Egdaccess + keygen
Solved
elgambino
Posted messages
390
Registration date
Status
Member
Last intervention
-
elgambino Posted messages 390 Registration date Status Member Last intervention -
elgambino Posted messages 390 Registration date Status Member Last intervention -
Bonjour,
Here is my scan of the SD toolbar. Could you please tell me if I need to remove the keygens and the EGDACCESS thing?
Thank you.
-----------\\ ToolBar S&D 1.2.8 XP/Vista
Microsoft (R) Windows Script Host Version 5.6
Copyright (C) Microsoft Corporation 1996-2001. All rights reserved.
Microsoft Windows XP Professional (v5.1.2600) Service Pack 2
X86-based PC (Uniprocessor Free: Intel(R) Pentium(R) 4 CPU 2.40GHz)
BIOS: Default System BIOS
USER: Fred (Administrator)
BOOT: Normal boot
Antivirus: Avira AntiVir PersonalEdition 8.0.1.30 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total: 38 Go (Free: 7 Go)
D:\ (CD or DVD)
E:\ (Local Disk) - NTFS - Total: 931 Go (Free: 226 Go)
F:\ (Local Disk) - NTFS - Total: 465 Go (Free: 166 Go)
G:\ (Local Disk) - NTFS - Total: 465 Go (Free: 325 Go)
"C:\ToolBar SD" (LAST UPDATED: 21-12-2008|20:47)
Option: [1] (11/03/2009|0:11)
-----------\\ File / Folder Search ...
-----------\\ Extensions
(All Users) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar
(Fred) - {b9db16a4-6edc-47ec-a1f4-b86292ed211d} => dwhelper
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Search Page"="https://actus.sfr.fr"
"Start Page"="http://home.neuf.fr/"
"Search Bar"="https://actus.sfr.fr"
"Url"="http://www.microsoft.com/athome/community/rss.xml"
"Url"="http://rss.msn.com/en-us/?feedoutput=rss&ocid=iehrs&unsub=true"
"Url"="http://www.microsoft.com/atwork/community/rss.xml"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Default_Search_URL"="https://actus.sfr.fr"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home"
--------------------\\ Searching for other infections
C:\WINDOWS\Pack.epk
[b]==> EGDACCESS <==/b
--------------------\\ Cracks & Keygens ..
C:\DOCUME~1\Fred\Desktop\Waiting\Eminem - Crack a bottle.mp3
1 - "C:\ToolBar SD\TB_1.txt" - 11/03/2009|0:13 - Option: [1]
-----------\\ End of report at 0:13:32,88
Here is my scan of the SD toolbar. Could you please tell me if I need to remove the keygens and the EGDACCESS thing?
Thank you.
-----------\\ ToolBar S&D 1.2.8 XP/Vista
Microsoft (R) Windows Script Host Version 5.6
Copyright (C) Microsoft Corporation 1996-2001. All rights reserved.
Microsoft Windows XP Professional (v5.1.2600) Service Pack 2
X86-based PC (Uniprocessor Free: Intel(R) Pentium(R) 4 CPU 2.40GHz)
BIOS: Default System BIOS
USER: Fred (Administrator)
BOOT: Normal boot
Antivirus: Avira AntiVir PersonalEdition 8.0.1.30 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total: 38 Go (Free: 7 Go)
D:\ (CD or DVD)
E:\ (Local Disk) - NTFS - Total: 931 Go (Free: 226 Go)
F:\ (Local Disk) - NTFS - Total: 465 Go (Free: 166 Go)
G:\ (Local Disk) - NTFS - Total: 465 Go (Free: 325 Go)
"C:\ToolBar SD" (LAST UPDATED: 21-12-2008|20:47)
Option: [1] (11/03/2009|0:11)
-----------\\ File / Folder Search ...
-----------\\ Extensions
(All Users) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar
(Fred) - {b9db16a4-6edc-47ec-a1f4-b86292ed211d} => dwhelper
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Search Page"="https://actus.sfr.fr"
"Start Page"="http://home.neuf.fr/"
"Search Bar"="https://actus.sfr.fr"
"Url"="http://www.microsoft.com/athome/community/rss.xml"
"Url"="http://rss.msn.com/en-us/?feedoutput=rss&ocid=iehrs&unsub=true"
"Url"="http://www.microsoft.com/atwork/community/rss.xml"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Default_Search_URL"="https://actus.sfr.fr"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home"
--------------------\\ Searching for other infections
C:\WINDOWS\Pack.epk
[b]==> EGDACCESS <==/b
--------------------\\ Cracks & Keygens ..
C:\DOCUME~1\Fred\Desktop\Waiting\Eminem - Crack a bottle.mp3
1 - "C:\ToolBar SD\TB_1.txt" - 11/03/2009|0:13 - Option: [1]
-----------\\ End of report at 0:13:32,88
Configuration: Windows XP Internet Explorer 7.0
21 answers
- 1
- 2
Next
Good evening,
Your PC is infected with ad-aware Navipromo/Magic Control which displays unwanted advertisements.
