Sujet Précédent Sujet Suivant

Problème HCLEAN32.exe

Résolu/Fermé
godzillas001 Messages postés 25 Date d'inscription dimanche 2 octobre 2005 Statut Membre Dernière intervention 12 février 2008 - 2 oct. 2005 à 15:51
godzillas001 Messages postés 25 Date d'inscription dimanche 2 octobre 2005 Statut Membre Dernière intervention 12 février 2008 - 3 oct. 2005 à 21:21
Bonjour à tous;
comme mentionner dans le titre, mon problème est également lier à HCLEAN32.exe. J'ai pu lire sur le site que d'autres personnes ont connus le même problème. Ne faisant pas parti des petits génies de l'informatique(malheureusement), j'aimerais savoir si quelqu'un dispose de la bonne procédure pour être enfin débarasser de ce problème qui ralenti énormément le PC et qui me bloque certains programmes.

Un grand merci d'avance.

Stéphane
A voir également:

37 réponses

  • 1
  • 2
Réponse 1 / 37
Utilisateur anonyme
2 oct. 2005 à 16:15
salut

pas facile à virer en plus...

telecharge hc.zip ici
http://cjoint.com/?jAu7RJ0V1J
dezippe le, redemarre en mode sans echecs et lance hc.bat
le bloc note va s'ouvrir, sauvegarde le rapport.
redemarre normallement et poste le rapport ici.

ensuite:
telecharge hijackthis:
http://www.merijn.org/files/hijackthis.zip
Dezippe le dans un dossier prévu a cet effet.
Par exemple C:\hijack
et surtout pas dans un dossier temporaire (temp)
lance le puis:
clic sur "do a system scan and save logfile" et pas autre chose
Le bloc note va s'ouvrir, copie tout le contenu et colle le ici a la suite de ton message.
Si tu as du mal, regarde ceci:
http://pageperso.aol.fr/balltrap34/demohijack.htm

Silentrunners
http://www.silentrunners.org/Silent%20Runners.vbs
lance le et poste le rapport

a+
0
godzillas001 Messages postés 25 Date d'inscription dimanche 2 octobre 2005 Statut Membre Dernière intervention 12 février 2008
2 oct. 2005 à 16:55
salut moe31, voici le rapport comme tu me l'as demander.
stéphane

Rapport fait à 16:51:29,04 le dim. 02/10/2005
Executé à partir de C:\Documents and Settings\GODZILLA\Mes documents\sauvegarde\programmes t‚l‚charg‚s\sp‚cial
OS: Microsoft Windows XP [version 5.1.2600]

