Possible WIN32.TROJANDOWNLOADER.AGENT.AM? Need second opinion, not desperately urgent

A

alanus

New member
Hi, i'll get straight to the point.

only After upgrading ie to v.7 i noticed that iexplore.exe was running even when i didn't have it opened. so i downgraded back to 6, but the iexplore.exe was/is still running even though IE is not open. in taskmgr.exe if i kill the process, about 10 seconds later, server.exe launches and a few secs after that it changes its name to iexplore.exe. the reason i am suspicious is because its only using about 5'600kb of memory, plus sometimes there were 2 of these small iexplore.exe processes.

so i ran virus scan nod32, nothing, panda - nothing (log to follow as requested in "before you post"), lavasoft ad-aware came up with WIN32.TROJANDOWNLOADER.AGENT.AM . so safe mode - spybot - found only cookies, nothing else. reperformed full system scan in adaware and didn't find anything this time (except cookies again).

as far as symptoms go, apart from seeing iexplore.exe in taskmgr.exe, very frequent freezing and bugging/lagging, real dodgy bugging too : i could make taskmgr.exe come up, but i could only control it with the keyboard, mouse clicks wouldnt do anything. but now i have ie6 again, no more freezing for now. no popups nor the usual adware stuff like ie tool bars etc either.

basically, i tried to find something on the net about this peculiar iexplore.exe behaviour but found nothing. another thing i found weird is when i searched my C drive for server.exe (i know nothing about this exe, might be normal, you'll know) it was in windows/system32/winupdate and it was set as hidden. with also SERVER.EXE-03540188.pf in windows/prefetch

so basically, what would be great, is if someone could tell me first of all: do i have a trojan or virus or adware of whatever you wanna call an indesirable thing that gets into pcs and if yes, how to get rid of it. if not, why on earth do i have that iexplore.exe process taking 5mb of my memory ???????

(you can see in the hijack this log that iexplore.exe is running even though i didn't have it opened at the time either, actually i'd be quite happy to completely get rid of it as i use firefox, but annoying sites - like panda actually - require it for the activescan to work *sigh*)


Thanks a bunch, as I said, the pc seems fine now so it's not particularly life or death situation urgent, however we do have 4 pcs connected on lan to the router/modem so if there's anything on this pc I don't want it getting to the others, one of which is already infected with something anyway,but it's my sister's so i'll post the logs of that later, when i get to it ^^.

Thanks.

Panda Log follows.
 
Panda Log

Incident Status Location

Spyware:Cookie/Seeq Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\i5atjndt.default\cookies.txt[.www48.seeq.com/]
Spyware:Cookie/Xmts Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\i5atjndt.default\cookies.txt[.xmts.net/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\i5atjndt.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\i5atjndt.default\cookies.txt[.xiti.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\i5atjndt.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\i5atjndt.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\i5atjndt.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Seeq Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\i5atjndt.default\cookies.txt[.seeq.com/]
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\i5atjndt.default\cookies.txt[.tradedoubler.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\i5atjndt.default\cookies.txt[.overture.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\i5atjndt.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/PayCounter Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\i5atjndt.default\cookies.txt[.paycounter.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\i5atjndt.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/HotLog Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\i5atjndt.default\cookies.txt[.hotlog.ru/]
Spyware:Cookie/SpyLog Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\i5atjndt.default\cookies.txt[.spylog.com/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\i5atjndt.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\i5atjndt.default\cookies.txt[.as1.falkag.de/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\i5atjndt.default\cookies.txt[.adtech.de/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\i5atjndt.default\cookies.txt[.c5.zedo.com/]
Spyware:Cookie/NewMedia Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\i5atjndt.default\cookies.txt[.anm.co.uk/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\i5atjndt.default\cookies.txt[.ads.pointroll.com/]
 
Log pt 2

Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\i5atjndt.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\i5atjndt.default\cookies.txt[.as-us.falkag.net/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\i5atjndt.default\cookies.txt[.ad.yieldmanager.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\i5atjndt.default\cookies.txt[.247realmedia.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\i5atjndt.default\cookies.txt[.as1.falkag.de/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\i5atjndt.default\cookies.txt[.bluestreak.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\i5atjndt.default\cookies.txt[.112.2o7.net/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\i5atjndt.default\cookies.txt[.com.com/]
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\i5atjndt.default\cookies.txt[.cs.sexcounter.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\i5atjndt.default\cookies.txt[.as1.falkag.de/]
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\i5atjndt.default\cookies.txt[.cs.sexcounter.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\i5atjndt.default\cookies.txt[.2o7.net/]
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\i5atjndt.default\cookies.txt[.cs.sexcounter.com/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\i5atjndt.default\cookies.txt[.adtech.de/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\lqx4gnlm.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Seeq Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\lqx4gnlm.default\cookies.txt[.www48.seeq.com/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\lqx4gnlm.default\cookies.txt[.xiti.com/]
Spyware:Cookie/Xmts Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\lqx4gnlm.default\cookies.txt[.xmts.net/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\lqx4gnlm.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\lqx4gnlm.default\cookies.txt[.tradedoubler.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\lqx4gnlm.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/PayCounter Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\lqx4gnlm.default\cookies.txt[.paycounter.com/]
Spyware:Cookie/HotLog Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\lqx4gnlm.default\cookies.txt[.hotlog.ru/]
Spyware:Cookie/SpyLog Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\lqx4gnlm.default\cookies.txt[.spylog.com/]
 
Log pt 3

Spyware:Cookie/Seeq Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\lqx4gnlm.default\cookies.txt[.seeq.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\lqx4gnlm.default\cookies.txt[.overture.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\lqx4gnlm.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\lqx4gnlm.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\lqx4gnlm.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\lqx4gnlm.default\cookies.txt[.ad.yieldmanager.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\lqx4gnlm.default\cookies.txt[.247realmedia.com/]
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\lqx4gnlm.default\cookies.txt[.cs.sexcounter.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\lqx4gnlm.default\cookies.txt[.ad.yieldmanager.com/]
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\lqx4gnlm.default\cookies.txt[.cs.sexcounter.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\lqx4gnlm.default\cookies.txt[.112.2o7.net/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\lqx4gnlm.default\cookies.txt[.com.com/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\lqx4gnlm.default\cookies.txt[.adtech.de/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\lqx4gnlm.default\cookies.txt[.as1.falkag.de/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\lqx4gnlm.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\lqx4gnlm.default\cookies.txt[.as1.falkag.de/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\lqx4gnlm.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\lqx4gnlm.default\cookies.txt[.as1.falkag.de/]
Spyware:Cookie/NewMedia Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\lqx4gnlm.default\cookies.txt[.anm.co.uk/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\lqx4gnlm.default\cookies.txt[.as1.falkag.de/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\lqx4gnlm.default\cookies.txt[.bluestreak.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\lqx4gnlm.default\cookies.txt[.as-us.falkag.net/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\lqx4gnlm.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/NewMedia Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies-1.txt[.anm.co.uk/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies-1.txt[ad.yieldmanager.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies-1.txt[.mediaplex.com/]
 
