Balltrap/moe
Fermé
Utilisateur anonyme
-
27 août 2005 à 18:09
balltrap34 Messages postés 16240 Date d'inscription jeudi 8 janvier 2004 Statut Contributeur sécurité Dernière intervention 28 novembre 2009 - 29 août 2005 à 23:53
balltrap34 Messages postés 16240 Date d'inscription jeudi 8 janvier 2004 Statut Contributeur sécurité Dernière intervention 28 novembre 2009 - 29 août 2005 à 23:53
A voir également:
- Balltrap/moe
- Zone téléchargement moe - Guide
- Extreme down moe - Guide
- Zone telechargement moe - Guide
- God moe - Guide
- Tirexo. moe - Guide
26 réponses
balltrap34
Messages postés
16240
Date d'inscription
jeudi 8 janvier 2004
Statut
Contributeur sécurité
Dernière intervention
28 novembre 2009
331
27 août 2005 à 19:07
27 août 2005 à 19:07
regis il te faut la derniere versions de spybot cocher avec hijack et cocher aussi certain fichier style avec des espaces ex(red tir garde)
il existe l uninstal mais il est semble t il viruser
sinon je pense que tu parle d un bat qui liste les tache planifier que lop aurait creer si c est le cas c est celui la
http://get.yourfile.net/mj62442.zip
il existe l uninstal mais il est semble t il viruser
sinon je pense que tu parle d un bat qui liste les tache planifier que lop aurait creer si c est le cas c est celui la
http://get.yourfile.net/mj62442.zip
Utilisateur anonyme
27 août 2005 à 19:30
27 août 2005 à 19:30
re gerard
en fait le bleme c est que hijack this et clean, mais ya tjr des pubs, ensuite spybot detecte ca mais ne le corrige pas !
avec silent runner, peut etre que ca m avanceras plus
a+
en fait le bleme c est que hijack this et clean, mais ya tjr des pubs, ensuite spybot detecte ca mais ne le corrige pas !
avec silent runner, peut etre que ca m avanceras plus
a+
balltrap34
Messages postés
16240
Date d'inscription
jeudi 8 janvier 2004
Statut
Contributeur sécurité
Dernière intervention
28 novembre 2009
331
27 août 2005 à 19:36
27 août 2005 à 19:36
si c est du lop fait celui de moe et un silence runner
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Utilisateur anonyme
27 août 2005 à 19:59
27 août 2005 à 19:59
salut
pour lop, le bat sert juste à verifier les taches planifiés, les dossier presents dans allusers\application data et nom du ompte\application data, apres c'est à toi de reperer les dossiers de lop (3 en general)
fais aussi un hijack sur tous les comptes
a+
pour lop, le bat sert juste à verifier les taches planifiés, les dossier presents dans allusers\application data et nom du ompte\application data, apres c'est à toi de reperer les dossiers de lop (3 en general)
fais aussi un hijack sur tous les comptes
a+
Utilisateur anonyme
27 août 2005 à 23:09
27 août 2005 à 23:09
ok merci les gars, je vais faire essayer ca !
par contre pour le msn 7 , vous avez deja vu quelque chose de tel?
A+
par contre pour le msn 7 , vous avez deja vu quelque chose de tel?
A+
balltrap34
Messages postés
16240
Date d'inscription
jeudi 8 janvier 2004
Statut
Contributeur sécurité
Dernière intervention
28 novembre 2009
331
27 août 2005 à 23:17
27 août 2005 à 23:17
pour msn tu peut a la rigueur utiliser hijack pour certaine partie puis suppr les dossiers et fichier et ensuite reinstaler correctement
Utilisateur anonyme
28 août 2005 à 15:28
28 août 2005 à 15:28
coucou gerard,
(perso mon bleme de pc vient apparemment du connecteur sur la carte mere, ca se change?)
il me semble tu voulais un silent runner sur le soucis d une autre personne:
Silent Runners.vbs", revision 40, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"NVIEW" = "rundll32.exe nview.dll,nViewLoadHook" [MS]
"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]
"Yahoo! Pager" = "C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet" [file not found]
"Zilla Popup Killer" = "C:\Program Files\Zilla Popup Killer\ZillaPop.exe" [file not found]
"Skype" = ""C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"hpsysdrv" = "c:\windows\system\hpsysdrv.exe" ["Hewlett-Packard Company"]
"ATIModeChange" = "Ati2mdxx.exe" ["ATI Technologies, Inc."]
"Recguard" = "C:\WINDOWS\SMINST\RECGUARD.EXE" [empty string]
"HotKeysCmds" = "C:\WINDOWS\System32\hkcmd.exe" ["Intel Corporation"]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /installquiet /keeploaded /nodetect" ["NVIDIA Corporation"]
"PS2" = "C:\WINDOWS\system32\ps2.exe" [file not found]
"AOLSAV" = "C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe" ["TechCity Solutions France"]
"Microsoft Works Update Detection" = "C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe" ["Microsoft® Corporation"]
"NeroCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"AOL Spyware Protection" = ""C:\PROGRA~1\FICHIE~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"" [null data]
"TkBellExe" = ""C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
"AdslTaskBar" = "rundll32.exe stmctrl.dll,TaskBar" [MS]
"MPFExe" = "C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" ["McAfee Security"]
"AOLDialer" = "C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe" ["America Online, Inc"]
"AVG7_CC" = "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP" ["GRISOFT, s.r.o."]
