A voir également:
- Virus new.mùalware.u
- Virus mcafee - Accueil - Piratage
- Virus facebook demande d'amis - Accueil - Facebook
- Virus informatique - Guide
- Panda anti virus gratuit - Télécharger - Antivirus & Antimalwares
- Undisclosed-recipients virus - Guide
22 réponses
salut
télécharge HijackThis ici:
http://www.hijackthis.de/downloads/hijackthis_199.zip
Dézippe le dans un dossier prévu à cet effet.
Par exemple C:\hijackthis < Enregistre le bien dans c : !
Lance le puis:
clique sur "do a system scan and save logfile" (cf démo)
faire un copier coller du log entier sur le forum
Démo : (merci à balltrap34 pour cette réalisation)
http://pageperso.aol.fr/balltrap34/demohijack.htm
Bon courage
A+
télécharge HijackThis ici:
http://www.hijackthis.de/downloads/hijackthis_199.zip
Dézippe le dans un dossier prévu à cet effet.
Par exemple C:\hijackthis < Enregistre le bien dans c : !
Lance le puis:
clique sur "do a system scan and save logfile" (cf démo)
faire un copier coller du log entier sur le forum
Démo : (merci à balltrap34 pour cette réalisation)
http://pageperso.aol.fr/balltrap34/demohijack.htm
Bon courage
A+
Personnellement c est pas moi qui a ce soucis, je te propose de faire un scan de ton pc et de me donner le rapport afin devaluer et eventuellement detecter ton infection...
Par contre si t es pas ok pour faire cela, que puis je pour toi?
Parfois il faut etre realiste, et faire le calcul cout avantage, en loccurence ici, tu viens chercher de l aide et donc on te demande un rapport, et grace a celui ci tu peux eventuellement regle ton soucis
a toi de voir...
Par contre si t es pas ok pour faire cela, que puis je pour toi?
Parfois il faut etre realiste, et faire le calcul cout avantage, en loccurence ici, tu viens chercher de l aide et donc on te demande un rapport, et grace a celui ci tu peux eventuellement regle ton soucis
a toi de voir...
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
d accord , fais avec mac affee
Mais prkoi tu me donne pas ce que je voudrais? t as peur de quoi? regarde tous les autres postes, ce que je te demande s y trouve... mais bon a toi de voir...
Mais prkoi tu me donne pas ce que je voudrais? t as peur de quoi? regarde tous les autres postes, ce que je te demande s y trouve... mais bon a toi de voir...
non c'est pas que j'ai peur mais j'ai deja relancer mcafee c'est juste pour aller plus . je cherche absolument a vite enlever ce virus trojan
Ben alors, si tu veux aller vite et tu contredis des methodes qu on veut te faire faire, ca complique la chose....
Envoi celui de mac affee
Envoi celui de mac affee
c:/document and setting /freanck/application data / start drv/ cashgram.exe
trajan name : new malware.u
trajan name : new malware.u
télécharge HijackThis ici:
http://www.hijackthis.de/downloads/hijackthis_199.zip
Dézippe le dans un dossier prévu à cet effet.
Par exemple C:\hijackthis < Enregistre le bien dans c : !
Lance le puis:
clique sur "do a system scan and save logfile" (cf démo)
faire un copier coller du log entier sur le forum
Démo : (merci à balltrap34 pour cette réalisation)
http://pageperso.aol.fr/balltrap34/demohijack.htm
Je vais sous la douche, j espere revenir, sinon soit qqun prends la suite, soit demain je repasse mais stp poste moi le rapport
a+
http://www.hijackthis.de/downloads/hijackthis_199.zip
Dézippe le dans un dossier prévu à cet effet.
Par exemple C:\hijackthis < Enregistre le bien dans c : !