Log pt 4

Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies-1.txt[.doubleclick.net/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies-1.txt[.zedo.com/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies-1.txt[.xiti.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies-1.txt[.fastclick.net/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies-1.txt[.adtech.de/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies-1.txt[.com.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies-1.txt[.atdmt.com/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies-1.txt[.bluestreak.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies-1.txt[.advertising.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies-1.txt[.tribalfusion.com/]
Spyware:Cookie/SpyLog Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies-1.txt[.spylog.com/]
Spyware:Cookie/HotLog Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies-1.txt[.hotlog.ru/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies-1.txt[.toplist.cz/]
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies-1.txt[.tradedoubler.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies-1.txt[.casalemedia.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies-1.txt[.ads.pointroll.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies-1.txt[.questionmarket.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies-1.txt[.serving-sys.com/]
Spyware:Cookie/Weborama Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies-1.txt[.weborama.fr/]
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies-1.txt[.yadro.ru/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies-1.txt[.2o7.net/]
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies-1.txt[.z1.adserver.com/]
Spyware:Cookie/RealTracker Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies-1.txt[.web2.realtracker.com/]
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies-1.txt[.stat.onestat.com/]
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies-1.txt[.valueclick.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies-1.txt[.statcounter.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies-1.txt[.statse.webtrendslive.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies-1.txt[.trafficmp.com/]
 
Log pt 5

Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies-1.txt[.server.iad.liveperson.net/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies-1.txt[.realmedia.com/]
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies-1.txt[.qksrv.net/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies-1.txt[.phg.hitbox.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies-1.txt[.revenue.net/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies-1.txt[.perf.overture.com/]
Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies-1.txt[.i.screensavers.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies-1.txt[.hitbox.com/]
Spyware:Cookie/Lop Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies-1.txt[.mp3search.ru/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies-1.txt[.maxserving.com/]
Spyware:Cookie/FortuneCity Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies-1.txt[.fortunecity.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies-1.txt[.microsofteup.112.2o7.net/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies-1.txt[.go.com/]
Spyware:Cookie/Comclick Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies-1.txt[.fl01.ct2.comclick.com/]
Spyware:Cookie/Hitslink Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies-1.txt[.counter.hitslink.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies-1.txt[.statse.webtrendslive.com/dcss3oxau5twkf4oma0cdcas2_2o4b]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies.txt[.hitbox.com/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies.txt[.xiti.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/NewMedia Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies.txt[.anm.co.uk/]
Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies.txt[.bfast.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies.txt[.2o7.net/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies.txt[.bluestreak.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Weborama Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies.txt[.weborama.fr/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies.txt[.com.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/HotLog Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies.txt[.hotlog.ru/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies.txt[.adtech.de/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Adviva Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies.txt[.adviva.net/]
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies.txt[.adopt.hbmediapro.com/]
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies.txt[.clickbank.net/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/SpyLog Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies.txt[.spylog.com/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies.txt[.toplist.cz/]
 
Log pt 6 - Final

Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies.txt[.tradedoubler.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies.txt[.yadro.ru/]
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies.txt[.z1.adserver.com/]
Spyware:Cookie/RealTracker Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies.txt[.web2.realtracker.com/]
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies.txt[.stat.onestat.com/]
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies.txt[.valueclick.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies.txt[.statse.webtrendslive.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies.txt[.server.iad.liveperson.net/]
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies.txt[.qksrv.net/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies.txt[.phg.hitbox.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies.txt[.revenue.net/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies.txt[.perf.overture.com/]
Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies.txt[.i.screensavers.com/]
Spyware:Cookie/Lop Not disinfected C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\cookies.txt[.mp3search.ru/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\HP_Propriétaire\Cookies\hp_propriétaire@ad.yieldmanager[2].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\HP_Propriétaire\Cookies\hp_propriétaire@adopt.hbmediapro[2].txt
Spyware:Cookie/NewMedia Not disinfected C:\Documents and Settings\HP_Propriétaire\Cookies\hp_propriétaire@anm.co[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\HP_Propriétaire\Cookies\hp_propriétaire@atwola[1].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\HP_Propriétaire\Cookies\hp_propriétaire@burstnet[2].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\HP_Propriétaire\Cookies\hp_propriétaire@cgi-bin[1].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\HP_Propriétaire\Cookies\hp_propriétaire@cgi-bin[3].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\HP_Propriétaire\Cookies\hp_propriétaire@cgi-bin[7].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\HP_Propriétaire\Cookies\hp_propriétaire@com[2].txt
Spyware:Cookie/Sexsuche Not disinfected C:\Documents and Settings\HP_Propriétaire\Cookies\hp_propriétaire@counter.sexsuche[1].txt
Spyware:Cookie/360i Not disinfected C:\Documents and Settings\HP_Propriétaire\Cookies\hp_propriétaire@ct.360i[1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\HP_Propriétaire\Cookies\hp_propriétaire@drivecleaner[2].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\HP_Propriétaire\Cookies\hp_propriétaire@errorsafe[2].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\HP_Propriétaire\Cookies\hp_propriétaire@go[2].txt
Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\HP_Propriétaire\Cookies\hp_propriétaire@i.screensavers[2].txt
Spyware:Cookie/Itrack Not disinfected C:\Documents and Settings\HP_Propriétaire\Cookies\hp_propriétaire@ilead.itrack[1].txt
Spyware:Cookie/Lop Not disinfected C:\Documents and Settings\HP_Propriétaire\Cookies\hp_propriétaire@mp3search[2].txt
Spyware:Cookie/Rn11 Not disinfected C:\Documents and Settings\HP_Propriétaire\Cookies\hp_propriétaire@rn11[1].txt
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\HP_Propriétaire\Cookies\hp_propriétaire@toplist[1].txt
Spyware:Cookie/Tucows Not disinfected C:\Documents and Settings\HP_Propriétaire\Cookies\hp_propriétaire@tucows[2].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\HP_Propriétaire\Cookies\hp_propriétaire@www.drivecleaner[2].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\HP_Propriétaire\Cookies\hp_propriétaire@www.errorsafe[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\HP_Propriétaire\Cookies\hp_propriétaire@xiti[1].txt
Spyware:Cookie/Xmts Not disinfected C:\Documents and Settings\HP_Propriétaire\Cookies\hp_propriétaire@xmts[1].txt
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\HP_Propriétaire\Cookies\hp_propriétaire@yadro[1].txt
Potentially unwanted tool:Application/KillApp.B Not disinfected C:\hp\bin\KillIt.exe
 
