Je spam mon fournisseur d'accès et tous ses clients

Je spam mon fournisseur d'accès et tous ses clients - Sécurité - Windows & Software

Marsh Posté le 11-09-2006 à 18:25:32    

Salut,
 
Mon fournisseur d'accès (Bluewin) m'a envoyé un mail disant que je spamais le réseau et que j'avais 5 jours pour régler le problème sinon ils m'enlevaient la connexion.
 
J'ai un réseau local wireless (avec clef WEP, et filtrage d'adresse MAC). J'utilisais AVG comme antivirus et zoneAlarme.
Après leur mail, j'ai donc scanné mes 2 ordios avec pleins de soft (Panda, Avast, CleanUP, CCleaner, ClamWin, PestPatrol, Kapersky, Spybot, Adaware, ...). Cela a enlevé des trucs, mais j'aimerais être sûr qu'il n'y ait plus rien. Je lance de temps en temps un sniffer pour vérifier, mais je ne vois rien.
 
ClamWin avait détecté d : /windows/system32/RSS~1.exe et AVG d : /windows/system32/??rss.exe sans pouvoir l'effacer. Mais Hijackis ne le voit pas. (c'est sur ordio 1)
 
Pouvez-vous me dire si vous voyez encore des problèmes sur mes 2 ordios ? Merci beaucoup
 
ORDIO 1:
Logfile of HijackThis v1.99.1
Scan saved at 18:13:09, on 11.09.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)
 
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
D:\Program Files\Java\j2re1.5.0\bin\jusched.exe
D:\Program Files\Winamp\winampa.exe
D:\Program Files\ASUS\WLAN Card Utilities\Center.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Skype\Phone\Skype.exe
D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\OpenOffice.org 2.0\program\soffice.exe
D:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
D:\WINDOWS\system32\ASWLSVC.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\ZoneLabs\vsmon.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\Documents and Settings\User\Bureau\HijackThis.exe
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Li [...] SUB_CLCID}
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - D:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {DF023A11-FCF4-D822-D31D-881D8B1819C7} - D:\WINDOWS\system32\dsjw.dll (file missing)
O2 - BHO: D:\WINDOWS\lbbho.dll - {FB0D15DE-4F29-4E2C-B2B7-951383B2FAC3} - D:\WINDOWS\lbbho.dll (file missing)
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: (no name) - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\j2re1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [\\portsudan\EPSON Stylus CX3600 Series] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P38 "\\portsudan\EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600"
O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600"
O4 - HKLM\..\Run: [Control Center] D:\Program Files\ASUS\WLAN Card Utilities\Center.exe
O4 - HKLM\..\Run: [Zone Labs Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: Mozilla Firefox.lnk = D:\Program Files\Mozilla Firefox\firefox.exe
O4 - Startup: OpenOffice.org 2.0.lnk = D:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://d:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Download all by Net Transport - D:\Program Files\Xi\NetTransport 2\NTAddList.html
O8 - Extra context menu item: Download by Net Transport - D:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Edit with &XML Spy - D:\Program Files\Altova\XMLSPY2004\spy.htm
O8 - Extra context menu item: Pages liées - res://d:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://d:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://d:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Tout télécharger avec FlashGet - D:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Télécharger avec FlashGet - D:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Télécharger tout avec FlashGet - D:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://d:\program files\google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\j2re1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\j2re1.5.0\bin\npjpi150.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Edit with XML Spy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - D:\Program Files\Altova\XMLSPY2004\spy.htm (HKCU)
O9 - Extra 'Tools' menuitem: Edit with XML Spy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - D:\Program Files\Altova\XMLSPY2004\spy.htm (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/micros [...] 7657387000
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activ [...] asinst.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {AFAB176A-0D25-436A-8555-286F6D7AA388} (CRegFreezeScanModule Object) - http://www.actualresearch.com/files/rfscanax.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: ASWLSVC - Unknown owner - D:\WINDOWS\system32\ASWLSVC.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Macromedia Licensing Service - Unknown owner - D:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - D:\WINDOWS\system32\ZoneLabs\vsmon.exe
 
ORDIO 2:
Logfile of HijackThis v1.99.1
Scan saved at 17:55:30, on 11.09.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Nsclient\pNSClient.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\System32\igfxtray.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\PROGRA~1\LAUNCH~1\CPLBCL53.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmes\HijackThis.exe
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\CPLBCL53.EXE
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.my-etrust.com/Support/P [...] stscan.cab
O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.parallelgraphics.com/bin/cortvrml.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activ [...] asinst.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: NetSaint NT agent (NSClient) - Unknown owner - C:\Nsclient\pNSClient.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe  
 


Message édité par dranakan le 08-07-2009 à 11:22:56
Reply

Marsh Posté le 11-09-2006 à 18:25:32   

Reply

Marsh Posté le 11-09-2006 à 18:36:55    

Bonjour
 
Plus rien d'infectieux dans ces rapports.
 
