Access issue snuffx.com
Solved/Closed
lauralee
-
le clown -
le clown -
Hello,
I’ve been trying to connect to Snuffx.com since this morning, and instead, an AdultFriend window opens.... I don’t know much about computers, so would someone kindly have the patience to help me solve this problem (considering that just two days ago, I was accessing it without any issues...)
Thank you for your help.
Laura
I’ve been trying to connect to Snuffx.com since this morning, and instead, an AdultFriend window opens.... I don’t know much about computers, so would someone kindly have the patience to help me solve this problem (considering that just two days ago, I was accessing it without any issues...)
Thank you for your help.
Laura
Configuration: Windows XP AOL 9.0
26 answers
- 1
- 2
Next
Hello, I can't connect either, so I won't be able to help you. In fact, I just wanted to reassure you and let you know that you're not the only one. It happened to me not so long ago, and like magic, a few days later the site was working perfectly.
So with some patience and good nerves, you will get through this...
See you soon, and I'm sorry for not being able to help you.
So with some patience and good nerves, you will get through this...
See you soon, and I'm sorry for not being able to help you.
stop your chatter and get on it
https://proxify.com/login.pl?sp=1&un=&lp=1&re=http%3a%2f%2fwww%2esnuffx%2ecom%2f
End of story
https://proxify.com/login.pl?sp=1&un=&lp=1&re=http%3a%2f%2fwww%2esnuffx%2ecom%2f
End of story
paste a hijackthis report
https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/29061.html
manual:
https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html
_________
launch cwshredder (do fix)
https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/27497.html
_________
AVG antispyware
https://www.01net.com/telecharger/
Tutorial:
http://www.kachouri.com/tuto/tuto-161-avg-anti-spyware-75-pour-votre-securite.html
-> Restart AVG AS -> "Scan" ->"Settings"
Under the question "How to react?":
-> click on "Recommended actions" and choose "Quarantine"
-> Click again on the "Scan" tab and perform a "Complete system scan"
If a file is infected at the end of the scan
-> Click on "Apply all actions"
-> Click on "Save report" then on "Save report as".
-> Save this text file on your desktop then paste the report here
__________
use to delete your traces
CCLEANER: (run a cleanup and fix errors) without installing the yahoo toolbar
https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html
_________
paste hijackthis again
https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/29061.html
manual:
https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html
_________
launch cwshredder (do fix)
https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/27497.html
_________
AVG antispyware
https://www.01net.com/telecharger/
Tutorial:
http://www.kachouri.com/tuto/tuto-161-avg-anti-spyware-75-pour-votre-securite.html
-> Restart AVG AS -> "Scan" ->"Settings"
Under the question "How to react?":
-> click on "Recommended actions" and choose "Quarantine"
-> Click again on the "Scan" tab and perform a "Complete system scan"
If a file is infected at the end of the scan
-> Click on "Apply all actions"
-> Click on "Save report" then on "Save report as".
-> Save this text file on your desktop then paste the report here
__________
use to delete your traces
CCLEANER: (run a cleanup and fix errors) without installing the yahoo toolbar
https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html
_________
paste hijackthis again
Hello
Logfile of HijackThis v1.99.1
Scan saved at 17:12:33, on 09/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Menara\dslmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Hijackthis French Version\ORIGINAL TRANSLATED VERSION.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www8.hp.com/fr/fr/home.html
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www8.hp.com/fr/fr/home.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Links
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {47A3A100-0F63-4F22-8AC6-09ED232B0D26} - (no file)
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: (no name) - {911551E5-4B0F-4021-BD18-A24F9E558A94} - (no file)
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: DSLMON.lnk = C:\Program Files\Menara\dslmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Java Console (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Search - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www8.hp.com/fr/fr/home.html
O17 - HKLM\System\CCS\Services\Tcpip\..\{FF8F63D8-FA26-43EC-A6A6-C9F41411F5B7}: NameServer = 212.217.1.17 212.217.0.3
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: yaywvuUK - C:\WINDOWS\
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" -r (file missing)
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created on: 18:34:26 09/08/2008
+ Scan results:
C:\Documents and Settings\Motiâ-Eddine\Local Settings\Temp\removalfile.bat -> Not-A-Virus.Adware.Virtumonde: Cleaned.
:mozilla.279:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.2o7: Cleaned.
:mozilla.39:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.2o7: Cleaned.
C:\Documents and Settings\Motiâ-Eddine\Cookies\motiâ-eddine@2o7[1].txt -> TrackingCookie.2o7: Cleaned.
C:\Documents and Settings\Motiâ-Eddine\Cookies\motiâ-eddine@msnportal.112.2o7[1].txt -> TrackingCookie.2o7: Cleaned.
:mozilla.177:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Adbrite: Cleaned.
:mozilla.178:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Adbrite: Cleaned.
:mozilla.179:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Adbrite: Cleaned.
:mozilla.126:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Adrevolver: Cleaned.
:mozilla.127:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Adrevolver: Cleaned.
:mozilla.128:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Adrevolver: Cleaned.
:mozilla.129:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Adrevolver: Cleaned.
:mozilla.130:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Adrevolver: Cleaned.
:mozilla.132:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Adrevolver: Cleaned.
:mozilla.133:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Adrevolver: Cleaned.
:mozilla.134:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Adrevolver: Cleaned.
:mozilla.268:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Adtech: Cleaned.
:mozilla.137:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Advertising: Cleaned.
:mozilla.138:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Advertising: Cleaned.
:mozilla.139:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Advertising: Cleaned.
:mozilla.186:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Adviva: Cleaned.
:mozilla.154:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Bluestreak: Cleaned.
:mozilla.330:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Burstnet: Cleaned.
:mozilla.331:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Burstnet: Cleaned.
:mozilla.324:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Casalemedia: Cleaned.
:mozilla.325:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Casalemedia: Cleaned.
:mozilla.326:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Casalemedia: Cleaned.
:mozilla.327:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Casalemedia: Cleaned.
:mozilla.328:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Casalemedia: Cleaned.
:mozilla.166:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Comclick: Cleaned.
:mozilla.167:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Comclick: Cleaned.
:mozilla.168:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Comclick: Cleaned.
:mozilla.34:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Doubleclick: Cleaned.
:mozilla.346:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Estat: Cleaned.
:mozilla.90:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Fastclick: Cleaned.
:mozilla.91:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Fastclick: Cleaned.
:mozilla.98:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Fastclick: Cleaned.
C:\Documents and Settings\Motiâ-Eddine\Cookies\motiâ-eddine@fastclick[2].txt -> TrackingCookie.Fastclick: Cleaned.
:mozilla.267:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Googleadservices: Cleaned.
:mozilla.116:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Hitslink: Cleaned.
:mozilla.237:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Imrworldwide: Cleaned.
:mozilla.238:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Imrworldwide: Cleaned.
:mozilla.265:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Mediaplex: Cleaned.
:mozilla.38:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Netflame: Cleaned.
:mozilla.41:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Overture: Cleaned.
C:\Documents and Settings\Motiâ-Eddine\Cookies\motiâ-eddine@real[1].txt -> TrackingCookie.Real: Cleaned.
:mozilla.239:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Revsci: Cleaned.
:mozilla.240:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Revsci: Cleaned.
:mozilla.241:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Revsci: Cleaned.
:mozilla.242:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Serving-sys: Cleaned.
:mozilla.243:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Serving-sys: Cleaned.
:mozilla.244:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Serving-sys: Cleaned.
:mozilla.245:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Serving-sys: Cleaned.
:mozilla.246:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Serving-sys: Cleaned.
:mozilla.247:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Serving-sys: Cleaned.
:mozilla.248:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Serving-sys: Cleaned.
:mozilla.6:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Smartadserver: Cleaned.
:mozilla.7:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Smartadserver: Cleaned.
:mozilla.8:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Smartadserver: Cleaned.
:mozilla.9:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Smartadserver: Cleaned.
:mozilla.145:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Statcounter: Cleaned.
:mozilla.146:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Statcounter: Cleaned.
:mozilla.123:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Tradedoubler: Cleaned.
:mozilla.124:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Tradedoubler: Cleaned.
:mozilla.125:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Tradedoubler: Cleaned.
:mozilla.329:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Tribalfusion: Cleaned.
:mozilla.163:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Weborama: Cleaned.
:mozilla.164:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Weborama: Cleaned.
:mozilla.165:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Weborama: Cleaned.
:mozilla.282:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Weborama: Cleaned.
:mozilla.283:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Weborama: Cleaned.
:mozilla.284:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Weborama: Cleaned.
:mozilla.287:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Weborama: Cleaned.
:mozilla.76:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Yadro: Cleaned.
:mozilla.77:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Yadro: Cleaned.
:mozilla.92:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Yieldmanager: Cleaned.
:mozilla.93:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Yieldmanager: Cleaned.
:mozilla.94:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Yieldmanager: Cleaned.
:mozilla.95:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Yieldmanager: Cleaned.
:mozilla.96:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Yieldmanager: Cleaned.
:mozilla.97:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Yieldmanager: Cleaned.
:mozilla.40:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Zedo: Cleaned.
End of report
Logfile of HijackThis v1.99.1
Scan saved at 17:12:33, on 09/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Menara\dslmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Hijackthis French Version\ORIGINAL TRANSLATED VERSION.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www8.hp.com/fr/fr/home.html
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www8.hp.com/fr/fr/home.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Links
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {47A3A100-0F63-4F22-8AC6-09ED232B0D26} - (no file)
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: (no name) - {911551E5-4B0F-4021-BD18-A24F9E558A94} - (no file)
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: DSLMON.lnk = C:\Program Files\Menara\dslmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Java Console (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Search - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www8.hp.com/fr/fr/home.html
O17 - HKLM\System\CCS\Services\Tcpip\..\{FF8F63D8-FA26-43EC-A6A6-C9F41411F5B7}: NameServer = 212.217.1.17 212.217.0.3
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: yaywvuUK - C:\WINDOWS\
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" -r (file missing)
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created on: 18:34:26 09/08/2008
+ Scan results:
C:\Documents and Settings\Motiâ-Eddine\Local Settings\Temp\removalfile.bat -> Not-A-Virus.Adware.Virtumonde: Cleaned.
:mozilla.279:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.2o7: Cleaned.
:mozilla.39:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.2o7: Cleaned.
C:\Documents and Settings\Motiâ-Eddine\Cookies\motiâ-eddine@2o7[1].txt -> TrackingCookie.2o7: Cleaned.
C:\Documents and Settings\Motiâ-Eddine\Cookies\motiâ-eddine@msnportal.112.2o7[1].txt -> TrackingCookie.2o7: Cleaned.
:mozilla.177:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Adbrite: Cleaned.
:mozilla.178:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Adbrite: Cleaned.
:mozilla.179:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Adbrite: Cleaned.
:mozilla.126:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Adrevolver: Cleaned.
:mozilla.127:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Adrevolver: Cleaned.
:mozilla.128:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Adrevolver: Cleaned.
:mozilla.129:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Adrevolver: Cleaned.
:mozilla.130:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Adrevolver: Cleaned.
:mozilla.132:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Adrevolver: Cleaned.
:mozilla.133:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Adrevolver: Cleaned.
:mozilla.134:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Adrevolver: Cleaned.
:mozilla.268:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Adtech: Cleaned.
:mozilla.137:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Advertising: Cleaned.
:mozilla.138:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Advertising: Cleaned.
:mozilla.139:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Advertising: Cleaned.
:mozilla.186:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Adviva: Cleaned.
:mozilla.154:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Bluestreak: Cleaned.
:mozilla.330:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Burstnet: Cleaned.
:mozilla.331:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Burstnet: Cleaned.
:mozilla.324:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Casalemedia: Cleaned.
:mozilla.325:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Casalemedia: Cleaned.
:mozilla.326:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Casalemedia: Cleaned.
:mozilla.327:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Casalemedia: Cleaned.
:mozilla.328:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Casalemedia: Cleaned.
:mozilla.166:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Comclick: Cleaned.
:mozilla.167:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Comclick: Cleaned.
:mozilla.168:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Comclick: Cleaned.
:mozilla.34:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Doubleclick: Cleaned.
:mozilla.346:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Estat: Cleaned.
:mozilla.90:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Fastclick: Cleaned.
:mozilla.91:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Fastclick: Cleaned.
:mozilla.98:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Fastclick: Cleaned.
C:\Documents and Settings\Motiâ-Eddine\Cookies\motiâ-eddine@fastclick[2].txt -> TrackingCookie.Fastclick: Cleaned.
:mozilla.267:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Googleadservices: Cleaned.
:mozilla.116:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Hitslink: Cleaned.
:mozilla.237:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Imrworldwide: Cleaned.
:mozilla.238:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Imrworldwide: Cleaned.
:mozilla.265:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Mediaplex: Cleaned.
:mozilla.38:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Netflame: Cleaned.
:mozilla.41:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Overture: Cleaned.
C:\Documents and Settings\Motiâ-Eddine\Cookies\motiâ-eddine@real[1].txt -> TrackingCookie.Real: Cleaned.
:mozilla.239:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Revsci: Cleaned.
:mozilla.240:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Revsci: Cleaned.
:mozilla.241:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Revsci: Cleaned.
:mozilla.242:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Serving-sys: Cleaned.
:mozilla.243:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Serving-sys: Cleaned.
:mozilla.244:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Serving-sys: Cleaned.
:mozilla.245:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Serving-sys: Cleaned.
:mozilla.246:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Serving-sys: Cleaned.
:mozilla.247:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Serving-sys: Cleaned.
:mozilla.248:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Serving-sys: Cleaned.
:mozilla.6:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Smartadserver: Cleaned.
:mozilla.7:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Smartadserver: Cleaned.
:mozilla.8:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Smartadserver: Cleaned.
:mozilla.9:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Smartadserver: Cleaned.
:mozilla.145:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Statcounter: Cleaned.