It installs itself through certain programs, including these:
● Funky Emoticons
● go-astro
● GoRecord
● HotTVPlayer / HotTVPlayer & Paris Hilton
● Live-Player
● MailSkinner
● Messenger Skinner
● Instant Access
● InternetGameBox
● Officiale Emule (Modified version of Emule)
● Original Solitaire
● SuperSexPlayer
● Speed Downloading
● Sudoplanet
● Webmediaplayer
/!\ Be careful not to make the same mistake, so avoid these programs /!\
▶ Download Navilog1 to your desktop
*If your antivirus goes off, disable it
on Vista: Right-click on the Navilog1 shortcut on the desktop and choose "Run as administrator"
on XP: double-click to install and launch it
▶ Once installed
▶ type F
▶ Press a key until you reach the options
▶ Choose Search ( = type 1 )
▶ Do not use the other options without advice, there may be legitimate processes
▶ A report: fixnavi.txt in ==> C:
▶ Copy and paste it into the reply
--
If you see an improvement on your PC, it doesn't mean that the disinfection is finished... Keep going until the end!!
Your PC is infected with ad-aware Navipromo/Magic Control which displays unwanted advertisements.
It installs itself through certain programs, including these:
● Funky Emoticons
● go-astro
● GoRecord
● HotTVPlayer / HotTVPlayer & Paris Hilton
● Live-Player
● MailSkinner
● Messenger Skinner
● Instant Access
● InternetGameBox
● Officiale Emule (Modified version of Emule)
● Original Solitaire
● SuperSexPlayer
● Speed Downloading
● Sudoplanet
● Webmediaplayer
/!\ Be careful not to make the same mistake, so avoid these programs /!\
▶ Download Navilog1 to your desktop
*If your antivirus goes off, disable it
on Vista: Right-click on the Navilog1 shortcut on the desktop and choose "Run as administrator"
on XP: double-click to install and launch it
▶ Once installed
▶ type F
▶ Press a key until you reach the options
▶ Choose Search ( = type 1 )
▶ Do not use the other options without advice, there may be legitimate processes
▶ A report: fixnavi.txt in ==> C:
▶ Copy and paste it into the reply
--
If you see an improvement on your PC, it doesn't mean that the disinfection is finished... Keep going until the end!!
Yes, you have this infection among others...
▶ Relaunch navilog1
▶ This time choose option 2, press 2
Note: the desktop will disappear
▶ There will be a restart of the PC
▶ Include the report in the response
--
If you see an improvement on your PC, it does not mean that the disinfection is finished... Keep going until the end!!
▶ Relaunch navilog1
▶ This time choose option 2, press 2
Note: the desktop will disappear
▶ There will be a restart of the PC
▶ Include the report in the response
--
If you see an improvement on your PC, it does not mean that the disinfection is finished... Keep going until the end!!
▶ Download hijackthis
▶ Everything is explained on my website for installing and using it correctly.
▶ Post the report obtained in the notepad in your next response.
How to copy/paste the report:
▶ When you have the report on the screen, press ctrl A to "select all" then ctrl C to "copy".
▶ then come to the forum to respond to me and press ctrl V to "paste" the report.
--
If you see an improvement on your PC, it doesn't mean that the disinfection is finished... Keep going until the end!!
▶ Download malwarebyte's anti-malware
▶ A tutorial will be available on my website to install and use it correctly.
▶ Update the software (usually done during installation)
▶ Run a full scan by clicking on "Run a full scan"
▶ Select the disks you want to scan and click on "Start the scan"
▶ The scan may take a while.....
▶ Once the scan is complete, click "OK" then "Show results"
▶ Make sure everything is checked and click on "Remove selected" => then click on "OK"
▶ A report will open in Notepad... Copy and paste the report in your next reply on the forum
* Some files may need to be deleted upon restarting the PC... Do this by clicking "yes" to the prompt
--
If you see an improvement on your PC, that does not mean the cleaning is finished... Keep going until the end!!
▶ A tutorial will be available on my website to install and use it correctly.
▶ Update the software (usually done during installation)
▶ Run a full scan by clicking on "Run a full scan"
▶ Select the disks you want to scan and click on "Start the scan"
▶ The scan may take a while.....
▶ Once the scan is complete, click "OK" then "Show results"
▶ Make sure everything is checked and click on "Remove selected" => then click on "OK"
▶ A report will open in Notepad... Copy and paste the report in your next reply on the forum
* Some files may need to be deleted upon restarting the PC... Do this by clicking "yes" to the prompt
--
If you see an improvement on your PC, that does not mean the cleaning is finished... Keep going until the end!!
▶ Download FindyKill to your desktop:
▶ Start the installation with the default settings
▶ Double click on the FindyKill shortcut on your desktop
▶ In the main menu, choose option 1 (Search)
▶ Post the FindyKill.txt report
* Note: the FindyKill.txt report is saved at the root of the drive
--
If you see an improvement on your PC, it doesn't mean the disinfection is complete... Keep going until the end!!
▶ Start the installation with the default settings
▶ Double click on the FindyKill shortcut on your desktop
▶ In the main menu, choose option 1 (Search)
▶ Post the FindyKill.txt report
* Note: the FindyKill.txt report is saved at the root of the drive
--
If you see an improvement on your PC, it doesn't mean the disinfection is complete... Keep going until the end!!