*********************************************

Vérification HKLM\...\...\...\...\ruins

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins]
"pgtshlld"=hex:96,58,00,00,6f,9f,a7,53,bc,b7,38,cb,11,26,eb,16,14,00,00,00
"nidnsdr"=hex:fa,59,00,00,f9,c3,c8,c5,eb,de,ad,e5,8a,af,ba,13,00,00,00
"23naelch"=hex:9d,24,00,00,90,9d,ac,af,4b,b6,15,02,1e,df,f0,ef,14,00,00,00
"aplnsftn"=hex:b7,54,00,00,b0,b6,b8,87,90,9e,e2,d5,30,c1,ca,f1,14,00,00,00
"23rtcdaol"=hex:51,55,00,00,28,5d,17,18,01,78,06,49,56,a2,53,24,43,15,00,00,00
"umeay"=hex:6e,22,00,00,72,52,76,76,56,21,16,2b,06,11,00,00,00
"8"=hex:88,5a,00,00,65,76,51,40,5c,4b,7e,77,63,30,e5,00,14,00,00,00
"9"=hex:88,5a,00,00,6f,71,5e,5b,59,4c,33,7b,38,dd,08,13,00,00,00
"10"=hex:bc,5a,00,00,bf,ad,87,82,9f,95,e9,d0,3f,fc,d1,cc,14,00,00,00
"11"=hex:75,18,00,00,48,45,44,77,63,5e,6d,6a,76,07,08,37,14,00,00,00
"12"=hex:75,18,00,00,72,44,4d,4e,6c,63,26,6e,0f,30,3f,13,00,00,00
"13"=hex:75,18,00,00,76,74,7e,45,56,5c,20,1b,76,07,08,37,14,00,00,00
"14"=hex:29,22,00,00,04,11,30,23,3f,2a,99,96,82,53,44,63,14,00,00,00
"15"=hex:29,22,00,00,0e,10,39,3a,38,2f,52,9a,5b,7c,6b,13,00,00,00
"16"=hex:5d,22,00,00,5e,4c,66,7d,7e,74,08,73,5e,1f,30,2f,14,00,00,00
"17"=hex:c0,6a,00,00,bd,be,89,88,94,93,36,3f,3b,f8,dd,c8,14,00,00,00
"18"=hex:28,6b,00,00,0f,11,3e,3b,39,2c,53,9b,58,7d,68,13,00,00,00
"19"=hex:8e,6b,00,00,69,9f,51,ac,49,47,3b,22,69,2e,e3,1e,14,00,00,00
"20"=hex:51,79,00,00,2c,29,18,1b,07,02,41,4e,aa,6b,2c,5b,14,00,00,00
"21"=hex:85,79,00,00,62,74,5d,5e,5c,53,36,7e,3f,20,0f,13,00,00,00
"22"=hex:85,79,00,00,66,64,4e,55,46,4c,30,2b,66,37,18,07,14,00,00,00
"23"=hex:4d,5e,00,00,20,2d,1c,1f,1b,06,45,b2,ae,6f,20,5f,14,00,00,00
"24"=hex:7e,5e,00,00,65,7f,54,41,57,5a,29,61,36,2b,06,13,00,00,00
"25"=hex:7e,5e,00,00,79,6f,41,5c,59,57,2b,12,79,3e,13,0e,14,00,00,00
"26"=hex:96,18,00,00,6b,64,a7,56,42,b9,0c,05,11,26,eb,16,14,00,00,00
"27"=hex:ca,18,00,00,a9,b3,98,95,9b,8e,fd,35,fa,9f,ca,13,00,00,00
"28"=hex:ff,18,00,00,f8,ee,c0,df,d8,d6,aa,ad,f8,b9,92,89,14,00,00,00
"29"=hex:9c,5c,00,00,91,62,ad,ac,48,b7,0a,03,1f,dc,f1,ec,14,00,00,00
"30"=hex:cd,5c,00,00,aa,ac,e5,96,84,8b,fe,36,e7,98,d7,13,00,00,00
"31"=hex:02,5d,00,00,e5,eb,cd,d8,c5,d3,b7,ae,e5,ba,9f,8a,14,00,00,00
"32"=hex:b3,36,00,00,8e,8b,ba,b5,a1,9c,23,28,34,c5,ce,f5,14,00,00,00
"33"=hex:e8,36,00,00,cf,d1,fe,fb,f9,ec,93,db,98,bd,a8,13,00,00,00
"34"=hex:19,37,00,00,12,10,da,21,32,38,4c,b7,92,a3,74,93,14,00,00,00
"35"=hex:9e,15,00,00,93,9c,af,ae,4a,b1,14,1d,19,de,f3,ee,14,00,00,00
"36"=hex:04,16,00,00,e3,f5,d2,df,dd,d0,b7,ff,bc,a1,8c,13,00,00,00
"37"=hex:6c,16,00,00,4f,7d,77,72,6f,65,19,00,4f,0c,01,3c,14,00,00,00
"38"=hex:db,0f,00,00,d6,a3,e2,ed,89,f4,cb,c0,dc,9d,b6,ad,14,00,00,00
"39"=hex:40,10,00,00,27,39,16,03,11,14,6b,a3,70,65,40,13,00,00,00
"40"=hex:a5,10,00,00,86,84,ae,b5,a6,ac,d0,cb,06,d7,f8,e7,14,00,00,00
"41"=hex:41,08,00,00,3c,39,08,0b,17,12,b1,be,ba,7b,5c,4b,14,00,00,00
"42"=hex:75,08,00,00,72,44,4d,4e,6c,63,26,6e,0f,30,3f,13,00,00,00
"43"=hex:da,08,00,00,dd,d3,e5,e0,fd,fb,8f,f6,dd,e2,b7,d2,14,00,00,00
"44"=hex:77,4a,00,00,4a,47,46,71,6d,58,6f,64,70,01,0a,31,14,00,00,00
"45"=hex:dc,4a,00,00,db,dd,ea,e7,f5,f8,8f,c7,94,89,a4,13,00,00,00
"46"=hex:42,4b,00,00,25,2b,0d,18,05,13,77,6e,a5,7a,5f,4a,14,00,00,00
"47"=hex:ca,0f,00,00,a7,b0,93,82,9e,85,38,31,2d,f2,a7,c2,14,00,00,00
"48"=hex:32,10,00,00,31,0b,00,0d,23,26,65,ad,42,77,72,13,00,00,00
"49"=hex:c9,10,00,00,a2,a0,8a,91,82,88,fc,e7,22,f3,a4,c3,14,00,00,00
"50"=hex:5a,51,00,00,57,20,63,12,0e,75,48,41,5d,62,37,52,14,00,00,00
"51"=hex:f3,51,00,00,f0,ca,c3,cc,e2,e1,a4,ec,8d,b6,bd,13,00,00,00
"52"=hex:8d,52,00,00,6e,9c,56,ad,4e,44,38,23,6e,2f,e0,1f,14,00,00,00
"53"=hex:4d,52,00,00,20,2d,1c,1f,1b,06,45,b2,ae,6f,20,5f,14,00,00,00
"54"=hex:1b,53,00,00,18,e2,2b,24,ca,39,4c,84,55,4e,65,13,00,00,00
"55"=hex:b5,53,00,00,b6,b4,be,85,96,9c,e0,db,36,c7,c8,f7,14,00,00,00
"56"=hex:94,15,00,00,69,6a,a5,54,40,bf,02,0b,17,24,e9,14,14,00,00,00
"57"=hex:2e,16,00,00,35,0f,04,31,27,2a,59,91,46,7b,76,13,00,00,00
"58"=hex:93,16,00,00,94,9a,5c,ab,b4,42,c6,39,14,25,ee,15,14,00,00,00
"59"=hex:9d,6d,00,00,90,9d,ac,af,4b,b6,15,02,1e,df,f0,ef,14,00,00,00
"60"=hex:9c,6e,00,00,9b,9d,aa,a7,b5,b8,cf,07,d4,c9,e4,13,00,00,00
"61"=hex:6a,6f,00,00,4d,43,75,70,6d,6b,1f,06,4d,12,07,22,14,00,00,00
"62"=hex:61,65,00,00,5c,59,68,6b,77,72,51,5e,5a,1b,3c,2b,14,00,00,00
"63"=hex:5f,66,00,00,44,5e,77,60,76,75,08,40,11,0a,21,13,00,00,00
"64"=hex:5e,67,00,00,59,4f,61,7c,79,77,0b,72,59,1e,33,2e,14,00,00,00
"65"=hex:62,6c,00,00,5f,58,6b,6a,76,6d,50,59,45,1a,3f,2a,14,00,00,00
"66"=hex:61,6d,00,00,46,58,71,62,70,77,0a,42,13,04,23,13,00,00,00
"67"=hex:60,6e,00,00,5b,49,63,7e,7b,71,15,0c,5b,18,3d,28,14,00,00,00
"nspmd"=hex:a1,32,00,00,90,93,b4,b9,ba,72,c3,d4,d3,11,00,00,00
"68"=hex:31,3b,00,00,0c,09,38,3b,27,22,a1,ae,8a,4b,4c,7b,14,00,00,00
"69"=hex:30,3c,00,00,37,09,06,33,21,24,5b,93,40,75,70,13,00,00,00
"70"=hex:c8,3d,00,00,a3,a1,8b,96,83,89,fd,e4,23,f0,a5,c0,14,00,00,00
"71"=hex:2b,54,00,00,06,13,32,3d,39,24,9b,90,8c,4d,46,7d,14,00,00,00
"72"=hex:5e,55,00,00,45,5f,74,61,77,7a,09,41,16,0b,26,13,00,00,00
"73"=hex:91,56,00,00,6a,98,52,a9,4a,40,c4,3f,6a,2b,ec,1b,14,00,00,00
"74"=hex:86,50,00,00,7b,74,57,46,52,49,7c,75,61,36,1b,06,14,00,00,00
"75"=hex:84,51,00,00,63,75,52,5f,5d,50,37,7f,3c,21,0c,13,00,00,00
"76"=hex:b7,52,00,00,b0,b6,b8,87,90,9e,e2,d5,30,c1,ca,f1,14,00,00,00
"77"=hex:0b,6e,00,00,e6,f3,d2,dd,d9,c4,fb,f0,ec,ad,66,9d,14,00,00,00
"78"=hex:a4,6f,00,00,83,95,b2,bf,bd,b0,d7,1f,dc,c1,ec,13,00,00,00
"79"=hex:a4,71,00,00,87,85,af,ba,a7,ad,d1,c8,07,d4,f9,e4,14,00,00,00
"80"=hex:e2,11,00,00,df,d8,eb,ea,f6,ed,d0,d9,c5,9a,bf,aa,14,00,00,00
"81"=hex:7b,13,00,00,78,42,4b,44,6a,59,2c,64,35,2e,05,13,00,00,00
"82"=hex:78,15,00,00,73,71,7b,46,53,59,2d,14,73,00,15,30,14,00,00,00