:mozilla.146:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Statcounter: Cleaned.
:mozilla.123:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Tradedoubler: Cleaned.
:mozilla.124:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Tradedoubler: Cleaned.
:mozilla.125:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Tradedoubler: Cleaned.
:mozilla.329:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Tribalfusion: Cleaned.
:mozilla.163:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Weborama: Cleaned.
:mozilla.164:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Weborama: Cleaned.
:mozilla.165:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Weborama: Cleaned.
:mozilla.282:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Weborama: Cleaned.
:mozilla.283:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Weborama: Cleaned.
:mozilla.284:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Weborama: Cleaned.
:mozilla.287:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Weborama: Cleaned.
:mozilla.76:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Yadro: Cleaned.
:mozilla.77:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Yadro: Cleaned.
:mozilla.92:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Yieldmanager: Cleaned.
:mozilla.93:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Yieldmanager: Cleaned.
:mozilla.94:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Yieldmanager: Cleaned.
:mozilla.95:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Yieldmanager: Cleaned.
:mozilla.96:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Yieldmanager: Cleaned.
:mozilla.97:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Yieldmanager: Cleaned.
:mozilla.40:C:\Documents and Settings\Motiâ-Eddine\Application Data\Mozilla\Firefox\Profiles\ri4w8e84.default\cookies.txt -> TrackingCookie.Zedo: Cleaned.
End of report
Logfile of HijackThis v1.99.1
Scan saved at 17:12:33, on 09/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Menara\dslmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Hijackthis French Version\TRANSLATED ORIGINAL VERSION.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www8.hp.com/fr/fr/home.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Links
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {47A3A100-0F63-4F22-8AC6-09ED232B0D26} - (no file)
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: (no name) - {911551E5-4B0F-4021-BD18-A24F9E558A94} - (no file)
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: DSLMON.lnk = C:\Program Files\Menara\dslmon.exe
O8 - Extra context menu item: E&xporter to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Java Console (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Search - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{FF8F63D8-FA26-43EC-A6A6-C9F41411F5B7}: NameServer = 212.217.1.17 212.217.0.3
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: yaywvuUK - C:\WINDOWS\
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" -r (file missing)
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
Scan saved at 17:12:33, on 09/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Menara\dslmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Hijackthis French Version\TRANSLATED ORIGINAL VERSION.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www8.hp.com/fr/fr/home.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Links
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {47A3A100-0F63-4F22-8AC6-09ED232B0D26} - (no file)
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: (no name) - {911551E5-4B0F-4021-BD18-A24F9E558A94} - (no file)
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: DSLMON.lnk = C:\Program Files\Menara\dslmon.exe
O8 - Extra context menu item: E&xporter to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Java Console (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Search - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{FF8F63D8-FA26-43EC-A6A6-C9F41411F5B7}: NameServer = 212.217.1.17 212.217.0.3
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: yaywvuUK - C:\WINDOWS\
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" -r (file missing)
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
Hello,
here is the avg antispyware report:
VG Anti-Spyware - Analysis Report
---------------------------------------------------------
+ Created at: 12:15:47 13/09/2007
+ Scan result:
C:\Program Files\EasyBits For Kids\ezDialUp.exe -> Heuristic.Win32.Dialer : Ignored.
C:\Program Files\EasyBits For Kids\ezRasStatus.exe -> Heuristic.Win32.Dialer : Ignored.
C:\Program Files\eChanblard\EvID4226Patch.exe -> Not-A-Virus.Hacktool.EvID : Ignored.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@network-ca.247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@3suisses.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@aoleusearch.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@aolfr.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@boonty.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@fnac.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@hotelscom.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@karavel.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@maisondevalerie.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@mistergooddeal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@msnaccountservices.112.2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@notrefamille.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@opodo.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@paypal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@redcats.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@sfr.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@snapfish.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@viafrplayer.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@viamtvnvideo.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@adrevolver[2].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@adtech[2].txt -> TrackingCookie.Adtech : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@iv2.bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@com[1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@comclick[2].txt -> TrackingCookie.Comclick : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@fl01.ct2.comclick[2].txt -> TrackingCookie.Comclick : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@data.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@dealtime[1].txt -> TrackingCookie.Dealtime : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@stat.dealtime[2].txt -> TrackingCookie.Dealtime : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@estat[2].txt -> TrackingCookie.Estat : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@as-eu.falkag[2].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@as1.falkag[2].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@ehg-cogemag.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@ehg-foxmovies.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@ehg-franceloisirs.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@ehg-nestlebebe.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@ehg-nestlefr.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@ehg-neuftelecom.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@ehg-ricaud.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@ehg-telecomitalia.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@ehg-yvesrocher.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@hg1.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@searchportal.information[1].txt -> TrackingCookie.Information : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@server.iad.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@www.paypal[2].txt -> TrackingCookie.Paypal : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@real[2].txt -> TrackingCookie.Real : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@realmedia[2].txt -> TrackingCookie.Realmedia : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@revenue[2].txt -> TrackingCookie.Revenue : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@smartadserver[1].txt -> TrackingCookie.Smartadserver : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@blackbox.weborama[1].txt -> TrackingCookie.Weborama : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@weborama[2].txt -> TrackingCookie.Weborama : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@m.webtrends[1].txt -> TrackingCookie.Webtrends : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@zedo[1].txt -> TrackingCookie.Zedo : Cleaned.
End of report
here is the avg antispyware report:
VG Anti-Spyware - Analysis Report
---------------------------------------------------------
+ Created at: 12:15:47 13/09/2007
+ Scan result:
C:\Program Files\EasyBits For Kids\ezDialUp.exe -> Heuristic.Win32.Dialer : Ignored.
C:\Program Files\EasyBits For Kids\ezRasStatus.exe -> Heuristic.Win32.Dialer : Ignored.
C:\Program Files\eChanblard\EvID4226Patch.exe -> Not-A-Virus.Hacktool.EvID : Ignored.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@network-ca.247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@3suisses.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@aoleusearch.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@aolfr.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@boonty.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@fnac.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@hotelscom.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@karavel.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@maisondevalerie.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@mistergooddeal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@msnaccountservices.112.2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@notrefamille.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@opodo.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@paypal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@redcats.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@sfr.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@snapfish.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@viafrplayer.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@viamtvnvideo.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@adrevolver[2].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@adtech[2].txt -> TrackingCookie.Adtech : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@iv2.bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@com[1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@comclick[2].txt -> TrackingCookie.Comclick : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@fl01.ct2.comclick[2].txt -> TrackingCookie.Comclick : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@data.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@dealtime[1].txt -> TrackingCookie.Dealtime : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@stat.dealtime[2].txt -> TrackingCookie.Dealtime : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@estat[2].txt -> TrackingCookie.Estat : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@as-eu.falkag[2].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@as1.falkag[2].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@ehg-cogemag.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@ehg-foxmovies.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@ehg-franceloisirs.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@ehg-nestlebebe.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@ehg-nestlefr.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@ehg-neuftelecom.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@ehg-ricaud.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@ehg-telecomitalia.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@ehg-yvesrocher.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@hg1.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@searchportal.information[1].txt -> TrackingCookie.Information : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@server.iad.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@www.paypal[2].txt -> TrackingCookie.Paypal : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@real[2].txt -> TrackingCookie.Real : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@realmedia[2].txt -> TrackingCookie.Realmedia : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@revenue[2].txt -> TrackingCookie.Revenue : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@smartadserver[1].txt -> TrackingCookie.Smartadserver : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@blackbox.weborama[1].txt -> TrackingCookie.Weborama : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@weborama[2].txt -> TrackingCookie.Weborama : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@m.webtrends[1].txt -> TrackingCookie.Webtrends : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@zedo[1].txt -> TrackingCookie.Zedo : Cleaned.
End of report
Launch AVG ANTI ROOTKIT :
http://www.libellules.ch/dotclear/index.php?2007/03/28/1781-avg-anti-rootkit
_____________
scan with vundo
Download VundoFix -> http://www.atribune.org/ccount/click.php?id=4
Double click VundoFix.exe to run it.
When VundoFix opens, click the Scan for Vundo button.
Once the scan is finished, click the Remove Vundo button.
You will receive a warning asking if you want to delete these
files, respond by clicking YES.
Once you click yes, your desktop will go blank as it
removes Vundo.
When it’s done, you will be asked to restart your computer, click
OK.
then: the following 3 in safe mode
virtumondebegone
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
then Symantec Vundo Remove ToolB
https://www.broadcom.com/support/security-center
and Symantec Vundo Remove Tool
https://www.broadcom.com/support/security-center
______________
combofix (paste the report)
http://mickael.barroux.free.fr/securite/combofix.php
_____________
Paste the report:
Clean will allow for cleaning and removing files that antivirus and antispyware could not find. The software is regularly updated, so you will need to re-download it to get a more recent version.
· Download clean.zip, extract it to your desktop (right-click / extract all), you will then get a clean folder
· Start Windows in safe mode: Guide to restart in safe mode
· Open the clean folder on your desktop, and double-click on clean.cmd, a black window will appear for a moment, leave it open until it closes.
http://kerio.probb.fr/tuto-Clean-h37.html
_____________
download to the desktop
Navilog.zip
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe
= Double-Click navilog1.zip
= Extract all to the desktop
= Double-Click navilog1 on the desktop
= Press a key until you reach the options
= Choose option 1
a report: fixnavi.txt will be created in C:
copy/paste it into your next message.
________
and paste hijackthis and tell your issues
http://www.libellules.ch/dotclear/index.php?2007/03/28/1781-avg-anti-rootkit
_____________
scan with vundo
Download VundoFix -> http://www.atribune.org/ccount/click.php?id=4
Double click VundoFix.exe to run it.
When VundoFix opens, click the Scan for Vundo button.
Once the scan is finished, click the Remove Vundo button.
You will receive a warning asking if you want to delete these
files, respond by clicking YES.
Once you click yes, your desktop will go blank as it
removes Vundo.
When it’s done, you will be asked to restart your computer, click
OK.
then: the following 3 in safe mode
virtumondebegone
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
then Symantec Vundo Remove ToolB
https://www.broadcom.com/support/security-center
and Symantec Vundo Remove Tool
https://www.broadcom.com/support/security-center
______________
combofix (paste the report)
http://mickael.barroux.free.fr/securite/combofix.php
_____________
Paste the report:
Clean will allow for cleaning and removing files that antivirus and antispyware could not find. The software is regularly updated, so you will need to re-download it to get a more recent version.
· Download clean.zip, extract it to your desktop (right-click / extract all), you will then get a clean folder
· Start Windows in safe mode: Guide to restart in safe mode
· Open the clean folder on your desktop, and double-click on clean.cmd, a black window will appear for a moment, leave it open until it closes.
http://kerio.probb.fr/tuto-Clean-h37.html
_____________
download to the desktop
Navilog.zip
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe
= Double-Click navilog1.zip
= Extract all to the desktop
= Double-Click navilog1 on the desktop
= Press a key until you reach the options
= Choose option 1
a report: fixnavi.txt will be created in C:
copy/paste it into your next message.
________
and paste hijackthis and tell your issues
Hello Miss Laura
search on GOOGLE "anonymouse" then click on "English" and then enter your desired site and you will access it directly
this works for all sites that are banned in France
what do I get, Laura ????
BALTAZAR
search on GOOGLE "anonymouse" then click on "English" and then enter your desired site and you will access it directly
this works for all sites that are banned in France
what do I get, Laura ????
BALTAZAR
Hello,
here is my hijackthis log: (just out of curiosity, what is a hijackthis report?)
Logfile of HijackThis v1.99.1
Scan saved at 16:40:55, on 12/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\ezNTSvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\AOL\1169657105\ee\AOLSoftware.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\AOL 9.0\aoltray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AOL Companion\COMPANION.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\MSN Messenger\usnsvc.exe
c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\Program Files\Hijackthis French Version\hijackthis vf.exe
C:\Program Files\Messenger\msmsgs.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://fr.search.yahoo.com/?fr=cb-hp06
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.broadcom.com/support/security-center
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://fr.search.yahoo.com/?fr=cb-hp06
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://register.hp.com/servlet/WebReg.servlets.ProdReg1Servlet?appID=java_wreg_wreg_genpg&prodOS=029&gwCountry=FR&language=fr&PURCH_DT_MONTH=01&PURCH_DT_DAY=23&PURCH_DT_YEAR=2007&PROD_SERIAL_ID=CNH64509TP&application=305&modelID=RN645AA&LF=blue
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Links
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\ezShellStart.exe
O2 - BHO: Help for Adobe PDF Reader Link - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1169657105\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - Startup: Event Reminder.lnk = C:\pmw\PMREMIND.EXE
O4 - Global Startup: AOL 9.0 AOL Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &AOL Toolbar Search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Open in background new tab - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?a90e5f5dc1204059a7ff34512a9af648
O8 - Extra context menu item: Open in foreground new tab - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?a90e5f5dc1204059a7ff34512a9af648
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Java Console (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Connection Assistant - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Assistant - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: https://www.consoclicker.com/
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www3.snapfish.fr/SnapfishActivia.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.extrafilm.fr/ImageUploader4.cab
O16 - DPF: {70A5EBDC-3EA6-464A-9FF7-084BC150C417} (TNSClickera.Clicker) - http://www.consoclicker.com/TNSClickra.CAB
O16 - DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} (VirginMega DownloadManager) - https://www.vm-wl.com/DownloadManager/Release/Prod/DownMan.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Intel(R) Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
O23 - Service: EasyBits Magic Desktop Services for Windows NT (ezntsvc) - EasyBits Software Corp. - C:\WINDOWS\system32\ezNTSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: HPZ12 Pml Driver - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
There you go, and then, do I do the other manipulations you told me to do? antispayxare...? Thank you for your help.
here is my hijackthis log: (just out of curiosity, what is a hijackthis report?)