Pour les deux ordis, fais ceci.
 
Télécharge Silent Runners
http://www.silentrunners.org/Silent%20Runners.zip
 
Si tu as une alerte de ton antivirus  au cours du téléchargement, ou au cours de son utilisation au sujet de ce script, n'en tiend pas compte.
 
Une fois téléchargé,tu le dézippes dans un dossier dédié.
Puis tu double cliques sur ce fichier,il va travailler, patiente jusqu'à l'affichage d'un message.
Un rapport est généré dans le meme dossier, colle le ici.
La fin doit ressembler à ceci
 

Citation :

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 104 seconds.
+ The search for all Registry CLSIDs containing dormant Explorer Bars
took 14 seconds.
---------- (total run time: 162 seconds)

Reply

Marsh Posté le 11-09-2006 à 21:18:13    

J'ai fait que sur l'ordio 1 pour l'instant :
 
Qu'en penses-tu chercheurbis?
 

Citation :

"Silent Runners.vbs", revision 48, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
 
 
Startup items buried in registry:
---------------------------------
 
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "D:\WINDOWS\system32\ctfmon.exe" [MS]
"Skype" = ""D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."]
 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"SoundMan" = "SOUNDMAN.EXE" ["Avance Logic, Inc."]
"NeroCheck" = "D:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"TkBellExe" = ""D:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
"SunJavaUpdateSched" = "D:\Program Files\Java\j2re1.5.0\bin\jusched.exe" [null data]
"\\portsudan\EPSON Stylus CX3600 Series" = "D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P38 "\\portsudan\EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600"" ["SEIKO EPSON CORPORATION"]
"WinampAgent" = "D:\Program Files\Winamp\winampa.exe" [null data]
"EPSON Stylus CX3600 Series" = "D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600"" ["SEIKO EPSON CORPORATION"]
"Control Center" = "D:\Program Files\ASUS\WLAN Card Utilities\Center.exe" ["ASUSTeK COMPUTER INC."]
"Zone Labs Client" = ""D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"" ["Zone Labs, LLC"]
"avast!" = "D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [null data]
 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
  -> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"
                   \InProcServer32\(Default) = "D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{A5366673-E8CA-11D3-9CD9-0090271D075B}\(Default) = (no title provided)
  -> {HKLM...CLSID} = "IeCatch2 Class"
                   \InProcServer32\(Default) = "D:\PROGRA~1\FlashGet\jccatch.dll" ["Amaze Soft"]
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)
  -> {HKLM...CLSID} = "Google Toolbar Helper"
                   \InProcServer32\(Default) = "d:\program files\google\googletoolbar1.dll" ["Google Inc."]
{DF023A11-FCF4-D822-D31D-881D8B1819C7}\(Default) = (no title provided)
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = "D:\WINDOWS\system32\dsjw.dll" [file not found]
{FB0D15DE-4F29-4E2C-B2B7-951383B2FAC3}\(Default) = "D:\WINDOWS\lbbho.dll"
  -> {HKLM...CLSID} = " "
                   \InProcServer32\(Default) = "D:\WINDOWS\lbbho.dll" [file not found]
 
