Jump to content

toubib32

Members
  • Posts

    15
  • Joined

  • Last visited

Everything posted by toubib32

  1. Hello Borislav, All the problems are clean now. I can change my homepage. Thank you for your advices and your help. Wish you a great successful day
  2. Results of analyse of Rapidshare.exe in Avira laboratoire Google translation Dear Thank you for the email you sent to the Avira virus lab. Number of task INC00515169. The files and the results are displayed in a list in the following section: No. File Name File Size (bytes) Result 25713921 Rapidshare.exe 297 KB MALWARE You will find the detailed results for each file in the following section: Filename Result Rapidshare.exe MALWARE The file 'Rapidshare.exe has been classified as' MALWARE'. Our analysts have given the name of TR/StartPage.304128 this threat. The designation "TR /" A Trojan horse that is able to spy on your data, damage your privacy and may make unwanted changes on syst
  3. Good Morning, I note an acceleration of about 10% of the download speed with IDM. I want to ask you if I could install these software: 1)ashampoo_internet_accelerator_3_3.20_sm trial version 2)SpeedBit Video Accelerator 3136.4455.0.0 trial version ( SpeedBit Ltd). 3) uninstall avira security( end of trial version period in2 days) and install AVG Internet Security 9.0 trial I found in C:\System Volume Information\_restore{0A5AFFF1-8DB3-49E5-B376-CB40644F3693}\RP1 this application: A0003678.exe (rapidshare generator) I delete it and when I tried to empty Recycle Bin the file desappears. It's again in C:\System Volume Information\_restore{0A5AFFF1-8DB3-49E5-B376-CB40644F3693}\RP1 In fact that is the application I suspect to be the cause of my homepage problem I wish this information was helpfull Waiting for your advices Than you
  4. I note an internet browsing acceleration on firefox and IE
  5. Hello Borislav, It's always the same thing with IE homepage. RemoveWGA.exe C:\Documents and Settings\SG\Bureau\anw Tool.RemoveWGA Incurable.Deleted. A0003064.reg C:\System Volume Information\_restore{0A5AFFF1-8DB3-49E5-B376-CB40644F3693}\RP1 Trojan.StartPage.1505 Deleted. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 22:38:50, on 19/05/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe C:\Program Files\Raxco\PerfectDisk\PDAgent.exe C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Avira\AntiVir Desktop\avmailc.exe C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\Raxco\PerfectDisk\PDEngine.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\sttray.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\DivX\DivX Update\DivXUpdate.exe C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe C:\Program Files\Internet Download Manager\IDMan.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Download Manager\IEMonitor.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [sigmatelSysTrayApp] sttray.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [iDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot O4 - HKCU\..\Run: [HiDownload] C:\Program Files\StreamingStar\HiDownload_Platinum\HiDownloadPlatinum.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: T
  6. Hello, I've stopped the first scan at 43% and I did a new full scan because it stall or I think it was. These are results of the two scans. Thank you for understanding The First scan ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6211 # api_version=3.0.2 # EOSSerial=0fb96d700abbe047b85970c042cc1404 # end=stopped # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2010-05-19 04:24:55 # local_time=2010-05-19 05:24:55 (+0100, Afr. centrale Ouest) # country="France" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=512 16777215 100 0 194281 194281 0 0 # compatibility_mode=768 16777215 100 0 0 0 0 0 # compatibility_mode=1024 16777215 100 0 0 0 0 0 # compatibility_mode=1798 16775141 100 95 16049 763718 0 0 # compatibility_mode=8192 67108863 100 0 428 428 0 0 # scanned=2223 # found=1 # cleaned=1 # scan_time=1278 C:\Documents and Settings\SG\Bureau\anwar\back up driver and\Driver_Genius_9_Professional_US_Full.EXE probably a variant of Win32/Agent trojan (deleted - quarantined) 00000000000000000000000000000000 C ESETSmartInstaller@High as downloader log: all ok esets_scanner_update returned -1 esets_gle=53251 The second scan C:\Documents and Settings\SG\Bureau\Microsoft office 2007 int
  7. Hello Maniac, An expert from another forum advice me to do a scan with OTL (de OldTimer) with a scan text. I wish that it will be helpfull Here are the logs if you need them. I Wish you a nice day