"AVG7_EMC" = "C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe" ["GRISOFT, s.r.o."]
"kujywirnbf" = "c:\windows\system32\kujywirnbf.exe -start" [null data]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll" ["Safer Networking Limited"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"
-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{7F67036B-66F1-411A-AD85-759FB9C5B0DB}" = "SampleView"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\ShellvRTF.dll" ["XSS"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Explorateur de Bureau"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]
"{EB47FF00-225E-11D2-9E1D-00A0C9AB0EEE}" = "eLicense Control"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\lcmmfu.cpl" [null data]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{5464D816-CF16-4784-B9F3-75C0DB52B499}" = "Yahoo! Mail"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\Common\ymmapi.dll" [file not found]
"{A5B83E36-5D16-47E8-BADB-6EE748B33093}" = "TZ Shredder Context Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\TZ Data Shredder\CtxMenu.dll" ["TrackZapper.com"]
"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! igfxcui\DLLName = "igfxsrvc.dll" ["Intel Corporation"]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
TZ Shredder Context Menu\(Default) = "{A5B83E36-5D16-47E8-BADB-6EE748B33093}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\TZ Data Shredder\CtxMenu.dll" ["TrackZapper.com"]
Yahoo! Mail\(Default) = "{5464D816-CF16-4784-B9F3-75C0DB52B499}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\Common\ymmapi.dll" [file not found]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
TZ Shredder Context Menu\(Default) = "{A5B83E36-5D16-47E8-BADB-6EE748B33093}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\TZ Data Shredder\CtxMenu.dll" ["TrackZapper.com"]
TZ.Spyware.Remover\(Default) = "{7620794B-F7E2-4847-A7A1-2C12205643F2}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\TrackZapper.com\TZ Spyware-Remover\ContextMenu.dll" ["TrackZapper.com"]
Active Desktop and Wallpaper:
-----------------------------
Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"
Enabled Screen Saver:
---------------------
HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\ss3dfo.scr" [MS]
Startup items in "Propriétaire" & "All Users" startup folders:
--------------------------------------------------------------
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
"AOL 9.0 Icône AOL" -> shortcut to: "C:\Program Files\AOL 9.0b\aoltray.exe -check" ["America Online, Inc."]
"AOL Compagnon" -> shortcut to: "C:\Program Files\AOL Compagnon\companion.exe /s" [null data]
Enabled Scheduled Tasks:
------------------------
"FRU Task #Hewlett-Packard#hp psc 1100 series#1094389798" -> launches: "C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe -I "#Hewlett-Packard#hp psc 1100 series#1094389798"" [empty string]
"Symantec NetDetect" -> launches: "C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE" ["Symantec Corporation"]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 19
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
"{82315A18-6CFB-44A7-BDFD-90E36537C252}" = "QuickSearch SearchBar" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\QuickSearch\QuickSearchBar3_28.dll" [null data]
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{4982D40A-C53B-4615-B15B-B5B5E98D167C}" = "AOL Toolbar" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\AOL Toolbar\toolbar.dll" ["IE Toolbar"]
"{82315A18-6CFB-44A7-BDFD-90E36537C252}" = "QuickSearch SearchBar" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\QuickSearch\QuickSearchBar3_28.dll" [null data]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" [file not found]
"{825CF5BD-8862-4430-B771-0C15C5CA8DEF}" = "&EliteBar" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll" [file not found]
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" = "MSN" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll" [MS]
Explorer Bars
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
{FE54FA40-D68C-11D2-98FA-00C0F0318AFE}\ = "Real.com" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Shdocvw.dll" [MS]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{4982D40A-C53B-4615-B15B-B5B5E98D167C}\
"ButtonText" = "AOL Toolbar"
"MenuText" = "AOL Toolbar"
{85D1F590-48F4-11D9-9669-0800200C9A66}\
"MenuText" = "Uninstall BitDefender Online Scanner v8"
"Exec" = "%windir%\bdoscandel.exe" [null data]
{CD67F990-D8E9-11D2-98FE-00C0F0318AFE}\
"ButtonText" = "Real.com"
{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]
Miscellaneous IE Hijack Points
------------------------------
C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")
Added lines (compared with English-language version):
[Strings]: START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
[Strings]: SAFESITE_VALUE="http://home.microsoft.com/intl/fr/"
Missing lines (compared with English-language version):
[Strings]: 2 lines
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
AOL Connectivity Service, AOL ACS, "C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe" ["America Online, Inc."]
AVG7 Alert Manager Server, Avg7Alrt, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe" ["GRISOFT, s.r.o."]
AVG7 Update Service, Avg7UpdSvc, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe" ["GRISOFT, s.r.o."]
