Je pense que c'est un virus
Résolu/Fermé
Bauzau
-
12 oct. 2008 à 21:51
Destrio5 Messages postés 85926 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 - 22 oct. 2008 à 23:03
Destrio5 Messages postés 85926 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 - 22 oct. 2008 à 23:03
A voir également:
- Je pense que c'est un virus
- Tinyurl virus - Forum Virus / Sécurité
- Svchost.exe virus - Guide
- Tlauncher virus ✓ - Forum Jeux vidéo
- Softonic virus - Forum Virus / Sécurité
- 6 proccesus svchost.exe Virus? ✓ - Forum Virus / Sécurité
150 réponses
Destrio5
Messages postés
85926
Date d'inscription
dimanche 11 juillet 2010
Statut
Modérateur
Dernière intervention
17 février 2023
10 297
12 oct. 2008 à 22:23
12 oct. 2008 à 22:23
Salut,
- Télécharge MSNFix.zip (de !aur3n7) sur le bureau:
http://sosvirus.changelog.fr/MSNFix.zip
- Décompresse-le (clic droit >> Extraire ici).
- Double-clique sur le fichier MSNFix.bat.
- Exécute l'option R.
Si l'infection est détectée, un message l'indiquera et il suffira de presser une touche pour lancer le nettoyage
Note : Si une erreur de suppression est détectée un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations. Dans ce cas il suffit de redémarrer l'ordinateur en mode normal.
- Le rapport sera enregistré dans le même dossier que MSNFix sous forme date_heure.t, poste-le.
- Télécharge MSNFix.zip (de !aur3n7) sur le bureau:
http://sosvirus.changelog.fr/MSNFix.zip
- Décompresse-le (clic droit >> Extraire ici).
- Double-clique sur le fichier MSNFix.bat.
- Exécute l'option R.
Si l'infection est détectée, un message l'indiquera et il suffira de presser une touche pour lancer le nettoyage
Note : Si une erreur de suppression est détectée un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations. Dans ce cas il suffit de redémarrer l'ordinateur en mode normal.
- Le rapport sera enregistré dans le même dossier que MSNFix sous forme date_heure.t, poste-le.
Destrio5
Messages postés
85926
Date d'inscription
dimanche 11 juillet 2010
Statut
Modérateur
Dernière intervention
17 février 2023
10 297
13 oct. 2008 à 18:48
13 oct. 2008 à 18:48
---> Télécharge Toolbar S&D (Team IDN) sur ton Bureau.
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2
* Lance l'installation du programme en exécutant le fichier téléchargé.
* Double-clique maintenant sur le raccourci de Toolbar-S&D.
* Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
* Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
* Poste le rapport généré. (C:\TB.txt)
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2
* Lance l'installation du programme en exécutant le fichier téléchargé.
* Double-clique maintenant sur le raccourci de Toolbar-S&D.
* Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
* Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
* Poste le rapport généré. (C:\TB.txt)
Bauzau
Messages postés
115
Date d'inscription
lundi 13 octobre 2008
Statut
Membre
Dernière intervention
31 mars 2009
5
15 oct. 2008 à 18:01
15 oct. 2008 à 18:01
Voici le rapport,j'espère que je l'ai bien fais
-----------\\ ToolBar S&D 1.2.2 XP/Vista
Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) D CPU 2.80GHz )
BIOS : Default System BIOS
USER : home ( Administrator )
BOOT : Normal boot
Antivirus : AVG 7.5.524 7.5.524 (Activated)
C:\ (Local Disk) - NTFS - Total : 149 Go Free : 132 Go
D:\ (CD or DVD)
"C:\ToolBar SD" ( MAJ : 04-10-2008|21:00 )
Option : [1] ( Wed 10/15/2008|16:57 )
-----------\\ Recherche de Fichiers / Dossiers ...
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="http://home.jhoos.com/"
"Url"="http://www.microsoft.com/athome/community/rss.xml"
"Url"="http://www.microsoft.com/atwork/community/rss.xml"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://www.msn.com/fr-fr/"
--------------------\\ Recherche d'autres infections
Aucune autre infection trouvée !
1 - "C:\ToolBar SD\TB_1.txt" - Tue 10/14/2008|15:19 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - Wed 10/15/2008|16:43 - Option : [2]
3 - "C:\ToolBar SD\TB_3.txt" - Wed 10/15/2008|16:59 - Option : [1]
-----------\\ Fin du rapport a 16:59:27.75
-----------\\ ToolBar S&D 1.2.2 XP/Vista
Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) D CPU 2.80GHz )
BIOS : Default System BIOS
USER : home ( Administrator )
BOOT : Normal boot
Antivirus : AVG 7.5.524 7.5.524 (Activated)
C:\ (Local Disk) - NTFS - Total : 149 Go Free : 132 Go
D:\ (CD or DVD)
"C:\ToolBar SD" ( MAJ : 04-10-2008|21:00 )
Option : [1] ( Wed 10/15/2008|16:57 )
-----------\\ Recherche de Fichiers / Dossiers ...
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="http://home.jhoos.com/"
"Url"="http://www.microsoft.com/athome/community/rss.xml"
"Url"="http://www.microsoft.com/atwork/community/rss.xml"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://www.msn.com/fr-fr/"
--------------------\\ Recherche d'autres infections
Aucune autre infection trouvée !
1 - "C:\ToolBar SD\TB_1.txt" - Tue 10/14/2008|15:19 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - Wed 10/15/2008|16:43 - Option : [2]
3 - "C:\ToolBar SD\TB_3.txt" - Wed 10/15/2008|16:59 - Option : [1]
-----------\\ Fin du rapport a 16:59:27.75
Destrio5
Messages postés
85926
Date d'inscription
dimanche 11 juillet 2010
Statut
Modérateur
Dernière intervention
17 février 2023
10 297
15 oct. 2008 à 18:09
15 oct. 2008 à 18:09
Non, désolé.
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Bauzau
Messages postés
115
Date d'inscription
lundi 13 octobre 2008
Statut
Membre
Dernière intervention
31 mars 2009
5
15 oct. 2008 à 18:13
15 oct. 2008 à 18:13
Que dois-je faire dans ce cas :-)
Destrio5
Messages postés
85926
Date d'inscription
dimanche 11 juillet 2010
Statut
Modérateur
Dernière intervention
17 février 2023
10 297
15 oct. 2008 à 18:16
15 oct. 2008 à 18:16
Destrio5
Messages postés
85926
Date d'inscription
dimanche 11 juillet 2010
Statut
Modérateur
Dernière intervention
17 février 2023
10 297
15 oct. 2008 à 18:42
15 oct. 2008 à 18:42
Non, tu tombes sur mon message précédent.
---> Redémarre en mode sans échec :
https://blog.sosordi.net/
---> Relance ToolBar S&D, fais l'option 2 et poste le rapport.
---> Redémarre en mode sans échec :
https://blog.sosordi.net/
---> Relance ToolBar S&D, fais l'option 2 et poste le rapport.
Bauzau
Messages postés
115
Date d'inscription
lundi 13 octobre 2008
Statut
Membre
Dernière intervention
31 mars 2009
5
15 oct. 2008 à 18:49
15 oct. 2008 à 18:49
Quand je redemar en "safe mode" j'ai plus access a l'internet !!!
Bauzau
Messages postés
115
Date d'inscription
lundi 13 octobre 2008
Statut
Membre
Dernière intervention
31 mars 2009
5
15 oct. 2008 à 22:44
15 oct. 2008 à 22:44
Non je vois que sa continue de faire la même chose
Destrio5
Messages postés
85926
Date d'inscription
dimanche 11 juillet 2010
Statut
Modérateur
Dernière intervention
17 février 2023
10 297
15 oct. 2008 à 23:27
15 oct. 2008 à 23:27
Fais un scan rapide.
Bonjour,j'ai telecharger MSNFIX.zip est j'ai fait un right click (click droit) est je fais extrac to the specified folder, est j'ai double cliquer sur msnfix...Mais y a rien qui ce passe est je ne comprend pas exactement quand tu me dis exécute l'option R, Aide moi S.T.P
Bauzau
Messages postés
115
Date d'inscription
lundi 13 octobre 2008
Statut
Membre
Dernière intervention
31 mars 2009
5
15 oct. 2008 à 20:17
15 oct. 2008 à 20:17
Je pense que je l'ai bien fais maintenant a toi de me dire :-)
----------\\ ToolBar S&D 1.2.2 XP/Vista
Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) D CPU 2.80GHz )
BIOS : Default System BIOS
USER : home ( Administrator )
BOOT : Fail-safe boot
Antivirus : AVG 7.5.524 7.5.524 (Not Activated)
C:\ (Local Disk) - NTFS - Total : 149 Go Free : 132 Go
D:\ (CD or DVD)
"C:\ToolBar SD" ( MAJ : 04-10-2008|21:00 )
Option : [2] ( Wed 10/15/2008|18:03 )
-----------\\ SUPPRESSION
Supprime! - C:\Program Files\MyWebSearch\bar
Supprime! - C:\Program Files\MyWebSearch
-----------\\ Recherche de Fichiers / Dossiers ...