Lance le puis:
clique sur "do a system scan and save logfile" (cf démo)
faire un copier coller du log entier sur le forum
Démo : (merci à balltrap34 pour cette réalisation)
http://pageperso.aol.fr/balltrap34/demohijack.htm
Je vais sous la douche, j espere revenir, sinon soit qqun prends la suite, soit demain je repasse mais stp poste moi le rapport
a+
voila esperant rien de grave
Logfile of HijackThis v1.99.1
Scan saved at 22:15:43, on 19/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\windowsautomaticupdates.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\j2re1.5.0\bin\jusched.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\MessengerPlus! 3\MsgPlus1.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\RUNDLL32.EXE
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\McAfee.com\VSO\mcmnhdlr.exe
c:\program files\mcafee.com\shared\mghtml.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Franck\LOCALS~1\Temp\Rar$EX00.234\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.nurjcggwahwfbzeqvfe.com/nD8lFljfJkf_qTwmdaMbLTFiCtjBqLSHh9ic3djT3H_8w8auXbEq8l6bxRHNWjz2.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ckxduaeihahqihsveambb.com/nD8lFljfJkcd4LM1wkaEHKbdCYa1UMlvqx2x3knfyjw.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.unika.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://home.free.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Starware - {CA356D79-679B-4b4c-8E49-5AF97014F4C1} - C:\Program Files\Starware\bin\Starware.dll (file missing)
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: (no name) - {EBCEC6A4-475F-7EA0-EBA8-1B9745C41CD9} - C:\DOCUME~1\Franck\APPLIC~1\CLOSEM~1\download trust.exe
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll (file missing)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Starware - {D49E9D35-254C-4c6a-9D17-95018D228FF5} - C:\Program Files\Starware\bin\Starware.dll (file missing)
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus1.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Anti-Blaxx Manager] C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe
O4 - HKLM\..\Run: [Load download new intra] C:\Documents and Settings\All Users\Application Data\Funk Curb Load Download\meet live.exe
O4 - HKLM\..\Run: [Sin Espias] C:\Program Files\SinEspias\No-Spy.exe /autorun
O4 - HKLM\..\Run: [stnospy] C:\Program Files\SinEspias\no-spy.exe /autorun
O4 - HKLM\..\Run: [CleanUp] C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /cleanup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ViewByte] C:\DOCUME~1\Franck\APPLIC~1\STARTD~1\CASHGRAM.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus1.exe" /WinStart
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.5.0\bin\npjpi150.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.unika.com
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Windows Automatic Updates - Stanford University - C:\WINDOWS\system32\windowsautomaticupdates.exe
Logfile of HijackThis v1.99.1
Scan saved at 22:15:43, on 19/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\windowsautomaticupdates.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\j2re1.5.0\bin\jusched.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\MessengerPlus! 3\MsgPlus1.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\RUNDLL32.EXE
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\McAfee.com\VSO\mcmnhdlr.exe
c:\program files\mcafee.com\shared\mghtml.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Franck\LOCALS~1\Temp\Rar$EX00.234\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.nurjcggwahwfbzeqvfe.com/nD8lFljfJkf_qTwmdaMbLTFiCtjBqLSHh9ic3djT3H_8w8auXbEq8l6bxRHNWjz2.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ckxduaeihahqihsveambb.com/nD8lFljfJkcd4LM1wkaEHKbdCYa1UMlvqx2x3knfyjw.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.unika.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://home.free.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Starware - {CA356D79-679B-4b4c-8E49-5AF97014F4C1} - C:\Program Files\Starware\bin\Starware.dll (file missing)
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: (no name) - {EBCEC6A4-475F-7EA0-EBA8-1B9745C41CD9} - C:\DOCUME~1\Franck\APPLIC~1\CLOSEM~1\download trust.exe
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll (file missing)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Starware - {D49E9D35-254C-4c6a-9D17-95018D228FF5} - C:\Program Files\Starware\bin\Starware.dll (file missing)
