Demande danalyse de rapport
sunshine83
Messages postés
10
Statut
Membre
-
Utilisateur anonyme -
Utilisateur anonyme -
a laide !! Jai un antivermines qui sets installer dans mon ordi... jai d/l hi jack , voici mon rapport.. si vous pourriez maider et me dire quoi faire ca serait tres apprecier!! merci beaucoup
Karinaa
Logfile of HijackThis v1.99.1
Scan saved at 5:19:57 AM, on 06/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\Program Files\STOPzilla!\SZQuarantine.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\MalwaresWipeds\MalwareWipeds.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\wuauclt.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\DISC\DISCover.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\DISC\DiscUpdMgr.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\D-Link\Wireless G WUA-1340\AirGCFG.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\STOPzilla!\SZBlkLst.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.735\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hp-consumer.my.aol.ca/?icid=desktop
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ZILLAbar BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\ZB2.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\ZB2.dll
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [MalwaresWipeds] C:\Program Files\MalwaresWipeds\MalwareWipeds.exe /h
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MalwareWipeds] C:\Program Files\MalwaresWipeds\MalwareWipeds.exe /h
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/229?f6a499c1b59a4a4893bed328eddc7803
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/230?f6a499c1b59a4a4893bed328eddc7803
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by135fd.bay135.hotmail.msn.com/resources/MsnPUpld.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
Karinaa
Logfile of HijackThis v1.99.1
Scan saved at 5:19:57 AM, on 06/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\Program Files\STOPzilla!\SZQuarantine.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\MalwaresWipeds\MalwareWipeds.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\wuauclt.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\DISC\DISCover.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\DISC\DiscUpdMgr.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\D-Link\Wireless G WUA-1340\AirGCFG.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\STOPzilla!\SZBlkLst.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.735\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hp-consumer.my.aol.ca/?icid=desktop
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ZILLAbar BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\ZB2.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\ZB2.dll
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [MalwaresWipeds] C:\Program Files\MalwaresWipeds\MalwareWipeds.exe /h
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MalwareWipeds] C:\Program Files\MalwaresWipeds\MalwareWipeds.exe /h
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/229?f6a499c1b59a4a4893bed328eddc7803
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/230?f6a499c1b59a4a4893bed328eddc7803
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by135fd.bay135.hotmail.msn.com/resources/MsnPUpld.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
A voir également:
- Demande danalyse de rapport
- Plan rapport de stage - Guide
- Rapport de crash windows - Guide
- Impression rapport de stage ✓ - Forum Word
- Exemple de thème de rapport de stage en ressources humaines - Forum Réseau
- Suggestion de theme de rapport de stage - Forum Études / Formation High-Tech
7 réponses
Bonjour !!
Clic sur démarrer, poste de travail, C:, program files et supprime ce dossier :
- MalwaresWipeds
**Si un fichier/dossier persiste lors de la suppression fait ceci:
- Redémarre ton PC. Dès l'allumage de celui-ci tapote la touche F8 (ou F5 si F8 ne fonctionne pas), à l'écran qui va apparaître choisis "mode sans echec" attends un peu..
Puis va supprimer les fichiers/dossiers, vide ta corbeille et redémarre ton PC normalement.
¤ Télécharge SmitfraudFix (enregistre le sur le "bureau")
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
décompresse SmitfraudFix
Lance le fichier SmitfraudFix ou SmitfraudFix.cmd et choisit l option 1 copie le rapport ici
Clic sur démarrer, poste de travail, C:, program files et supprime ce dossier :
- MalwaresWipeds
**Si un fichier/dossier persiste lors de la suppression fait ceci:
- Redémarre ton PC. Dès l'allumage de celui-ci tapote la touche F8 (ou F5 si F8 ne fonctionne pas), à l'écran qui va apparaître choisis "mode sans echec" attends un peu..
Puis va supprimer les fichiers/dossiers, vide ta corbeille et redémarre ton PC normalement.
¤ Télécharge SmitfraudFix (enregistre le sur le "bureau")
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
décompresse SmitfraudFix
Lance le fichier SmitfraudFix ou SmitfraudFix.cmd et choisit l option 1 copie le rapport ici
Allo!! je suis vraiment estomacquer..puisque ce dossier que vous me demandez de supprimer je lai acheter... sur internet voila meme pas deux heures puisque jetais infecter... jespere quils nont pas pris mon numero de carte de credit:(
etes vous vriament certain que je doives le supprimer?
etes vous vriament certain que je doives le supprimer?
