Files\Rainlendar\Rainlendar.exe
    C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\PROGRA~1\WinZip\winzip32.exe
    C:\WINDOWS\System32\cmd.exe
    C:\WINDOWS\system32\notepad.exe
    C:\DOCUME~1\GODZILLA\LOCALS~1\Temp\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = http://targetclicks.net/srch.php?qq=%s
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - {F2723A62-82DE-7A7D-B76C-95CAE6398F68} - (no file)
    O2 - BHO: (no name) - {04C8B8B7-4369-45FF-89D3-6562C9B98EAF} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
    O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
    O3 - Toolbar: (no name) - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - (no file)
    O3 - Toolbar: Barre d'outils MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\msgr.fr.fr-be\msntb.dll
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security Professional\UrlLstCk.exe
    O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~2\NORTON~1\AdvTools\ADVCHK.EXE
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
    O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
    O4 - HKLM\..\Run: [ECS CLOCK] C:\WINDOWS\System32\ecsclock.exe
    O4 - HKLM\..\Run: [EPSON Stylus Photo RX500] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0K2.EXE /P24 "EPSON Stylus Photo RX500" /O6 "USB001" /M "Stylus Photo RX500"
    O4 - HKLM\..\Run: [msnappau] C:\Program Files\MSN Toolbar\01.02.1001.2\fr\msnappau.exe
    O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
    O4 - HKLM\..\Run: [hclean32.exe] C:\WINDOWS\System32\hclean32.exe
    O4 - HKLM\..\Run: [dmpsn.exe] C:\WINDOWS\System32\dmpsn.exe
    O4 - HKLM\..\Run: [dflnl.exe] C:\WINDOWS\System32\dflnl.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - HKCU\..\Run: [AlturionAU] C:\Program Files\Alturion\Alturion Auto Update\Alturion Auto Update.exe
    O4 - HKCU\..\Run: [ms-its] ms-its.exe
    O4 - HKCU\..\Run: [_ctcp] mozilla-text.exe
    O4 - HKCU\..\Run: [init32] iesetupdll.exe
    O4 - HKCU\..\Run: [Spyware Doctor] C:\PROGRA~1\SPYWAR~1\swdoctor.exe /Q
    O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
    O16 - DPF: {31DDC1FD-CEA3-4837-A6DC-87E67015ADC9} - http://akamai.downloadv3.com/binaries/IA/svcsysnet32_EN_XP.cab
    O16 - DPF: {511F9316-771B-4953-A268-1C36DA667FE9} - http://ip.sponsoradulto.com/cab/3/fr/SysWebTelecomInt.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/SymAData.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{797F3815-F7FB-40AB-ACE6-7B0C9631791D}: NameServer = 85.255.113.122,85.255.112.13
    O17 - HKLM\System\CCS\Services\Tcpip\..\{E0376FA1-ED75-4730-A254-676D130FC053}: NameServer = 85.255.113.122,85.255.112.13
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
    0
  4. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  5. godzillas001 Messages postés 25 Statut Membre
     
    est-ce bien ce rapport que tu désirais?

    "Silent Runners.vbs", revision 40.1, http://www.silentrunners.org/
    Operating System: Windows XP
    Output limited to non-default values, except where indicated by "{++}"

    Startup items buried in registry:
    ---------------------------------

    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
    "MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]
    "NBJ" = ""C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"" ["Ahead Software AG"]
    "H/PC Connection Agent" = ""C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"" [MS]
    "AlturionAU" = "C:\Program Files\Alturion\Alturion Auto Update\Alturion Auto Update.exe" ["Alturion NV"]
    "ms-its" = "ms-its.exe" [file not found]
    "_ctcp" = "mozilla-text.exe" [file not found]
    "init32" = "iesetupdll.exe" [file not found]
    "Spyware Doctor" = "C:\PROGRA~1\SPYWAR~1\swdoctor.exe /Q" ["PCTools"]