Hello,
Most of the software I had you download will be removed with another software that I will give you later...
Restart HijackThis by clicking on scan only and check this unnecessary startup line:
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
Then click on fix checked.
Then:
Download CCleaner
You will have a tutorial to install and use it correctly.
Perform the cleaning and check for registry errors as explained at the bottom of the tutorial.
Do you still have any problems??
--
If you see an improvement on your PC, it doesn't mean that the cleanup is finished... Keep going until the end!!
Most of the software I had you download will be removed with another software that I will give you later...
Restart HijackThis by clicking on scan only and check this unnecessary startup line:
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
Then click on fix checked.
Then:
Download CCleaner
You will have a tutorial to install and use it correctly.
Perform the cleaning and check for registry errors as explained at the bottom of the tutorial.
Do you still have any problems??
--
If you see an improvement on your PC, it doesn't mean that the cleanup is finished... Keep going until the end!!
But of course, I was happy to help you ;-)
You can do this to finish please:
Here is an excellent little software that will help you know the new updates available for the different software installed on your PC:
▶ Download Update Checker
▶ Install it with the default settings by clicking Next each time.
▶ Once installed, wait a few seconds and you will see a green icon appear in your taskbar indicating that updates are available.
▶ Double-click on the icon to be redirected to the download site for updates.
▶ A piece of advice: do not install the BETA versions listed below.
▶ Install the updates you desire, the most important ones are:
● Java
● Adobe Reader
● Adobe Flash Player
● Internet Explorer
Then:
To remove all traces of software used to deal with specific infections:
▶ Download Toolscleaner to your Desktop
▶ Double-click on ToolsCleaner2.exe and let it work
▶ Click on Search and let the scan finish.
▶ Click on Delete to finalize.
▶ You can, if you wish, use the Optional Options.
▶ Click on Exit, so the report can be created.
▶ The report (TCleaner.txt) can be found at the root of your hard drive (C:\)...paste it in your reply
Then:
Disable and re-enable System Restore:
Doing this will delete any viruses that may have lodged in the
restore points you created previously. It is therefore recommended to do so:
1 In the Windows taskbar, click Start.
2 Right-click on My Computer and then click Properties.
3 In the System Restore tab, check "Disable System Restore"
4 Click Apply.
5 Then uncheck "Disable System Restore"
6 Click Apply then OK
7 Create a restore point by clicking on Start => All Programs => Accessories =>
System Tools => System Restore => Create a restore point => you name it
(example: after disinfection on CCM) then you confirm.
You can mark your problem as resolved!! How to mark as resolved ??
IMPORTANT: read the few links for the prevention and security of your PC found at the bottom of the page!!
WOT - Extension for your internet browser:
Here is an extension to download that will allow you, when searching on Google, to know if the site suggested during your searches is a trusted site or a site to avoid because it could infect your PC:
For Firefox: https://addons.mozilla.org/fr/firefox/addon/wot-safe-browsing-tool/
For Internet Explorer: https://chrome.google.com/webstore/detail/wot-web-of-trust-website/bhmmomiinigofkjcapegjjndpbikblnp
--
If you see an improvement on your PC, it does not mean that the disinfection is over... Keep going until the end!!
You can do this to finish please:
Here is an excellent little software that will help you know the new updates available for the different software installed on your PC:
▶ Download Update Checker
▶ Install it with the default settings by clicking Next each time.
▶ Once installed, wait a few seconds and you will see a green icon appear in your taskbar indicating that updates are available.
▶ Double-click on the icon to be redirected to the download site for updates.
▶ A piece of advice: do not install the BETA versions listed below.
▶ Install the updates you desire, the most important ones are:
● Java
● Adobe Reader
● Adobe Flash Player
● Internet Explorer
Then:
To remove all traces of software used to deal with specific infections:
▶ Download Toolscleaner to your Desktop
▶ Double-click on ToolsCleaner2.exe and let it work
▶ Click on Search and let the scan finish.
▶ Click on Delete to finalize.
▶ You can, if you wish, use the Optional Options.
▶ Click on Exit, so the report can be created.
▶ The report (TCleaner.txt) can be found at the root of your hard drive (C:\)...paste it in your reply
Then:
Disable and re-enable System Restore:
Doing this will delete any viruses that may have lodged in the
restore points you created previously. It is therefore recommended to do so:
1 In the Windows taskbar, click Start.
2 Right-click on My Computer and then click Properties.
3 In the System Restore tab, check "Disable System Restore"
4 Click Apply.
5 Then uncheck "Disable System Restore"
6 Click Apply then OK
7 Create a restore point by clicking on Start => All Programs => Accessories =>
System Tools => System Restore => Create a restore point => you name it
(example: after disinfection on CCM) then you confirm.
You can mark your problem as resolved!! How to mark as resolved ??
IMPORTANT: read the few links for the prevention and security of your PC found at the bottom of the page!!
