View Full Version : Possible WIN32.TROJANDOWNLOADER.AGENT.AM? Need second opinion, not desperately urgent
Hi, i'll get straight to the point.
only After upgrading ie to v.7 i noticed that iexplore.exe was running even when i didn't have it opened. so i downgraded back to 6, but the iexplore.exe was/is still running even though IE is not open. in taskmgr.exe if i kill the process, about 10 seconds later, server.exe launches and a few secs after that it changes its name to iexplore.exe. the reason i am suspicious is because its only using about 5'600kb of memory, plus sometimes there were 2 of these small iexplore.exe processes.
so i ran virus scan nod32, nothing, panda - nothing (log to follow as requested in "before you post"), lavasoft ad-aware came up with WIN32.TROJANDOWNLOADER.AGENT.AM . so safe mode - spybot - found only cookies, nothing else. reperformed full system scan in adaware and didn't find anything this time (except cookies again).
as far as symptoms go, apart from seeing iexplore.exe in taskmgr.exe, very frequent freezing and bugging/lagging, real dodgy bugging too : i could make taskmgr.exe come up, but i could only control it with the keyboard, mouse clicks wouldnt do anything. but now i have ie6 again, no more freezing for now. no popups nor the usual adware stuff like ie tool bars etc either.
basically, i tried to find something on the net about this peculiar iexplore.exe behaviour but found nothing. another thing i found weird is when i searched my C drive for server.exe (i know nothing about this exe, might be normal, you'll know) it was in windows/system32/winupdate and it was set as hidden. with also SERVER.EXE-03540188.pf in windows/prefetch
so basically, what would be great, is if someone could tell me first of all: do i have a trojan or virus or adware of whatever you wanna call an indesirable thing that gets into pcs and if yes, how to get rid of it. if not, why on earth do i have that iexplore.exe process taking 5mb of my memory ???????
(you can see in the hijack this log that iexplore.exe is running even though i didn't have it opened at the time either, actually i'd be quite happy to completely get rid of it as i use firefox, but annoying sites - like panda actually - require it for the activescan to work *sigh*)
Thanks a bunch, as I said, the pc seems fine now so it's not particularly life or death situation urgent, however we do have 4 pcs connected on lan to the router/modem so if there's anything on this pc I don't want it getting to the others, one of which is already infected with something anyway,but it's my sister's so i'll post the logs of that later, when i get to it ^^.
Thanks.
Panda Log follows.
Incident Status Location
Spyware:Cookie/Seeq Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\i5atjndt.default\cookies.txt[.www48.seeq.com/]
Spyware:Cookie/Xmts Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\i5atjndt.default\cookies.txt[.xmts.net/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\i5atjndt.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\i5atjndt.default\cookies.txt[.xiti.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\i5atjndt.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\i5atjndt.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\i5atjndt.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Seeq Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\i5atjndt.default\cookies.txt[.seeq.com/]
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\i5atjndt.default\cookies.txt[.tradedoubler.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\i5atjndt.default\cookies.txt[.overture.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\i5atjndt.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/PayCounter Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\i5atjndt.default\cookies.txt[.paycounter.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\i5atjndt.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/HotLog Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\i5atjndt.default\cookies.txt[.hotlog.ru/]
Spyware:Cookie/SpyLog Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\i5atjndt.default\cookies.txt[.spylog.com/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\i5atjndt.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\i5atjndt.default\cookies.txt[.as1.falkag.de/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\i5atjndt.default\cookies.txt[.adtech.de/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\i5atjndt.default\cookies.txt[.c5.zedo.com/]
Spyware:Cookie/NewMedia Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\i5atjndt.default\cookies.txt[.anm.co.uk/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\i5atjndt.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\i5atjndt.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\i5atjndt.default\cookies.txt[.as-us.falkag.net/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\i5atjndt.default\cookies.txt[.ad.yieldmanager.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\i5atjndt.default\cookies.txt[.247realmedia.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\i5atjndt.default\cookies.txt[.as1.falkag.de/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\i5atjndt.default\cookies.txt[.bluestreak.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\i5atjndt.default\cookies.txt[.112.2o7.net/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\i5atjndt.default\cookies.txt[.com.com/]
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\i5atjndt.default\cookies.txt[.cs.sexcounter.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\i5atjndt.default\cookies.txt[.as1.falkag.de/]
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\i5atjndt.default\cookies.txt[.cs.sexcounter.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\i5atjndt.default\cookies.txt[.2o7.net/]
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\i5atjndt.default\cookies.txt[.cs.sexcounter.com/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\i5atjndt.default\cookies.txt[.adtech.de/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\lqx4gnlm.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Seeq Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\lqx4gnlm.default\cookies.txt[.www48.seeq.com/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\lqx4gnlm.default\cookies.txt[.xiti.com/]
Spyware:Cookie/Xmts Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\lqx4gnlm.default\cookies.txt[.xmts.net/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\lqx4gnlm.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\lqx4gnlm.default\cookies.txt[.tradedoubler.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\lqx4gnlm.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/PayCounter Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\lqx4gnlm.default\cookies.txt[.paycounter.com/]
Spyware:Cookie/HotLog Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\lqx4gnlm.default\cookies.txt[.hotlog.ru/]
Spyware:Cookie/SpyLog Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\lqx4gnlm.default\cookies.txt[.spylog.com/]
Spyware:Cookie/Seeq Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\lqx4gnlm.default\cookies.txt[.seeq.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\lqx4gnlm.default\cookies.txt[.overture.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\lqx4gnlm.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\lqx4gnlm.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\lqx4gnlm.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\lqx4gnlm.default\cookies.txt[.ad.yieldmanager.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\lqx4gnlm.default\cookies.txt[.247realmedia.com/]
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\lqx4gnlm.default\cookies.txt[.cs.sexcounter.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\lqx4gnlm.default\cookies.txt[.ad.yieldmanager.com/]
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\lqx4gnlm.default\cookies.txt[.cs.sexcounter.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\lqx4gnlm.default\cookies.txt[.112.2o7.net/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\lqx4gnlm.default\cookies.txt[.com.com/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\lqx4gnlm.default\cookies.txt[.adtech.de/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\lqx4gnlm.default\cookies.txt[.as1.falkag.de/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\lqx4gnlm.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\lqx4gnlm.default\cookies.txt[.as1.falkag.de/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\lqx4gnlm.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\lqx4gnlm.default\cookies.txt[.as1.falkag.de/]
Spyware:Cookie/NewMedia Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\lqx4gnlm.default\cookies.txt[.anm.co.uk/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\lqx4gnlm.default\cookies.txt[.as1.falkag.de/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\lqx4gnlm.default\cookies.txt[.bluestreak.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\lqx4gnlm.default\cookies.txt[.as-us.falkag.net/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\lqx4gnlm.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/NewMedia Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies-1.txt[.anm.co.uk/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies-1.txt[ad.yieldmanager.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies-1.txt[.mediaplex.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies-1.txt[.doubleclick.net/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies-1.txt[.zedo.com/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies-1.txt[.xiti.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies-1.txt[.fastclick.net/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies-1.txt[.adtech.de/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies-1.txt[.com.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies-1.txt[.atdmt.com/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies-1.txt[.bluestreak.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies-1.txt[.advertising.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies-1.txt[.tribalfusion.com/]
Spyware:Cookie/SpyLog Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies-1.txt[.spylog.com/]
Spyware:Cookie/HotLog Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies-1.txt[.hotlog.ru/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies-1.txt[.toplist.cz/]
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies-1.txt[.tradedoubler.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies-1.txt[.casalemedia.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies-1.txt[.ads.pointroll.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies-1.txt[.questionmarket.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies-1.txt[.serving-sys.com/]
Spyware:Cookie/Weborama Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies-1.txt[.weborama.fr/]
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies-1.txt[.yadro.ru/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies-1.txt[.2o7.net/]
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies-1.txt[.z1.adserver.com/]
Spyware:Cookie/RealTracker Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies-1.txt[.web2.realtracker.com/]
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies-1.txt[.stat.onestat.com/]
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies-1.txt[.valueclick.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies-1.txt[.statcounter.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies-1.txt[.statse.webtrendslive.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies-1.txt[.trafficmp.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies-1.txt[.server.iad.liveperson.net/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies-1.txt[.realmedia.com/]
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies-1.txt[.qksrv.net/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies-1.txt[.phg.hitbox.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies-1.txt[.revenue.net/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies-1.txt[.perf.overture.com/]
Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies-1.txt[.i.screensavers.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies-1.txt[.hitbox.com/]
Spyware:Cookie/Lop Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies-1.txt[.mp3search.ru/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies-1.txt[.maxserving.com/]
Spyware:Cookie/FortuneCity Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies-1.txt[.fortunecity.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies-1.txt[.microsofteup.112.2o7.net/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies-1.txt[.go.com/]
Spyware:Cookie/Comclick Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies-1.txt[.fl01.ct2.comclick.com/]
Spyware:Cookie/Hitslink Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies-1.txt[.counter.hitslink.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies-1.txt[.statse.webtrendslive.com/dcss3oxau5twkf4oma0cdcas2_2o4b]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies.txt[.hitbox.com/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies.txt[.xiti.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/NewMedia Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies.txt[.anm.co.uk/]
Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies.txt[.bfast.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies.txt[.2o7.net/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies.txt[.bluestreak.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Weborama Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies.txt[.weborama.fr/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies.txt[.com.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/HotLog Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies.txt[.hotlog.ru/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies.txt[.adtech.de/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Adviva Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies.txt[.adviva.net/]
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies.txt[.adopt.hbmediapro.com/]
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies.txt[.clickbank.net/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/SpyLog Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies.txt[.spylog.com/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies.txt[.toplist.cz/]
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies.txt[.tradedoubler.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies.txt[.yadro.ru/]
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies.txt[.z1.adserver.com/]
Spyware:Cookie/RealTracker Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies.txt[.web2.realtracker.com/]
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies.txt[.stat.onestat.com/]
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies.txt[.valueclick.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies.txt[.statse.webtrendslive.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies.txt[.server.iad.liveperson.net/]
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies.txt[.qksrv.net/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies.txt[.phg.hitbox.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies.txt[.revenue.net/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies.txt[.perf.overture.com/]
Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies.txt[.i.screensavers.com/]
Spyware:Cookie/Lop Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies.txt[.mp3search.ru/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\HP_Propriétaire\Cookies\hp_propriétaire@ad.yieldmanager[2].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\HP_Propriétaire\Cookies\hp_propriétaire@adopt.hbmediapro[2].txt
Spyware:Cookie/NewMedia Not disinfected C:\Documents and Settings\HP_Propriétaire\Cookies\hp_propriétaire@anm.co[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\HP_Propriétaire\Cookies\hp_propriétaire@atwola[1].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\HP_Propriétaire\Cookies\hp_propriétaire@burstnet[2].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\HP_Propriétaire\Cookies\hp_propriétaire@cgi-bin[1].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\HP_Propriétaire\Cookies\hp_propriétaire@cgi-bin[3].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\HP_Propriétaire\Cookies\hp_propriétaire@cgi-bin[7].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\HP_Propriétaire\Cookies\hp_propriétaire@com[2].txt
Spyware:Cookie/Sexsuche Not disinfected C:\Documents and Settings\HP_Propriétaire\Cookies\hp_propriétaire@counter.sexsuche[1].txt
Spyware:Cookie/360i Not disinfected C:\Documents and Settings\HP_Propriétaire\Cookies\hp_propriétaire@ct.360i[1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\HP_Propriétaire\Cookies\hp_propriétaire@drivecleaner[2].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\HP_Propriétaire\Cookies\hp_propriétaire@errorsafe[2].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\HP_Propriétaire\Cookies\hp_propriétaire@go[2].txt
Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\HP_Propriétaire\Cookies\hp_propriétaire@i.screensavers[2].txt
Spyware:Cookie/Itrack Not disinfected C:\Documents and Settings\HP_Propriétaire\Cookies\hp_propriétaire@ilead.itrack[1].txt
Spyware:Cookie/Lop Not disinfected C:\Documents and Settings\HP_Propriétaire\Cookies\hp_propriétaire@mp3search[2].txt
Spyware:Cookie/Rn11 Not disinfected C:\Documents and Settings\HP_Propriétaire\Cookies\hp_propriétaire@rn11[1].txt
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\HP_Propriétaire\Cookies\hp_propriétaire@toplist[1].txt
Spyware:Cookie/Tucows Not disinfected C:\Documents and Settings\HP_Propriétaire\Cookies\hp_propriétaire@tucows[2].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\HP_Propriétaire\Cookies\hp_propriétaire@www.drivecleaner[2].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\HP_Propriétaire\Cookies\hp_propriétaire@www.errorsafe[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\HP_Propriétaire\Cookies\hp_propriétaire@xiti[1].txt
Spyware:Cookie/Xmts Not disinfected C:\Documents and Settings\HP_Propriétaire\Cookies\hp_propriétaire@xmts[1].txt
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\HP_Propriétaire\Cookies\hp_propriétaire@yadro[1].txt
Potentially unwanted tool:Application/KillApp.B Not disinfected C:\hp\bin\KillIt.exe
Logfile of HijackThis v1.99.1
Scan saved at 18:11:57, on 12/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\ISSVC.exe
c:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\alan\Steam\steam.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\alan\adware removal\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ch/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: Add to EverNote - res://C:\Program Files\EverNote\EverNote\enbar.dll/2000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Program Files\EverNote\EverNote\enbar.dll
O9 - Extra 'Tools' menuitem: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Program Files\EverNote\EverNote\enbar.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.1.2.76.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/06101102/qsp2ie06101001.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D394CCEB-BDBB-41AD-BBF1-9E2517C12ACA}: NameServer = 195.186.1.111,195.186.4.111
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
PS : sorry if i didn't do the notepad format modification, but my pc's in french so i'm not sure what it corresponded to.
if needed to know, pc 3.2 ghz, 1024 ram, 200gb internal + 300gb external, max 1 year old.hp.
Hi alanus and welcome to the Forums :)
Sorry for the log delay.
