Actualité informatique
Test comparatif matériel informatique
Jeux vidéo
Astuces informatique
Vidéo
Télécharger
Services en ligne
Forum informatique
01Business



|||-  

spyware et vista, pub intenpestives, au secours!

 

Ajouter une réponse
 

 
Page photos
 
     
Vider la liste des messages à citer
 
 Page :
1
Auteur
 Sujet :

spyware et vista, pub intenpestives, au secours!

Prévenir les modérateurs en cas d'abus 
bigdev
bigdev
  1. Posté le 19/07/2007 à 16:09:25  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
bonjours a tous

 alors vola, ca fait quelques temps que j'ai un spyware qui fait mumuse avec IE

 j'ai passé les antispywares classiques, meme F-Secure, rien... et pourtant il est la

 comment je m'en debarrasse?

bigdev
  1. Posté le 19/07/2007 à 19:56:45  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
up svp help!

(Publicité)
hageaxx
Débutant confirmé (de 1 000 à 4 999 messages postés)
  1. Posté le 20/07/2007 à 03:05:44  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Bonsoir,

 Tout est expliqué ici ==> http://forum.telecharger.01net [...] ges-1.html

bigdev
  1. Posté le 20/07/2007 à 18:34:44  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
comme je l'ai déja dit, je suis sous vista!, donc impossible d'utiliser navilog
 j'ai fait un scan SILENT RUNNER
 voila ca que ca donne

 



 
 "Silent Runners.vbs", revision R50, http://www.silentrunners.org/
 Operating System: Windows Vista RC1
 Output limited to non-default values, except where indicated by "{++}"


 Startup items buried in registry:
 ------------------------------​---

 HKCU\Software\Microsoft\Window​s\CurrentVersion\Run\ {++}
 "Sidebar" = "C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" [MS]
 "LogitechSoftwareUpdate" = ""C:\Program Files\Logitech\Video\ManifestE​ngine.exe" boot" ["Logitech Inc."]
 "DAEMON Tools" = ""C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033" ["DT Soft Ltd."]
 "MsnMsgr" = ""C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background" [MS]
 "ehTray.exe" = "C:\Windows\ehome\ehTray.exe" [MS]

 HKLM\Software\Microsoft\Window​s\CurrentVersion\Run\ {++}
 "Windows Defender" = "C:\Program Files\Windows Defender\MSASCui.exe -hide"
 "NvCplDaemon" = "RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,​NvStartup" [MS]
 "lxbkbmgr.exe" = ""C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"" ["Lexmark International, Inc."]
 "LogitechVideoRepair" = "C:\Program Files\Logitech\Video\ISStart.e​xe " ["Logitech Inc."]
 "LogitechVideoTray" = "C:\Program Files\Logitech\Video\LogiTray.​exe" ["Logitech Inc."]
 "avast!" = "C:\PROGRA~1\ALWILS~1\Avast4\a​shDisp.exe" ["ALWIL Software"]
 "RivaTuner" = ""C:\Program Files\RivaTuner v2.01\RivaTuner.exe" /T" [empty string]
 "SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.6.0_01\bin\jus​ched.exe"" ["Sun Microsystems, Inc."]
 "tvpbpace" = "c:\windows\system32\tvpbpace.​exe tvpbpace" [null data]
 "MSConfig" = ""C:\Windows\system32\msconfig​.exe" /auto" [MS]
 "!AVG Anti-Spyware" = ""C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized" ["GRISOFT s.r.o."]

 HKLM\Software\Microsoft\Window​s\CurrentVersion\Explorer\Brow​ser Helper Objects\
 {06849E9F-C8D7-4D59-B87D-784B7​D6BE0B3}\(Default) = (no title provided)
  -> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"

\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
 {53707962-6F74-2D53-2644-206D7​942484F}\(Default) = (no title provided)
  -> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper​.dll" ["Safer Networking Limited"]
 {761497BB-D6F0-462C-B6EB-D4DAF​1D92D43}\(Default) = (no title provided)
  -> {HKLM...CLSID} = "SSVHelper Class"

\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_01\bin\ssv​.dll" ["Sun Microsystems, Inc."]