*********************************************

Fichiers détectés :

C:\WINDOWS\rdt.ini Présent !
C:\WINDOWS\System32\loadctr32.exe Présent !
C:\WINDOWS\System32\ntfsnlpa.exe Présent !
C:\WINDOWS\System32\rdsndin.exe Présent !

*********************************************

Recherche des processus aleatoires
d'après les modèles : cs***.exe, dm***.exe, ya***.exe

C:\WINDOWS\System32
cszia.exe

*********************************************

Recherche presence hclean32.exe...
hclean.exe Présent !

Recherche des processus crées à la meme date:
C:\WINDOWS\.
C:\WINDOWS\..
C:\WINDOWS\0.log
C:\WINDOWS\bootstat.dat
C:\WINDOWS\Debug
C:\WINDOWS\Installer
C:\WINDOWS\MININU.LOG
C:\WINDOWS\ntbtlog.txt
C:\WINDOWS\Prefetch
C:\WINDOWS\SchedLgU.Txt
C:\WINDOWS\setupapi.log
C:\WINDOWS\system32
C:\WINDOWS\Temp
C:\WINDOWS\wiadebug.log
C:\WINDOWS\wiaservc.log
C:\WINDOWS\WindowsUpdate.log
C:\WINDOWS\System32\.
C:\WINDOWS\System32\..
C:\WINDOWS\System32\CatRoot2
C:\WINDOWS\System32\config
C:\WINDOWS\System32\hclean32.exe
C:\WINDOWS\System32\ntfsnlpa.exe
C:\WINDOWS\System32\rdsndin.exe