WOT - Extension for your internet browser:
Here is an extension to download that will allow you, when searching on Google, to know if the site suggested during your searches is a trusted site or a site to avoid because it could infect your PC:
For Firefox: https://addons.mozilla.org/fr/firefox/addon/wot-safe-browsing-tool/
For Internet Explorer: https://chrome.google.com/webstore/detail/wot-web-of-trust-website/bhmmomiinigofkjcapegjjndpbikblnp
--
If you see an improvement on your PC, it does not mean that the disinfection is over... Keep going until the end!!
Weird, I've never been on those sites but earlier, I removed 4 trojans from my PC by doing an online scan with Bitdefender, it might have come from there.
I'll send you the post in 10 minutes.
I'll send you the post in 10 minutes.
Here is the post, if I understood correctly, I have a rootkit ''nuqihtyvuf.dat''
Keep me informed.
Search Navipromo version 3.7.5 started on 03/11/2009 at 0:40:11.55
!!! Warning, this report may indicate legitimate files/programs!!!
!!! Post this report on the forum for analysis!!!
!!! Do not start the disinfection part without a specialist's advice!!!
Tool executed from C:\Program Files\navilog1
Updated on 02/26/2009 at 6:00 PM by IL-MAFIOSO
Microsoft (R) Windows Script Host Version 5.6
Copyright (C) Microsoft Corporation 1996-2001. All rights reserved.
Microsoft Windows XP Professional (v5.1.2600) Service Pack 2
X86-based PC (Uniprocessor Free: Intel(R) Pentium(R) 4 CPU 2.40GHz)
BIOS: Default System BIOS
USER: Fred (Administrator)
BOOT: Normal boot
Antivirus: Avira AntiVir PersonalEdition 8.0.1.30 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:38 Go (Free:7 Go)
D:\ (CD or DVD)
E:\ (Local Disk) - NTFS - Total:931 Go (Free:226 Go)
F:\ (Local Disk) - NTFS - Total:465 Go (Free:166 Go)
G:\ (Local Disk) - NTFS - Total:465 Go (Free:325 Go)
Search executed in normal mode
*** Search for Installed Programs ***
*** Search for Folders in "C:\WINDOWS" ***
*** Search for Folders in "C:\Program Files" ***
*** Search for Folders in "C:\Documents and Settings\All Users\menudm~1\progra~1" ***
*** Search for Folders in "C:\Documents and Settings\All Users\menudm~1" ***
*** Search for Folders in "c:\docume~1\alluse~1\applic~1" ***
*** Search for Folders in "C:\Documents and Settings\Fred\applic~1" ***
*** Search for Folders in "C:\Documents and Settings\Fred\locals~1\applic~1" ***
*** Search for Folders in "C:\Documents and Settings\Fred\menudm~1\progra~1" ***
*** Search with Catchme-rootkit/stealth malware detector by gmer ***
for more info: http://www.gmer.net
*** Search with GenericNaviSearch ***
!!! All these results may reveal legitimate files !!!
!!! To be checked before any manual deletion !!!
* Search in "C:\WINDOWS\system32" *
* Search in "C:\Documents and Settings\Fred\locals~1\applic~1" *
*** Search for Files ***
C:\WINDOWS\pack.epk found!
*** Search for Specific Keys in the Registry ***
!! The found keys are not necessarily infected !!
*** Additional Search Module ***
(Searching for specific files)
1)Search for new Instant Access files:
2)Heuristic Search:
* In "C:\WINDOWS\system32":
nuqihtyvuf.dat found!
* In "C:\Documents and Settings\Fred\locals~1\applic~1":
3)Certificate Search:
Egroup Certificate absent!
Electronic-Group Certificate absent!
Montorgueil Certificate absent!
OOO-Favorit Certificate absent!
Sunny-Day-Design-Ltd Certificate absent!
4)Search for other known folders and files:
*** Analysis completed on 03/11/2009 at 0:50:08.14 ***
Keep me informed.
Search Navipromo version 3.7.5 started on 03/11/2009 at 0:40:11.55
!!! Warning, this report may indicate legitimate files/programs!!!
!!! Post this report on the forum for analysis!!!
!!! Do not start the disinfection part without a specialist's advice!!!
Tool executed from C:\Program Files\navilog1
Updated on 02/26/2009 at 6:00 PM by IL-MAFIOSO
Microsoft (R) Windows Script Host Version 5.6
Copyright (C) Microsoft Corporation 1996-2001. All rights reserved.