 HKLM\Software\Microsoft\Window​s\CurrentVersion\Shell Extensions\Approved\
 "{E7DE9B1A-7533-4556-9484-B26F​B486475E}" = (no title provided)
  -> {HKLM...CLSID} = "Network Map"

\InProcServer32\(Default) = "C:\Windows\system32\shdocvw.d​ll" [MS]
 "{4A1E5ACD-A108-4100-9E26-D2FA​FA1BA486}" = "IGD Property Sheet Handler"
  -> {HKLM...CLSID} = "IGD Property Page"

\InProcServer32\(Default) = "C:\Windows\System32\icsigd.dl​l" [MS]
 "{8856f961-340a-11d0-a96b-00c0​4fd705a2}" = "Microsoft Web Browser"
  -> {HKLM...CLSID} = "Microsoft Web Browser"

\InProcServer32\(Default) = "C:\Windows\system32\ieframe.d​ll" [MS]
 "{3050f3d9-98b5-11cf-bb82-00aa​00bdce0b}" = "MSHTML Document"
  -> {HKLM...CLSID} = "MHTML Document"

\InProcServer32\(Default) = "C:\Windows\system32\mshtml.dl​l" [MS]
 "{25336920-03f9-11cf-8fd0-00aa​00686f13}" = "HTML Document"
  -> {HKLM...CLSID} = "HTML Document"

\InProcServer32\(Default) = "C:\Windows\system32\mshtml.dl​l" [MS]
 "{00020d75-0000-0000-c000-0000​00000046}" = "Microsoft Office Outlook Desktop Icon Handler"
  -> {HKLM...CLSID} = "Microsoft Office Outlook"

\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11​\MLSHEXT.DLL" [MS]
 "{74246bfc-4c96-11d0-abef-0020​af6b0b7a}" = "Device Manager"
  -> {HKLM...CLSID} = "Device Manager"

\InProcServer32\(Default) = "C:\Windows\System32\devmgr.dl​l" [MS]
 "{44f3dab6-4392-4186-bb7b-6282​ccb7a9f6}" = "MyDocuments menu and properties"
  -> {HKLM...CLSID} = "MyDocuments menu and properties"

\InProcServer32\(Default) = "C:\Windows\system32\mydocs.dl​l" [MS]
 "{D34A6CA6-62C2-4C34-8A7C-1470​9C1AD938}" = "Common Places Folder"
  -> {HKLM...CLSID} = "Common Places FS Folder"

\InProcServer32\(Default) = "C:\Windows\System32\shdocvw.d​ll" [MS]
 "{865e5e76-ad83-4dca-a109-50dc​2113ce9a}" = "Programs Folder and Fast Items"
  -> {HKLM...CLSID} = "Programs Folder and Fast Items"

\InProcServer32\(Default) = "C:\Windows\system32\shell32.d​ll" [MS]
 "{21ec2020-3aea-1069-a2dd-0800​2b30309d}" = "Control Panel"
  -> {HKLM...CLSID} = "Control Panel"

\InProcServer32\(Default) = "shell32.dll" [MS]
 "{25585dc7-4da0-438d-ad04-e42c​8d2d64b9}" = "Client application shell extension"
  -> {HKLM...CLSID} = "Client application shell extension"

\InProcServer32\(Default) = "C:\Windows\system32\shell32.d​ll" [MS]
 "{4d5c8c2a-d075-11d0-b416-00c0​4fb90376}" = "Microsoft CommBand"
  -> {HKLM...CLSID} = "Microsoft CommBand"

\InProcServer32\(Default) = "C:\Windows\system32\browseui.​dll" [MS]
 "{92337A8C-E11D-11D0-BE48-00C0​4FC30DF6}" = "OlePrn.PrinterURL"
  -> {HKLM...CLSID} = "prturl Class"

\InProcServer32\(Default) = "C:\Windows\system32\oleprn.dl​l" [MS]
 "{16C2C29D-0E5F-45f3-A445-03E0​3F587B7D}" = "group_wab_auto_file"
  -> {HKLM...CLSID} = ".group shell context menu"

\InProcServer32\(Default) = "C:\Program Files\Common Files\System\wab32.dll" [MS]
 "{CF67796C-F57F-45F8-92FB-AD69​8826C602}" = "contact_wab_auto_file"
  -> {HKLM...CLSID} = ".contact shell context menu"

\InProcServer32\(Default) = "C:\Program Files\Common Files\System\wab32.dll" [MS]
 "{90b9bce2-b6db-4fd3-8451-3591​7ea1081b}" = "Search Execute Command"
  -> {HKLM...CLSID} = "CLSID_SearchExecute"

\InProcServer32\(Default) = "ExplorerFrame.dll" [MS]
 "{1a184871-359e-4f67-aad9-5b99​05d62232}" = "Microsoft Windows Font File Context Menu Handler"
  -> {HKLM...CLSID} = "Microsoft Windows Font Context Menu Handler"

\InProcServer32\(Default) = "fontext.dll" [MS]
 "{8a7cae0e-5951-49cb-bf20-ab3f​a1e44b01}" = "Microsoft Windows Font Previewer"
  -> {HKLM...CLSID} = "Microsoft Windows Font Preview Handler"

\InProcServer32\(Default) = "fontext.dll" [MS]
 "{BC65FB43-1958-4349-971A-2102​90480130}" = "Network Explorer Property Sheet Handler"
  -> {HKLM...CLSID} = "Ncd Property Page"