*************** Fin du rapport ******************

0
Réponse 2 / 37
Utilisateur anonyme
2 oct. 2005 à 17:02
ok

a partir de maintenant, ne redemarre pas le pc et poste le rapport d'hijackthis et silentrunners
0
godzillas001 Messages postés 25 Date d'inscription dimanche 2 octobre 2005 Statut Membre Dernière intervention 12 février 2008
2 oct. 2005 à 17:26
lorsque je veux ouvrir silentrunners, norton m'averti d'un script malveillant. dois-je autoriser ce script?
0
Utilisateur anonyme > godzillas001 Messages postés 25 Date d'inscription dimanche 2 octobre 2005 Statut Membre Dernière intervention 12 février 2008
2 oct. 2005 à 17:29
oui pas de problemes, norton fais son boulot en te prévenant
0
Réponse 3 / 37
godzillas001 Messages postés 25 Date d'inscription dimanche 2 octobre 2005 Statut Membre Dernière intervention 12 février 2008
2 oct. 2005 à 17:22
Logfile of HijackThis v1.99.1
Scan saved at 17:14:02, on 2/10/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\navapsvc.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\WINDOWS\htpatch.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0K2.EXE
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\SAVScan.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Fichiers communs\ACD Systems\FR\DevDetect.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Alturion\Alturion Auto Update\Alturion Auto Update.exe
C:\PROGRA~1\SPYWAR~1\swdoctor.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Rainlendar\Rainlendar.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\WinZip\winzip32.exe
C:\WINDOWS\System32\cmd.exe
C:\WINDOWS\system32\notepad.exe
C:\DOCUME~1\GODZILLA\LOCALS~1\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = http://targetclicks.net/srch.php?qq=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {F2723A62-82DE-7A7D-B76C-95CAE6398F68} - (no file)
O2 - BHO: (no name) - {04C8B8B7-4369-45FF-89D3-6562C9B98EAF} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: (no name) - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - (no file)
O3 - Toolbar: Barre d'outils MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\msgr.fr.fr-be\msntb.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security Professional\UrlLstCk.exe
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~2\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [ECS CLOCK] C:\WINDOWS\System32\ecsclock.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX500] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0K2.EXE /P24 "EPSON Stylus Photo RX500" /O6 "USB001" /M "Stylus Photo RX500"
O4 - HKLM\..\Run: [msnappau] C:\Program Files\MSN Toolbar\01.02.1001.2\fr\msnappau.exe
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [hclean32.exe] C:\WINDOWS\System32\hclean32.exe
O4 - HKLM\..\Run: [dmpsn.exe] C:\WINDOWS\System32\dmpsn.exe
O4 - HKLM\..\Run: [dflnl.exe] C:\WINDOWS\System32\dflnl.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [AlturionAU] C:\Program Files\Alturion\Alturion Auto Update\Alturion Auto Update.exe
O4 - HKCU\..\Run: [ms-its] ms-its.exe
O4 - HKCU\..\Run: [_ctcp] mozilla-text.exe
O4 - HKCU\..\Run: [init32] iesetupdll.exe
O4 - HKCU\..\Run: [Spyware Doctor] C:\PROGRA~1\SPYWAR~1\swdoctor.exe /Q
O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {31DDC1FD-CEA3-4837-A6DC-87E67015ADC9} - http://akamai.downloadv3.com/binaries/IA/svcsysnet32_EN_XP.cab
O16 - DPF: {511F9316-771B-4953-A268-1C36DA667FE9} - http://ip.sponsoradulto.com/cab/3/fr/SysWebTelecomInt.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/SymAData.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{797F3815-F7FB-40AB-ACE6-7B0C9631791D}: NameServer = 85.255.113.122,85.255.112.13
O17 - HKLM\System\CCS\Services\Tcpip\..\{E0376FA1-ED75-4730-A254-676D130FC053}: NameServer = 85.255.113.122,85.255.112.13
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
0
Réponse 4 / 37
Utilisateur anonyme
2 oct. 2005 à 17:25
et Silentrunners pour etre complet
http://www.silentrunners.org/Silent%20Runners.vbs
lance le et poste le rapport
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 37
godzillas001 Messages postés 25 Date d'inscription dimanche 2 octobre 2005 Statut Membre Dernière intervention 12 février 2008
2 oct. 2005 à 17:37
est-ce bien ce rapport que tu désirais?

"Silent Runners.vbs", revision 40.1, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]
"NBJ" = ""C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"" ["Ahead Software AG"]
"H/PC Connection Agent" = ""C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"" [MS]
"AlturionAU" = "C:\Program Files\Alturion\Alturion Auto Update\Alturion Auto Update.exe" ["Alturion NV"]
"ms-its" = "ms-its.exe" [file not found]
"_ctcp" = "mozilla-text.exe" [file not found]
"init32" = "iesetupdll.exe" [file not found]
"Spyware Doctor" = "C:\PROGRA~1\SPYWAR~1\swdoctor.exe /Q" ["PCTools"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"QD FastAndSafe" = (value not set)
"ccApp" = ""C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]
"URLLSTCK.exe" = "C:\Program Files\Norton Internet Security Professional\UrlLstCk.exe" ["Symantec Corporation"]
"Advanced Tools Check" = "C:\PROGRA~1\NORTON~2\NORTON~1\AdvTools\ADVCHK.EXE" ["Symantec Corporation"]
"Symantec NetDriver Monitor" = "C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer" ["Symantec Corporation"]
"Cmaudio" = "RunDll32 cmicnfg.cpl,CMICtrlWnd" [MS]
"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"tgcmd" = ""C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor " ["SupportSoft, Inc."]
"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe" ["Sun Microsystems, Inc."]
"SSC_UserPrompt" = "C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe" ["Symantec Corporation"]
"HTpatch" = "C:\WINDOWS\htpatch.exe" [null data]
"ECS CLOCK" = "C:\WINDOWS\System32\ecsclock.exe" ["ECS Company"]
"EPSON Stylus Photo RX500" = "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0K2.EXE /P24 "EPSON Stylus Photo RX500" /O6 "USB001" /M "Stylus Photo RX500"" ["SEIKO EPSON CORPORATION"]
"msnappau" = "C:\Program Files\MSN Toolbar\01.02.1001.2\fr\msnappau.exe" [MS]
"Device Detector" = "DevDetect.exe -autorun" ["ACD Systems, Ltd."]
"hclean32.exe" = "C:\WINDOWS\System32\hclean32.exe" [null data]
"dmpsn.exe" = "C:\WINDOWS\System32\dmpsn.exe" [file not found]
"RegistryMechanic" = (empty string)
"dflnl.exe" = "C:\WINDOWS\System32\dflnl.exe" [null data]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}\(Default) = "PCTools Site Guard" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll" ["PC Tools"]
{9ECB9560-04F9-4bbc-943D-298DDF1699E1}\(Default) = "Web assistant"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll" ["Symantec Corporation"]
{B56A7D7D-6927-48C8-A975-17DF180C71AC}\(Default) = "PCTools Browser Monitor" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll" ["GuideWorks Pty. Ltd."]
{BDF3E430-B101-42AD-A544-FADC6B084872}\(Default) = "NAV Helper"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\
INFECTION WARNING! "System" = "cstia.exe" [file not found]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WinZip\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WinZip\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WinZip\WZSHLSTB.DLL" ["WinZip Computing, Inc."]