HiJack this Log:

Logfile of HijackThis v1.99.1
Scan saved at 18:11:57, on 12/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\ISSVC.exe
c:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\alan\Steam\steam.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\alan\adware removal\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ch/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: Add to EverNote - res://C:\Program Files\EverNote\EverNote\enbar.dll/2000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Program Files\EverNote\EverNote\enbar.dll
O9 - Extra 'Tools' menuitem: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Program Files\EverNote\EverNote\enbar.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.1.2.76.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/06101102/qsp2ie06101001.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D394CCEB-BDBB-41AD-BBF1-9E2517C12ACA}: NameServer = 195.186.1.111,195.186.4.111
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe




PS : sorry if i didn't do the notepad format modification, but my pc's in french so i'm not sure what it corresponded to.

if needed to know, pc 3.2 ghz, 1024 ram, 200gb internal + 300gb external, max 1 year old.hp.
 
Hi alanus and welcome to the Forums :)

Sorry for the log delay.

If you still need help, please post a fresh HijackThis log :bigthumb:
 
Hijack this log

Logfile of HijackThis v1.99.1
Scan saved at 19:19:19, on 19/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\ISSVC.exe
c:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\cidaemon.exe
C:\alan\BitComet\BitComet.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\alan\adware removal\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ch/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O8 - Extra context menu item: Add to EverNote - res://C:\Program Files\EverNote\EverNote\enbar.dll/2000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Program Files\EverNote\EverNote\enbar.dll
O9 - Extra 'Tools' menuitem: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Program Files\EverNote\EverNote\enbar.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.1.2.76.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/06101102/qsp2ie06101001.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D394CCEB-BDBB-41AD-BBF1-9E2517C12ACA}: NameServer = 195.186.1.111,195.186.4.111
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
 
Hi :)

1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    • Extended (if available otherwise Standard)
    • Scan Options:
    • Scan Archives
      Scan Mail Bases
  • Click OK
  • Now under select a target to scan:
    • Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
 
Combo FiX

"HP_Propri‚taire" - 07-01-20 13:05:03 Service Pack 2
ComboFix 07-01-18 - Running from: "C:\alan\adware removal"

((((((((((((((((((((((((((((((( Files Created from 2006-12-20 to 2007-01-20 ))))))))))))))))))))))))))))))))))


2007-01-20 13:07 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-01-20 13:07 <REP> d-------- C:\WINDOWS\LastGood
2007-01-12 15:18 <REP> d-------- C:\DOCUME~1\ADMINI~1\Application Data\Lavasoft
2007-01-12 15:11 <REP> d-------- C:\DOCUME~1\ADMINI~1\WINDOWS
2007-01-12 15:11 <REP> d-------- C:\DOCUME~1\ADMINI~1\Voisinage r‚seau
2007-01-12 15:11 <REP> d-------- C:\DOCUME~1\ADMINI~1\Voisinage d'impression
2007-01-12 15:11 <REP> d-------- C:\DOCUME~1\ADMINI~1\ModŠles
2007-01-12 15:11 <REP> d-------- C:\DOCUME~1\ADMINI~1\Mes documents
2007-01-12 15:11 <REP> d-------- C:\DOCUME~1\ADMINI~1\Menu D‚marrer
2007-01-12 15:11 <REP> d-------- C:\DOCUME~1\ADMINI~1\Favoris
2007-01-12 15:11 <REP> d-------- C:\DOCUME~1\ADMINI~1\Bureau
2007-01-12 15:11 <REP> d-------- C:\DOCUME~1\ADMINI~1\Application Data\Symantec
2007-01-12 15:11 <REP> d-------- C:\DOCUME~1\ADMINI~1\Application Data\SampleView
2007-01-12 15:11 <REP> d-------- C:\DOCUME~1\ADMINI~1\Application Data\Apple Computer
2007-01-11 15:21 <REP> d-------- C:\WINDOWS\system32\ActiveScan
2007-01-11 14:38 <REP> d-------- C:\Program Files\Lavasoft
2007-01-11 14:38 <REP> d-------- C:\DOCUME~1\HP_PRO~1\Application Data\Lavasoft
2007-01-11 14:37 <REP> d-------- C:\Program Files\FBM Software
2007-01-11 14:02 <REP> d--hs---- C:\DOCUME~1\HP_PRO~1\Phone Browser
2007-01-11 13:58 <REP> d-------- C:\DOCUME~1\HP_PRO~1\Application Data\Nokia
2007-01-11 13:58 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\PC Suite
2007-01-11 13:57 <REP> d-------- C:\Program Files\Fichiers communs\PCSuite
2007-01-11 13:57 <REP> d-------- C:\Program Files\Fichiers communs\Nokia
2007-01-11 13:57 <REP> d-------- C:\Program Files\DIFX
2007-01-11 13:57 <REP> d-------- C:\DOCUME~1\HP_PRO~1\Application Data\PC Suite
2007-01-11 13:56 9,216 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys
2007-01-11 13:56 50,688 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2007-01-11 13:56 4,608 --a------ C:\WINDOWS\system32\nmwcdlog.dll
2007-01-11 13:56 30,720 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2007-01-11 13:56 138,240 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys
2007-01-11 13:56 12,800 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys
2007-01-11 13:56 <REP> d-------- C:\Program Files\PC Connectivity Solution
2007-01-11 13:56 <REP> d-------- C:\Program Files\Nokia
2007-01-09 15:21 <REP> d-------- C:\WINDOWS\Winexe
2006-12-21 14:41 <REP> d-------- C:\Program Files\HighCriteria
2006-12-21 14:13 <REP> d-------- C:\Program Files\Fichiers communs\Skype
2006-12-21 14:12 54,272 --a------ C:\WINDOWS\system32\DrvTrNTm.dll
2006-12-21 14:12 106,496 --a------ C:\WINDOWS\system32\DrvTrNTl.dll
2006-12-20 23:19 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2006-12-20 23:19 299,392 --a------ C:\WINDOWS\system32\imon.dll
2006-12-20 23:19 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2006-12-20 01:48 <REP> d--h----- C:\WINDOWS\system32\WinUpdate