Logfile of HijackThis v1.99.1
Scan saved at 16:40:55, on 12/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\ezNTSvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\AOL\1169657105\ee\AOLSoftware.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\AOL 9.0\aoltray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AOL Companion\COMPANION.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\MSN Messenger\usnsvc.exe
c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\Program Files\Hijackthis French Version\hijackthis vf.exe
C:\Program Files\Messenger\msmsgs.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://fr.search.yahoo.com/?fr=cb-hp06
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.broadcom.com/support/security-center
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://fr.search.yahoo.com/?fr=cb-hp06
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://register.hp.com/servlet/WebReg.servlets.ProdReg1Servlet?appID=java_wreg_wreg_genpg&prodOS=029&gwCountry=FR&language=fr&PURCH_DT_MONTH=01&PURCH_DT_DAY=23&PURCH_DT_YEAR=2007&PROD_SERIAL_ID=CNH64509TP&application=305&modelID=RN645AA&LF=blue
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Links
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\ezShellStart.exe
O2 - BHO: Help for Adobe PDF Reader Link - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1169657105\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - Startup: Event Reminder.lnk = C:\pmw\PMREMIND.EXE
O4 - Global Startup: AOL 9.0 AOL Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &AOL Toolbar Search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Open in background new tab - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?a90e5f5dc1204059a7ff34512a9af648
O8 - Extra context menu item: Open in foreground new tab - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?a90e5f5dc1204059a7ff34512a9af648
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Java Console (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Connection Assistant - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Assistant - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: https://www.consoclicker.com/
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www3.snapfish.fr/SnapfishActivia.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.extrafilm.fr/ImageUploader4.cab
O16 - DPF: {70A5EBDC-3EA6-464A-9FF7-084BC150C417} (TNSClickera.Clicker) - http://www.consoclicker.com/TNSClickra.CAB
O16 - DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} (VirginMega DownloadManager) - https://www.vm-wl.com/DownloadManager/Release/Prod/DownMan.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Intel(R) Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
O23 - Service: EasyBits Magic Desktop Services for Windows NT (ezntsvc) - EasyBits Software Corp. - C:\WINDOWS\system32\ezNTSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: HPZ12 Pml Driver - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
There you go, and then, do I do the other manipulations you told me to do? antispayxare...? Thank you for your help.
panda antirootkit
https://www.zdnet.fr/telecharger/logiciel/panda-free-antivirus-39647425s.htm
_______________
run cwshredder (do fix)
https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/27497.html
_________
AVG antispyxare
https://www.01net.com/
Tutorial:
http://www.kachouri.com/tuto/tuto-161-avg-anti-spyware-75-pour-votre-securite.html
-> Restart AVG AS -> "Scan" ->"Settings"
Under the question "How to respond?" :
-> click on "Recommended actions" and choose "Quarantine"
-> Click again on the "Scan" tab and perform a "Full system scan"
If a file is infected at the end of the scan
->Click on "Apply all actions"
->Click on "Save report" and then on "Save report as".
->Save this text file on your desktop and then paste the report here
__________
use to delete your traces
CCLEANER: (run a cleanup and repair errors) without installing the yahoo toolbar
https://www.01net.com/
_________
download to the desktop
Navilog.zip
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe
= Double-click navilog1.zip
= Extract all to the desktop
= Double-click navilog1 on the desktop
= Press a key until reaching the options
= Choose option 1
a report: fixnavi.txt in C: will be created
copy/paste it in your next message.
https://www.zdnet.fr/telecharger/logiciel/panda-free-antivirus-39647425s.htm
_______________
run cwshredder (do fix)
https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/27497.html
_________
AVG antispyxare
https://www.01net.com/
Tutorial:
http://www.kachouri.com/tuto/tuto-161-avg-anti-spyware-75-pour-votre-securite.html
-> Restart AVG AS -> "Scan" ->"Settings"
Under the question "How to respond?" :
-> click on "Recommended actions" and choose "Quarantine"
-> Click again on the "Scan" tab and perform a "Full system scan"
If a file is infected at the end of the scan
->Click on "Apply all actions"
->Click on "Save report" and then on "Save report as".
->Save this text file on your desktop and then paste the report here
__________
use to delete your traces
CCLEANER: (run a cleanup and repair errors) without installing the yahoo toolbar
https://www.01net.com/
_________
download to the desktop
Navilog.zip
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe
= Double-click navilog1.zip
= Extract all to the desktop
= Double-click navilog1 on the desktop
= Press a key until reaching the options
= Choose option 1
a report: fixnavi.txt in C: will be created
copy/paste it in your next message.
efait avg and delete this because it was ignored
C:\Program Files\EasyBits For Kids\ezDialUp.exe -> Heuristic.Win32.Dialer : Ignored.
C:\Program Files\EasyBits For Kids\ezRasStatus.exe -> Heuristic.Win32.Dialer : Ignored.
C:\Program Files\eChanblard\EvID4226Patch.exe -> Not-A-Virus.Hacktool.EvID : Ignored.
otherwise you will delete them manually by going to My Computer then C then PROGRAM FILES ...
C:\Program Files\EasyBits For Kids\ezDialUp.exe -> Heuristic.Win32.Dialer : Ignored.
C:\Program Files\EasyBits For Kids\ezRasStatus.exe -> Heuristic.Win32.Dialer : Ignored.
C:\Program Files\eChanblard\EvID4226Patch.exe -> Not-A-Virus.Hacktool.EvID : Ignored.
otherwise you will delete them manually by going to My Computer then C then PROGRAM FILES ...
Logfile of HijackThis v1.99.1
Scan saved at 09:05:16, on 15/09/2007
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v6.00 SP2 (6.00.3790.1830)
Running processes:
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\SysWOW64\rundll32.exe
C:\Program Files (x86)\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files (x86)\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files (x86)\Common Files\DriveCleaner 2006 Free\SDRmon.exe
C:\WINDOWS\SysWow64\fsfirwhi.exe
C:\WINDOWS\SysWow64\stcheck32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\regsvr32.exe
C:\Program Files (x86)\MSN Messenger\usnsvc.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Hijackthis Version Française\hijackthis vf.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.ebay.fr/
F2 - REG:system.ini: UserInit=userinit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8921159a-1dd2-11b2-adad-c341a89a9740} - C:\WINDOWS\SysWow64\JnhtklaA.dll
O2 - BHO: (no name) - {b26d6b66-1dd1-11b2-ab0e-f2710b9d5c2b} - C:\WINDOWS\SysWow64\tAHaz0J3.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files (x86)\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SDR6V_Check] "C:\Program Files (x86)\Common Files\DriveCleaner 2006 Free\SDRmon.exe"
O4 - HKLM\..\Run: [PCDAS] "C:\Program Files (x86)\Defenza\pcd-as.exe" /10003
O4 - HKLM\..\Run: [fsfirwhi.exe] C:\WINDOWS\SysWow64\fsfirwhi.exe
O4 - HKLM\..\Run: [Privacy tools] C:\WINDOWS\SysWow64\stcheck32.exe
O4 - HKLM\..\Run: [vorgzips.exe] C:\WINDOWS\SysWow64\vorgzips.exe
O4 - HKLM\..\Run: [lupwjqls.exe] C:\WINDOWS\SysWow64\lupwjqls.exe
O4 - HKLM\..\Run: [alsjyzmp.exe] C:\WINDOWS\SysWow64\alsjyzmp.exe
O4 - HKLM\..\Run: [fetuxarg.exe] C:\WINDOWS\SysWow64\fetuxarg.exe
O4 - HKLM\..\Run: [gvyjqziz.exe] C:\WINDOWS\SysWow64\gvyjqziz.exe
O4 - HKLM\..\Run: [cvkvorad.exe] C:\WINDOWS\SysWow64\cvkvorad.exe
O4 - HKLM\..\Run: [cbcfgvop.exe] C:\WINDOWS\SysWow64\cbcfgvop.exe
O4 - HKLM\..\Run: [dgvwzkjk.exe] C:\WINDOWS\SysWow64\dgvwzkjk.exe
O4 - HKLM\..\Run: [ibszunmz.exe] C:\WINDOWS\SysWow64\ibszunmz.exe
O4 - HKLM\..\Run: [itudursz.exe] C:\WINDOWS\SysWow64\itudursz.exe
O4 - HKLM\..\Run: [vmjuzknu.exe] C:\WINDOWS\SysWow64\vmjuzknu.exe
O4 - HKLM\..\Run: [ufypgpub.exe] C:\WINDOWS\SysWow64\ufypgpub.exe
O4 - HKLM\..\Run: [engrapel.exe] C:\WINDOWS\SysWow64\engrapel.exe
O4 - HKLM\..\Run: [tsbyjuli.exe] C:\WINDOWS\SysWow64\tsbyjuli.exe
O4 - HKLM\..\Run: [fqnytmdc.exe] C:\WINDOWS\SysWow64\fqnytmdc.exe
O4 - HKLM\..\Run: [yfmzixyb.exe] C:\WINDOWS\SysWow64\yfmzixyb.exe
O4 - HKLM\..\Run: [bebsrcre.exe] C:\WINDOWS\SysWow64\bebsrcre.exe
O4 - HKLM\..\Run: [wdojsfen.exe] C:\WINDOWS\SysWow64\wdojsfen.exe
O4 - HKLM\..\Run: [pwdalgdo.exe] C:\WINDOWS\SysWow64\pwdalgdo.exe
O4 - HKLM\..\Run: [ohcxsjot.exe] C:\WINDOWS\SysWow64\ohcxsjot.exe
O4 - HKLM\..\Run: [nedqvoha.exe] C:\WINDOWS\SysWow64\nedqvoha.exe
O4 - HKLM\..\Run: [otsjkbin.exe] C:\WINDOWS\SysWow64\otsjkbin.exe
O4 - HKLM\..\Run: [qvmdatgb.exe] C:\WINDOWS\SysWow64\qvmdatgb.exe
O4 - HKLM\..\Run: [kfqbkdmp.exe] C:\WINDOWS\SysWow64\kfqbkdmp.exe
O4 - HKLM\..\Run: [lavqdcdi.exe] C:\WINDOWS\SysWow64\lavqdcdi.exe
O4 - HKLM\..\Run: [gbqtizwp.exe] C:\WINDOWS\SysWow64\gbqtizwp.exe
O4 - HKLM\..\Run: [derkzmhi.exe] C:\WINDOWS\SysWow64\derkzmhi.exe
O4 - HKLM\..\Run: [fqbolcpu.exe] C:\WINDOWS\SysWow64\fqbolcpu.exe
O4 - HKLM\..\Run: [dcnyzobk.exe] C:\WINDOWS\SysWow64\dcnyzobk.exe