Non, garde le pour le moment, il sert à quoi ce logiciel ? (antispy ?)
Donne nous le site ou tu l'as acheté stp j'suis curieux :P
Désinstalle : Windows Live Toolbar t uas celle de Yahoo ça suffit amplement ;-)
Supprime par contre ce dossier : Windows Live Toolbar
Donne nous le site ou tu l'as acheté stp j'suis curieux :P
Désinstalle : Windows Live Toolbar t uas celle de Yahoo ça suffit amplement ;-)
Supprime par contre ce dossier : Windows Live Toolbar
Voici mon resultat de scan, et jai pris mon malware sur cette adreses: malwarewiped.com
jai recue deux confirmation par email de mon achat...
SmitFraudFix v2.139
Scan done at 6:06:56.65, 06/02/2007
Run from C:\Documents and Settings\HP_Administrator\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
C:\WINDOWS\system32\cwgppb.dll FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\HP_Administrator
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\HP_Administrator\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\HP_ADM~1\FAVORI~1
C:\DOCUME~1\HP_ADM~1\FAVORI~1\Online Security Test.url FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32
»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection
jai recue deux confirmation par email de mon achat...
SmitFraudFix v2.139
Scan done at 6:06:56.65, 06/02/2007
Run from C:\Documents and Settings\HP_Administrator\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
C:\WINDOWS\system32\cwgppb.dll FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\HP_Administrator
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\HP_Administrator\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\HP_ADM~1\FAVORI~1
C:\DOCUME~1\HP_ADM~1\FAVORI~1\Online Security Test.url FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32
»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection
A mon avis il est pas très catholique ce programme ..
Tu l'as trouvé comment pour l'acheter ?
Redémarre le PC en mode sans échec : tu tapotes sur la touche F8 de ton clavier (ou F5 ) dès le démarrage et tu choisis le mode sans échec)
- Ouvre le dossier "SmitfraudFix" et double clique sur "Smitfraudfix.cmd", choisit l 'option 2 et tu réponds oui à tout.
Enregistre le rapport puis Copie/colle le rapport sur le forum stp.
Tu l'as trouvé comment pour l'acheter ?
Redémarre le PC en mode sans échec : tu tapotes sur la touche F8 de ton clavier (ou F5 ) dès le démarrage et tu choisis le mode sans échec)
- Ouvre le dossier "SmitfraudFix" et double clique sur "Smitfraudfix.cmd", choisit l 'option 2 et tu réponds oui à tout.
Enregistre le rapport puis Copie/colle le rapport sur le forum stp.
Bon, me revoila enfin,
Jai fais ce que tu mavias demander, mais jai pas encore effacer mon malware wipeds.. si ca prends ca je recommence de suite. Mais losrque mon ordi sest rallumer, il ma signaler 8 malicious malware et mon stop zilla a donner comme resultats: 2 sortes de trojan: media-codec et busky.b(worm,trojan) je te le dis sans savoir si ca peut aider ou tout simplement rien faire mais bon je prends une chance..:)
Merci beaucoup, alors voila:
SmitFraudFix v2.139
Scan done at 6:36:42.60, 06/02/2007
Run from C:\Documents and Settings\HP_Administrator\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
Jai fais ce que tu mavias demander, mais jai pas encore effacer mon malware wipeds.. si ca prends ca je recommence de suite. Mais losrque mon ordi sest rallumer, il ma signaler 8 malicious malware et mon stop zilla a donner comme resultats: 2 sortes de trojan: media-codec et busky.b(worm,trojan) je te le dis sans savoir si ca peut aider ou tout simplement rien faire mais bon je prends une chance..:)
Merci beaucoup, alors voila:
SmitFraudFix v2.139
Scan done at 6:36:42.60, 06/02/2007
Run from C:\Documents and Settings\HP_Administrator\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Garde le pour le moment, je vais me renseigner ailleur ;-)
Tu peux jeter SmitfraudFix.
¤ Télécharge ComboFix
---> http://download.bleepingcomputer.com/sUBs/combofix.exe
Ferme ton navigateur web avant d'exécuter ce programme
Double-clic dessus et appuye sur "Y" pour continuer
Attends quelques minutes..