  8. It's always the same thing with the homepage http://www.telecharger-sans-limite.com/. I can't change it. I 've uninstalled Microsoft Security Essentials. Could I place the Combo-fix.exe in the folder containing all the tools I've used or should I let it on my desktop?
  9. Hello, Combo-Fix.txt is attached as a .RAR file
  10. Thank you Thank you Thank you Maniac, It's working . Finally "general" and "advanced" tabs are present in internet options. Still one problem: I can't change my homepage. I am always sent to this homepage:http://www.telecharger-sans-limite.com/ Still need your advices. Have great day
  11. ROOTREPEAL © AD, 2007-2010 ================================================== Report Save Time: 2010/05/18 14:45 Program Version: Version 2.0.0.0 Windows Version: Windows XP SP3 ================================================== DRIVERS ------------------- File Invisible dump_atapi.sys 0xaa389000 C:\WINDOWS\System32\Drivers\dump_atapi.sys, 98304 bytes File Invisible dump_WMILIB.SYS 0xf7b1d000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS, 8192 bytes File Invisible rootrepeal.sys 0xaa65e000 C:\WINDOWS\system32\drivers\rootrepeal.sys, 49152 bytes PROCESSES ------------------- 4 - System 112 - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe 120 - C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe 188 - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe 244 - C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe 312 - C:\WINDOWS\sttray.exe 320 - C:\WINDOWS\system32\igfxtray.exe 324 - C:\WINDOWS\system32\hkcmd.exe 400 - C:\WINDOWS\system32\igfxsrvc.exe 480 - C:\Program Files\DivX\DivX Update\DivXUpdate.exe 564 - C:\WINDOWS\system32\igfxpers.exe 640 - C:\Program Files\Microsoft Security Essentials\msseces.exe 752 - C:\WINDOWS\explorer.exe 764 - C:\WINDOWS\system32\ctfmon.exe 820 - C:\WINDOWS\system32\smss.exe 860 - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSVC.EXE 892 - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe 924 - C:\WINDOWS\system32\csrss.exe 948 - C:\WINDOWS\system32\winlogon.exe 992 - C:\WINDOWS\system32\services.exe 1004 - C:\WINDOWS\system32\lsass.exe 1208 - C:\WINDOWS\system32\svchost.exe 1292 - C:\WINDOWS\system32\svchost.exe 1336 - C:\Program Files\Microsoft Security Essentials\MsMpEng.exe 1348 - C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe 1376 - C:\WINDOWS\system32\svchost.exe 1472 - C:\WINDOWS\system32\svchost.exe 1536 - C:\WINDOWS\system32\svchost.exe 1624 - C:\WINDOWS\system32\wbem\wmiapsrv.exe 1736 - C:\WINDOWS\system32\spoolsv.exe 1796 - C:\Program Files\Avira\AntiVir Desktop\sched.exe 1900 - C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe 1912 - C:\Program Files\Avira\AntiVir Desktop\avguard.exe 1956 - C:\WINDOWS\system32\svchost.exe 2016 - C:\Program Files\Java\jre6\bin\jqs.exe 2348 - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe 2360 - C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe 2480 - C:\Documents and Settings\SG\Bureau\RootRepeal.exe 2496 - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe 2508 - C:\WINDOWS\system32\wuauclt.exe 3020 - C:\Program Files\Internet Download Manager\IEMonitor.exe 3216 - C:\WINDOWS\system32\svchost.exe 3264 - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSVCM.EXE 3564 - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe 3772 - C:\WINDOWS\system32\alg.exe FILES ------------------- Mismatch C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Security Essentials\Support\Application.etl, Size mismatch (API: 466944, Raw: 450560) STEALTH CODE ------------------- HIDDEN SERVICES ------------------- SSDT ------------------- SYSCALL OK, INT 0x2E OK, ServiceTable OK, Driver IAT OK NtCreateKey <unknown> 0xf7c67c1e NtCreateThread <unknown> 0xf7c67c14 NtDeleteKey <unknown> 0xf7c67c23 NtDeleteValueKey <unknown> 0xf7c67c2d NtLoadKey <unknown> 0xf7c67c32 NtOpenProcess <unknown> 0xf7c67c00 NtOpenThread <unknown> 0xf7c67c05 NtReplaceKey <unknown> 0xf7c67c3c NtRestoreKey <unknown> 0xf7c67c37 NtSetValueKey <unknown> 0xf7c67c28 NtTerminateProcess <unknown> 0xf7c67c0f NtWriteVirtualMemory <unknown> 0xf7c67c0a Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 14:55:45, on 18/05/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe c:\Program Files\Microsoft Security Essentials\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe C:\Program Files\Raxco\PerfectDisk\PDAgent.exe C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\WINDOWS\sttray.