If you still need help, please post a fresh HijackThis log :bigthumb:
Logfile of HijackThis v1.99.1
Scan saved at 19:19:19, on 19/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\ISSVC.exe
c:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\cidaemon.exe
C:\alan\BitComet\BitComet.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\alan\adware removal\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ch/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O8 - Extra context menu item: Add to EverNote - res://C:\Program Files\EverNote\EverNote\enbar.dll/2000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Program Files\EverNote\EverNote\enbar.dll
O9 - Extra 'Tools' menuitem: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Program Files\EverNote\EverNote\enbar.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.1.2.76.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/06101102/qsp2ie06101001.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D394CCEB-BDBB-41AD-BBF1-9E2517C12ACA}: NameServer = 195.186.1.111,195.186.4.111
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
Hi :)
1. Download this file - combofix.exe (http://download.bleepingcomputer.com/sUBs/combofix.exe)
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Please do an online scan with Kaspersky WebScanner (http://www.kaspersky.com/virusscanner)
Click on Kaspersky Online Scanner
You will be promted to install an ActiveX component from Kaspersky, Click Yes.
The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT
Now click on Scan Settings
In the scan settings make that the following are selected:
Scan using the following Anti-Virus database:
Extended (if available otherwise Standard)
Scan Options:
Scan Archives
Scan Mail Bases
Click OK
Now under select a target to scan:Select My Computer
This will program will start and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
Now click on the Save as Text button:
Save the file to your desktop.
Copy and paste that information in your next post.
"HP_Propri‚taire" - 07-01-20 13:05:03 Service Pack 2
ComboFix 07-01-18 - Running from: "C:\alan\adware removal"
((((((((((((((((((((((((((((((( Files Created from 2006-12-20 to 2007-01-20 ))))))))))))))))))))))))))))))))))
2007-01-20 13:07 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-01-20 13:07 <REP> d-------- C:\WINDOWS\LastGood
2007-01-12 15:18 <REP> d-------- C:\DOCUME~1\ADMINI~1\Application Data\Lavasoft
2007-01-12 15:11 <REP> d-------- C:\DOCUME~1\ADMINI~1\WINDOWS
2007-01-12 15:11 <REP> d-------- C:\DOCUME~1\ADMINI~1\Voisinage r‚seau
2007-01-12 15:11 <REP> d-------- C:\DOCUME~1\ADMINI~1\Voisinage d'impression
2007-01-12 15:11 <REP> d-------- C:\DOCUME~1\ADMINI~1\ModŠles
2007-01-12 15:11 <REP> d-------- C:\DOCUME~1\ADMINI~1\Mes documents
2007-01-12 15:11 <REP> d-------- C:\DOCUME~1\ADMINI~1\Menu D‚marrer
2007-01-12 15:11 <REP> d-------- C:\DOCUME~1\ADMINI~1\Favoris
2007-01-12 15:11 <REP> d-------- C:\DOCUME~1\ADMINI~1\Bureau
2007-01-12 15:11 <REP> d-------- C:\DOCUME~1\ADMINI~1\Application Data\Symantec
2007-01-12 15:11 <REP> d-------- C:\DOCUME~1\ADMINI~1\Application Data\SampleView
2007-01-12 15:11 <REP> d-------- C:\DOCUME~1\ADMINI~1\Application Data\Apple Computer
2007-01-11 15:21 <REP> d-------- C:\WINDOWS\system32\ActiveScan
2007-01-11 14:38 <REP> d-------- C:\Program Files\Lavasoft
2007-01-11 14:38 <REP> d-------- C:\DOCUME~1\HP_PRO~1\Application Data\Lavasoft
2007-01-11 14:37 <REP> d-------- C:\Program Files\FBM Software
2007-01-11 14:02 <REP> d--hs---- C:\DOCUME~1\HP_PRO~1\Phone Browser
2007-01-11 13:58 <REP> d-------- C:\DOCUME~1\HP_PRO~1\Application Data\Nokia
2007-01-11 13:58 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\PC Suite
2007-01-11 13:57 <REP> d-------- C:\Program Files\Fichiers communs\PCSuite
2007-01-11 13:57 <REP> d-------- C:\Program Files\Fichiers communs\Nokia
2007-01-11 13:57 <REP> d-------- C:\Program Files\DIFX
2007-01-11 13:57 <REP> d-------- C:\DOCUME~1\HP_PRO~1\Application Data\PC Suite
2007-01-11 13:56 9,216 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys
2007-01-11 13:56 50,688 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2007-01-11 13:56 4,608 --a------ C:\WINDOWS\system32\nmwcdlog.dll
2007-01-11 13:56 30,720 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2007-01-11 13:56 138,240 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys
2007-01-11 13:56 12,800 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys
2007-01-11 13:56 <REP> d-------- C:\Program Files\PC Connectivity Solution
2007-01-11 13:56 <REP> d-------- C:\Program Files\Nokia
2007-01-09 15:21 <REP> d-------- C:\WINDOWS\Winexe
2006-12-21 14:41 <REP> d-------- C:\Program Files\HighCriteria
2006-12-21 14:13 <REP> d-------- C:\Program Files\Fichiers communs\Skype
2006-12-21 14:12 54,272 --a------ C:\WINDOWS\system32\DrvTrNTm.dll
2006-12-21 14:12 106,496 --a------ C:\WINDOWS\system32\DrvTrNTl.dll
2006-12-20 23:19 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2006-12-20 23:19 299,392 --a------ C:\WINDOWS\system32\imon.dll
2006-12-20 23:19 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2006-12-20 01:48 <REP> d--h----- C:\WINDOWS\system32\WinUpdate
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-01-20 12:59 -------- d-------- C:\Program Files\mozilla firefox
2007-01-19 17:36 -------- d-------- C:\DOCUME~1\HP_PRO~1\Application Data\skype
2007-01-18 19:29 -------- d-------- C:\DOCUME~1\HP_PRO~1\Application Data\adobeum
2007-01-18 01:43 -------- d-------- C:\Program Files\Fichiers communs\symantec shared
2007-01-15 21:51 -------- d-------- C:\DOCUME~1\HP_PRO~1\Application Data\teamspeak2
2007-01-11 16:49 -------- d-------- C:\Program Files\norton internet security
2007-01-11 16:44 -------- d-------- C:\Program Files\microsoft antispyware
2007-01-11 16:35 -------- d-------- C:\Program Files\google
2007-01-11 16:30 -------- d-a------ C:\Program Files\Fichiers communs\lightscribe
2007-01-11 16:12 -------- d-------- C:\Program Files\Fichiers communs\wise installation wizard
2007-01-11 16:07 -------- d--h----- C:\Program Files\installshield installation information
2007-01-11 16:05 -------- d-------- C:\DOCUME~1\HP_PRO~1\Application Data\my games
2007-01-11 15:55 -------- d-------- C:\Program Files\easy internet signup
2007-01-11 14:55 -------- d-------- C:\Program Files\ppmate
2007-01-09 16:56 -------- d-------- C:\Program Files\msn messenger
2007-01-08 14:59 -------- d-------- C:\DOCUME~1\HP_PRO~1\Application Data\dvdcss
2006-12-21 14:13 -------- d-------- C:\Program Files\skype
2006-12-18 03:07 -------- d-------- C:\DOCUME~1\HP_PRO~1\Application Data\ppstream
2006-12-18 02:59 -------- d-------- C:\Program Files\Fichiers communs\synacast
2006-12-18 02:59 -------- d-------- C:\DOCUME~1\HP_PRO~1\Application Data\ppmate
2006-12-18 00:45 -------- d-------- C:\Program Files\maxtv
2006-12-18 00:45 -------- d-------- C:\Program Files\maxsoftware
2006-12-18 00:44 -------- d-------- C:\Program Files\maxtv online
2006-12-17 20:57 -------- d-------- C:\Program Files\foldersizes
2006-12-17 20:31 7310 --a------ C:\DOCUME~1\HP_PRO~1\Application Data\wklnhst.dat
2006-12-17 02:27 -------- d-------- C:\Program Files\windows media connect 2
2006-12-17 02:09 -------- d-------- C:\Program Files\itunes
2006-12-17 02:09 -------- d-------- C:\Program Files\ipod
2006-12-17 02:08 -------- d-------- C:\Program Files\quicktime
2006-12-17 02:06 -------- d-------- C:\Program Files\apple software update
2006-12-09 08:17 -------- d-------- C:\Program Files\eportfolio v1.11
2006-11-27 09:45 60416 --------- C:\WINDOWS\system32\tzchange.exe
2006-11-25 09:39 -------- d-------- C:\Program Files\activision
2006-11-21 11:25 33280 --a------ C:\WINDOWS\system32\snmp.exe
2006-11-19 19:07 4608 --a------ C:\WINDOWS\system32\w95inf32.dll
2006-11-19 19:07 2272 --a------ C:\WINDOWS\system32\w95inf16.dll
2006-11-08 06:07 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-07 03:26 13312 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-11-03 10:03 8292352 --a------ C:\WINDOWS\system32\wmploc.dll
2006-11-03 09:59 99840 --a------ C:\WINDOWS\system32\wmpshell.dll
2006-11-03 09:58 272384 --a------ C:\WINDOWS\system32\wmerror.dll
2006-11-03 09:56 7680 --a------ C:\WINDOWS\system32\asferror.dll
2006-11-02 11:52 44032 --------- C:\WINDOWS\system32\wpdshextres.dll
2006-10-20 02:38 716800 --a------ C:\WINDOWS\system32\sxs.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"SpybotSD TeaTimer"="C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"
"WMPNSCFG"="C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe"
"updateMgr"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_8 -reboot 1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /installquiet /keeploaded /nodetect"
"nod32kui"="\"C:\\Program Files\\Eset\\nod32kui.exe\" /WAITSERVICE"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
"Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"Steam"="\"M:\\GameZ - 40 Go\\FoldaZ\\Steam\\Steam.exe\" -silent"
"WMPNSCFG"="C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.908.8472\\GoogleToolbarNotifier.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"Reminder"="\"C:\\Windows\\Creator\\Remind_XP.exe\""
"snpstd"="C:\\WINDOWS\\vsnpstd.exe"
"Raccourci vers la page des propriétés de High Definition Audio"="HDAudPropShortcut.exe"
"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"HPHmon06"="C:\\WINDOWS\\system32\\hphmon06.exe"
"HPHUPD06"="c:\\Program Files\\HP\\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\\hphupd06.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_04\\bin\\jusched.exe"
"hpsysdrv"="c:\\windows\\system\\hpsysdrv.exe"
"KBD"="C:\\HP\\KBD\\KBD.EXE"
"LSBWatcher"="c:\\hp\\drivers\\hplsbwatcher\\lsburnwatcher.exe"
"PS2"="C:\\WINDOWS\\system32\\ps2.exe"
"AlcWzrd"="ALCWZRD.EXE"
"TkBellExe"="\"C:\\Program Files\\Fichiers communs\\Real\\Update_OB\\realsched.exe\" -osboot"
"Alcmtr"="ALCMTR.EXE"
"SoundMan"="SOUNDMAN.EXE"
"Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
"AGRSMMSG"="AGRSMMSG.exe"
"URLLSTCK.exe"="c:\\Program Files\\Norton Internet Security\\UrlLstCk.exe"
"ccApp"="\"c:\\Program Files\\Fichiers communs\\Symantec Shared\\ccApp.exe\""
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"HP Component Manager"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\""
"HPDJ Taskbar Utility"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb09.exe"
"HPHmon05"="C:\\WINDOWS\\system32\\hphmon05.exe"
"HPHUPD05"="C:\\Program Files\\HP\\\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\\hphupd05.exe"
"SSBkgdUpdate"="\"C:\\Program Files\\Fichiers communs\\Scansoft Shared\\SSBkgdUpdate\\SSBkgdupdate.exe\" -Embedding -boot"
"IndexSearch"="C:\\Program Files\\ScanSoft\\PaperPort\\IndexSearch.exe"
"PaperPort PTD"="C:\\Program Files\\ScanSoft\\PaperPort\\pptd40nt.exe"
"TotalRecorderScheduler"="\"C:\\Program Files\\HighCriteria\\TotalRecorder\\TotRecSched.exe\""
"PDFPrint"="\"C:\\Program Files\\pdf24\\PDF24Updater.exe\""
"PCSuiteTrayApplication"="C:\\alan\\Nokia\\Nokia PC Suite 6\\LaunchApplication.exe -startup"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{9EF34FF2-3396-4527-9D27-04C8C1C67806}"="Microsoft AntiSpyware Service Hook"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"PcSync"="C:\\alan\\Nokia\\Nokia PC Suite 6\\PcSync2.exe /NoDialog"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"PcSync"="C:\\alan\\Nokia\\Nokia PC Suite 6\\PcSync2.exe /NoDialog"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSharedDocuments"=hex:00,00,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
Usnsvc REG_MULTI_SZ usnsvc\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\1-Klick-Wartung.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\HP Usg Daily.job
C:\WINDOWS\tasks\Symantec NetDetect.job
Completion time: 07-01-20 13:09:17
Hi :)
Please post the Kaspersky report too :bigthumb:
sure thing,
C:\alan\BitComet\Downloads\Coupling\Season 1\Coupling - 01x01 - Flushed.avi.bc! Object is locked skipped
C:\alan\BitComet\Downloads\Coupling\Season 1\Coupling - 01x02 - Size matters.avi.bc! Object is locked skipped
C:\alan\BitComet\Downloads\Coupling\Season 1\Coupling - 01x03 - Sex,Death, And Nudity.avi.bc! Object is locked skipped
C:\alan\BitComet\Downloads\Coupling\Season 1\Coupling - 01x04 - Inferno.avi.bc! Object is locked skipped
C:\alan\BitComet\Downloads\Coupling\Season 1\Coupling - 01x05 - The Girl With Two Breasts.avi.bc! Object is locked skipped
C:\alan\BitComet\Downloads\Coupling\Season 1\Coupling - 01x06 - The Cupboard of Patricks Love.avi.bc! Object is locked skipped
C:\alan\BitComet\Downloads\Coupling\Season 2\Coupling - 02x01 - The Man with Two Legs.avi.bc! Object is locked skipped
C:\alan\BitComet\Downloads\Coupling\Season 2\Coupling - 02x02 - My Dinner In Hell.avi.bc! Object is locked skipped
C:\alan\BitComet\Downloads\Coupling\Season 2\Coupling - 02x03 - Her Best Friend's Bottom.avi.bc! Object is locked skipped
C:\alan\BitComet\Downloads\Coupling\Season 2\Coupling - 02x04 - T10.avi.bc! Object is locked skipped
C:\alan\BitComet\Downloads\Coupling\Season 2\Coupling - 02X05 - Jane and The Truth Snake.avi.bc! Object is locked skipped
C:\alan\BitComet\Downloads\Coupling\Season 2\Coupling - 02x06 - Gotcha.avi.bc! Object is locked skipped
C:\alan\BitComet\Downloads\Coupling\Season 2\Coupling - 02x07 - Dressed.avi.bc! Object is locked skipped
C:\alan\BitComet\Downloads\Coupling\Season 2\Coupling - 02x08 - Naked.avi.bc! Object is locked skipped
C:\alan\BitComet\Downloads\Coupling\Season 2\Coupling - 02x09 - The End Of The Line.avi.bc! Object is locked skipped
C:\alan\BitComet\Downloads\Coupling\Season 3\Coupling - 03x01 - Split.mpg.bc! Object is locked skipped
C:\alan\BitComet\Downloads\Coupling\Season 3\Coupling - 03x02 - Faithless.mpg.bc! Object is locked skipped
C:\alan\BitComet\Downloads\Coupling\Season 3\Coupling - 03x03 - Unconditional Sex.mpg.bc! Object is locked skipped
C:\alan\BitComet\Downloads\Coupling\Season 3\Coupling - 03x04 - Remember This.mpg.bc! Object is locked skipped
C:\alan\BitComet\Downloads\Coupling\Season 3\Coupling - 03x05 - The Freckle, The Key and The Couple Who Weren't.avi.bc! Object is locked skipped
C:\alan\BitComet\Downloads\Coupling\Season 3\Coupling - 03x06 - The Girl With One Heart.avi.bc! Object is locked skipped
C:\alan\BitComet\Downloads\Coupling\Season 3\Coupling - 03x07 - Perhaps, Perhaps, Perhaps.mpg.bc! Object is locked skipped
C:\alan\BitComet\Downloads\Coupling\Season 4\Coupling - 04x01 - Nine And A Half Minutes.avi.bc! Object is locked skipped
C:\alan\BitComet\Downloads\Coupling\Season 4\Coupling - 04x02 - Night Lines.avi.bc! Object is locked skipped
C:\alan\BitComet\Downloads\Coupling\Season 4\Coupling - 04x03 - Bed time.avi.bc! Object is locked skipped
C:\alan\BitComet\Downloads\Coupling\Season 4\Coupling - 04x04 - Circus of The Epidurals.avi.bc! Object is locked skipped
C:\alan\BitComet\Downloads\Coupling\Season 4\Coupling - 04x05 - The Naked Living Room.avi.bc! Object is locked skipped
C:\alan\BitComet\Downloads\Coupling\Season 4\Coupling - 04x06 - Nine And A Half Months.avi.bc! Object is locked skipped
C:\alan\Steam\Steam.log Object is locked skipped
C:\alan\Steam\steamapps\winui.gcf Object is locked skipped
C:\alan\Steam\SteamLogs\SteamStats.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Confid.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Content.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Privacy.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Restrict.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\WebHist.log Object is locked skipped