C-DillaCdaC11BA, C-DillaCdaC11BA, "C:\WINDOWS\System32\drivers\CDAC11BA.EXE" ["Macrovision"]
LicCtrl Service, LicCtrlService, "rundll32.exe C:\WINDOWS\mmfs.dll,Service" [MS]
McAfee.com Personal Firewall Service, MpfService, "C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe" ["McAfee.com Corporation"]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]
----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the -supp parameter or answer "Yes" at the first message box.
---------- (total run time: 65 seconds, including 10 seconds for message boxes)
***********
Perso, je vois que ca
"kujywirnbf" = "c:\windows\system32\kujywirnbf.exe -start"
Vous voyez autre chose?
A+
(perso mon bleme de pc vient apparemment du connecteur sur la carte mere, ca se change?)
il me semble tu voulais un silent runner sur le soucis d une autre personne:
Silent Runners.vbs", revision 40, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"NVIEW" = "rundll32.exe nview.dll,nViewLoadHook" [MS]
"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]
"Yahoo! Pager" = "C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet" [file not found]
"Zilla Popup Killer" = "C:\Program Files\Zilla Popup Killer\ZillaPop.exe" [file not found]
"Skype" = ""C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"hpsysdrv" = "c:\windows\system\hpsysdrv.exe" ["Hewlett-Packard Company"]
"ATIModeChange" = "Ati2mdxx.exe" ["ATI Technologies, Inc."]
"Recguard" = "C:\WINDOWS\SMINST\RECGUARD.EXE" [empty string]
"HotKeysCmds" = "C:\WINDOWS\System32\hkcmd.exe" ["Intel Corporation"]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /installquiet /keeploaded /nodetect" ["NVIDIA Corporation"]
"PS2" = "C:\WINDOWS\system32\ps2.exe" [file not found]
"AOLSAV" = "C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe" ["TechCity Solutions France"]
"Microsoft Works Update Detection" = "C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe" ["Microsoft® Corporation"]
"NeroCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"AOL Spyware Protection" = ""C:\PROGRA~1\FICHIE~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"" [null data]
"TkBellExe" = ""C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
"AdslTaskBar" = "rundll32.exe stmctrl.dll,TaskBar" [MS]
"MPFExe" = "C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" ["McAfee Security"]
"AOLDialer" = "C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe" ["America Online, Inc"]
"AVG7_CC" = "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP" ["GRISOFT, s.r.o."]
"AVG7_EMC" = "C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe" ["GRISOFT, s.r.o."]
"kujywirnbf" = "c:\windows\system32\kujywirnbf.exe -start" [null data]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll" ["Safer Networking Limited"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"
-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{7F67036B-66F1-411A-AD85-759FB9C5B0DB}" = "SampleView"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\ShellvRTF.dll" ["XSS"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Explorateur de Bureau"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]
"{EB47FF00-225E-11D2-9E1D-00A0C9AB0EEE}" = "eLicense Control"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\lcmmfu.cpl" [null data]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{5464D816-CF16-4784-B9F3-75C0DB52B499}" = "Yahoo! Mail"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\Common\ymmapi.dll" [file not found]
"{A5B83E36-5D16-47E8-BADB-6EE748B33093}" = "TZ Shredder Context Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\TZ Data Shredder\CtxMenu.dll" ["TrackZapper.com"]
"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! igfxcui\DLLName = "igfxsrvc.dll" ["Intel Corporation"]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
TZ Shredder Context Menu\(Default) = "{A5B83E36-5D16-47E8-BADB-6EE748B33093}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\TZ Data Shredder\CtxMenu.dll" ["TrackZapper.com"]
Yahoo! Mail\(Default) = "{5464D816-CF16-4784-B9F3-75C0DB52B499}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\Common\ymmapi.dll" [file not found]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
TZ Shredder Context Menu\(Default) = "{A5B83E36-5D16-47E8-BADB-6EE748B33093}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\TZ Data Shredder\CtxMenu.dll" ["TrackZapper.com"]
TZ.Spyware.Remover\(Default) = "{7620794B-F7E2-4847-A7A1-2C12205643F2}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\TrackZapper.com\TZ Spyware-Remover\ContextMenu.dll" ["TrackZapper.com"]
Active Desktop and Wallpaper:
-----------------------------
Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"
Enabled Screen Saver:
---------------------
HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\ss3dfo.scr" [MS]
Startup items in "Propriétaire" & "All Users" startup folders:
--------------------------------------------------------------
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
"AOL 9.0 Icône AOL" -> shortcut to: "C:\Program Files\AOL 9.0b\aoltray.exe -check" ["America Online, Inc."]