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
    "QD FastAndSafe" = (value not set)
    "ccApp" = ""C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]
    "URLLSTCK.exe" = "C:\Program Files\Norton Internet Security Professional\UrlLstCk.exe" ["Symantec Corporation"]
    "Advanced Tools Check" = "C:\PROGRA~1\NORTON~2\NORTON~1\AdvTools\ADVCHK.EXE" ["Symantec Corporation"]
    "Symantec NetDriver Monitor" = "C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer" ["Symantec Corporation"]
    "Cmaudio" = "RunDll32 cmicnfg.cpl,CMICtrlWnd" [MS]
    "NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
    "tgcmd" = ""C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor " ["SupportSoft, Inc."]
    "SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe" ["Sun Microsystems, Inc."]
    "SSC_UserPrompt" = "C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe" ["Symantec Corporation"]
    "HTpatch" = "C:\WINDOWS\htpatch.exe" [null data]
    "ECS CLOCK" = "C:\WINDOWS\System32\ecsclock.exe" ["ECS Company"]
    "EPSON Stylus Photo RX500" = "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0K2.EXE /P24 "EPSON Stylus Photo RX500" /O6 "USB001" /M "Stylus Photo RX500"" ["SEIKO EPSON CORPORATION"]
    "msnappau" = "C:\Program Files\MSN Toolbar\01.02.1001.2\fr\msnappau.exe" [MS]
    "Device Detector" = "DevDetect.exe -autorun" ["ACD Systems, Ltd."]
    "hclean32.exe" = "C:\WINDOWS\System32\hclean32.exe" [null data]
    "dmpsn.exe" = "C:\WINDOWS\System32\dmpsn.exe" [file not found]
    "RegistryMechanic" = (empty string)
    "dflnl.exe" = "C:\WINDOWS\System32\dflnl.exe" [null data]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
    {53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
    -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
    {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}\(Default) = "PCTools Site Guard" [from CLSID]
    -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll" ["PC Tools"]
    {9ECB9560-04F9-4bbc-943D-298DDF1699E1}\(Default) = "Web assistant"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll" ["Symantec Corporation"]
    {B56A7D7D-6927-48C8-A975-17DF180C71AC}\(Default) = "PCTools Browser Monitor" [from CLSID]
    -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll" ["GuideWorks Pty. Ltd."]
    {BDF3E430-B101-42AD-A544-FADC6B084872}\(Default) = "NAV Helper"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\
    INFECTION WARNING! "System" = "cstia.exe" [file not found]

    HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
    Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
    WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
    WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
    -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WinZip\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

    HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
    WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
    WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
    -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WinZip\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

    HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
    Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
    WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
    WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
    -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WinZip\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

    Active Desktop and Wallpaper:
    -----------------------------

    Active Desktop is enabled at this entry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

    HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
    "Wallpaper" = "C:\WINDOWS\ACD Wallpaper.bmp"

    Enabled Screen Saver:
    ---------------------

    HKCU\Control Panel\Desktop\

    HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\0\
    "SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]

    Startup items in "GODZILLA" & "All Users" startup folders:
    ----------------------------------------------------------

    C:\Documents and Settings\GODZILLA\Menu Démarrer\Programmes\Démarrage
    "Rainlendar" -> shortcut to: "C:\Program Files\Rainlendar\Rainlendar.exe" ["Rainy"]

    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
    "Logitech SetPoint" -> shortcut to: "C:\Program Files\Logitech\SetPoint\KEM.exe" ["Logitech Inc."]
    "Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l" [MS]

    Enabled Scheduled Tasks:
    ------------------------

    "Norton AntiVirus - Analyser mon ordinateur" -> launches: "C:\PROGRA~1\NORTON~2\NORTON~1\Navw32.exe /task:"C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Tasks\mycomp.sca"" ["Symantec Corporation"]
    "Norton SystemWorks One Button Checkup" -> launches: "C:\Program Files\Norton SystemWorks\OBC.exe /CUSTOM /SCHEDULE" ["Symantec Corporation"]
    "Symantec NetDetect" -> launches: "C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE" ["Symantec Corporation"]

    Winsock2 Service Provider DLLs:
    -------------------------------

    Namespace Service Providers

    HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
    000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
    000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
    000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