Un rapport va s'ouvrir enregistre son contenu, puis copie et colle le ici stp
Tu peux jeter le programme dès que c'est fait.
Tu peux jeter SmitfraudFix.
¤ Télécharge ComboFix
---> http://download.bleepingcomputer.com/sUBs/combofix.exe
Ferme ton navigateur web avant d'exécuter ce programme
Double-clic dessus et appuye sur "Y" pour continuer
Attends quelques minutes..
Un rapport va s'ouvrir enregistre son contenu, puis copie et colle le ici stp
Tu peux jeter le programme dès que c'est fait.
Merci de ta patience...:)
voila
"HP_Administrator" - 07-02-06 7:04:11 Service Pack 2
ComboFix 07-02-06.3 - Running from: "C:\Documents and Settings\HP_Administrator\Desktop"
((((((((((((((((((((((((((((((( Files Created from 2007-01-06 to 2007-02-06 ))))))))))))))))))))))))))))))))))
2007-02-06 06:35 79,360 --a------ C:\WINDOWS\system32\swxcacls.exe
2007-02-06 06:35 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-02-06 06:35 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-02-06 06:35 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2007-02-06 06:35 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-02-06 06:35 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2007-02-06 06:07 2,506 --a------ C:\WINDOWS\system32\tmp.reg
2007-02-06 03:40 0 --a------ C:\DOCUME~1\HP_ADM~1\ignorelist.dat
2007-02-06 02:59 <DIR> d-------- C:\Program Files\MalwaresWipeds
2007-02-06 02:57 <DIR> d-------- C:\Program Files\STOPzilla!
2007-02-06 02:57 <DIR> d-------- C:\Program Files\Common Files\iS3
2007-02-06 02:57 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\ZILLAbar
2007-02-06 02:57 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\STOPzilla!
2007-02-06 02:53 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\Application Data\Google
2007-02-06 02:52 51,072 --a------ C:\WINDOWS\system32\drivers\ikhlayer.sys
2007-02-06 02:52 30,592 --a------ C:\WINDOWS\system32\drivers\ikhfile.sys
2007-02-06 02:52 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\Application Data\TEMP
2007-02-06 02:52 <DIR> d-------- C:\Program Files\Spyware Doctor
2007-02-06 02:52 <DIR> d-------- C:\Program Files\Google
2007-02-06 02:52 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\Application Data\PC Tools
2007-02-06 02:52 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Google
2007-02-06 02:36 1,152 --a------ C:\WINDOWS\system32\windrv.sys
2007-02-06 02:36 <DIR> d-------- C:\Program Files\SpyNoMore
2007-02-06 01:52 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\Shared
2007-02-06 01:52 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\Incomplete
2007-02-06 01:47 <DIR> d-------- C:\WINDOWS\Sun
2007-02-06 01:47 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\Application Data\Sun
2007-02-06 01:34 <DIR> d-------- C:\Program Files\LimeWire
2007-02-06 01:33 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\.limewire
2007-02-06 01:32 359,112 --a------ C:\Program Files\LimeWireWin.exe
2007-02-05 20:54 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2007-02-05 20:53 <DIR> d-------- C:\WINDOWS\SHELLNEW
2007-02-05 20:53 <DIR> d-------- C:\Program Files\Microsoft.NET
2007-02-05 20:53 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2007-02-05 20:50 <DIR> dr-h----- C:\MSOCache
2007-02-05 18:23 98,355 -ra------ C:\WINDOWS\system32\SZBase.dll
2007-02-02 19:06 1,035,271 --a------ C:\Program Files\wrar362.exe
2007-02-01 18:56 <DIR> d-------- C:\temp
2007-02-01 18:20 73,728 -ra------ C:\WINDOWS\system32\IS3HTUI.dll
2007-02-01 18:19 45,111 -ra------ C:\WINDOWS\system32\IS3VFS.dll
2007-02-01 18:19 278,583 -ra------ C:\WINDOWS\system32\IS3DBA.dll
2007-02-01 18:18 81,977 -ra------ C:\WINDOWS\system32\IS39XLdr.dll
2007-02-01 18:18 49,209 -ra------ C:\WINDOWS\system32\IS3Hooks.dll
2007-02-01 18:18 340,022 -ra------ C:\WINDOWS\system32\IS3UI.dll
2007-02-01 18:18 32,768 -ra------ C:\WINDOWS\system32\IS3XData.dll
2007-02-01 18:18 139,321 -ra------ C:\WINDOWS\system32\IS3Win32.dll
2007-02-01 18:17 69,688 -ra------ C:\WINDOWS\system32\IS3Inet.dll