\InProcServer32\(Default) = "C:\Windows\System32\NcdProp.d​ll" [MS]
 "{0a4286ea-e355-44fb-8086-af3d​f7645bd9}" = "Windows Media Player"
  -> {HKLM...CLSID} = "&Windows Media Player"

\InProcServer32\(Default) = "C:\PROGRA~1\WI4EB4~1\wmpband.​dll" [MS]
 "{BB6B2374-3D79-41DB-87F4-896C​91846510}" = "EMDFileProperties"
  -> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "emdmgmt.dll" [MS]
 "{7A0F6AB7-ED84-46B6-B47E-02AA​159A152B}" = "Sync Center Simple Conflict Presenter"
  -> {HKLM...CLSID} = "Simple Conflict Presenter"

\InProcServer32\(Default) = "C:\Windows\System32\SyncCente​r.dll" [MS]
 "{00f20eb5-8fd6-4d9d-b75e-3680​1766c8f1}" = "PhotoAcqDropTarget"
  -> {HKLM...CLSID} = "PhotoAcqDropTarget"

\InProcServer32\(Default) = "C:\Program Files\Windows Photo Gallery\PhotoAcq.dll" [MS]
 "{91ADC906-6722-4B05-A12B-471A​DDCCE132}" = "Touch Band"
  -> {HKLM...CLSID} = "Touch Pointer"

\InProcServer32\(Default) = "C:\Windows\System32\TouchX.dl​l" [MS]
 "{7D4734E6-047E-41e2-AEAA-E763​B4739DC4}" = "Windows Media Player Play as Playlist Context Menu Handler"
  -> {HKLM...CLSID} = "WMP Play Folder As Playlist Launcher"

\InProcServer32\(Default) = "C:\Windows\system32\wmpshell.​dll" [MS]
 "{4E5BFBF8-F59A-4e87-9805-1F9B​42CC254A}" = "GameUX.RichGameMediaThumbnail​"
  -> {HKLM...CLSID} = "RichGameMediaThumbnail Class"

\InProcServer32\(Default) = "C:\Windows\System32\gameux.dl​l" [MS]
 "{15D633E2-AD00-465b-9EC7-F56B​7CDF8E27}" = "Tablet PC Input Panel"
  -> {HKLM...CLSID} = "Tablet PC Input Panel"

\InProcServer32\(Default) = "C:\Program Files\Common Files\microsoft shared\ink\TipBand.dll" [MS]
 "{6b9228da-9c15-419e-856c-19e7​68a13bdc}" = "Windows gadget DropTarget"
  -> {HKLM...CLSID} = "Windows gadget DropTarget"

\InProcServer32\(Default) = "C:\Program Files\Windows Sidebar\sbdrop.dll" [MS]
 "{8A734961-C4AA-4741-AC1E-791A​CEBF5B39}" = "Windows Media Player Shop Music Context Menu Handler"
  -> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\Windows\system32\wmpshell.​dll" [MS]
 "{A70C977A-BF00-412C-90B7-034C​51DA2439}" = "NvCpl DesktopContext Class"
  -> {HKLM...CLSID} = "DesktopContext Class"

\InProcServer32\(Default) = "C:\Windows\system32\nvcpl.dll​" ["NVIDIA Corporation"]
 "{FFB699E0-306A-11d3-8BD1-0010​4B6F7516}" = "Play on my TV helper"
  -> {HKLM...CLSID} = "NVIDIA CPL Extension"

\InProcServer32\(Default) = "C:\Windows\system32\nvcpl.dll​" ["NVIDIA Corporation"]
 "{400CFEE2-39D0-46DC-96DF-E0BB​5A4324B3}" = "Mes photos Logitech"
  -> {HKLM...CLSID} = "Mes photos Logitech"

\InProcServer32\(Default) = "C:\Program Files\Logitech\Video\Namespc2.​dll" ["Logitech Inc."]
 "{FC9FB64A-1EB2-4CCF-AF5E-1A49​7A9B5C2D}" = "Messenger Sharing Folders"
  -> {HKLM...CLSID} = "Mes dossiers de partage"

\InProcServer32\(Default) = "C:\Program Files\MSN Messenger\fsshext.8.1.0178.00.​dll" [MS]
 "{B41DB860-8EE4-11D2-9906-E49F​ADC173CA}" = "WinRAR shell extension"
  -> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
 "{472083B0-C522-11CF-8763-0060​8CC02F24}" = "avast"
  -> {HKLM...CLSID} = "avast"

\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
 "{0006F045-0000-0000-C000-0000​00000046}" = "Microsoft Office Outlook Custom Icon Handler"
  -> {HKLM...CLSID} = "Outlook File Icon Extension"

