My way speedbar (FunWebProducts)

[Lisa]

J'avais installé un petit programme qui me permettais d'insérer des émoticons dans mes e-mails.

 

Je me retrouve sur un site qui me dit que j'ai un spyware. Je désinstalle donc tout ça et je passe RegCleaner.

 

voici mon problème:

Quand je vais sur :anonymat.org on me dit:

 

Votre navigateur et votre système d'exploitation sont :

Mozilla/4.0 (compatible; MSIE 6.0; Windows 98; FunWebProducts; .NET CLR 1.1.4322)

 

 

J'ai fouillé ma base de registre je ne trouve rien de suspect, une idée à me proposer?

 

 

[ST@if]

Salut Lisa

Si tu as réellement 1 ou des spywares encore installés, le programme Spybot S&D t'en avisera de suite et te permettra de le(s) bannir. Tu as même une option "vaccination" que je te laisse le soin de découvrir.

SUS AUX GREDINS!

[Lisa]

Ouais...

 

j'avais oublié de préciser que j'avais préalablement fait un scan avec Spybot S&D et aussi Ad-Aware (mis à jour les 2 ) et que j'ai toujours les traces de l'intrus dans mon ordi....

 

 

Si je clique dans mon browser sur: Affichage/Volet d'exploitation

 

J'ai : - Rechercher - Favoris - Média - Historique - My Way Speedbar Quick View - Dossiers

 

 

Voilà...

 

Une suggestion?...

[Invité tesgaz]

SAlut lisa,

 

c'est un BHO

 

passe un coup de hijackthis

http://www.zdnet.fr/telecharger/windows/fi...9062380s,00.htm

 

et tu trouvera l'entrée de la valeur a supprimer dans la base de registre

[Lisa]

passe un coup de hijackthis

 

 

j'ai essayé "HijackThis" ainsi que "CWShredder "

 

L'intrus est coriace.....

[Mr.T]

jai , mais au lieu de dune barre cest des popup

va dans le dossier WINDOW puis Downloaded Program Files, ya les fichier programmes et leur etat

[Invité tesgaz]

fais nous passer la liste que te sort HijackThis

[Lisa]

J'ai juste "shockwave flash object" Type:Contrôle ActiveX 32 Ko là

 

[Invité tesgaz]

fais un tour sur ces clés dans ta base dregistre :

HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main

Dans le volet de droite, supprimes ces valeurs chaîne : Search Bar - Search Page - Start Page.

Le même type de problèmes peut se poser dans :

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer

"SearchURL"

idem pour ces clés :

HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Control Panel

HKEY_LOCAL_MACHINE\\Software\Microsoft\Internet Explorer\Main

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search

et suprimes les valeurs si tu en trouves dans ces clés

HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions\

HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\InternetExplorer\Restrictions\

[Lisa]

Voilà ce que j'ai:

 

StartupList report, 10/03/04, 10:55:27

StartupList version: 1.52

Started from : C:\HIJACKTHIS.EXE

Detected: Windows 98 SE (Win9x 4.10.2222A)

Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)

* Using default options

* Including empty and uninteresting sections

* Showing rarely important sections

==================================================

 

Running processes:

 

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\WINDOWS\LOADQM.EXE

C:\WINDOWS\SYSTEM\STIMON.EXE

C:\PROGRAM FILES\RAMPAGE\RAMPAGE.EXE

C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE

C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE

C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE

C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\HIJACKTHIS.EXE

 

--------------------------------------------------

 

Listing of startup folders:

 

Shell folders Startup:

[C:\WINDOWS\Menu Démarrer\Programmes\Démarrage]

*No files*

 

Shell folders AltStartup:

*Folder not found*

 

User shell folders Startup:

*Folder not found*

 

User shell folders AltStartup:

*Folder not found*

 

Shell folders Common Startup:

[C:\WINDOWS\All users\Menu Démarrer\Programmes\Démarrage]

*No files*

 

Shell folders Common AltStartup:

*Folder not found*

 

User shell folders Common Startup:

*Folder not found*

 

User shell folders Alternate Common Startup:

*Folder not found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

 

ScanRegistry = C:\WINDOWS\scanregw.exe /autorun

SystemTray = SysTray.Exe

LoadQM = loadqm.exe

ELSAChipGuard = C:\WINDOWS\ELSAUTIL\elsavect.exe

StillImageMonitor = C:\WINDOWS\SYSTEM\STIMON.EXE

RAMpage = "C:\Program Files\RAMpage\RAMpage.exe" M=28 T=4 P="C:\Program Files\RAMpage\RAMpageConfig.exe"

Zone Labs Client = C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe

LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

NAV Agent = C:\PROGRA~1\NORTON~1\NAVAPW32.EXE

Logitech Utility = LOGI_MWX.EXE

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

 

*No values found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

 

*No values found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

 

TrueVector = C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service

LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

SchedulingAgent = C:\WINDOWS\SYSTEM\mstask.exe

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

 

*No values found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

 

msnmsgr = "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background

 

--------------------------------------------------

 

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

 

*No values found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

 

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

 

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

 

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

*No subkeys found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No subkeys found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No subkeys found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*No subkeys found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*No subkeys found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

*No subkeys found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No subkeys found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

 

--------------------------------------------------

 

File association entry for .EXE:

HKEY_CLASSES_ROOT\exefile\shell\open\command

 

(Default) = "%1" %*

 

--------------------------------------------------

 

File association entry for .COM:

HKEY_CLASSES_ROOT\comfile\shell\open\command

 

(Default) = "%1" %*

 

--------------------------------------------------

 

File association entry for .BAT:

HKEY_CLASSES_ROOT\batfile\shell\open\command

 

(Default) = "%1" %*

 

--------------------------------------------------

 

File association entry for .PIF:

HKEY_CLASSES_ROOT\piffile\shell\open\command

 

(Default) = "%1" %*

 

--------------------------------------------------

 

File association entry for .SCR:

HKEY_CLASSES_ROOT\scrfile\shell\open\command

 

(Default) = "%1" /S

 

--------------------------------------------------

 

File association entry for .HTA:

HKEY_CLASSES_ROOT\htafile\shell\open\command

 

(Default) = C:\WINDOWS\SYSTEM\MSHTA.EXE "%1" %*

 

--------------------------------------------------

 

Enumerating Active Setup stub paths:

HKLM\Software\Microsoft\Active Setup\Installed Components

(* = disabled by HKCU twin)

 

[setupcPerUser] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection SetupcPerUser 64 C:\WINDOWS\INF\setupc.inf

 

[AppletsPerUser] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection AppletsPerUser 64 C:\WINDOWS\INF\applets.inf

 

[FontsPerUser] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection FontsPerUser 64 C:\WINDOWS\INF\fonts.inf

 

[PerUser_ICW_Inis] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_ICW_Inis 0 C:\WINDOWS\INF\icw97.inf

 

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *

StubPath = rundll32.exe advpack.dll,UserInstStubWrapper {89820200-ECBD-11cf-8B85-00AA005B4383}

 

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *

StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

 

[{89820200-ECBD-11cf-8B85-00AA005B4395}] *

StubPath = rundll32.exe advpack.dll,LaunchINFSectionEx C:\WINDOWS\SYSTEM\ie4uinit.inf,Shell.UserStub,,36

 

[>PerUser_MSN_Clean] *

StubPath = C:\WINDOWS\msnmgsr1.exe

 

[{CA0A4247-44BE-11d1-A005-00805F8ABE06}] *

StubPath = RunDLL setupx.dll,InstallHinfSection PowerCfg.user 0 powercfg.inf

 

[PerUser_Msinfo] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Msinfo 64 C:\WINDOWS\INF\msinfo.inf

 

[PerUser_Msinfo2] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Msinfo2 64 C:\WINDOWS\INF\msinfo.inf

 

[MotownMmsysPerUser] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MotownMmsysPerUser 64 C:\WINDOWS\INF\motown.inf

 

[MotownAvivideoPerUser] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MotownAvivideoPerUser 64 C:\WINDOWS\INF\motown.inf