2007-02-01 18:17 65,591 -ra------ C:\WINDOWS\system32\IS3Svc.dll
2007-02-01 18:17 516,152 -ra------ C:\WINDOWS\system32\IS3Base.dll
2007-01-30 19:45 8,413 --a------ C:\WINDOWS\system32\drivers\mcstrm.sys
2007-01-28 18:44 <DIR> d-------- C:\4f02c5c62f6552a26221d65fcdb01033
2007-01-28 18:42 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-01-28 18:05 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll
2007-01-28 18:05 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll
2007-01-28 18:05 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll
2007-01-28 18:05 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll
2007-01-28 18:05 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll
2007-01-28 18:05 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll
2007-01-28 18:05 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll
2007-01-28 18:05 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll
2007-01-28 13:23 23,040 --------- C:\WINDOWS\kb913800.exe
2007-01-28 07:30 178,408 --a------ C:\WINDOWS\system32\muweb.dll
2007-01-28 07:30 127,208 --a------ C:\WINDOWS\system32\mucltui.dll
2007-01-27 16:07 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-01-27 16:04 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-01-27 15:05 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2007-01-27 15:03 18,200 --a------ C:\WINDOWS\system32\wups2.dll
2007-01-27 15:03 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-01-27 14:42 634,880 --a------ C:\WINDOWS\system32\ANIWZCS2.dll
2007-01-27 14:42 57,407 --a------ C:\WINDOWS\system32\ANICtl.dll
2007-01-27 14:42 49,152 --a------ C:\WINDOWS\system32\JJAKEn.dll
2007-01-27 14:42 49,152 --a------ C:\WINDOWS\system32\AQCKGen.dll
2007-01-27 14:42 48,128 --a------ C:\WINDOWS\system32\ANIO64.sys
2007-01-27 14:42 36,864 --a------ C:\WINDOWS\system32\ANIOApi.dll
2007-01-27 14:42 28,195 --a------ C:\WINDOWS\system32\ANIO.sys
2007-01-27 14:42 237,568 --a------ C:\WINDOWS\system32\wlanapi.dll
2007-01-27 14:42 204,800 --a------ C:\WINDOWS\system32\aIPH.dll
2007-01-27 14:42 167,936 --a------ C:\WINDOWS\system32\WlanApp.dll
2007-01-27 14:42 11,904 --a------ C:\WINDOWS\system32\anio4.sys
2007-01-27 14:42 1,327,189 --a------ C:\WINDOWS\system32\odSupp_M.dll
2007-01-27 14:42 <DIR> d-------- C:\Program Files\D-Link
2007-01-27 14:42 <DIR> d-------- C:\Program Files\ANI
2007-01-10 09:44 <DIR> d-------- C:\Program Files\InterActual
2007-01-10 09:13 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\Application Data\Hewlett-Packard
2007-01-09 13:12 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\Application Data\HP
2007-01-09 11:19 <DIR> d-------- C:\karaoke 2 chanteurs
2007-01-08 18:18 <DIR> d-------- C:\PATSY CLINE
2007-01-08 16:45 <DIR> d-------- C:\Program Files\Winamp
2007-01-08 15:20 <DIR> d-------- C:\karaoke non plac
2007-01-08 14:45 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\Application Data\Sonic
2007-01-08 14:45 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\Application Data\Leadertech
2007-01-08 14:35 <DIR> d-------- C:\Karaoke Francais
2007-01-08 14:35 <DIR> d-------- C:\Karaoke Anglais
2007-01-06 18:42 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\Application Data\AdobeUM
2007-01-06 18:42 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\Application Data\Adobe
2007-01-06 18:39 0 --a------ C:\DOCUME~1\HP_ADM~1\Application Data\wklnhst.dat
2007-01-06 18:39 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\Application Data\Template
2007-01-06 18:27 <DIR> d-------- C:\WINDOWS\system32\appmgmt
2007-01-06 18:07 <DIR> dr-hs---- C:\cmdcons
2007-01-06 18:02 6,029,312 --a------ C:\DOCUME~1\HP_ADM~1\NTUSER.DAT
2007-01-06 18:02 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\WINDOWS
2007-01-06 18:02 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\Application Data\Symantec
2007-01-06 18:02 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\Application Data\Real
2007-01-06 18:02 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\Application Data\Intuit
2007-01-06 16:25 <DIR> dr-hs---- C:\WINDOWS\system32\dllcache