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus1.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Anti-Blaxx Manager] C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe
O4 - HKLM\..\Run: [Load download new intra] C:\Documents and Settings\All Users\Application Data\Funk Curb Load Download\meet live.exe
O4 - HKLM\..\Run: [Sin Espias] C:\Program Files\SinEspias\No-Spy.exe /autorun
O4 - HKLM\..\Run: [stnospy] C:\Program Files\SinEspias\no-spy.exe /autorun
O4 - HKLM\..\Run: [CleanUp] C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /cleanup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ViewByte] C:\DOCUME~1\Franck\APPLIC~1\STARTD~1\CASHGRAM.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus1.exe" /WinStart
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.5.0\bin\npjpi150.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.unika.com
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Windows Automatic Updates - Stanford University - C:\WINDOWS\system32\windowsautomaticupdates.exe
re,
telecharge lopxp ici:
http://cjoint.com/?jCuTbDtUWg
2) dezippe le (clic droit dessus > extraire tout)
et lance lopxp.bat
le bloc note va s'ouvrir, copie et colle le contenu ici
a+
telecharge lopxp ici:
http://cjoint.com/?jCuTbDtUWg
2) dezippe le (clic droit dessus > extraire tout)
et lance lopxp.bat
le bloc note va s'ouvrir, copie et colle le contenu ici
a+
Logfile of HijackThis v1.99.1
Scan saved at 22:15:43, on 19/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\windowsautomaticupdates.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\j2re1.5.0\bin\jusched.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\MessengerPlus! 3\MsgPlus1.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\RUNDLL32.EXE
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\McAfee.com\VSO\mcmnhdlr.exe
c:\program files\mcafee.com\shared\mghtml.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Franck\LOCALS~1\Temp\Rar$EX00.234\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.nurjcggwahwfbzeqvfe.com/nD8lFljfJkf_qTwmdaMbLTFiCtjBqLSHh9ic3djT3H_8w8auXbEq8l6bxRHNWjz2.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ckxduaeihahqihsveambb.com/nD8lFljfJkcd4LM1wkaEHKbdCYa1UMlvqx2x3knfyjw.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.unika.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://home.free.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Starware - {CA356D79-679B-4b4c-8E49-5AF97014F4C1} - C:\Program Files\Starware\bin\Starware.dll (file missing)
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: (no name) - {EBCEC6A4-475F-7EA0-EBA8-1B9745C41CD9} - C:\DOCUME~1\Franck\APPLIC~1\CLOSEM~1\download trust.exe
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll (file missing)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Starware - {D49E9D35-254C-4c6a-9D17-95018D228FF5} - C:\Program Files\Starware\bin\Starware.dll (file missing)
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus1.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Anti-Blaxx Manager] C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe
O4 - HKLM\..\Run: [Load download new intra] C:\Documents and Settings\All Users\Application Data\Funk Curb Load Download\meet live.exe
O4 - HKLM\..\Run: [Sin Espias] C:\Program Files\SinEspias\No-Spy.exe /autorun
O4 - HKLM\..\Run: [stnospy] C:\Program Files\SinEspias\no-spy.exe /autorun
O4 - HKLM\..\Run: [CleanUp] C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /cleanup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ViewByte] C:\DOCUME~1\Franck\APPLIC~1\STARTD~1\CASHGRAM.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus1.exe" /WinStart
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.5.0\bin\npjpi150.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.unika.com
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Windows Automatic Updates - Stanford University - C:\WINDOWS\system32\windowsautomaticupdates.exe
Rapport fait à 22:18:25,09 le 19/10/2005
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 3C1B-6F11
R‚pertoire de C:\Documents and Settings\All Users\Application Data
18/10/2005 21:35 <REP> Windows Genuine Advantage
21/09/2005 11:14 <REP> Autodesk
12/09/2005 09:14 <REP> Starware
16/07/2005 15:44 <REP> Samsung
16/07/2005 10:15 <REP> Adobe
12/07/2005 10:17 <REP> nView_Profiles
08/07/2005 10:41 <REP> McAfee.com
13/04/2005 18:02 <REP> Messenger Plus!