C:\Documents and Settings\HP_Propriétaire\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\the_hitman696@hotmail.com\SharingMetadata\Logs\Dfsr.log Object is locked skipped
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\the_hitman696@hotmail.com\SharingMetadata\pending.dat Object is locked skipped
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\the_hitman696@hotmail.com\SharingMetadata\Working\database_1583_23FB_61C3_5978\dfsr.db Object is locked skipped
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\the_hitman696@hotmail.com\SharingMetadata\Working\database_1583_23FB_61C3_5978\fsr.log Object is locked skipped
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\the_hitman696@hotmail.com\SharingMetadata\Working\database_1583_23FB_61C3_5978\tmp.edb Object is locked skipped
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Windows Live Contacts\the_hitman696@hotmail.com\real\members.stg Object is locked skipped
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\HP_Propriétaire\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\HP_Propriétaire\Local Settings\Temp\~DF2BEF.tmp Object is locked skipped
C:\Documents and Settings\HP_Propriétaire\Local Settings\Temp\~DFA86E.tmp Object is locked skipped
C:\Documents and Settings\HP_Propriétaire\Local Settings\Temp\~DFA88B.tmp Object is locked skipped
C:\Documents and Settings\HP_Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\HP_Propriétaire\Mes documents\Ma musique\iTunes\iTunes Library.itl Object is locked skipped
C:\Documents and Settings\HP_Propriétaire\ntuser.dat Object is locked skipped
C:\Documents and Settings\HP_Propriétaire\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Historique\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\hp\bin\KillWind.exe Infected: not-a-virus:RiskTool.Win32.PsKill.p skipped
C:\Program Files\ESET\cache\CACHE.NDB Object is locked skipped
C:\Program Files\ESET\logs\virlog.dat Object is locked skipped
C:\Program Files\ESET\logs\warnlog.dat Object is locked skipped
C:\Program Files\Fichiers communs\Symantec Shared\AntiSpam\Log\Spam.log Object is locked skipped
C:\Program Files\Fichiers communs\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Fichiers communs\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Fichiers communs\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Fichiers communs\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Fichiers communs\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Fichiers communs\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\Fichiers communs\Symantec Shared\SPPolicy.log Object is locked skipped
C:\Program Files\Fichiers communs\Symantec Shared\SPStart.log Object is locked skipped
C:\Program Files\Fichiers communs\Symantec Shared\SPStop.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\07401699.zip/BlackBox.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\07401699.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\07401699.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\07401699.zip ZIP: infected - 3 skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\07401699.zip CryptFF: infected - 3 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP360\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\atapi.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_554.dat Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
well,
i mean it seems that there is nothing wrong.
but then why is there that iexplore.exe ??? i've realised that if i kill explorer then it doesn't keep coming back, and as i realised i do fine without explorer (lol) for the time being that's what i have resorted to ^^
thx for taking the time to take a look!
Hi :)
Nothing bad in the logs....Just an infection in Nortons Quarantine, you may clean it, instructions (http://service1.symantec.com/SUPPORT/nav.nsf/docid/2000041213443506)
Then it isn't recommendable to run mre than one antivirus at the same time, you may get conflicts. (Norton & NOD32)
Then are you sure that the name of the process is iexplore.exe ? Are you sure that it isn't explorer.exe ?
:bigthumb:
as far as i know, i'm not using norton, it was preinstalled on the pc.
nah mate i know the difference between explorer.exe and iexplore.exe ^^
it happened again, just now as i launched explorer.exe, server.exe started up and now its iexplore.exe ... and if i launch IE, it just adds another iexplore.exe process.
very very weird. maybe un-re installing IE ?
Hi :)
Well you have some Norton remainings running there. Run this Norton Uninstaller (http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2005033108162039)
Make a new folder in the C:\drive called silentrunners
Download 'silent runners" from here: (direct download)
http://www.silentrunners.org/Silent%20Runners.vbs
Save it to your silentrunners folder.
Click start> run> type cmd and hit enter
Type the following exactly and hit enter after each line.
cd c:\silentrunners and hit enter
"silent runners.vbs" -all and hit enter
Wait until it pops up saying its completed, then post the resulting logfile here
It will be very large. You may need several posts to include everything
:bigthumb:
Hi, I already uninstalled norton this morning, hadn't previously realised it was still installed as i simply deactivated all its functions :oops:
log of silentrunner to folllow shortly.
PS: if you don't feel my problem entertaining enough i'm sure you would have great fun with my sister's 17 viruses :p --> http://forums.spybot.info/showthread.php?t=10702
"Silent Runners.vbs", revision R50, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output of all locations checked and all values found.
Startup items buried in registry:
---------------------------------
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"SpybotSD TeaTimer" = "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" ["Safer Networking Limited"]
"WMPNSCFG" = "C:\Program Files\Windows Media Player\WMPNSCFG.exe" [MS]
"updateMgr" = ""C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1" ["Adobe Systems Incorporated"]
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /installquiet /keeploaded /nodetect" ["NVIDIA Corporation"]
"nod32kui" = ""C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE" ["Eset "]
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\
HKLM\Software\Microsoft\Active Setup\Installed Components\
<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}\(Default) = "IE7 Uninstall Stub"
\StubPath = "C:\WINDOWS\system32\ieudinit.exe" [MS]
>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\(Default) = "Microsoft Windows Media Player"
\StubPath = "C:\WINDOWS\inf\unregmp2.exe /ShowWMP" [MS]
{24E2079E-B564-942A-78CE-D4049B7E7033}\(Default) = (no title provided)
\StubPath = "C:\WINDOWS\system32\WinUpdate\server.exe s" [null data]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{22BF413B-C6D2-4d91-82A9-A0F997BA588C}\(Default) = "Skype add-on (mastermind)"
-> {HKLM...CLSID} = "Skype add-on (mastermind)"
\InProcServer32\(Default) = "C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL" ["Skype Technologies S.A."]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Google Toolbar Helper"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{00022613-0000-0000-C000-000000000046}" = "Feuille de propriétés du fichier multimédia"
-> {HKLM...CLSID} = "Feuille de propriétés du fichier multimédia"
\InProcServer32\(Default) = "mmsys.cpl" [MS]
"{176d6597-26d3-11d1-b350-080036a75b03}" = "Gestion de scanneur ICM"
-> {HKLM...CLSID} = "Gestion de scanneur ICM"
\InProcServer32\(Default) = "icmui.dll" [MS]
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}" = "Page de sécurité NTFS"
-> {HKLM...CLSID} = "Extension de l'environnement de sécurité"
\InProcServer32\(Default) = "rshx32.dll" [MS]
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}" = "Page des propriétés de OLE DocFile"
-> {HKLM...CLSID} = "Page des propriétés de OLE DocFile"
\InProcServer32\(Default) = "docprop.dll" [MS]
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}" = "Extensions de l'environnement pour le partage"
-> {HKLM...CLSID} = "Extensions de l'interpréteur de commandes pour le partage"
\InProcServer32\(Default) = "ntshrui.dll" [MS]
"{41E300E0-78B6-11ce-849B-444553540000}" = "PlusPack CPL Extension"
-> {HKLM...CLSID} = "Extension du Panneau de configuration PlusPack"
\InProcServer32\(Default) = "C:\WINDOWS\system32\themeui.dll" [MS]
"{42071712-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Carte du Panneau de configuration"
-> {HKLM...CLSID} = "Extension Affichage Carte du Panneau de configuration"
\InProcServer32\(Default) = "deskadp.dll" [MS]
"{42071713-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Écran du Panneau de configuration"
-> {HKLM...CLSID} = "Extension Affichage Écran du Panneau de configuration"
\InProcServer32\(Default) = "deskmon.dll" [MS]
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"
-> {HKLM...CLSID} = "Extension Affichage Panorama du Panneau de configuration"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{4E40F770-369C-11d0-8922-00A024AB2DBB}" = "Page de sécurité DS"
-> {HKLM...CLSID} = "Extension de l'environnement de sécurité"
\InProcServer32\(Default) = "dssec.dll" [MS]
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}" = "Page de compatibilité"
-> {HKLM...CLSID} = "Page de compatibilité"
\InProcServer32\(Default) = "SlayerXP.dll" [MS]
"{56117100-C0CD-101B-81E2-00AA004AE837}" = "Gestionnaire de données endommagées de l'environnement"
-> {HKLM...CLSID} = "Gestionnaire de données endommagées de l'environnement"
\InProcServer32\(Default) = "shscrap.dll" [MS]
"{59099400-57FF-11CE-BD94-0020AF85B590}" = "Extension copie de disquette"
-> {HKLM...CLSID} = "Extension copie de disquette"
\InProcServer32\(Default) = "diskcopy.dll" [MS]
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}" = "Extensions de l'environnement pour les objets réseau de Microsoft Windows"
-> {HKLM...CLSID} = "Extensions de l'environnement pour les objets réseau de Microsoft Windows"
\InProcServer32\(Default) = "ntlanui2.dll" [MS]
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}" = "Gestion d'écran ICM"
-> {HKLM...CLSID} = "Gestion d'écran ICM"
\InProcServer32\(Default) = "C:\WINDOWS\System32\icmui.dll" [MS]
"{675F097E-4C4D-11D0-B6C1-0800091AA605}" = "Gestion d'imprimante ICM"
-> {HKLM...CLSID} = "Gestion d'imprimante ICM"
\InProcServer32\(Default) = "C:\WINDOWS\system32\icmui.dll" [MS]
"{77597368-7b15-11d0-a0c2-080036af3f03}" = "Extension de l'environnement d'imprimante Web"
-> {HKLM...CLSID} = "Extension de l'environnement d'impression Web"
\InProcServer32\(Default) = "printui.dll" [MS]
"{7988B573-EC89-11cf-9C00-00AA00A14F56}" = "Disk Quota UI"
-> {HKLM...CLSID} = "Microsoft Disk Quota UI"
\InProcServer32\(Default) = "dskquoui.dll" [MS]
"{85BBD920-42A0-1069-A2E4-08002B30309D}" = "Porte-documents"
-> {HKLM...CLSID} = "Porte-documents"
\InProcServer32\(Default) = "syncui.dll" [MS]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{BD84B380-8CA2-1069-AB1D-08000948F534}" = "Fonts"
-> {HKLM...CLSID} = "Fonts"
\InProcServer32\(Default) = "fontext.dll" [MS]
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}" = "Profil ICC"
-> {HKLM...CLSID} = "Profil ICC"
\InProcServer32\(Default) = "C:\WINDOWS\system32\icmui.dll" [MS]
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}" = "Page de sécurité des imprimantes"
-> {HKLM...CLSID} = "Extension de l'environnement de sécurité"
\InProcServer32\(Default) = "rshx32.dll" [MS]
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}" = "Extensions de l'environnement pour le partage"
-> {HKLM...CLSID} = "Extensions de l'interpréteur de commandes pour le partage"
\InProcServer32\(Default) = "ntshrui.dll" [MS]
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}" = "Display TroubleShoot CPL Extension"
-> {HKLM...CLSID} = "Display TroubleShoot CPL Extension"
\InProcServer32\(Default) = "deskperf.dll" [MS]
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}" = "Extension de cryptographie PKO"
-> {HKLM...CLSID} = "CryptPKO Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\cryptext.dll" [MS]
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}" = "Extension de cryptographie Sign"
-> {HKLM...CLSID} = "CryptSig Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\cryptext.dll" [MS]
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}" = "Connexions réseau"
-> {HKLM...CLSID} = "Connexions réseau"
\InProcServer32\(Default) = "C:\WINDOWS\system32\NETSHELL.dll" [MS]
"{992CFFA0-F557-101A-88EC-00DD010CCC48}" = "Connexions réseau"
-> {HKLM...CLSID} = "Connexions réseau"
\InProcServer32\(Default) = "C:\WINDOWS\system32\NETSHELL.dll" [MS]
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}" = "&Scanneurs et appareils photo"
-> {HKLM...CLSID} = "&Scanneurs et appareils photo"
\InProcServer32\(Default) = "wiashext.dll" [MS]
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}" = "&Scanneurs et appareils photo"
-> {HKLM...CLSID} = "&Scanneurs et appareils photo"
\InProcServer32\(Default) = "wiashext.dll" [MS]
"{905667aa-acd6-11d2-8080-00805f6596d2}" = "&Scanneurs et appareils photo"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "wiashext.dll" [MS]
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}" = "&Scanneurs et appareils photo"
-> {HKLM...CLSID} = "&Scanneurs et appareils photo"
\InProcServer32\(Default) = "wiashext.dll" [MS]
"{83bbcbf3-b28a-4919-a5aa-73027445d672}" = "&Scanneurs et appareils photo"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "wiashext.dll" [MS]
"{F0152790-D56E-4445-850E-4F3117DB740C}" = "Remote Sessions CPL Extension"
-> {HKLM...CLSID} = "Remote Sessions CPL Extension"
\InProcServer32\(Default) = "C:\WINDOWS\system32\remotepg.dll" [MS]
"{60254CA5-953B-11CF-8C96-00AA00B8708C}" = "Extensions de l'interpréteur de commandes pour l'environnement d'exécution de scripts Windows"
-> {HKLM...CLSID} = "Shell Extension For Windows Script Host"
\InProcServer32\(Default) = "C:\WINDOWS\system32\wshext.dll" [MS]
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}" = "Liaison de données Microsoft"
-> {HKLM...CLSID} = "Microsoft OLE DB Service Component Data Links"
\InProcServer32\(Default) = "C:\Program Files\Fichiers communs\System\Ole DB\oledb32.dll" [MS]
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}" = "Tasks Folder Icon Handler"
-> {HKLM...CLSID} = "Scheduling UI icon handler"
\InProcServer32\(Default) = "C:\WINDOWS\system32\mstask.dll" [MS]
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}" = "Tasks Folder Shell Extension"
-> {HKLM...CLSID} = "Scheduling UI property sheet handler"
\InProcServer32\(Default) = "C:\WINDOWS\system32\mstask.dll" [MS]
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}" = "Tâches planifiées"
-> {HKLM...CLSID} = "Tâches planifiées"
\InProcServer32\(Default) = "C:\WINDOWS\system32\mstask.dll" [MS]
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}" = "Set Program Access and Defaults"
-> {HKLM...CLSID} = "Set Program Access and Defaults"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}" = "Auto Update Property Sheet Extension"
-> {HKLM...CLSID} = "Auto Update Property Sheet Extension"
\InProcServer32\(Default) = "C:\WINDOWS\system32\wuaucpl.cpl" [MS]
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}" = "Rechercher"
-> {HKLM...CLSID} = "Rechercher"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}" = "Aide et support"
-> {HKLM...CLSID} = "Aide et support"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}" = "Aide et support"
-> {HKLM...CLSID} = "Sécurité de Windows"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}" = "Exécuter..."