Microsoft Windows XP Professional (v5.1.2600) Service Pack 2
X86-based PC (Uniprocessor Free: Intel(R) Pentium(R) 4 CPU 2.40GHz)
BIOS: Default System BIOS
USER: Fred (Administrator)
BOOT: Normal boot
Antivirus: Avira AntiVir PersonalEdition 8.0.1.30 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:38 Go (Free:7 Go)
D:\ (CD or DVD)
E:\ (Local Disk) - NTFS - Total:931 Go (Free:226 Go)
F:\ (Local Disk) - NTFS - Total:465 Go (Free:166 Go)
G:\ (Local Disk) - NTFS - Total:465 Go (Free:325 Go)
Search executed in normal mode
*** Search for Installed Programs ***
*** Search for Folders in "C:\WINDOWS" ***
*** Search for Folders in "C:\Program Files" ***
*** Search for Folders in "C:\Documents and Settings\All Users\menudm~1\progra~1" ***
*** Search for Folders in "C:\Documents and Settings\All Users\menudm~1" ***
*** Search for Folders in "c:\docume~1\alluse~1\applic~1" ***
*** Search for Folders in "C:\Documents and Settings\Fred\applic~1" ***
*** Search for Folders in "C:\Documents and Settings\Fred\locals~1\applic~1" ***
*** Search for Folders in "C:\Documents and Settings\Fred\menudm~1\progra~1" ***
*** Search with Catchme-rootkit/stealth malware detector by gmer ***
for more info: http://www.gmer.net
*** Search with GenericNaviSearch ***
!!! All these results may reveal legitimate files !!!
!!! To be checked before any manual deletion !!!
* Search in "C:\WINDOWS\system32" *
* Search in "C:\Documents and Settings\Fred\locals~1\applic~1" *
*** Search for Files ***
C:\WINDOWS\pack.epk found!
*** Search for Specific Keys in the Registry ***
!! The found keys are not necessarily infected !!
*** Additional Search Module ***
(Searching for specific files)
1)Search for new Instant Access files:
2)Heuristic Search:
* In "C:\WINDOWS\system32":
nuqihtyvuf.dat found!
* In "C:\Documents and Settings\Fred\locals~1\applic~1":
3)Certificate Search:
Egroup Certificate absent!
Electronic-Group Certificate absent!
Montorgueil Certificate absent!
OOO-Favorit Certificate absent!
Sunny-Day-Design-Ltd Certificate absent!
4)Search for other known folders and files:
*** Analysis completed on 03/11/2009 at 0:50:08.14 ***
Here is the post. What should I do next? And should I remove the Eminem song?
Thank you
Microsoft Windows XP Professional (v5.1.2600) Service Pack 2
X86-based PC (Uniprocessor Free: Intel(R) Pentium(R) 4 CPU 2.40GHz)
BIOS: Default System BIOS
USER: Fred (Administrator)
BOOT: Normal boot
Antivirus: Avira AntiVir PersonalEdition 8.0.1.30 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total: 38 Go (Free: 7 Go)
D:\ (CD or DVD)
E:\ (Local Disk) - NTFS - Total: 931 Go (Free: 226 Go)
F:\ (Local Disk) - NTFS - Total: 465 Go (Free: 166 Go)
G:\ (Local Disk) - NTFS - Total: 465 Go (Free: 325 Go)
Automatic deletion mode
with Catchme and GNS results support
Cleanup executed at computer reboot
*** fsbl1.txt not found ***
(Make sure Catchme found nothing during the search)
*** Deletion with GenericNaviSearch backup results ***
* Deletion in "C:\WINDOWS\System32" *
* Deletion in "C:\Documents and Settings\Fred\locals~1\applic~1" *
*** Deletion folders in "C:\WINDOWS" ***
*** Deletion folders in "C:\Program Files" ***
*** Deletion folders in "C:\Documents and Settings\All Users\menudm~1\progra~1" ***
*** Deletion folders in "C:\Documents and Settings\All Users\menudm~1" ***
*** Deletion folders in "c:\docume~1\alluse~1\applic~1" ***
*** Deletion folders in "C:\Documents and Settings\Fred\applic~1" ***
*** Deletion folders in "C:\Documents and Settings\Fred\locals~1\applic~1" ***
*** Deletion folders in "C:\Documents and Settings\Fred\menudm~1\progra~1" ***
*** Deletion files ***
C:\WINDOWS\pack.epk deleted!
*** Deletion temporary files ***
Cleanup content C:\WINDOWS\Temp completed!
Cleanup content C:\Documents and Settings\Fred\locals~1\Temp completed!
*** Additional Search Processing ***
(Searching specific files)
1)Deletion with new files Instant Access backup:
2)Searching, creating backups and heuristic deletion:
* In "C:\WINDOWS\system32" *
nuqihtyvuf.dat found!
Copy nuqihtyvuf.dat completed successfully!
nuqihtyvuf.dat deleted!
* In "C:\Documents and Settings\Fred\locals~1\applic~1" *
*** Registry Backup to Safebackup folder ***
Registry backup completed successfully!
*** Registry Cleanup ***
Registry Cleanup Ok
*** Certificates ***
Egroup Certificate missing!
Electronic-Group Certificate missing!
Montorgueil Certificate missing!
OOO-Favorit Certificate missing!
Sunny-Day-Design-Ltdt Certificate missing!