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"
  -> {HKLM...CLSID} = "Extension Affichage Panorama du Panneau de configuration"
                   \InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"
  -> {HKLM...CLSID} = "HyperTerminal Icon Ext"
                   \InProcServer32\(Default) = "D:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
  -> {HKLM...CLSID} = "WinRAR"
                   \InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
  -> {HKLM...CLSID} = "RealOne Player Context Menu Class"
                   \InProcServer32\(Default) = "D:\Program Files\Real\RealOne Player\rpshellext.dll" ["RealNetworks"]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
  -> {HKLM...CLSID} = "Microsoft Office Outlook"
                   \InProcServer32\(Default) = "D:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
  -> {HKLM...CLSID} = "Outlook File Icon Extension"
                   \InProcServer32\(Default) = "D:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = "D:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{262E6512-1611-4d54-B6F5-58A6719B31EC}" = "SigmaTel MSCN Audio PlayerShell Hook"
  -> {HKLM...CLSID} = "SigmaTel MSCN Audio PlayerShell Hook"
                   \InProcServer32\(Default) = "mscnh.dll" ["SigmaTel, Inc."]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
  -> {HKLM...CLSID} = "Portable Media Devices"
                   \InProcServer32\(Default) = "D:\WINDOWS\system32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
  -> {HKLM...CLSID} = "Portable Media Devices Menu"
                   \InProcServer32\(Default) = "D:\WINDOWS\system32\Audiodev.dll" [MS]
"{2B3453E4-49DF-11D3-8229-0080BE509050}" = "GMail Drive"
  -> {HKLM...CLSID} = "GMail Drive"
                   \InProcServer32\(Default) = "D:\WINDOWS\system32\ShellExt\GMailFS.dll" ["Bjarke Viksoe"]
"{2B3453E4-49DF-11D3-8229-0080BE509052}" = "GMailFS Property Sheet"
  -> {HKLM...CLSID} = "GMailFS Property Sheet"
                   \InProcServer32\(Default) = "D:\WINDOWS\system32\ShellExt\GMailFS.dll" ["Bjarke Viksoe"]
"{2B3453E4-49DF-11D3-8229-0080BE509054}" = "GMailFS Drop Handler"
  -> {HKLM...CLSID} = "GMailFS Drop Handler"
                   \InProcServer32\(Default) = "D:\WINDOWS\system32\ShellExt\GMailFS.dll" ["Bjarke Viksoe"]
"{2B3453E4-49DF-11D3-8229-0080BE509056}" = "GMailFS Context Menu"
  -> {HKLM...CLSID} = "GMailFS Context Menu"
                   \InProcServer32\(Default) = "D:\WINDOWS\system32\ShellExt\GMailFS.dll" ["Bjarke Viksoe"]
"{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"
  -> {HKLM...CLSID} = "Shell Search Band"
                   \InProcServer32\(Default) = "D:\WINDOWS\system32\browseui.dll" [MS]
"{EE75AC21-B24F-11d3-BA80-00C0CA16AA37}" = "Siemens Device"
  -> {HKLM...CLSID} = "Siemens Device"
                   \InProcServer32\(Default) = "D:\Program Files\Mobile Phone Manager\bin\PhoneExplorer.dll" [empty string]
"{EE75AC22-B24F-11d3-BA80-00C0CA16AA37}" = "Siemens Device ContextMenuHandler"
  -> {HKLM...CLSID} = "Siemens Device ContextMenuHandler"
                   \InProcServer32\(Default) = "D:\Program Files\Mobile Phone Manager\bin\PhoneExplorer.dll" [empty string]
"{EE75AC23-B24F-11d3-BA80-00C0CA16AA37}" = "Siemens Device PropertySheetHandlers"
  -> {HKLM...CLSID} = "Siemens Device PropertySheetHandler"
                   \InProcServer32\(Default) = "D:\Program Files\Mobile Phone Manager\bin\PhoneExplorer.dll" [empty string]
"{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" = "OpenOffice.org Column Handler"
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = ""D:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]
"{087B3AE3-E237-4467-B8DB-5A38AB959AC9}" = "OpenOffice.org Infotip Handler"
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = ""D:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]
"{3B092F0C-7696-40E3-A80F-68D74DA84210}" = "OpenOffice.org Thumbnail Viewer"
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = ""D:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]
"{A155339D-CCCD-4714-85EB-3754B804C9DF}" = "a-squared Free Context Menu Shell Extension"
  -> {HKLM...CLSID} = "a-squared Free Context Menu"
                   \InProcServer32\(Default) = "D:\PROGRA~1\A-SQUA~1\A2FREE~1.DLL" [file not found]
"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"
  -> {HKLM...CLSID} = "avast"
                   \InProcServer32\(Default) = "D:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "ewido anti-spyware 4.0"
  -> {HKLM...CLSID} = "CShellExecuteHookImpl Object"
                   \InProcServer32\(Default) = "D:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll" ["Anti-Malware Development a.s."]
 