-> {HKLM...CLSID} = "Exécuter..."
\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}" = "Internet"
-> {HKLM...CLSID} = "Internet"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}" = "Courrier électronique"
-> {HKLM...CLSID} = "Courrier électronique"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
"{D20EA4E1-3957-11d2-A40B-0C5020524152}" = "Polices"
-> {HKLM...CLSID} = "Polices"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
"{D20EA4E1-3957-11d2-A40B-0C5020524153}" = "Outils d'administration"
-> {HKLM...CLSID} = "Outils d'administration"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
"{596AB062-B4D2-4215-9F74-E9109B0A8153}" = "Page de propriétés des versions précédentes"
-> {HKLM...CLSID} = "Page de propriétés des versions précédentes"
\InProcServer32\(Default) = "C:\WINDOWS\system32\twext.dll" [MS]
"{9DB7A13C-F208-4981-8353-73CC61AE2783}" = "Versions précédentes"
-> {HKLM...CLSID} = "Versions précédentes"
\InProcServer32\(Default) = "C:\WINDOWS\system32\twext.dll" [MS]
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}" = "Audio Media Properties Handler"
-> {HKLM...CLSID} = "Audio Media Properties Handler"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shmedia.dll" [MS]
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}" = "Video Media Properties Handler"
-> {HKLM...CLSID} = "Video Media Properties Handler"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shmedia.dll" [MS]
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}" = "Wav Properties Handler"
-> {HKLM...CLSID} = "Wav Properties Handler"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shmedia.dll" [MS]
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}" = "Avi Properties Handler"
-> {HKLM...CLSID} = "Avi Properties Handler"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shmedia.dll" [MS]
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}" = "Midi Properties Handler"
-> {HKLM...CLSID} = "Midi Properties Handler"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shmedia.dll" [MS]
"{c5a40261-cd64-4ccf-84cb-c394da41d590}" = "Video Thumbnail Extractor"
-> {HKLM...CLSID} = "Video Thumbnail Extractor"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shmedia.dll" [MS]
"{5E6AB780-7743-11CF-A12B-00AA004AE837}" = "Barre d'outils Internet Microsoft"
-> {HKLM...CLSID} = "Barre d'outils Internet Microsoft"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}" = "État du téléchargement"
-> {HKLM...CLSID} = "État du téléchargement"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}" = "Dossier Bureau étendu"
-> {HKLM...CLSID} = "Dossier Bureau étendu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{6413BA2C-B461-11d1-A18A-080036B11A03}" = "Dossier du shell augmenté"
-> {HKLM...CLSID} = "Dossier du shell augmenté"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}" = "BandProxy"
-> {HKLM...CLSID} = "BandProxy"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}" = "Bande du navigateur Microsoft"
-> {HKLM...CLSID} = "Bande du navigateur Microsoft"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{30D02401-6A81-11d0-8274-00C04FD5AE38}" = "Bande de recherche"
-> {HKLM...CLSID} = "Bande de recherche"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}" = "Volet intégré de recherche"
-> {HKLM...CLSID} = "Volet intégré de recherche"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{07798131-AF23-11d1-9111-00A0C98BA67D}" = "Recherche Web"
-> {HKLM...CLSID} = "Recherche Web"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}" = "Utilitaire des options de l'arborescence du Registre"
-> {HKLM...CLSID} = "Utilitaire des options de l'arborescence du Registre"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}" = "&Adresse"
-> {HKLM...CLSID} = "&Adresse"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{A08C11D2-A228-11d0-825B-00AA005B4383}" = "Boîte d'entrée de l'adresse"
-> {HKLM...CLSID} = "Boîte d'entrée de l'adresse"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{00BB2763-6A77-11D0-A535-00C04FD7D062}" = "Saisie semi-automatique Microsoft"
-> {HKLM...CLSID} = "Saisie semi-automatique Microsoft"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{7376D660-C583-11d0-A3A5-00C04FD706EC}" = "TridentImageExtractor"
-> {HKLM...CLSID} = "TridentImageExtractor"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{6756A641-DE71-11d0-831B-00AA005B4383}" = "Liste de saisie semi-automatique MRU"
-> {HKLM...CLSID} = "Liste de saisie semi-automatique MRU"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}" = "Liste de saisie semi-automatique personnalisée MRU"
-> {HKLM...CLSID} = "Liste de saisie semi-automatique personnalisée MRU"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{7e653215-fa25-46bd-a339-34a2790f3cb7}" = "Accessible"
-> {HKLM...CLSID} = "Accessible"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{acf35015-526e-4230-9596-becbe19f0ac9}" = "Barre de progrès auto-ouvrante"
-> {HKLM...CLSID} = "Barre de progrès auto-ouvrante"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{00BB2764-6A77-11D0-A535-00C04FD7D062}" = "Liste de saisie semi-automatique de l'historique Microsoft"
-> {HKLM...CLSID} = "Liste de saisie semi-automatique de l'historique Microsoft"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{03C036F1-A186-11D0-824A-00AA005B4383}" = "Liste de saisie semi-automatique du dossier Shell Microsoft"
-> {HKLM...CLSID} = "Liste de saisie semi-automatique du dossier Shell Microsoft"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{00BB2765-6A77-11D0-A535-00C04FD7D062}" = "Conteneur de la liste de saisie semi-automatique multiple Microsoft"
-> {HKLM...CLSID} = "Conteneur de la liste de saisie semi-automatique multiple Microsoft"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}" = "Menu Site de bandes"
-> {HKLM...CLSID} = "Menu Site de bandes"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}" = "Shell DeskBarApp"
-> {HKLM...CLSID} = "Shell DeskBarApp"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}" = "Barre du Bureau"
-> {HKLM...CLSID} = "Barre du Bureau"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}" = "Shell Rebar BandSite"
-> {HKLM...CLSID} = "Shell Rebar BandSite"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}" = "Assistance utilisateur"
-> {HKLM...CLSID} = "Assistance utilisateur"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}" = "Paramètres du dossier global"
-> {HKLM...CLSID} = "Paramètres du dossier global"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}" = "Favorites Band"
-> {HKLM...CLSID} = "Favorites Band"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
"{0A89A860-D7B1-11CE-8350-444553540000}" = "Shell Automation Inproc Service"
-> {HKLM...CLSID} = "Shell Automation Inproc Service"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}" = "Shell DocObject Viewer"
-> {HKLM...CLSID} = "Shell DocObject Viewer"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}" = "Microsoft Browser Architecture"
-> {HKLM...CLSID} = "Microsoft Browser Architecture"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}" = "InternetShortcut"
-> {HKLM...CLSID} = "Raccourci Internet"
\InProcServer32\(Default) = "shdocvw.dll" [MS]
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}" = "Microsoft Url History Service"
-> {HKLM...CLSID} = "Microsoft Url History Service"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
"{FF393560-C2A7-11CF-BFF4-444553540000}" = "Historique"
-> {HKLM...CLSID} = "Historique"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}" = "Temporary Internet Files"
-> {HKLM...CLSID} = "Temporary Internet Files"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}" = "Temporary Internet Files"
-> {HKLM...CLSID} = "Temporary Internet Files"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" = "Microsoft Url Search Hook"
-> {HKLM...CLSID} = "Microsoft Url Search Hook"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}" = "Image de démarrage de la Suite IE4"
-> {HKLM...CLSID} = "Image de démarrage de la Suite IE4"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}" = "CDF Extension Copy Hook"
-> {HKLM...CLSID} = "CDF Extension Copy Hook"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
"{131A6951-7F78-11D0-A979-00C04FD705A2}" = "ISFBand OC"
-> {HKLM...CLSID} = "ISFBand OC"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}" = "Search Assistant OC"
-> {HKLM...CLSID} = "Search Assistant OC"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}" = "Internet"
-> {HKLM...CLSID} = "Internet"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
"{871C5380-42A0-1069-A2EA-08002B30309D}" = "Internet Name Space"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}" = "Explorer Band"
-> {HKLM...CLSID} = "Explorer Band"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}" = "Sendmail service"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\sendmail.dll" [MS]
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}" = "Sendmail service"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\sendmail.dll" [MS]
"{88C6C381-2E85-11D0-94DE-444553540000}" = "Dossier ActiveX Cache"
-> {HKLM...CLSID} = "Dossier ActiveX Cache"
\InProcServer32\(Default) = "C:\WINDOWS\system32\occache.dll" [MS]
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" = "WebCheck"
-> {HKLM...CLSID} = "WebCheck"
\InProcServer32\(Default) = "C:\WINDOWS\system32\webcheck.dll" [MS]
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}" = "Subscription Mgr"
-> {HKLM...CLSID} = "Subscription Mgr"
\InProcServer32\(Default) = "C:\WINDOWS\system32\webcheck.dll" [MS]
"{F5175861-2688-11d0-9C5E-00AA00A45957}" = "Dossier Inscription"
-> {HKLM...CLSID} = "Dossier Inscription"
\InProcServer32\(Default) = "C:\WINDOWS\system32\webcheck.dll" [MS]
"{08165EA0-E946-11CF-9C87-00AA005127ED}" = "WebCheckWebCrawler"
-> {HKLM...CLSID} = "WebCheckWebCrawler"
\InProcServer32\(Default) = "C:\WINDOWS\system32\webcheck.dll" [MS]
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}" = "WebCheckChannelAgent"
-> {HKLM...CLSID} = "WebCheckChannelAgent"
\InProcServer32\(Default) = "C:\WINDOWS\system32\webcheck.dll" [MS]
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}" = "TrayAgent"
-> {HKLM...CLSID} = "TrayAgent"
\InProcServer32\(Default) = "C:\WINDOWS\system32\webcheck.dll" [MS]
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}" = "Code Download Agent"
-> {HKLM...CLSID} = "Code Download Agent"
\InProcServer32\(Default) = "C:\WINDOWS\system32\webcheck.dll" [MS]
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}" = "ConnectionAgent"
-> {HKLM...CLSID} = "ConnectionAgent"
\InProcServer32\(Default) = "C:\WINDOWS\system32\webcheck.dll" [MS]
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}" = "PostAgent"
-> {HKLM...CLSID} = "PostAgent"
\InProcServer32\(Default) = "C:\WINDOWS\system32\webcheck.dll" [MS]
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}" = "WebCheck SyncMgr Handler"
-> {HKLM...CLSID} = "WebCheck SyncMgr Handler"
\InProcServer32\(Default) = "C:\WINDOWS\system32\webcheck.dll" [MS]
"{352EC2B7-8B9A-11D1-B8AE-006008059382}" = "Gestionnaire d'applications d'environnement"
-> {HKLM...CLSID} = "Gestionnaire d'applications d'environnement"
\InProcServer32\(Default) = "C:\WINDOWS\system32\appwiz.cpl" [MS]
"{0B124F8F-91F0-11D1-B8B5-006008059382}" = "Énumérateur d'applications installées"
-> {HKLM...CLSID} = "Énumérateur d'applications installées"
\InProcServer32\(Default) = "C:\WINDOWS\system32\appwiz.cpl" [MS]
"{CFCCC7A0-A282-11D1-9082-006008059382}" = "Publication d'application Darwin"
-> {HKLM...CLSID} = "Publication d'application Darwin"
\InProcServer32\(Default) = "C:\WINDOWS\system32\appwiz.cpl" [MS]
"{e84fda7c-1d6a-45f6-b725-cb260c236066}" = "Shell Image Verbs"
-> {HKLM...CLSID} = "Shell Image Verbs"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shimgvw.dll" [MS]
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}" = "Shell Image Data Factory"
-> {HKLM...CLSID} = "Shell Image Data Factory"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shimgvw.dll" [MS]
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}" = "Extracteur de miniatures de fichier + GDI"
-> {HKLM...CLSID} = "Extracteur de miniatures de fichier + GDI"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shimgvw.dll" [MS]
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}" = "Gestionnaire de miniatures - Informations de résumé (DOCFILES)"
-> {HKLM...CLSID} = "Gestionnaire de miniatures - Informations de résumé (DOCFILES)"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shimgvw.dll" [MS]
"{EAB841A0-9550-11cf-8C16-00805F1408F3}" = "Extracteur de miniatures HTML"
-> {HKLM...CLSID} = "Extracteur de miniatures HTML"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shimgvw.dll" [MS]
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}" = "Shell Image Property Handler"
-> {HKLM...CLSID} = "Shell Image Property Handler"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shimgvw.dll" [MS]
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}" = "Assistant Publication de sites Web"
-> {HKLM...CLSID} = "Assistant Publication de sites Web"
\InProcServer32\(Default) = "C:\WINDOWS\system32\netplwiz.dll" [MS]
"{add36aa8-751a-4579-a266-d66f5202ccbb}" = "Commande d'impressions via le Web"
-> {HKLM...CLSID} = "Commande d'impressions via le Web"
\InProcServer32\(Default) = "C:\WINDOWS\system32\netplwiz.dll" [MS]
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}" = "Objet Assistant de publication Shell"
-> {HKLM...CLSID} = "Objet Assistant de publication Shell"
\InProcServer32\(Default) = "C:\WINDOWS\system32\netplwiz.dll" [MS]
"{58f1f272-9240-4f51-b6d4-fd63d1618591}" = "Assistant Obtenir une identité Passport"
-> {HKLM...CLSID} = "Assistant Obtenir une identité Passport"
\InProcServer32\(Default) = "C:\WINDOWS\system32\netplwiz.dll" [MS]
"{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31}" = "Dossier compressé"
-> {HKLM...CLSID} = "CompressedFolder"
\InProcServer32\(Default) = "C:\WINDOWS\system32\zipfldr.dll" [MS]
"{BD472F60-27FA-11cf-B8B4-444553540000}" = "Compressed (zipped) Folder Right Drag Handler"
-> {HKLM...CLSID} = "Compressed (zipped) Folder Right Drag Handler"
\InProcServer32\(Default) = "C:\WINDOWS\system32\zipfldr.dll" [MS]