2007-01-06 01:18 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\Contacts
2007-01-06 01:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Windows Live Toolbar
2007-01-06 01:16 <DIR> d-------- C:\Program Files\MSN Messenger
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-02-06 04:49 -------- d-------- C:\Program Files\Common Files\symantec shared
2007-02-05 20:56 -------- d---s---- C:\DOCUME~1\HP_ADM~1\Application Data\microsoft
2007-02-05 19:36 -------- d-------- C:\Program Files\norton internet security
2007-01-30 19:45 -------- d-------- C:\Program Files\rhapsody
2007-01-27 16:08 -------- d-------- C:\Program Files\real
2007-01-27 14:42 -------- d--h----- C:\Program Files\installshield installation information
2007-01-24 20:18 48776 --a------ C:\WINDOWS\system32\s32evnt1.dll
2007-01-24 20:18 115000 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-01-24 20:18 -------- d-------- C:\Program Files\symantec
2007-01-06 18:19 -------- d-------- C:\Program Files\pc-doctor 5 for windows
2007-01-06 01:08 -------- d-------- C:\DOCUME~1\HP_ADM~1\Application Data\macromedia
2007-01-05 21:25 1331 --a------ C:\WINDOWS\mozver.dat
2007-01-05 21:25 -------- d-------- C:\DOCUME~1\HP_ADM~1\Application Data\netscape
2007-01-05 17:47 -------- d-------- C:\Program Files\ezhebrew
2007-01-05 16:56 -------- d-------- C:\DOCUME~1\HP_ADM~1\Application Data\hpq
2006-12-06 22:14 2330624 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-11-18 23:38 118842 -ra------ C:\WINDOWS\hpcpcuninstaller-6.3.2.116-9972322.exe
2006-11-18 23:37 14318 --a------ C:\WINDOWS\system32\choddi.sys
2006-11-18 23:34 100 --a------ C:\AUTOEXEC.BAT
2006-11-18 23:19 95822 --a------ C:\WINDOWS\hpqins69.dat
2006-11-07 23:06 679424 --------- C:\WINDOWS\system32\inetcomm.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
@=""
"PCDrProfiler"=""
"HPBootOp"="\"C:\\Program Files\\Hewlett-Packard\\HP Boot Optimizer\\HPBootOp.exe\" /run"
"HP Software Update"=hex(2):43,3a,5c,50,72,6f,67,72,61,6d,20,46,69,6c,65,73,5c,\
48,50,5c,48,50,20,53,6f,66,74,77,61,72,65,20,55,70,64,61,74,65,5c,48,50,77,\
75,53,63,68,64,32,2e,65,78,65,00
"MalwaresWipeds"="C:\\Program Files\\MalwaresWipeds\\MalwareWipeds.exe /h"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"MalwareWipeds"="C:\\Program Files\\MalwaresWipeds\\MalwareWipeds.exe /h"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
6d,73,73,74,79,6c,65,73,00
"InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
Usnsvc REG_MULTI_SZ usnsvc\0\0
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f22bbf31-9de0-11db-97ff-806d6172696f}]
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_COMHOST
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Easy Internet Sign-up.job
C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - HP_Administrator.job
C:\WINDOWS\tasks\Warranty Reminder 11 month.job
********************************************************************
catchme 0.1 W2K/XP - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
********************************************************************
Completion time: 07-02-06 7:08:17
voila
"HP_Administrator" - 07-02-06 7:04:11 Service Pack 2
ComboFix 07-02-06.3 - Running from: "C:\Documents and Settings\HP_Administrator\Desktop"
((((((((((((((((((((((((((((((( Files Created from 2007-01-06 to 2007-02-06 ))))))))))))))))))))))))))))))))))
2007-02-06 06:35 79,360 --a------ C:\WINDOWS\system32\swxcacls.exe
2007-02-06 06:35 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-02-06 06:35 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-02-06 06:35 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2007-02-06 06:35 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-02-06 06:35 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2007-02-06 06:07 2,506 --a------ C:\WINDOWS\system32\tmp.reg
2007-02-06 03:40 0 --a------ C:\DOCUME~1\HP_ADM~1\ignorelist.dat
2007-02-06 02:59 <DIR> d-------- C:\Program Files\MalwaresWipeds
2007-02-06 02:57 <DIR> d-------- C:\Program Files\STOPzilla!