O4 - HKLM\..\Run: [pgladarg.exe] C:\WINDOWS\SysWow64\pgladarg.exe
O4 - HKLM\..\Run: [bwlcnmnc.exe] C:\WINDOWS\SysWow64\bwlcnmnc.exe
O4 - HKLM\..\Run: [zufkxavq.exe] C:\WINDOWS\SysWow64\zufkxavq.exe
O4 - HKLM\..\Run: [dgrqdetm.exe] C:\WINDOWS\SysWow64\dgrqdetm.exe
O4 - HKLM\..\Run: [ypgpebct.exe] C:\WINDOWS\SysWow64\ypgpebct.exe
O4 - HKLM\..\Run: [afgnurwj.exe] C:\WINDOWS\SysWow64\afgnurwj.exe
O4 - HKLM\..\Run: [klcfovkp.exe] C:\WINDOWS\SysWOW64\klcfovkp.exe
O4 - HKLM\..\Run: [wrqvopsl.exe] C:\WINDOWS\SysWow64\wrqvopsl.exe
O4 - HKLM\..\Run: [hudubwtk.exe] C:\WINDOWS\SysWow64\hudubwtk.exe
O4 - HKLM\..\Run: [slibmjwn.exe] C:\WINDOWS\SysWow64\slibmjwn.exe
O4 - HKLM\..\Run: [tihwjcfe.exe] C:\WINDOWS\SysWow64\tihwjcfe.exe
O4 - HKLM\..\Run: [fwvuladw.exe] C:\WINDOWS\SysWow64\fwvuladw.exe
O4 - HKLM\..\Run: [unshgpkb.exe] C:\WINDOWS\SysWow64\unshgpkb.exe
O4 - HKLM\..\Run: [ujofgjud.exe] C:\WINDOWS\SysWow64\ujofgjud.exe
O4 - HKLM\..\Run: [bytgrelg.exe] C:\WINDOWS\SysWow64\bytgrelg.exe
O4 - HKLM\..\Run: [tsfqnodk.exe] C:\WINDOWS\SysWOW64\tsfqnodk.exe
O4 - HKLM\..\Run: [rcjsbyjy.exe] C:\WINDOWS\SysWOW64\rcjsbyjy.exe
O4 - HKLM\..\Run: [zmxiborq.exe] C:\WINDOWS\SysWOW64\zmxiborq.exe
O4 - HKLM\..\Run: [denadwjq.exe] C:\WINDOWS\SysWOW64\denadwjq.exe
O4 - HKLM\..\Run: [ryxubyby.exe] C:\WINDOWS\SysWOW64\ryxubyby.exe
O4 - HKLM\..\Run: [szwpurgt.exe] C:\WINDOWS\SysWOW64\szwpurgt.exe
O4 - HKLM\..\Run: [azqzynan.exe] C:\WINDOWS\SysWOW64\azqzynan.exe
O4 - HKLM\..\Run: [uvixgfkd.exe] C:\WINDOWS\SysWOW64\uvixgfkd.exe
O4 - HKLM\..\Run: [enojefan.exe] C:\WINDOWS\SysWOW64\enojefan.exe
O4 - HKLM\..\Run: [oxmrslav.exe] C:\WINDOWS\SysWOW64\oxmrslav.exe
O4 - HKLM\..\Run: [wdsbwvwp.exe] C:\WINDOWS\SysWOW64\wdsbwvwp.exe
O4 - HKLM\..\Run: [pkbmhqri.exe] C:\WINDOWS\SysWOW64\pkbmhqri.exe
O4 - HKLM\..\Run: [azyrydwp.exe] C:\WINDOWS\SysWOW64\azyrydwp.exe
O4 - HKLM\..\Run: [qrunexch.exe] C:\WINDOWS\SysWOW64\qrunexch.exe
O4 - HKLM\..\Run: [xivklkje.exe] C:\WINDOWS\SysWOW64\xivklkje.exe
O4 - HKLM\..\Run: [tevyjgte.exe] C:\WINDOWS\SysWOW64\tevyjgte.exe
O4 - HKLM\..\Run: [xwxolijc.exe] C:\WINDOWS\SysWOW64\xwxolijc.exe
O4 - HKLM\..\Run: [bongnqxc.exe] C:\WINDOWS\SysWOW64\bongnqxc.exe
O4 - HKLM\..\Run: [yfehedgv.exe] C:\WINDOWS\SysWOW64\yfehedgv.exe
O4 - HKLM\..\Run: [qtiravaz.exe] C:\WINDOWS\SysWOW64\qtiravaz.exe
O4 - HKLM\..\Run: [cdojgnmt.exe] C:\WINDOWS\SysWOW64\cdojgnmt.exe
O4 - HKLM\..\Run: [xgnylmhc.exe] C:\WINDOWS\SysWOW64\xgnylmhc.exe
O4 - HKLM\..\Run: [pwzihmli.exe] C:\WINDOWS\SysWOW64\pwzihmli.exe
O4 - HKLM\..\Run: [ncrmrajw.exe] C:\WINDOWS\SysWOW64\ncrmrajw.exe
O4 - HKLM\..\Run: [wxyzshqp.exe] C:\WINDOWS\SysWOW64\wxyzshqp.exe
O4 - HKLM\..\Run: [cxkpkzoz.exe] C:\WINDOWS\SysWOW64\cxkpkzoz.exe
O4 - HKLM\..\Run: [wvytolal.exe] C:\WINDOWS\SysWOW64\wvytolal.exe
O4 - HKLM\..\Run: [qfoharcz.exe] C:\WINDOWS\SysWOW64\qfoharcz.exe
O4 - HKLM\..\Run: [apwxuvuj.exe] C:\WINDOWS\SysWOW64\apwxuvuj.exe
O4 - HKLM\..\Run: [uhyjcxex.exe] C:\WINDOWS\SysWOW64\uhyjcxex.exe
O4 - HKLM\..\Run: [tcrqjerg.exe] C:\WINDOWS\SysWOW64\tcrqjerg.exe
O4 - HKLM\..\Run: [gpevixan.exe] C:\WINDOWS\SysWOW64\gpevixan.exe
O4 - HKLM\..\Run: [qzyxatox.exe] C:\WINDOWS\SysWOW64\qzyxatox.exe
O4 - HKLM\..\Run: [snqnmlcl.exe] C:\WINDOWS\SysWOW64\snqnmlcl.exe
O4 - HKLM\..\Run: [wnexspkl.exe] C:\WINDOWS\SysWOW64\wnexspkl.exe
O4 - HKLM\..\Run: [tgzkjezg.exe] C:\WINDOWS\SysWOW64\tgzkjezg.exe
O4 - HKLM\..\Run: [qfkbalmb.exe] C:\WINDOWS\SysWOW64\qfkbalmb.exe
O4 - HKLM\..\Run: [ruhexixw.exe] C:\WINDOWS\SysWOW64\ruhexixw.exe
O4 - HKLM\..\Run: [orspotyr.exe] C:\WINDOWS\SysWOW64\orspotyr.exe
O4 - HKLM\..\Run: [rwpqxgdy.exe] C:\WINDOWS\SysWOW64\rwpqxgdy.exe
O4 - HKLM\..\Run: [mfelydmf.exe] C:\WINDOWS\SysWOW64\mfelydmf.exe
O4 - HKLM\..\Run: [pmjyhoxk.exe] C:\WINDOWS\SysWOW64\pmjyhoxk.exe
O4 - HKLM\..\Run: [spyrqdap.exe] C:\WINDOWS\SysWOW64\spyrqdap.exe
O4 - HKLM\..\Run: [ozmhotor.exe] C:\WINDOWS\SysWOW64\ozmhotor.exe
O4 - HKLM\..\Run: [oxizorip.exe] C:\WINDOWS\SysWOW64\oxizorip.exe
O4 - HKLM\..\Run: [xuxupavg.exe] C:\WINDOWS\SysWOW64\xuxupavg.exe
O4 - HKLM\..\Run: [vyhmzmnw.exe] C:\WINDOWS\SysWOW64\vyhmzmnw.exe
O4 - HKLM\..\Run: [sdavqxwn.exe] C:\WINDOWS\SysWOW64\sdavqxwn.exe
O4 - HKLM\..\Run: [snufqbur.exe] C:\WINDOWS\SysWOW64\snufqbur.exe
O4 - HKLM\..\Run: [izofyfyd.exe] C:\WINDOWS\SysWOW64\izofyfyd.exe
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [ivchyfqd.exe] C:\WINDOWS\SysWOW64\ivchyfqd.exe
O4 - HKLM\..\Run: [ulozgnez.exe] C:\WINDOWS\SysWOW64\ulozgnez.exe
O4 - HKLM\..\Run: [tqbenmxm.exe] C:\WINDOWS\SysWOW64\tqbenmxm.exe
O4 - HKLM\..\Run: [xanepyje.exe] C:\WINDOWS\SysWOW64\xanepyje.exe
O4 - HKLM\..\Run: [xspmpypi.exe] C:\WINDOWS\SysWOW64\xspmpypi.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [sxwjqzqp.exe] C:\WINDOWS\SysWOW64\sxwjqzqp.exe
O4 - HKLM\..\Run: [zghybqhs.exe] C:\WINDOWS\SysWOW64\zghybqhs.exe
O4 - HKLM\..\Run: [ibsjwhev.exe] C:\WINDOWS\SysWOW64\ibsjwhev.exe
O4 - HKLM\..\Run: [lmzotulg.exe] C:\WINDOWS\SysWOW64\lmzotulg.exe
O4 - HKLM\..\Run: [hudatavk.exe] C:\WINDOWS\SysWOW64\hudatavk.exe
O4 - HKLM\..\Run: [jwbcvcvy.exe] C:\WINDOWS\SysWOW64\jwbcvcvy.exe
O4 - HKLM\..\Run: [ibwrydef.exe] C:\WINDOWS\SysWOW64\ibwrydef.exe
O4 - HKLM\..\Run: [abupuroj.exe] C:\WINDOWS\SysWOW64\abupuroj.exe
O4 - HKLM\..\Run: [felkpqhy.exe] C:\WINDOWS\SysWOW64\felkpqhy.exe
O4 - HKLM\..\Run: [ponkhmdi.exe] C:\WINDOWS\SysWOW64\ponkhmdi.exe
O4 - HKLM\..\Run: [rwpepwbm.exe] C:\WINDOWS\SysWOW64\rwpepwbm.exe
O4 - HKLM\..\Run: [rkjkpazq.exe] C:\WINDOWS\SysWOW64\rkjkpazq.exe
O4 - HKLM\..\Run: [opglkban.exe] C:\WINDOWS\SysWOW64\opglkban.exe
O4 - HKLM\..\Run: [fsjalavw.exe] C:\WINDOWS\SysWOW64\fsjalavw.exe
O4 - HKLM\..\Run: [bsvmjwnw.exe] C:\WINDOWS\SysWOW64\bsvmjwnw.exe
O4 - HKLM\..\Run: [exavmfsp] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\exavmfsp.dll"
O4 - HKLM\..\Run: [toxgjapc.exe] C:\WINDOWS\SysWOW64\toxgjapc.exe
O4 - HKLM\..\Run: [hkjkbsrg.exe] C:\WINDOWS\SysWOW64\hkjkbsrg.exe
O4 - HKLM\..\Run: [nwjirils.exe] C:\WINDOWS\SysWOW64\nwjirils.exe
O4 - HKLM\..\Run: [rmrotsxu.exe] C:\WINDOWS\SysWOW64\rmrotsxu.exe
O4 - HKLM\..\Run: [buzyjuty.exe] C:\WINDOWS\SysWOW64\buzyjuty.exe
O4 - HKLM\..\Run: [kdixgpol.exe] C:\WINDOWS\SysWOW64\kdixgpol.exe
O4 - HKLM\..\Run: [srypirsf.exe] C:\WINDOWS\SysWOW64\srypirsf.exe
O4 - HKLM\..\Run: [dyxmvube.exe] C:\WINDOWS\SysWOW64\dyxmvube.exe
O4 - HKLM\..\Run: [dwpavwvg.exe] C:\WINDOWS\SysWOW64\dwpavwvg.exe
O4 - HKLM\..\Run: [kjczkdul.exe] C:\WINDOWS\SysWOW64\kjczkdul.exe
O4 - HKLM\..\Run: [tqbsfcve.exe] C:\WINDOWS\SysWOW64\tqbsfcve.exe
O4 - HKLM\..\Run: [lcdcdajg.exe] C:\WINDOWS\SysWOW64\lcdcdajg.exe
O4 - HKLM\..\Run: [qbcjaruz.exe] C:\WINDOWS\SysWOW64\qbcjaruz.exe
O4 - HKLM\..\Run: [oroxkdcl.exe] C:\WINDOWS\SysWOW64\oroxkdcl.exe
O4 - HKLM\..\Run: [uduryhmv.exe] C:\WINDOWS\SysWOW64\uduryhmv.exe
O4 - HKLM\..\Run: [tybafona.exe] C:\WINDOWS\SysWOW64\tybafona.exe
O4 - HKLM\..\Run: [yfapanot.exe] C:\WINDOWS\SysWOW64\yfapanot.exe
O4 - HKLM\..\Run: [sxsrmfyj.exe] C:\WINDOWS\SysWOW64\sxsrmfyj.exe
O4 - HKLM\..\Run: [idwhulob.exe] C:\WINDOWS\SysWOW64\idwhulob.exe
O4 - HKLM\..\Run: [tafmfqtc.exe] C:\WINDOWS\SysWOW64\tafmfqtc.exe
O4 - HKLM\..\Run: [sfaxircj.exe] C:\WINDOWS\SysWOW64\sfaxircj.exe
O4 - HKLM\..\Run: [rovipwhq.exe] C:\WINDOWS\SysWOW64\rovipwhq.exe
O4 - HKLM\..\Run: [hctuxyre.exe] C:\WINDOWS\SysWOW64\hctuxyre.exe
O4 - HKLM\..\Run: [vkxyrehm.exe] C:\WINDOWS\SysWOW64\vkxyrehm.exe
O4 - HKLM\..\Run: [shejiteh.exe] C:\WINDOWS\SysWOW64\shejiteh.exe
O4 - HKLM\..\Run: [pktczgha.exe] C:\WINDOWS\SysWOW64\pktczgha.exe
O4 - HKLM\..\Run: [svkfmhwl.exe] C:\WINDOWS\SysWOW64\svkfmhwl.exe
O4 - HKLM\..\Run: [ovavkzol.exe] C:\WINDOWS\SysWOW64\ovavkzol.exe
O4 - HKLM\..\Run: [dolmdanm.exe] C:\WINDOWS\SysWOW64\dolmdanm.exe
O4 - HKLM\..\Run: [refutmbs.exe] C:\WINDOWS\SysWOW64\refutmbs.exe
O4 - HKLM\..\Run: [mfatujuz.exe] C:\WINDOWS\SysWOW64\mfatujuz.exe
O4 - HKLM\..\Run: [ydazefex.exe] C:\WINDOWS\SysWOW64\ydazefex.exe
O4 - HKLM\..\Run: [ratwtmts.exe] C:\WINDOWS\SysWOW64\ratwtmts.exe
O4 - HKLM\..\Run: [azmdutih.exe] C:\WINDOWS\SysWOW64\azmdutih.exe
O4 - HKLM\..\Run: [zgpexwxq.exe] C:\WINDOWS\SysWOW64\zgpexwxq.exe
O4 - HKLM\..\Run: [ixcjuxix.exe] C:\WINDOWS\SysWOW64\ixcjuxix.exe
O4 - HKCU\..\Run: [german.exe] C:\WINDOWS\system32\wintems.exe
O4 - HKCU\..\Run: [hldrrr] C:\WINDOWS\system32\hldrrr.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files (x86)\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Search - http://ko.bar.need2find.com/KO/menusearch.html?p=KO
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\WINDOWS\SysWOW64\shdocvw.dll (HKCU)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9602.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: dimsntfy - C:\WINDOWS\SYSTEM32\dimsntfy.dll
O20 - Winlogon Notify: EFS - C:\WINDOWS\SYSTEM32\sclgntfy.dll
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe (file missing)
O23 - Service: Event Log (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)
O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe (file missing)
O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\WINDOWS\system32\msdtc.exe (file missing)
O23 - Service: Net Logon (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NT LM Security Support Provider (NtLmSsp) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\system32\nvsvc64.exe (file missing)
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)
O23 - Service: IPSEC Services (PolicyAgent) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe (file missing)
O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Virtual Disk Service (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe (file missing)
O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing)