"AOL Compagnon" -> shortcut to: "C:\Program Files\AOL Compagnon\companion.exe /s" [null data]
Enabled Scheduled Tasks:
------------------------
"FRU Task #Hewlett-Packard#hp psc 1100 series#1094389798" -> launches: "C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe -I "#Hewlett-Packard#hp psc 1100 series#1094389798"" [empty string]
"Symantec NetDetect" -> launches: "C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE" ["Symantec Corporation"]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 19
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
"{82315A18-6CFB-44A7-BDFD-90E36537C252}" = "QuickSearch SearchBar" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\QuickSearch\QuickSearchBar3_28.dll" [null data]
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{4982D40A-C53B-4615-B15B-B5B5E98D167C}" = "AOL Toolbar" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\AOL Toolbar\toolbar.dll" ["IE Toolbar"]
"{82315A18-6CFB-44A7-BDFD-90E36537C252}" = "QuickSearch SearchBar" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\QuickSearch\QuickSearchBar3_28.dll" [null data]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" [file not found]
"{825CF5BD-8862-4430-B771-0C15C5CA8DEF}" = "&EliteBar" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll" [file not found]
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" = "MSN" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll" [MS]
Explorer Bars
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
{FE54FA40-D68C-11D2-98FA-00C0F0318AFE}\ = "Real.com" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Shdocvw.dll" [MS]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{4982D40A-C53B-4615-B15B-B5B5E98D167C}\
"ButtonText" = "AOL Toolbar"
"MenuText" = "AOL Toolbar"
{85D1F590-48F4-11D9-9669-0800200C9A66}\
"MenuText" = "Uninstall BitDefender Online Scanner v8"
"Exec" = "%windir%\bdoscandel.exe" [null data]
{CD67F990-D8E9-11D2-98FE-00C0F0318AFE}\
"ButtonText" = "Real.com"
{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]
Miscellaneous IE Hijack Points
------------------------------
C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")
Added lines (compared with English-language version):
[Strings]: START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
[Strings]: SAFESITE_VALUE="http://home.microsoft.com/intl/fr/"
Missing lines (compared with English-language version):
[Strings]: 2 lines
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
AOL Connectivity Service, AOL ACS, "C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe" ["America Online, Inc."]
AVG7 Alert Manager Server, Avg7Alrt, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe" ["GRISOFT, s.r.o."]
AVG7 Update Service, Avg7UpdSvc, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe" ["GRISOFT, s.r.o."]
C-DillaCdaC11BA, C-DillaCdaC11BA, "C:\WINDOWS\System32\drivers\CDAC11BA.EXE" ["Macrovision"]
LicCtrl Service, LicCtrlService, "rundll32.exe C:\WINDOWS\mmfs.dll,Service" [MS]
McAfee.com Personal Firewall Service, MpfService, "C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe" ["McAfee.com Corporation"]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]
----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the -supp parameter or answer "Yes" at the first message box.
---------- (total run time: 65 seconds, including 10 seconds for message boxes)
***********
Perso, je vois que ca
"kujywirnbf" = "c:\windows\system32\kujywirnbf.exe -start"
Vous voyez autre chose?
A+
Utilisateur anonyme
28 août 2005 à 15:39
28 août 2005 à 15:39
salut
il me semble que celui là est un rogue:
TZ.Spyware.Remover
C:\Program Files\TZ Data Shredder
C:\Program Files\TrackZapper.com
quelques traces d'elite
C:\WINDOWS\EliteToolBar
et le spyware quicksearch
C:\Program Files\QuickSearch
http://securityresponse.symantec.com/avcenter/venc/data/spyware.quicksearch.html
a+
il me semble que celui là est un rogue:
TZ.Spyware.Remover
C:\Program Files\TZ Data Shredder
C:\Program Files\TrackZapper.com
quelques traces d'elite
C:\WINDOWS\EliteToolBar
et le spyware quicksearch
C:\Program Files\QuickSearch
http://securityresponse.symantec.com/avcenter/venc/data/spyware.quicksearch.html
a+
balltrap34
Messages postés
16240
Date d'inscription
jeudi 8 janvier 2004
Statut
Contributeur sécurité
Dernière intervention
28 novembre 2009
331
28 août 2005 à 15:40
28 août 2005 à 15:40
je vois rien d autre que celui que tu as citer
par contre je vois des trace de live update symantec
du mac affe et avg
et l oublie lol pour ton cennecteur c est faisable mais la il faut jouer du fer a souder de bonne qualite sinon adieu les circuits lol
a faire avec un specialiste ou si tu te sent de la faire
mais ton fer a souder doit posseder un bon thermostat pour ne pas surchauffer tous
par contre je vois des trace de live update symantec
du mac affe et avg
et l oublie lol pour ton cennecteur c est faisable mais la il faut jouer du fer a souder de bonne qualite sinon adieu les circuits lol
a faire avec un specialiste ou si tu te sent de la faire
mais ton fer a souder doit posseder un bon thermostat pour ne pas surchauffer tous
Utilisateur anonyme
28 août 2005 à 15:54
28 août 2005 à 15:54
re,
merci moe, impec j avais pas fait attention, t assure Olivier lol
c:\windows\system32\kujywirnbf.exe -start <<---celui la idem a virer?
La soudure ca me connait lol mais bon la c est chaud !!Merci gerard
Merci a vous 2, je suis reste pour vous en +
merci moe, impec j avais pas fait attention, t assure Olivier lol
c:\windows\system32\kujywirnbf.exe -start <<---celui la idem a virer?