HKLM\Software\Classes\PROTOCOLS\Filter\
INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = "D:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]
 
HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\(Default) = "OpenOffice.org Column Handler"
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = ""D:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
  -> {HKLM...CLSID} = "PDF Shell Extension"
                   \InProcServer32\(Default) = "D:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]
 
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
  -> {HKLM...CLSID} = "avast"
                   \InProcServer32\(Default) = "D:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
  -> {HKLM...CLSID} = "CContextScan Object"
                   \InProcServer32\(Default) = "D:\Program Files\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
  -> {HKLM...CLSID} = "WinRAR"
                   \InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]
 
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
  -> {HKLM...CLSID} = "CContextScan Object"
                   \InProcServer32\(Default) = "D:\Program Files\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
  -> {HKLM...CLSID} = "WinRAR"
                   \InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]
 
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
a2FreeContMenu\(Default) = "{A155339D-CCCD-4714-85EB-3754B804C9DF}"
  -> {HKLM...CLSID} = "a-squared Free Context Menu"
                   \InProcServer32\(Default) = "D:\PROGRA~1\A-SQUA~1\A2FREE~1.DLL" [file not found]
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
  -> {HKLM...CLSID} = "avast"
                   \InProcServer32\(Default) = "D:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
  -> {HKLM...CLSID} = "WinRAR"
                   \InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]
 
 
Active Desktop and Wallpaper:
-----------------------------
 
Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
 
HKCU\Control Panel\Desktop\
"Wallpaper" = "D:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"
 
 
DESKTOP.INI DLL launch in local fixed drive directories:
--------------------------------------------------------
 
D:\Documents and Settings\Default User\Local Settings\Historique\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
  -> {HKLM...CLSID}\InProcServer32\(Default) = "D:\WINDOWS\system32\ieframe.dll" [MS]
CLSID={FF393560-C2A7-11CF-BFF4-444553540000}
  -> {HKLM...CLSID}\InProcServer32\(Default) = "D:\WINDOWS\system32\ieframe.dll" [MS]
 
D:\Documents and Settings\Default User\Local Settings\Historique\History.IE5\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
  -> {HKLM...CLSID}\InProcServer32\(Default) = "D:\WINDOWS\system32\ieframe.dll" [MS]
CLSID={FF393560-C2A7-11CF-BFF4-444553540000}
  -> {HKLM...CLSID}\InProcServer32\(Default) = "D:\WINDOWS\system32\ieframe.dll" [MS]
 
D:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
  -> {HKLM...CLSID}\InProcServer32\(Default) = "D:\WINDOWS\system32\ieframe.dll" [MS]
 
D:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
  -> {HKLM...CLSID}\InProcServer32\(Default) = "D:\WINDOWS\system32\ieframe.dll" [MS]
 
D:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\4JC5QPWF\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
  -> {HKLM...CLSID}\InProcServer32\(Default) = "D:\WINDOWS\system32\ieframe.dll" [MS]
 
D:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\8XMFQ1WN\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
  -> {HKLM...CLSID}\InProcServer32\(Default) = "D:\WINDOWS\system32\ieframe.dll" [MS]
 
D:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\GVQ1CZQ1\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
  -> {HKLM...CLSID}\InProcServer32\(Default) = "D:\WINDOWS\system32\ieframe.dll" [MS]
 
D:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\QBALQRSB\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
  -> {HKLM...CLSID}\InProcServer32\(Default) = "D:\WINDOWS\system32\ieframe.dll" [MS]
 
D:\Documents and Settings\LocalService\Local Settings\Historique\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
  -> {HKLM...CLSID}\InProcServer32\(Default) = "D:\WINDOWS\system32\ieframe.dll" [MS]
CLSID={FF393560-C2A7-11CF-BFF4-444553540000}
  -> {HKLM...CLSID}\InProcServer32\(Default) = "D:\WINDOWS\system32\ieframe.dll" [MS]
 
D:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
  -> {HKLM...CLSID}\InProcServer32\(Default) = "D:\WINDOWS\system32\ieframe.dll" [MS]
CLSID={FF393560-C2A7-11CF-BFF4-444553540000}
  -> {HKLM...CLSID}\InProcServer32\(Default) = "D:\WINDOWS\system32\ieframe.dll" [MS]
 
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
  -> {HKLM...CLSID}\InProcServer32\(Default) = "D:\WINDOWS\system32\ieframe.dll" [MS]
 