Scan saved at 09:05:16, on 15/09/2007
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v6.00 SP2 (6.00.3790.1830)
Running processes:
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\SysWOW64\rundll32.exe
C:\Program Files (x86)\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files (x86)\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files (x86)\Common Files\DriveCleaner 2006 Free\SDRmon.exe
C:\WINDOWS\SysWow64\fsfirwhi.exe
C:\WINDOWS\SysWow64\stcheck32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\regsvr32.exe
C:\Program Files (x86)\MSN Messenger\usnsvc.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Hijackthis Version Française\hijackthis vf.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.ebay.fr/
F2 - REG:system.ini: UserInit=userinit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8921159a-1dd2-11b2-adad-c341a89a9740} - C:\WINDOWS\SysWow64\JnhtklaA.dll
O2 - BHO: (no name) - {b26d6b66-1dd1-11b2-ab0e-f2710b9d5c2b} - C:\WINDOWS\SysWow64\tAHaz0J3.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files (x86)\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SDR6V_Check] "C:\Program Files (x86)\Common Files\DriveCleaner 2006 Free\SDRmon.exe"
O4 - HKLM\..\Run: [PCDAS] "C:\Program Files (x86)\Defenza\pcd-as.exe" /10003
O4 - HKLM\..\Run: [fsfirwhi.exe] C:\WINDOWS\SysWow64\fsfirwhi.exe
O4 - HKLM\..\Run: [Privacy tools] C:\WINDOWS\SysWow64\stcheck32.exe
O4 - HKLM\..\Run: [vorgzips.exe] C:\WINDOWS\SysWow64\vorgzips.exe
O4 - HKLM\..\Run: [lupwjqls.exe] C:\WINDOWS\SysWow64\lupwjqls.exe
O4 - HKLM\..\Run: [alsjyzmp.exe] C:\WINDOWS\SysWow64\alsjyzmp.exe
O4 - HKLM\..\Run: [fetuxarg.exe] C:\WINDOWS\SysWow64\fetuxarg.exe
O4 - HKLM\..\Run: [gvyjqziz.exe] C:\WINDOWS\SysWow64\gvyjqziz.exe
O4 - HKLM\..\Run: [cvkvorad.exe] C:\WINDOWS\SysWow64\cvkvorad.exe
O4 - HKLM\..\Run: [cbcfgvop.exe] C:\WINDOWS\SysWow64\cbcfgvop.exe
O4 - HKLM\..\Run: [dgvwzkjk.exe] C:\WINDOWS\SysWow64\dgvwzkjk.exe
O4 - HKLM\..\Run: [ibszunmz.exe] C:\WINDOWS\SysWow64\ibszunmz.exe
O4 - HKLM\..\Run: [itudursz.exe] C:\WINDOWS\SysWow64\itudursz.exe
O4 - HKLM\..\Run: [vmjuzknu.exe] C:\WINDOWS\SysWow64\vmjuzknu.exe
O4 - HKLM\..\Run: [ufypgpub.exe] C:\WINDOWS\SysWow64\ufypgpub.exe
O4 - HKLM\..\Run: [engrapel.exe] C:\WINDOWS\SysWow64\engrapel.exe
O4 - HKLM\..\Run: [tsbyjuli.exe] C:\WINDOWS\SysWow64\tsbyjuli.exe
O4 - HKLM\..\Run: [fqnytmdc.exe] C:\WINDOWS\SysWow64\fqnytmdc.exe
O4 - HKLM\..\Run: [yfmzixyb.exe] C:\WINDOWS\SysWow64\yfmzixyb.exe
O4 - HKLM\..\Run: [bebsrcre.exe] C:\WINDOWS\SysWow64\bebsrcre.exe
O4 - HKLM\..\Run: [wdojsfen.exe] C:\WINDOWS\SysWow64\wdojsfen.exe
O4 - HKLM\..\Run: [pwdalgdo.exe] C:\WINDOWS\SysWow64\pwdalgdo.exe
O4 - HKLM\..\Run: [ohcxsjot.exe] C:\WINDOWS\SysWow64\ohcxsjot.exe
O4 - HKLM\..\Run: [nedqvoha.exe] C:\WINDOWS\SysWow64\nedqvoha.exe
O4 - HKLM\..\Run: [otsjkbin.exe] C:\WINDOWS\SysWow64\otsjkbin.exe
O4 - HKLM\..\Run: [qvmdatgb.exe] C:\WINDOWS\SysWow64\qvmdatgb.exe
O4 - HKLM\..\Run: [kfqbkdmp.exe] C:\WINDOWS\SysWow64\kfqbkdmp.exe
O4 - HKLM\..\Run: [lavqdcdi.exe] C:\WINDOWS\SysWow64\lavqdcdi.exe
O4 - HKLM\..\Run: [gbqtizwp.exe] C:\WINDOWS\SysWow64\gbqtizwp.exe
O4 - HKLM\..\Run: [derkzmhi.exe] C:\WINDOWS\SysWow64\derkzmhi.exe
O4 - HKLM\..\Run: [fqbolcpu.exe] C:\WINDOWS\SysWow64\fqbolcpu.exe
O4 - HKLM\..\Run: [dcnyzobk.exe] C:\WINDOWS\SysWow64\dcnyzobk.exe
O4 - HKLM\..\Run: [pgladarg.exe] C:\WINDOWS\SysWow64\pgladarg.exe
O4 - HKLM\..\Run: [bwlcnmnc.exe] C:\WINDOWS\SysWow64\bwlcnmnc.exe
O4 - HKLM\..\Run: [zufkxavq.exe] C:\WINDOWS\SysWow64\zufkxavq.exe
O4 - HKLM\..\Run: [dgrqdetm.exe] C:\WINDOWS\SysWow64\dgrqdetm.exe
O4 - HKLM\..\Run: [ypgpebct.exe] C:\WINDOWS\SysWow64\ypgpebct.exe
O4 - HKLM\..\Run: [afgnurwj.exe] C:\WINDOWS\SysWow64\afgnurwj.exe
O4 - HKLM\..\Run: [klcfovkp.exe] C:\WINDOWS\SysWOW64\klcfovkp.exe
O4 - HKLM\..\Run: [wrqvopsl.exe] C:\WINDOWS\SysWow64\wrqvopsl.exe
O4 - HKLM\..\Run: [hudubwtk.exe] C:\WINDOWS\SysWow64\hudubwtk.exe
O4 - HKLM\..\Run: [slibmjwn.exe] C:\WINDOWS\SysWow64\slibmjwn.exe
O4 - HKLM\..\Run: [tihwjcfe.exe] C:\WINDOWS\SysWow64\tihwjcfe.exe
O4 - HKLM\..\Run: [fwvuladw.exe] C:\WINDOWS\SysWow64\fwvuladw.exe
O4 - HKLM\..\Run: [unshgpkb.exe] C:\WINDOWS\SysWow64\unshgpkb.exe
O4 - HKLM\..\Run: [ujofgjud.exe] C:\WINDOWS\SysWow64\ujofgjud.exe
O4 - HKLM\..\Run: [bytgrelg.exe] C:\WINDOWS\SysWow64\bytgrelg.exe
O4 - HKLM\..\Run: [tsfqnodk.exe] C:\WINDOWS\SysWOW64\tsfqnodk.exe
O4 - HKLM\..\Run: [rcjsbyjy.exe] C:\WINDOWS\SysWOW64\rcjsbyjy.exe
O4 - HKLM\..\Run: [zmxiborq.exe] C:\WINDOWS\SysWOW64\zmxiborq.exe
O4 - HKLM\..\Run: [denadwjq.exe] C:\WINDOWS\SysWOW64\denadwjq.exe
O4 - HKLM\..\Run: [ryxubyby.exe] C:\WINDOWS\SysWOW64\ryxubyby.exe
O4 - HKLM\..\Run: [szwpurgt.exe] C:\WINDOWS\SysWOW64\szwpurgt.exe
O4 - HKLM\..\Run: [azqzynan.exe] C:\WINDOWS\SysWOW64\azqzynan.exe
O4 - HKLM\..\Run: [uvixgfkd.exe] C:\WINDOWS\SysWOW64\uvixgfkd.exe
O4 - HKLM\..\Run: [enojefan.exe] C:\WINDOWS\SysWOW64\enojefan.exe
O4 - HKLM\..\Run: [oxmrslav.exe] C:\WINDOWS\SysWOW64\oxmrslav.exe
O4 - HKLM\..\Run: [wdsbwvwp.exe] C:\WINDOWS\SysWOW64\wdsbwvwp.exe
O4 - HKLM\..\Run: [pkbmhqri.exe] C:\WINDOWS\SysWOW64\pkbmhqri.exe
O4 - HKLM\..\Run: [azyrydwp.exe] C:\WINDOWS\SysWOW64\azyrydwp.exe
O4 - HKLM\..\Run: [qrunexch.exe] C:\WINDOWS\SysWOW64\qrunexch.exe
O4 - HKLM\..\Run: [xivklkje.exe] C:\WINDOWS\SysWOW64\xivklkje.exe
O4 - HKLM\..\Run: [tevyjgte.exe] C:\WINDOWS\SysWOW64\tevyjgte.exe
O4 - HKLM\..\Run: [xwxolijc.exe] C:\WINDOWS\SysWOW64\xwxolijc.exe
O4 - HKLM\..\Run: [bongnqxc.exe] C:\WINDOWS\SysWOW64\bongnqxc.exe
O4 - HKLM\..\Run: [yfehedgv.exe] C:\WINDOWS\SysWOW64\yfehedgv.exe
O4 - HKLM\..\Run: [qtiravaz.exe] C:\WINDOWS\SysWOW64\qtiravaz.exe
O4 - HKLM\..\Run: [cdojgnmt.exe] C:\WINDOWS\SysWOW64\cdojgnmt.exe
O4 - HKLM\..\Run: [xgnylmhc.exe] C:\WINDOWS\SysWOW64\xgnylmhc.exe
O4 - HKLM\..\Run: [pwzihmli.exe] C:\WINDOWS\SysWOW64\pwzihmli.exe
O4 - HKLM\..\Run: [ncrmrajw.exe] C:\WINDOWS\SysWOW64\ncrmrajw.exe
O4 - HKLM\..\Run: [wxyzshqp.exe] C:\WINDOWS\SysWOW64\wxyzshqp.exe
O4 - HKLM\..\Run: [cxkpkzoz.exe] C:\WINDOWS\SysWOW64\cxkpkzoz.exe
O4 - HKLM\..\Run: [wvytolal.exe] C:\WINDOWS\SysWOW64\wvytolal.exe
O4 - HKLM\..\Run: [qfoharcz.exe] C:\WINDOWS\SysWOW64\qfoharcz.exe
O4 - HKLM\..\Run: [apwxuvuj.exe] C:\WINDOWS\SysWOW64\apwxuvuj.exe
O4 - HKLM\..\Run: [uhyjcxex.exe] C:\WINDOWS\SysWOW64\uhyjcxex.exe
O4 - HKLM\..\Run: [tcrqjerg.exe] C:\WINDOWS\SysWOW64\tcrqjerg.exe
O4 - HKLM\..\Run: [gpevixan.exe] C:\WINDOWS\SysWOW64\gpevixan.exe
O4 - HKLM\..\Run: [qzyxatox.exe] C:\WINDOWS\SysWOW64\qzyxatox.exe
O4 - HKLM\..\Run: [snqnmlcl.exe] C:\WINDOWS\SysWOW64\snqnmlcl.exe
O4 - HKLM\..\Run: [wnexspkl.exe] C:\WINDOWS\SysWOW64\wnexspkl.exe
O4 - HKLM\..\Run: [tgzkjezg.exe] C:\WINDOWS\SysWOW64\tgzkjezg.exe
O4 - HKLM\..\Run: [qfkbalmb.exe] C:\WINDOWS\SysWOW64\qfkbalmb.exe
O4 - HKLM\..\Run: [ruhexixw.exe] C:\WINDOWS\SysWOW64\ruhexixw.exe
O4 - HKLM\..\Run: [orspotyr.exe] C:\WINDOWS\SysWOW64\orspotyr.exe
O4 - HKLM\..\Run: [rwpqxgdy.exe] C:\WINDOWS\SysWOW64\rwpqxgdy.exe
O4 - HKLM\..\Run: [mfelydmf.exe] C:\WINDOWS\SysWOW64\mfelydmf.exe
O4 - HKLM\..\Run: [pmjyhoxk.exe] C:\WINDOWS\SysWOW64\pmjyhoxk.exe
O4 - HKLM\..\Run: [spyrqdap.exe] C:\WINDOWS\SysWOW64\spyrqdap.exe
O4 - HKLM\..\Run: [ozmhotor.exe] C:\WINDOWS\SysWOW64\ozmhotor.exe
O4 - HKLM\..\Run: [oxizorip.exe] C:\WINDOWS\SysWOW64\oxizorip.exe
O4 - HKLM\..\Run: [xuxupavg.exe] C:\WINDOWS\SysWOW64\xuxupavg.exe
O4 - HKLM\..\Run: [vyhmzmnw.exe] C:\WINDOWS\SysWOW64\vyhmzmnw.exe
O4 - HKLM\..\Run: [sdavqxwn.exe] C:\WINDOWS\SysWOW64\sdavqxwn.exe
O4 - HKLM\..\Run: [snufqbur.exe] C:\WINDOWS\SysWOW64\snufqbur.exe
O4 - HKLM\..\Run: [izofyfyd.exe] C:\WINDOWS\SysWOW64\izofyfyd.exe
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [ivchyfqd.exe] C:\WINDOWS\SysWOW64\ivchyfqd.exe
O4 - HKLM\..\Run: [ulozgnez.exe] C:\WINDOWS\SysWOW64\ulozgnez.exe
O4 - HKLM\..\Run: [tqbenmxm.exe] C:\WINDOWS\SysWOW64\tqbenmxm.exe
O4 - HKLM\..\Run: [xanepyje.exe] C:\WINDOWS\SysWOW64\xanepyje.exe
O4 - HKLM\..\Run: [xspmpypi.exe] C:\WINDOWS\SysWOW64\xspmpypi.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [sxwjqzqp.exe] C:\WINDOWS\SysWOW64\sxwjqzqp.exe
O4 - HKLM\..\Run: [zghybqhs.exe] C:\WINDOWS\SysWOW64\zghybqhs.exe
O4 - HKLM\..\Run: [ibsjwhev.exe] C:\WINDOWS\SysWOW64\ibsjwhev.exe
O4 - HKLM\..\Run: [lmzotulg.exe] C:\WINDOWS\SysWOW64\lmzotulg.exe
O4 - HKLM\..\Run: [hudatavk.exe] C:\WINDOWS\SysWOW64\hudatavk.exe
O4 - HKLM\..\Run: [jwbcvcvy.exe] C:\WINDOWS\SysWOW64\jwbcvcvy.exe
O4 - HKLM\..\Run: [ibwrydef.exe] C:\WINDOWS\SysWOW64\ibwrydef.exe
O4 - HKLM\..\Run: [abupuroj.exe] C:\WINDOWS\SysWOW64\abupuroj.exe
O4 - HKLM\..\Run: [felkpqhy.exe] C:\WINDOWS\SysWOW64\felkpqhy.exe
O4 - HKLM\..\Run: [ponkhmdi.exe] C:\WINDOWS\SysWOW64\ponkhmdi.exe
O4 - HKLM\..\Run: [rwpepwbm.exe] C:\WINDOWS\SysWOW64\rwpepwbm.exe
O4 - HKLM\..\Run: [rkjkpazq.exe] C:\WINDOWS\SysWOW64\rkjkpazq.exe
O4 - HKLM\..\Run: [opglkban.exe] C:\WINDOWS\SysWOW64\opglkban.exe
O4 - HKLM\..\Run: [fsjalavw.exe] C:\WINDOWS\SysWOW64\fsjalavw.exe
O4 - HKLM\..\Run: [bsvmjwnw.exe] C:\WINDOWS\SysWOW64\bsvmjwnw.exe
O4 - HKLM\..\Run: [exavmfsp] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\exavmfsp.dll"
O4 - HKLM\..\Run: [toxgjapc.exe] C:\WINDOWS\SysWOW64\toxgjapc.exe
O4 - HKLM\..\Run: [hkjkbsrg.exe] C:\WINDOWS\SysWOW64\hkjkbsrg.exe
O4 - HKLM\..\Run: [nwjirils.exe] C:\WINDOWS\SysWOW64\nwjirils.exe
O4 - HKLM\..\Run: [rmrotsxu.exe] C:\WINDOWS\SysWOW64\rmrotsxu.exe
O4 - HKLM\..\Run: [buzyjuty.exe] C:\WINDOWS\SysWOW64\buzyjuty.exe
O4 - HKLM\..\Run: [kdixgpol.exe] C:\WINDOWS\SysWOW64\kdixgpol.exe
O4 - HKLM\..\Run: [srypirsf.exe] C:\WINDOWS\SysWOW64\srypirsf.exe
O4 - HKLM\..\Run: [dyxmvube.exe] C:\WINDOWS\SysWOW64\dyxmvube.exe