Active Desktop and Wallpaper:
-----------------------------

Active Desktop is enabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\ACD Wallpaper.bmp"


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\

HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\0\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]


Startup items in "GODZILLA" & "All Users" startup folders:
----------------------------------------------------------

C:\Documents and Settings\GODZILLA\Menu Démarrer\Programmes\Démarrage
"Rainlendar" -> shortcut to: "C:\Program Files\Rainlendar\Rainlendar.exe" ["Rainy"]

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
"Logitech SetPoint" -> shortcut to: "C:\Program Files\Logitech\SetPoint\KEM.exe" ["Logitech Inc."]
"Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l" [MS]


Enabled Scheduled Tasks:
------------------------

"Norton AntiVirus - Analyser mon ordinateur" -> launches: "C:\PROGRA~1\NORTON~2\NORTON~1\Navw32.exe /task:"C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Tasks\mycomp.sca"" ["Symantec Corporation"]
"Norton SystemWorks One Button Checkup" -> launches: "C:\Program Files\Norton SystemWorks\OBC.exe /CUSTOM /SCHEDULE" ["Symantec Corporation"]
"Symantec NetDetect" -> launches: "C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE" ["Symantec Corporation"]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 11
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" = "Web assistant" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll" ["Symantec Corporation"]

"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" = "Barre d'outils MSN" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\MSN Toolbar\01.01.2607.0\msgr.fr.fr-be\msntb.dll" [MS]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" = "Web assistant"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll" ["Symantec Corporation"]

"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" = "0"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\MSN Toolbar\01.01.2607.0\msgr.fr.fr-be\msntb.dll" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Console Java (Sun)"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll" ["Sun Microsystems, Inc."]

{2D663D1A-8670-49D9-A1A5-4C56B4E14E84}\
"ButtonText" = "Spyware Doctor"
"CLSIDExtension" = "{A1EDC4A1-940F-48E0-8DFD-E38F1D501021}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll" ["GuideWorks Pty. Ltd."]

{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}\
"ButtonText" = "Créer un Favori de l'appareil mobile"
"CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft ActiveSync\INETREPL.DLL" [MS]

{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}\
"MenuText" = "Créer un Favori de l'appareil mobile..."
"CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft ActiveSync\INETREPL.DLL" [MS]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\MSMSGS.EXE" [MS]


Miscellaneous IE Hijack Points
------------------------------

C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")

Added lines (compared with English-language version):
[Strings]: START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
[Strings]: SAFESITE_VALUE="http://home.microsoft.com/intl/fr/"

Missing lines (compared with English-language version):
[Strings]: 2 lines


HOSTS file
----------

HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\
HIJACK WARNING! "DataBasePath" = "%SystemRoot%\System32\drivers\etc"


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

C-DillaCdaC11BA, C-DillaCdaC11BA, "C:\WINDOWS\System32\drivers\CDAC11BA.EXE" ["Macrovision"]
Machine Debug Manager, MDM, ""C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe"" [MS]
Norton Unerase Protection, NProtectService, "C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE" ["Symantec Corporation"]
SAVScan, SAVScan, "C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\SAVScan.exe" ["Symantec Corporation"]
Service Norton AntiVirus Auto-Protect, navapsvc, ""C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\navapsvc.exe"" ["Symantec Corporation"]
Speed Disk service, Speed Disk service, "C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE" ["Symantec Corporation"]
Symantec Event Manager, ccEvtMgr, ""C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation"]
Symantec Network Drivers Service, SNDSrvc, "C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe" ["Symantec Corporation"]
Symantec Network Proxy, ccProxy, ""C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe"" ["Symantec Corporation"]
Symantec Settings Manager, ccSetMgr, ""C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe"" ["Symantec Corporation"]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\System32\wdfmgr.exe" [MS]


----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the -supp parameter or answer "No" at the first message box.
---------- (total run time: 85 seconds, including 2 seconds for message boxes)
0
Réponse 6 / 37
godzillas001 Messages postés 25 Date d'inscription dimanche 2 octobre 2005 Statut Membre Dernière intervention 12 février 2008
2 oct. 2005 à 17:47
as-tu bien reçu le rapport de silentrunners?
0
Réponse 7 / 37
Utilisateur anonyme
2 oct. 2005 à 17:52
Oui moe te fais la manip je pense, c est tres long a faire etant donné qu il faut concilier les 3 rapports a la fois

un peu de patience mon ami ;-)
0
Réponse 8 / 37
Utilisateur anonyme
2 oct. 2005 à 17:55
bien vu regis ;-)

Telecharge: Pocket Killbox ici
http://www.downloads.subratam.org/KillBox.exe
l'aide détaillé de la manip est en video ici:
http://pageperso.aol.fr/balltrap34/killbox.htm
(methode bloc note)

Imprime, ou enregistre la manip dans un fichier txt (bloc notes) pour etre sur ne rien oublier et de tout faire dans l'ordre.