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-01-20 12:59 -------- d-------- C:\Program Files\mozilla firefox
2007-01-19 17:36 -------- d-------- C:\DOCUME~1\HP_PRO~1\Application Data\skype
2007-01-18 19:29 -------- d-------- C:\DOCUME~1\HP_PRO~1\Application Data\adobeum
2007-01-18 01:43 -------- d-------- C:\Program Files\Fichiers communs\symantec shared
2007-01-15 21:51 -------- d-------- C:\DOCUME~1\HP_PRO~1\Application Data\teamspeak2
2007-01-11 16:49 -------- d-------- C:\Program Files\norton internet security
2007-01-11 16:44 -------- d-------- C:\Program Files\microsoft antispyware
2007-01-11 16:35 -------- d-------- C:\Program Files\google
2007-01-11 16:30 -------- d-a------ C:\Program Files\Fichiers communs\lightscribe
2007-01-11 16:12 -------- d-------- C:\Program Files\Fichiers communs\wise installation wizard
2007-01-11 16:07 -------- d--h----- C:\Program Files\installshield installation information
2007-01-11 16:05 -------- d-------- C:\DOCUME~1\HP_PRO~1\Application Data\my games
2007-01-11 15:55 -------- d-------- C:\Program Files\easy internet signup
2007-01-11 14:55 -------- d-------- C:\Program Files\ppmate
2007-01-09 16:56 -------- d-------- C:\Program Files\msn messenger
2007-01-08 14:59 -------- d-------- C:\DOCUME~1\HP_PRO~1\Application Data\dvdcss
2006-12-21 14:13 -------- d-------- C:\Program Files\skype
2006-12-18 03:07 -------- d-------- C:\DOCUME~1\HP_PRO~1\Application Data\ppstream
2006-12-18 02:59 -------- d-------- C:\Program Files\Fichiers communs\synacast
2006-12-18 02:59 -------- d-------- C:\DOCUME~1\HP_PRO~1\Application Data\ppmate
2006-12-18 00:45 -------- d-------- C:\Program Files\maxtv
2006-12-18 00:45 -------- d-------- C:\Program Files\maxsoftware
2006-12-18 00:44 -------- d-------- C:\Program Files\maxtv online
2006-12-17 20:57 -------- d-------- C:\Program Files\foldersizes
2006-12-17 20:31 7310 --a------ C:\DOCUME~1\HP_PRO~1\Application Data\wklnhst.dat
2006-12-17 02:27 -------- d-------- C:\Program Files\windows media connect 2
2006-12-17 02:09 -------- d-------- C:\Program Files\itunes
2006-12-17 02:09 -------- d-------- C:\Program Files\ipod
2006-12-17 02:08 -------- d-------- C:\Program Files\quicktime
2006-12-17 02:06 -------- d-------- C:\Program Files\apple software update
2006-12-09 08:17 -------- d-------- C:\Program Files\eportfolio v1.11
2006-11-27 09:45 60416 --------- C:\WINDOWS\system32\tzchange.exe
2006-11-25 09:39 -------- d-------- C:\Program Files\activision
2006-11-21 11:25 33280 --a------ C:\WINDOWS\system32\snmp.exe
2006-11-19 19:07 4608 --a------ C:\WINDOWS\system32\w95inf32.dll
2006-11-19 19:07 2272 --a------ C:\WINDOWS\system32\w95inf16.dll
2006-11-08 06:07 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-07 03:26 13312 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-11-03 10:03 8292352 --a------ C:\WINDOWS\system32\wmploc.dll
2006-11-03 09:59 99840 --a------ C:\WINDOWS\system32\wmpshell.dll
2006-11-03 09:58 272384 --a------ C:\WINDOWS\system32\wmerror.dll
2006-11-03 09:56 7680 --a------ C:\WINDOWS\system32\asferror.dll
2006-11-02 11:52 44032 --------- C:\WINDOWS\system32\wpdshextres.dll
2006-10-20 02:38 716800 --a------ C:\WINDOWS\system32\sxs.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"SpybotSD TeaTimer"="C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"
"WMPNSCFG"="C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe"
"updateMgr"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_8 -reboot 1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /installquiet /keeploaded /nodetect"
"nod32kui"="\"C:\\Program Files\\Eset\\nod32kui.exe\" /WAITSERVICE"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
"Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"Steam"="\"M:\\GameZ - 40 Go\\FoldaZ\\Steam\\Steam.exe\" -silent"
"WMPNSCFG"="C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.908.8472\\GoogleToolbarNotifier.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"Reminder"="\"C:\\Windows\\Creator\\Remind_XP.exe\""
"snpstd"="C:\\WINDOWS\\vsnpstd.exe"
"Raccourci vers la page des propriétés de High Definition Audio"="HDAudPropShortcut.exe"
"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"HPHmon06"="C:\\WINDOWS\\system32\\hphmon06.exe"
"HPHUPD06"="c:\\Program Files\\HP\\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\\hphupd06.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_04\\bin\\jusched.exe"
"hpsysdrv"="c:\\windows\\system\\hpsysdrv.exe"
"KBD"="C:\\HP\\KBD\\KBD.EXE"
"LSBWatcher"="c:\\hp\\drivers\\hplsbwatcher\\lsburnwatcher.exe"
"PS2"="C:\\WINDOWS\\system32\\ps2.exe"
"AlcWzrd"="ALCWZRD.EXE"
"TkBellExe"="\"C:\\Program Files\\Fichiers communs\\Real\\Update_OB\\realsched.exe\" -osboot"
"Alcmtr"="ALCMTR.EXE"
"SoundMan"="SOUNDMAN.EXE"
"Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
"AGRSMMSG"="AGRSMMSG.exe"
"URLLSTCK.exe"="c:\\Program Files\\Norton Internet Security\\UrlLstCk.exe"
"ccApp"="\"c:\\Program Files\\Fichiers communs\\Symantec Shared\\ccApp.exe\""
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"HP Component Manager"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\""
"HPDJ Taskbar Utility"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb09.exe"
"HPHmon05"="C:\\WINDOWS\\system32\\hphmon05.exe"
"HPHUPD05"="C:\\Program Files\\HP\\\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\\hphupd05.exe"
"SSBkgdUpdate"="\"C:\\Program Files\\Fichiers communs\\Scansoft Shared\\SSBkgdUpdate\\SSBkgdupdate.exe\" -Embedding -boot"
"IndexSearch"="C:\\Program Files\\ScanSoft\\PaperPort\\IndexSearch.exe"
"PaperPort PTD"="C:\\Program Files\\ScanSoft\\PaperPort\\pptd40nt.exe"
"TotalRecorderScheduler"="\"C:\\Program Files\\HighCriteria\\TotalRecorder\\TotRecSched.exe\""
"PDFPrint"="\"C:\\Program Files\\pdf24\\PDF24Updater.exe\""
"PCSuiteTrayApplication"="C:\\alan\\Nokia\\Nokia PC Suite 6\\LaunchApplication.exe -startup"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{9EF34FF2-3396-4527-9D27-04C8C1C67806}"="Microsoft AntiSpyware Service Hook"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"PcSync"="C:\\alan\\Nokia\\Nokia PC Suite 6\\PcSync2.exe /NoDialog"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"PcSync"="C:\\alan\\Nokia\\Nokia PC Suite 6\\PcSync2.exe /NoDialog"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSharedDocuments"=hex:00,00,00,00