O4 - HKLM\..\Run: [dwpavwvg.exe] C:\WINDOWS\SysWOW64\dwpavwvg.exe
O4 - HKLM\..\Run: [kjczkdul.exe] C:\WINDOWS\SysWOW64\kjczkdul.exe
O4 - HKLM\..\Run: [tqbsfcve.exe] C:\WINDOWS\SysWOW64\tqbsfcve.exe
O4 - HKLM\..\Run: [lcdcdajg.exe] C:\WINDOWS\SysWOW64\lcdcdajg.exe
O4 - HKLM\..\Run: [qbcjaruz.exe] C:\WINDOWS\SysWOW64\qbcjaruz.exe
O4 - HKLM\..\Run: [oroxkdcl.exe] C:\WINDOWS\SysWOW64\oroxkdcl.exe
O4 - HKLM\..\Run: [uduryhmv.exe] C:\WINDOWS\SysWOW64\uduryhmv.exe
O4 - HKLM\..\Run: [tybafona.exe] C:\WINDOWS\SysWOW64\tybafona.exe
O4 - HKLM\..\Run: [yfapanot.exe] C:\WINDOWS\SysWOW64\yfapanot.exe
O4 - HKLM\..\Run: [sxsrmfyj.exe] C:\WINDOWS\SysWOW64\sxsrmfyj.exe
O4 - HKLM\..\Run: [idwhulob.exe] C:\WINDOWS\SysWOW64\idwhulob.exe
O4 - HKLM\..\Run: [tafmfqtc.exe] C:\WINDOWS\SysWOW64\tafmfqtc.exe
O4 - HKLM\..\Run: [sfaxircj.exe] C:\WINDOWS\SysWOW64\sfaxircj.exe
O4 - HKLM\..\Run: [rovipwhq.exe] C:\WINDOWS\SysWOW64\rovipwhq.exe
O4 - HKLM\..\Run: [hctuxyre.exe] C:\WINDOWS\SysWOW64\hctuxyre.exe
O4 - HKLM\..\Run: [vkxyrehm.exe] C:\WINDOWS\SysWOW64\vkxyrehm.exe
O4 - HKLM\..\Run: [shejiteh.exe] C:\WINDOWS\SysWOW64\shejiteh.exe
O4 - HKLM\..\Run: [pktczgha.exe] C:\WINDOWS\SysWOW64\pktczgha.exe
O4 - HKLM\..\Run: [svkfmhwl.exe] C:\WINDOWS\SysWOW64\svkfmhwl.exe
O4 - HKLM\..\Run: [ovavkzol.exe] C:\WINDOWS\SysWOW64\ovavkzol.exe
O4 - HKLM\..\Run: [dolmdanm.exe] C:\WINDOWS\SysWOW64\dolmdanm.exe
O4 - HKLM\..\Run: [refutmbs.exe] C:\WINDOWS\SysWOW64\refutmbs.exe
O4 - HKLM\..\Run: [mfatujuz.exe] C:\WINDOWS\SysWOW64\mfatujuz.exe
O4 - HKLM\..\Run: [ydazefex.exe] C:\WINDOWS\SysWOW64\ydazefex.exe
O4 - HKLM\..\Run: [ratwtmts.exe] C:\WINDOWS\SysWOW64\ratwtmts.exe
O4 - HKLM\..\Run: [azmdutih.exe] C:\WINDOWS\SysWOW64\azmdutih.exe
O4 - HKLM\..\Run: [zgpexwxq.exe] C:\WINDOWS\SysWOW64\zgpexwxq.exe
O4 - HKLM\..\Run: [ixcjuxix.exe] C:\WINDOWS\SysWOW64\ixcjuxix.exe
O4 - HKCU\..\Run: [german.exe] C:\WINDOWS\system32\wintems.exe
O4 - HKCU\..\Run: [hldrrr] C:\WINDOWS\system32\hldrrr.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files (x86)\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Search - http://ko.bar.need2find.com/KO/menusearch.html?p=KO
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\WINDOWS\SysWOW64\shdocvw.dll (HKCU)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9602.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: dimsntfy - C:\WINDOWS\SYSTEM32\dimsntfy.dll
O20 - Winlogon Notify: EFS - C:\WINDOWS\SYSTEM32\sclgntfy.dll
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe (file missing)
O23 - Service: Event Log (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)
O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe (file missing)
O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\WINDOWS\system32\msdtc.exe (file missing)
O23 - Service: Net Logon (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NT LM Security Support Provider (NtLmSsp) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\system32\nvsvc64.exe (file missing)
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)
O23 - Service: IPSEC Services (PolicyAgent) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe (file missing)
O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Virtual Disk Service (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe (file missing)
O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing)
Hi, I have an issue with snuffx. For several months, I haven't been able to access snuffx instead, I have a crappy site called adultfriend. I don't know how to fix it. Your help would be greatly appreciated, thank you in advance.
I have the same problem. I think it’s just that this site is blocked by our country because I have a Mac, so it’s not a spyware issue.
Logfile de Trend Micro HijackThis v2.0.2
Analyse enregistrée à 21:45:50, le 08/10/2008
Plateforme : Windows XP SP3 (WinNT 5.01.2600)
MSIE : Internet Explorer v6.00 SP3 (6.00.2900.5512)
Mode de démarrage : Normal
Processus en cours d'exécution :
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\documents and settings\administrateur\local settings\application data\abtvhrc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Documents and Settings\Administrateur\Mes documents\Downloads\Programs\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lo.st
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook : Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook : SrchHook Class - {F4F10C1D-87C7-404A-B4B3-000000000000} - C:\PROGRA~1\DAP\SBSearch.dll
R3 - URLSearchHook : SpeedBitPlus Toolbar - {60270dc7-9ea0-472f-9b77-66652c06246e} - C:\Program Files\SpeedBitPlus\tbSpe1.dll
R3 - URLSearchHook : SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O2 - BHO : IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO : &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO : AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO : RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO : DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO : SpeedBitPlus Toolbar - {60270dc7-9ea0-472f-9b77-66652c06246e} - C:\Program Files\SpeedBitPlus\tbSpe1.dll
O2 - BHO : EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\PROGRA~1\EoRezo\EoAdv\EoRezoBHO.dll
O2 - BHO : DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb127\Dealio.dll
O2 - BHO : (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO : Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO : Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO : Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO : SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O3 - Toolbar : FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar : Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar : &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar : SpeedBitPlus Toolbar - {60270dc7-9ea0-472f-9b77-66652c06246e} - C:\Program Files\SpeedBitPlus\tbSpe1.dll
O3 - Toolbar : Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb127\Dealio.dll
O3 - Toolbar : Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run : [ScanSoft OmniPage 15.0-reminder] "C:\Program Files\ScanSoft\OmniPage15.0\Ereg\ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\OmniPage15.0\Ereg\ereg.ini"
O4 - HKLM\..\Run : [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKCU\..\Run : [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run : [msnmsgr] "L:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run : [abtvhrc] "c:\documents and settings\administrateur\local settings\application data\abtvhrc.exe" abtvhrc
O4 - HKUS\S-1-5-18\..\Run : [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (Utilisateur 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run : [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (Utilisateur 'Utilisateur par défaut')
O8 - Élément de menu contextuel supplémentaire : &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Élément de menu contextuel supplémentaire : &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Élément de menu contextuel supplémentaire : Ajouter aux &Favoris Windows Live - https://onedrive.live.com/?id=favorites
O8 - Élément de menu contextuel supplémentaire : Comparer les prix avec &Dealio - C:\Documents and Settings\Administrateur\Application Data\Dealio\kb127\res\DealioSearch.html
O8 - Élément de menu contextuel supplémentaire : Télécharger &tout avec DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Élément de menu contextuel supplémentaire : E&xporter vers Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000
O8 - Élément de menu contextuel supplémentaire : Ouvrir avec Scansoft PDF Converter 3.0 - res://C:\Program Files\ScanSoft\OmniPage15.0\PDFConverter3\IEShellExt.dll /100
O8 - Élément de menu contextuel supplémentaire : Tout télécharger avec FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Élément de menu contextuel supplémentaire : Télécharger avec FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Élément de menu contextuel supplémentaire : Télécharger avec IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Élément de menu contextuel supplémentaire : Télécharger le contenu de vidéo FLV avec IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Élément de menu contextuel supplémentaire : Télécharger tous les liens avec IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O9 - Bouton supplémentaire : (aucun nom) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Éléments de menu supplémentaire 'Outils' : Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Bouton supplémentaire : Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL
O9 - Bouton supplémentaire : Organiser-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Bouton supplémentaire : (aucun nom) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Bouton supplémentaire : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Éléments de menu supplémentaire 'Outils' : &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Bouton supplémentaire : (aucun nom) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Éléments de menu supplémentaire 'Outils' : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Bouton supplémentaire : Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Éléments de menu supplémentaire 'Outils' : Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Bouton supplémentaire : Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Éléments de menu supplémentaire 'Outils' : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF : {5D6F45B3-9043-443D-A792-115447494D24} (Classe UnoCtrl) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF : {6414512B-B978-451D-A0D8-FCFDF33E833C} (Classe WUWebControl) - http://www.update.microsoft.com/...