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="http://home.jhoos.com/"
"Url"="http://www.microsoft.com/athome/community/rss.xml"
"Url"="http://www.microsoft.com/atwork/community/rss.xml"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://www.msn.com/fr-fr/"
--------------------\\ Recherche d'autres infections
Aucune autre infection trouvée !
1 - "C:\ToolBar SD\TB_1.txt" - Tue 10/14/2008|15:19 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - Wed 10/15/2008|16:43 - Option : [2]
3 - "C:\ToolBar SD\TB_3.txt" - Wed 10/15/2008|16:59 - Option : [1]
4 - "C:\ToolBar SD\TB_4.txt" - Wed 10/15/2008|18:04 - Option : [2]
-----------\\ Fin du rapport a 18:04:44.75
----------\\ ToolBar S&D 1.2.2 XP/Vista
Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) D CPU 2.80GHz )
BIOS : Default System BIOS
USER : home ( Administrator )
BOOT : Fail-safe boot
Antivirus : AVG 7.5.524 7.5.524 (Not Activated)
C:\ (Local Disk) - NTFS - Total : 149 Go Free : 132 Go
D:\ (CD or DVD)
"C:\ToolBar SD" ( MAJ : 04-10-2008|21:00 )
Option : [2] ( Wed 10/15/2008|18:03 )
-----------\\ SUPPRESSION
Supprime! - C:\Program Files\MyWebSearch\bar
Supprime! - C:\Program Files\MyWebSearch
-----------\\ Recherche de Fichiers / Dossiers ...
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="http://home.jhoos.com/"
"Url"="http://www.microsoft.com/athome/community/rss.xml"
"Url"="http://www.microsoft.com/atwork/community/rss.xml"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://www.msn.com/fr-fr/"
--------------------\\ Recherche d'autres infections
Aucune autre infection trouvée !
1 - "C:\ToolBar SD\TB_1.txt" - Tue 10/14/2008|15:19 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - Wed 10/15/2008|16:43 - Option : [2]
3 - "C:\ToolBar SD\TB_3.txt" - Wed 10/15/2008|16:59 - Option : [1]
4 - "C:\ToolBar SD\TB_4.txt" - Wed 10/15/2008|18:04 - Option : [2]
-----------\\ Fin du rapport a 18:04:44.75
Bauzau
Messages postés
115
Date d'inscription
lundi 13 octobre 2008
Statut
Membre
Dernière intervention
31 mars 2009
5
16 oct. 2008 à 17:47
16 oct. 2008 à 17:47
Voila le rapport du scan rapide
Malwarebytes' Anti-Malware 1.28
Version de la base de données: 1275
Windows 5.1.2600 Service Pack 3
10/16/2008 7:28:56 PM
mbam-log-2008-10-16 (19-28-56).txt
Type de recherche: Examen rapide
Eléments examinés: 42142
Temps écoulé: 7 minute(s), 24 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 135
Valeur(s) du Registre infectée(s): 7
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 21
Fichier(s) infecté(s): 42
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\funwebproducts.datacontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1f52a5fa-a705-4415-b975-88503b291728} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a626cdbd-3d13-4f78-b819-440a28d7e8fc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.datacontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{8ca01f0e-987c-49c3-b852-2f1ac4a7094c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0f8ecf4f-3646-4c3a-8881-8e138ffcaf70} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b813095c-81c0-4e40-aa14-67520372b987} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c9d7be3e-141a-4c85-8cd6-32461f3df2c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cff4ce82-3aa2-451f-9b77-7165605fb835} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{8e6f1830-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8e6f1832-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a9571378-68a1-443d-b082-284f960c6d17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{e79dfbc0-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{72ee7f04-15bd-4845-a005-d6711144d86a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbc9-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{3e720450-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720451-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{adb01e81-3c79-4272-a0f1-7b2be7a782dc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d292-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d296-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{29d67d3c-509a-4544-903f-c8c1b8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{938aa51a-996c-4884-98ce-80dd16a5c9da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{53ced2d0-5e9a-4761-9005-648404e6f7e5} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{84da4fdf-a1cf-4195-8688-3e961f505983} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d9fffb27-d62a-4d64-8cec-1ff006528805} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{07b18ea0-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mywebsearchservice (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\mywebsearchservice (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mywebsearchservice (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mywebsearch email plugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mywebsearch email plugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mywebsearch plugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\my web search bar search scope monitor (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\ (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Avatar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\SrchAstt (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\SrchAstt\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images\101x135 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f3PSSavr.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3MEDINT.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\_MWSBAR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\files.ini (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\CM.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\MFC.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\PSS.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\WB.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Cache\files.ini (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Malwarebytes' Anti-Malware 1.28
Version de la base de données: 1275
Windows 5.1.2600 Service Pack 3
10/16/2008 7:28:56 PM
mbam-log-2008-10-16 (19-28-56).txt
Type de recherche: Examen rapide
Eléments examinés: 42142
Temps écoulé: 7 minute(s), 24 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 135
Valeur(s) du Registre infectée(s): 7
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 21
Fichier(s) infecté(s): 42
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\funwebproducts.datacontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1f52a5fa-a705-4415-b975-88503b291728} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a626cdbd-3d13-4f78-b819-440a28d7e8fc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.datacontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{8ca01f0e-987c-49c3-b852-2f1ac4a7094c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0f8ecf4f-3646-4c3a-8881-8e138ffcaf70} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b813095c-81c0-4e40-aa14-67520372b987} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c9d7be3e-141a-4c85-8cd6-32461f3df2c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cff4ce82-3aa2-451f-9b77-7165605fb835} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{8e6f1830-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8e6f1832-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a9571378-68a1-443d-b082-284f960c6d17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{e79dfbc0-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{72ee7f04-15bd-4845-a005-d6711144d86a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbc9-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{3e720450-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720451-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{adb01e81-3c79-4272-a0f1-7b2be7a782dc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d292-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d296-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{29d67d3c-509a-4544-903f-c8c1b8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{938aa51a-996c-4884-98ce-80dd16a5c9da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{53ced2d0-5e9a-4761-9005-648404e6f7e5} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{84da4fdf-a1cf-4195-8688-3e961f505983} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d9fffb27-d62a-4d64-8cec-1ff006528805} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{07b18ea0-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mywebsearchservice (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\mywebsearchservice (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mywebsearchservice (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mywebsearch email plugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mywebsearch email plugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mywebsearch plugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\my web search bar search scope monitor (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\ (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Avatar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\SrchAstt (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\SrchAstt\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images\101x135 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f3PSSavr.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3MEDINT.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\_MWSBAR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\files.ini (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\CM.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\MFC.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\PSS.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\WB.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Cache\files.ini (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Destrio5
Messages postés
85926
Date d'inscription
dimanche 11 juillet 2010
Statut
Modérateur
Dernière intervention
17 février 2023
10 297
16 oct. 2008 à 21:13
16 oct. 2008 à 21:13
Va te coucher melquior.
Bauzau ---> Voici une procédure.
---> Télécharge ComboFix.exe de sUBs sur ton Bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
/!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\
---> Double-clique sur Combofix.exe
Un "pop-up" va apparaître qui dit que "ComboFix est utilisé à vos risques et avec aucune garantie...".
Accepte en cliquant sur "Oui"
---> Mets-le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.
/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\
En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.
Une fois le scan achevé, un rapport va s'afficher : Poste son contenu
/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\
Note : Le rapport se trouve également là : C:\ComboFix\Combofix.txt
Bauzau ---> Voici une procédure.
---> Télécharge ComboFix.exe de sUBs sur ton Bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
/!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\
---> Double-clique sur Combofix.exe
Un "pop-up" va apparaître qui dit que "ComboFix est utilisé à vos risques et avec aucune garantie...".
Accepte en cliquant sur "Oui"
---> Mets-le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.
/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\
En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.
Une fois le scan achevé, un rapport va s'afficher : Poste son contenu
/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\
Note : Le rapport se trouve également là : C:\ComboFix\Combofix.txt
Bauzau
Messages postés
115
Date d'inscription
lundi 13 octobre 2008
Statut
Membre
Dernière intervention
31 mars 2009
5
16 oct. 2008 à 21:15
16 oct. 2008 à 21:15
ok
melquior
Messages postés
450
Date d'inscription
vendredi 22 février 2008
Statut
Membre
Dernière intervention
19 janvier 2009
41
16 oct. 2008 à 21:33
16 oct. 2008 à 21:33
ton lien sosvirus.nsmfix envoie un worm avec une configuration sous vista ca te rafraichie la memoire destro dodo militaire et gendarme ca peut etre outrage destro
Bauzau
Messages postés
115
Date d'inscription
lundi 13 octobre 2008
Statut
Membre
Dernière intervention
31 mars 2009
5
16 oct. 2008 à 21:43
16 oct. 2008 à 21:43
Voici le rapport
ComboFix 08-10-15.08 - home 2008-10-16 23:33:04.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.187 [GMT 1:00]
Running from: C:\Documents and Settings\home\Desktop\ComboFix.exe
* Created a new restore point
[COLOR=RED][B]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/B][/COLOR]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\home\Application Data\FunWebProducts
C:\Program Files\FunWebProducts
C:\Program Files\FunWebProducts\ScreenSaver\Cache\files.ini
C:\Program Files\internet explorer\msimg32.dll
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\1.bin\_MWSBAR.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE
C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3MEDINT.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE
C:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
C:\Program Files\MyWebSearch\bar\Cache\files.ini
C:\Program Files\MyWebSearch\bar\icons\CM.ICO
C:\Program Files\MyWebSearch\bar\icons\MFC.ICO
C:\Program Files\MyWebSearch\bar\icons\PSS.ICO
C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO
C:\Program Files\MyWebSearch\bar\icons\WB.ICO
C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO
C:\WINDOWS\system32\f3PSSavr.scr
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_MYWEBSEARCHSERVICE
-------\Service_MyWebSearchService
((((((((((((((((((((((((( Files Created from 2008-09-16 to 2008-10-16 )))))))))))))))))))))))))))))))
.