La soudure ca me connait lol mais bon la c est chaud !!Merci gerard
Merci a vous 2, je suis reste pour vous en +
balltrap34
Messages postés
16240
Date d'inscription
jeudi 8 janvier 2004
Statut
Contributeur sécurité
Dernière intervention
28 novembre 2009
331
28 août 2005 à 16:03
28 août 2005 à 16:03
moe je suis miro je vois pas cela dans le rapport lol
C:\Program Files\QuickSearch
mais cela
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\QuickSearch
mais cela
C:\Program Files\QuickTime\qttask.exe
Utilisateur anonyme
28 août 2005 à 16:12
28 août 2005 à 16:12
ben poutant...
Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ "{82315A18-6CFB-44A7-BDFD-90E36537C252}" = "QuickSearch SearchBar" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\QuickSearch\QuickSearchBar3_28.dll" [null data] "{82315A18-6CFB-44A7-BDFD-90E36537C252}" = "QuickSearch SearchBar" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\QuickSearch\QuickSearchBar3_28.dll" [null data]
balltrap34
Messages postés
16240
Date d'inscription
jeudi 8 janvier 2004
Statut
Contributeur sécurité
Dernière intervention
28 novembre 2009
331
28 août 2005 à 16:19
28 août 2005 à 16:19
quand je dit que je devient miro cela devient une realite lol
balltrap34
Messages postés
16240
Date d'inscription
jeudi 8 janvier 2004
Statut
Contributeur sécurité
Dernière intervention
28 novembre 2009
331
28 août 2005 à 16:29
28 août 2005 à 16:29
j est pas mis mes lentilles
Utilisateur anonyme
28 août 2005 à 16:32
28 août 2005 à 16:32
lol ah la vieillesse oupsssssssss lol
bon, jvais prendre une douche
a+
bon, jvais prendre une douche
a+
Utilisateur anonyme
29 août 2005 à 16:37
29 août 2005 à 16:37
re,
"Silent Runners.vbs", revision 40, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"NVIEW" = "rundll32.exe nview.dll,nViewLoadHook" [MS]
"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]
"Yahoo! Pager" = "C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet" [file not found]
"Zilla Popup Killer" = "C:\Program Files\Zilla Popup Killer\ZillaPop.exe" [file not found]
"Skype" = ""C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"hpsysdrv" = "c:\windows\system\hpsysdrv.exe" ["Hewlett-Packard Company"]
"ATIModeChange" = "Ati2mdxx.exe" ["ATI Technologies, Inc."]
"Recguard" = "C:\WINDOWS\SMINST\RECGUARD.EXE" [empty string]
"HotKeysCmds" = "C:\WINDOWS\System32\hkcmd.exe" ["Intel Corporation"]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /installquiet /keeploaded /nodetect" ["NVIDIA Corporation"]
"PS2" = "C:\WINDOWS\system32\ps2.exe" [file not found]
"AOLSAV" = "C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe" ["TechCity Solutions France"]
"Microsoft Works Update Detection" = "C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe" ["Microsoft® Corporation"]
"NeroCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"AOL Spyware Protection" = ""C:\PROGRA~1\FICHIE~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"" [null data]
"TkBellExe" = ""C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
"AdslTaskBar" = "rundll32.exe stmctrl.dll,TaskBar" [MS]
"MPFExe" = "C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" ["McAfee Security"]
"AOLDialer" = "C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe" ["America Online, Inc"]
"AVG7_CC" = "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP" ["GRISOFT, s.r.o."]
"AVG7_EMC" = "C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe" ["GRISOFT, s.r.o."]
"kujywirnbf" = "c:\windows\system32\kujywirnbf.exe -start" [null data]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll" ["Safer Networking Limited"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"
-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{7F67036B-66F1-411A-AD85-759FB9C5B0DB}" = "SampleView"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\ShellvRTF.dll" ["XSS"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Explorateur de Bureau"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]
"{EB47FF00-225E-11D2-9E1D-00A0C9AB0EEE}" = "eLicense Control"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\lcmmfu.cpl" [null data]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{5464D816-CF16-4784-B9F3-75C0DB52B499}" = "Yahoo! Mail"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\Common\ymmapi.dll" [file not found]
"{A5B83E36-5D16-47E8-BADB-6EE748B33093}" = "TZ Shredder Context Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\TZ Data Shredder\CtxMenu.dll" ["TrackZapper.com"]
"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! igfxcui\DLLName = "igfxsrvc.dll" ["Intel Corporation"]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
TZ Shredder Context Menu\(Default) = "{A5B83E36-5D16-47E8-BADB-6EE748B33093}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\TZ Data Shredder\CtxMenu.dll" ["TrackZapper.com"]
Yahoo! Mail\(Default) = "{5464D816-CF16-4784-B9F3-75C0DB52B499}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\Common\ymmapi.dll" [file not found]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
TZ Shredder Context Menu\(Default) = "{A5B83E36-5D16-47E8-BADB-6EE748B33093}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\TZ Data Shredder\CtxMenu.dll" ["TrackZapper.com"]
Active Desktop and Wallpaper:
-----------------------------
Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"
Enabled Screen Saver:
---------------------
HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\ss3dfo.scr" [MS]
DESKTOP.INI DLL launch in local fixed drive directories:
--------------------------------------------------------
D:\cmdcons\DESKTOP.INI
[.ShellClassInfo]
CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\ShellvRTF.dll" ["XSS"]
D:\MiniNT\DESKTOP.INI
[.ShellClassInfo]
CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\ShellvRTF.dll" ["XSS"]
D:\I386\DESKTOP.INI
[.ShellClassInfo]
CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\ShellvRTF.dll" ["XSS"]
D:\TOOLS\DESKTOP.INI
[.ShellClassInfo]
CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\ShellvRTF.dll" ["XSS"]
D:\hp\DESKTOP.INI
[.ShellClassInfo]
CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\ShellvRTF.dll" ["XSS"]
D:\PRELOAD\DESKTOP.INI
[.ShellClassInfo]
CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\ShellvRTF.dll" ["XSS"]
Startup items in "Propriétaire" & "All Users" startup folders:
--------------------------------------------------------------
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
"AOL 9.0 Icône AOL" -> shortcut to: "C:\Program Files\AOL 9.0b\aoltray.exe -check" ["America Online, Inc."]