*** Searching other known folders and files ***
*** Cleanup finished on 11/03/2009 at 1:10:29,17 ***
Thank you
Microsoft Windows XP Professional (v5.1.2600) Service Pack 2
X86-based PC (Uniprocessor Free: Intel(R) Pentium(R) 4 CPU 2.40GHz)
BIOS: Default System BIOS
USER: Fred (Administrator)
BOOT: Normal boot
Antivirus: Avira AntiVir PersonalEdition 8.0.1.30 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total: 38 Go (Free: 7 Go)
D:\ (CD or DVD)
E:\ (Local Disk) - NTFS - Total: 931 Go (Free: 226 Go)
F:\ (Local Disk) - NTFS - Total: 465 Go (Free: 166 Go)
G:\ (Local Disk) - NTFS - Total: 465 Go (Free: 325 Go)
Automatic deletion mode
with Catchme and GNS results support
Cleanup executed at computer reboot
*** fsbl1.txt not found ***
(Make sure Catchme found nothing during the search)
*** Deletion with GenericNaviSearch backup results ***
* Deletion in "C:\WINDOWS\System32" *
* Deletion in "C:\Documents and Settings\Fred\locals~1\applic~1" *
*** Deletion folders in "C:\WINDOWS" ***
*** Deletion folders in "C:\Program Files" ***
*** Deletion folders in "C:\Documents and Settings\All Users\menudm~1\progra~1" ***
*** Deletion folders in "C:\Documents and Settings\All Users\menudm~1" ***
*** Deletion folders in "c:\docume~1\alluse~1\applic~1" ***
*** Deletion folders in "C:\Documents and Settings\Fred\applic~1" ***
*** Deletion folders in "C:\Documents and Settings\Fred\locals~1\applic~1" ***
*** Deletion folders in "C:\Documents and Settings\Fred\menudm~1\progra~1" ***
*** Deletion files ***
C:\WINDOWS\pack.epk deleted!
*** Deletion temporary files ***
Cleanup content C:\WINDOWS\Temp completed!
Cleanup content C:\Documents and Settings\Fred\locals~1\Temp completed!
*** Additional Search Processing ***
(Searching specific files)
1)Deletion with new files Instant Access backup:
2)Searching, creating backups and heuristic deletion:
* In "C:\WINDOWS\system32" *
nuqihtyvuf.dat found!
Copy nuqihtyvuf.dat completed successfully!
nuqihtyvuf.dat deleted!
* In "C:\Documents and Settings\Fred\locals~1\applic~1" *
*** Registry Backup to Safebackup folder ***
Registry backup completed successfully!
*** Registry Cleanup ***
Registry Cleanup Ok
*** Certificates ***
Egroup Certificate missing!
Electronic-Group Certificate missing!
Montorgueil Certificate missing!
OOO-Favorit Certificate missing!
Sunny-Day-Design-Ltdt Certificate missing!
*** Searching other known folders and files ***
*** Cleanup finished on 11/03/2009 at 1:10:29,17 ***
No problem, I know Hijack, I'll put that here. I think there's a conflict between ad-adware and Spybot.
And the "cmdmapping", I have no idea what that is. Thank you.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:21:29, on 11/03/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0007)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Neuf\Kit\WiFi\9wifi.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\eMule\emule.exe
C:\WINDOWS\system32\lxcrcoms.exe
C:\Program Files\GigaTribe\gigatribe.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://runonce.msn.com/runonce2.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Links
R3 - Default URLSearchHook is missing
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Autoconfigurateur WiFi Neuf] "C:\Program Files\Neuf\Kit\WiFi\9wifi.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - Startup: GigaTribe.lnk = C:\Program Files\GigaTribe\gigatribe.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Search - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
And the "cmdmapping", I have no idea what that is. Thank you.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:21:29, on 11/03/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0007)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Neuf\Kit\WiFi\9wifi.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\eMule\emule.exe
C:\WINDOWS\system32\lxcrcoms.exe
C:\Program Files\GigaTribe\gigatribe.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://runonce.msn.com/runonce2.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Links
R3 - Default URLSearchHook is missing
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Autoconfigurateur WiFi Neuf] "C:\Program Files\Neuf\Kit\WiFi\9wifi.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - Startup: GigaTribe.lnk = C:\Program Files\GigaTribe\gigatribe.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Search - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
No problem, I'll take care of that; I know how to use the software. I'll get it done tonight. See you tomorrow. Thanks again.
Ok @+
--
If you see an improvement on your PC, it doesn't mean that the disinfection is over... Keep going until the end!!
--
If you see an improvement on your PC, it doesn't mean that the disinfection is over... Keep going until the end!!
Here is the post, there was still something good played, thank you, what do I do now?
Malwarebytes' Anti-Malware 1.34
Database version: 1832
Windows 5.1.2600 Service Pack 2
11/03/2009 10:18:54
mbam-log-2009-03-11 (10-18-54).txt
Scan type: Full scan (C:\|E:\|F:\|G:\|)
Items scanned: 128138
Elapsed time: 1 hour(s), 50 minute(s), 17 second(s)
Infected memory process(es): 0
Infected memory module(s): 0
Infected Registry key(s): 1
Infected Registry value(s): 0
Infected Registry data item(s): 0
Infected folder(s): 0
Infected file(s): 0
Infected memory process(es):
(No malicious items detected)
Infected memory module(s):
(No malicious items detected)
Infected Registry key(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WS2IFSL (Fake.Driver) -> Quarantined and deleted successfully.