\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11​\OLKFSTUB.DLL" [MS]
 "{42042206-2D85-11D3-8CFF-0050​04838597}" = "Microsoft Office HTML Icon Handler"
  -> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]
 "{1EBC3533-B289-409F-9924-B84B​3F0717D2}" = "AceFTP Context Menu Shell Extension"
  -> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\PROGRA~1\VISICO~1\FTPEXP~1​\ftpcntxt.dll" ["Visicom Media Inc."]
 "{97F68CE3-7146-45FF-BE24-D9A7​DD7CB8A2}" = "NeroCoverEd Live Icons"
  -> {HKLM...CLSID} = "NeroCoverEdLiveIcons Class"

\InProcServer32\(Default) = "C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension​.dll" ["Nero AG"]
 "{FED7043D-346A-414D-ACD7-550D​052499A7}" = "dBpowerAMP Music Converter 1"
  -> {HKLM...CLSID} = "dBpShell Class"

\InProcServer32\(Default) = "C:\Program Files\Illustrate\dBpowerAMP\dB​Shell.dll" [empty string]
 "{2C49B5D0-ACE7-4D17-9DF0-A254​A6C5A0C5}" = "dBpowerAMP Music Converter"
  -> {HKLM...CLSID} = "dMCIShell Class"

\InProcServer32\(Default) = "C:\Program Files\Illustrate\dBpowerAMP\dM​CShell.dll" [empty string]
 "{7842554E-6BED-11D2-8CDB-B055​50C10000}" = "Monitor"
  -> {HKLM...CLSID} = "Monitor Class"

\InProcServer32\(Default) = "C:\Windows\system32\btncopy.d​ll" ["Broadcom Corporation."]
 "{416651E4-9C3C-11D9-8BDE-F66B​AD1E3F3A}" = "Nokia Phone Browser"
  -> {HKLM...CLSID} = "Nokia Phone Browser"

\InProcServer32\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll" ["Nokia"]
 "{6af09ec9-b429-11d4-a1fb-0090​960218cb}" = "My Bluetooth Places"
  -> {HKLM...CLSID} = "Favoris Bluetooth"

\InProcServer32\(Default) = "C:\Windows\system32\btneighbo​rhood.dll" ["Broadcom Corporation."]

 HKLM\Software\Microsoft\Window​s\CurrentVersion\Explorer\Shel​lExecuteHooks\
 <<!>> "{57B86673-276A-48B2-BAE7-C6DB​B3020EB8}" = "AVG Anti-Spyware 7.5"
  -> {HKLM...CLSID} = "CShellExecuteHookImpl Object"

\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" ["GRISOFT s.r.o."]

 HKLM\System\CurrentControlSet\​Control\Session Manager\
 <<!>> "BootExecute" = "autocheck autochk *"|"lsdelete" [null data]

 HKLM\Software\Classes\PROTOCOL​S\Filter\
 <<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0​D022E945}"
  -> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

 HKLM\Software\Classes\Folder\s​hellex\ColumnHandlers\
 {F9DB5320-233E-11D1-9F84-707F0​2C10627}\(Default) = "PDF Column Info"
  -> {HKLM...CLSID} = "PDF Shell Extension"

\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]
 {FED7043D-346A-414D-ACD7-550D0​52499A7}\(Default) = "dBpowerAMP Column Handler"
  -> {HKLM...CLSID} = "dBpShell Class"

\InProcServer32\(Default) = "C:\Program Files\Illustrate\dBpowerAMP\dB​Shell.dll" [empty string]

 HKLM\Software\Classes\*\shelle​x\ContextMenuHandlers\
 avast\(Default) = "{472083B0-C522-11CF-8763-0060​8CC02F24}"
  -> {HKLM...CLSID} = "avast"

\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
 AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A9​21CD3920}"
  -> {HKLM...CLSID} = "CContextScan Object"

\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["GRISOFT s.r.o."]
 Cover Designer\(Default) = "{73FCA462-9BD5-4065-A73F-A8E5​F6904EF7}"
  -> {HKLM...CLSID} = "NeroCoverEdContextMenu Class"

\InProcServer32\(Default) = "C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension​.dll" ["Nero AG"]
 FTP Expert\(Default) = "{1EBC3533-B289-409F-9924-B84B​3F0717D2}"
  -> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\PROGRA~1\VISICO~1\FTPEXP~1​\ftpcntxt.dll" ["Visicom Media Inc."]
 WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49F​ADC173CA}"
  -> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

 HKLM\Software\Classes\Director​y\shellex\ContextMenuHandlers\
 AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A9​21CD3920}"
  -> {HKLM...CLSID} = "CContextScan Object"

\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["GRISOFT s.r.o."]
 FTP Expert\(Default) = "{1EBC3533-B289-409F-9924-B84B​3F0717D2}"
  -> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\PROGRA~1\VISICO~1\FTPEXP~1​\ftpcntxt.dll" ["Visicom Media Inc."]
 WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49F​ADC173CA}"
  -> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

 HKLM\Software\Classes\Folder\s​hellex\ContextMenuHandlers\
 avast\(Default) = "{472083B0-C522-11CF-8763-0060​8CC02F24}"
  -> {HKLM...CLSID} = "avast"

\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
 WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49F​ADC173CA}"
  -> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


 Group Policies {GPedit.msc branch and setting}:
 ------------------------------​-----------------

 Note: detected settings may not have any effect.