"AOL Compagnon" -> shortcut to: "C:\Program Files\AOL Compagnon\companion.exe /s" [null data]
Enabled Scheduled Tasks:
------------------------
"FRU Task #Hewlett-Packard#hp psc 1100 series#1094389798" -> launches: "C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe -I "#Hewlett-Packard#hp psc 1100 series#1094389798"" [empty string]
"Symantec NetDetect" -> launches: "C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE" ["Symantec Corporation"]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 19
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
"{82315A18-6CFB-44A7-BDFD-90E36537C252}" = "QuickSearch SearchBar" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\QuickSearch\QuickSearchBar3_28.dll" [null data]
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{4982D40A-C53B-4615-B15B-B5B5E98D167C}" = "AOL Toolbar" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\AOL Toolbar\toolbar.dll" ["IE Toolbar"]
"{82315A18-6CFB-44A7-BDFD-90E36537C252}" = "QuickSearch SearchBar" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\QuickSearch\QuickSearchBar3_28.dll" [null data]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" [file not found]
"{825CF5BD-8862-4430-B771-0C15C5CA8DEF}" = "&EliteBar" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll" [file not found]
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" = "MSN" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll" [MS]
Explorer Bars
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
{FE54FA40-D68C-11D2-98FA-00C0F0318AFE}\ = "Real.com" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Shdocvw.dll" [MS]
Dormant Explorer Bars in "View, Explorer Bar" menu
HKLM\Software\Classes\CLSID\{BE8D0059-D24D-4919-B76F-99F4A2203647}\ = "Elite SideBar"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\WINDOWS\EliteSideBar\EliteSideBar 08.dll" [file not found]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{4982D40A-C53B-4615-B15B-B5B5E98D167C}\
"ButtonText" = "AOL Toolbar"
"MenuText" = "AOL Toolbar"
{85D1F590-48F4-11D9-9669-0800200C9A66}\
"MenuText" = "Uninstall BitDefender Online Scanner v8"
"Exec" = "%windir%\bdoscandel.exe" [null data]
{CD67F990-D8E9-11D2-98FE-00C0F0318AFE}\
"ButtonText" = "Real.com"
{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]
Miscellaneous IE Hijack Points
------------------------------
C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")
Added lines (compared with English-language version):
[Strings]: START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
[Strings]: SAFESITE_VALUE="http://home.microsoft.com/intl/fr/"
Missing lines (compared with English-language version):
[Strings]: 2 lines
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
AOL Connectivity Service, AOL ACS, "C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe" ["America Online, Inc."]
AVG7 Alert Manager Server, Avg7Alrt, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe" ["GRISOFT, s.r.o."]
AVG7 Update Service, Avg7UpdSvc, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe" ["GRISOFT, s.r.o."]
C-DillaCdaC11BA, C-DillaCdaC11BA, "C:\WINDOWS\System32\drivers\CDAC11BA.EXE" ["Macrovision"]
LicCtrl Service, LicCtrlService, "rundll32.exe C:\WINDOWS\mmfs.dll,Service" [MS]
McAfee.com Personal Firewall Service, MpfService, "C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe" ["McAfee.com Corporation"]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]
----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 250 seconds.
+ The search for all Registry CLSIDs containing dormant Explorer Bars
took 41 seconds.
---------- (total run time: 467 seconds)
Je vois encore qqs traces,on est du meme avis, il en reste?
"Silent Runners.vbs", revision 40, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"NVIEW" = "rundll32.exe nview.dll,nViewLoadHook" [MS]
"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]
"Yahoo! Pager" = "C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet" [file not found]
"Zilla Popup Killer" = "C:\Program Files\Zilla Popup Killer\ZillaPop.exe" [file not found]
"Skype" = ""C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"hpsysdrv" = "c:\windows\system\hpsysdrv.exe" ["Hewlett-Packard Company"]
"ATIModeChange" = "Ati2mdxx.exe" ["ATI Technologies, Inc."]