Infected Registry value(s):
(No malicious items detected)
Infected Registry data item(s):
(No malicious items detected)
Infected folder(s):
(No malicious items detected)
Infected file(s):
(No malicious items detected)
Malwarebytes' Anti-Malware 1.34
Database version: 1832
Windows 5.1.2600 Service Pack 2
11/03/2009 10:18:54
mbam-log-2009-03-11 (10-18-54).txt
Scan type: Full scan (C:\|E:\|F:\|G:\|)
Items scanned: 128138
Elapsed time: 1 hour(s), 50 minute(s), 17 second(s)
Infected memory process(es): 0
Infected memory module(s): 0
Infected Registry key(s): 1
Infected Registry value(s): 0
Infected Registry data item(s): 0
Infected folder(s): 0
Infected file(s): 0
Infected memory process(es):
(No malicious items detected)
Infected memory module(s):
(No malicious items detected)
Infected Registry key(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WS2IFSL (Fake.Driver) -> Quarantined and deleted successfully.
Infected Registry value(s):
(No malicious items detected)
Infected Registry data item(s):
(No malicious items detected)
Infected folder(s):
(No malicious items detected)
Infected file(s):
(No malicious items detected)
Hello, here is the post
Microsoft Windows XP Professional (5.1.2600) Service Pack 2
A:\ [Removable] (Total:0 Mo/Free:0 Mo)
C:\ [Fixed] - NTFS - (Total:39197 Mo/Free:1162 Mo)
D:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
E:\ [Fixed] - NTFS - (Total:953867 Mo/Free:3471 Mo)
F:\ [Fixed] - NTFS - (Total:476937 Mo/Free:3440 Mo)
G:\ [Fixed] - NTFS - (Total:476937 Mo/Free:1956 Mo)
11/03/2009|19:26
----------------------\\ Processes..
--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
---------- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
---------- C:\Program Files\a-squared Free\a2service.exe
---------- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\TUProgSt.exe
---------- C:\WINDOWS\Explorer.EXE
---------- C:\WINDOWS\System32\alg.exe
---------- C:\WINDOWS\system32\wscntfy.exe
---------- C:\WINDOWS\system32\hkcmd.exe
---------- C:\WINDOWS\system32\taskswitch.exe
---------- C:\Program Files\Neuf\Kit\WiFi\9wifi.exe
---------- C:\WINDOWS\system32\ctfmon.exe
---------- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
---------- C:\Program Files\eMule\emule.exe
---------- C:\Program Files\GigaTribe\gigatribe.exe
---------- C:\WINDOWS\system32\lxcrcoms.exe
---------- C:\Program Files\Internet Explorer\iexplore.exe
---------- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
---------- C:\Program Files\Zion Webzone Edition\zion++.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\Rooter$\RK.exe
----------------------\\ Search..
----------------------\\ ROOTKIT !!
----------------------\\ Cracks & Keygens..
C:\DOCUME~1\Fred\Local Settings\Temporary Internet Files\Content.IE5\0IJBOPBG\affich-11475230-egdaccess-keygen[1].htm
C:\DOCUME~1\Fred\Local Settings\Temporary Internet Files\Content.IE5\0S95XSO0\affich-11475230-egdaccess-keygen[2].htm
1 - "C:\Rooter$\Rooter_1.txt" - 11/03/2009|19:27
----------------------\\ Scan completed at 19:27
Microsoft Windows XP Professional (5.1.2600) Service Pack 2
A:\ [Removable] (Total:0 Mo/Free:0 Mo)
C:\ [Fixed] - NTFS - (Total:39197 Mo/Free:1162 Mo)
D:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
E:\ [Fixed] - NTFS - (Total:953867 Mo/Free:3471 Mo)
F:\ [Fixed] - NTFS - (Total:476937 Mo/Free:3440 Mo)
G:\ [Fixed] - NTFS - (Total:476937 Mo/Free:1956 Mo)
11/03/2009|19:26
----------------------\\ Processes..
--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
---------- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
---------- C:\Program Files\a-squared Free\a2service.exe
---------- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\TUProgSt.exe
---------- C:\WINDOWS\Explorer.EXE
---------- C:\WINDOWS\System32\alg.exe
---------- C:\WINDOWS\system32\wscntfy.exe
---------- C:\WINDOWS\system32\hkcmd.exe
---------- C:\WINDOWS\system32\taskswitch.exe
---------- C:\Program Files\Neuf\Kit\WiFi\9wifi.exe
---------- C:\WINDOWS\system32\ctfmon.exe
---------- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
---------- C:\Program Files\eMule\emule.exe
---------- C:\Program Files\GigaTribe\gigatribe.exe
---------- C:\WINDOWS\system32\lxcrcoms.exe
---------- C:\Program Files\Internet Explorer\iexplore.exe
---------- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
---------- C:\Program Files\Zion Webzone Edition\zion++.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\Rooter$\RK.exe
----------------------\\ Search..
----------------------\\ ROOTKIT !!
----------------------\\ Cracks & Keygens..