2007-02-06 02:57 <DIR> d-------- C:\Program Files\Common Files\iS3
2007-02-06 02:57 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\ZILLAbar
2007-02-06 02:57 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\STOPzilla!
2007-02-06 02:53 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\Application Data\Google
2007-02-06 02:52 51,072 --a------ C:\WINDOWS\system32\drivers\ikhlayer.sys
2007-02-06 02:52 30,592 --a------ C:\WINDOWS\system32\drivers\ikhfile.sys
2007-02-06 02:52 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\Application Data\TEMP
2007-02-06 02:52 <DIR> d-------- C:\Program Files\Spyware Doctor
2007-02-06 02:52 <DIR> d-------- C:\Program Files\Google
2007-02-06 02:52 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\Application Data\PC Tools
2007-02-06 02:52 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Google
2007-02-06 02:36 1,152 --a------ C:\WINDOWS\system32\windrv.sys
2007-02-06 02:36 <DIR> d-------- C:\Program Files\SpyNoMore
2007-02-06 01:52 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\Shared
2007-02-06 01:52 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\Incomplete
2007-02-06 01:47 <DIR> d-------- C:\WINDOWS\Sun
2007-02-06 01:47 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\Application Data\Sun
2007-02-06 01:34 <DIR> d-------- C:\Program Files\LimeWire
2007-02-06 01:33 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\.limewire
2007-02-06 01:32 359,112 --a------ C:\Program Files\LimeWireWin.exe
2007-02-05 20:54 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2007-02-05 20:53 <DIR> d-------- C:\WINDOWS\SHELLNEW
2007-02-05 20:53 <DIR> d-------- C:\Program Files\Microsoft.NET
2007-02-05 20:53 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2007-02-05 20:50 <DIR> dr-h----- C:\MSOCache
2007-02-05 18:23 98,355 -ra------ C:\WINDOWS\system32\SZBase.dll
2007-02-02 19:06 1,035,271 --a------ C:\Program Files\wrar362.exe
2007-02-01 18:56 <DIR> d-------- C:\temp
2007-02-01 18:20 73,728 -ra------ C:\WINDOWS\system32\IS3HTUI.dll
2007-02-01 18:19 45,111 -ra------ C:\WINDOWS\system32\IS3VFS.dll
2007-02-01 18:19 278,583 -ra------ C:\WINDOWS\system32\IS3DBA.dll
2007-02-01 18:18 81,977 -ra------ C:\WINDOWS\system32\IS39XLdr.dll
2007-02-01 18:18 49,209 -ra------ C:\WINDOWS\system32\IS3Hooks.dll
2007-02-01 18:18 340,022 -ra------ C:\WINDOWS\system32\IS3UI.dll
2007-02-01 18:18 32,768 -ra------ C:\WINDOWS\system32\IS3XData.dll
2007-02-01 18:18 139,321 -ra------ C:\WINDOWS\system32\IS3Win32.dll
2007-02-01 18:17 69,688 -ra------ C:\WINDOWS\system32\IS3Inet.dll
2007-02-01 18:17 65,591 -ra------ C:\WINDOWS\system32\IS3Svc.dll
2007-02-01 18:17 516,152 -ra------ C:\WINDOWS\system32\IS3Base.dll
2007-01-30 19:45 8,413 --a------ C:\WINDOWS\system32\drivers\mcstrm.sys
2007-01-28 18:44 <DIR> d-------- C:\4f02c5c62f6552a26221d65fcdb01033
2007-01-28 18:42 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-01-28 18:05 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll
2007-01-28 18:05 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll
2007-01-28 18:05 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll
2007-01-28 18:05 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll
2007-01-28 18:05 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll
2007-01-28 18:05 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll
2007-01-28 18:05 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll
2007-01-28 18:05 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll
2007-01-28 13:23 23,040 --------- C:\WINDOWS\kb913800.exe
2007-01-28 07:30 178,408 --a------ C:\WINDOWS\system32\muweb.dll
2007-01-28 07:30 127,208 --a------ C:\WINDOWS\system32\mucltui.dll