-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_

 Lance hijackthis et clic sur [do a system scan only]
cocher la case au début des lignes suivantes:

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = http://targetclicks.net/srch.php?qq=%s
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
O2 - BHO: (no name) - {04C8B8B7-4369-45FF-89D3-6562C9B98EAF} - (no file)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: (no name) - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - (no file)
O4 - HKLM\..\Run: [hclean32.exe] C:\WINDOWS\System32\hclean32.exe
O4 - HKLM\..\Run: [dmpsn.exe] C:\WINDOWS\System32\dmpsn.exe
O4 - HKLM\..\Run: [dflnl.exe] C:\WINDOWS\System32\dflnl.exe
O4 - HKCU\..\Run: [ms-its] ms-its.exe
O4 - HKCU\..\Run: [_ctcp] mozilla-text.exe
O4 - HKCU\..\Run: [init32] iesetupdll.exe
O16 - DPF: {31DDC1FD-CEA3-4837-A6DC-87E67015ADC9} - http://akamai.downloadv3.com/binaries/IA/svcsysnet32_EN_XP.cab
O16 - DPF: {511F9316-771B-4953-A268-1C36DA667FE9} - http://ip.sponsoradulto.com/cab/3/fr/SysWebTelecomInt.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{797F3815-F7FB-40AB-ACE6-7B0C9631791D}: NameServer = 85.255.113.122,85.255.112.13
O17 - HKLM\System\CCS\Services\Tcpip\..\{E0376FA1-ED75-4730-A254-676D130FC053}: NameServer = 85.255.113.122,85.255.112.13

valider en cliquant sur le bouton [fix checked]

-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_

puis vérifie ceci:
demarrer > connection > clic droit sur ta connection > propriétés
gestion de reseau
assure toi que protocole internet tcp/ip est en surbrillance (attention, ne décoche pas la case)> clic sur propriétés > selectionne "obtenir les adresses DNS des serveurs automatiquement"
valide avec ok
-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_

Déconnecte toi d'internet et ferme tout les programmes en cours.

-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_

ouvre le bloc note et copie et colle ceci à l'interieur:

REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\HCLEAN32.EXE]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=-
"System"=""


Puis enregistrer sous et dans:
Nom du fichier, met fix.reg
Type de fichier: selectionne "tous les fichiers"
clic sur enregistrer

ensuite double clic sur fix.reg et accepte de fusionner
-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_

ouvre le bloc note et copie et colle la liste des fichiers à supprimerci-dessous
une fois fait, enregistre le à un endroit ou tu pourras le retrouver facilement (sur le bureau par exemple).

C:\WINDOWS\System32\dflnl.exe
C:\WINDOWS\System32\hclean32.exe
C:\WINDOWS\System32\dmpsn.exe
C:\WINDOWS\System32\cstia.exe
C:\WINDOWS\System32\cszia.exe
C:\WINDOWS\rdt.ini
C:\WINDOWS\System32\loadctr32.exe
C:\WINDOWS\System32\ntfsnlpa.exe
C:\WINDOWS\System32\rdsndin.exe


1/ lance killbox.exe
2/ ouvre le fichier txt qui contient la liste des fichiers à supprimer, clic sur edition dans le menu du haut et clic sur "selectionner tout"
3/ clic une seconde fois sur "edition" et clic sur "copier"
4/ referme le bloc note.
5/ Dans killbox, selectionne "Delete on Reboot"
6/ Dans le menu du haut clic sur File, puis sur paste from clipboard
(tu devrais voir apparaitre la liste des fichier qu'il va supprimer)
7/ clic sur le rond rouge
8/ une fenetre va apparaitre pour confirmation clic sur OUI
9/ une seconde fenetre te demande si tu veux redemarrer clic sur OUI

Si le pc ne redemarre pas automatiquement ou si killbox t'envois ce message:
"Pending file Rename Operations Registry Data has been Removed by External Process"
ignore le et redemarre le pc normallement

-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_

de retour en mode mormal, reposte les rapports des 3 programmes:
hijackthis, silentrunners et hc.bat

a+
0
Réponse 9 / 37
godzillas001 Messages postés 25 Date d'inscription dimanche 2 octobre 2005 Statut Membre Dernière intervention 12 février 2008
2 oct. 2005 à 18:22
a partir d'ici je suis perdu, peux-tu m'en dire plus?
ouvre le bloc note et copie et colle ceci à l'interieur:

REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\HCLEAN32.EXE]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=-
"System"=""
0
Réponse 10 / 37
Utilisateur anonyme
2 oct. 2005 à 18:31
J espere tu n es pas en mode normal la, car il ne fait jamais redemarrer en normal pendant toute la manip !!
Tu ouvre le bloc note (demarer < ts les programmes< accessoire < bloc note je crois)
tu copie colle ce que je te met en dessou
REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\HCLEAN32.EXE]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=-
"System"=""

Tu copie/colle exactement ce que je t ai mis avec les memes espaces que moe a mis puis tu continue la manip

Ou n as tu pas compris?

a+
0
Réponse 11 / 37
Utilisateur anonyme
2 oct. 2005 à 18:32
ouvre le bloc note et tu copie ceci à l'interieur: 

REGEDIT4 

[-HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\HCLEAN32.EXE] 

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins] 

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls] 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 
"System"=- 
"System"=""


un fois fais, enregistre le document:

fichier > enregistrer sous
dans la fenetre qui s'ouvre, et dans le champ Nom du fichier, met fix.reg <- ce sera le nom du fichier
et juste en dessous dans
Type de fichier: selectionne "tous les fichiers"
clic sur enregistrer
normallement tu viens de créer le fichier fix.reg

ensuite double clic sur fix.reg et accepte de fusionner

si tu n'y arrive pas, dis moi le et j'uploade un fichier dejà fait

a+
0
Réponse 12 / 37
godzillas001 Messages postés 25 Date d'inscription dimanche 2 octobre 2005 Statut Membre Dernière intervention 12 février 2008
2 oct. 2005 à 19:24
j'ai bien enregistrer la première partie dans le bloc note et enregistrer sous fix.reg. mais comment faut-il faire pour fusionner fix.reg.
HELP
0
Réponse 13 / 37
godzillas001 Messages postés 25 Date d'inscription dimanche 2 octobre 2005 Statut Membre Dernière intervention 12 février 2008
2 oct. 2005 à 19:46
désolé pour le temps perdu, je viens juste de terminer la manip et redémarrer. je relance les trois programmes et te renvoie les rapports
0
Réponse 14 / 37
godzillas001 Messages postés 25 Date d'inscription dimanche 2 octobre 2005 Statut Membre Dernière intervention 12 février 2008
2 oct. 2005 à 19:53
voilà les tois rapports, j'éspère que c'est bien ça?