2008-10-15 19:51 . 2008-10-15 19:51 <DIR> d-------- C:\Documents and Settings\home\Application Data\Malwarebytes
2008-10-15 19:50 . 2008-10-16 22:20 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-15 19:50 . 2008-10-15 19:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-15 18:36 . 2008-10-15 18:36 <DIR> d-------- C:\Program Files\AxBx
2008-10-15 18:10 . 2008-10-15 18:11 <DIR> d-------- C:\Program Files\Fun Web Products
2008-10-15 05:46 . 2008-09-15 13:12 1,846,400 -----c--- C:\WINDOWS\system32\dllcache\win32k.sys
2008-10-14 15:19 . 2008-10-15 18:04 1,966 --a------ C:\Documents and Settings\Orph.egd
2008-10-14 15:18 . 2008-10-15 18:04 <DIR> d-------- C:\ToolBar SD
2008-10-13 18:09 . 2008-10-13 18:23 0 --a------ C:\WINDOWS\system32\tmp.MSNFix
2008-10-12 14:48 . 2008-10-14 21:20 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-10-11 22:52 . 2008-10-16 23:39 <DIR> d-------- C:\Documents and Settings\home\Tracing
2008-10-11 22:42 . 2008-10-11 22:42 <DIR> d-------- C:\Program Files\Microsoft
2008-10-11 22:33 . 2008-10-11 22:33 <DIR> d-------- C:\Program Files\Common Files\Windows Live
2008-10-11 13:17 . 2008-10-16 22:23 <DIR> d-------- C:\Program Files\AdVantage
2008-10-11 13:15 . 2008-10-11 13:18 <DIR> d-------- C:\Program Files\Jhoos
2008-10-11 13:15 . 2003-10-06 22:39 26,694 --a------ C:\WINDOWS\system32\customercare.ico
2008-10-11 13:15 . 2003-10-06 22:40 26,694 --a------ C:\WINDOWS\system32\cableguy.ico
2008-10-11 13:15 . 2003-10-06 22:37 26,694 --a------ C:\WINDOWS\system32\about.ico
2008-10-11 13:15 . 2001-10-13 01:06 10,134 --a------ C:\WINDOWS\system32\tubely.ico
2008-10-10 22:45 . 2008-10-07 10:01 19,968 --a------ C:\WINDOWS\system32\pdn.exe
2008-10-10 22:45 . 2008-10-07 10:01 19,968 ---h----- C:\Documents and Settings\home\dldckh.exe
2008-10-05 20:06 . 2008-10-05 20:06 <DIR> d-------- C:\Program Files\Common Files\Ulead Systems
2008-10-05 20:06 . 1998-12-08 18:53 212,480 --------- C:\WINDOWS\system32\PCDLIB32.DLL
2008-10-05 20:06 . 2005-08-04 18:54 40,960 --------- C:\WINDOWS\system32\Ulead Photo Express ScreenSaver.scr
2008-10-05 20:05 . 2008-10-05 20:05 <DIR> d-------- C:\Program Files\Ulead Systems
2008-10-05 20:04 . 2008-10-05 20:04 <DIR> d-------- C:\Documents and Settings\home\Application Data\Ulead Systems
2008-10-05 20:04 . 2008-10-05 20:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-10-05 19:58 . 2008-10-05 19:58 7,680 --ahs---- C:\WINDOWS\Thumbs.db
2008-10-05 19:52 . 2008-10-05 19:52 <DIR> d-------- C:\Program Files\Morpheus Photo Morpher
2008-10-05 19:52 . 2008-10-05 19:52 <DIR> d-------- C:\Documents and Settings\home\Application Data\Morpheus Software
2008-10-05 15:01 . 2008-10-05 22:47 <DIR> d-------- C:\Documents and Settings\home\Application Data\gtk-2.0
2008-10-05 15:01 . 2008-10-05 15:01 <DIR> d-------- C:\Documents and Settings\home\.thumbnails
2008-10-05 14:56 . 2008-10-06 00:40 <DIR> d-------- C:\Documents and Settings\home\.gimp-2.6
2008-10-05 14:56 . 2008-10-05 14:56 <DIR> d-------- C:\Documents and Settings\home\.gegl-0.0
2008-10-05 14:55 . 2008-10-05 14:55 <DIR> d-------- C:\Program Files\Gimp-2.0
2008-09-26 07:57 . 2008-10-10 22:51 <DIR> d-------- C:\Program Files\Free Download Manager
2008-09-26 07:57 . 2008-10-16 22:23 <DIR> d-------- C:\Documents and Settings\home\Application Data\Free Download Manager
2008-09-26 07:57 . 2008-09-26 07:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FreeDownloadManager.ORG
2008-09-24 20:06 . 2008-10-16 23:39 <DIR> d-------- C:\Documents and Settings\home\Application Data\OpenOffice.org2
2008-09-17 19:34 . 2008-10-09 01:39 <DIR> d-------- C:\Documents and Settings\home\Application Data\skypePM
2008-09-17 19:34 . 2008-09-17 19:34 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-09-17 19:26 . 2008-10-09 03:11 <DIR> d-------- C:\Documents and Settings\home\Application Data\Skype
2008-09-17 19:20 . 2008-09-17 19:20 <DIR> d-------- C:\Program Files\Skype
2008-09-17 19:20 . 2008-09-17 19:20 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-09-17 19:20 . 2008-09-17 19:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-16 19:33 --------- d-----w C:\Documents and Settings\home\Application Data\AVG7
2008-10-13 06:48 --------- d-----w C:\Documents and Settings\home\Application Data\DMCache
2008-10-11 21:50 --------- d-----w C:\Program Files\Windows Live
2008-10-11 07:25 --------- d-----w C:\Documents and Settings\home\Application Data\BearShare
2008-10-10 21:51 --------- d-----w C:\Program Files\Internet Download Manager
2008-10-05 19:05 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-26 07:12 --------- d-----w C:\Program Files\BitComet
2008-09-26 06:56 --------- d-----w C:\Documents and Settings\home\Application Data\IDM
2008-09-15 12:12 1,846,400 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-11 20:53 --------- d-----w C:\Documents and Settings\home\Application Data\Creative
2008-09-08 23:03 51,712 ----a-w C:\WINDOWS\system32\sirenacm.dll
2008-09-07 23:49 --------- d-----w C:\Program Files\OpenOffice.org 2.4
2008-09-07 23:49 --------- d-----w C:\Program Files\Java
2008-09-05 14:56 287,744 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-08-23 20:48 --------- d-----w C:\Documents and Settings\home\Application Data\Digsby
2008-08-23 20:47 --------- d-----w C:\Program Files\Digsby
2008-08-21 10:00 --------- d-----w C:\Documents and Settings\home\Application Data\iMesh
2008-08-21 09:59 --------- d-----w C:\Program Files\iMesh Applications
2008-08-19 16:01 --------- d-----w C:\Program Files\VirtualDJ
2008-07-26 14:38 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-07-26 14:38 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-07-19 05:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 05:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 05:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 05:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 05:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 05:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 05:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 05:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-19 05:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-19 05:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
1998-08-24 19:09 10,000 ----a-w C:\WINDOWS\inf\unregpn.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2008-09-09 3513344]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-18 1249280]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-06-18 1122816]
"Creative Live! Cam Manager"="C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" [2007-06-07 155648]
"Free Download Manager"="C:\Program Files\Free Download Manager\fdm.exe" [2008-02-25 2465839]
"AdVantage"="C:\Program Files\AdVantage\AdVantage.exe" [2008-08-11 883992]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NewsUpd"="C:\Program Files\Creative\News\NewsUpd.EXE" [2000-08-04 44032]
"Disc Detector"="C:\Program Files\Creative\ShareDLL\CtNotify.exe" [1999-08-30 189952]
"SysTrayApp"="C:\Program Files\IDT\WDM\sttray.exe" [2008-04-11 413696]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-07-27 579584]
"V0420Mon.exe"="C:\WINDOWS\V0420Mon.exe" [2007-04-30 32768]
"Ulead AutoDetector"="C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe" [2005-07-28 94208]
"Ulead Calendar Checker"="C:\Program Files\Ulead Systems\Ulead Photo Express 6\CalCheck.exe" [2005-08-22 69632]
"pdn"="C:\WINDOWS\system32\pdn.exe" [2008-10-07 19968]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-07-26 219136]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
C:\Documents and Settings\home\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 393216]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-07-26 839680]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\SightSpeed\\SightSpeed.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Documents and Settings\\home\\dldckh.exe"=
"C:\\WINDOWS\\system32\\pdn.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"16174:TCP"= 16174:TCP:BitComet 16174 TCP
"16174:UDP"= 16174:UDP:BitComet 16174 UDP
R3 e4usbaw;USB ADSL2 WAN Adapter;C:\WINDOWS\system32\DRIVERS\e4usbaw.sys [2006-05-05 114616]
R3 V0420VID;Live! Cam Vista IM (VF0420);C:\WINDOWS\system32\DRIVERS\V0420Vid.sys [2007-05-31 99648]
S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);C:\WINDOWS\system32\Drivers\e4ldr.sys [2006-03-03 63555]
S3 autorun;autorun;C:\huadio.tmp [ ]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-BitComet - C:\Program Files\BitComet\BitComet.exe
HKLM-Run-MyWebSearch Plugin - C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL
HKLM-Run-My Web Search Bar Search Scope Monitor - C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\pxotx1im.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-16 23:38:09
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
C:\WINDOWS\system32\pdn.exe [2108] 0x82A55988
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Disc Detector = C:\Program Files\Creative\ShareDLL\CtNotify.exe?X???????????????? C?????Disc Detector?B???A???????A?? ????B???@?$?@?? C?????U?@?????????@?B???A???????A?p ????B???@?????P???$?@? ??????~?B~??????????@??? ???????????????B?????| ???????????????????p????????B
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\autorun]
"ImagePath"="\??\C:\huadio.tmp"
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\Ctsvccda.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Creative\ShareDLL\Mediadet.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.bin
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\dwwin.exe
.