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
  -> {HKLM...CLSID}\InProcServer32\(Default) = "D:\WINDOWS\system32\ieframe.dll" [MS]
 
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\01Q3SHUJ\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
  -> {HKLM...CLSID}\InProcServer32\(Default) = "D:\WINDOWS\system32\ieframe.dll" [MS]
 
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0J45UOKA\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
  -> {HKLM...CLSID}\InProcServer32\(Default) = "D:\WINDOWS\system32\ieframe.dll" [MS]
 
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\EZ9JRM6I\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
  -> {HKLM...CLSID}\InProcServer32\(Default) = "D:\WINDOWS\system32\ieframe.dll" [MS]
 
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\RX2NSPPR\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
  -> {HKLM...CLSID}\InProcServer32\(Default) = "D:\WINDOWS\system32\ieframe.dll" [MS]
 
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ZSZ1ONXP\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
  -> {HKLM...CLSID}\InProcServer32\(Default) = "D:\WINDOWS\system32\ieframe.dll" [MS]
 
D:\Documents and Settings\NetworkService\Local Settings\Historique\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
  -> {HKLM...CLSID}\InProcServer32\(Default) = "D:\WINDOWS\system32\ieframe.dll" [MS]
CLSID={FF393560-C2A7-11CF-BFF4-444553540000}
  -> {HKLM...CLSID}\InProcServer32\(Default) = "D:\WINDOWS\system32\ieframe.dll" [MS]
 
D:\Documents and Settings\NetworkService\Local Settings\Historique\History.IE5\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
  -> {HKLM...CLSID}\InProcServer32\(Default) = "D:\WINDOWS\system32\ieframe.dll" [MS]
CLSID={FF393560-C2A7-11CF-BFF4-444553540000}
  -> {HKLM...CLSID}\InProcServer32\(Default) = "D:\WINDOWS\system32\ieframe.dll" [MS]
 
D:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
  -> {HKLM...CLSID}\InProcServer32\(Default) = "D:\WINDOWS\system32\ieframe.dll" [MS]
 
D:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
  -> {HKLM...CLSID}\InProcServer32\(Default) = "D:\WINDOWS\system32\ieframe.dll" [MS]
 
D:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\01J8MZ7A\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
  -> {HKLM...CLSID}\InProcServer32\(Default) = "D:\WINDOWS\system32\ieframe.dll" [MS]
 
D:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\585WOZ3E\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
  -> {HKLM...CLSID}\InProcServer32\(Default) = "D:\WINDOWS\system32\ieframe.dll" [MS]
 
D:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FR1A85TO\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
  -> {HKLM...CLSID}\InProcServer32\(Default) = "D:\WINDOWS\system32\ieframe.dll" [MS]
 
D:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\I7XGQLK1\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
  -> {HKLM...CLSID}\InProcServer32\(Default) = "D:\WINDOWS\system32\ieframe.dll" [MS]
 
D:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\Q29S95F9\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
  -> {HKLM...CLSID}\InProcServer32\(Default) = "D:\WINDOWS\system32\ieframe.dll" [MS]
 
D:\Documents and Settings\User\Cookies\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
  -> {HKLM...CLSID}\InProcServer32\(Default) = "D:\WINDOWS\system32\ieframe.dll" [MS]
 
D:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Feeds Cache\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
  -> {HKLM...CLSID}\InProcServer32\(Default) = "D:\WINDOWS\system32\ieframe.dll" [MS]
 
D:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Feeds Cache\DZOLZCDE\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
  -> {HKLM...CLSID}\InProcServer32\(Default) = "D:\WINDOWS\system32\ieframe.dll" [MS]
 
D:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Feeds Cache\G2FKYDF5\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
  -> {HKLM...CLSID}\InProcServer32\(Default) = "D:\WINDOWS\system32\ieframe.dll" [MS]
 
D:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Feeds Cache\H0I0NIE0\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
  -> {HKLM...CLSID}\InProcServer32\(Default) = "D:\WINDOWS\system32\ieframe.dll" [MS]
 
D:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Feeds Cache\PZG0XR9L\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
  -> {HKLM...CLSID}\InProcServer32\(Default) = "D:\WINDOWS\system32\ieframe.dll" [MS]
 
D:\Documents and Settings\User\Local Settings\Historique\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
  -> {HKLM...CLSID}\InProcServer32\(Default) = "D:\WINDOWS\system32\ieframe.dll" [MS]
CLSID={FF393560-C2A7-11CF-BFF4-444553540000}
  -> {HKLM...CLSID}\InProcServer32\(Default) = "D:\WINDOWS\system32\ieframe.dll" [MS]
 