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Microsoft Security Essentials\msseces.exe C:\Program Files\DivX\DivX Update\DivXUpdate.exe C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe C:\Program Files\Avira\AntiVir Desktop\avmailc.exe C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE C:\Program Files\Raxco\PerfectDisk\PDEngine.exe C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Program Files\Internet Download Manager\IEMonitor.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [sigmatelSysTrayApp] sttray.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [iDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot O4 - HKCU\..\Run: [HiDownload] C:\Program Files\StreamingStar\HiDownload_Platinum\HiDownloadPlatinum.exe O4 - HKCU\..\RunOnce: [RegistryBooster] "C:\Program Files\Uniblue\RegistryBooster\launcher.exe" delay 20000 O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE R
  12. Hi Borislav, Thank you very much for your help. Before reading your message, I
  13. Hello, I use windows xp sp3 updated, IE8. I use the PC primarily for downloading games and movies, and streaming movies and games online. Following the execution of a program, I no longer had access to my task manager and my homepage has been changed. When I go to my internet options, the box "General" containing the home page and choose the option delete history and cookies disappeared. There are many other boxes: security, privacy, content, connection, programs. USB fix allowed me to regain access to my task manager, but found no solution for the two other problems. So far, I did a scan with more than 17 tools microsoft security key avira premium internet security USB Fix findy kill, Ad-remover spybot search and destroy FxBgleMO, FxBeagle, FixJFI, FixAdix of symantech cw shredder avg antivirus CoolWebSearch miniremoval smartkiller C cleaner Tune up utilities uniblue registry booster HijackThis But still no result And finally, I found a hijack in the registry with Malwarebytes' Anti-Malware ----------------HKEY_CURRENT_USER \ SOFTWARE \ Policies \ Microsoft \ Internet Explorer \ Control Panel \ Homepage I removed it. But still no box "general" internet options and no ability to change my homepage. You will find below reports generated by hijackthis and Malwarebytes' Anti-Malware. I certainly was wrong to delete the infected file. So if someone could advise me!?? Please kindly provide me with invaluable help Thank you in advance and sorry for my english PS: If anyone is interested in studying the application that caused me all wrong, contacte me. PC configuration PC: GenuineIntel Processor: Intel Pentium E2140 1.6GHZ 2CPU 1GB of Ram Model: x86 Family 6 Model 15 Stepping 3 Motherboard: ECS Socket 775 Intel 945GCT-M2 * Operating System + version: o Windows XP PRO 2002 updated o SP3 updated * System security: Both 2 antivirus avira premium security suite trial version: updated Microsoft security essentiels: updated * Setting system optimization: tune-up utilities trial, perfect disc trial * Internet navigation o Type of connection: ADSL 1M o Browser: IE 8 and Firefox updated updated o Instant Messaging: NO Other: internet download manager, vlc media player, windows media player, divxplus, nero lite, winrar, imgburn, incromedia website evolution v8 Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 12:11:32, on 17/05/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe c:\Program Files\Microsoft Security Essentials\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe C:\Program Files\Raxco\PerfectDisk\PDAgent.exe C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\WINDOWS\sttray.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Avira\AntiVir Desktop\avmailc.exe C:\Program Files\Microsoft Security Essentials\msseces.exe C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\DivX\DivX Update\DivXUpdate.exe C:\Program Files\Raxco\PerfectDisk\PDEngine.exe C:\Program Files\Internet Download Manager\IDMan.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe C:\Program Files\Internet Download Manager\IEMonitor.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [sigmatelSysTrayApp] sttray.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [iDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot O4 - HKCU\..\RunOnce: [RegistryBooster] "C:\Program Files\Uniblue\RegistryBooster\launcher.exe" delay 20000 O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE R
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.