**************************************************************************
.
Completion time: 2008-10-16 23:44:01 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-16 22:43:56
Pre-Run: 141,374,242,816 bytes free
Post-Run: 141,477,892,096 bytes free
254 --- E O F --- 2008-10-16 13:51:47
ComboFix 08-10-15.08 - home 2008-10-16 23:33:04.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.187 [GMT 1:00]
Running from: C:\Documents and Settings\home\Desktop\ComboFix.exe
* Created a new restore point
[COLOR=RED][B]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/B][/COLOR]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\home\Application Data\FunWebProducts
C:\Program Files\FunWebProducts
C:\Program Files\FunWebProducts\ScreenSaver\Cache\files.ini
C:\Program Files\internet explorer\msimg32.dll
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\1.bin\_MWSBAR.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE
C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3MEDINT.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE
C:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
C:\Program Files\MyWebSearch\bar\Cache\files.ini
C:\Program Files\MyWebSearch\bar\icons\CM.ICO
C:\Program Files\MyWebSearch\bar\icons\MFC.ICO
C:\Program Files\MyWebSearch\bar\icons\PSS.ICO
C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO
C:\Program Files\MyWebSearch\bar\icons\WB.ICO
C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO
C:\WINDOWS\system32\f3PSSavr.scr
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_MYWEBSEARCHSERVICE
-------\Service_MyWebSearchService
((((((((((((((((((((((((( Files Created from 2008-09-16 to 2008-10-16 )))))))))))))))))))))))))))))))
.
2008-10-15 19:51 . 2008-10-15 19:51 <DIR> d-------- C:\Documents and Settings\home\Application Data\Malwarebytes
2008-10-15 19:50 . 2008-10-16 22:20 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-15 19:50 . 2008-10-15 19:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-15 18:36 . 2008-10-15 18:36 <DIR> d-------- C:\Program Files\AxBx
2008-10-15 18:10 . 2008-10-15 18:11 <DIR> d-------- C:\Program Files\Fun Web Products
2008-10-15 05:46 . 2008-09-15 13:12 1,846,400 -----c--- C:\WINDOWS\system32\dllcache\win32k.sys
2008-10-14 15:19 . 2008-10-15 18:04 1,966 --a------ C:\Documents and Settings\Orph.egd
2008-10-14 15:18 . 2008-10-15 18:04 <DIR> d-------- C:\ToolBar SD
2008-10-13 18:09 . 2008-10-13 18:23 0 --a------ C:\WINDOWS\system32\tmp.MSNFix
2008-10-12 14:48 . 2008-10-14 21:20 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-10-11 22:52 . 2008-10-16 23:39 <DIR> d-------- C:\Documents and Settings\home\Tracing
2008-10-11 22:42 . 2008-10-11 22:42 <DIR> d-------- C:\Program Files\Microsoft
2008-10-11 22:33 . 2008-10-11 22:33 <DIR> d-------- C:\Program Files\Common Files\Windows Live
2008-10-11 13:17 . 2008-10-16 22:23 <DIR> d-------- C:\Program Files\AdVantage
2008-10-11 13:15 . 2008-10-11 13:18 <DIR> d-------- C:\Program Files\Jhoos
2008-10-11 13:15 . 2003-10-06 22:39 26,694 --a------ C:\WINDOWS\system32\customercare.ico
2008-10-11 13:15 . 2003-10-06 22:40 26,694 --a------ C:\WINDOWS\system32\cableguy.ico
2008-10-11 13:15 . 2003-10-06 22:37 26,694 --a------ C:\WINDOWS\system32\about.ico
2008-10-11 13:15 . 2001-10-13 01:06 10,134 --a------ C:\WINDOWS\system32\tubely.ico
2008-10-10 22:45 . 2008-10-07 10:01 19,968 --a------ C:\WINDOWS\system32\pdn.exe
2008-10-10 22:45 . 2008-10-07 10:01 19,968 ---h----- C:\Documents and Settings\home\dldckh.exe
2008-10-05 20:06 . 2008-10-05 20:06 <DIR> d-------- C:\Program Files\Common Files\Ulead Systems
2008-10-05 20:06 . 1998-12-08 18:53 212,480 --------- C:\WINDOWS\system32\PCDLIB32.DLL
2008-10-05 20:06 . 2005-08-04 18:54 40,960 --------- C:\WINDOWS\system32\Ulead Photo Express ScreenSaver.scr
2008-10-05 20:05 . 2008-10-05 20:05 <DIR> d-------- C:\Program Files\Ulead Systems
2008-10-05 20:04 . 2008-10-05 20:04 <DIR> d-------- C:\Documents and Settings\home\Application Data\Ulead Systems
2008-10-05 20:04 . 2008-10-05 20:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-10-05 19:58 . 2008-10-05 19:58 7,680 --ahs---- C:\WINDOWS\Thumbs.db
2008-10-05 19:52 . 2008-10-05 19:52 <DIR> d-------- C:\Program Files\Morpheus Photo Morpher
2008-10-05 19:52 . 2008-10-05 19:52 <DIR> d-------- C:\Documents and Settings\home\Application Data\Morpheus Software
2008-10-05 15:01 . 2008-10-05 22:47 <DIR> d-------- C:\Documents and Settings\home\Application Data\gtk-2.0
2008-10-05 15:01 . 2008-10-05 15:01 <DIR> d-------- C:\Documents and Settings\home\.thumbnails
2008-10-05 14:56 . 2008-10-06 00:40 <DIR> d-------- C:\Documents and Settings\home\.gimp-2.6
2008-10-05 14:56 . 2008-10-05 14:56 <DIR> d-------- C:\Documents and Settings\home\.gegl-0.0
2008-10-05 14:55 . 2008-10-05 14:55 <DIR> d-------- C:\Program Files\Gimp-2.0
2008-09-26 07:57 . 2008-10-10 22:51 <DIR> d-------- C:\Program Files\Free Download Manager
2008-09-26 07:57 . 2008-10-16 22:23 <DIR> d-------- C:\Documents and Settings\home\Application Data\Free Download Manager
2008-09-26 07:57 . 2008-09-26 07:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FreeDownloadManager.ORG
2008-09-24 20:06 . 2008-10-16 23:39 <DIR> d-------- C:\Documents and Settings\home\Application Data\OpenOffice.org2
2008-09-17 19:34 . 2008-10-09 01:39 <DIR> d-------- C:\Documents and Settings\home\Application Data\skypePM
2008-09-17 19:34 . 2008-09-17 19:34 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-09-17 19:26 . 2008-10-09 03:11 <DIR> d-------- C:\Documents and Settings\home\Application Data\Skype
2008-09-17 19:20 . 2008-09-17 19:20 <DIR> d-------- C:\Program Files\Skype
2008-09-17 19:20 . 2008-09-17 19:20 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-09-17 19:20 . 2008-09-17 19:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-16 19:33 --------- d-----w C:\Documents and Settings\home\Application Data\AVG7
2008-10-13 06:48 --------- d-----w C:\Documents and Settings\home\Application Data\DMCache
2008-10-11 21:50 --------- d-----w C:\Program Files\Windows Live
2008-10-11 07:25 --------- d-----w C:\Documents and Settings\home\Application Data\BearShare
2008-10-10 21:51 --------- d-----w C:\Program Files\Internet Download Manager
2008-10-05 19:05 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-26 07:12 --------- d-----w C:\Program Files\BitComet
2008-09-26 06:56 --------- d-----w C:\Documents and Settings\home\Application Data\IDM
2008-09-15 12:12 1,846,400 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-11 20:53 --------- d-----w C:\Documents and Settings\home\Application Data\Creative
2008-09-08 23:03 51,712 ----a-w C:\WINDOWS\system32\sirenacm.dll
2008-09-07 23:49 --------- d-----w C:\Program Files\OpenOffice.org 2.4
2008-09-07 23:49 --------- d-----w C:\Program Files\Java
2008-09-05 14:56 287,744 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-08-23 20:48 --------- d-----w C:\Documents and Settings\home\Application Data\Digsby
2008-08-23 20:47 --------- d-----w C:\Program Files\Digsby
2008-08-21 10:00 --------- d-----w C:\Documents and Settings\home\Application Data\iMesh
2008-08-21 09:59 --------- d-----w C:\Program Files\iMesh Applications
2008-08-19 16:01 --------- d-----w C:\Program Files\VirtualDJ