"Recguard" = "C:\WINDOWS\SMINST\RECGUARD.EXE" [empty string]
"HotKeysCmds" = "C:\WINDOWS\System32\hkcmd.exe" ["Intel Corporation"]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /installquiet /keeploaded /nodetect" ["NVIDIA Corporation"]
"PS2" = "C:\WINDOWS\system32\ps2.exe" [file not found]
"AOLSAV" = "C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe" ["TechCity Solutions France"]
"Microsoft Works Update Detection" = "C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe" ["Microsoft® Corporation"]
"NeroCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"AOL Spyware Protection" = ""C:\PROGRA~1\FICHIE~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"" [null data]
"TkBellExe" = ""C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
"AdslTaskBar" = "rundll32.exe stmctrl.dll,TaskBar" [MS]
"MPFExe" = "C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" ["McAfee Security"]
"AOLDialer" = "C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe" ["America Online, Inc"]
"AVG7_CC" = "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP" ["GRISOFT, s.r.o."]
"AVG7_EMC" = "C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe" ["GRISOFT, s.r.o."]
"kujywirnbf" = "c:\windows\system32\kujywirnbf.exe -start" [null data]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll" ["Safer Networking Limited"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"
-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{7F67036B-66F1-411A-AD85-759FB9C5B0DB}" = "SampleView"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\ShellvRTF.dll" ["XSS"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Explorateur de Bureau"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]
"{EB47FF00-225E-11D2-9E1D-00A0C9AB0EEE}" = "eLicense Control"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\lcmmfu.cpl" [null data]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{5464D816-CF16-4784-B9F3-75C0DB52B499}" = "Yahoo! Mail"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\Common\ymmapi.dll" [file not found]
"{A5B83E36-5D16-47E8-BADB-6EE748B33093}" = "TZ Shredder Context Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\TZ Data Shredder\CtxMenu.dll" ["TrackZapper.com"]
"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! igfxcui\DLLName = "igfxsrvc.dll" ["Intel Corporation"]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
TZ Shredder Context Menu\(Default) = "{A5B83E36-5D16-47E8-BADB-6EE748B33093}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\TZ Data Shredder\CtxMenu.dll" ["TrackZapper.com"]
Yahoo! Mail\(Default) = "{5464D816-CF16-4784-B9F3-75C0DB52B499}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\Common\ymmapi.dll" [file not found]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
TZ Shredder Context Menu\(Default) = "{A5B83E36-5D16-47E8-BADB-6EE748B33093}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\TZ Data Shredder\CtxMenu.dll" ["TrackZapper.com"]
Active Desktop and Wallpaper:
-----------------------------
Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"
Enabled Screen Saver:
---------------------
HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\ss3dfo.scr" [MS]
DESKTOP.INI DLL launch in local fixed drive directories:
--------------------------------------------------------
D:\cmdcons\DESKTOP.INI
[.ShellClassInfo]
CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\ShellvRTF.dll" ["XSS"]
D:\MiniNT\DESKTOP.INI
[.ShellClassInfo]
CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\ShellvRTF.dll" ["XSS"]
D:\I386\DESKTOP.INI
[.ShellClassInfo]
CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\ShellvRTF.dll" ["XSS"]
D:\TOOLS\DESKTOP.INI
[.ShellClassInfo]
CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\ShellvRTF.dll" ["XSS"]
D:\hp\DESKTOP.INI
[.ShellClassInfo]
CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\ShellvRTF.dll" ["XSS"]
D:\PRELOAD\DESKTOP.INI
[.ShellClassInfo]
CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\ShellvRTF.dll" ["XSS"]
Startup items in "Propriétaire" & "All Users" startup folders:
--------------------------------------------------------------
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
"AOL 9.0 Icône AOL" -> shortcut to: "C:\Program Files\AOL 9.0b\aoltray.exe -check" ["America Online, Inc."]