    Transport Service Providers

    HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
    0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
    %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 11
    %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

    Toolbars, Explorer Bars, Extensions:
    ------------------------------------

    Toolbars

    HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
    "{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus" [from CLSID]
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
    "{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" = "Web assistant" [from CLSID]
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll" ["Symantec Corporation"]

    "{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" = "Barre d'outils MSN" [from CLSID]
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\MSN Toolbar\01.01.2607.0\msgr.fr.fr-be\msntb.dll" [MS]

    HKLM\Software\Microsoft\Internet Explorer\Toolbar\
    "{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" = "Web assistant"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll" ["Symantec Corporation"]

    "{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

    "{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" = "0"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\MSN Toolbar\01.01.2607.0\msgr.fr.fr-be\msntb.dll" [MS]

    Extensions (Tools menu items, main toolbar menu buttons)

    HKLM\Software\Microsoft\Internet Explorer\Extensions\
    {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
    "MenuText" = "Console Java (Sun)"
    "CLSIDExtension" = "{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll" ["Sun Microsystems, Inc."]

    {2D663D1A-8670-49D9-A1A5-4C56B4E14E84}\
    "ButtonText" = "Spyware Doctor"
    "CLSIDExtension" = "{A1EDC4A1-940F-48E0-8DFD-E38F1D501021}"
    -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll" ["GuideWorks Pty. Ltd."]

    {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}\
    "ButtonText" = "Créer un Favori de l'appareil mobile"
    "CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft ActiveSync\INETREPL.DLL" [MS]

    {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}\
    "MenuText" = "Créer un Favori de l'appareil mobile..."
    "CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft ActiveSync\INETREPL.DLL" [MS]

    {FB5F1910-F110-11D2-BB9E-00C04F795683}\
    "ButtonText" = "Messenger"
    "MenuText" = "Windows Messenger"
    "Exec" = "C:\Program Files\Messenger\MSMSGS.EXE" [MS]

    Miscellaneous IE Hijack Points
    ------------------------------

    C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")

    Added lines (compared with English-language version):
    [Strings]: START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    [Strings]: SAFESITE_VALUE="http://home.microsoft.com/intl/fr/"

    Missing lines (compared with English-language version):
    [Strings]: 2 lines

    HOSTS file
    ----------

    HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\
    HIJACK WARNING! "DataBasePath" = "%SystemRoot%\System32\drivers\etc"

    Running Services (Display Name, Service Name, Path {Service DLL}):
    ------------------------------------------------------------------

    C-DillaCdaC11BA, C-DillaCdaC11BA, "C:\WINDOWS\System32\drivers\CDAC11BA.EXE" ["Macrovision"]
    Machine Debug Manager, MDM, ""C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe"" [MS]
    Norton Unerase Protection, NProtectService, "C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE" ["Symantec Corporation"]
    SAVScan, SAVScan, "C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\SAVScan.exe" ["Symantec Corporation"]
    Service Norton AntiVirus Auto-Protect, navapsvc, ""C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\navapsvc.exe"" ["Symantec Corporation"]
    Speed Disk service, Speed Disk service, "C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE" ["Symantec Corporation"]
    Symantec Event Manager, ccEvtMgr, ""C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation"]
    Symantec Network Drivers Service, SNDSrvc, "C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe" ["Symantec Corporation"]
    Symantec Network Proxy, ccProxy, ""C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe"" ["Symantec Corporation"]
    Symantec Settings Manager, ccSetMgr, ""C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe"" ["Symantec Corporation"]
    Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\System32\wdfmgr.exe" [MS]

    ----------
    + This report excludes default entries except where indicated.
    + To see *everywhere* the script checks and *everything* it finds,
    launch it from a command prompt or a shortcut with the -all parameter.
    + To search all directories of local fixed drives for DESKTOP.INI
    DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
    use the -supp parameter or answer "No" at the first message box.
    ---------- (total run time: 85 seconds, including 2 seconds for message boxes)
    0
  6. godzillas001 Messages postés 25 Statut Membre
     
    as-tu bien reçu le rapport de silentrunners?
    0
  7. Utilisateur anonyme
     
    Oui moe te fais la manip je pense, c est tres long a faire etant donné qu il faut concilier les 3 rapports a la fois

    un peu de patience mon ami ;-)
    0
  8. Utilisateur anonyme
     
    bien vu regis ;-)