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
Usnsvc REG_MULTI_SZ usnsvc\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\1-Klick-Wartung.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\HP Usg Daily.job
C:\WINDOWS\tasks\Symantec NetDetect.job

Completion time: 07-01-20 13:09:17
 
KasperSky

sure thing,

C:\alan\BitComet\Downloads\Coupling\Season 1\Coupling - 01x01 - Flushed.avi.bc! Object is locked skipped

C:\alan\BitComet\Downloads\Coupling\Season 1\Coupling - 01x02 - Size matters.avi.bc! Object is locked skipped

C:\alan\BitComet\Downloads\Coupling\Season 1\Coupling - 01x03 - Sex,Death, And Nudity.avi.bc! Object is locked skipped

C:\alan\BitComet\Downloads\Coupling\Season 1\Coupling - 01x04 - Inferno.avi.bc! Object is locked skipped

C:\alan\BitComet\Downloads\Coupling\Season 1\Coupling - 01x05 - The Girl With Two Breasts.avi.bc! Object is locked skipped

C:\alan\BitComet\Downloads\Coupling\Season 1\Coupling - 01x06 - The Cupboard of Patricks Love.avi.bc! Object is locked skipped

C:\alan\BitComet\Downloads\Coupling\Season 2\Coupling - 02x01 - The Man with Two Legs.avi.bc! Object is locked skipped

C:\alan\BitComet\Downloads\Coupling\Season 2\Coupling - 02x02 - My Dinner In Hell.avi.bc! Object is locked skipped

C:\alan\BitComet\Downloads\Coupling\Season 2\Coupling - 02x03 - Her Best Friend's Bottom.avi.bc! Object is locked skipped

C:\alan\BitComet\Downloads\Coupling\Season 2\Coupling - 02x04 - T10.avi.bc! Object is locked skipped

C:\alan\BitComet\Downloads\Coupling\Season 2\Coupling - 02X05 - Jane and The Truth Snake.avi.bc! Object is locked skipped

C:\alan\BitComet\Downloads\Coupling\Season 2\Coupling - 02x06 - Gotcha.avi.bc! Object is locked skipped

C:\alan\BitComet\Downloads\Coupling\Season 2\Coupling - 02x07 - Dressed.avi.bc! Object is locked skipped

C:\alan\BitComet\Downloads\Coupling\Season 2\Coupling - 02x08 - Naked.avi.bc! Object is locked skipped

C:\alan\BitComet\Downloads\Coupling\Season 2\Coupling - 02x09 - The End Of The Line.avi.bc! Object is locked skipped

C:\alan\BitComet\Downloads\Coupling\Season 3\Coupling - 03x01 - Split.mpg.bc! Object is locked skipped

C:\alan\BitComet\Downloads\Coupling\Season 3\Coupling - 03x02 - Faithless.mpg.bc! Object is locked skipped

C:\alan\BitComet\Downloads\Coupling\Season 3\Coupling - 03x03 - Unconditional Sex.mpg.bc! Object is locked skipped

C:\alan\BitComet\Downloads\Coupling\Season 3\Coupling - 03x04 - Remember This.mpg.bc! Object is locked skipped

C:\alan\BitComet\Downloads\Coupling\Season 3\Coupling - 03x05 - The Freckle, The Key and The Couple Who Weren't.avi.bc! Object is locked skipped

C:\alan\BitComet\Downloads\Coupling\Season 3\Coupling - 03x06 - The Girl With One Heart.avi.bc! Object is locked skipped

C:\alan\BitComet\Downloads\Coupling\Season 3\Coupling - 03x07 - Perhaps, Perhaps, Perhaps.mpg.bc! Object is locked skipped

C:\alan\BitComet\Downloads\Coupling\Season 4\Coupling - 04x01 - Nine And A Half Minutes.avi.bc! Object is locked skipped

C:\alan\BitComet\Downloads\Coupling\Season 4\Coupling - 04x02 - Night Lines.avi.bc! Object is locked skipped

C:\alan\BitComet\Downloads\Coupling\Season 4\Coupling - 04x03 - Bed time.avi.bc! Object is locked skipped

C:\alan\BitComet\Downloads\Coupling\Season 4\Coupling - 04x04 - Circus of The Epidurals.avi.bc! Object is locked skipped

C:\alan\BitComet\Downloads\Coupling\Season 4\Coupling - 04x05 - The Naked Living Room.avi.bc! Object is locked skipped

C:\alan\BitComet\Downloads\Coupling\Season 4\Coupling - 04x06 - Nine And A Half Months.avi.bc! Object is locked skipped

C:\alan\Steam\Steam.log Object is locked skipped

C:\alan\Steam\steamapps\winui.gcf Object is locked skipped

C:\alan\Steam\SteamLogs\SteamStats.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Confid.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Content.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Privacy.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Restrict.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\WebHist.log Object is locked skipped

C:\Documents and Settings\HP_Propriétaire\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\the_hitman696@hotmail.com\SharingMetadata\Logs\Dfsr.log Object is locked skipped

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\the_hitman696@hotmail.com\SharingMetadata\pending.dat Object is locked skipped

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\the_hitman696@hotmail.com\SharingMetadata\Working\database_1583_23FB_61C3_5978\dfsr.db Object is locked skipped

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\the_hitman696@hotmail.com\SharingMetadata\Working\database_1583_23FB_61C3_5978\fsr.log Object is locked skipped

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\the_hitman696@hotmail.com\SharingMetadata\Working\database_1583_23FB_61C3_5978\tmp.edb Object is locked skipped