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}" = "Compressed (zipped) Folder SendTo Target"
-> {HKLM...CLSID} = "Compressed (zipped) Folder SendTo Target"
\InProcServer32\(Default) = "C:\WINDOWS\system32\zipfldr.dll" [MS]
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}" = "Extensions Manager Folder"
-> {HKLM...CLSID} = "Extensions Manager Folder"
\InProcServer32\(Default) = "C:\WINDOWS\system32\extmgr.dll" [MS]
"{63da6ec0-2e98-11cf-8d82-444553540000}" = "FTP Folders Webview"
-> {HKLM...CLSID} = "Microsoft FTP Folder"
\InProcServer32\(Default) = "C:\WINDOWS\system32\msieftp.dll" [MS]
"{883373C3-BF89-11D1-BE35-080036B11A03}" = "Microsoft DocProp Shell Ext"
-> {HKLM...CLSID} = "Microsoft DocProp Shell Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\docprop2.dll" [MS]
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}" = "Microsoft DocProp Inplace Edit Box Control"
-> {HKLM...CLSID} = "Microsoft DocProp Inplace Edit Box Control"
\InProcServer32\(Default) = "C:\WINDOWS\system32\docprop2.dll" [MS]
"{8EE97210-FD1F-4B19-91DA-67914005F020}" = "Microsoft DocProp Inplace ML Edit Box Control"
-> {HKLM...CLSID} = "Microsoft DocProp Inplace ML Edit Box Control"
\InProcServer32\(Default) = "C:\WINDOWS\system32\docprop2.dll" [MS]
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}" = "Microsoft DocProp Inplace Droplist Combo Control"
-> {HKLM...CLSID} = "Microsoft DocProp Inplace Droplist Combo Control"
\InProcServer32\(Default) = "C:\WINDOWS\system32\docprop2.dll" [MS]
"{6A205B57-2567-4A2C-B881-F787FAB579A3}" = "Microsoft DocProp Inplace Calendar Control"
-> {HKLM...CLSID} = "Microsoft DocProp Inplace Calendar Control"
\InProcServer32\(Default) = "C:\WINDOWS\system32\docprop2.dll" [MS]
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}" = "Microsoft DocProp Inplace Time Control"
-> {HKLM...CLSID} = "Microsoft DocProp Inplace Time Control"
\InProcServer32\(Default) = "C:\WINDOWS\system32\docprop2.dll" [MS]
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}" = "Directory Query UI"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\dsquery.dll" [MS]
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}" = "Shell properties for a DS object"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\dsquery.dll" [MS]
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}" = "Directory Object Find"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\dsquery.dll" [MS]
"{F020E586-5264-11d1-A532-0000F8757D7E}" = "Directory Start/Search Find"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\dsquery.dll" [MS]
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}" = "Directory Property UI"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\dsuiext.dll" [MS]
"{62AE1F9A-126A-11D0-A14B-0800361B1103}" = "Directory Context Menu Verbs"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\dsuiext.dll" [MS]
"{ECF03A33-103D-11d2-854D-006008059367}" = "MyDocs Copy Hook"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\mydocs.dll" [MS]
"{ECF03A32-103D-11d2-854D-006008059367}" = "MyDocs Drop Target"
-> {HKLM...CLSID} = "MyDocs Drop Target"
\InProcServer32\(Default) = "C:\WINDOWS\system32\mydocs.dll" [MS]
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}" = "MyDocs Properties"
-> {HKLM...CLSID} = "MyDocs menu and properties"
\InProcServer32\(Default) = "C:\WINDOWS\system32\mydocs.dll" [MS]
"{750fdf0e-2a26-11d1-a3ea-080036587f03}" = "Offline Files Menu"
-> {HKLM...CLSID} = "Offline Files Menu"
\InProcServer32\(Default) = "C:\WINDOWS\System32\cscui.dll" [MS]
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}" = "Offline Files Folder Options"
-> {HKLM...CLSID} = "Offline Files Folder Options"
\InProcServer32\(Default) = "C:\WINDOWS\System32\cscui.dll" [MS]
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}" = "Dossier Fichiers hors connexion"
-> {HKLM...CLSID} = "Dossier Fichiers hors connexion"
\InProcServer32\(Default) = "C:\WINDOWS\System32\cscui.dll" [MS]
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}" = "Microsoft Agent Character Property Sheet Handler"
-> {HKLM...CLSID} = "Microsoft Agent Character Property Sheet Handler"
\InProcServer32\(Default) = "C:\WINDOWS\msagent\agentpsh.dll" [MS]
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}" = "DfsShell"
-> {HKLM...CLSID} = "DfsShell Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\dfsshlex.dll" [MS]
"{60fd46de-f830-4894-a628-6fa81bc0190d}" = "%DESC_PublishDropTarget%"
-> {HKLM...CLSID} = "Objet DropTarget pour l'Assistant Impression de photographies"
\InProcServer32\(Default) = "C:\WINDOWS\system32\photowiz.dll" [MS]
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}" = "MMC Icon Handler"
-> {HKLM...CLSID} = "ExtractIcon Class"
\InProcServer32\(Default) = "C:\WINDOWS\System32\mmcshext.dll" [MS]
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}" = ".CAB file viewer"
-> {HKLM...CLSID} = "Fichier CAB"
\InProcServer32\(Default) = "cabview.dll" [MS]
"{32714800-2E5F-11d0-8B85-00AA0044F941}" = "Des &personnes..."
-> {HKLM...CLSID} = "Des &personnes..."
\InProcServer32\(Default) = "C:\Program Files\Outlook Express\wabfind.dll" [MS]
"{8DD448E6-C188-4aed-AF92-44956194EB1F}" = "Windows Media Player Burn Audio CD Context Menu Handler"
-> {HKLM...CLSID} = "WMP Burn Audio CD Launcher"
\InProcServer32\(Default) = "C:\WINDOWS\system32\wmpshell.dll" [MS]
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}" = "Windows Media Player Play as Playlist Context Menu Handler"
-> {HKLM...CLSID} = "WMP Play As Playlist Launcher"
\InProcServer32\(Default) = "C:\WINDOWS\system32\wmpshell.dll" [MS]
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}" = "Windows Media Player Add to Playlist Context Menu Handler"
-> {HKLM...CLSID} = "WMP Add To Playlist Launcher"
\InProcServer32\(Default) = "C:\WINDOWS\system32\wmpshell.dll" [MS]
"{1D2680C9-0E2A-469d-B787-065558BC7D43}" = "Fusion Cache"
-> {HKLM...CLSID} = "Fusion Cache"
\InProcServer32\(Default) = "C:\WINDOWS\system32\mscoree.dll" [MS]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {HKLM...CLSID} = "Desktop Explorer"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {HKLM...CLSID} = "nView Desktop Context Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{7F67036B-66F1-411A-AD85-759FB9C5B0DB}" = "SampleView"
-> {HKLM...CLSID} = "SampleView"
\InProcServer32\(Default) = "C:\WINDOWS\system32\ShellvRTF.dll" ["XSS"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"
-> {HKLM...CLSID} = "Shell Search Band"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]
"{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]
"{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]
"{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {HKLM...CLSID} = "RealOne Player Context Menu Class"
\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
"{BB7DF450-F119-11CD-8465-00AA00425D90}" = "Microsoft Access Custom Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office\soa800.dll" [MS]
"{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0}" = "TuneUp Shredder Shell Context Menu Extension"
-> {HKLM...CLSID} = "TuneUp Shredder Shell Context Menu Extension"
\InProcServer32\(Default) = ""C:\Program Files\TuneUp Utilities 2006\sdshelex.dll"" ["TuneUp Software GmbH"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"
-> {HKLM...CLSID} = "My Sharing Folders"
\InProcServer32\(Default) = "C:\Program Files\MSN Messenger\fsshext.8.0.0812.00.dll" [MS]
"{e82a2d71-5b2f-43a0-97b8-81be15854de8}" = "ShellLink for Application References"
-> {HKLM...CLSID} = "ShellLink for Application References"
\InProcServer32\(Default) = "C:\WINDOWS\system32\dfshim.dll" [MS]
"{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75}" = "Shell Icon Handler for Application References"
-> {HKLM...CLSID} = "Shell Icon Handler for Application References"
\InProcServer32\(Default) = "C:\WINDOWS\system32\dfshim.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {HKLM...CLSID} = "Portable Media Devices Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{35786D3C-B075-49b9-88DD-029876E11C01}" = "Portable Devices"
-> {HKLM...CLSID} = "Portable Devices"
\InProcServer32\(Default) = "C:\WINDOWS\system32\wpdshext.dll" [MS]
"{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8}" = "Portable Devices Menu"
-> {HKLM...CLSID} = "Portable Devices Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\wpdshext.dll" [MS]
"{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx"
-> {HKLM...CLSID} = "AlcoholShellEx"
\InProcServer32\(Default) = "C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll" ["Alcohol Soft Development Team"]
"{EFA24E62-B078-11d0-89E4-00C04FC9E26E}" = "History Band"
-> {HKLM...CLSID} = "History Band"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
-> {HKLM...CLSID} = "iTunes"
\InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Computer, Inc."]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {HKLM...CLSID} = "Portable Media Devices"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{B089FE88-FB52-11D3-BDF1-0050DA34150D}" = "NOD32 Context Menu Shell Extension"
-> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data]
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}" = "Fichier de chaîne"
-> {HKLM...CLSID} = "Channel"
\InProcServer32\(Default) = "C:\WINDOWS\system32\cdfview.dll" [MS]
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}" = "Raccourci de chaîne"
-> {HKLM...CLSID} = "Raccourci de chaîne"
\InProcServer32\(Default) = "C:\WINDOWS\system32\cdfview.dll" [MS]
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}" = "Channel Handler Object"
-> {HKLM...CLSID} = "Channel Handler Object"
\InProcServer32\(Default) = "C:\WINDOWS\system32\cdfview.dll" [MS]
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}" = "Channel Menu"
-> {HKLM...CLSID} = "Channel Menu Handler Object"
\InProcServer32\(Default) = "C:\WINDOWS\system32\cdfview.dll" [MS]
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}" = "Channel Properties"
-> {HKLM...CLSID} = "Channel Shortcut Property Pages"
\InProcServer32\(Default) = "C:\WINDOWS\system32\cdfview.dll" [MS]
"{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}" = "PhoneBrowser"
-> {HKLM...CLSID} = "Nokia Phone Browser"
\InProcServer32\(Default) = "C:\alan\Nokia\Nokia PC Suite 6\PhoneBrowser.dll" ["Nokia"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}" = "Pré-chargeur Browseui"
-> {HKLM...CLSID} = "Pré-chargeur Browseui"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{8C7461EF-2B13-11d2-BE35-3078302C2030}" = "Démon de cache des catégories de composant"
-> {HKLM...CLSID} = "Démon de cache des catégories de composant"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}" = (no title provided)
-> {HKLM...CLSID} = "URL Exec Hook"
\InProcServer32\(Default) = "shell32.dll" [MS]
<<!>> "{9EF34FF2-3396-4527-9D27-04C8C1C67806}" = "Microsoft AntiSpyware Service Hook"
-> {HKLM...CLSID} = "Microsoft.AntiSpyware.ShellExecuteHook.1"
\InProcServer32\(Default) = "C:\Program Files\Microsoft AntiSpyware\shellextension.dll" [MS]
HKCU\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
"PostBootReminder" = "{7849596a-48ea-486e-8937-a2a3009f31a9}"
-> {HKLM...CLSID} = "Objet PostBootReminder"
\InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS]
"CDBurn" = "{fbeb8a05-beee-4442-804e-409d6c4515e9}"
-> {HKLM...CLSID} = "Dossier du Bureau pour l'écriture de CD"
\InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS]
"WebCheck" = "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
-> {HKLM...CLSID} = "WebCheck"
\InProcServer32\(Default) = "C:\WINDOWS\system32\webcheck.dll" [MS]
"SysTray" = "{35CEC8A3-2BE6-11D2-8773-92E220524153}"
-> {HKLM...CLSID} = "SysTray"
\InProcServer32\(Default) = "C:\WINDOWS\system32\stobject.dll" [MS]
"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
-> {HKLM...CLSID} = "WPDShServiceObj Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS]
HKCU\Software\Microsoft\Command Processor\
"AutoRun" = (value not found)
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\
"Shell" = (value not found)
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\
"load" = (empty string)
"run" = (value not found)
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\
"Shell" = (value not found)
HKLM\Software\Microsoft\Command Processor\
"AutoRun" = (empty string)
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\
"AppInit_DLLs" = (empty string)
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\
"GinaDLL" = (value not found)
"Shell" = "Explorer.exe" [MS]
"Taskman" = (value not found)
"Userinit" = "C:\WINDOWS\system32\userinit.exe," [MS]
"System" = (empty string)
HKLM\System\CurrentControlSet\Control\SafeBoot\Option\
"UseAlternateShell" = (value not found)
HKLM\System\CurrentControlSet\Control\SecurityProviders\
"SecurityProviders" = "msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
HKLM\System\CurrentControlSet\Control\Session Manager\
"BootExecute" = "autocheck autochk *"
HKLM\System\CurrentControlSet\Control\WOW\
"cmdline" = "C:\WINDOWS\system32\ntvdm.exe" [MS]
"wowcmdline" = "C:\WINDOWS\system32\ntvdm.exe -a C:\WINDOWS\system32\krnl386" [MS]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
crypt32chain\DLLName = "crypt32.dll" [MS]
cryptnet\DLLName = "cryptnet.dll" [MS]
cscdll\DLLName = "cscdll.dll" [MS]
ScCertProp\DLLName = "wlnotify.dll" [MS]
Schedule\DLLName = "wlnotify.dll" [MS]
sclgntfy\DLLName = "sclgntfy.dll" [MS]
SensLogn\DLLName = "WlNotify.dll" [MS]
termsrv\DLLName = "wlnotify.dll" [MS]
WgaLogon\DLLName = "WgaLogon.dll" [MS]
wlballoon\DLLName = "wlnotify.dll" [MS]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\
Your Image File Name Here without a path\Debugger = "ntsd -d" [MS]
HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logon\
HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\
HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup\
HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Shutdown\
HKLM\Software\Classes\PROTOCOLS\Filter\
application/octet-stream\CLSID = "{1E66F26B-79EE-11D2-8710-00C04F79ED0D}"
-> {HKLM...CLSID} = "Cor MIME Filter, CorFltr, CorFltr 1"
\InProcServer32\(Default) = "mscoree.dll" [MS]
application/x-complus\CLSID = "{1E66F26B-79EE-11D2-8710-00C04F79ED0D}"