    Telecharge: Pocket Killbox ici
    http://www.downloads.subratam.org/KillBox.exe
    l'aide détaillé de la manip est en video ici:
    http://pageperso.aol.fr/balltrap34/killbox.htm
    (methode bloc note)

    Imprime, ou enregistre la manip dans un fichier txt (bloc notes) pour etre sur ne rien oublier et de tout faire dans l'ordre.

    -_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_

    Lance hijackthis et clic sur [do a system scan only]
    cocher la case au début des lignes suivantes:

    R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = http://targetclicks.net/srch.php?qq=%s
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    O2 - BHO: (no name) - {04C8B8B7-4369-45FF-89D3-6562C9B98EAF} - (no file)
    O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
    O3 - Toolbar: (no name) - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - (no file)
    O4 - HKLM\..\Run: [hclean32.exe] C:\WINDOWS\System32\hclean32.exe
    O4 - HKLM\..\Run: [dmpsn.exe] C:\WINDOWS\System32\dmpsn.exe
    O4 - HKLM\..\Run: [dflnl.exe] C:\WINDOWS\System32\dflnl.exe
    O4 - HKCU\..\Run: [ms-its] ms-its.exe
    O4 - HKCU\..\Run: [_ctcp] mozilla-text.exe
    O4 - HKCU\..\Run: [init32] iesetupdll.exe
    O16 - DPF: {31DDC1FD-CEA3-4837-A6DC-87E67015ADC9} - http://akamai.downloadv3.com/binaries/IA/svcsysnet32_EN_XP.cab
    O16 - DPF: {511F9316-771B-4953-A268-1C36DA667FE9} - http://ip.sponsoradulto.com/cab/3/fr/SysWebTelecomInt.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{797F3815-F7FB-40AB-ACE6-7B0C9631791D}: NameServer = 85.255.113.122,85.255.112.13
    O17 - HKLM\System\CCS\Services\Tcpip\..\{E0376FA1-ED75-4730-A254-676D130FC053}: NameServer = 85.255.113.122,85.255.112.13

    valider en cliquant sur le bouton [fix checked]

    -_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_

    puis vérifie ceci:
    demarrer > connection > clic droit sur ta connection > propriétés
    gestion de reseau
    assure toi que protocole internet tcp/ip est en surbrillance (attention, ne décoche pas la case)> clic sur propriétés > selectionne "obtenir les adresses DNS des serveurs automatiquement"
    valide avec ok
    -_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_

    Déconnecte toi d'internet et ferme tout les programmes en cours.

    -_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_

    ouvre le bloc note et copie et colle ceci à l'interieur:

    REGEDIT4

    [-HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\HCLEAN32.EXE]

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins]

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=-
    "System"=""


    Puis enregistrer sous et dans:
    Nom du fichier, met fix.reg
    Type de fichier: selectionne "tous les fichiers"
    clic sur enregistrer

    ensuite double clic sur fix.reg et accepte de fusionner
    -_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_

    ouvre le bloc note et copie et colle la liste des fichiers à supprimerci-dessous
    une fois fait, enregistre le à un endroit ou tu pourras le retrouver facilement (sur le bureau par exemple).