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Windows Live Contacts\the_hitman696@hotmail.com\real\members.stg Object is locked skipped

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\Cache\_CACHE_001_ Object is locked skipped

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\Cache\_CACHE_002_ Object is locked skipped

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\Cache\_CACHE_003_ Object is locked skipped

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Mozilla\Firefox\Profiles\pod0hcee.default\Cache\_CACHE_MAP_ Object is locked skipped

C:\Documents and Settings\HP_Propriétaire\Local Settings\Historique\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\HP_Propriétaire\Local Settings\Temp\~DF2BEF.tmp Object is locked skipped

C:\Documents and Settings\HP_Propriétaire\Local Settings\Temp\~DFA86E.tmp Object is locked skipped

C:\Documents and Settings\HP_Propriétaire\Local Settings\Temp\~DFA88B.tmp Object is locked skipped

C:\Documents and Settings\HP_Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\HP_Propriétaire\Mes documents\Ma musique\iTunes\iTunes Library.itl Object is locked skipped

C:\Documents and Settings\HP_Propriétaire\ntuser.dat Object is locked skipped

C:\Documents and Settings\HP_Propriétaire\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temp\Historique\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\hp\bin\KillWind.exe Infected: not-a-virus:RiskTool.Win32.PsKill.p skipped

C:\Program Files\ESET\cache\CACHE.NDB Object is locked skipped

C:\Program Files\ESET\logs\virlog.dat Object is locked skipped

C:\Program Files\ESET\logs\warnlog.dat Object is locked skipped

C:\Program Files\Fichiers communs\Symantec Shared\AntiSpam\Log\Spam.log Object is locked skipped

C:\Program Files\Fichiers communs\Symantec Shared\SNDALRT.log Object is locked skipped

C:\Program Files\Fichiers communs\Symantec Shared\SNDCON.log Object is locked skipped

C:\Program Files\Fichiers communs\Symantec Shared\SNDDBG.log Object is locked skipped

C:\Program Files\Fichiers communs\Symantec Shared\SNDFW.log Object is locked skipped

C:\Program Files\Fichiers communs\Symantec Shared\SNDIDS.log Object is locked skipped

C:\Program Files\Fichiers communs\Symantec Shared\SNDSYS.log Object is locked skipped

C:\Program Files\Fichiers communs\Symantec Shared\SPPolicy.log Object is locked skipped

C:\Program Files\Fichiers communs\Symantec Shared\SPStart.log Object is locked skipped

C:\Program Files\Fichiers communs\Symantec Shared\SPStop.log Object is locked skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\AVApp.log Object is locked skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\AVError.log Object is locked skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\AVVirus.log Object is locked skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\07401699.zip/BlackBox.class Infected: Exploit.Java.ByteVerify skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\07401699.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\07401699.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\07401699.zip ZIP: infected - 3 skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\07401699.zip CryptFF: infected - 3 skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP360\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\drivers\atapi.sys Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\Temp\Perflib_Perfdata_554.dat Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped
 
Conclusion

well,

i mean it seems that there is nothing wrong.

but then why is there that iexplore.exe ??? i've realised that if i kill explorer then it doesn't keep coming back, and as i realised i do fine without explorer (lol) for the time being that's what i have resorted to ^^

thx for taking the time to take a look!
 
Hi :)

Nothing bad in the logs....Just an infection in Nortons Quarantine, you may clean it, instructions
Then it isn't recommendable to run mre than one antivirus at the same time, you may get conflicts. (Norton & NOD32)

Then are you sure that the name of the process is iexplore.exe ? Are you sure that it isn't explorer.exe ?

:bigthumb:
 
rp

as far as i know, i'm not using norton, it was preinstalled on the pc.

nah mate i know the difference between explorer.exe and iexplore.exe ^^

it happened again, just now as i launched explorer.exe, server.exe started up and now its iexplore.exe ... and if i launch IE, it just adds another iexplore.exe process.

very very weird. maybe un-re installing IE ?
 
Hi :)

Well you have some Norton remainings running there. Run this Norton Uninstaller

Make a new folder in the C:\drive called silentrunners
Download 'silent runners" from here: (direct download)
http://www.silentrunners.org/Silent Runners.vbs
Save it to your silentrunners folder.

Click start> run> type cmd and hit enter
Type the following exactly and hit enter after each line.
cd c:\silentrunners and hit enter
"silent runners.vbs" -all and hit enter

Wait until it pops up saying its completed, then post the resulting logfile here
It will be very large. You may need several posts to include everything

:bigthumb:
 
Silentrunners Log

"Silent Runners.vbs", revision R50, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output of all locations checked and all values found.


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"SpybotSD TeaTimer" = "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" ["Safer Networking Limited"]
"WMPNSCFG" = "C:\Program Files\Windows Media Player\WMPNSCFG.exe" [MS]
"updateMgr" = ""C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1" ["Adobe Systems Incorporated"]

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /installquiet /keeploaded /nodetect" ["NVIDIA Corporation"]
"nod32kui" = ""C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE" ["Eset "]

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\

HKLM\Software\Microsoft\Active Setup\Installed Components\
<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}\(Default) = "IE7 Uninstall Stub"
\StubPath = "C:\WINDOWS\system32\ieudinit.exe" [MS]
>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\(Default) = "Microsoft Windows Media Player"
\StubPath = "C:\WINDOWS\inf\unregmp2.exe /ShowWMP" [MS]
{24E2079E-B564-942A-78CE-D4049B7E7033}\(Default) = (no title provided)
\StubPath = "C:\WINDOWS\system32\WinUpdate\server.exe s" [null data]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{22BF413B-C6D2-4d91-82A9-A0F997BA588C}\(Default) = "Skype add-on (mastermind)"
-> {HKLM...CLSID} = "Skype add-on (mastermind)"
\InProcServer32\(Default) = "C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL" ["Skype Technologies S.A."]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Google Toolbar Helper"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{00022613-0000-0000-C000-000000000046}" = "Feuille de propriétés du fichier multimédia"
-> {HKLM...CLSID} = "Feuille de propriétés du fichier multimédia"
\InProcServer32\(Default) = "mmsys.cpl" [MS]
"{176d6597-26d3-11d1-b350-080036a75b03}" = "Gestion de scanneur ICM"
-> {HKLM...CLSID} = "Gestion de scanneur ICM"
\InProcServer32\(Default) = "icmui.dll" [MS]
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}" = "Page de sécurité NTFS"
-> {HKLM...CLSID} = "Extension de l'environnement de sécurité"
\InProcServer32\(Default) = "rshx32.dll" [MS]
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}" = "Page des propriétés de OLE DocFile"
-> {HKLM...CLSID} = "Page des propriétés de OLE DocFile"
\InProcServer32\(Default) = "docprop.dll" [MS]
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}" = "Extensions de l'environnement pour le partage"
-> {HKLM...CLSID} = "Extensions de l'interpréteur de commandes pour le partage"
\InProcServer32\(Default) = "ntshrui.dll" [MS]
"{41E300E0-78B6-11ce-849B-444553540000}" = "PlusPack CPL Extension"
-> {HKLM...CLSID} = "Extension du Panneau de configuration PlusPack"
\InProcServer32\(Default) = "C:\WINDOWS\system32\themeui.dll" [MS]
"{42071712-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Carte du Panneau de configuration"
-> {HKLM...CLSID} = "Extension Affichage Carte du Panneau de configuration"
\InProcServer32\(Default) = "deskadp.dll" [MS]
"{42071713-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Écran du Panneau de configuration"
-> {HKLM...CLSID} = "Extension Affichage Écran du Panneau de configuration"
\InProcServer32\(Default) = "deskmon.dll" [MS]
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"
-> {HKLM...CLSID} = "Extension Affichage Panorama du Panneau de configuration"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{4E40F770-369C-11d0-8922-00A024AB2DBB}" = "Page de sécurité DS"
-> {HKLM...CLSID} = "Extension de l'environnement de sécurité"
\InProcServer32\(Default) = "dssec.dll" [MS]
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}" = "Page de compatibilité"
-> {HKLM...CLSID} = "Page de compatibilité"
\InProcServer32\(Default) = "SlayerXP.dll" [MS]
"{56117100-C0CD-101B-81E2-00AA004AE837}" = "Gestionnaire de données endommagées de l'environnement"
-> {HKLM...CLSID} = "Gestionnaire de données endommagées de l'environnement"
\InProcServer32\(Default) = "shscrap.dll" [MS]
"{59099400-57FF-11CE-BD94-0020AF85B590}" = "Extension copie de disquette"
-> {HKLM...CLSID} = "Extension copie de disquette"
\InProcServer32\(Default) = "diskcopy.dll" [MS]
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}" = "Extensions de l'environnement pour les objets réseau de Microsoft Windows"
-> {HKLM...CLSID} = "Extensions de l'environnement pour les objets réseau de Microsoft Windows"
\InProcServer32\(Default) = "ntlanui2.dll" [MS]
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}" = "Gestion d'écran ICM"
-> {HKLM...CLSID} = "Gestion d'écran ICM"
\InProcServer32\(Default) = "C:\WINDOWS\System32\icmui.dll" [MS]
"{675F097E-4C4D-11D0-B6C1-0800091AA605}" = "Gestion d'imprimante ICM"
-> {HKLM...CLSID} = "Gestion d'imprimante ICM"
\InProcServer32\(Default) = "C:\WINDOWS\system32\icmui.dll" [MS]
"{77597368-7b15-11d0-a0c2-080036af3f03}" = "Extension de l'environnement d'imprimante Web"
-> {HKLM...CLSID} = "Extension de l'environnement d'impression Web"
\InProcServer32\(Default) = "printui.dll" [MS]
"{7988B573-EC89-11cf-9C00-00AA00A14F56}" = "Disk Quota UI"
-> {HKLM...CLSID} = "Microsoft Disk Quota UI"
\InProcServer32\(Default) = "dskquoui.dll" [MS]
"{85BBD920-42A0-1069-A2E4-08002B30309D}" = "Porte-documents"
-> {HKLM...CLSID} = "Porte-documents"
\InProcServer32\(Default) = "syncui.dll" [MS]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{BD84B380-8CA2-1069-AB1D-08000948F534}" = "Fonts"
-> {HKLM...CLSID} = "Fonts"
\InProcServer32\(Default) = "fontext.dll" [MS]
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}" = "Profil ICC"
-> {HKLM...CLSID} = "Profil ICC"
\InProcServer32\(Default) = "C:\WINDOWS\system32\icmui.dll" [MS]
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}" = "Page de sécurité des imprimantes"
-> {HKLM...CLSID} = "Extension de l'environnement de sécurité"
\InProcServer32\(Default) = "rshx32.dll" [MS]
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}" = "Extensions de l'environnement pour le partage"
-> {HKLM...CLSID} = "Extensions de l'interpréteur de commandes pour le partage"
\InProcServer32\(Default) = "ntshrui.dll" [MS]
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}" = "Display TroubleShoot CPL Extension"
-> {HKLM...CLSID} = "Display TroubleShoot CPL Extension"
\InProcServer32\(Default) = "deskperf.dll" [MS]
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}" = "Extension de cryptographie PKO"
-> {HKLM...CLSID} = "CryptPKO Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\cryptext.dll" [MS]
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}" = "Extension de cryptographie Sign"
-> {HKLM...CLSID} = "CryptSig Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\cryptext.dll" [MS]
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}" = "Connexions réseau"
-> {HKLM...CLSID} = "Connexions réseau"
\InProcServer32\(Default) = "C:\WINDOWS\system32\NETSHELL.dll" [MS]
"{992CFFA0-F557-101A-88EC-00DD010CCC48}" = "Connexions réseau"
-> {HKLM...CLSID} = "Connexions réseau"
\InProcServer32\(Default) = "C:\WINDOWS\system32\NETSHELL.dll" [MS]
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}" = "&Scanneurs et appareils photo"
-> {HKLM...CLSID} = "&Scanneurs et appareils photo"
\InProcServer32\(Default) = "wiashext.dll" [MS]
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}" = "&Scanneurs et appareils photo"
-> {HKLM...CLSID} = "&Scanneurs et appareils photo"
\InProcServer32\(Default) = "wiashext.dll" [MS]
"{905667aa-acd6-11d2-8080-00805f6596d2}" = "&Scanneurs et appareils photo"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "wiashext.dll" [MS]
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}" = "&Scanneurs et appareils photo"
-> {HKLM...CLSID} = "&Scanneurs et appareils photo"
\InProcServer32\(Default) = "wiashext.dll" [MS]