13/04/2005 12:05 <REP> Funk Curb Load Download
02/03/2005 11:17 <REP> Symantec
02/03/2005 10:14 203 hpzinstall.log
02/03/2005 10:04 <REP> Spybot - Search & Destroy
30/09/2003 11:31 <REP> QuickTime
26/09/2003 15:42 62 desktop.ini
26/09/2003 15:42 <REP> Microsoft
26/09/2003 15:42 <REP> ..
26/09/2003 15:42 <REP> .
26/09/2003 15:02 <REP> SBSI
2 fichier(s) 265 octets
16 R‚p(s) 100904587264 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 3C1B-6F11
R‚pertoire de C:\Documents and Settings\Aurore\Application Data
12/07/2005 16:36 <REP> Template
30/06/2005 19:30 <REP> Sun
27/06/2005 21:47 <REP> Macromedia
27/06/2005 21:44 <REP> Talkback
27/06/2005 21:44 <REP> Mozilla
26/06/2005 19:52 62 desktop.ini
26/06/2005 19:52 <REP> Adobe
26/06/2005 19:52 <REP> Identities
26/06/2005 19:52 <REP> ..
26/06/2005 19:52 <REP> .
26/06/2005 19:52 <REP> Microsoft
1 fichier(s) 62 octets
10 R‚p(s) 100904587264 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 3C1B-6F11
R‚pertoire de C:\Documents and Settings\Default User\Application Data
02/03/2005 08:35 <REP> Adobe
26/09/2003 15:42 62 desktop.ini
26/09/2003 15:42 <REP> ..
26/09/2003 15:42 <REP> Microsoft
26/09/2003 15:42 <REP> .
26/09/2003 14:52 <REP> Identities
1 fichier(s) 62 octets
5 R‚p(s) 100904587264 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 3C1B-6F11
R‚pertoire de C:\Documents and Settings\Franck\Application Data
18/10/2005 11:23 <REP> close mode online
18/10/2005 11:23 <REP> Starware
18/10/2005 11:23 <REP> START DRV
25/09/2005 11:24 <REP> Graphisoft
21/09/2005 11:14 <REP> Autodesk
07/09/2005 21:58 <REP> Google
27/07/2005 11:04 <REP> Leadertech
25/06/2005 21:51 <REP> THQ
13/05/2005 22:57 <REP> Help
28/03/2005 18:44 <REP> Talkback
13/03/2005 19:16 <REP> Template
08/03/2005 09:49 <REP> AdobeUM
06/03/2005 11:56 <REP> Macromedia
05/03/2005 17:43 <REP> Sun
03/03/2005 09:43 <REP> Azureus
02/03/2005 22:46 <REP> Mozilla
02/03/2005 11:17 <REP> Symantec
02/03/2005 10:21 <REP> Hewlett-Packard
02/03/2005 09:59 <REP> Lavasoft
02/03/2005 08:36 62 desktop.ini
02/03/2005 08:36 <REP> Adobe
02/03/2005 08:36 <REP> Identities
02/03/2005 08:36 <REP> ..
02/03/2005 08:36 <REP> .
02/03/2005 08:36 <REP> Microsoft
1 fichier(s) 62 octets
24 R‚p(s) 100904587264 octets libres
******************************************
Recherche des taches planifiées dans C:\WINDOWS\tasks
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 3C1B-6F11
R‚pertoire de C:\WINDOWS\Tasks
19/10/2005 08:28 264 A269FA2B93F66CFB.job
12/10/2005 20:54 264 AE9BA0A69184511E.job
09/07/2005 12:20 478 McAfee.com Update Check (URANUS-Aurore).job
08/07/2005 10:42 478 McAfee.com Update Check (URANUS-Franck).job
02/03/2005 10:21 392 FRU Task #Hewlett-Packard#hp psc 1100 series#1109751654.job
26/09/2003 16:37 65 desktop.ini
26/09/2003 14:50 6 SA.DAT
26/09/2003 14:48 <REP> .
26/09/2003 14:48 <REP> ..