 HKLM\Software\Microsoft\Window​s\CurrentVersion\Policies\Syst​em\

 "ConsentPromptBehaviorAdmin" = (REG_DWORD) hex:0x00000002
 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
 User Account Control: Behavior Of The Elevation Prompt For Administrators In Admin Approval Mode}

 "ConsentPromptBehaviorUser" = (REG_DWORD) hex:0x00000001
 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
 User Account Control: Behavior Of The Elevation Prompt For Standard Users}

 "EnableInstallerDetection" = (REG_DWORD) hex:0x00000001
 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
 User Account Control: Detect Application Installations And Prompt For Elevation}

 "EnableSecureUIAPaths" = (REG_DWORD) hex:0x00000001
 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
 User Account Control: Only elevate UIAccess applications that are installed in secure locations}

 "EnableVirtualization" = (REG_DWORD) hex:0x00000001
 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
 User Account Control: Virtualize file and registry write failures to per-user locations}

 "PromptOnSecureDesktop" = (REG_DWORD) hex:0x00000001
 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
 User Account Conrol: Switch to the secure desktop when prompting for elevation}

 "shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
 Shutdown: Allow system to be shut down without having to log on}

 "undockwithoutlogon" = (REG_DWORD) hex:0x00000001
 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
 Devices: Allow undock without having to log on}

 "FilterAdministratorToken" = (REG_DWORD) hex:0x00000000
 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
 User Account Control: Admin Approval Mode for the Built-in Administrator Account}

 "EnableLUA" = (REG_DWORD) hex:0x00000000
 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
 User Account Control: Run All Administrators In Admin Approval Mode}


 Active Desktop and Wallpaper:
 -----------------------------

 Active Desktop may be disabled at this entry:
 HKCU\Software\Microsoft\Window​s\CurrentVersion\Explorer\Shel​lState

 Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
 HKCU\Software\Microsoft\Intern​et Explorer\Desktop\General\
 "Wallpaper" = "C:\Windows\system32\config\sy​stemprofile\AppData\Roaming\Mi​crosoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg"

 Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
 HKCU\Control Panel\Desktop\
 "Wallpaper" = "C:\Users\David\AppData\Roamin​g\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg"


 Enabled Screen Saver:
 ---------------------

 HKCU\Control Panel\Desktop\
 "SCRNSAVE.EXE" = "C:\Windows\system32\Aurora.sc​r" [MS]


 Startup items in "David" & "All Users" startup folders:
 ------------------------------​-------------------------

 C:\ProgramData\Microsoft\Windo​ws\Start Menu\Programs\Startup
 "Lancement rapide d'Adobe Reader" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]
 "Logitech Desktop Messenger" -> shortcut to: "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\Logi​techDesktopMessenger.exe -startup" ["Logitech Inc."]


 Non-disabled Scheduled Tasks:
 -----------------------------

 C:\Windows\System32\Tasks
 "At1" ->  launches: "C:\Users\David\AppData\Local\​MICROS~1\Windows\TEMPOR~1\Cont​ent.IE5\EI53LI5C\Look2Me-Destr​oyer.exe /task" [file not found]
 "PresentationSettingsTurnOff_M​urderer_David" -> (HIDDEN!) launches: "%windir%\system32\Presentatio​nSettings.exe /stop" [MS]

 C:\Windows\System32\Tasks\Micr​osoft\Windows\Bluetooth
 "UninstallDeviceTask" ->  launches: "BthUdTask.exe $(Arg0)" [MS]

 C:\Windows\System32\Tasks\Micr​osoft\Windows\CertificateServi​cesClient
 "SystemTask" ->  launches: "{58fb76b9-ac85-4e55-ac04-4275​93b1d060}"
  -> {HKLM...CLSID} = "Certificate Services Client Task Handler"

\InProcServer32\(Default) = "C:\Windows\system32\dimsjob.d​ll" [MS]
 "UserTask" ->  launches: "{58fb76b9-ac85-4e55-ac04-4275​93b1d060}"
  -> {HKLM...CLSID} = "Certificate Services Client Task Handler"

\InProcServer32\(Default) = "C:\Windows\system32\dimsjob.d​ll" [MS]
 "UserTask-Roam" ->  launches: "{58fb76b9-ac85-4e55-ac04-4275​93b1d060}"
  -> {HKLM...CLSID} = "Certificate Services Client Task Handler"