    C:\WINDOWS\System32\dflnl.exe
    C:\WINDOWS\System32\hclean32.exe
    C:\WINDOWS\System32\dmpsn.exe
    C:\WINDOWS\System32\cstia.exe
    C:\WINDOWS\System32\cszia.exe
    C:\WINDOWS\rdt.ini
    C:\WINDOWS\System32\loadctr32.exe
    C:\WINDOWS\System32\ntfsnlpa.exe
    C:\WINDOWS\System32\rdsndin.exe


    1/ lance killbox.exe
    2/ ouvre le fichier txt qui contient la liste des fichiers à supprimer, clic sur edition dans le menu du haut et clic sur "selectionner tout"
    3/ clic une seconde fois sur "edition" et clic sur "copier"
    4/ referme le bloc note.
    5/ Dans killbox, selectionne "Delete on Reboot"
    6/ Dans le menu du haut clic sur File, puis sur paste from clipboard
    (tu devrais voir apparaitre la liste des fichier qu'il va supprimer)
    7/ clic sur le rond rouge
    8/ une fenetre va apparaitre pour confirmation clic sur OUI
    9/ une seconde fenetre te demande si tu veux redemarrer clic sur OUI

    Si le pc ne redemarre pas automatiquement ou si killbox t'envois ce message:
    "Pending file Rename Operations Registry Data has been Removed by External Process"
    ignore le et redemarre le pc normallement

    -_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_

    de retour en mode mormal, reposte les rapports des 3 programmes:
    hijackthis, silentrunners et hc.bat

    a+
    0
  9. godzillas001 Messages postés 25 Statut Membre
     
    a partir d'ici je suis perdu, peux-tu m'en dire plus?
    ouvre le bloc note et copie et colle ceci à l'interieur:

    REGEDIT4

    [-HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\HCLEAN32.EXE]

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins]

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=-
    "System"=""
    0
  10. Utilisateur anonyme
     
    J espere tu n es pas en mode normal la, car il ne fait jamais redemarrer en normal pendant toute la manip !!
    Tu ouvre le bloc note (demarer < ts les programmes< accessoire < bloc note je crois)
    tu copie colle ce que je te met en dessou
    REGEDIT4

    [-HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\HCLEAN32.EXE]

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins]

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=-
    "System"=""

    Tu copie/colle exactement ce que je t ai mis avec les memes espaces que moe a mis puis tu continue la manip

    Ou n as tu pas compris?

    a+
    0
  11. Utilisateur anonyme
     
    ouvre le bloc note et tu copie ceci à l'interieur:

    REGEDIT4 
    
    [-HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\HCLEAN32.EXE] 
    
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins] 
    
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls] 
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 
    "System"=- 
    "System"=""


    un fois fais, enregistre le document:

    fichier > enregistrer sous
    dans la fenetre qui s'ouvre, et dans le champ Nom du fichier, met fix.reg <- ce sera le nom du fichier
    et juste en dessous dans
    Type de fichier: selectionne "tous les fichiers"
    clic sur enregistrer
    normallement tu viens de créer le fichier fix.reg

    ensuite double clic sur fix.reg et accepte de fusionner

    si tu n'y arrive pas, dis moi le et j'uploade un fichier dejà fait

    a+
    0
  12. godzillas001 Messages postés 25 Statut Membre
     
    j'ai bien enregistrer la première partie dans le bloc note et enregistrer sous fix.reg. mais comment faut-il faire pour fusionner fix.reg.
    HELP
    0
  13. godzillas001 Messages postés 25 Statut Membre
     
    désolé pour le temps perdu, je viens juste de terminer la manip et redémarrer. je relance les trois programmes et te renvoie les rapports
    0
  14. godzillas001 Messages postés 25 Statut Membre
     
    voilà les tois rapports, j'éspère que c'est bien ça?