O16 - DPF : {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (Classe MessengerStatsClient) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service : ASP.NET State Service (aspnet_state) - Propriétaire inconnu - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (fichier manquant)
O23 - Service : avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service : avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service : avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service : avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service : EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service : Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service : NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service : Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
--
Fin du fichier - 9968 octets
Analyse enregistrée à 21:45:50, le 08/10/2008
Plateforme : Windows XP SP3 (WinNT 5.01.2600)
MSIE : Internet Explorer v6.00 SP3 (6.00.2900.5512)
Mode de démarrage : Normal
Processus en cours d'exécution :
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\documents and settings\administrateur\local settings\application data\abtvhrc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Documents and Settings\Administrateur\Mes documents\Downloads\Programs\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lo.st
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook : Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook : SrchHook Class - {F4F10C1D-87C7-404A-B4B3-000000000000} - C:\PROGRA~1\DAP\SBSearch.dll
R3 - URLSearchHook : SpeedBitPlus Toolbar - {60270dc7-9ea0-472f-9b77-66652c06246e} - C:\Program Files\SpeedBitPlus\tbSpe1.dll
R3 - URLSearchHook : SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O2 - BHO : IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO : &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO : AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO : RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO : DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO : SpeedBitPlus Toolbar - {60270dc7-9ea0-472f-9b77-66652c06246e} - C:\Program Files\SpeedBitPlus\tbSpe1.dll
O2 - BHO : EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\PROGRA~1\EoRezo\EoAdv\EoRezoBHO.dll
O2 - BHO : DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb127\Dealio.dll
O2 - BHO : (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO : Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO : Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO : Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO : SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O3 - Toolbar : FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar : Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar : &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar : SpeedBitPlus Toolbar - {60270dc7-9ea0-472f-9b77-66652c06246e} - C:\Program Files\SpeedBitPlus\tbSpe1.dll
O3 - Toolbar : Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb127\Dealio.dll
O3 - Toolbar : Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run : [ScanSoft OmniPage 15.0-reminder] "C:\Program Files\ScanSoft\OmniPage15.0\Ereg\ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\OmniPage15.0\Ereg\ereg.ini"
O4 - HKLM\..\Run : [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKCU\..\Run : [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run : [msnmsgr] "L:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run : [abtvhrc] "c:\documents and settings\administrateur\local settings\application data\abtvhrc.exe" abtvhrc
O4 - HKUS\S-1-5-18\..\Run : [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (Utilisateur 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run : [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (Utilisateur 'Utilisateur par défaut')
O8 - Élément de menu contextuel supplémentaire : &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Élément de menu contextuel supplémentaire : &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Élément de menu contextuel supplémentaire : Ajouter aux &Favoris Windows Live - https://onedrive.live.com/?id=favorites
O8 - Élément de menu contextuel supplémentaire : Comparer les prix avec &Dealio - C:\Documents and Settings\Administrateur\Application Data\Dealio\kb127\res\DealioSearch.html
O8 - Élément de menu contextuel supplémentaire : Télécharger &tout avec DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Élément de menu contextuel supplémentaire : E&xporter vers Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000
O8 - Élément de menu contextuel supplémentaire : Ouvrir avec Scansoft PDF Converter 3.0 - res://C:\Program Files\ScanSoft\OmniPage15.0\PDFConverter3\IEShellExt.dll /100
O8 - Élément de menu contextuel supplémentaire : Tout télécharger avec FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Élément de menu contextuel supplémentaire : Télécharger avec FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Élément de menu contextuel supplémentaire : Télécharger avec IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Élément de menu contextuel supplémentaire : Télécharger le contenu de vidéo FLV avec IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Élément de menu contextuel supplémentaire : Télécharger tous les liens avec IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O9 - Bouton supplémentaire : (aucun nom) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Éléments de menu supplémentaire 'Outils' : Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Bouton supplémentaire : Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL
O9 - Bouton supplémentaire : Organiser-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Bouton supplémentaire : (aucun nom) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Bouton supplémentaire : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Éléments de menu supplémentaire 'Outils' : &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Bouton supplémentaire : (aucun nom) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Éléments de menu supplémentaire 'Outils' : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Bouton supplémentaire : Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Éléments de menu supplémentaire 'Outils' : Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Bouton supplémentaire : Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Éléments de menu supplémentaire 'Outils' : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF : {5D6F45B3-9043-443D-A792-115447494D24} (Classe UnoCtrl) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF : {6414512B-B978-451D-A0D8-FCFDF33E833C} (Classe WUWebControl) - http://www.update.microsoft.com/...
O16 - DPF : {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (Classe MessengerStatsClient) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service : ASP.NET State Service (aspnet_state) - Propriétaire inconnu - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (fichier manquant)
O23 - Service : avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service : avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service : avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service : avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service : EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service : Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service : NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service : Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
--
Fin du fichier - 9968 octets
Logfile de Trend Micro HijackThis v2.0.2
Analyse enregistrée à 21:45:50, le 08/10/2008
Plateforme : Windows XP SP3 (WinNT 5.01.2600)
MSIE : Internet Explorer v6.00 SP3 (6.00.2900.5512)
Mode de démarrage : Normal
Processus en cours :
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\documents and settings\administrateur\local settings\application data\abtvhrc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Documents and Settings\Administrateur\Mes documents\Downloads\Programs\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lo.st
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook : Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook : SrchHook Class - {F4F10C1D-87C7-404A-B4B3-000000000000} - C:\PROGRA~1\DAP\SBSearch.dll
R3 - URLSearchHook : SpeedBitPlus Toolbar - {60270dc7-9ea0-472f-9b77-66652c06246e} - C:\Program Files\SpeedBitPlus\tbSpe1.dll
R3 - URLSearchHook : SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O2 - BHO : IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO : &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO : AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO : RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO : DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO : SpeedBitPlus Toolbar - {60270dc7-9ea0-472f-9b77-66652c06246e} - C:\Program Files\SpeedBitPlus\tbSpe1.dll
O2 - BHO : EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\PROGRA~1\EoRezo\EoAdv\EoRezoBHO.dll
O2 - BHO : DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb127\Dealio.dll
O2 - BHO : (pas de nom) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (pas de fichier)
O2 - BHO : Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO : Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO : Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO : SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O3 - Barre d'outils : FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Barre d'outils : Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Barre d'outils : &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Barre d'outils : SpeedBitPlus Toolbar - {60270dc7-9ea0-472f-9b77-66652c06246e} - C:\Program Files\SpeedBitPlus\tbSpe1.dll
O3 - Barre d'outils : Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb127\Dealio.dll
O3 - Barre d'outils : Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run : [ScanSoft OmniPage 15.0-reminder] "C:\Program Files\ScanSoft\OmniPage15.0\Ereg\ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\OmniPage15.0\Ereg\ereg.ini"
O4 - HKLM\..\Run : [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKCU\..\Run : [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run : [msnmsgr] "L:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run : [abtvhrc] "c:\documents and settings\administrateur\local settings\application data\abtvhrc.exe" abtvhrc
O4 - HKUS\S-1-5-18\..\Run : [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (Utilisateur 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run : [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (Utilisateur 'Utilisateur par défaut')
O8 - Élément de menu contextuel supplémentaire : &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Élément de menu contextuel supplémentaire : &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Élément de menu contextuel supplémentaire : Ajouter aux favoris de Windows &Live - https://onedrive.live.com/?id=favorites
O8 - Élément de menu contextuel supplémentaire : Comparer les prix avec &Dealio - C:\Documents and Settings\Administrateur\Application Data\Dealio\kb127\res\DealioSearch.html
O8 - Élément de menu contextuel supplémentaire : Télécharger &tous avec DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Élément de menu contextuel supplémentaire : E&xporter vers Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000
O8 - Élément de menu contextuel supplémentaire : Ouvrir avec Scansoft PDF Converter 3.0 - res://C:\Program Files\ScanSoft\OmniPage15.0\PDFConverter3\IEShellExt.dll /100
O8 - Élément de menu contextuel supplémentaire : Tout télécharger avec FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Élément de menu contextuel supplémentaire : Télécharger avec FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Élément de menu contextuel supplémentaire : Télécharger avec IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Élément de menu contextuel supplémentaire : Télécharger le contenu de vidéo FLV avec IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Élément de menu contextuel supplémentaire : Télécharger tous les liens avec IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O9 - Bouton supplémentaire : (pas de nom) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Éléments supplémentaires du menu 'Outils' : Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Bouton supplémentaire : Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL
O9 - Bouton supplémentaire : Organiser-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Bouton supplémentaire : (pas de nom) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Bouton supplémentaire : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Élément de menu additionnel 'Outils' : &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Bouton supplémentaire : (pas de nom) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Élément de menu additionnel 'Outils' : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Bouton supplémentaire : Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Élément de menu additionnel 'Outils' : Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Bouton supplémentaire : Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Élément de menu additionnel 'Outils' : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF : {5D6F45B3-9043-443D-A792-115447494D24} (Classe UnoCtrl) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF : {6414512B-B978-451D-A0D8-FCFDF33E833C} (Classe WUWebControl) - http://www.update.microsoft.com/...
O16 - DPF : {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (Classe MessengerStatsClient) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service : ASP.NET State Service (aspnet_state) - Propriétaire inconnu - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (fichier manquant)
O23 - Service : avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service : avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service : avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service : avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service : EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service : Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service : NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service : Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
--
Fin du fichier - 9968 octets
Analyse enregistrée à 21:45:50, le 08/10/2008
Plateforme : Windows XP SP3 (WinNT 5.01.2600)
MSIE : Internet Explorer v6.00 SP3 (6.00.2900.5512)
Mode de démarrage : Normal
Processus en cours :
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\documents and settings\administrateur\local settings\application data\abtvhrc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Documents and Settings\Administrateur\Mes documents\Downloads\Programs\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lo.st
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook : Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook : SrchHook Class - {F4F10C1D-87C7-404A-B4B3-000000000000} - C:\PROGRA~1\DAP\SBSearch.dll
R3 - URLSearchHook : SpeedBitPlus Toolbar - {60270dc7-9ea0-472f-9b77-66652c06246e} - C:\Program Files\SpeedBitPlus\tbSpe1.dll
R3 - URLSearchHook : SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O2 - BHO : IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO : &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO : AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO : RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO : DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO : SpeedBitPlus Toolbar - {60270dc7-9ea0-472f-9b77-66652c06246e} - C:\Program Files\SpeedBitPlus\tbSpe1.dll
O2 - BHO : EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\PROGRA~1\EoRezo\EoAdv\EoRezoBHO.dll
O2 - BHO : DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb127\Dealio.dll
O2 - BHO : (pas de nom) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (pas de fichier)
O2 - BHO : Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO : Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO : Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO : SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O3 - Barre d'outils : FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Barre d'outils : Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Barre d'outils : &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Barre d'outils : SpeedBitPlus Toolbar - {60270dc7-9ea0-472f-9b77-66652c06246e} - C:\Program Files\SpeedBitPlus\tbSpe1.dll
O3 - Barre d'outils : Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb127\Dealio.dll
O3 - Barre d'outils : Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run : [ScanSoft OmniPage 15.0-reminder] "C:\Program Files\ScanSoft\OmniPage15.0\Ereg\ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\OmniPage15.0\Ereg\ereg.ini"
O4 - HKLM\..\Run : [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKCU\..\Run : [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run : [msnmsgr] "L:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run : [abtvhrc] "c:\documents and settings\administrateur\local settings\application data\abtvhrc.exe" abtvhrc
O4 - HKUS\S-1-5-18\..\Run : [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (Utilisateur 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run : [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (Utilisateur 'Utilisateur par défaut')
O8 - Élément de menu contextuel supplémentaire : &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Élément de menu contextuel supplémentaire : &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Élément de menu contextuel supplémentaire : Ajouter aux favoris de Windows &Live - https://onedrive.live.com/?id=favorites
O8 - Élément de menu contextuel supplémentaire : Comparer les prix avec &Dealio - C:\Documents and Settings\Administrateur\Application Data\Dealio\kb127\res\DealioSearch.html
O8 - Élément de menu contextuel supplémentaire : Télécharger &tous avec DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Élément de menu contextuel supplémentaire : E&xporter vers Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000
O8 - Élément de menu contextuel supplémentaire : Ouvrir avec Scansoft PDF Converter 3.0 - res://C:\Program Files\ScanSoft\OmniPage15.0\PDFConverter3\IEShellExt.dll /100
O8 - Élément de menu contextuel supplémentaire : Tout télécharger avec FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Élément de menu contextuel supplémentaire : Télécharger avec FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Élément de menu contextuel supplémentaire : Télécharger avec IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Élément de menu contextuel supplémentaire : Télécharger le contenu de vidéo FLV avec IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Élément de menu contextuel supplémentaire : Télécharger tous les liens avec IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O9 - Bouton supplémentaire : (pas de nom) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Éléments supplémentaires du menu 'Outils' : Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Bouton supplémentaire : Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL
O9 - Bouton supplémentaire : Organiser-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Bouton supplémentaire : (pas de nom) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Bouton supplémentaire : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Élément de menu additionnel 'Outils' : &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Bouton supplémentaire : (pas de nom) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Élément de menu additionnel 'Outils' : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Bouton supplémentaire : Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Élément de menu additionnel 'Outils' : Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Bouton supplémentaire : Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Élément de menu additionnel 'Outils' : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF : {5D6F45B3-9043-443D-A792-115447494D24} (Classe UnoCtrl) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF : {6414512B-B978-451D-A0D8-FCFDF33E833C} (Classe WUWebControl) - http://www.update.microsoft.com/...