-> {HKLM...CLSID} = "Cor MIME Filter, CorFltr, CorFltr 1"
\InProcServer32\(Default) = "mscoree.dll" [MS]
application/x-msdownload\CLSID = "{1E66F26B-79EE-11D2-8710-00C04F79ED0D}"
-> {HKLM...CLSID} = "Cor MIME Filter, CorFltr, CorFltr 1"
\InProcServer32\(Default) = "mscoree.dll" [MS]
Class Install Handler\CLSID = "{32B533BB-EDAE-11d0-BD5A-00AA00B92AF1}"
-> {HKLM...CLSID} = "AP Class Install Handler filter"
\InProcServer32\(Default) = "C:\WINDOWS\system32\urlmon.dll" [MS]
deflate\CLSID = "{8f6b0360-b80d-11d0-a9b3-006097942311}"
-> {HKLM...CLSID} = "AP lzdhtml encoding/decoding Filter"
\InProcServer32\(Default) = "C:\WINDOWS\system32\urlmon.dll" [MS]
gzip\CLSID = "{8f6b0360-b80d-11d0-a9b3-006097942311}"
-> {HKLM...CLSID} = "AP lzdhtml encoding/decoding Filter"
\InProcServer32\(Default) = "C:\WINDOWS\system32\urlmon.dll" [MS]
lzdhtml\CLSID = "{8f6b0360-b80d-11d0-a9b3-006097942311}"
-> {HKLM...CLSID} = "AP lzdhtml encoding/decoding Filter"
\InProcServer32\(Default) = "C:\WINDOWS\system32\urlmon.dll" [MS]
text/webviewhtml\CLSID = "{733AC4CB-F1A4-11d0-B951-00A0C90312E1}"
-> {HKLM...CLSID} = "WebView MIME Filter"
\InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS]
HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{0D2E74C4-3C34-11d2-A27E-00C04FC30871}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS]
{24F14F01-7B1C-11d1-838f-0000F80461CF}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS]
{24F14F02-7B1C-11d1-838f-0000F80461CF}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS]
{66742402-F9B9-11D1-A202-0000F81FEDEE}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS]
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
Fichiers hors connexion\(Default) = "{750fdf0e-2a26-11d1-a3ea-080036587f03}"
-> {HKLM...CLSID} = "Offline Files Menu"
\InProcServer32\(Default) = "C:\WINDOWS\System32\cscui.dll" [MS]
NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"
-> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data]
Open With\(Default) = "{09799AFB-AD67-11d1-ABCD-00C04FC30936}"
-> {HKLM...CLSID} = "Open With Context Menu Handler"
\InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS]
Open With EncryptionMenu\(Default) = "{A470F8CF-A1E8-4f65-8335-227475AA5C46}"
-> {HKLM...CLSID} = "Menu contextuel de cryptage"
\InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
EncryptionMenu\(Default) = "{A470F8CF-A1E8-4f65-8335-227475AA5C46}"
-> {HKLM...CLSID} = "Menu contextuel de cryptage"
\InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS]
Fichiers hors connexion\(Default) = "{750fdf0e-2a26-11d1-a3ea-080036587f03}"
-> {HKLM...CLSID} = "Offline Files Menu"
\InProcServer32\(Default) = "C:\WINDOWS\System32\cscui.dll" [MS]
Sharing\(Default) = "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"
-> {HKLM...CLSID} = "Extensions de l'interpréteur de commandes pour le partage"
\InProcServer32\(Default) = "ntshrui.dll" [MS]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
FSShellExt\(Default) = "{56160A70-D083-4856-9998-F565ABC03F86}"
-> {HKLM...CLSID} = "FSShellContext Class"
\InProcServer32\(Default) = "C:\Program Files\FolderSizes\FSShExt.dll" ["Key Metric Software, LLC"]
NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"
-> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]
HKLM\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\
Send To\(Default) = "{7BA4C740-9E81-11CF-99D3-00AA004AE837}"
-> {HKLM...CLSID} = "Microsoft SendTo Service"
\InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS]
Default executables:
--------------------
HKLM\Software\Classes\.bat\(Default) = "batfile"
HKLM\Software\Classes\batfile\shell\open\command\(Default) = ""%1" %*"
HKLM\Software\Classes\.cmd\(Default) = "cmdfile"
HKLM\Software\Classes\cmdfile\shell\open\command\(Default) = ""%1" %*"
HKLM\Software\Classes\.com\(Default) = "comfile"
HKLM\Software\Classes\comfile\shell\open\command\(Default) = ""%1" %*"
HKLM\Software\Classes\.exe\(Default) = "exefile"
HKLM\Software\Classes\exefile\shell\open\command\(Default) = ""%1" %*"
HKLM\Software\Classes\.hta\(Default) = "htafile"
HKLM\Software\Classes\htafile\shell\open\command\(Default) = "C:\WINDOWS\system32\mshta.exe "%1" %*"
HKLM\Software\Classes\.pif\(Default) = "piffile"
HKLM\Software\Classes\piffile\shell\open\command\(Default) = ""%1" %*"
HKLM\Software\Classes\.scr\(Default) = "scrfile"
HKLM\Software\Classes\scrfile\shell\open\command\(Default) = ""%1" /S"
Group Policies {policy setting}:
--------------------------------
Note: detected settings may not have any effect.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Associations\
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments\
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
"NoDriveTypeAutoRun" = (REG_DWORD) hex:0x000000F9
{Turn off Autoplay}
"NoDriveAutoRun" = (REG_DWORD) hex:0x03FFF83F
{Turn off autoplay for drive letter}
"NoDrives" = (REG_BINARY) hex:00 00 00 00
{unrecognized setting}
"NoSharedDocuments" = (REG_BINARY) hex:00 00 00 00
{Remove Shared Documents from My Computer}
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
"NoCDBurning" = (REG_DWORD) hex:0x00000000
{unrecognized setting}
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowCpl\
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\WindowsUpdate\
HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel\
HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel\
HKCU\Software\Policies\Microsoft\Internet Explorer\Download\
HKLM\Software\Policies\Microsoft\Internet Explorer\Download\
HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions\
HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions\
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS\
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS\
HKCU\Software\Policies\Microsoft\Internet Explorer\PhishingFilter\
HKLM\Software\Policies\Microsoft\Internet Explorer\PhishingFilter\
HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions\
HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions\
HKCU\Software\Policies\Microsoft\Internet Explorer\Security\
HKLM\Software\Policies\Microsoft\Internet Explorer\Security\
HKCU\Software\Policies\Microsoft\MMC\{8FC0B734-A0E1-11D1-A7D3-0000F87571E3}\
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2\
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2\
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3\
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3\
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4\
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4\
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\
HKCU\Software\Policies\Microsoft\Windows\Network Connections\
HKCU\Software\Policies\Microsoft\Windows\System\
HKCU\Software\Policies\Microsoft\Windows\Task Scheduler5.0\
HKLM\Software\Policies\Microsoft\Windows\Task Scheduler5.0\
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\
"dontdisplaylastusername" = (REG_DWORD) hex:0x00000000
{Interactive logon: Do not display last user name}
"legalnoticetext" = (REG_SZ) (empty string)
{Interactive logon: Message text for users attempting to log on}
"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Shutdown: Allow system to be shut down without having to log on}
"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Devices: Allow undock without having to log on}
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore\
Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Mes documents\Clipboard02.bmp"
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\HP_Propriétaire\Mes documents\Clipboard02.bmp"
Enabled Screen Saver:
---------------------
HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\system32\ssmypics.scr" [MS]
DESKTOP.INI DLL launch in local fixed drive directories:
--------------------------------------------------------
C:\Documents and Settings\Administrateur\Local Settings\Historique\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
CLSID={FF393560-C2A7-11CF-BFF4-444553540000}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
C:\Documents and Settings\Administrateur\Local Settings\Historique\History.IE5\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
CLSID={FF393560-C2A7-11CF-BFF4-444553540000}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
C:\Documents and Settings\Default User\Local Settings\Historique\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
CLSID={FF393560-C2A7-11CF-BFF4-444553540000}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
C:\Documents and Settings\Default User\Local Settings\Historique\History.IE5\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
CLSID={FF393560-C2A7-11CF-BFF4-444553540000}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Feeds Cache\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Feeds Cache\77HM9HK2\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Feeds Cache\A3XG43AC\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Feeds Cache\E9C7MOVM\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Feeds Cache\XYX48PK5\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
C:\Documents and Settings\HP_Propriétaire\Local Settings\Historique\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
CLSID={FF393560-C2A7-11CF-BFF4-444553540000}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
C:\Documents and Settings\HP_Propriétaire\Local Settings\Historique\History.IE5\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
CLSID={FF393560-C2A7-11CF-BFF4-444553540000}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
C:\Documents and Settings\HP_Propriétaire\Local Settings\Temporary Internet Files\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
C:\Documents and Settings\HP_Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
C:\Documents and Settings\LocalService\Local Settings\Historique\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
CLSID={FF393560-C2A7-11CF-BFF4-444553540000}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
CLSID={FF393560-C2A7-11CF-BFF4-444553540000}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
C:\Documents and Settings\LocalService\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
C:\Documents and Settings\LocalService\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\01ZWDSYD\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
C:\Documents and Settings\LocalService\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\6H8DHDNE\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
C:\Documents and Settings\LocalService\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\6XY31FJK\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
C:\Documents and Settings\LocalService\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\YO091NII\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
C:\Documents and Settings\LocalService\Local Settings\Temp\Historique\History.IE5\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
CLSID={FF393560-C2A7-11CF-BFF4-444553540000}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\DESKTOP.INI
[.ShellClassInfo]
CLSID={FF393560-C2A7-11CF-BFF4-444553540000}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
C:\Documents and Settings\NetworkService\Local Settings\Historique\History.IE5\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
CLSID={FF393560-C2A7-11CF-BFF4-444553540000}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\1E3FD1XG\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\87AV47MP\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\POFUVRS1\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\YHY9KHO7\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
C:\WINDOWS\assembly\DESKTOP.INI
[.ShellClassInfo]
CLSID={1D2680C9-0E2A-469d-B787-065558BC7D43}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\mscoree.dll" [MS]
C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
CLSID={FF393560-C2A7-11CF-BFF4-444553540000}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
CLSID={FF393560-C2A7-11CF-BFF4-444553540000}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
C:\WINDOWS\Temp\Historique\History.IE5\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
CLSID={FF393560-C2A7-11CF-BFF4-444553540000}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\8TMFW1IJ\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\G5I34PMN\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\SPYZ8HQZ\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\WDURKPEZ\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
D:\cmdcons\DESKTOP.INI
[.ShellClassInfo]
CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ShellvRTF.dll" ["XSS"]
D:\hp\DESKTOP.INI
[.ShellClassInfo]
CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ShellvRTF.dll" ["XSS"]
D:\I386\DESKTOP.INI
[.ShellClassInfo]
CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ShellvRTF.dll" ["XSS"]
D:\PRELOAD\DESKTOP.INI
[.ShellClassInfo]
CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ShellvRTF.dll" ["XSS"]
D:\RECOVERY\DESKTOP.INI
[.ShellClassInfo]
CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ShellvRTF.dll" ["XSS"]
D:\MiniNT\DESKTOP.INI
[.ShellClassInfo]
CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ShellvRTF.dll" ["XSS"]
D:\TOOLS\DESKTOP.INI
[.ShellClassInfo]
CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ShellvRTF.dll" ["XSS"]
D:\SYSTEM.SAV\DESKTOP.INI
[.ShellClassInfo]
CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ShellvRTF.dll" ["XSS"]
D:\Systemwiederherstellung\DESKTOP.INI
[.ShellClassInfo]
CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ShellvRTF.dll" ["XSS"]
Startup items in "HP_Propriétaire" & "All Users" startup folders:
-----------------------------------------------------------------
C:\Documents and Settings\HP_Propriétaire\Menu Démarrer\Programmes\Démarrage
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
Enabled Scheduled Tasks:
------------------------
"1-Click Maintenance" -> launches: "C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe /schedulestart" ["TuneUp Software GmbH"]
"1-Klick-Wartung" -> launches: "C:\alan\Tuneup07\SystemOptimizer.exe /schedulestart" [file not found]
"AppleSoftwareUpdate" -> launches: "C:\Program Files\Apple Software Update\SoftwareUpdate.exe -Task" ["Apple Computer, Inc."]