Logfile of HijackThis v1.99.1
Scan saved at 19:45:53, on 2/10/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\navapsvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
C:\WINDOWS\htpatch.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0K2.EXE
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\SAVScan.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Fichiers communs\ACD Systems\FR\DevDetect.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Alturion\Alturion Auto Update\Alturion Auto Update.exe
C:\PROGRA~1\SPYWAR~1\swdoctor.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Rainlendar\Rainlendar.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\WinZip\winzip32.exe
C:\DOCUME~1\GODZILLA\LOCALS~1\Temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {F2723A62-82DE-7A7D-B76C-95CAE6398F68} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Barre d'outils MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\msgr.fr.fr-be\msntb.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security Professional\UrlLstCk.exe
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~2\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [ECS CLOCK] C:\WINDOWS\System32\ecsclock.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX500] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0K2.EXE /P24 "EPSON Stylus Photo RX500" /O6 "USB001" /M "Stylus Photo RX500"
O4 - HKLM\..\Run: [msnappau] C:\Program Files\MSN Toolbar\01.02.1001.2\fr\msnappau.exe
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [AlturionAU] C:\Program Files\Alturion\Alturion Auto Update\Alturion Auto Update.exe
O4 - HKCU\..\Run: [Spyware Doctor] C:\PROGRA~1\SPYWAR~1\swdoctor.exe /Q
O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/SymAData.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe




Rapport fait à 19:47:57,98 le dim. 02/10/2005
Executé à partir de C:\Documents and Settings\GODZILLA\Mes documents\sauvegarde\programmes t‚l‚charg‚s\sp‚cial
OS: Microsoft Windows XP [version 5.1.2600]

*********************************************

Vérification HKLM\...\...\...\...\ruins


*********************************************

Fichiers détectés :


*********************************************

Recherche des processus aleatoires
d'après les modèles : cs***.exe, dm***.exe, ya***.exe

C:\WINDOWS\System32

*********************************************

Recherche presence hclean32.exe...
non trouvé...



"Silent Runners.vbs", revision 40.1, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]
"NBJ" = ""C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"" ["Ahead Software AG"]
0
Réponse 15 / 37
Utilisateur anonyme
2 oct. 2005 à 20:01
re

il manque un bout de silentrunners, reposte le en entier
0
Réponse 16 / 37
godzillas001 Messages postés 25 Date d'inscription dimanche 2 octobre 2005 Statut Membre Dernière intervention 12 février 2008
2 oct. 2005 à 20:05
"Silent Runners.vbs", revision 40.1, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]
"NBJ" = ""C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"" ["Ahead Software AG"]
0
Réponse 17 / 37
Utilisateur anonyme
2 oct. 2005 à 20:06
désolé lol, mais il en manque toujours
0
Réponse 18 / 37
godzillas001 Messages postés 25 Date d'inscription dimanche 2 octobre 2005 Statut Membre Dernière intervention 12 février 2008
2 oct. 2005 à 20:06
"Silent Runners.vbs", revision 40.1, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]
"NBJ" = ""C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"" ["Ahead Software AG"]
"Silent Runners.vbs", revision 40.1, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]
"NBJ" = ""C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"" ["Ahead Software AG"]
"H/PC Connection Agent" = ""C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"" [MS]
"AlturionAU" = "C:\Program Files\Alturion\Alturion Auto Update\Alturion Auto Update.exe" ["Alturion NV"]
"Spyware Doctor" = "C:\PROGRA~1\SPYWAR~1\swdoctor.exe /Q" ["PCTools"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"QD FastAndSafe" = (value not set)
"ccApp" = ""C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]
"URLLSTCK.exe" = "C:\Program Files\Norton Internet Security Professional\UrlLstCk.exe" ["Symantec Corporation"]
"Advanced Tools Check" = "C:\PROGRA~1\NORTON~2\NORTON~1\AdvTools\ADVCHK.EXE" ["Symantec Corporation"]
"Symantec NetDriver Monitor" = "C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer" ["Symantec Corporation"]
"Cmaudio" = "RunDll32 cmicnfg.cpl,CMICtrlWnd" [MS]
"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"tgcmd" = ""C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor " ["SupportSoft, Inc."]
"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe" ["Sun Microsystems, Inc."]
"SSC_UserPrompt" = "C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe" ["Symantec Corporation"]
"HTpatch" = "C:\WINDOWS\htpatch.exe" [null data]
"ECS CLOCK" = "C:\WINDOWS\System32\ecsclock.exe" ["ECS Company"]
"EPSON Stylus Photo RX500" = "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0K2.EXE /P24 "EPSON Stylus Photo RX500" /O6 "USB001" /M "Stylus Photo RX500"" ["SEIKO EPSON CORPORATION"]
"msnappau" = "C:\Program Files\MSN Toolbar\01.02.1001.2\fr\msnappau.exe" [MS]
"Device Detector" = "DevDetect.exe -autorun" ["ACD Systems, Ltd."]
"RegistryMechanic" = (empty string)

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}\(Default) = "PCTools Site Guard" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll" ["PC Tools"]
{9ECB9560-04F9-4bbc-943D-298DDF1699E1}\(Default) = "Web assistant"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll" ["Symantec Corporation"]
{B56A7D7D-6927-48C8-A975-17DF180C71AC}\(Default) = "PCTools Browser Monitor" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll" ["GuideWorks Pty. Ltd."]
{BDF3E430-B101-42AD-A544-FADC6B084872}\(Default) = "NAV Helper"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WinZip\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WinZip\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WinZip\WZSHLSTB.DLL" ["WinZip Computing, Inc."]