2008-07-26 14:38 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-07-26 14:38 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-07-19 05:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 05:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 05:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 05:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 05:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 05:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 05:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 05:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-19 05:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-19 05:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
1998-08-24 19:09 10,000 ----a-w C:\WINDOWS\inf\unregpn.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2008-09-09 3513344]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-18 1249280]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-06-18 1122816]
"Creative Live! Cam Manager"="C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" [2007-06-07 155648]
"Free Download Manager"="C:\Program Files\Free Download Manager\fdm.exe" [2008-02-25 2465839]
"AdVantage"="C:\Program Files\AdVantage\AdVantage.exe" [2008-08-11 883992]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NewsUpd"="C:\Program Files\Creative\News\NewsUpd.EXE" [2000-08-04 44032]
"Disc Detector"="C:\Program Files\Creative\ShareDLL\CtNotify.exe" [1999-08-30 189952]
"SysTrayApp"="C:\Program Files\IDT\WDM\sttray.exe" [2008-04-11 413696]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-07-27 579584]
"V0420Mon.exe"="C:\WINDOWS\V0420Mon.exe" [2007-04-30 32768]
"Ulead AutoDetector"="C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe" [2005-07-28 94208]
"Ulead Calendar Checker"="C:\Program Files\Ulead Systems\Ulead Photo Express 6\CalCheck.exe" [2005-08-22 69632]
"pdn"="C:\WINDOWS\system32\pdn.exe" [2008-10-07 19968]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-07-26 219136]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
C:\Documents and Settings\home\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 393216]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-07-26 839680]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\SightSpeed\\SightSpeed.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Documents and Settings\\home\\dldckh.exe"=
"C:\\WINDOWS\\system32\\pdn.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"16174:TCP"= 16174:TCP:BitComet 16174 TCP
"16174:UDP"= 16174:UDP:BitComet 16174 UDP
R3 e4usbaw;USB ADSL2 WAN Adapter;C:\WINDOWS\system32\DRIVERS\e4usbaw.sys [2006-05-05 114616]
R3 V0420VID;Live! Cam Vista IM (VF0420);C:\WINDOWS\system32\DRIVERS\V0420Vid.sys [2007-05-31 99648]
S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);C:\WINDOWS\system32\Drivers\e4ldr.sys [2006-03-03 63555]
S3 autorun;autorun;C:\huadio.tmp [ ]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-BitComet - C:\Program Files\BitComet\BitComet.exe
HKLM-Run-MyWebSearch Plugin - C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL
HKLM-Run-My Web Search Bar Search Scope Monitor - C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\pxotx1im.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-16 23:38:09
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
C:\WINDOWS\system32\pdn.exe [2108] 0x82A55988
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Disc Detector = C:\Program Files\Creative\ShareDLL\CtNotify.exe?X???????????????? C?????Disc Detector?B???A???????A?? ????B???@?$?@?? C?????U?@?????????@?B???A???????A?p ????B???@?????P???$?@? ??????~?B~??????????@??? ???????????????B?????| ???????????????????p????????B
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\autorun]
"ImagePath"="\??\C:\huadio.tmp"
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\Ctsvccda.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Creative\ShareDLL\Mediadet.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.bin
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\dwwin.exe
.
**************************************************************************
.
Completion time: 2008-10-16 23:44:01 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-16 22:43:56
Pre-Run: 141,374,242,816 bytes free
Post-Run: 141,477,892,096 bytes free
254 --- E O F --- 2008-10-16 13:51:47
Bauzau
Messages postés
115
Date d'inscription
lundi 13 octobre 2008
Statut
Membre
Dernière intervention
31 mars 2009
5
16 oct. 2008 à 21:51
16 oct. 2008 à 21:51
Je sais pas si c'est bon mais pour l'instant c'est bon :-)
Destrio5
Messages postés
85926
Date d'inscription
dimanche 11 juillet 2010
Statut
Modérateur
Dernière intervention
17 février 2023
10 297
16 oct. 2008 à 21:52
16 oct. 2008 à 21:52
/!\ Seul Bauzau peut suivre cette procédure /!\
1/
---> Clique sur Démarrer, Exécuter, tape notepad clique sur OK.
---> Copie le texte ci-dessous par sélection puis Ctrl+C :
KillAll::
File::
C:\huadio.tmp
Folder::
C:\Program Files\Fun Web Products
C:\ToolBar SD
C:\Program Files\AdVantage
Driver::
autorun
FileLook::
C:\Program Files\Jhoos\Jhoos.exe
C:\WINDOWS\system32\customercare.ico
C:\WINDOWS\system32\cableguy.ico
C:\WINDOWS\system32\about.ico
C:\WINDOWS\system32\tubely.ico
C:\WINDOWS\system32\pdn.exe
C:\Documents and Settings\home\dldckh.exe
C:\WINDOWS\V0420Mon.exe
C:\WINDOWS\system32\pdn.exe
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdVantage"=-
---> Colle la sélection dans le bloc-notes
---> Enregistre ce fichier sur le bureau (Impératif)
---> Nom du fichier : CFScript
---> Type du fichier : tous les fichiers
---> Clique sur Enregistrer
---> Quitte le bloc-notes
2/
---> Redémarre en mode sans échec
---> Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :
http://www.searchengines.pl/phpbb203/pliki/picasso/virus/programs/combofix/combofix_cfscript.gif
[*] Une fenêtre bleue va apparaître : au message qui apparaît, tu acceptes.
[*] Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal !
Ne touche à rien tant que le scan n'est pas terminé.
[*] Une fois le scan achevé, un rapport va s'afficher : poste-le
[*] Si le fichier ne s'ouvre pas, il se trouve ici C:\ComboFix.txt
1/
---> Clique sur Démarrer, Exécuter, tape notepad clique sur OK.
---> Copie le texte ci-dessous par sélection puis Ctrl+C :
KillAll::
File::
C:\huadio.tmp
Folder::
C:\Program Files\Fun Web Products
C:\ToolBar SD
C:\Program Files\AdVantage
Driver::
autorun
FileLook::
C:\Program Files\Jhoos\Jhoos.exe
C:\WINDOWS\system32\customercare.ico
C:\WINDOWS\system32\cableguy.ico
C:\WINDOWS\system32\about.ico
C:\WINDOWS\system32\tubely.ico
C:\WINDOWS\system32\pdn.exe
C:\Documents and Settings\home\dldckh.exe
C:\WINDOWS\V0420Mon.exe
C:\WINDOWS\system32\pdn.exe
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdVantage"=-
---> Colle la sélection dans le bloc-notes
---> Enregistre ce fichier sur le bureau (Impératif)
---> Nom du fichier : CFScript
---> Type du fichier : tous les fichiers
---> Clique sur Enregistrer
---> Quitte le bloc-notes
2/
---> Redémarre en mode sans échec
---> Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :
http://www.searchengines.pl/phpbb203/pliki/picasso/virus/programs/combofix/combofix_cfscript.gif
[*] Une fenêtre bleue va apparaître : au message qui apparaît, tu acceptes.
[*] Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal !
Ne touche à rien tant que le scan n'est pas terminé.