"AOL Compagnon" -> shortcut to: "C:\Program Files\AOL Compagnon\companion.exe /s" [null data]
Enabled Scheduled Tasks:
------------------------
"FRU Task #Hewlett-Packard#hp psc 1100 series#1094389798" -> launches: "C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe -I "#Hewlett-Packard#hp psc 1100 series#1094389798"" [empty string]
"Symantec NetDetect" -> launches: "C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE" ["Symantec Corporation"]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 19
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
"{82315A18-6CFB-44A7-BDFD-90E36537C252}" = "QuickSearch SearchBar" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\QuickSearch\QuickSearchBar3_28.dll" [null data]
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{4982D40A-C53B-4615-B15B-B5B5E98D167C}" = "AOL Toolbar" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\AOL Toolbar\toolbar.dll" ["IE Toolbar"]
"{82315A18-6CFB-44A7-BDFD-90E36537C252}" = "QuickSearch SearchBar" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\QuickSearch\QuickSearchBar3_28.dll" [null data]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" [file not found]
"{825CF5BD-8862-4430-B771-0C15C5CA8DEF}" = "&EliteBar" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll" [file not found]
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" = "MSN" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll" [MS]
Explorer Bars
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
{FE54FA40-D68C-11D2-98FA-00C0F0318AFE}\ = "Real.com" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Shdocvw.dll" [MS]
Dormant Explorer Bars in "View, Explorer Bar" menu
HKLM\Software\Classes\CLSID\{BE8D0059-D24D-4919-B76F-99F4A2203647}\ = "Elite SideBar"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\WINDOWS\EliteSideBar\EliteSideBar 08.dll" [file not found]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{4982D40A-C53B-4615-B15B-B5B5E98D167C}\
"ButtonText" = "AOL Toolbar"
"MenuText" = "AOL Toolbar"
{85D1F590-48F4-11D9-9669-0800200C9A66}\
"MenuText" = "Uninstall BitDefender Online Scanner v8"
"Exec" = "%windir%\bdoscandel.exe" [null data]
{CD67F990-D8E9-11D2-98FE-00C0F0318AFE}\
"ButtonText" = "Real.com"
{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]
Miscellaneous IE Hijack Points
------------------------------
C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")
Added lines (compared with English-language version):
[Strings]: START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
[Strings]: SAFESITE_VALUE="http://home.microsoft.com/intl/fr/"
Missing lines (compared with English-language version):
[Strings]: 2 lines
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
AOL Connectivity Service, AOL ACS, "C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe" ["America Online, Inc."]
AVG7 Alert Manager Server, Avg7Alrt, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe" ["GRISOFT, s.r.o."]
AVG7 Update Service, Avg7UpdSvc, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe" ["GRISOFT, s.r.o."]
C-DillaCdaC11BA, C-DillaCdaC11BA, "C:\WINDOWS\System32\drivers\CDAC11BA.EXE" ["Macrovision"]
LicCtrl Service, LicCtrlService, "rundll32.exe C:\WINDOWS\mmfs.dll,Service" [MS]
McAfee.com Personal Firewall Service, MpfService, "C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe" ["McAfee.com Corporation"]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]
----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 250 seconds.
+ The search for all Registry CLSIDs containing dormant Explorer Bars
took 41 seconds.
---------- (total run time: 467 seconds)
Je vois encore qqs traces,on est du meme avis, il en reste?
balltrap34
Messages postés
16240
Date d'inscription
jeudi 8 janvier 2004
Statut
Contributeur sécurité
Dernière intervention
28 novembre 2009
331
29 août 2005 à 22:40
29 août 2005 à 22:40
Telecharge ceci
Kill Box :
(ici) http://www.florensac-chasse-trap.com/ section virus
demo http://pageperso.aol.fr/balltrap34/killbox.htm
utilise le avec la methode bloc note (voir demo)
avec ceci
C:\Program Files\QuickSearch\QuickSearchBar3_28.dll
C:\WINDOWS\EliteToolBar
c:\windows\system32\kujywirnbf.exe
C:\Program Files\TZ Data
ouvre le bloc note et copie colle ceci entre les etoiles
**********
REGEDIT4
[-HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\82315A18-6CFB-44A7-BDFD-90E36537C252]
[-HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\82315A18-6CFB-44A7-BDFD-90E36537C252]
[-HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\825CF5BD-8862-4430-B771-0C15C5CA8DEF]
[-HKLM\Software\Classes\CLSID\{BE8D0059-D24D-4919-B76F-99F4A2203647]
************
enregistre le sur ton bureau et nomme le www.reg
et dans la case en dessous type met sur tous fichiers
la vas sur ton bureau et double clik sur se fichier que tu vient de faire et accepte la fusion avec le registre
chasse et le balltrap ma vrai passion
voir site perso dans profil
Kill Box :
(ici) http://www.florensac-chasse-trap.com/ section virus
demo http://pageperso.aol.fr/balltrap34/killbox.htm
utilise le avec la methode bloc note (voir demo)
avec ceci
C:\Program Files\QuickSearch\QuickSearchBar3_28.dll
C:\WINDOWS\EliteToolBar
c:\windows\system32\kujywirnbf.exe
C:\Program Files\TZ Data
ouvre le bloc note et copie colle ceci entre les etoiles
**********
REGEDIT4
[-HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\82315A18-6CFB-44A7-BDFD-90E36537C252]
[-HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\82315A18-6CFB-44A7-BDFD-90E36537C252]
[-HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\825CF5BD-8862-4430-B771-0C15C5CA8DEF]
[-HKLM\Software\Classes\CLSID\{BE8D0059-D24D-4919-B76F-99F4A2203647]
************
enregistre le sur ton bureau et nomme le www.reg
et dans la case en dessous type met sur tous fichiers
la vas sur ton bureau et double clik sur se fichier que tu vient de faire et accepte la fusion avec le registre
chasse et le balltrap ma vrai passion
voir site perso dans profil
Utilisateur anonyme
29 août 2005 à 22:41
29 août 2005 à 22:41
Merci mon ami Gerard, j ai du mal a m en sortir a croire que la personne ne fais pas correctement ce que je lui demande
En tout cas la, elle va y arriver lol
Poignee de main mon gerard lol
En tout cas la, elle va y arriver lol
Poignee de main mon gerard lol