2007-01-27 16:07 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-01-27 16:04 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-01-27 15:05 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2007-01-27 15:03 18,200 --a------ C:\WINDOWS\system32\wups2.dll
2007-01-27 15:03 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-01-27 14:42 634,880 --a------ C:\WINDOWS\system32\ANIWZCS2.dll
2007-01-27 14:42 57,407 --a------ C:\WINDOWS\system32\ANICtl.dll
2007-01-27 14:42 49,152 --a------ C:\WINDOWS\system32\JJAKEn.dll
2007-01-27 14:42 49,152 --a------ C:\WINDOWS\system32\AQCKGen.dll
2007-01-27 14:42 48,128 --a------ C:\WINDOWS\system32\ANIO64.sys
2007-01-27 14:42 36,864 --a------ C:\WINDOWS\system32\ANIOApi.dll
2007-01-27 14:42 28,195 --a------ C:\WINDOWS\system32\ANIO.sys
2007-01-27 14:42 237,568 --a------ C:\WINDOWS\system32\wlanapi.dll
2007-01-27 14:42 204,800 --a------ C:\WINDOWS\system32\aIPH.dll
2007-01-27 14:42 167,936 --a------ C:\WINDOWS\system32\WlanApp.dll
2007-01-27 14:42 11,904 --a------ C:\WINDOWS\system32\anio4.sys
2007-01-27 14:42 1,327,189 --a------ C:\WINDOWS\system32\odSupp_M.dll
2007-01-27 14:42 <DIR> d-------- C:\Program Files\D-Link
2007-01-27 14:42 <DIR> d-------- C:\Program Files\ANI
2007-01-10 09:44 <DIR> d-------- C:\Program Files\InterActual
2007-01-10 09:13 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\Application Data\Hewlett-Packard
2007-01-09 13:12 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\Application Data\HP
2007-01-09 11:19 <DIR> d-------- C:\karaoke 2 chanteurs
2007-01-08 18:18 <DIR> d-------- C:\PATSY CLINE
2007-01-08 16:45 <DIR> d-------- C:\Program Files\Winamp
2007-01-08 15:20 <DIR> d-------- C:\karaoke non plac
2007-01-08 14:45 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\Application Data\Sonic
2007-01-08 14:45 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\Application Data\Leadertech
2007-01-08 14:35 <DIR> d-------- C:\Karaoke Francais
2007-01-08 14:35 <DIR> d-------- C:\Karaoke Anglais
2007-01-06 18:42 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\Application Data\AdobeUM
2007-01-06 18:42 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\Application Data\Adobe
2007-01-06 18:39 0 --a------ C:\DOCUME~1\HP_ADM~1\Application Data\wklnhst.dat
2007-01-06 18:39 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\Application Data\Template
2007-01-06 18:27 <DIR> d-------- C:\WINDOWS\system32\appmgmt
2007-01-06 18:07 <DIR> dr-hs---- C:\cmdcons
2007-01-06 18:02 6,029,312 --a------ C:\DOCUME~1\HP_ADM~1\NTUSER.DAT
2007-01-06 18:02 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\WINDOWS
2007-01-06 18:02 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\Application Data\Symantec
2007-01-06 18:02 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\Application Data\Real
2007-01-06 18:02 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\Application Data\Intuit
2007-01-06 16:25 <DIR> dr-hs---- C:\WINDOWS\system32\dllcache
2007-01-06 01:18 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\Contacts
2007-01-06 01:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Windows Live Toolbar
2007-01-06 01:16 <DIR> d-------- C:\Program Files\MSN Messenger
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-02-06 04:49 -------- d-------- C:\Program Files\Common Files\symantec shared
2007-02-05 20:56 -------- d---s---- C:\DOCUME~1\HP_ADM~1\Application Data\microsoft
2007-02-05 19:36 -------- d-------- C:\Program Files\norton internet security
2007-01-30 19:45 -------- d-------- C:\Program Files\rhapsody
2007-01-27 16:08 -------- d-------- C:\Program Files\real
2007-01-27 14:42 -------- d--h----- C:\Program Files\installshield installation information
2007-01-24 20:18 48776 --a------ C:\WINDOWS\system32\s32evnt1.dll
2007-01-24 20:18 115000 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-01-24 20:18 -------- d-------- C:\Program Files\symantec