\InProcServer32\(Default) = "C:\Windows\system32\dimsjob.d​ll" [MS]

 C:\Windows\System32\Tasks\Micr​osoft\Windows\Customer Experience Improvement Program
 "Consolidator" ->  launches: "%SystemRoot%\System32\wsqmcon​s.exe" [MS]
 "OptinNotification" ->  launches: "%SystemRoot%\System32\wsqmcon​s.exe -n 0x1C577FA2B69CAD0" [MS]

 C:\Windows\System32\Tasks\Micr​osoft\Windows\Defrag
 "ManualDefrag" ->  launches: "%windir%\system32\defrag.exe -c" [MS]
 "ScheduledDefrag" ->  launches: "%windir%\system32\defrag.exe -c -i" [MS]

 C:\Windows\System32\Tasks\Micr​osoft\Windows\DiskDiagnostic
 "Microsoft-Windows-DiskDiagnos​ticDataCollector" -> (HIDDEN!) launches: "%windir%\system32\rundll32.ex​e dfdts.dll,DfdGetDefaultPolicyA​ndSMART" [MS]

 C:\Windows\System32\Tasks\Micr​osoft\Windows\Media Center
 "ehDRMInit" ->  launches: "%SystemRoot%\ehome\ehPrivJob.​exe /DRMInit" [MS]
 "mcupdate" ->  launches: "%SystemRoot%\ehome\mcupdate $(Arg0) -gc" [MS]
 "OCURActivate" ->  launches: "%SystemRoot%\ehome\ehPrivJob.​exe /OCURActivate" [MS]
 "OCURDiscovery" ->  launches: "%SystemRoot%\ehome\ehPrivJob.​exe /OCURDiscovery" [MS]
 "UpdateRecordPath" ->  launches: "%SystemRoot%\ehome\ehPrivJob.​exe /DoUpdateRecordPath $(Arg0)" [MS]

 C:\Windows\System32\Tasks\Micr​osoft\Windows\MobilePC
 "HotStart" ->  launches: "{06DA0625-9701-43da-BFD7-FBEE​A2180A1E}"
  -> {HKLM...CLSID} = "HotStart User Agent"

\InProcServer32\(Default) = "C:\Windows\System32\HotStartU​serAgent.dll" [MS]
 "TMM" ->  launches: "{35EF4182-F900-4632-B072-8639​E4478A61}"
  -> {HKLM...CLSID} = "Transient Multi-Monitor Manager"

\InProcServer32\(Default) = "C:\Windows\System32\TMM.dll" [MS]

 C:\Windows\System32\Tasks\Micr​osoft\Windows\MUI
 "LPRemove" ->  launches: "%windir%\system32\lpremove.ex​e" [MS]

 C:\Windows\System32\Tasks\Micr​osoft\Windows\Multimedia
 "SystemSoundsService" ->  launches: "{2DEA658F-54C1-4227-AF9B-260A​B5FC3543}"
  -> {HKLM...CLSID} = "Microsoft PlaySoundService Class"

\InProcServer32\(Default) = "C:\Windows\System32\PlaySndSr​v.dll" [MS]

 C:\Windows\System32\Tasks\Micr​osoft\Windows\NetworkAccessPro​tection
 "NAPStatus UI" ->  launches: "{f09878a1-4652-4292-aa63-8c7d​4fd7648f}"
  -> {HKLM...CLSID} = "Nap ITask Handler Implementation"

\InProcServer32\(Default) = "C:\Windows\System32\QAgent.dl​l" [MS]

 C:\Windows\System32\Tasks\Micr​osoft\Windows\PLA\System
 "ConvertLogEntries" -> (HIDDEN!) launches: "%windir%\system32\rundll32.ex​e %windir%\system32\pla.dll,PlaC​onvertLogEntries" [MS]

 C:\Windows\System32\Tasks\Micr​osoft\Windows\RAC
 "RACAgent" -> (HIDDEN!) launches: "%windir%\system32\RacAgent.ex​e" [MS]

 C:\Windows\System32\Tasks\Micr​osoft\Windows\RemoteAssistance
 "RemoteAssistanceTask" -> (HIDDEN!) launches: "%windir%\system32\RAServer.ex​e /offerraupdate" [MS]

 C:\Windows\System32\Tasks\Micr​osoft\Windows\Shell
 "CrawlStartPages" ->  launches: "{51653423-e62d-4ff7-894a-dabb​2b8e21e2}"
  -> {HKLM...CLSID} = "CrawlStartPages Task Handler"

\InProcServer32\(Default) = "C:\Windows\System32\srchadmin​.dll" [MS]

 C:\Windows\System32\Tasks\Micr​osoft\Windows\SideShow
 "GadgetManager" ->  launches: "{FF87090D-4A9A-4f47-879B-29A8​0C355D61}"
  -> {HKLM...CLSID} = "GadgetsManager Class"