[*] Une fois le scan achevé, un rapport va s'afficher : poste-le
[*] Si le fichier ne s'ouvre pas, il se trouve ici C:\ComboFix.txt
Bauzau
Messages postés
115
Date d'inscription
lundi 13 octobre 2008
Statut
Membre
Dernière intervention
31 mars 2009
5
16 oct. 2008 à 22:20
16 oct. 2008 à 22:20
Voila c'est la
ComboFix 08-10-16.01 - home 2008-10-17 0:12:14.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.163 [GMT 1:00]
Running from: C:\Documents and Settings\home\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\home\Desktop\CFScript.txt
* Created a new restore point
FILE ::
C:\huadio.tmp
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\AdVantage
C:\Program Files\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome.manifest
C:\Program Files\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\content\advantage.png
C:\Program Files\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\content\contents.rdf
C:\Program Files\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\content\overlay.js
C:\Program Files\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\content\overlay.xul
C:\Program Files\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\content\vssver2.scc
C:\Program Files\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\locale\en-US\overlay.dtd
C:\Program Files\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\locale\en-US\vssver2.scc
C:\Program Files\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\components\IMeMedia_FF.xpt
C:\Program Files\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\components\MeMedia_FF.dll
C:\Program Files\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\install.js
C:\Program Files\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\install.rdf
C:\Program Files\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\vssver2.scc
C:\Program Files\AdVantage\AdVantage.db
C:\Program Files\AdVantage\AdVantage.exe
C:\Program Files\AdVantage\AdVantage.htm
C:\Program Files\AdVantage\AdVUninst.exe
C:\Program Files\AdVantage\ffext.mod
C:\Program Files\AdVantage\TR.dll
C:\Program Files\AdVantage\user.db
C:\Program Files\Fun Web Products
C:\ToolBar SD
C:\ToolBar SD\Backup-TB\DOCUME~1\home\Cookies\home@myway[1].txt
C:\ToolBar SD\Backup-TB\DOCUME~1\home\Cookies\home@mywebsearch[1].txt
C:\ToolBar SD\Backup-TB\Program Files\FunWebProducts\[u]0/u0AB615A.dat
C:\ToolBar SD\Changelog ToolBar.txt
C:\ToolBar SD\Doss.tbsd
C:\ToolBar SD\RegP2.txt
C:\ToolBar SD\RegP3.txt
C:\ToolBar SD\RegP4.txt
C:\ToolBar SD\RegP5.txt
C:\ToolBar SD\RegPCU.txt
C:\ToolBar SD\RegPLM.txt
C:\ToolBar SD\RKit.lsd
C:\ToolBar SD\RoGUeS.lsd
C:\ToolBar SD\RunTool.txt
C:\ToolBar SD\TB_1.txt
C:\ToolBar SD\TB_2.txt
C:\ToolBar SD\TB_3.txt
C:\ToolBar SD\TB_4.txt
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_AUTORUN
-------\Service_autorun
((((((((((((((((((((((((( Files Created from 2008-09-16 to 2008-10-16 )))))))))))))))))))))))))))))))
.
2008-10-15 19:51 . 2008-10-15 19:51 <DIR> d-------- C:\Documents and Settings\home\Application Data\Malwarebytes
2008-10-15 19:50 . 2008-10-16 22:20 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-15 19:50 . 2008-10-15 19:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-15 18:36 . 2008-10-15 18:36 <DIR> d-------- C:\Program Files\AxBx
2008-10-15 05:46 . 2008-09-15 13:12 1,846,400 -----c--- C:\WINDOWS\system32\dllcache\win32k.sys
2008-10-14 15:19 . 2008-10-15 18:04 1,966 --a------ C:\Documents and Settings\Orph.egd
2008-10-13 18:09 . 2008-10-13 18:23 0 --a------ C:\WINDOWS\system32\tmp.MSNFix
2008-10-12 14:48 . 2008-10-14 21:20 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-10-11 22:52 . 2008-10-17 00:17 <DIR> d-------- C:\Documents and Settings\home\Tracing
2008-10-11 22:42 . 2008-10-11 22:42 <DIR> d-------- C:\Program Files\Microsoft
2008-10-11 22:33 . 2008-10-11 22:33 <DIR> d-------- C:\Program Files\Common Files\Windows Live
2008-10-11 13:15 . 2008-10-11 13:18 <DIR> d-------- C:\Program Files\Jhoos
2008-10-11 13:15 . 2003-10-06 22:39 26,694 --a------ C:\WINDOWS\system32\customercare.ico
2008-10-11 13:15 . 2003-10-06 22:40 26,694 --a------ C:\WINDOWS\system32\cableguy.ico
2008-10-11 13:15 . 2003-10-06 22:37 26,694 --a------ C:\WINDOWS\system32\about.ico
2008-10-11 13:15 . 2001-10-13 01:06 10,134 --a------ C:\WINDOWS\system32\tubely.ico
2008-10-10 22:45 . 2008-10-07 10:01 19,968 --a------ C:\WINDOWS\system32\pdn.exe
2008-10-10 22:45 . 2008-10-07 10:01 19,968 ---h----- C:\Documents and Settings\home\dldckh.exe
2008-10-05 20:06 . 2008-10-05 20:06 <DIR> d-------- C:\Program Files\Common Files\Ulead Systems
2008-10-05 20:06 . 1998-12-08 18:53 212,480 --------- C:\WINDOWS\system32\PCDLIB32.DLL
2008-10-05 20:06 . 2005-08-04 18:54 40,960 --------- C:\WINDOWS\system32\Ulead Photo Express ScreenSaver.scr
2008-10-05 20:05 . 2008-10-05 20:05 <DIR> d-------- C:\Program Files\Ulead Systems
2008-10-05 20:04 . 2008-10-05 20:04 <DIR> d-------- C:\Documents and Settings\home\Application Data\Ulead Systems
2008-10-05 20:04 . 2008-10-05 20:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-10-05 19:58 . 2008-10-05 19:58 7,680 --ahs---- C:\WINDOWS\Thumbs.db
2008-10-05 19:52 . 2008-10-05 19:52 <DIR> d-------- C:\Program Files\Morpheus Photo Morpher
2008-10-05 19:52 . 2008-10-05 19:52 <DIR> d-------- C:\Documents and Settings\home\Application Data\Morpheus Software
2008-10-05 15:01 . 2008-10-05 22:47 <DIR> d-------- C:\Documents and Settings\home\Application Data\gtk-2.0
2008-10-05 15:01 . 2008-10-05 15:01 <DIR> d-------- C:\Documents and Settings\home\.thumbnails
2008-10-05 14:56 . 2008-10-06 00:40 <DIR> d-------- C:\Documents and Settings\home\.gimp-2.6
2008-10-05 14:56 . 2008-10-05 14:56 <DIR> d-------- C:\Documents and Settings\home\.gegl-0.0
2008-10-05 14:55 . 2008-10-05 14:55 <DIR> d-------- C:\Program Files\Gimp-2.0
2008-09-26 07:57 . 2008-10-10 22:51 <DIR> d-------- C:\Program Files\Free Download Manager
2008-09-26 07:57 . 2008-10-17 00:11 <DIR> d-------- C:\Documents and Settings\home\Application Data\Free Download Manager
2008-09-26 07:57 . 2008-09-26 07:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FreeDownloadManager.ORG
2008-09-24 20:06 . 2008-10-16 23:39 <DIR> d-------- C:\Documents and Settings\home\Application Data\OpenOffice.org2
2008-09-17 19:34 . 2008-10-09 01:39 <DIR> d-------- C:\Documents and Settings\home\Application Data\skypePM
2008-09-17 19:34 . 2008-09-17 19:34 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-09-17 19:26 . 2008-10-09 03:11 <DIR> d-------- C:\Documents and Settings\home\Application Data\Skype
2008-09-17 19:20 . 2008-09-17 19:20 <DIR> d-------- C:\Program Files\Skype
2008-09-17 19:20 . 2008-09-17 19:20 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-09-17 19:20 . 2008-09-17 19:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-16 19:33 --------- d-----w C:\Documents and Settings\home\Application Data\AVG7
2008-10-13 06:48 --------- d-----w C:\Documents and Settings\home\Application Data\DMCache
2008-10-11 21:50 --------- d-----w C:\Program Files\Windows Live
2008-10-11 07:25 --------- d-----w C:\Documents and Settings\home\Application Data\BearShare
2008-10-10 21:51 --------- d-----w C:\Program Files\Internet Download Manager
2008-10-05 19:05 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-26 07:12 --------- d-----w C:\Program Files\BitComet
2008-09-26 06:56 --------- d-----w C:\Documents and Settings\home\Application Data\IDM
2008-09-15 12:12 1,846,400 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-11 20:53 --------- d-----w C:\Documents and Settings\home\Application Data\Creative
2008-09-08 23:03 51,712 ----a-w C:\WINDOWS\system32\sirenacm.dll
2008-09-07 23:49 --------- d-----w C:\Program Files\OpenOffice.org 2.4
2008-09-07 23:49 --------- d-----w C:\Program Files\Java
2008-09-05 14:56 287,744 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-08-23 20:48 --------- d-----w C:\Documents and Settings\home\Application Data\Digsby
2008-08-23 20:47 --------- d-----w C:\Program Files\Digsby
2008-08-21 10:00 --------- d-----w C:\Documents and Settings\home\Application Data\iMesh
2008-08-21 09:59 --------- d-----w C:\Program Files\iMesh Applications
2008-08-19 16:01 --------- d-----w C:\Program Files\VirtualDJ
2008-07-26 14:38 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-07-26 14:38 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-07-19 05:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 05:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 05:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 05:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 05:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 05:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 05:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 05:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-19 05:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-19 05:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
1998-08-24 19:09 10,000 ----a-w C:\WINDOWS\inf\unregpn.exe
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\home\dldckh.exe -- Unable to find Resource table header.