D:\Documents and Settings\User\Local Settings\Historique\History.IE5\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
  -> {HKLM...CLSID}\InProcServer32\(Default) = "D:\WINDOWS\system32\ieframe.dll" [MS]
 
D:\Documents and Settings\User\Local Settings\Temporary Internet Files\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
  -> {HKLM...CLSID}\InProcServer32\(Default) = "D:\WINDOWS\system32\ieframe.dll" [MS]
 
D:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
  -> {HKLM...CLSID}\InProcServer32\(Default) = "D:\WINDOWS\system32\ieframe.dll" [MS]
 
D:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\94GT7FYX\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
  -> {HKLM...CLSID}\InProcServer32\(Default) = "D:\WINDOWS\system32\ieframe.dll" [MS]
 
D:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\DDC3Y5XO\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
  -> {HKLM...CLSID}\InProcServer32\(Default) = "D:\WINDOWS\system32\ieframe.dll" [MS]
 
D:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\NDHH54MF\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
  -> {HKLM...CLSID}\InProcServer32\(Default) = "D:\WINDOWS\system32\ieframe.dll" [MS]
 
D:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\TIYWJ8MD\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
  -> {HKLM...CLSID}\InProcServer32\(Default) = "D:\WINDOWS\system32\ieframe.dll" [MS]
 
D:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
  -> {HKLM...CLSID}\InProcServer32\(Default) = "D:\WINDOWS\system32\ieframe.dll" [MS]
CLSID={FF393560-C2A7-11CF-BFF4-444553540000}
  -> {HKLM...CLSID}\InProcServer32\(Default) = "D:\WINDOWS\system32\ieframe.dll" [MS]
 
D:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
  -> {HKLM...CLSID}\InProcServer32\(Default) = "D:\WINDOWS\system32\ieframe.dll" [MS]
CLSID={FF393560-C2A7-11CF-BFF4-444553540000}
  -> {HKLM...CLSID}\InProcServer32\(Default) = "D:\WINDOWS\system32\ieframe.dll" [MS]
 
D:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
  -> {HKLM...CLSID}\InProcServer32\(Default) = "D:\WINDOWS\system32\ieframe.dll" [MS]
 
D:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
  -> {HKLM...CLSID}\InProcServer32\(Default) = "D:\WINDOWS\system32\ieframe.dll" [MS]
 
D:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4JC5QPWF\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
  -> {HKLM...CLSID}\InProcServer32\(Default) = "D:\WINDOWS\system32\ieframe.dll" [MS]
 
D:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\8XMFQ1WN\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
  -> {HKLM...CLSID}\InProcServer32\(Default) = "D:\WINDOWS\system32\ieframe.dll" [MS]
 
D:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\GVQ1CZQ1\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
  -> {HKLM...CLSID}\InProcServer32\(Default) = "D:\WINDOWS\system32\ieframe.dll" [MS]
 
D:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\QBALQRSB\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
  -> {HKLM...CLSID}\InProcServer32\(Default) = "D:\WINDOWS\system32\ieframe.dll" [MS]
 
 
Startup items in "User" & "All Users" startup folders:
--------------------------------------------------------
 
D:\Documents and Settings\User\Menu Démarrer\Programmes\Démarrage
"Mozilla Firefox" -> shortcut to: "D:\Program Files\Mozilla Firefox\firefox.exe" ["Mozilla Corporation"]
"OpenOffice.org 2.0" -> shortcut to: "D:\Program Files\OpenOffice.org 2.0\program\quickstart.exe" [null data]
 
D:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
"Lancement rapide d'Adobe Reader" -> shortcut to: "D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]
 
 
Winsock2 Service Provider DLLs:
-------------------------------
 
Namespace Service Providers
 
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
 
Transport Service Providers
 
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 13
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
 
 
Toolbars, Explorer Bars, Extensions:
------------------------------------
 
Toolbars
 
HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
  -> {HKLM...CLSID} = "&Google"
                   \InProcServer32\(Default) = "d:\program files\google\googletoolbar1.dll" ["Google Inc."]
 
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
  -> {HKLM...CLSID} = "&Google"
                   \InProcServer32\(Default) = "d:\program files\google\googletoolbar1.dll" ["Google Inc."]
 
HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{E0E899AB-F487-11D5-8D29-0050BA6940E3}" = "FlashGet Bar"
  -> {HKLM...CLSID} = "FlashGet Bar"
                   \InProcServer32\(Default) = "D:\PROGRA~1\FlashGet\fgiebar.dll" ["Amaze Soft"]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)
  -> {HKLM...CLSID} = "&Google"
                   \InProcServer32\(Default) = "d:\program files\google\googletoolbar1.dll" ["Google Inc."]
 
Explorer Bars
 
Dormant Explorer Bars in "View, Explorer Bar" menu
 
HKLM\Software\Classes\CLSID\{014DA6CE-189F-421A-88CD-07CFE51CFF10}\(Default) = "My Search Bar Quick View"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "D:\WINDOWS\System32\shdocvw.dll" [MS]
 
HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Rechercher"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS]
 
Extensions (Tools menu items, main toolbar menu buttons)
 
HKCU\Software\Microsoft\Internet Explorer\Extensions\
{2222EF56-F49E-4D07-A14E-8D2B08766958}\
"ButtonText" = "Edit with XML Spy"
"MenuText" = "Edit with XML Spy"
"Script" = "D:\Program Files\Altova\XMLSPY2004\spy.htm" [null data]
 
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Console Java (Sun)"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}"
  -> {HKLM...CLSID} = "Java Plug-in 1.5.0"
                   \InProcServer32\(Default) = "D:\Program Files\Java\j2re1.5.0\bin\npjpi150.dll" ["JavaSoft / Sun Microsystems, Inc."]
 
{36ECAF82-3300-8F84-092E-AFF36D6C7040}\
"ButtonText" = "Run WinHTTrack"
"MenuText" = "Launch WinHTTrack"
"CLSIDExtension" = "{86529161-034E-4F8A-88D2-3C625E612E04}"
  -> {HKLM...CLSID} = "WinHTTrackLauncher Class"
                   \InProcServer32\(Default) = "D:\Program Files\WinHTTrack\WinHTTrackIEBar.dll" [null data]
 
{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Recherche"
 
{D6E814A0-E0C5-11D4-8D29-0050BA6940E3}\
"ButtonText" = "FlashGet"
"MenuText" = "&FlashGet"
"Exec" = "D:\PROGRA~1\FlashGet\flashget.exe" ["Amaze Soft"]
 
{E2E2DD38-D088-4134-82B7-F2BA38496583}\
"MenuText" = "@xpsp3res.dll,-20001"
"Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS]
 
{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "D:\Program Files\Messenger\msmsgs.exe" [MS]
 
 
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
 
ASWLSVC, ASWLSVC, "D:\WINDOWS\system32\ASWLSVC.exe" [null data]
avast! Antivirus, avast! Antivirus, ""D:\Program Files\Alwil Software\Avast4\ashServ.exe"" [null data]
avast! iAVS4 Control Service, aswUpdSv, ""D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"" [null data]
avast! Mail Scanner, avast! Mail Scanner, ""D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"]
avast! Web Scanner, avast! Web Scanner, ""D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"]
HTTP SSL, HTTPFilter, "D:\WINDOWS\System32\svchost.exe -k HTTPFilter" {"D:\WINDOWS\System32\w3ssl.dll" [MS]}
TrueVector Internet Monitor, vsmon, "D:\WINDOWS\system32\ZoneLabs\vsmon.exe -service" ["Zone Labs, LLC"]
Windows User Mode Driver Framework, UMWdf, "D:\WINDOWS\system32\wdfmgr.exe" [MS]
 
 
Print Monitors:
---------------
 
HKLM\System\CurrentControlSet\Control\Print\Monitors\
EPSON Stylus CX3600 Series 2KMonitor5E\Driver = "E_FLM9BE.DLL" ["SEIKO EPSON CORPORATION"]
Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]
ssgb7 Langmon\Driver = "SSGB7MON.DLL" ["Samsung Electronics."]
 
 
----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
  launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
  took 182 seconds.
+ The search for all Registry CLSIDs containing dormant Explorer Bars
  took 18 seconds.
---------- (total run time: 248 seconds)


Message édité par dranakan le 08-07-2009 à 11:25:27
Reply

Sujets relatifs:

Leave a Replay

Make sure you enter the(*)required information where indicate.HTML code is not allowed