    Logfile of HijackThis v1.99.1
    Scan saved at 19:45:53, on 2/10/2005
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
    C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
    C:\Program Files\Support.com\bin\tgcmd.exe
    C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
    C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
    C:\WINDOWS\htpatch.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0K2.EXE
    C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\wdfmgr.exe
    C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\SAVScan.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Fichiers communs\ACD Systems\FR\DevDetect.exe
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    C:\Program Files\Alturion\Alturion Auto Update\Alturion Auto Update.exe
    C:\PROGRA~1\SPYWAR~1\swdoctor.exe
    C:\Program Files\Logitech\SetPoint\KEM.exe
    C:\Program Files\Rainlendar\Rainlendar.exe
    C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\PROGRA~1\WinZip\winzip32.exe
    C:\DOCUME~1\GODZILLA\LOCALS~1\Temp\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - {F2723A62-82DE-7A7D-B76C-95CAE6398F68} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
    O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Barre d'outils MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\msgr.fr.fr-be\msntb.dll
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security Professional\UrlLstCk.exe
    O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~2\NORTON~1\AdvTools\ADVCHK.EXE
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
    O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
    O4 - HKLM\..\Run: [ECS CLOCK] C:\WINDOWS\System32\ecsclock.exe
    O4 - HKLM\..\Run: [EPSON Stylus Photo RX500] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0K2.EXE /P24 "EPSON Stylus Photo RX500" /O6 "USB001" /M "Stylus Photo RX500"
    O4 - HKLM\..\Run: [msnappau] C:\Program Files\MSN Toolbar\01.02.1001.2\fr\msnappau.exe
    O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - HKCU\..\Run: [AlturionAU] C:\Program Files\Alturion\Alturion Auto Update\Alturion Auto Update.exe
    O4 - HKCU\..\Run: [Spyware Doctor] C:\PROGRA~1\SPYWAR~1\swdoctor.exe /Q
    O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/SymAData.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe

    Rapport fait à 19:47:57,98 le dim. 02/10/2005
    Executé à partir de C:\Documents and Settings\GODZILLA\Mes documents\sauvegarde\programmes t‚l‚charg‚s\sp‚cial
    OS: Microsoft Windows XP [version 5.1.2600]

    *********************************************

    Vérification HKLM\...\...\...\...\ruins

    *********************************************

    Fichiers détectés :

    *********************************************

    Recherche des processus aleatoires
    d'après les modèles : cs***.exe, dm***.exe, ya***.exe

    C:\WINDOWS\System32

    *********************************************

    Recherche presence hclean32.exe...
    non trouvé...

    "Silent Runners.vbs", revision 40.1, http://www.silentrunners.org/
    Operating System: Windows XP
    Output limited to non-default values, except where indicated by "{++}"

    Startup items buried in registry:
    ---------------------------------

    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
    "MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]
    "NBJ" = ""C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"" ["Ahead Software AG"]
    0
  15. Utilisateur anonyme
     
    re

    il manque un bout de silentrunners, reposte le en entier
    0
  16. godzillas001 Messages postés 25 Statut Membre
     
    "Silent Runners.vbs", revision 40.1, http://www.silentrunners.org/
    Operating System: Windows XP
    Output limited to non-default values, except where indicated by "{++}"

    Startup items buried in registry:
    ---------------------------------

    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
    "MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]
    "NBJ" = ""C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"" ["Ahead Software AG"]
    0
  17. Utilisateur anonyme
     
    désolé lol, mais il en manque toujours
    0
  18. godzillas001 Messages postés 25 Statut Membre
     
    "Silent Runners.vbs", revision 40.1, http://www.silentrunners.org/
    Operating System: Windows XP
    Output limited to non-default values, except where indicated by "{++}"

    Startup items buried in registry:
    ---------------------------------

    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
    "MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]
    "NBJ" = ""C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"" ["Ahead Software AG"]
    "Silent Runners.vbs", revision 40.1, http://www.silentrunners.org/
    Operating System: Windows XP
    Output limited to non-default values, except where indicated by "{++}"

    Startup items buried in registry:
    ---------------------------------

    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
    "MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]
    "NBJ" = ""C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"" ["Ahead Software AG"]
    "H/PC Connection Agent" = ""C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"" [MS]
    "AlturionAU" = "C:\Program Files\Alturion\Alturion Auto Update\Alturion Auto Update.exe" ["Alturion NV"]
    "Spyware Doctor" = "C:\PROGRA~1\SPYWAR~1\swdoctor.exe /Q" ["PCTools"]