C:\DOCUME~1\Fred\Local Settings\Temporary Internet Files\Content.IE5\0IJBOPBG\affich-11475230-egdaccess-keygen[1].htm
C:\DOCUME~1\Fred\Local Settings\Temporary Internet Files\Content.IE5\0S95XSO0\affich-11475230-egdaccess-keygen[2].htm
1 - "C:\Rooter$\Rooter_1.txt" - 11/03/2009|19:27
----------------------\\ Scan completed at 19:27
Here is the post
############################## [ FindyKill V4.719 ]
# User : Fred (Administrators) # IND_PC
# Update on 06/03/09 by Chiquitine29
# Start at: 20:14:53 | 11/03/2009
# Intel(R) Pentium(R) 4 CPU 2.40GHz
# Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 2
# Internet Explorer 7.0.5700.7
# Windows Firewall Status : Enabled
# AV : Avira AntiVir PersonalEdition 8.0.1.30 [ Enabled | Updated ]
# A:\ # Floppy disk drive 3 inches
# C:\ # Local hard drive # 38.28 Go (10.05 Go free) [ELGAMBINO] # NTFS
# D:\ # CD-ROM drive
# E:\ # Local hard drive # 931.51 Go (222.17 Go free) [MANGAS] # NTFS
# F:\ # Local hard drive # 465.76 Go (163.36 Go free) [SERIES] # NTFS
# G:\ # Local hard drive # 465.76 Go (325.91 Go free) [DIVERS] # NTFS
############################## [ Active processes ]
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\Neuf\Kit\WiFi\9wifi.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\GigaTribe\gigatribe.exe
C:\WINDOWS\system32\lxcrcoms.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Zion Webzone Edition\zion++.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
################## [ Infectious files / Folders C:\ ]
################## [ C:\WINDOWS ]
################## [ C:\WINDOWS\system32 ]
################## [ C:\WINDOWS\system32\drivers ]
################## [ C:\.. Application Data ... ]
################## [ Registry / Infectious keys ]
################## [ Search in removable media]
# Presence of files :
################## [ Registry / Mountpoint2 ]
# -> Not found !
################## [ ! End of report # FindyKill V4.719 ! ]
############################## [ FindyKill V4.719 ]
# User : Fred (Administrators) # IND_PC
# Update on 06/03/09 by Chiquitine29
# Start at: 20:14:53 | 11/03/2009
# Intel(R) Pentium(R) 4 CPU 2.40GHz
# Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 2
# Internet Explorer 7.0.5700.7
# Windows Firewall Status : Enabled
# AV : Avira AntiVir PersonalEdition 8.0.1.30 [ Enabled | Updated ]
# A:\ # Floppy disk drive 3 inches
# C:\ # Local hard drive # 38.28 Go (10.05 Go free) [ELGAMBINO] # NTFS
# D:\ # CD-ROM drive
# E:\ # Local hard drive # 931.51 Go (222.17 Go free) [MANGAS] # NTFS
# F:\ # Local hard drive # 465.76 Go (163.36 Go free) [SERIES] # NTFS
# G:\ # Local hard drive # 465.76 Go (325.91 Go free) [DIVERS] # NTFS
############################## [ Active processes ]
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\Neuf\Kit\WiFi\9wifi.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\GigaTribe\gigatribe.exe
C:\WINDOWS\system32\lxcrcoms.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Zion Webzone Edition\zion++.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
################## [ Infectious files / Folders C:\ ]
################## [ C:\WINDOWS ]
################## [ C:\WINDOWS\system32 ]
################## [ C:\WINDOWS\system32\drivers ]
################## [ C:\.. Application Data ... ]
################## [ Registry / Infectious keys ]
################## [ Search in removable media]
# Presence of files :
################## [ Registry / Mountpoint2 ]
# -> Not found !
################## [ ! End of report # FindyKill V4.719 ! ]
Please redo a new hijackthis report
--
If you see an improvement on your PC, it doesn’t mean that the disinfection is finished... Keep going until the end!!
--
If you see an improvement on your PC, it doesn’t mean that the disinfection is finished... Keep going until the end!!
Here is the hijack post, what should I do with all the software you made me install? I will delete them.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:15:49, on 12/03/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0007)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\Neuf\Kit\WiFi\9wifi.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\eMule\emule.exe
C:\WINDOWS\system32\lxcrcoms.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Zion Webzone Edition\zion++.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\GigaTribe\gigatribe.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://runonce.msn.com/runonce2.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Links
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [WiFi Autoconfiguration Neuf] "C:\Program Files\Neuf\Kit\WiFi\9wifi.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - Startup: GigaTribe.lnk = C:\Program Files\GigaTribe\gigatribe.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Search - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
--
End of file - 6360 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:15:49, on 12/03/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0007)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\Neuf\Kit\WiFi\9wifi.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\eMule\emule.exe
C:\WINDOWS\system32\lxcrcoms.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Zion Webzone Edition\zion++.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\GigaTribe\gigatribe.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://runonce.msn.com/runonce2.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Links
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [WiFi Autoconfiguration Neuf] "C:\Program Files\Neuf\Kit\WiFi\9wifi.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - Startup: GigaTribe.lnk = C:\Program Files\GigaTribe\gigatribe.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Search - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
--
End of file - 6360 bytes
- 1
- 2
Next