\InProcServer32\(Default) = "C:\Windows\System32\Auxiliary​DisplayServices.dll" [MS]

 C:\Windows\System32\Tasks\Micr​osoft\Windows\SystemRestore
 "SR" ->  launches: "%windir%\system32\rundll32.ex​e /d srrstr.dll,ExecuteScheduledSPP​Creation" [MS]

 C:\Windows\System32\Tasks\Micr​osoft\Windows\Tcpip
 "IpAddressConflict1" ->  launches: "rundll32 ndfapi.dll,NdfRunDllDuplicateI​POffendingSystem" [MS]
 "IpAddressConflict2" ->  launches: "rundll32 ndfapi.dll,NdfRunDllDuplicateI​PDefendingSystem" [MS]

 C:\Windows\System32\Tasks\Micr​osoft\Windows\TextServicesFram​ework
 "MsCtfMonitor" -> (HIDDEN!) launches: "{01575cfe-9a55-4003-a5e1-f38d​1ebdcbe1}"
  -> {HKLM...CLSID} = "MsCtfMonitor task handler"

\InProcServer32\(Default) = "C:\Windows\system32\MsCtfMoni​tor.dll" [MS]

 C:\Windows\System32\Tasks\Micr​osoft\Windows\UPnP
 "UPnPHostConfig" ->  launches: "sc.exe config upnphost start= auto" [MS]

 C:\Windows\System32\Tasks\Micr​osoft\Windows\WDI
 "ResolutionHost" -> (HIDDEN!) launches: "{900be39d-6be8-461a-bc4d-b0fa​71f5ecb1}"
  -> {HKLM...CLSID} = "DiagnosticInfrastructureCusto​mHandler"

\InProcServer32\(Default) = "C:\Windows\System32\wdi.dll" [MS]

 C:\Windows\System32\Tasks\Micr​osoft\Windows\Windows Error Reporting
 "QueueReporting" ->  launches: "%windir%\system32\wermgr.exe -queuereporting" [MS]

 C:\Windows\System32\Tasks\Micr​osoft\Windows\Wired
 "GatherWiredInfo" ->  launches: "%windir%\system32\gatherWired​Info.vbs" [null data]

 C:\Windows\System32\Tasks\Micr​osoft\Windows\Wireless
 "GatherWirelessInfo" ->  launches: "%windir%\system32\gatherWirel​essInfo.vbs" [null data]

 C:\Windows\System32\Tasks\Micr​osoft\Windows Defender
 "MP Scheduled Scan" -> (HIDDEN!) launches: "c:\program files\windows defender\MpCmdRun.exe Scan -RestrictPrivileges" [MS]
 "MP Scheduled Signature Update" -> (HIDDEN!) launches: "c:\program files\windows defender\MpCmdRun.exe SignatureUpdate" [MS]


 Winsock2 Service Provider DLLs:
 ------------------------------​-

 Namespace Service Providers

 HKLM\System\CurrentControlSet\​Services\Winsock2\Parameters\N​ameSpace_Catalog5\Catalog_Entr​ies\ {++}
 000000000001\LibraryPath = "%SystemRoot%\system32\NLAapi.​dll" [MS]
 000000000002\LibraryPath = "%SystemRoot%\System32\mswsock​.dll" [MS]
 000000000003\LibraryPath = "%SystemRoot%\System32\winrnr.​dll" [MS]
 000000000004\LibraryPath = "%SystemRoot%\system32\napinsp​.dll" [MS]
 000000000005\LibraryPath = "%SystemRoot%\system32\pnrpnsp​.dll" [MS]
 000000000006\LibraryPath = "%SystemRoot%\system32\pnrpnsp​.dll" [MS]

 Transport Service Providers

 HKLM\System\CurrentControlSet\​Services\Winsock2\Parameters\P​rotocol_Catalog9\Catalog_Entri​es\ {++}
 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
 %SystemRoot%\system32\mswsock.​dll [MS], 01 - 19


 Toolbars, Explorer Bars, Extensions:
 ------------------------------​------

 Explorer Bars

 HKLM\Software\Microsoft\Intern​et Explorer\Explorer Bars\

 HKLM\Software\Classes\CLSID\{F​F059E31-CC5A-4E2E-BF3B-96E929D​65503}\(Default) = "&Rechercher"
 Implemented Categories\{00021493-0000-0000​-C000-000000000046}\ [vertical bar]
 InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11​\REFIEBAR.DLL" [MS]

 Extensions (Tools menu items, main toolbar menu buttons)

 HKLM\Software\Microsoft\Intern​et Explorer\Extensions\
 {08B0E5C0-4FCB-11CF-AAA5-00401​C608501}\
 "MenuText" = "Console Java (Sun)"
 "CLSIDExtension" = "{CAFEEFAC-0016-0000-0001-ABCD​EFFEDCBC}"
  -> {HKLM...CLSID} = "Java Plug-in 1.6.0_01"

\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_01\bin\ssv​.dll" ["Sun Microsystems, Inc."]