2007-01-06 18:19 -------- d-------- C:\Program Files\pc-doctor 5 for windows
2007-01-06 01:08 -------- d-------- C:\DOCUME~1\HP_ADM~1\Application Data\macromedia
2007-01-05 21:25 1331 --a------ C:\WINDOWS\mozver.dat
2007-01-05 21:25 -------- d-------- C:\DOCUME~1\HP_ADM~1\Application Data\netscape
2007-01-05 17:47 -------- d-------- C:\Program Files\ezhebrew
2007-01-05 16:56 -------- d-------- C:\DOCUME~1\HP_ADM~1\Application Data\hpq
2006-12-06 22:14 2330624 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-11-18 23:38 118842 -ra------ C:\WINDOWS\hpcpcuninstaller-6.3.2.116-9972322.exe
2006-11-18 23:37 14318 --a------ C:\WINDOWS\system32\choddi.sys
2006-11-18 23:34 100 --a------ C:\AUTOEXEC.BAT
2006-11-18 23:19 95822 --a------ C:\WINDOWS\hpqins69.dat
2006-11-07 23:06 679424 --------- C:\WINDOWS\system32\inetcomm.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
@=""
"PCDrProfiler"=""
"HPBootOp"="\"C:\\Program Files\\Hewlett-Packard\\HP Boot Optimizer\\HPBootOp.exe\" /run"
"HP Software Update"=hex(2):43,3a,5c,50,72,6f,67,72,61,6d,20,46,69,6c,65,73,5c,\
48,50,5c,48,50,20,53,6f,66,74,77,61,72,65,20,55,70,64,61,74,65,5c,48,50,77,\
75,53,63,68,64,32,2e,65,78,65,00
"MalwaresWipeds"="C:\\Program Files\\MalwaresWipeds\\MalwareWipeds.exe /h"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"MalwareWipeds"="C:\\Program Files\\MalwaresWipeds\\MalwareWipeds.exe /h"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
6d,73,73,74,79,6c,65,73,00
"InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
Usnsvc REG_MULTI_SZ usnsvc\0\0
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f22bbf31-9de0-11db-97ff-806d6172696f}]
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_COMHOST
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Easy Internet Sign-up.job
C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - HP_Administrator.job
C:\WINDOWS\tasks\Warranty Reminder 11 month.job
********************************************************************
catchme 0.1 W2K/XP - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
********************************************************************
Completion time: 07-02-06 7:08:17
Répond moi à cette question concernant le programme que tu as acheté stp ça permettra de mieux le cerner :
" Tu l'as trouvé comment pour l'acheter ? "
¤ Désinstalle ce programme si encore installé, c'est un rogue, faux logiciel déguisé en spyware
- SpyNoMore
¤ Clic sur démarrer, poste de travail, C:, program files et supprime ce dossier :
- SpyNoMore
¤ Fait ce scan anti-virus en ligne avec Internet Explorer, accepte l'active X; la barre anti-popup du SP2 (en haut) va se mettre à clignoter, clic dessus et choisis "accepter l'active X" pour faire fonctionner le scan anti-virus.
Une fois qu'il a terminé colle le rapport ici stp
https://www.bitdefender.com/toolbox/
" Tu l'as trouvé comment pour l'acheter ? "
¤ Désinstalle ce programme si encore installé, c'est un rogue, faux logiciel déguisé en spyware
- SpyNoMore
¤ Clic sur démarrer, poste de travail, C:, program files et supprime ce dossier :
- SpyNoMore
¤ Fait ce scan anti-virus en ligne avec Internet Explorer, accepte l'active X; la barre anti-popup du SP2 (en haut) va se mettre à clignoter, clic dessus et choisis "accepter l'active X" pour faire fonctionner le scan anti-virus.
Une fois qu'il a terminé colle le rapport ici stp
https://www.bitdefender.com/toolbox/
Es ce que jefface egalement malware wiped, stopzilla et spyware doctor? .. pour le site je crois que cest mon anti virus ou internet explorer qui me la conseiller.. jai panqiuer quand je voyais pleins de fenetres souvrir et jai tout de suite acheter un anti-virus.. comment me faire rembourser maintenant:S sutout qu'il ne mont tjrs pas envoyer mon numero de certificat..