MD5: 61798814e7e4639b9d2cf1b9180b6884
---- C:\Program Files\Jhoos\Jhoos.exe ----
Company: Jhoos
File Description:
File Version: 1.00
Product Name: Jhoos Chat
Copyright:
Original file name: JhoosChat.exe
MD5: 9efa2ef176c69075c564d952b136025b
C:\WINDOWS\system32\about.ico -- Not a PE file.
MD5: d0b7b077cd6f06ad3ccd4442d9198d3f
C:\WINDOWS\system32\cableguy.ico -- Not a PE file.
MD5: 0fcdec162e697e4637c8208cfc7ec610
C:\WINDOWS\system32\customercare.ico -- Not a PE file.
MD5: 75a3b4031d5c839e34153a8cca74ad72
C:\WINDOWS\system32\pdn.exe -- Unable to find Resource table header.
MD5: 61798814e7e4639b9d2cf1b9180b6884
C:\WINDOWS\system32\tubely.ico -- Not a PE file.
MD5: 4fd9f2c9d91ae936d59348aba4e3fcdb
---- C:\WINDOWS\V0420Mon.exe ----
Company: Creative Technology Ltd.
File Description: Live! Cam Console Auto Launcher
File Version: 1.00.01.00
Product Name:
Copyright: Copyright (c) Creative Technology Ltd., 2007
Original file name: V0420Mon.exe
MD5: f5948132d8a0dfa7390f7b1e58bb6057
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2008-09-09 3513344]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-18 1249280]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-06-18 1122816]
"Creative Live! Cam Manager"="C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" [2007-06-07 155648]
"Free Download Manager"="C:\Program Files\Free Download Manager\fdm.exe" [2008-02-25 2465839]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NewsUpd"="C:\Program Files\Creative\News\NewsUpd.EXE" [2000-08-04 44032]
"Disc Detector"="C:\Program Files\Creative\ShareDLL\CtNotify.exe" [1999-08-30 189952]
"SysTrayApp"="C:\Program Files\IDT\WDM\sttray.exe" [2008-04-11 413696]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-07-27 579584]
"V0420Mon.exe"="C:\WINDOWS\V0420Mon.exe" [2007-04-30 32768]
"Ulead AutoDetector"="C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe" [2005-07-28 94208]
"Ulead Calendar Checker"="C:\Program Files\Ulead Systems\Ulead Photo Express 6\CalCheck.exe" [2005-08-22 69632]
"pdn"="C:\WINDOWS\system32\pdn.exe" [2008-10-07 19968]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-07-26 219136]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
C:\Documents and Settings\home\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 393216]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-07-26 839680]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\SightSpeed\\SightSpeed.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Documents and Settings\\home\\dldckh.exe"=
"C:\\WINDOWS\\system32\\pdn.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"16174:TCP"= 16174:TCP:BitComet 16174 TCP
"16174:UDP"= 16174:UDP:BitComet 16174 UDP
R3 e4usbaw;USB ADSL2 WAN Adapter;C:\WINDOWS\system32\DRIVERS\e4usbaw.sys [2006-05-05 114616]
R3 V0420VID;Live! Cam Vista IM (VF0420);C:\WINDOWS\system32\DRIVERS\V0420Vid.sys [2007-05-31 99648]
S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);C:\WINDOWS\system32\Drivers\e4ldr.sys [2006-03-03 63555]
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-17 00:15:39
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
C:\WINDOWS\system32\pdn.exe [2848] 0x8221E978
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Disc Detector = C:\Program Files\Creative\ShareDLL\CtNotify.exe?X???(???????????? C?????Disc Detector?B???A???????A?? ????B???@?$?@?? C?????U?@?????????@?B???A???????A?p ????B???@?????P???$?@? ??????~?B~??????????@???????????????????B?????| ???????????????????P????????B
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\Ctsvccda.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Creative\ShareDLL\Mediadet.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.bin
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
.
**************************************************************************
.
Completion time: 2008-10-17 0:21:22 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-16 23:21:15
ComboFix2.txt 2008-10-16 22:44:03
Pre-Run: 141,431,910,400 bytes free
Post-Run: 141,427,773,440 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
266 --- E O F --- 2008-10-16 13:51:47
ComboFix 08-10-16.01 - home 2008-10-17 0:12:14.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.163 [GMT 1:00]
Running from: C:\Documents and Settings\home\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\home\Desktop\CFScript.txt
* Created a new restore point
FILE ::
C:\huadio.tmp
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\AdVantage
C:\Program Files\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome.manifest
C:\Program Files\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\content\advantage.png
C:\Program Files\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\content\contents.rdf
C:\Program Files\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\content\overlay.js
C:\Program Files\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\content\overlay.xul
C:\Program Files\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\content\vssver2.scc
C:\Program Files\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\locale\en-US\overlay.dtd
C:\Program Files\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\locale\en-US\vssver2.scc
C:\Program Files\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\components\IMeMedia_FF.xpt
C:\Program Files\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\components\MeMedia_FF.dll
C:\Program Files\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\install.js
C:\Program Files\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\install.rdf
C:\Program Files\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\vssver2.scc
C:\Program Files\AdVantage\AdVantage.db
C:\Program Files\AdVantage\AdVantage.exe
C:\Program Files\AdVantage\AdVantage.htm
C:\Program Files\AdVantage\AdVUninst.exe
C:\Program Files\AdVantage\ffext.mod
C:\Program Files\AdVantage\TR.dll
C:\Program Files\AdVantage\user.db
C:\Program Files\Fun Web Products
C:\ToolBar SD
C:\ToolBar SD\Backup-TB\DOCUME~1\home\Cookies\home@myway[1].txt
C:\ToolBar SD\Backup-TB\DOCUME~1\home\Cookies\home@mywebsearch[1].txt
C:\ToolBar SD\Backup-TB\Program Files\FunWebProducts\[u]0/u0AB615A.dat
C:\ToolBar SD\Changelog ToolBar.txt
C:\ToolBar SD\Doss.tbsd
C:\ToolBar SD\RegP2.txt
C:\ToolBar SD\RegP3.txt
C:\ToolBar SD\RegP4.txt
C:\ToolBar SD\RegP5.txt
C:\ToolBar SD\RegPCU.txt
C:\ToolBar SD\RegPLM.txt
C:\ToolBar SD\RKit.lsd
C:\ToolBar SD\RoGUeS.lsd
C:\ToolBar SD\RunTool.txt
C:\ToolBar SD\TB_1.txt
C:\ToolBar SD\TB_2.txt
C:\ToolBar SD\TB_3.txt
C:\ToolBar SD\TB_4.txt
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_AUTORUN
-------\Service_autorun
((((((((((((((((((((((((( Files Created from 2008-09-16 to 2008-10-16 )))))))))))))))))))))))))))))))
.