"HP Usg Daily" -> launches: "C:\Program Files\HP\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\pexpress\hphped05.exe" [empty string]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000004\LibraryPath = "%SystemRoot%\System32\nwprovau.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
C:\WINDOWS\system32\imon.dll ["Eset "], 01 - 05, 28
%SystemRoot%\system32\mswsock.dll [MS], 06 - 08, 11 - 27
%SystemRoot%\system32\rsvpsp.dll [MS], 09 - 10
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
"{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5}"
-> {HKLM...CLSID} = "HP view"
\InProcServer32\(Default) = "c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll" ["Hewlett-Packard Company"]
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5}"
-> {HKLM...CLSID} = "HP view"
\InProcServer32\(Default) = "c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll" ["Hewlett-Packard Company"]
"{0E5CBF21-D15F-11D0-8301-00AA005B4383}"
-> {HKLM...CLSID} = "&Liens"
\InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS]
"{01E04581-4EEE-11D0-BFE9-00AA005B4383}"
-> {HKLM...CLSID} = "&Adresse"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]
HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5}" = (no title provided)
-> {HKLM...CLSID} = "HP view"
\InProcServer32\(Default) = "c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll" ["Hewlett-Packard Company"]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]
Explorer Bars
HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\
{21569614-B795-46B1-85F4-E737A8DC09AD}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Shell Search Band"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
{30D02401-6A81-11D0-8274-00C04FD5AE38}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Bande de recherche"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
{EFA24E61-B078-11D0-89E4-00C04FC9E26E}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Favorites Band"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
{EFA24E62-B078-11D0-89E4-00C04FC9E26E}\(Default) = (no title provided)
-> {HKLM...CLSID} = "History Band"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
{EFA24E64-B078-11D0-89E4-00C04FC9E26E}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Explorer Band"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
{4D5C8C25-D075-11D0-B416-00C04FB90376}\(Default) = (no title provided)
-> {HKLM...CLSID} = "&Astuce du jour"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
HKLM\Software\Classes\CLSID\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5}\(Default) = "HP view"
Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]
InProcServer32\(Default) = "c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll" ["Hewlett-Packard Company"]
HKLM\Software\Classes\CLSID\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}\(Default) = "Bandeau de recherche de l'Explorateur"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS]
Extensions (Tools menu items, main toolbar menu buttons)
HKCU\Software\Microsoft\Internet Explorer\Extensions\
{E2D4D26B-0180-43A4-B05F-462D6D54C789}\
"ButtonText" = "Aide à la connexion"
"MenuText" = "Aide à la connexion"
"Script" = "C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm" [null data]
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Console Java (Sun)"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}"
-> {HKLM...CLSID} = "Java Plug-in 1.5.0_04"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll" ["Sun Microsystems, Inc."]
{77BF5300-1474-4EC7-9980-D32B190E9B07}\
"ButtonText" = "Skype"
"CLSIDExtension" = "{77BF5300-1474-4EC7-9980-D32B190E9B07}"
-> {HKLM...CLSID} = "Skype add-on (button)"
\InProcServer32\(Default) = "C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL" ["Skype Technologies S.A."]
{A5ABA0BB-F195-40D8-A5E9-0801153E6597}\
"ButtonText" = "Add to EverNote"
"MenuText" = "Add to EverNote"
"CLSIDExtension" = "{2151DA8C-C5B6-4B4F-86AB-BDA449BF8747}"
-> {HKLM...CLSID} = "WebClipper Class"
\InProcServer32\(Default) = "C:\Program Files\EverNote\EverNote\enbar.dll" ["EverNote Corporation"]
{E2D4D26B-0180-43A4-B05F-462D6D54C789}\
"ButtonText" = "Aide à la connexion"
"MenuText" = "Aide à la connexion"
"Script" = "C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm" [null data]
{E2E2DD38-D088-4134-82B7-F2BA38496583}\
"MenuText" = "@xpsp3res.dll,-20001"
"Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS]
{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [file not found]
Internet Explorer Address Prefixes:
-----------------------------------
Prefix for bare domain ("domain-name-here.com")
HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Default Prefix\
(Default) = "http://"
Prefix for specific service (i.e., "www")
HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes\
"ftp" = "ftp://"
"gopher" = "gopher://"
"home" = "http://"
"mosaic" = "http://"
"www" = "http://"
Miscellaneous IE Hijack Points
------------------------------
C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")
Added lines (compared with English-language version):
[Strings]: START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
[Strings]: SAFESITE_VALUE="http://home.microsoft.com/intl/fr/"
Missing lines (compared with English-language version):
[Strings]: 2 lines
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" = (no title provided)
-> {HKLM...CLSID} = "Microsoft Url Search Hook"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
HKLM\Software\Microsoft\Internet Explorer\AboutURLs\
"NavigationFailure" = "res://shdoclc.dll/navcancl.htm" [MS]
"DesktopItemNavigationFailure" = "res://shdoclc.dll/navcancl.htm" [MS]
"NavigationCanceled" = "res://shdoclc.dll/navcancl.htm" [MS]
"OfflineInformation" = "res://shdoclc.dll/offcancl.htm" [MS]
"Home" = hex:0x0000010E
"blank" = "res://mshtml.dll/blank.htm" [MS]
"PostNotCached" = "res://mshtml.dll/repost.htm" [MS]
<<H>> "TuneUp" = "file://C|/Documents and Settings/All Users/Application Data/TuneUp Software/Common/base.css" [file not found]
HOSTS file
----------
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\
"DataBasePath" = "C:\WINDOWS\System32\drivers\etc"
C:\WINDOWS\System32\drivers\etc\HOSTS
maps: 1 domain name to an IP address,
and this is the localhost IP address
All Running Services (Display Name, Service Name, Path {Service DLL}):
----------------------------------------------------------------------
Acquisition d'image Windows (WIA), stisvc, "C:\WINDOWS\system32\svchost.exe -k imgsvc" {"C:\WINDOWS\system32\wiaservc.dll" [MS]}
Aide et support, helpsvc, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll" [MS]}
Appel de procédure distante (RPC), RpcSs, "C:\WINDOWS\system32\svchost -k rpcss" {"C:\WINDOWS\System32\rpcss.dll" [MS]}
Assistance TCP/IP NetBIOS, LmHosts, "C:\WINDOWS\system32\svchost.exe -k LocalService" {"C:\WINDOWS\System32\lmhsvc.dll" [MS]}
Audio Windows, AudioSrv, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\audiosrv.dll" [MS]}
BrSplService, Brother XP spl Service, "C:\WINDOWS\system32\brsvc01a.exe" ["brother Industries Ltd"]
Centre de sécurité, wscsvc, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\system32\wscsvc.dll" [MS]}
Client de suivi de lien distribué, TrkWks, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\system32\trkwks.dll" [MS]}
Client DHCP, Dhcp, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\dhcpcsvc.dll" [MS]}
Client DNS, Dnscache, "C:\WINDOWS\system32\svchost.exe -k NetworkService" {"C:\WINDOWS\System32\dnsrslvr.dll" [MS]}
Compatibilité avec le Changement rapide d'utilisateur, FastUserSwitchingCompatibility, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\shsvcs.dll" [MS]}
Configuration automatique sans fil, WZCSVC, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\wzcsvc.dll" [MS]}
Connexion secondaire, seclogon, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\seclogon.dll" [MS]}
Connexions réseau, Netman, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\netman.dll" [MS]}
Détection matériel noyau, ShellHWDetection, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\shsvcs.dll" [MS]}
Emplacement protégé, ProtectedStorage, "C:\WINDOWS\system32\lsass.exe" [MS]
Explorateur d'ordinateur, Browser, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\browser.dll" [MS]}
Gestionnaire de comptes de sécurité, SamSs, "C:\WINDOWS\system32\lsass.exe" [MS]
Gestionnaire de connexions d'accès distant, RasMan, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\rasmans.dll" [MS]}
HID Input Service, HidServ, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\hidserv.dll" [MS]}
Horloge Windows, W32Time, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\system32\w32time.dll" [MS]}
HTTP SSL, HTTPFilter, "C:\WINDOWS\System32\svchost.exe -k HTTPFilter" {"C:\WINDOWS\System32\w3ssl.dll" [MS]}
Hôte de périphérique universel Plug-and-Play, upnphost, "C:\WINDOWS\system32\svchost.exe -k LocalService" {"C:\WINDOWS\System32\upnphost.dll" [MS]}
Infrastructure de gestion Windows, winmgmt, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\system32\wbem\WMIsvc.dll" [MS]}
iPod Service, iPod Service, ""C:\Program Files\iPod\bin\iPodService.exe"" ["Apple Computer, Inc."]
Journal des événements, Eventlog, "C:\WINDOWS\system32\services.exe" [MS]
Lanceur de processus serveur DCOM, DcomLaunch, "C:\WINDOWS\system32\svchost -k DcomLaunch" {"C:\WINDOWS\system32\rpcss.dll" [MS]}
LightScribeService Direct Disc Labeling Service, LightScribeService, ""c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe"" ["Hewlett-Packard Company"]
Messenger Sharing USN Journal Reader service, usnsvc, "C:\WINDOWS\system32\svchost.exe -k usnsvc" {"C:\Program Files\MSN Messenger\usnsvc.dll" [MS]}
Mises à jour automatiques, wuauserv, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\system32\wuauserv.dll" [MS]}
NLA (Network Location Awareness), Nla, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\mswsock.dll" [MS]}
NOD32 Kernel Service, NOD32krn, ""C:\Program Files\Eset\nod32krn.exe"" ["Eset "]
Notification d'événement système, SENS, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\system32\sens.dll" [MS]}
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]
Pare-feu Windows / Partage de connexion Internet, SharedAccess, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\ipnathlp.dll" [MS]}
Planificateur de tâches, Schedule, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\system32\schedsvc.dll" [MS]}
Plug-and-Play, PlugPlay, "C:\WINDOWS\system32\services.exe" [MS]
Serveur, lanmanserver, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\srvsvc.dll" [MS]}
Service de découvertes SSDP, SSDPSRV, "C:\WINDOWS\system32\svchost.exe -k LocalService" {"C:\WINDOWS\System32\ssdpsrv.dll" [MS]}
Service de la passerelle de la couche Application, ALG, "C:\WINDOWS\System32\alg.exe" [MS]
Service de rapport d'erreurs, ERSvc, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\ersvc.dll" [MS]}
Service de restauration système, srservice, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\system32\srsvc.dll" [MS]}
Service SNMP, SNMP, "C:\WINDOWS\System32\snmp.exe" [MS]
Services de cryptographie, CryptSvc, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\cryptsvc.dll" [MS]}
Services IPSEC, PolicyAgent, "C:\WINDOWS\system32\lsass.exe" [MS]
Services Terminal Server, TermService, "C:\WINDOWS\System32\svchost -k DComLaunch" {"C:\WINDOWS\System32\termsrv.dll" [MS]}
Spouleur d'impression, Spooler, "C:\WINDOWS\system32\spoolsv.exe" [MS]
Station de travail, lanmanworkstation, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\wkssvc.dll" [MS]}
Système d'événements de COM+, EventSystem, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\system32\es.dll" [MS]}
Thèmes, Themes, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\shsvcs.dll" [MS]}
Téléphonie, TapiSrv, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\tapisrv.dll" [MS]}
WebClient, WebClient, "C:\WINDOWS\system32\svchost.exe -k LocalService" {"C:\WINDOWS\System32\webclnt.dll" [MS]}
Windows Driver Foundation - User-mode Driver Framework, WudfSvc, "C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup" {"C:\WINDOWS\System32\WUDFSvc.dll" [MS]}
Windows Media Player Network Sharing Service, WMPNetworkSvc, "C:\Program Files\Windows Media Player\WMPNetwk.exe" [MS]
Keyboard Driver Filters:
------------------------
HKLM\System\CurrentControlSet\Control\Class\{4D36E96B-E325-11CE-BFC1-08002BE10318}\
"UpperFilters" = "kbdclass" [MS]
Print Monitors:
---------------
HKLM\System\CurrentControlSet\Control\Print\Monitors\
BJ Language Monitor\Driver = "cnbjmon.dll" [MS]
hpzlnt09\Driver = "hpzlnt09.dll" ["HP"]
Local Port\Driver = "localspl.dll" [MS]
LPR Port\Driver = "lprmon.dll" [MS]
Microsoft Shared Fax Monitor\Driver = "FXSMON.DLL" [MS]
PJL Language Monitor\Driver = "pjlmon.dll" [MS]
Standard TCP/IP Port\Driver = "tcpmon.dll" [MS]
USB Monitor\Driver = "usbmon.dll" [MS]
-- (total run time: 222 seconds)
<<!>>: Suspicious data at a malware launch point.