"{83bbcbf3-b28a-4919-a5aa-73027445d672}" = "&Scanneurs et appareils photo"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "wiashext.dll" [MS]
"{F0152790-D56E-4445-850E-4F3117DB740C}" = "Remote Sessions CPL Extension"
-> {HKLM...CLSID} = "Remote Sessions CPL Extension"
\InProcServer32\(Default) = "C:\WINDOWS\system32\remotepg.dll" [MS]
"{60254CA5-953B-11CF-8C96-00AA00B8708C}" = "Extensions de l'interpréteur de commandes pour l'environnement d'exécution de scripts Windows"
-> {HKLM...CLSID} = "Shell Extension For Windows Script Host"
\InProcServer32\(Default) = "C:\WINDOWS\system32\wshext.dll" [MS]
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}" = "Liaison de données Microsoft"
-> {HKLM...CLSID} = "Microsoft OLE DB Service Component Data Links"
\InProcServer32\(Default) = "C:\Program Files\Fichiers communs\System\Ole DB\oledb32.dll" [MS]
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}" = "Tasks Folder Icon Handler"
-> {HKLM...CLSID} = "Scheduling UI icon handler"
\InProcServer32\(Default) = "C:\WINDOWS\system32\mstask.dll" [MS]
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}" = "Tasks Folder Shell Extension"
-> {HKLM...CLSID} = "Scheduling UI property sheet handler"
\InProcServer32\(Default) = "C:\WINDOWS\system32\mstask.dll" [MS]
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}" = "Tâches planifiées"
-> {HKLM...CLSID} = "Tâches planifiées"
\InProcServer32\(Default) = "C:\WINDOWS\system32\mstask.dll" [MS]
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}" = "Set Program Access and Defaults"
-> {HKLM...CLSID} = "Set Program Access and Defaults"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}" = "Auto Update Property Sheet Extension"
-> {HKLM...CLSID} = "Auto Update Property Sheet Extension"
\InProcServer32\(Default) = "C:\WINDOWS\system32\wuaucpl.cpl" [MS]
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}" = "Rechercher"
-> {HKLM...CLSID} = "Rechercher"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}" = "Aide et support"
-> {HKLM...CLSID} = "Aide et support"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}" = "Aide et support"
-> {HKLM...CLSID} = "Sécurité de Windows"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}" = "Exécuter..."
-> {HKLM...CLSID} = "Exécuter..."
\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}" = "Internet"
-> {HKLM...CLSID} = "Internet"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}" = "Courrier électronique"
-> {HKLM...CLSID} = "Courrier électronique"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
"{D20EA4E1-3957-11d2-A40B-0C5020524152}" = "Polices"
-> {HKLM...CLSID} = "Polices"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
"{D20EA4E1-3957-11d2-A40B-0C5020524153}" = "Outils d'administration"
-> {HKLM...CLSID} = "Outils d'administration"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
"{596AB062-B4D2-4215-9F74-E9109B0A8153}" = "Page de propriétés des versions précédentes"
-> {HKLM...CLSID} = "Page de propriétés des versions précédentes"
\InProcServer32\(Default) = "C:\WINDOWS\system32\twext.dll" [MS]
"{9DB7A13C-F208-4981-8353-73CC61AE2783}" = "Versions précédentes"
-> {HKLM...CLSID} = "Versions précédentes"
\InProcServer32\(Default) = "C:\WINDOWS\system32\twext.dll" [MS]
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}" = "Audio Media Properties Handler"
-> {HKLM...CLSID} = "Audio Media Properties Handler"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shmedia.dll" [MS]
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}" = "Video Media Properties Handler"
-> {HKLM...CLSID} = "Video Media Properties Handler"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shmedia.dll" [MS]
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}" = "Wav Properties Handler"
-> {HKLM...CLSID} = "Wav Properties Handler"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shmedia.dll" [MS]
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}" = "Avi Properties Handler"
-> {HKLM...CLSID} = "Avi Properties Handler"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shmedia.dll" [MS]
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}" = "Midi Properties Handler"
-> {HKLM...CLSID} = "Midi Properties Handler"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shmedia.dll" [MS]
"{c5a40261-cd64-4ccf-84cb-c394da41d590}" = "Video Thumbnail Extractor"
-> {HKLM...CLSID} = "Video Thumbnail Extractor"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shmedia.dll" [MS]
"{5E6AB780-7743-11CF-A12B-00AA004AE837}" = "Barre d'outils Internet Microsoft"
-> {HKLM...CLSID} = "Barre d'outils Internet Microsoft"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}" = "État du téléchargement"
-> {HKLM...CLSID} = "État du téléchargement"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}" = "Dossier Bureau étendu"
-> {HKLM...CLSID} = "Dossier Bureau étendu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{6413BA2C-B461-11d1-A18A-080036B11A03}" = "Dossier du shell augmenté"
-> {HKLM...CLSID} = "Dossier du shell augmenté"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}" = "BandProxy"
-> {HKLM...CLSID} = "BandProxy"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}" = "Bande du navigateur Microsoft"
-> {HKLM...CLSID} = "Bande du navigateur Microsoft"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{30D02401-6A81-11d0-8274-00C04FD5AE38}" = "Bande de recherche"
-> {HKLM...CLSID} = "Bande de recherche"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}" = "Volet intégré de recherche"
-> {HKLM...CLSID} = "Volet intégré de recherche"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{07798131-AF23-11d1-9111-00A0C98BA67D}" = "Recherche Web"
-> {HKLM...CLSID} = "Recherche Web"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}" = "Utilitaire des options de l'arborescence du Registre"
-> {HKLM...CLSID} = "Utilitaire des options de l'arborescence du Registre"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}" = "&Adresse"
-> {HKLM...CLSID} = "&Adresse"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{A08C11D2-A228-11d0-825B-00AA005B4383}" = "Boîte d'entrée de l'adresse"
-> {HKLM...CLSID} = "Boîte d'entrée de l'adresse"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{00BB2763-6A77-11D0-A535-00C04FD7D062}" = "Saisie semi-automatique Microsoft"
-> {HKLM...CLSID} = "Saisie semi-automatique Microsoft"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{7376D660-C583-11d0-A3A5-00C04FD706EC}" = "TridentImageExtractor"
-> {HKLM...CLSID} = "TridentImageExtractor"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{6756A641-DE71-11d0-831B-00AA005B4383}" = "Liste de saisie semi-automatique MRU"
-> {HKLM...CLSID} = "Liste de saisie semi-automatique MRU"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}" = "Liste de saisie semi-automatique personnalisée MRU"
-> {HKLM...CLSID} = "Liste de saisie semi-automatique personnalisée MRU"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{7e653215-fa25-46bd-a339-34a2790f3cb7}" = "Accessible"
-> {HKLM...CLSID} = "Accessible"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{acf35015-526e-4230-9596-becbe19f0ac9}" = "Barre de progrès auto-ouvrante"
 
You must log in or register to reply here.
Back
Top