2008-10-15 19:51 . 2008-10-15 19:51 <DIR> d-------- C:\Documents and Settings\home\Application Data\Malwarebytes
2008-10-15 19:50 . 2008-10-16 22:20 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-15 19:50 . 2008-10-15 19:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-15 18:36 . 2008-10-15 18:36 <DIR> d-------- C:\Program Files\AxBx
2008-10-15 05:46 . 2008-09-15 13:12 1,846,400 -----c--- C:\WINDOWS\system32\dllcache\win32k.sys
2008-10-14 15:19 . 2008-10-15 18:04 1,966 --a------ C:\Documents and Settings\Orph.egd
2008-10-13 18:09 . 2008-10-13 18:23 0 --a------ C:\WINDOWS\system32\tmp.MSNFix
2008-10-12 14:48 . 2008-10-14 21:20 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-10-11 22:52 . 2008-10-17 00:17 <DIR> d-------- C:\Documents and Settings\home\Tracing
2008-10-11 22:42 . 2008-10-11 22:42 <DIR> d-------- C:\Program Files\Microsoft
2008-10-11 22:33 . 2008-10-11 22:33 <DIR> d-------- C:\Program Files\Common Files\Windows Live
2008-10-11 13:15 . 2008-10-11 13:18 <DIR> d-------- C:\Program Files\Jhoos
2008-10-11 13:15 . 2003-10-06 22:39 26,694 --a------ C:\WINDOWS\system32\customercare.ico
2008-10-11 13:15 . 2003-10-06 22:40 26,694 --a------ C:\WINDOWS\system32\cableguy.ico
2008-10-11 13:15 . 2003-10-06 22:37 26,694 --a------ C:\WINDOWS\system32\about.ico
2008-10-11 13:15 . 2001-10-13 01:06 10,134 --a------ C:\WINDOWS\system32\tubely.ico
2008-10-10 22:45 . 2008-10-07 10:01 19,968 --a------ C:\WINDOWS\system32\pdn.exe
2008-10-10 22:45 . 2008-10-07 10:01 19,968 ---h----- C:\Documents and Settings\home\dldckh.exe
2008-10-05 20:06 . 2008-10-05 20:06 <DIR> d-------- C:\Program Files\Common Files\Ulead Systems
2008-10-05 20:06 . 1998-12-08 18:53 212,480 --------- C:\WINDOWS\system32\PCDLIB32.DLL
2008-10-05 20:06 . 2005-08-04 18:54 40,960 --------- C:\WINDOWS\system32\Ulead Photo Express ScreenSaver.scr
2008-10-05 20:05 . 2008-10-05 20:05 <DIR> d-------- C:\Program Files\Ulead Systems
2008-10-05 20:04 . 2008-10-05 20:04 <DIR> d-------- C:\Documents and Settings\home\Application Data\Ulead Systems
2008-10-05 20:04 . 2008-10-05 20:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-10-05 19:58 . 2008-10-05 19:58 7,680 --ahs---- C:\WINDOWS\Thumbs.db
2008-10-05 19:52 . 2008-10-05 19:52 <DIR> d-------- C:\Program Files\Morpheus Photo Morpher
2008-10-05 19:52 . 2008-10-05 19:52 <DIR> d-------- C:\Documents and Settings\home\Application Data\Morpheus Software
2008-10-05 15:01 . 2008-10-05 22:47 <DIR> d-------- C:\Documents and Settings\home\Application Data\gtk-2.0
2008-10-05 15:01 . 2008-10-05 15:01 <DIR> d-------- C:\Documents and Settings\home\.thumbnails
2008-10-05 14:56 . 2008-10-06 00:40 <DIR> d-------- C:\Documents and Settings\home\.gimp-2.6
2008-10-05 14:56 . 2008-10-05 14:56 <DIR> d-------- C:\Documents and Settings\home\.gegl-0.0
2008-10-05 14:55 . 2008-10-05 14:55 <DIR> d-------- C:\Program Files\Gimp-2.0
2008-09-26 07:57 . 2008-10-10 22:51 <DIR> d-------- C:\Program Files\Free Download Manager
2008-09-26 07:57 . 2008-10-17 00:11 <DIR> d-------- C:\Documents and Settings\home\Application Data\Free Download Manager
2008-09-26 07:57 . 2008-09-26 07:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FreeDownloadManager.ORG
2008-09-24 20:06 . 2008-10-16 23:39 <DIR> d-------- C:\Documents and Settings\home\Application Data\OpenOffice.org2
2008-09-17 19:34 . 2008-10-09 01:39 <DIR> d-------- C:\Documents and Settings\home\Application Data\skypePM
2008-09-17 19:34 . 2008-09-17 19:34 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-09-17 19:26 . 2008-10-09 03:11 <DIR> d-------- C:\Documents and Settings\home\Application Data\Skype
2008-09-17 19:20 . 2008-09-17 19:20 <DIR> d-------- C:\Program Files\Skype
2008-09-17 19:20 . 2008-09-17 19:20 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-09-17 19:20 . 2008-09-17 19:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-16 19:33 --------- d-----w C:\Documents and Settings\home\Application Data\AVG7
2008-10-13 06:48 --------- d-----w C:\Documents and Settings\home\Application Data\DMCache
2008-10-11 21:50 --------- d-----w C:\Program Files\Windows Live
2008-10-11 07:25 --------- d-----w C:\Documents and Settings\home\Application Data\BearShare
2008-10-10 21:51 --------- d-----w C:\Program Files\Internet Download Manager
2008-10-05 19:05 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-26 07:12 --------- d-----w C:\Program Files\BitComet
2008-09-26 06:56 --------- d-----w C:\Documents and Settings\home\Application Data\IDM
2008-09-15 12:12 1,846,400 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-11 20:53 --------- d-----w C:\Documents and Settings\home\Application Data\Creative
2008-09-08 23:03 51,712 ----a-w C:\WINDOWS\system32\sirenacm.dll
2008-09-07 23:49 --------- d-----w C:\Program Files\OpenOffice.org 2.4
2008-09-07 23:49 --------- d-----w C:\Program Files\Java
2008-09-05 14:56 287,744 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-08-23 20:48 --------- d-----w C:\Documents and Settings\home\Application Data\Digsby
2008-08-23 20:47 --------- d-----w C:\Program Files\Digsby
2008-08-21 10:00 --------- d-----w C:\Documents and Settings\home\Application Data\iMesh
2008-08-21 09:59 --------- d-----w C:\Program Files\iMesh Applications
2008-08-19 16:01 --------- d-----w C:\Program Files\VirtualDJ
2008-07-26 14:38 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-07-26 14:38 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-07-19 05:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 05:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 05:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 05:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 05:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 05:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 05:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 05:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-19 05:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-19 05:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
1998-08-24 19:09 10,000 ----a-w C:\WINDOWS\inf\unregpn.exe
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\home\dldckh.exe -- Unable to find Resource table header.
MD5: 61798814e7e4639b9d2cf1b9180b6884
---- C:\Program Files\Jhoos\Jhoos.exe ----
Company: Jhoos
File Description:
File Version: 1.00
Product Name: Jhoos Chat
Copyright:
Original file name: JhoosChat.exe
MD5: 9efa2ef176c69075c564d952b136025b
C:\WINDOWS\system32\about.ico -- Not a PE file.
MD5: d0b7b077cd6f06ad3ccd4442d9198d3f
C:\WINDOWS\system32\cableguy.ico -- Not a PE file.
MD5: 0fcdec162e697e4637c8208cfc7ec610
C:\WINDOWS\system32\customercare.ico -- Not a PE file.
MD5: 75a3b4031d5c839e34153a8cca74ad72
C:\WINDOWS\system32\pdn.exe -- Unable to find Resource table header.
MD5: 61798814e7e4639b9d2cf1b9180b6884
C:\WINDOWS\system32\tubely.ico -- Not a PE file.
MD5: 4fd9f2c9d91ae936d59348aba4e3fcdb
---- C:\WINDOWS\V0420Mon.exe ----
Company: Creative Technology Ltd.
File Description: Live! Cam Console Auto Launcher
File Version: 1.00.01.00
Product Name:
Copyright: Copyright (c) Creative Technology Ltd., 2007
Original file name: V0420Mon.exe
MD5: f5948132d8a0dfa7390f7b1e58bb6057
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2008-09-09 3513344]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-18 1249280]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-06-18 1122816]
"Creative Live! Cam Manager"="C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" [2007-06-07 155648]
"Free Download Manager"="C:\Program Files\Free Download Manager\fdm.exe" [2008-02-25 2465839]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NewsUpd"="C:\Program Files\Creative\News\NewsUpd.EXE" [2000-08-04 44032]
"Disc Detector"="C:\Program Files\Creative\ShareDLL\CtNotify.exe" [1999-08-30 189952]
"SysTrayApp"="C:\Program Files\IDT\WDM\sttray.exe" [2008-04-11 413696]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-07-27 579584]
"V0420Mon.exe"="C:\WINDOWS\V0420Mon.exe" [2007-04-30 32768]
"Ulead AutoDetector"="C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe" [2005-07-28 94208]
"Ulead Calendar Checker"="C:\Program Files\Ulead Systems\Ulead Photo Express 6\CalCheck.exe" [2005-08-22 69632]
"pdn"="C:\WINDOWS\system32\pdn.exe" [2008-10-07 19968]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-07-26 219136]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
C:\Documents and Settings\home\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 393216]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-07-26 839680]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\SightSpeed\\SightSpeed.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Documents and Settings\\home\\dldckh.exe"=
"C:\\WINDOWS\\system32\\pdn.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"16174:TCP"= 16174:TCP:BitComet 16174 TCP
"16174:UDP"= 16174:UDP:BitComet 16174 UDP
R3 e4usbaw;USB ADSL2 WAN Adapter;C:\WINDOWS\system32\DRIVERS\e4usbaw.sys [2006-05-05 114616]
R3 V0420VID;Live! Cam Vista IM (VF0420);C:\WINDOWS\system32\DRIVERS\V0420Vid.sys [2007-05-31 99648]
S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);C:\WINDOWS\system32\Drivers\e4ldr.sys [2006-03-03 63555]
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-17 00:15:39
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
C:\WINDOWS\system32\pdn.exe [2848] 0x8221E978
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Disc Detector = C:\Program Files\Creative\ShareDLL\CtNotify.exe?X???(???????????? C?????Disc Detector?B???A???????A?? ????B???@?$?@?? C?????U?@?????????@?B???A???????A?p ????B???@?????P???$?@? ??????~?B~??????????@???????????????????B?????| ???????????????????P????????B
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\Ctsvccda.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Creative\ShareDLL\Mediadet.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.bin
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
.
**************************************************************************
.
Completion time: 2008-10-17 0:21:22 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-16 23:21:15
ComboFix2.txt 2008-10-16 22:44:03
Pre-Run: 141,431,910,400 bytes free
Post-Run: 141,427,773,440 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
266 --- E O F --- 2008-10-16 13:51:47