<<H>>: Suspicious data at a browser hijack point.
I ran the scan without explorer and the weird iexplore.exe process running. i just realised that it might have affected silentrunners, do you want me to re-scan with explorer running (which would then launch server.exe -> iexplore.exe too) ?
oh! I had explorer.exe killed (therefore iexplore.exe too) and then i manually launched iexplore.exe to see if the weird one would start too, and it didn't, even when i relaunched explorer.exe the pc has now been on for several hours and the process is gone! im gonna restart to see if it's permanent..
restarted, still no sign of it, seems all is good!?
Hi, sorry for the long delay. I had an extremely busy day...
Looks like you have a backdoor infection there. I forgot that you mentioned about this in your first reply. Silentrunners revealed where the thingy loads....
Make your hidden files visible:
Go to My Computer
Select the Tools menu and click Folder Options
Click the View tab.
Checkmark the "Display the contents of system folders"
Under the Hidden files and folders select "Show hidden files and folders"
Uncheck "Hide protected operating system files"
Click Apply and then the OK and close My Computer.
Go to virustotal.com (http://www.virustotal.com)
Click on the Browse button
Browse to the following file:
C:\WINDOWS\system32\WinUpdate\server.exe
Click Open and then on Send
Wait for the scan to end.
Copy & Paste the scan results to here.
Is there any other files in the C:\WINDOWS\system32\WinUpdate\ folder ?
Let me know and well get you cleaned :bigthumb:
No problem!
winupdate: one other file:
"klog", hidden, 471ko , DAT file...
.. date last modified 22.01.2007 19:44 --- that's when the iexplore.exe stopped popping back up i think!
otherwise things have been running well, no more long freezing or anything, just had a weird problem with two games that wouldn't run because of same problem: application could not be initialised properly 0xc0000005 but i added the exe files to the PED authorised list and restarted and that's fixed, probably no link there but seemed odd as that had never happened before.
any chance of this server.exe having anything to do with my router/modem freezing? doubt it, it would be helpful though :p
Scan results:
Complete scanning result of "server.exe", received in VirusTotal at 01.24.2007, 02:24:36 (CET).
Antivirus Version Update Result
AntiVir 7.3.0.26 01.23.2007 no virus found
Authentium 4.93.8 01.23.2007 no virus found
Avast 4.7.936.0 01.23.2007 no virus found
AVG 386 01.23.2007 no virus found
BitDefender 7.2 01.24.2007 no virus found
CAT-QuickHeal 9.00 01.22.2007 no virus found
ClamAV devel-20060426 01.23.2007 no virus found
DrWeb 4.33 01.23.2007 no virus found
eSafe 7.0.14.0 01.23.2007 suspicious Trojan/Worm
eTrust-InoculateIT 23.73.121 01.24.2007 no virus found
eTrust-Vet 30.3.3346 01.23.2007 no virus found
Ewido 4.0 01.23.2007 no virus found
Fortinet 2.85.0.0 01.24.2007 no virus found
F-Prot 3.16f 01.23.2007 no virus found
F-Prot4 4.2.1.29 01.23.2007 no virus found
Ikarus T3.1.0.27 01.24.2007 Trojan-Spy.Win32.Bancos.ha
Kaspersky 4.0.2.24 01.24.2007 no virus found
McAfee 4947 01.23.2007 no virus found
Microsoft 1.1904 01.23.2007 no virus found
NOD32v2 2000 01.23.2007 no virus found
Norman 5.80.02 01.23.2007 no virus found
Panda 9.0.0.4 01.24.2007 no virus found
Prevx1 V2 01.24.2007 no virus found
Sophos 4.13.0 01.24.2007 no virus found
Sunbelt 2.2.907.0 01.22.2007 VIPRE.Suspicious
TheHacker 6.0.3.155 01.24.2007 no virus found
UNA 1.83 01.23.2007 no virus found
VBA32 3.11.2 01.23.2007 MalwareScope.Backdoor.Hupigon.18
VirusBuster 4.3.19:9 01.23.2007 novirus:Packed/eXPressor
Aditional Information
File size: 1189566 bytes
MD5: c523f52044c90fe4fff6939d3339b689
SHA1: 26f94bca358a2263412098a6da0abb3105ef2296
packers: EXPRESSOR
packers: Expr
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.
Yaouch, doesn't look good.
I took the liberty of scanning the klog file there too, nothing found, additional information included anyway (no clue what it is)
Aditional Information
File size: 482713 bytes
MD5: c5ecb3296440dba4a3b7527040ee99eb
SHA1: a70983ff1b5773ae9bf9380d9f86caf188438e47
i've been clean for some time, since i only recently had to get rid of my laptop and have been using other ppl's pc's, so i'm a bit outdated, what is a backdoor infection ?!
Hi :)
Ok, looks like a quite new nastie (only a few scanners recognized it)...
I would like you to upload the malware file for further inspection.
Please go here (http://www.uploadmalware.com/) to upload a suspicious file for analysis.
Enter your username from this forum
Copy and paste the link to this thread
Click "Browse" on the 1. field.
Browse to the following file and click the file with your mouse, press "Open"
C:\WINDOWS\system32\WinUpdate\server.exe
In the comments, please mention that I asked you to upload this file
Click on Send File
Thank you :bigthumb:
Then a backdoor is a dangerous infection. This is what I usually post when one is found:
One or more of the identified infections is a backdoor trojan :sick:
This allows hackers to remotely control your computer, steal critical system information and Download and Execute files
I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.
Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud? (http://www.dslreports.com/faq/10451)
When Should I Format, How Should I Reinstall (http://www.dslreports.com/faq/10063)
I can help you in the cleaning if you don't want to reformat but I can't promise that we'll get you 100% clean.
Please let us know what you have decided to do in your next post:bigthumb:
But we're this far now so I think you might want to vote for the cleaning. If so:
Backup your registry:
Start
Run
Type the following to the box and hit Ok: regedit
A window opens, click on File
Choose Export form the menu
Change the save location to C:\
Give the filename, RegBackUp
Make sure that the filetype is set to Registryfiles (*.reg)
Click on Save and Close the window
Open Notepad (NOT WORDPAD!) and copy the following lines from the quote box below into a new document, leaving a blank line at the end. (don't forget to copy and paste the word REGEDIT4) :
REGEDIT4
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{24E2079E-B564-942A-78CE-D4049B7E7033}]
Make sure there are NO blank lines before REGEDIT4
Make sure there IS one blank line at the end of the file.
Save the document to your desktop as Fix.reg and filetype: All Files
Go to your desktop and double click on the file to run Fix.reg and when it asks you if you want to merge the contents to the registry, click yes/ok.
Download Dr.Web CureIt to the desktop -> ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
Restart your computer to the safe mode:
Restart your computer
Start tapping the F8 key when the computer restarts.
When the start menu opens, choose Safe mode
Press Enter. The computer then begins to start in Safe mode.
Go to the My Computer and delete the following folder:
C:\WINDOWS\system32\WinUpdate
Run a scan with Dr.Web CureIt Doubleclick the drweb-cureit.exe file and Allow to run the express scan
This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
Once the short scan has finished, you should now mark the drives that you want to scan.
Select all drives. A red dot shows which drives have been chosen.
Click the green arrow at the right, and the scan will start.
Click 'Yes to all' if it asks if you want to cure/move the file.
When the scan has finished, look if you can click next icon next to the files found http://users.telenet.be/bluepatchy/miekiemoes/images/check.gif
If so, click it and then click the next icon right below and select Move incurable
After the scan, in the menu, click file and choose save report list
Save the report to your desktop. The report will be called DrWeb.csv
Close Dr.Web Cureit.
Reboot the computer in Normal Mode,
Post the Cure-it report and a fresh HijackThis log
server.exe - uploaded.
Dr Web Log:
RegUBP2b-HP_Propriétaire.reg;C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots;Trojan.StartPage.1505;Deleted.;
Silent Runners.vbs;C:\silentrunners;Probably BATCH.Virus;Incurable.Moved.;
A0058229.reg;C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP359;Trojan.StartPage.1505;Deleted.;
A0059678.reg;C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP362;Trojan.StartPage.1505;Deleted.;
A0059774.reg;C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP362;Trojan.StartPage.1505;Deleted.;
A0059851.reg;C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP363;Trojan.StartPage.1505;Deleted.;
A0060025.reg;C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP363;Trojan.StartPage.1505;Deleted.;
A0060194.reg;C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP363;Trojan.StartPage.1505;Deleted.;
A0060250.reg;C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP363;Trojan.StartPage.1505;Deleted.;
A0060389.reg;C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP364;Trojan.StartPage.1505;Deleted.;
HiJackThis:
Logfile of HijackThis v1.99.1
Scan saved at 01:10:21, on 25/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\iTunes\iTunes.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\alan\adware removal\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ch/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: Add to EverNote - res://C:\Program Files\EverNote\EverNote\enbar.dll/2000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Program Files\EverNote\EverNote\enbar.dll
O9 - Extra 'Tools' menuitem: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Program Files\EverNote\EverNote\enbar.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\alan\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\alan\ICQLite\ICQLite.exe
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.1.2.76.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/06101102/qsp2ie06101001.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D394CCEB-BDBB-41AD-BBF1-9E2517C12ACA}: NameServer = 195.186.1.111,195.186.4.111
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
Hi :)
Looks pretty good now. How are things running ?
This leftover can be fixed with HijackThis:
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
You don't seem to a firewall (http://forum.malwareremoval.com/viewtopic.php?p=56#56) running, you must install one firewall.
NOTE: If you're using Windows XP firewall, I recommend that you install a better firewall. Windows firewall doesn't really provide enough protection.
Disable Windows firewall after installing a new firewall.
These are good (free) firewalls: Sunbelt-Kerio (http://www.sunbelt-software.com/Kerio.cfm)
ZoneAlarm (http://www.zonelabs.com/)
Sygate (http://http://www.majorgeeks.com/download.php?det=3356)
Outpost (http://www.majorgeeks.com/download.php?det=1056)
Now you can clean AVG's Quarantine:
Open AVG Anti-Spyware
Click Infections
Click Quarantine tab
Click Select all
Click Remove finally
Close the program
You can remove the tools we used.
Then you should update your Java to the latest version (6.0) Start
Control Panel
Add/Remove Programs
Delete the old Java, J2SE Runtime Environment 5.0 Update 4
Download the latest version of Java Runtime Environment (JRE) 6.0 (http://java.sun.com/javase/downloads/index.jsp).
Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications."
Click the "Download" button to the right.
Check the box that says: "Accept License Agreement."
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Install it
Now you can make your hidden files hidden again.
Go to My Computer
Select the Tools menu and click Folder Options
Click the View tab.
Checkmark the "Display the contents of system folders"
Under the Hidden files and folders select "Show hidden files and folders"
Check "Hide protected operating system files"
Click Apply and then the OK and close My Computer.
=============
If things are running fine...
Now that you seem to be clean, please follow these simple steps in order to keep your computer clean and secure:
Clear your system restore (http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/mcgill1.mspx)
This will clear the system restore folders from possible malware that was left behind during the cleaning process.
Use ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1)
Download and install ATF Cleaner. Clean your temporary files & folders with it regularly.
Use Ad-Aware (http://www.bleepingcomputer.com/forums/?showtutorial=48)
Download and install Ad-Aware. Update it and scan your computer regularly with it.
Use AVG Anti-Spyware (http://www.ewido.net/en/)
Update it and scan your computer regularly with it.
Use Spybot S&D (http://www.bleepingcomputer.com/forums/?showtutorial=43)
Download and install Spybot S&D. Update it and scan your computer regularly with it.
Install SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html)
SpywareBlaster will prevent spyware from being installed.
Install MVPS Hosts file (http://mvps.org/winhelp2002/hosts.htm)
This prevents your computer from connecting to harmful sites.
Use Firefox browser (http://www.mozilla.org)
Firefox is faster, safer and better browser than Internet Explorer.
Keep your systen up-to-date (http://windowsupdate.microsoft.com)
Visit Windows Update regularly.
Keep your antivirus and firewall up-to-date
Scan your computer regularly with your antivirus.
Read this article by TonyKlein (http://forums.spybot.info/showthread.php?t=279)
So how did I get infected in the first place?
Stand Up and Be Counted ! (http://www.malwarecomplaints.info/index.php)
The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.
Stay clean and be safe ;)
Hi :D:
so far not bad, but i couldn't delete the AVG quarantine since I had never installed it in the first place ^^ but i now Have installed it, as well as spyware blaster + guard, kerio firewall, java 6 and got atf cleaner.
obviously it slows down the pc a bit but i guess it's worth it. plus it's not really my PC so i will wait till i have my own again to run with no other processes than explorer :p: for some reason, rundll32.exe is always running , wasn't before...
cleared the system restore points, i do that regularly anyway..
now the only thing i would really really want to know, is how the hell did that thing get there?! :p:
oh and what does the analysis of the server.exe file tell you?
Opps I forgot the AVG :P
Well I don't analyse the file but experts do. Then they post a copy to many antivirus vendors so they may add the file to their detections.
There are many ways to catch an infection. You read the article by Tony Klein in my last message ?
Yes yes, I read the article.. I just never used any antivirus/firewall in the past 4-5 years and always managed to stay clean by being sensible and not doing anything stupid. On the other hand i'm not the only one using this computer as it's not mine.
the reason i asked about the server.exe is in case the result of the analysis discovers something important that might still affect my computer.
but at this time, it seems we are all clear. so many thanks for your help!!
I would say that novadays it is impossible to survive without a firewall. Attackers start scanning you for vulnerabilities immediately after you have connected to the internet. So I strongly recommend that you install a firewall.
As the problem appears to be resolved this topic has been archived.
If you need it re-opened please send a private message (pm) to a forum staff member and provide a link to the thread; this applies only to the original topic starter.
Glad we could help :2thumb: