System Live Protect [RESOLVED], Contaminated with... |
Discover the best free computer help!
Learn more about Geeks to Go by taking the tour.
Learn more about Geeks to Go by taking the tour.
  |
  Sep 22 2007, 03:47 AM
Post
#1
|
|
|
Member  Posts: 11 OS: Windows XP Home  |
Hi!
I am contaminated with the malware System Live Protect (I have a system tray window that pop-up every 5 min or so, telling me that my computer is infected and that I should install something) I have tried the tool recommended on this forum, the SmitfraudFix and did everything mentionned on the How to but the pop-up came back straight after. So it doensn't seem to work! I'm on Windows XP Home. Thanks in advance for your help! |
 |
 
|
|
Sep 22 2007, 09:13 AM
Post
#2
|
|
 Global Moderator  Posts: 6,601 From: Darkest Cornwall OS: Vista Ultimate |
Hi there before I can help I will need some information
* Click here to download HJTsetup.exe
--------------------   Growing old is mandatory Growing up is optional. |
|
|
|
 Sep 22 2007, 01:42 PM
Post
#3
|
|
|
Member Posts: 11 OS: Windows XP Home |
Hi EssexBoy,
Thanx in advance for your help! Here is the log: -------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:40:04, on 22/09/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Bonjour\mDNSResponder.exe C:\PROGRA~1\SYMANT~2\SYMANT~1\DefWatch.exe C:\PROGRA~1\SYMANT~2\SYMANT~1\Rtvscan.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe C:\PROGRA~1\SYMANT~2\SYMANT~1\vptray.exe C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\WINDOWS\system32\pipmon.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe C:\WINDOWS\system32\pipmon.exe C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\Program Files\RXToolBar\sfcont.dll (file missing) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: Systran40perso.IEPlugIn - {D3919E86-D6A5-11D6-AC3E-00B0D094B576} - C:\Program Files\Systran\4_0\Personal\IEPlugIn.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\SYMANT~1\vptray.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe O4 - HKLM\..\Run: [WebInstall2] C:\WINDOWS\Temp\Adware\WebInstall.exe /R O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [pipmon] pipmon.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.1\apdproxy.exe" O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\WANADOO\GestMaj.exe EspaceWanadoo.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html O8 - Extra context menu item: &Search - http://kt.bar.need2find.com/KT/menusearch.html?p=KT O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Télécharger en utilisant Download &Express - C:\Program Files\Download Express\Add_Url.htm O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.bluewin.ch O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - http://www.gocyberlink.com/winxp/CheckDVD.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/ac...ta/SymAData.cab O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~2\SYMANT~1\DefWatch.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~2\SYMANT~1\Rtvscan.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe -- End of file - 7302 bytes |
|
|
|
|
Sep 22 2007, 03:30 PM
Post
#4
|
|
|
Global Moderator Posts: 6,601 From: Darkest Cornwall OS: Vista Ultimate |
Time to get to work.......
Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below. O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\Program Files\RXToolBar\sfcont.dll (file missing) O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe O4 - HKLM\..\Run: [WebInstall2] C:\WINDOWS\Temp\Adware\WebInstall.exe /R O4 - HKLM\..\Run: [pipmon] pipmon.exe O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\WANADOO\GestMaj.exe EspaceWanadoo.exe O8 - Extra context menu item: &Search - http://kt.bar.need2find.com/KT/menusearch.html?p=KT O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis. THEN Please download the OTMoveIt by OldTimer.
*If a file or folder cannot be moved immediately, you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine, choose Yes. **If a reboot was necessary or you needed to Exit before posting the log, you will find a copy of the log at the root of the drive where OTMoveIt is installed, usually at : C:\_OTMoveIt\MovedFiles\********_******.log (where "********_******" is the "date_time") Click "Exit" to close OTMoveIt. AND AS SMITFRAUD FAILED Download ComboFix from Here or Here to your Desktop.
I will also need an uninstall list Open HijackThis, click Config, click Misc Tools Click "Open Uninstall Manager" Click "Save List" (generates uninstall_list.txt) Click Save, copy and paste the results in your next post Logs required are Combofix, OTMoveit and Uninstall list -------------------- Growing old is mandatory Growing up is optional. |
|
|
|
|
Sep 22 2007, 11:51 PM
Post
#5
|
|
|
Member Posts: 11 OS: Windows XP Home |
Here is the log from OTMoveIT
--------------- C:\WINDOWS\system32\pipmon.exe moved successfully. File/Folder C:\Program Files\RXToolBar not found. File/Folder C:\WINDOWS\Temp\Adware not found. Created on 09/23/2007 07:47:02 |
|
|
|
 Sep 23 2007, 12:24 AM
Post
#6
|
|
|
Member Posts: 11 OS: Windows XP Home |
The ComboFix log...
I also attach the ComboFix-quarantined-files... ----------------- ComboFix 07-09-21.2 - "Propri‚taire" 2007-09-23 7:59:47.1 - FAT32x86 Microsoft Windows XP dition familiale 5.1.2600.2.1252.1.1036.18.75 [GMT 2:00] * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\~.exe C:\WINDOWS\system32\LiveProtectSetup.exe C:\WINDOWS\system32\test.dll . ((((((((((((((((((((((((( Files Created from 2007-08-23 to 2007-09-23 ))))))))))))))))))))))))))))))) . 2007-09-23 07:57 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-09-22 21:38 <REP> d-------- C:\Program Files\Trend Micro 2007-09-22 08:27 53,248 --a------ C:\WINDOWS\system32\Process.exe 2007-09-22 08:27 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2007-09-22 08:27 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2007-09-22 08:27 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2007-09-22 08:22 <REP> dr------- C:\DOCUME~1\ADMINI~1\Menu D‚marrer 2007-09-22 08:22 <REP> d--h----- C:\DOCUME~1\ADMINI~1\Voisinage r‚seau 2007-09-22 08:22 <REP> d--h----- C:\DOCUME~1\ADMINI~1\Voisinage d'impression 2007-09-22 08:22 <REP> d--h----- C:\DOCUME~1\ADMINI~1\ModŠles 2007-09-22 08:22 <REP> d-------- C:\DOCUME~1\ADMINI~1\Mes documents 2007-09-22 08:22 <REP> d-------- C:\DOCUME~1\ADMINI~1\Favoris 2007-09-22 08:22 <REP> d-------- C:\DOCUME~1\ADMINI~1\Bureau 2007-09-22 08:22 <REP> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\MetaProducts 2007-09-22 08:18 3,124 --a------ C:\WINDOWS\system32\tmp.reg 2007-09-09 11:15 <REP> d-------- C:\Program Files\Bonjour 2007-09-09 11:02 <REP> d-------- C:\Program Files\Fichiers communs\Macrovision Shared 2007-09-08 13:23 <REP> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\FLEXnet 2007-09-08 10:41 129,784 --------- C:\WINDOWS\system32\pxafs.dll 2007-09-08 09:55 <REP> d-------- C:\Temp\2007-09-08 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-08-15 19:30 --------- d-------- C:\Program Files\Picasa2 2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll 2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll 2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll 2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll 2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe 2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe 2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll 2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll 2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll 2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll 2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll 2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll 2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll 2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll 2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\dllcache\wups.dll 2007-07-29 16:53 --------- d-------- C:\Program Files\Smart Projects 2007-07-19 08:58 3583488 --a------ C:\WINDOWS\system32\dllcache\mshtml.dll 2007-07-13 01:30 765952 --a------ C:\WINDOWS\system32\dllcache\vgx.dll 2007-06-27 15:24 823808 --a------ C:\WINDOWS\system32\dllcache\wininet.dll 2007-06-27 15:24 671232 --a------ C:\WINDOWS\system32\dllcache\mstime.dll 2007-06-27 15:24 477696 --a------ C:\WINDOWS\system32\dllcache\mshtmled.dll 2007-06-27 15:24 232960 --------- C:\WINDOWS\system32\dllcache\webcheck.dll 2007-06-27 15:24 193024 --a------ C:\WINDOWS\system32\dllcache\msrating.dll 2007-06-27 15:24 1152000 --a------ C:\WINDOWS\system32\dllcache\urlmon.dll 2007-06-27 15:24 105984 --------- C:\WINDOWS\system32\dllcache\url.dll 2007-06-27 15:24 102400 --------- C:\WINDOWS\system32\dllcache\occache.dll 2007-06-27 15:23 6058496 --------- C:\WINDOWS\system32\dllcache\ieframe.dll 2007-06-27 15:23 52224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2007-06-27 15:23 459264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll 2007-06-27 15:23 44544 --------- C:\WINDOWS\system32\dllcache\iernonce.dll 2007-06-27 15:23 27648 --a------ C:\WINDOWS\system32\dllcache\jsproxy.dll 2007-06-27 15:23 267776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll 2007-06-27 15:22 384512 --------- C:\WINDOWS\system32\dllcache\iedkcs32.dll 2007-06-27 15:22 383488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll 2007-06-27 15:22 230400 --------- C:\WINDOWS\system32\dllcache\ieaksie.dll 2007-06-27 15:22 153088 --------- C:\WINDOWS\system32\dllcache\ieakeng.dll 2007-06-27 15:22 132608 --a------ C:\WINDOWS\system32\dllcache\extmgr.dll 2007-06-27 15:22 124928 --------- C:\WINDOWS\system32\dllcache\advpack.dll 2007-06-27 10:28 625152 --------- C:\WINDOWS\system32\dllcache\iexplore.exe 2007-06-27 10:27 63488 --------- C:\WINDOWS\system32\dllcache\ie4uinit.exe 2007-06-27 10:27 13824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe 2007-06-27 09:00 161792 --a------ C:\WINDOWS\system32\dllcache\ieakui.dll 2007-06-26 17:59 118520 --------- C:\WINDOWS\system32\pxinsi64.exe 2007-06-26 17:59 118056 --------- C:\WINDOWS\system32\pxcpyi64.exe 2007-06-26 08:09 1104896 --a------ C:\WINDOWS\system32\msxml3.dll 2007-06-26 08:09 1104896 --------- C:\WINDOWS\system32\dllcache\msxml3.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="NvQTwk" [] "nwiz"="nwiz.exe" [2003-01-14 04:06 C:\WINDOWS\system32\nwiz.exe] "AGRSMMSG"="AGRSMMSG.exe" [2004-02-20 16:00 C:\WINDOWS\AGRSMMSG.exe] "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2003-02-17 12:48] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2003-02-17 12:48] "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-06-21 12:19] "mmtask"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2006-01-17 13:12] "vptray"="C:\PROGRA~1\SYMANT~2\SYMANT~1\vptray.exe" [2003-04-29 14:48] "NeroCheck"="C:\WINDOWS\system32\\NeroCheck.exe" [2001-07-09 11:50] "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 16:17] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 15:57] "Adobe Photo Downloader"="C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.1\apdproxy.exe" [] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-28 12:29] R3 fbxusb;FreeBox USB Network Adapter;C:\WINDOWS\system32\DRIVERS\fbxusb.sys S0 rmedia;Ricoh Media Driver;C:\WINDOWS\system32\DRIVERS\rmedia.sys S3 CnxEtP;ZTE ZXDSL852 Adapter Filter Driver;C:\WINDOWS\system32\DRIVERS\CnxEtP.sys S3 CnxEtU;ZTE ZXDSL852 Interface Device Driver;C:\WINDOWS\system32\DRIVERS\CnxEtU.sys S3 CnxTgNW;ZTE ZXDSL852 WAN PPPoA Adapter Driver;C:\WINDOWS\system32\DRIVERS\CnxTgNW.sys S3 DOSMEMIO;MEMIO;\??\E:\MEMIO.SYS S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys S3 TIAcxubt;D-Link WLAN USB Boot Device;C:\WINDOWS\system32\Drivers\tiacxubt.sys S3 TIACXUSB;D-Link AirPlus DWL-120+ Wireless USB Adapter;C:\WINDOWS\system32\Drivers\tiacxusb.sys S3 w70n51;Pilote Intel® PRO/Wireless 7100 Adapter;C:\WINDOWS\system32\DRIVERS\w70n51.sys . ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-09-23 08:06:38 Windows 5.1.2600 Service Pack 2 FAT NTAPI scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-09-23 8:11:10 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2007-09-23 08:11 . --- E O F --- |
|
|
|
|
Sep 23 2007, 12:26 AM
Post
#7
|
|
|
Member Posts: 11 OS: Windows XP Home |
oups, here is the attached file...
Attached File(s)
|
|
|
|
 Sep 23 2007, 12:28 AM
Post
#8
|
|
|
Member Posts: 11 OS: Windows XP Home |
Here is the Uninstall_list
------------------------------------- 48745 Unistall ACDSee 5.0 PowerPack Trial Adobe Acrobat 5.0 Adobe Anchor Service CS3 Adobe Asset Services CS3 Adobe Bridge CS3 Adobe Bridge Start Meeting Adobe Camera Raw 4.0 Adobe CMaps Adobe Color - Photoshop Specific Adobe Color Common Settings Adobe Color EU Recommended Settings Adobe Color JA Extra Settings Adobe Color NA Extra Settings Adobe Default Language CS3 Adobe Device Central CS3 Adobe ExtendScript Toolkit 2 Adobe ExtendScript Toolkit 2 Adobe Flash Player ActiveX Adobe Fonts All Adobe Help Viewer CS3 Adobe Illustrator 10 Adobe Linguistics CS3 Adobe PDF Library Files Adobe Photoshop CS3 Adobe Photoshop CS3 Adobe Setup Adobe Setup Adobe Shockwave Player Adobe Stock Photos CS3 Adobe SVG Viewer 3.0 Adobe Type Support Adobe Update Manager CS3 Adobe Version Cue CS3 Client Adobe WinSoft Linguistics Plugin Adobe XMP Panels CS3 Archiveur WinRAR BitTorrent 5.0.7 Correctif pour Windows XP (KB914440) Correctif Windows XP - KB833987 Correctif Windows XP - KB834707 Correctif Windows XP - KB867282 Correctif Windows XP - KB873333 Correctif Windows XP - KB873339 Correctif Windows XP - KB885835 Correctif Windows XP - KB885836 Correctif Windows XP - KB886185 Correctif Windows XP - KB888113 Correctif Windows XP - KB888302 Correctif Windows XP - KB890047 Correctif Windows XP - KB890175 Correctif Windows XP - KB890859 Correctif Windows XP - KB890923 Correctif Windows XP - KB891781 Correctif Windows XP - KB893066 Correctif Windows XP - KB893086 Disc2Phone FileZilla (remove only) Free - Kit de connexion GdiplusUpgrade Google Earth Google Toolbar for Internet Explorer HijackThis 2.0.2 Hotfix for Windows XP (KB915865) hp deskjet 3420 series (Supprimer uniquement) Image Resizer Powertoy for Windows XP IsoBuster 2.1 Java 2 Runtime Environment, SE v1.4.0_03 Lecteur Windows Media 10 LiveUpdate 2.0 (Symantec Corporation) Macromedia Dreamweaver MX Macromedia Extension Manager MetaProducts Download Express Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 French Language Pack Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft Data Access Components KB870669 Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office Standard Edition 2003 Mise à jour de sécurité pour Lecteur Windows Media (KB911564) Mise à jour de sécurité pour Lecteur Windows Media 10 (KB911565) Mise à jour de sécurité pour Lecteur Windows Media 10 (KB917734) Mise à jour de sécurité pour Lecteur Windows Media 10 (KB936782) Mise à jour de sécurité pour Lecteur Windows Media 6.4 (KB925398) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB928090) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB929969) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB931768) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB933566) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB937143) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127) Mise à jour de sécurité pour Windows XP (KB883939) Mise à jour de sécurité pour Windows XP (KB890046) Mise à jour de sécurité pour Windows XP (KB893756) Mise à jour de sécurité pour Windows XP (KB896358) Mise à jour de sécurité pour Windows XP (KB896422) Mise à jour de sécurité pour Windows XP (KB896423) Mise à jour de sécurité pour Windows XP (KB896424) Mise à jour de sécurité pour Windows XP (KB896428) Mise à jour de sécurité pour Windows XP (KB896688) Mise à jour de sécurité pour Windows XP (KB899587) Mise à jour de sécurité pour Windows XP (KB899588) Mise à jour de sécurité pour Windows XP (KB899591) Mise à jour de sécurité pour Windows XP (KB900725) Mise à jour de sécurité pour Windows XP (KB901017) Mise à jour de sécurité pour Windows XP (KB901190) Mise à jour de sécurité pour Windows XP (KB901214) Mise à jour de sécurité pour Windows XP (KB902400) Mise à jour de sécurité pour Windows XP (KB903235) Mise à jour de sécurité pour Windows XP (KB904706) Mise à jour de sécurité pour Windows XP (KB905414) Mise à jour de sécurité pour Windows XP (KB905749) Mise à jour de sécurité pour Windows XP (KB905915) Mise à jour de sécurité pour Windows XP (KB908519) Mise à jour de sécurité pour Windows XP (KB908531) Mise à jour de sécurité pour Windows XP (KB911280) Mise à jour de sécurité pour Windows XP (KB911562) Mise à jour de sécurité pour Windows XP (KB911567) Mise à jour de sécurité pour Windows XP (KB911927) Mise à jour de sécurité pour Windows XP (KB912812) Mise à jour de sécurité pour Windows XP (KB912919) Mise à jour de sécurité pour Windows XP (KB913446) Mise à jour de sécurité pour Windows XP (KB913580) Mise à jour de sécurité pour Windows XP (KB914388) Mise à jour de sécurité pour Windows XP (KB914389) Mise à jour de sécurité pour Windows XP (KB916281) Mise à jour de sécurité pour Windows XP (KB917159) Mise à jour de sécurité pour Windows XP (KB917344) Mise à jour de sécurité pour Windows XP (KB917422) Mise à jour de sécurité pour Windows XP (KB917953) Mise à jour de sécurité pour Windows XP (KB918118) Mise à jour de sécurité pour Windows XP (KB918439) Mise à jour de sécurité pour Windows XP (KB918899) Mise à jour de sécurité pour Windows XP (KB919007) Mise à jour de sécurité pour Windows XP (KB920213) Mise à jour de sécurité pour Windows XP (KB920214) Mise à jour de sécurité pour Windows XP (KB920670) Mise à jour de sécurité pour Windows XP (KB920683) Mise à jour de sécurité pour Windows XP (KB920685) Mise à jour de sécurité pour Windows XP (KB921398) Mise à jour de sécurité pour Windows XP (KB921503) Mise à jour de sécurité pour Windows XP (KB921883) Mise à jour de sécurité pour Windows XP (KB922616) Mise à jour de sécurité pour Windows XP (KB922760) Mise à jour de sécurité pour Windows XP (KB922819) Mise à jour de sécurité pour Windows XP (KB923191) Mise à jour de sécurité pour Windows XP (KB923414) Mise à jour de sécurité pour Windows XP (KB923689) Mise à jour de sécurité pour Windows XP (KB923694) Mise à jour de sécurité pour Windows XP (KB923980) Mise à jour de sécurité pour Windows XP (KB924191) Mise à jour de sécurité pour Windows XP (KB924270) Mise à jour de sécurité pour Windows XP (KB924496) Mise à jour de sécurité pour Windows XP (KB924667) Mise à jour de sécurité pour Windows XP (KB925454) Mise à jour de sécurité pour Windows XP (KB925486) Mise à jour de sécurité pour Windows XP (KB925902) Mise à jour de sécurité pour Windows XP (KB926255) Mise à jour de sécurité pour Windows XP (KB926436) Mise à jour de sécurité pour Windows XP (KB927779) Mise à jour de sécurité pour Windows XP (KB927802) Mise à jour de sécurité pour Windows XP (KB928255) Mise à jour de sécurité pour Windows XP (KB928843) Mise à jour de sécurité pour Windows XP (KB929123) Mise à jour de sécurité pour Windows XP (KB930178) Mise à jour de sécurité pour Windows XP (KB931261) Mise à jour de sécurité pour Windows XP (KB931784) Mise à jour de sécurité pour Windows XP (KB932168) Mise à jour de sécurité pour Windows XP (KB935839) Mise à jour de sécurité pour Windows XP (KB935840) Mise à jour de sécurité pour Windows XP (KB936021) Mise à jour de sécurité pour Windows XP (KB938829) Mise à jour pour Windows XP (KB894391) Mise à jour pour Windows XP (KB896727) Mise à jour pour Windows XP (KB898461) Mise à jour pour Windows XP (KB900485) Mise à jour pour Windows XP (KB904942) Mise à jour pour Windows XP (KB910437) Mise à jour pour Windows XP (KB916595) Mise à jour pour Windows XP (KB920872) Mise à jour pour Windows XP (KB922582) Mise à jour pour Windows XP (KB927891) Mise à jour pour Windows XP (KB929338) Mise à jour pour Windows XP (KB930916) Mise à jour pour Windows XP (KB931836) Mise à jour pour Windows XP (KB933360) Mise à jour pour Windows XP (KB936357) Mise à jour pour Windows XP (KB938828) Mission Vétérinaire - Je soigne les animaux familiers Mozilla Firefox (2.0.0.5) Mozilla Firefox (2.0.0.7) MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) Musicmatch® Jukebox myphotobook 3.02 Nero - Burning Rom NVIDIA Windows 2000/XP Display Drivers Package de base Microsoft de service de chiffrement pour cartes à puce PDF Settings Picasa 2 PowerDVD QuickTime RealPlayer SENS LT56ADW Modem Skype 2.0 Sony Ericsson PC Suite 1.20.173 Sony USB Driver SoulSeek Client 156c Spybot - Search & Destroy 1.4 Symantec AntiVirus Client Synaptics Pointing Device Driver SYSTRAN Personal 4.0 upapp Windows Installer 3.1 (KB893803) Windows Installer 3.1 (KB893803) Windows Internet Explorer 7 Windows Media Format Runtime Windows XP Service Pack 2 WinZip |
|
|
|
|
Sep 23 2007, 06:20 AM
Post
#9
|
|
|
Global Moderator Posts: 6,601 From: Darkest Cornwall OS: Vista Ultimate |
Looks like we are getting there
 Please run the F-Secure Online Scanner Note: This Scanner is for Internet Explorer Only!
THEN Download WinPFind3u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.
Logs this time are F-Secure and Winpfind -------------------- Growing old is mandatory Growing up is optional. |
|
|
|
 Sep 23 2007, 11:47 AM
Post
#10
|
|
|
Member Posts: 11 OS: Windows XP Home |
I'm launching the second app (Wind...) but I couldn't get to the log of the first app because the window was closed by another user (duh... that won't happen again.) so I can't ask for the log. I haven't found it anywhere. Do you know how I could get it back (apart from running the scan again, as it was quite long!)
|
|
|
|
|
Sep 23 2007, 11:48 AM
Post
#11
|
|
|
Member Posts: 11 OS: Windows XP Home |
the F-secure scan did go all the way though.
|
|
|
|
 Sep 23 2007, 11:59 AM
Post
#12
|
|
|
Member Posts: 11 OS: Windows XP Home |
Here is the WinPFind3u log: --------------------------------------- WinPFind3 logfile created on: 23/09/2007 19:49:20 WinPFind3U by OldTimer - Version 1.0.42 Folder = C:\Documents and Settings\Propriétaire\Bureau\WinPFind3u\ Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) Internet Explorer (Version = 7.0.5730.11) 254,98 Mb Total Physical Memory | 85,73 Mb Available Physical Memory | 33,62% Memory free 773,72 Mb Paging File | 501,19 Mb Available in Paging File | 64,78% Paging File free Paging file location(s): C:\pagefile.sys 2 1000;G:\pagefile.sys 2 2000; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 27,92 Gb Total Space | 1,84 Gb Free Space | 6,60% Space Free D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded Computer Name: SAMSUNG-46U6WM9 Current User Name: Propriétaire Logged in as Administrator. Current Boot Mode: Normal [Processes - Non-Microsoft Only] acrotray.exe -> %ProgramFiles%\Adobe\Acrobat 5.0\Distillr\AcroTray.exe -> Adobe Systems Inc. [Ver = 5, 0, 0, 0 | Size = 82026 bytes | Modified Date = 11/10/2001 16:35:02 | Attr = ] agrsmmsg.exe -> %SystemRoot%\AGRSMMSG.exe -> Agere Systems [Ver = 2.1.38 2.1.38 02/20/2004 15:00:27 | Size = 88363 bytes | Modified Date = 20/02/2004 16:00:28 | Attr = ] application launcher.exe -> %ProgramFiles%\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe -> Sony Ericsson Mobile Communications AB [Ver = 1.1.1.3 | Size = 159744 bytes | Modified Date = 26/10/2005 16:17:24 | Attr = R ] bittorrent.exe -> %ProgramFiles%\BitTorrent\bittorrent.exe -> [Ver = | Size = 43008 bytes | Modified Date = 02/03/2007 01:11:22 | Attr = ] capabilitymanager.exe -> %CommonProgramFiles%\Teleca Shared\CapabilityManager.exe -> Teleca Software Solutions AB [Ver = 0.0.1.48 | Size = 278528 bytes | Modified Date = 08/06/2005 16:45:04 | Attr = ] defwatch.exe -> %ProgramFiles%\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe -> Symantec Corporation [Ver = 8.1.0.821 | Size = 32768 bytes | Modified Date = 29/04/2003 14:48:08 | Attr = ] epmworker.exe -> %ProgramFiles%\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe -> Sony Ericsson Mobile Communications AB [Ver = 1, 2, 0,1183 | Size = 868352 bytes | Modified Date = 24/02/2006 11:58:14 | Attr = R ] generic.exe -> %CommonProgramFiles%\Teleca Shared\Generic.exe -> Teleca Software Solutions [Ver = 1, 0, 3, 2 | Size = 385024 bytes | Modified Date = 10/08/2005 07:54:34 | Attr = R ] googletoolbarnotifier.exe -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 28/07/2007 12:29:48 | Attr = ] mdnsresponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 229376 bytes | Modified Date = 28/02/2006 12:42:38 | Attr = ] mmtask.exe -> %ProgramFiles%\Musicmatch\Musicmatch Jukebox\mmtask.exe -> Musicmatch Inc. [Ver = 9.0.0.1 | Size = 53248 bytes | Modified Date = 17/01/2006 13:12:44 | Attr = ] nvsvc32.exe -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.13.10.3290 | Size = 61440 bytes | Modified Date = 14/01/2003 04:06:00 | Attr = R ] rtvscan.exe -> %ProgramFiles%\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe -> Symantec Corporation [Ver = 8.1.0.821 | Size = 622592 bytes | Modified Date = 29/04/2003 14:48:20 | Attr = ] syntpenh.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 7.2.9 03Jan03 | Size = 577536 bytes | Modified Date = 17/02/2003 12:48:50 | Attr = ] syntplpr.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPLpr.exe -> Synaptics, Inc. [Ver = 7.2.9 03Jan03 | Size = 126976 bytes | Modified Date = 17/02/2003 12:48:50 | Attr = ] vptray.exe -> %ProgramFiles%\Symantec_Client_Security\Symantec AntiVirus\VPTray.exe -> Symantec Corporation [Ver = 8.1.0.821 | Size = 90112 bytes | Modified Date = 29/04/2003 14:48:26 | Attr = ] winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.42.0 | Size = 322560 bytes | Modified Date = 04/09/2007 10:47:26 | Attr = ] [Win32 Services - Non-Microsoft Only] (Bonjour Service) ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## [Win32_Own | Auto | Running] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 229376 bytes | Modified Date = 28/02/2006 12:42:38 | Attr = ] (DefWatch) DefWatch [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe -> Symantec Corporation [Ver = 8.1.0.821 | Size = 32768 bytes | Modified Date = 29/04/2003 14:48:08 | Attr = ] (dmadmin) Service d'administration du Gestionnaire de disque logique [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 225280 bytes | Modified Date = 20/08/2004 01:09:52 | Attr = ] (FLEXnet Licensing Service) FLEXnet Licensing Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> Macrovision Europe Ltd. [Ver = 11.03.005 | Size = 654848 bytes | Modified Date = 09/09/2007 11:02:22 | Attr = ] (gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.734.29932.beta | Size = 138168 bytes | Modified Date = 01/02/2007 12:55:12 | Attr = ] (Norton AntiVirus Server) Symantec AntiVirus Client [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe -> Symantec Corporation [Ver = 8.1.0.821 | Size = 622592 bytes | Modified Date = 29/04/2003 14:48:20 | Attr = ] (NVSvc) NVIDIA Driver Helper Service [Win32_Own | Auto | Running] -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.13.10.3290 | Size = 61440 bytes | Modified Date = 14/01/2003 04:06:00 | Attr = R ] (Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | On_Demand | Stopped] -> %System32%\HPZipm12.exe -> HP [Ver = 9, 0, 0, 0 | Size = 69632 bytes | Modified Date = 29/09/2004 12:14:36 | Attr = ] [Registry - Non-Microsoft Only] < Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> Adobe Photo Downloader -> %ProgramFiles%\Adobe\Adobe Photoshop Lightroom 1.1\apdproxy.exe -> File not found AGRSMMSG -> %SystemRoot%\AGRSMMSG.exe -> Agere Systems [Ver = 2.1.38 2.1.38 02/20/2004 15:00:27 | Size = 88363 bytes | Modified Date = 20/02/2004 16:00:28 | Attr = ] HPDJ Taskbar Utility -> %System32%\spool\drivers\w32x86\3\hpztsb05.exe -> HP [Ver = 2,128,0,0 | Size = 188416 bytes | Modified Date = 21/06/2002 12:19:58 | Attr = ] mmtask -> %ProgramFiles%\Musicmatch\Musicmatch Jukebox\mmtask.exe -> Musicmatch Inc. [Ver = 9.0.0.1 | Size = 53248 bytes | Modified Date = 17/01/2006 13:12:44 | Attr = ] NeroCheck -> %System32%\NeroCheck.exe -> Ahead Software Gmbh [Ver = 1, 0, 0, 2 | Size = 155648 bytes | Modified Date = 09/07/2001 11:50:42 | Attr = ] nwiz -> %System32%\nwiz.exe -> NVIDIA Corporation [Ver = 6.13.10.3290 | Size = 372736 bytes | Modified Date = 14/01/2003 04:06:00 | Attr = R ] QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1.3 | Size = 282624 bytes | Modified Date = 01/09/2006 15:57:48 | Attr = ] Sony Ericsson PC Suite -> %ProgramFiles%\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe -> Sony Ericsson Mobile Communications AB [Ver = 1.1.1.3 | Size = 159744 bytes | Modified Date = 26/10/2005 16:17:24 | Attr = R ] SynTPEnh -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 7.2.9 03Jan03 | Size = 577536 bytes | Modified Date = 17/02/2003 12:48:50 | Attr = ] SynTPLpr -> %ProgramFiles%\Synaptics\SynTP\SynTPLpr.exe -> Synaptics, Inc. [Ver = 7.2.9 03Jan03 | Size = 126976 bytes | Modified Date = 17/02/2003 12:48:50 | Attr = ] vptray -> %ProgramFiles%\Symantec_Client_Security\Symantec AntiVirus\VPTray.exe -> Symantec Corporation [Ver = 8.1.0.821 | Size = 90112 bytes | Modified Date = 29/04/2003 14:48:26 | Attr = ] < OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> IMAIL -> Installed = 1 -> MAPI -> Installed = 1 -> MSFS -> Installed = 1 -> < Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 28/07/2007 12:29:48 | Attr = ] < Common Startup > -> C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage -> %AllUsersStartup%\Acrobat Assistant.lnk -> %ProgramFiles%\Adobe\Acrobat 5.0\Distillr\AcroTray.exe -> Adobe Systems Inc. [Ver = 5, 0, 0, 0 | Size = 82026 bytes | Modified Date = 11/10/2001 16:35:02 | Attr = ] < SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> < Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> NavLogon -> %System32%\NavLogon.dll -> [Ver = | Size = 45056 bytes | Modified Date = 26/04/2003 01:16:00 | Attr = ] < CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> -> < CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 149 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> < HOSTS File > (27 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 127.0.0.1 localhost -> -> < Internet Explorer Settings > -> -> HKLM: Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome -> HKLM: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch -> HKLM: Local Page -> C:\windows\system32\blank.htm -> HKLM: Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch -> HKLM: Start Page -> http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home -> HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKLM: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch -> HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> HKCU: Local Page -> C:\WINDOWS\system32\blank.htm -> HKCU: Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch -> HKCU: Start Page -> http://www.igoogle.com/ -> HKCU: SearchAssistant -> http://www.google.com/ie -> HKCU: ProxyEnable -> 0 -> HKCU: ProxyOverride -> *.local -> < BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx [AcroIEHlprObj Class] -> [Ver = 1, 0, 0, 1 | Size = 37808 bytes | Modified Date = 16/04/2001 15:39:02 | Attr = ] {AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> %ProgramFiles%\Google\googletoolbar3.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2436160 bytes | Modified Date = 19/01/2007 23:56:04 | Attr = R ] {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> %ProgramFiles%\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [Google Toolbar Notifier BHO] -> Google Inc. [Ver = 2, 0, 301, 7164 | Size = 325048 bytes | Modified Date = 28/07/2007 12:29:46 | Attr = ] < Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found < Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> {2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar3.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2436160 bytes | Modified Date = 19/01/2007 23:56:04 | Attr = R ] {D3919E86-D6A5-11D6-AC3E-00B0D094B576} [HKLM] -> %ProgramFiles%\Systran\4_0\Personal\IEPlugIn.dll [Systran40perso.IEPlugIn] -> SYSTRAN [Ver = 1.00 | Size = 73728 bytes | Modified Date = 22/10/2002 14:26:12 | Attr = ] < Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar3.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2436160 bytes | Modified Date = 19/01/2007 23:56:04 | Attr = R ] ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar3.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2436160 bytes | Modified Date = 19/01/2007 23:56:04 | Attr = R ] WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found WebBrowser\\{4E7BD74F-2B8D-469E-DCF7-E869A199B87D} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found < Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {92780B25-18CC-41C8-B9BE-3C9C571A8263} -> Reg Data - Value does not exist [ButtonText: Recherche] -> File not found {e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> Reg Data - Key not found [MenuText: @xpsp3res.dll,-20001] -> File not found < Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> &Add animation to IncrediMail Style Box -> %SystemDrive%\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm -> File not found &eBay Search -> %ProgramFiles%\eBay\eBay Toolbar2\eBayTb.dll\RCSearch.htm -> File not found E&xporter vers Microsoft Excel -> -> File not found Télécharger en utilisant Download &Express -> %ProgramFiles%\Download Express\add_url.htm -> [Ver = | Size = 1028 bytes | Modified Date = 08/07/2002 14:10:10 | Attr = ] < DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {01943C19-801D-4486-A595-9D8475CFD9C1} -> (Intel® PRO/Wireless LAN 2100 3B Mini PCI Adapter) -> {041488FB-D1DD-4907-8B78-FB6240237908} -> () -> {053B0584-88A5-4688-B489-8F7D90A37E8D} -> () -> {3887039E-F1C7-494C-80BC-43F8780518CC} -> (D-Link AirPlus DWL-120+ Wireless USB Adapter) -> {4654D9A6-B3E5-48BD-96EF-71AB11A72320} -> () -> {53048969-55AB-4C90-9808-85B27E8D02F4} -> () -> {83995A81-4102-4BFF-B15C-5531519B7BB1} -> (Carte réseau 1394) -> {9A5408E7-BAFA-450A-8C01-B246B1F480B8} -> (3Com 3C920 Integrated Fast Ethernet Controller (3C905C-TX Compatible)) -> {BEBD1A12-9949-41FF-A9AB-9F0A998BC2FE} -> () -> {D1606416-3786-40A0-9432-E0FB2422EE8F} -> () -> < Winsock2 Catalogs [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ -> NameSpace_Catalog5\Catalog_Entries�0000000004 [mdnsNSP] -> %ProgramFiles%\Bonjour\mdnsNSP.dll -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 94208 bytes | Modified Date = 28/02/2006 12:42:30 | Attr = ] < Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> ipp -> Reg Data - Key not found -> File not found msdaipp -> Reg Data - Key not found -> File not found < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {0B79F48A-E8D6-11DB-9283-E25056D89593} -> F-Secure Online Scanner 3.1 - CodeBase = http://support.f-secure.com/ols/fscax.cab -> {54823A9D-6BAE-11D5-B519-0050BA2413EB} -> ChkDVDCtl Class - CodeBase = http://www.gocyberlink.com/winxp/CheckDVD.cab -> {5F8469B4-B055-49DD-83F7-62B522420ECC} -> Facebook |