7 fichier(s) 1ÿ947 octets
2 R‚p(s) 100ÿ904ÿ583ÿ168 octets libres
******************************************
Recherche dans Program files
Le dossier C:\Program Files\C2Media n'existe pas
*************** Fin du rapport ****************
Scan saved at 22:15:43, on 19/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\windowsautomaticupdates.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\j2re1.5.0\bin\jusched.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\MessengerPlus! 3\MsgPlus1.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\RUNDLL32.EXE
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\McAfee.com\VSO\mcmnhdlr.exe
c:\program files\mcafee.com\shared\mghtml.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Franck\LOCALS~1\Temp\Rar$EX00.234\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.nurjcggwahwfbzeqvfe.com/nD8lFljfJkf_qTwmdaMbLTFiCtjBqLSHh9ic3djT3H_8w8auXbEq8l6bxRHNWjz2.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ckxduaeihahqihsveambb.com/nD8lFljfJkcd4LM1wkaEHKbdCYa1UMlvqx2x3knfyjw.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.unika.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://home.free.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Starware - {CA356D79-679B-4b4c-8E49-5AF97014F4C1} - C:\Program Files\Starware\bin\Starware.dll (file missing)
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: (no name) - {EBCEC6A4-475F-7EA0-EBA8-1B9745C41CD9} - C:\DOCUME~1\Franck\APPLIC~1\CLOSEM~1\download trust.exe
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll (file missing)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Starware - {D49E9D35-254C-4c6a-9D17-95018D228FF5} - C:\Program Files\Starware\bin\Starware.dll (file missing)
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus1.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Anti-Blaxx Manager] C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe
O4 - HKLM\..\Run: [Load download new intra] C:\Documents and Settings\All Users\Application Data\Funk Curb Load Download\meet live.exe
O4 - HKLM\..\Run: [Sin Espias] C:\Program Files\SinEspias\No-Spy.exe /autorun
O4 - HKLM\..\Run: [stnospy] C:\Program Files\SinEspias\no-spy.exe /autorun
O4 - HKLM\..\Run: [CleanUp] C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /cleanup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ViewByte] C:\DOCUME~1\Franck\APPLIC~1\STARTD~1\CASHGRAM.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus1.exe" /WinStart
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.5.0\bin\npjpi150.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.unika.com
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Windows Automatic Updates - Stanford University - C:\WINDOWS\system32\windowsautomaticupdates.exe
Rapport fait à 22:18:25,09 le 19/10/2005
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 3C1B-6F11
R‚pertoire de C:\Documents and Settings\All Users\Application Data
18/10/2005 21:35 <REP> Windows Genuine Advantage
21/09/2005 11:14 <REP> Autodesk
12/09/2005 09:14 <REP> Starware
16/07/2005 15:44 <REP> Samsung
16/07/2005 10:15 <REP> Adobe
12/07/2005 10:17 <REP> nView_Profiles
08/07/2005 10:41 <REP> McAfee.com
13/04/2005 18:02 <REP> Messenger Plus!
13/04/2005 12:05 <REP> Funk Curb Load Download
02/03/2005 11:17 <REP> Symantec
02/03/2005 10:14 203 hpzinstall.log
02/03/2005 10:04 <REP> Spybot - Search & Destroy
30/09/2003 11:31 <REP> QuickTime
26/09/2003 15:42 62 desktop.ini
26/09/2003 15:42 <REP> Microsoft
26/09/2003 15:42 <REP> ..
26/09/2003 15:42 <REP> .
26/09/2003 15:02 <REP> SBSI
2 fichier(s) 265 octets
16 R‚p(s) 100904587264 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 3C1B-6F11
R‚pertoire de C:\Documents and Settings\Aurore\Application Data
12/07/2005 16:36 <REP> Template
30/06/2005 19:30 <REP> Sun
27/06/2005 21:47 <REP> Macromedia
27/06/2005 21:44 <REP> Talkback
27/06/2005 21:44 <REP> Mozilla
26/06/2005 19:52 62 desktop.ini
26/06/2005 19:52 <REP> Adobe
26/06/2005 19:52 <REP> Identities
26/06/2005 19:52 <REP> ..