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
    "QD FastAndSafe" = (value not set)
    "ccApp" = ""C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]
    "URLLSTCK.exe" = "C:\Program Files\Norton Internet Security Professional\UrlLstCk.exe" ["Symantec Corporation"]
    "Advanced Tools Check" = "C:\PROGRA~1\NORTON~2\NORTON~1\AdvTools\ADVCHK.EXE" ["Symantec Corporation"]
    "Symantec NetDriver Monitor" = "C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer" ["Symantec Corporation"]
    "Cmaudio" = "RunDll32 cmicnfg.cpl,CMICtrlWnd" [MS]
    "NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
    "tgcmd" = ""C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor " ["SupportSoft, Inc."]
    "SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe" ["Sun Microsystems, Inc."]
    "SSC_UserPrompt" = "C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe" ["Symantec Corporation"]
    "HTpatch" = "C:\WINDOWS\htpatch.exe" [null data]
    "ECS CLOCK" = "C:\WINDOWS\System32\ecsclock.exe" ["ECS Company"]
    "EPSON Stylus Photo RX500" = "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0K2.EXE /P24 "EPSON Stylus Photo RX500" /O6 "USB001" /M "Stylus Photo RX500"" ["SEIKO EPSON CORPORATION"]
    "msnappau" = "C:\Program Files\MSN Toolbar\01.02.1001.2\fr\msnappau.exe" [MS]
    "Device Detector" = "DevDetect.exe -autorun" ["ACD Systems, Ltd."]
    "RegistryMechanic" = (empty string)

    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
    {53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
    -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
    {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}\(Default) = "PCTools Site Guard" [from CLSID]
    -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll" ["PC Tools"]
    {9ECB9560-04F9-4bbc-943D-298DDF1699E1}\(Default) = "Web assistant"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll" ["Symantec Corporation"]
    {B56A7D7D-6927-48C8-A975-17DF180C71AC}\(Default) = "PCTools Browser Monitor" [from CLSID]
    -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll" ["GuideWorks Pty. Ltd."]
    {BDF3E430-B101-42AD-A544-FADC6B084872}\(Default) = "NAV Helper"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

    HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
    Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
    WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
    WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
    -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WinZip\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

    HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
    WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
    WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
    -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WinZip\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

    HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
    Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
    WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
    WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
    -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WinZip\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

    Active Desktop and Wallpaper:
    -----------------------------

    Active Desktop is enabled at this entry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

    HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
    "Wallpaper" = "C:\WINDOWS\ACD Wallpaper.bmp"

    Enabled Screen Saver:
    ---------------------

    HKCU\Control Panel\Desktop\

    HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\0\
    "SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]

    Startup items in "GODZILLA" & "All Users" startup folders:
    ----------------------------------------------------------

    C:\Documents and Settings\GODZILLA\Menu Démarrer\Programmes\Démarrage
    "Rainlendar" -> shortcut to: "C:\Program Files\Rainlendar\Rainlendar.exe" ["Rainy"]

    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
    "Logitech SetPoint" -> shortcut to: "C:\Program Files\Logitech\SetPoint\KEM.exe" ["Logitech Inc."]
    "Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l" [MS]

    Enabled Scheduled Tasks:
    ------------------------

    "Norton AntiVirus - Analyser mon ordinateur" -> launches: "C:\PROGRA~1\NORTON~2\NORTON~1\Navw32.exe /task:"C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Tasks\mycomp.sca"" ["Symantec Corporation"]
    "Norton SystemWorks One Button Checkup" -> launches: "C:\Program Files\Norton SystemWorks\OBC.exe /CUSTOM /SCHEDULE" ["Symantec Corporation"]
    "Symantec NetDetect" -> launches: "C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE" ["Symantec Corporation"]

    Winsock2 Service Provider DLLs:
    -------------------------------

    Namespace Service Providers

    HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
    000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
    000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
    000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

    Transport Service Providers

    HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
    0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
    %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 11
    %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

    Toolbars, Explorer Bars, Extensions:
    ------------------------------------

    Toolbars

    HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
    "{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus" [from CLSID]
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
    "{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" = "Web assistant" [from CLSID]
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll" ["Symantec Corporation"]

    "{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" = "Barre d'outils MSN" [from CLSID]
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\MSN Toolbar\01.01.2607.0\msgr.fr.fr-be\msntb.dll" [MS]

    HKLM\Software\Microsoft\Internet Explorer\Toolbar\
    "{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" = "Web assistant"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll" ["Symantec Corporation"]

    "{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

    "{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" = "0"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\MSN Toolbar\01.01.2607.0\msgr.fr.fr-be\msntb.dll" [MS]

    Extensions (Tools menu items, main toolbar menu buttons)

    HKLM\Software\Microsoft\Internet Explorer\Extensions\
    {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
    "MenuText" = "Console Java (Sun)"
    "CLSIDExtension" = "{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll" ["Sun Microsystems, Inc."]