Active Desktop and Wallpaper:
-----------------------------

Active Desktop is enabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\ACD Wallpaper.bmp"


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\

HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\0\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]


Startup items in "GODZILLA" & "All Users" startup folders:
----------------------------------------------------------

C:\Documents and Settings\GODZILLA\Menu Démarrer\Programmes\Démarrage
"Rainlendar" -> shortcut to: "C:\Program Files\Rainlendar\Rainlendar.exe" ["Rainy"]

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
"Logitech SetPoint" -> shortcut to: "C:\Program Files\Logitech\SetPoint\KEM.exe" ["Logitech Inc."]
"Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l" [MS]


Enabled Scheduled Tasks:
------------------------

"Norton AntiVirus - Analyser mon ordinateur" -> launches: "C:\PROGRA~1\NORTON~2\NORTON~1\Navw32.exe /task:"C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Tasks\mycomp.sca"" ["Symantec Corporation"]
"Norton SystemWorks One Button Checkup" -> launches: "C:\Program Files\Norton SystemWorks\OBC.exe /CUSTOM /SCHEDULE" ["Symantec Corporation"]
"Symantec NetDetect" -> launches: "C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE" ["Symantec Corporation"]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 11
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" = "Web assistant" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll" ["Symantec Corporation"]

"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" = "Barre d'outils MSN" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\MSN Toolbar\01.01.2607.0\msgr.fr.fr-be\msntb.dll" [MS]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" = "Web assistant"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll" ["Symantec Corporation"]

"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" = "0"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\MSN Toolbar\01.01.2607.0\msgr.fr.fr-be\msntb.dll" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Console Java (Sun)"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll" ["Sun Microsystems, Inc."]

{2D663D1A-8670-49D9-A1A5-4C56B4E14E84}\
"ButtonText" = "Spyware Doctor"
"CLSIDExtension" = "{A1EDC4A1-940F-48E0-8DFD-E38F1D501021}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll" ["GuideWorks Pty. Ltd."]

{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}\
"ButtonText" = "Créer un Favori de l'appareil mobile"
"CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft ActiveSync\INETREPL.DLL" [MS]

{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}\
"MenuText" = "Créer un Favori de l'appareil mobile..."
"CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft ActiveSync\INETREPL.DLL" [MS]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\MSMSGS.EXE" [MS]


Miscellaneous IE Hijack Points
------------------------------

C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")

Added lines (compared with English-language version):
[Strings]: START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
[Strings]: SAFESITE_VALUE="http://home.microsoft.com/intl/fr/"

Missing lines (compared with English-language version):
[Strings]: 2 lines


HOSTS file
----------

HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\
HIJACK WARNING! "DataBasePath" = "%SystemRoot%\System32\drivers\etc"


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

C-DillaCdaC11BA, C-DillaCdaC11BA, "C:\WINDOWS\System32\drivers\CDAC11BA.EXE" ["Macrovision"]
Machine Debug Manager, MDM, ""C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe"" [MS]
Norton Unerase Protection, NProtectService, "C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE" ["Symantec Corporation"]
SAVScan, SAVScan, "C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\SAVScan.exe" ["Symantec Corporation"]
Service Norton AntiVirus Auto-Protect, navapsvc, ""C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\navapsvc.exe"" ["Symantec Corporation"]
Speed Disk service, Speed Disk service, "C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE" ["Symantec Corporation"]
Symantec Event Manager, ccEvtMgr, ""C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation"]
Symantec Network Drivers Service, SNDSrvc, "C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe" ["Symantec Corporation"]
Symantec Network Proxy, ccProxy, ""C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe"" ["Symantec Corporation"]
Symantec Settings Manager, ccSetMgr, ""C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe"" ["Symantec Corporation"]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\System32\wdfmgr.exe" [MS]


----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the -supp parameter or answer "No" at the first message box.
---------- (total run time: 73 seconds, including 14 seconds for message boxes)
0
Réponse 19 / 37
Utilisateur anonyme
2 oct. 2005 à 20:14
A premiere vue, ca a l'air ok
et de ton coté, toujours des soucis ?

fais quand meme un scan av de controle ici:
http://webscanner.kaspersky.fr/
apres le chargement du control active X, clic sur suivant
puis clic sur configuration et choisis "étendue"
Choisis l'analyse répertoire et choisis ton ou tes disques durs
A la fin de l'analyse, copier/coller le rapport ici

a+
0
Réponse 20 / 37
godzillas001 Messages postés 25 Date d'inscription dimanche 2 octobre 2005 Statut Membre Dernière intervention 12 février 2008
2 oct. 2005 à 20:32
le scan n'est qu'à deux pourcent et trouve déjà trois virus. ça m'inquiète.
0

Discussions similaires

fichier exe du scrabble
mfils -
mfils -

5 réponses
ou telecharger sndrec32.exe svp ?
Soundman -
Micra -

2 réponses
comment convertir un logiciel .exe en .dmg
omnisportdieng -
Utilisateur anonyme -

3 réponses