26/06/2005 19:52 <REP> .
26/06/2005 19:52 <REP> Microsoft
1 fichier(s) 62 octets
10 R‚p(s) 100904587264 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 3C1B-6F11
R‚pertoire de C:\Documents and Settings\Default User\Application Data
02/03/2005 08:35 <REP> Adobe
26/09/2003 15:42 62 desktop.ini
26/09/2003 15:42 <REP> ..
26/09/2003 15:42 <REP> Microsoft
26/09/2003 15:42 <REP> .
26/09/2003 14:52 <REP> Identities
1 fichier(s) 62 octets
5 R‚p(s) 100904587264 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 3C1B-6F11
R‚pertoire de C:\Documents and Settings\Franck\Application Data
18/10/2005 11:23 <REP> close mode online
18/10/2005 11:23 <REP> Starware
18/10/2005 11:23 <REP> START DRV
25/09/2005 11:24 <REP> Graphisoft
21/09/2005 11:14 <REP> Autodesk
07/09/2005 21:58 <REP> Google
27/07/2005 11:04 <REP> Leadertech
25/06/2005 21:51 <REP> THQ
13/05/2005 22:57 <REP> Help
28/03/2005 18:44 <REP> Talkback
13/03/2005 19:16 <REP> Template
08/03/2005 09:49 <REP> AdobeUM
06/03/2005 11:56 <REP> Macromedia
05/03/2005 17:43 <REP> Sun
03/03/2005 09:43 <REP> Azureus
02/03/2005 22:46 <REP> Mozilla
02/03/2005 11:17 <REP> Symantec
02/03/2005 10:21 <REP> Hewlett-Packard
02/03/2005 09:59 <REP> Lavasoft
02/03/2005 08:36 62 desktop.ini
02/03/2005 08:36 <REP> Adobe
02/03/2005 08:36 <REP> Identities
02/03/2005 08:36 <REP> ..
02/03/2005 08:36 <REP> .
02/03/2005 08:36 <REP> Microsoft
1 fichier(s) 62 octets
24 R‚p(s) 100904587264 octets libres
******************************************
Recherche des taches planifiées dans C:\WINDOWS\tasks
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 3C1B-6F11
R‚pertoire de C:\WINDOWS\Tasks
19/10/2005 08:28 264 A269FA2B93F66CFB.job
12/10/2005 20:54 264 AE9BA0A69184511E.job
09/07/2005 12:20 478 McAfee.com Update Check (URANUS-Aurore).job
08/07/2005 10:42 478 McAfee.com Update Check (URANUS-Franck).job
02/03/2005 10:21 392 FRU Task #Hewlett-Packard#hp psc 1100 series#1109751654.job
26/09/2003 16:37 65 desktop.ini
26/09/2003 14:50 6 SA.DAT
26/09/2003 14:48 <REP> .
26/09/2003 14:48 <REP> ..