    {2D663D1A-8670-49D9-A1A5-4C56B4E14E84}\
    "ButtonText" = "Spyware Doctor"
    "CLSIDExtension" = "{A1EDC4A1-940F-48E0-8DFD-E38F1D501021}"
    -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll" ["GuideWorks Pty. Ltd."]

    {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}\
    "ButtonText" = "Créer un Favori de l'appareil mobile"
    "CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft ActiveSync\INETREPL.DLL" [MS]

    {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}\
    "MenuText" = "Créer un Favori de l'appareil mobile..."
    "CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft ActiveSync\INETREPL.DLL" [MS]

    {FB5F1910-F110-11D2-BB9E-00C04F795683}\
    "ButtonText" = "Messenger"
    "MenuText" = "Windows Messenger"
    "Exec" = "C:\Program Files\Messenger\MSMSGS.EXE" [MS]

    Miscellaneous IE Hijack Points
    ------------------------------

    C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")

    Added lines (compared with English-language version):
    [Strings]: START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    [Strings]: SAFESITE_VALUE="http://home.microsoft.com/intl/fr/"

    Missing lines (compared with English-language version):
    [Strings]: 2 lines

    HOSTS file
    ----------

    HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\
    HIJACK WARNING! "DataBasePath" = "%SystemRoot%\System32\drivers\etc"

    Running Services (Display Name, Service Name, Path {Service DLL}):
    ------------------------------------------------------------------

    C-DillaCdaC11BA, C-DillaCdaC11BA, "C:\WINDOWS\System32\drivers\CDAC11BA.EXE" ["Macrovision"]
    Machine Debug Manager, MDM, ""C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe"" [MS]
    Norton Unerase Protection, NProtectService, "C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE" ["Symantec Corporation"]
    SAVScan, SAVScan, "C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\SAVScan.exe" ["Symantec Corporation"]
    Service Norton AntiVirus Auto-Protect, navapsvc, ""C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\navapsvc.exe"" ["Symantec Corporation"]
    Speed Disk service, Speed Disk service, "C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE" ["Symantec Corporation"]
    Symantec Event Manager, ccEvtMgr, ""C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation"]
    Symantec Network Drivers Service, SNDSrvc, "C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe" ["Symantec Corporation"]
    Symantec Network Proxy, ccProxy, ""C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe"" ["Symantec Corporation"]
    Symantec Settings Manager, ccSetMgr, ""C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe"" ["Symantec Corporation"]
    Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\System32\wdfmgr.exe" [MS]

    ----------
    + This report excludes default entries except where indicated.
    + To see *everywhere* the script checks and *everything* it finds,
    launch it from a command prompt or a shortcut with the -all parameter.
    + To search all directories of local fixed drives for DESKTOP.INI
    DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
    use the -supp parameter or answer "No" at the first message box.
    ---------- (total run time: 73 seconds, including 14 seconds for message boxes)
    0
  19. Utilisateur anonyme
     
    A premiere vue, ca a l'air ok
    et de ton coté, toujours des soucis ?

    fais quand meme un scan av de controle ici:
    http://webscanner.kaspersky.fr/
    apres le chargement du control active X, clic sur suivant
    puis clic sur configuration et choisis "étendue"
    Choisis l'analyse répertoire et choisis ton ou tes disques durs
    A la fin de l'analyse, copier/coller le rapport ici

    a+
    0
  20. godzillas001 Messages postés 25 Statut Membre
     
    le scan n'est qu'à deux pourcent et trouve déjà trois virus. ça m'inquiète.
    0
  • 1
  • 2