O16 - DPF : {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (Classe MessengerStatsClient) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service : ASP.NET State Service (aspnet_state) - Propriétaire inconnu - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (fichier manquant)
O23 - Service : avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service : avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service : avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service : avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service : EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service : Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service : NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service : Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
--
Fin du fichier - 9968 octets
"nico the super novice"
I already took a little time to understand the purpose of executing the report sending
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:21:12, on 04/03/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Common Files\AOL\1140116317\ee\AOLSoftware.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\AntivirusFirewall\Common\FSM32.EXE
C:\WINDOWS\autoclk.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\windows\system32\gqkiacg.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Boonty\BoontyBox\BoontyBox.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE
C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\FSGK32.EXE
C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fssm32.exe
C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe
C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE
C:\Program Files\AntivirusFirewall\Common\FSMB32.EXE
C:\WINDOWS\System32\FTRTSVC.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\AntivirusFirewall\Common\FCH32.EXE
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fsqh.exe
C:\Program Files\AntivirusFirewall\Common\FAMEH32.EXE
C:\Program Files\AntivirusFirewall\Anti-Virus\fsrw.exe
C:\Program Files\Parental Control\bin\optproxy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fsav32.exe
C:\PROGRA~1\ANTIVI~1\ANTI-S~1\fsaw.exe
C:\Program Files\AntivirusFirewall\FSGUI\fsguidll.exe
C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Sylvie P\My Documents\Sylvie PETITJEAN\hijackthis.exe
C:\Program Files\Boonty\BoontyBox\BoontyBoxEngine.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.screensavers.com/landing/redirect/dynapage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Links
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Help for the Adobe PDF Reader link - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Connection Assistant Help Program - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: GamesBarBHO Class - {CB0D163C-E9F4-4236-9496-0597E24B23A5} - C:\Program Files\GamesBar\oberontb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1140116317\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\AntivirusFirewall\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\AntivirusFirewall\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\AntivirusFirewall\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [autoclk] autoclk.exe
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [Windows hiz Layers] hoqqr.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [gqkiacg] "c:\windows\system32\gqkiacg.exe" gqkiacg
O4 - HKLM\..\RunServices: [Windows hiz Layers] hoqqr.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WOOKIT] C:\Program Files\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [qkkikmq] c:\windows\system32\qkkikmq.exe qkkikmq
O4 - HKCU\..\Run: [ioyusgs] "c:\documents and settings\sylvie p\local settings\application data\ioyusgs.exe" ioyusgs
O4 - HKCU\..\Run: [uicqq] "c:\documents and settings\sylvie p\local settings\application data\uicqq.exe" uicqq
O4 - HKCU\..\Run: [kmioy] "c:\documents and settings\sylvie p\local settings\application data\kmioy.exe" kmioy
O4 - HKCU\..\Run: [yayeqcs] "c:\documents and settings\sylvie p\local settings\application data\yayeqcs.exe" yayeqcs
O4 - HKCU\..\Run: [qgwwm] "c:\documents and settings\sylvie p\local settings\application data\qgwwm.exe" qgwwm
O4 - HKCU\..\Run: [smacyag] "c:\documents and settings\sylvie p\local settings\application data\smacyag.exe" smacyag
O4 - HKCU\..\Run: [meagy] "c:\documents and settings\sylvie p\local settings\application data\meagy.exe" meagy
O4 - HKCU\..\Run: [gukyymk] "c:\documents and settings\sylvie p\local settings\application data\gukyymk.exe" gukyymk
O4 - HKCU\..\Run: [siequgq] "c:\documents and settings\sylvie p\local settings\application data\siequgq.exe" siequgq
O4 - HKCU\..\Run: [eqqaqae] "c:\documents and settings\sylvie p\local settings\application data\eqqaqae.exe" eqqaqae
O4 - HKCU\..\Run: [oqwsu] "c:\documents and settings\sylvie p\local settings\application data\oqwsu.exe" oqwsu
O4 - HKCU\..\Run: [sswcw] "c:\documents and settings\sylvie p\local settings\application data\sswcw.exe" sswcw
O4 - HKCU\..\Run: [oakyooa] "c:\documents and settings\sylvie p\local settings\application data\oakyooa.exe" oakyooa
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Windows hiz Layers] hoqqr.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: BoontyBox AOL.lnk = C:\Program Files\Boonty\BoontyBox\BoontyBox.exe
O4 - Startup: My personal planner Etam.lnk = C:\Program Files\Agenda Etam\agenda_etam.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Antivirus Firewall.lnk = C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Block this pop-up window - C:\Program Files\AntivirusFirewall\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open in a new background tab - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?425939bb36b3473d9e05c05de369e891
O8 - Extra context menu item: Open in a new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?425939bb36b3473d9e05c05de369e891
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menu item: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll
O9 - Extra 'Tools' menu item: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll
O9 - Extra button: Internet Explorer Protection - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menu item: Internet Explorer Protection... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll
O9 - Extra button: ShopperReports - Compare product prices - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - (no file)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menu item: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {04F414E9-E352-4BC3-963D-7BFE5A5F31A9} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1064_XP.cab
O16 - DPF: {127698E4-E730-4E5C-A2B1-21490A70C8A1} (CEnroll Class) - https://static.impots.gouv.fr/abos/securite/xenroll.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {201B9B37-848F-40BD-90EA-7B8F0AA89D6A} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1071_em_XP.cab
O16 - DPF: {2EF3FB47-7B1E-4536-BA4D-51427BD45DFA} - https://www.snapfish.fr/2/home
O16 - DPF: {321F38B6-7E5F-470E-B58C-927523B7AF92} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1069_em_XP.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.extrafilm.fr/ImageUploader5.cab
O16 - DPF: {5F4D3335-3194-4167-85AE-E7325F2695EF} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1068_em_XP.cab
O16 - DPF: {71DA2A4E-ACB3-4065-9E41-8BC42EABE427} - http://scripts.dlv4.com/binaries/IA/svcia32_FR_XP.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://jeuxenligne.orange.fr/GameShell/online/fr/luxor/mjolauncher.cab
O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} (WONWebLauncher Class) - http://hoylegames.sierra.com/cab/WONWebLauncherControl.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.extrafilm.fr/NET/Import/ImageUploader3.cab
O16 - DPF: {AA59202C-5E41-48FC-AF7D-324F5FD6A9F1} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1070_em_XP.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game10.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C80B7FF6-CE60-4079-935E-520C045C30A6} - http://www.mailskinner.com/binaries/msaxsetup.cab
O16 - DPF: {CB5D474E-A510-40A4-B5A4-838933BCBA64} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1065_XP.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxentelechargement.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - file://C:\Documents and Settings\Sylvie P\Local Settings\Application Data\Oberon Media\Oberon Games Host\popcaploader_v6.cab
O16 - DPF: {E68718BB-5451-4F6F-B8B8-41B4AB672747} (IgbInstall Class) - http://www.internetgamebox.com/content/AxInst.cab
O16 - DPF: {FA1D6D8F-C6ED-4752-8512-A33283240130} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1066_XP.cab
O16 - DPF: {FBF65A16-C9AB-465E-AECE-D2D9D5AB5E60} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1067_XP.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0E753AE2-F2DF-48FD-AD1D-DC569E6494B0}: NameServer = 85.255.115.157,85.255.112.14
O17 - HKLM\System\CCS\Services\Tcpip\..\{3C09A5DE-FCCD-4FA0-ACA7-4176CB6A2E7D}: NameServer = 85.255.115.157,85.255.112.14
O17 - HKLM\System\CCS\Services\Tcpip\..\{592B9853-B445-44DC-ACF3-4CB5872780AA}: NameServer = 85.255.115.157,85.255.112.14
O17 - HKLM\System\CCS\Services\Tcpip\..\{9C9D3639-DA87-4A10-A8D8-B78ED0C752A2}: NameServer = 85.255.115.157,85.255.112.14
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.157 85.255.112.14
O17 - HKLM\System\CS1\Services\Tcpip\..\{0E753AE2-F2DF-48FD-AD1D-DC569E6494B0}: NameServer = 85.255.115.157,85.255.112.14
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.157 85.255.112.14
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Antivirus Firewall (BackWeb Plug-in - 6588780) - Securitoo Portal - C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
--
End of
I already took a little time to understand the purpose of executing the report sending
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:21:12, on 04/03/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Common Files\AOL\1140116317\ee\AOLSoftware.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\AntivirusFirewall\Common\FSM32.EXE
C:\WINDOWS\autoclk.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\windows\system32\gqkiacg.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Boonty\BoontyBox\BoontyBox.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE
C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\FSGK32.EXE
C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fssm32.exe
C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe
C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE
C:\Program Files\AntivirusFirewall\Common\FSMB32.EXE
C:\WINDOWS\System32\FTRTSVC.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\AntivirusFirewall\Common\FCH32.EXE
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fsqh.exe
C:\Program Files\AntivirusFirewall\Common\FAMEH32.EXE
C:\Program Files\AntivirusFirewall\Anti-Virus\fsrw.exe
C:\Program Files\Parental Control\bin\optproxy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fsav32.exe
C:\PROGRA~1\ANTIVI~1\ANTI-S~1\fsaw.exe
C:\Program Files\AntivirusFirewall\FSGUI\fsguidll.exe
C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Sylvie P\My Documents\Sylvie PETITJEAN\hijackthis.exe
C:\Program Files\Boonty\BoontyBox\BoontyBoxEngine.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.screensavers.com/landing/redirect/dynapage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Links
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Help for the Adobe PDF Reader link - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Connection Assistant Help Program - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: GamesBarBHO Class - {CB0D163C-E9F4-4236-9496-0597E24B23A5} - C:\Program Files\GamesBar\oberontb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1140116317\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\AntivirusFirewall\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\AntivirusFirewall\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\AntivirusFirewall\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [autoclk] autoclk.exe
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [Windows hiz Layers] hoqqr.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [gqkiacg] "c:\windows\system32\gqkiacg.exe" gqkiacg
O4 - HKLM\..\RunServices: [Windows hiz Layers] hoqqr.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WOOKIT] C:\Program Files\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [qkkikmq] c:\windows\system32\qkkikmq.exe qkkikmq
O4 - HKCU\..\Run: [ioyusgs] "c:\documents and settings\sylvie p\local settings\application data\ioyusgs.exe" ioyusgs
O4 - HKCU\..\Run: [uicqq] "c:\documents and settings\sylvie p\local settings\application data\uicqq.exe" uicqq
O4 - HKCU\..\Run: [kmioy] "c:\documents and settings\sylvie p\local settings\application data\kmioy.exe" kmioy
O4 - HKCU\..\Run: [yayeqcs] "c:\documents and settings\sylvie p\local settings\application data\yayeqcs.exe" yayeqcs
O4 - HKCU\..\Run: [qgwwm] "c:\documents and settings\sylvie p\local settings\application data\qgwwm.exe" qgwwm
O4 - HKCU\..\Run: [smacyag] "c:\documents and settings\sylvie p\local settings\application data\smacyag.exe" smacyag
O4 - HKCU\..\Run: [meagy] "c:\documents and settings\sylvie p\local settings\application data\meagy.exe" meagy
O4 - HKCU\..\Run: [gukyymk] "c:\documents and settings\sylvie p\local settings\application data\gukyymk.exe" gukyymk
O4 - HKCU\..\Run: [siequgq] "c:\documents and settings\sylvie p\local settings\application data\siequgq.exe" siequgq
O4 - HKCU\..\Run: [eqqaqae] "c:\documents and settings\sylvie p\local settings\application data\eqqaqae.exe" eqqaqae
O4 - HKCU\..\Run: [oqwsu] "c:\documents and settings\sylvie p\local settings\application data\oqwsu.exe" oqwsu
O4 - HKCU\..\Run: [sswcw] "c:\documents and settings\sylvie p\local settings\application data\sswcw.exe" sswcw
O4 - HKCU\..\Run: [oakyooa] "c:\documents and settings\sylvie p\local settings\application data\oakyooa.exe" oakyooa
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Windows hiz Layers] hoqqr.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: BoontyBox AOL.lnk = C:\Program Files\Boonty\BoontyBox\BoontyBox.exe
O4 - Startup: My personal planner Etam.lnk = C:\Program Files\Agenda Etam\agenda_etam.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Antivirus Firewall.lnk = C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Block this pop-up window - C:\Program Files\AntivirusFirewall\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open in a new background tab - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?425939bb36b3473d9e05c05de369e891
O8 - Extra context menu item: Open in a new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?425939bb36b3473d9e05c05de369e891
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menu item: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll
O9 - Extra 'Tools' menu item: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll
O9 - Extra button: Internet Explorer Protection - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menu item: Internet Explorer Protection... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll
O9 - Extra button: ShopperReports - Compare product prices - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - (no file)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menu item: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {04F414E9-E352-4BC3-963D-7BFE5A5F31A9} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1064_XP.cab
O16 - DPF: {127698E4-E730-4E5C-A2B1-21490A70C8A1} (CEnroll Class) - https://static.impots.gouv.fr/abos/securite/xenroll.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {201B9B37-848F-40BD-90EA-7B8F0AA89D6A} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1071_em_XP.cab
O16 - DPF: {2EF3FB47-7B1E-4536-BA4D-51427BD45DFA} - https://www.snapfish.fr/2/home
O16 - DPF: {321F38B6-7E5F-470E-B58C-927523B7AF92} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1069_em_XP.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.extrafilm.fr/ImageUploader5.cab
O16 - DPF: {5F4D3335-3194-4167-85AE-E7325F2695EF} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1068_em_XP.cab
O16 - DPF: {71DA2A4E-ACB3-4065-9E41-8BC42EABE427} - http://scripts.dlv4.com/binaries/IA/svcia32_FR_XP.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://jeuxenligne.orange.fr/GameShell/online/fr/luxor/mjolauncher.cab
O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} (WONWebLauncher Class) - http://hoylegames.sierra.com/cab/WONWebLauncherControl.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.extrafilm.fr/NET/Import/ImageUploader3.cab
O16 - DPF: {AA59202C-5E41-48FC-AF7D-324F5FD6A9F1} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1070_em_XP.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game10.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C80B7FF6-CE60-4079-935E-520C045C30A6} - http://www.mailskinner.com/binaries/msaxsetup.cab
O16 - DPF: {CB5D474E-A510-40A4-B5A4-838933BCBA64} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1065_XP.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxentelechargement.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - file://C:\Documents and Settings\Sylvie P\Local Settings\Application Data\Oberon Media\Oberon Games Host\popcaploader_v6.cab
O16 - DPF: {E68718BB-5451-4F6F-B8B8-41B4AB672747} (IgbInstall Class) - http://www.internetgamebox.com/content/AxInst.cab
O16 - DPF: {FA1D6D8F-C6ED-4752-8512-A33283240130} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1066_XP.cab
O16 - DPF: {FBF65A16-C9AB-465E-AECE-D2D9D5AB5E60} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1067_XP.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0E753AE2-F2DF-48FD-AD1D-DC569E6494B0}: NameServer = 85.255.115.157,85.255.112.14
O17 - HKLM\System\CCS\Services\Tcpip\..\{3C09A5DE-FCCD-4FA0-ACA7-4176CB6A2E7D}: NameServer = 85.255.115.157,85.255.112.14
O17 - HKLM\System\CCS\Services\Tcpip\..\{592B9853-B445-44DC-ACF3-4CB5872780AA}: NameServer = 85.255.115.157,85.255.112.14
O17 - HKLM\System\CCS\Services\Tcpip\..\{9C9D3639-DA87-4A10-A8D8-B78ED0C752A2}: NameServer = 85.255.115.157,85.255.112.14
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.157 85.255.112.14
O17 - HKLM\System\CS1\Services\Tcpip\..\{0E753AE2-F2DF-48FD-AD1D-DC569E6494B0}: NameServer = 85.255.115.157,85.255.112.14
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.157 85.255.112.14
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Antivirus Firewall (BackWeb Plug-in - 6588780) - Securitoo Portal - C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
--
End of
- 1
- 2
Next