7 fichier(s) 1ÿ947 octets
2 R‚p(s) 100ÿ904ÿ583ÿ168 octets libres
******************************************
Recherche dans Program files
Le dossier C:\Program Files\C2Media n'existe pas
*************** Fin du rapport ****************
voila
Logfile of HijackThis v1.99.1
Scan saved at 08:30:52, on 20/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\windowsautomaticupdates.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\j2re1.5.0\bin\jusched.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\MessengerPlus! 3\MsgPlus1.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\RUNDLL32.EXE
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\McAfee.com\VSO\mcmnhdlr.exe
c:\program files\mcafee.com\shared\mghtml.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Franck\LOCALS~1\Temp\Rar$EX00.688\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.nurjcggwahwfbzeqvfe.com/nD8lFljfJkf_qTwmdaMbLTFiCtjBqLSHh9ic3djT3H_8w8auXbEq8l6bxRHNWjz2.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ckxduaeihahqihsveambb.com/nD8lFljfJkcd4LM1wkaEHKbdCYa1UMlvqx2x3knfyjw.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.unika.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://home.free.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Starware - {CA356D79-679B-4b4c-8E49-5AF97014F4C1} - C:\Program Files\Starware\bin\Starware.dll (file missing)
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: (no name) - {EBCEC6A4-475F-7EA0-EBA8-1B9745C41CD9} - C:\DOCUME~1\Franck\APPLIC~1\CLOSEM~1\download trust.exe
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll (file missing)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Starware - {D49E9D35-254C-4c6a-9D17-95018D228FF5} - C:\Program Files\Starware\bin\Starware.dll (file missing)
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus1.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Anti-Blaxx Manager] C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe
O4 - HKLM\..\Run: [Load download new intra] C:\Documents and Settings\All Users\Application Data\Funk Curb Load Download\meet live.exe
O4 - HKLM\..\Run: [Sin Espias] C:\Program Files\SinEspias\No-Spy.exe /autorun
O4 - HKLM\..\Run: [stnospy] C:\Program Files\SinEspias\no-spy.exe /autorun
O4 - HKLM\..\Run: [CleanUp] C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /cleanup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ViewByte] C:\DOCUME~1\Franck\APPLIC~1\STARTD~1\CASHGRAM.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus1.exe" /WinStart
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.5.0\bin\npjpi150.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.unika.com
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Windows Automatic Updates - Stanford University - C:\WINDOWS\system32\windowsautomaticupdates.exe
Logfile of HijackThis v1.99.1
Scan saved at 08:30:52, on 20/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\windowsautomaticupdates.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\j2re1.5.0\bin\jusched.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\MessengerPlus! 3\MsgPlus1.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\RUNDLL32.EXE
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\McAfee.com\VSO\mcmnhdlr.exe
c:\program files\mcafee.com\shared\mghtml.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Franck\LOCALS~1\Temp\Rar$EX00.688\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.nurjcggwahwfbzeqvfe.com/nD8lFljfJkf_qTwmdaMbLTFiCtjBqLSHh9ic3djT3H_8w8auXbEq8l6bxRHNWjz2.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ckxduaeihahqihsveambb.com/nD8lFljfJkcd4LM1wkaEHKbdCYa1UMlvqx2x3knfyjw.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.unika.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://home.free.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Starware - {CA356D79-679B-4b4c-8E49-5AF97014F4C1} - C:\Program Files\Starware\bin\Starware.dll (file missing)
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: (no name) - {EBCEC6A4-475F-7EA0-EBA8-1B9745C41CD9} - C:\DOCUME~1\Franck\APPLIC~1\CLOSEM~1\download trust.exe
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll (file missing)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Starware - {D49E9D35-254C-4c6a-9D17-95018D228FF5} - C:\Program Files\Starware\bin\Starware.dll (file missing)
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus1.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Anti-Blaxx Manager] C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe
O4 - HKLM\..\Run: [Load download new intra] C:\Documents and Settings\All Users\Application Data\Funk Curb Load Download\meet live.exe
O4 - HKLM\..\Run: [Sin Espias] C:\Program Files\SinEspias\No-Spy.exe /autorun
O4 - HKLM\..\Run: [stnospy] C:\Program Files\SinEspias\no-spy.exe /autorun
O4 - HKLM\..\Run: [CleanUp] C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /cleanup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ViewByte] C:\DOCUME~1\Franck\APPLIC~1\STARTD~1\CASHGRAM.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus1.exe" /WinStart
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.5.0\bin\npjpi150.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.unika.com