 {92780B25-18CC-41C8-B9BE-3C9C5​71A8263}\
 "ButtonText" = "Recherche"


 HOSTS file
 ----------

 C:\Windows\System32\drivers\et​c\HOSTS

 maps: 2 domain names to IP addresses,

1 of the IP addresses is *not* localhost!


 Running Services (Display Name, Service Name, Path {Service DLL}):
 ------------------------------​------------------------------​------

 Accès du périphérique d'interface utilisateur, hidserv, "C:\Windows\system32\svchost.e​xe -k LocalSystemNetworkRestricted" {"C:\Windows\system32\hidserv.​dll" [MS]}
 Acquisition d'image Windows (WIA), stisvc, "C:\Windows\system32\svchost.e​xe -k imgsvc" {"C:\Windows\System32\wiaservc​.dll" [MS]}
 Ad-Aware 2007 Service, aawservice, ""C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe"" ["Lavasoft AB"]
 avast! Antivirus, avast! Antivirus, ""C:\Program Files\Alwil Software\Avast4\ashServ.exe"" ["ALWIL Software"]
 avast! iAVS4 Control Service, aswUpdSv, ""C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"" ["ALWIL Software"]
 avast! Mail Scanner, avast! Mail Scanner, ""C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"]
 avast! Web Scanner, avast! Web Scanner, ""C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"]
 AVG Anti-Spyware Guard, AVG Anti-Spyware Guard, "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe" ["GRISOFT s.r.o."]
 Bluetooth Service, btwdins, "C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe" ["Broadcom Corporation."]
 Explorateur d'ordinateurs, Browser, "C:\Windows\System32\svchost.e​xe -k netsvcs" {"C:\Windows\System32\browser.​dll" [MS]}
 Journal d’événements Windows, Eventlog, "C:\Windows\System32\svchost.e​xe -k LocalServiceNetworkRestricted" {(missing data)}
 lxbk_device, lxbk_device, "C:\Windows\system32\lxbkcoms.​exe -service" [" "]
 Machine Debug Manager, MDM, ""C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"" [MS]
 NMIndexingService, NMIndexingService, ""C:\Program Files\Common Files\Ahead\Lib\NMIndexingServ​ice.exe"" ["Nero AG"]
 Publication des ressources de découverte de fonctions, FDResPub, "C:\Windows\system32\svchost.e​xe -k LocalService" {"C:\Windows\system32\fdrespub​.dll" [MS]}
 Service Messenger Sharing Folders USN Journal Reader, usnjsvc, ""C:\Program Files\MSN Messenger\usnsvc.exe"" [MS]
 Service Moniteur infrarouge, Irmon, "C:\Windows\system32\svchost.e​xe -k LocalSystemNetworkRestricted" {"C:\Windows\System32\irmon.dl​l" [MS]}
 ServiceLayer, ServiceLayer, ""C:\Program Files\PC Connectivity Solution\ServiceLayer.exe"" ["Nokia."]
 Windows Driver Foundation - Infrastructure de pilote mode-utilisateur, wudfsvc, "C:\Windows\system32\svchost.e​xe -k LocalSystemNetworkRestricted" {"C:\Windows\System32\WUDFSvc.​dll" [MS]}


 Print Monitors:
 ---------------

 HKLM\System\CurrentControlSet\​Control\Print\Monitors\
 Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]
 Port imprimante Bluetooth\Driver = "bthcrp.dll" ["Broadcom Corporation."]
 X1100 Series Port\Driver = "lxbklmpm.dll" [" "]


 ----------
 <<!>>: Suspicious data at a malware launch point.

 + This report excludes default entries except where indicated.
 + To see *everywhere* the script checks and *everything* it finds,
  launch it from a command prompt or a shortcut with the -all parameter.
 + To search all directories of local fixed drives for DESKTOP.INI
  DLL launch points, use the -supp parameter or answer "No" at the
  first message box and "Yes" at the second message box.
 ---------- (total run time: 388 seconds, including 12 seconds for message boxes)
 


bigdev
  1. Posté le 22/07/2007 à 19:32:34  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
up!

(Publicité)
 Page :
1

Aller à :
 

Sujets relatifs
Equivalent de SDFIX pour Vista ? pub intempestive (yes messenger;casino;spyware;etc)
Spyware sécure ( pour changer !! ) besoin d'aide ! spyware logger goldun.nbm
virus assez embetant(pub pour un anti spyware) Au secours - Trojan.Juan.G. est un enfer
[Résolu] Problème de pubs intenpestives... 18 "trojans" & "spyware" + lag
Plus de sujets relatifs à : spyware et vista, pub intenpestives, au secours!