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Windows Automatic Updates - Stanford University - C:\WINDOWS\system32\windowsautomaticupdates.exe
voila
Logfile of HijackThis v1.99.1
Scan saved at 08:30:52, on 20/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\windowsautomaticupdates.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\j2re1.5.0\bin\jusched.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\MessengerPlus! 3\MsgPlus1.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\RUNDLL32.EXE
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\McAfee.com\VSO\mcmnhdlr.exe
c:\program files\mcafee.com\shared\mghtml.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Franck\LOCALS~1\Temp\Rar$EX00.688\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.nurjcggwahwfbzeqvfe.com/nD8lFljfJkf_qTwmdaMbLTFiCtjBqLSHh9ic3djT3H_8w8auXbEq8l6bxRHNWjz2.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ckxduaeihahqihsveambb.com/nD8lFljfJkcd4LM1wkaEHKbdCYa1UMlvqx2x3knfyjw.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.unika.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://home.free.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Starware - {CA356D79-679B-4b4c-8E49-5AF97014F4C1} - C:\Program Files\Starware\bin\Starware.dll (file missing)
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: (no name) - {EBCEC6A4-475F-7EA0-EBA8-1B9745C41CD9} - C:\DOCUME~1\Franck\APPLIC~1\CLOSEM~1\download trust.exe
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll (file missing)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Starware - {D49E9D35-254C-4c6a-9D17-95018D228FF5} - C:\Program Files\Starware\bin\Starware.dll (file missing)
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus1.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Anti-Blaxx Manager] C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe
O4 - HKLM\..\Run: [Load download new intra] C:\Documents and Settings\All Users\Application Data\Funk Curb Load Download\meet live.exe
O4 - HKLM\..\Run: [Sin Espias] C:\Program Files\SinEspias\No-Spy.exe /autorun
O4 - HKLM\..\Run: [stnospy] C:\Program Files\SinEspias\no-spy.exe /autorun
O4 - HKLM\..\Run: [CleanUp] C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /cleanup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ViewByte] C:\DOCUME~1\Franck\APPLIC~1\STARTD~1\CASHGRAM.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus1.exe" /WinStart
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.5.0\bin\npjpi150.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.unika.com
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Windows Automatic Updates - Stanford University - C:\WINDOWS\system32\windowsautomaticupdates.exe
Logfile of HijackThis v1.99.1
Scan saved at 08:30:52, on 20/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\windowsautomaticupdates.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\j2re1.5.0\bin\jusched.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\MessengerPlus! 3\MsgPlus1.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\RUNDLL32.EXE
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\McAfee.com\VSO\mcmnhdlr.exe
c:\program files\mcafee.com\shared\mghtml.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Franck\LOCALS~1\Temp\Rar$EX00.688\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.nurjcggwahwfbzeqvfe.com/nD8lFljfJkf_qTwmdaMbLTFiCtjBqLSHh9ic3djT3H_8w8auXbEq8l6bxRHNWjz2.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ckxduaeihahqihsveambb.com/nD8lFljfJkcd4LM1wkaEHKbdCYa1UMlvqx2x3knfyjw.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.unika.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://home.free.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Starware - {CA356D79-679B-4b4c-8E49-5AF97014F4C1} - C:\Program Files\Starware\bin\Starware.dll (file missing)
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: (no name) - {EBCEC6A4-475F-7EA0-EBA8-1B9745C41CD9} - C:\DOCUME~1\Franck\APPLIC~1\CLOSEM~1\download trust.exe
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll (file missing)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Starware - {D49E9D35-254C-4c6a-9D17-95018D228FF5} - C:\Program Files\Starware\bin\Starware.dll (file missing)
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus1.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Anti-Blaxx Manager] C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe
O4 - HKLM\..\Run: [Load download new intra] C:\Documents and Settings\All Users\Application Data\Funk Curb Load Download\meet live.exe
O4 - HKLM\..\Run: [Sin Espias] C:\Program Files\SinEspias\No-Spy.exe /autorun
O4 - HKLM\..\Run: [stnospy] C:\Program Files\SinEspias\no-spy.exe /autorun
O4 - HKLM\..\Run: [CleanUp] C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /cleanup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ViewByte] C:\DOCUME~1\Franck\APPLIC~1\STARTD~1\CASHGRAM.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus1.exe" /WinStart
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.5.0\bin\npjpi150.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.unika.com
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Windows Automatic Updates - Stanford University - C:\WINDOWS\system32\windowsautomaticupdates.exe