 

[{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] *

StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\mplay98.inf,PerUserStub

 

[MotownMPlayPerUser] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MotownMPlayPerUser 64 C:\WINDOWS\INF\mplay98.inf

 

[PerUser_Base] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Base 64 C:\WINDOWS\INF\msmail.inf

 

[shellPerUser] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection ShellPerUser 64 C:\WINDOWS\INF\shell.inf

 

[shell2PerUser] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection Shell2PerUser 64 C:\WINDOWS\INF\shell2.inf

 

[PerUser_winbase_Links] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_winbase_Links 64 C:\WINDOWS\INF\subase.inf

 

[PerUser_winapps_Links] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_winapps_Links 64 C:\WINDOWS\INF\subase.inf

 

[PerUser_LinkBar_URLs] *

StubPath = C:\WINDOWS\COMMAND\sulfnbk.exe /L

 

[TapiPerUser] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection TapiPerUser 64 C:\WINDOWS\INF\tapi.inf

 

[{73fa19d0-2d75-11d2-995d-00c04f98bbc9}] *

StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\webfdr16.inf,PerUserStub.Install,1

 

[PerUserOldLinks] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUserOldLinks 64 C:\WINDOWS\INF\appletpp.inf

 

[MmoptRegisterPerUser] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MmoptRegisterPerUser 64 C:\WINDOWS\INF\mmopt.inf

 

[OlsPerUser] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection OlsPerUser 64 C:\WINDOWS\INF\ols.inf

 

[OlsMsnPerUser] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection OlsMsnPerUser 64 C:\WINDOWS\INF\ols.inf

 

[PerUser_Paint_Inis] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Paint_Inis 64 C:\WINDOWS\INF\applets.inf

 

[PerUser_Calc_Inis] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Calc_Inis 64 C:\WINDOWS\INF\applets.inf

 

[PerUser_CVT_Inis] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_CVT_Inis 64 C:\WINDOWS\INF\applets1.inf

 

[MotownRecPerUser] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MotownRecPerUser 64 C:\WINDOWS\INF\motown.inf

 

[PerUser_Vol] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Vol 64 C:\WINDOWS\INF\motown.inf

 

[PerUser_MSWordPad_Inis] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_MSWordPad_Inis 64 C:\WINDOWS\INF\wordpad.inf

 

[PerUser_RNA_Inis] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_RNA_Inis 64 C:\WINDOWS\INF\rna.inf

 

[PerUser_Dialer_Inis] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Dialer_Inis 64 C:\WINDOWS\INF\appletpp.inf

 

[PerUser_CDPlayer_Inis] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_CDPlayer_Inis 64 C:\WINDOWS\INF\mmopt.inf

 

[{44BBA842-CC51-11CF-AAFA-00AA00B6015C}] *

StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.W95

 

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *

StubPath = rundll32.exe advpack.dll,UserInstStubWrapper {44BBA840-CC51-11CF-AAFA-00AA00B6015C}

 

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *

StubPath = rundll32.exe advpack.dll,UserInstStubWrapper {7790769C-0471-11d2-AF11-00C04FA35D02}

 

[OlsAolPerUser] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection OlsAolPerUser 64 C:\WINDOWS\INF\ols.inf

 

[OlsFTPerUser] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection OlsFTPerUser 64 C:\WINDOWS\INF\ols.inf

 

[OlsCompuservePerUser] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection OlsCompuservePerUser 64 C:\WINDOWS\INF\ols.inf

 

[{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}] *

StubPath = C:\WINDOWS\SYSTEM\updcrl.exe -e -u C:\WINDOWS\SYSTEM\verisignpub1.crl

 

[PerUser_Wingames_Inis] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Wingames_Inis 64 C:\WINDOWS\INF\appletpp.inf

 

[{E4066320-E4AE-11CF-B1B0-00AA00BBAD66}] *

StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fpxpress.inf,PerUserstub

 

[PerUser_Sysmon_Inis] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Sysmon_Inis 64 C:\WINDOWS\INF\appletpp.inf

 

[PerUser_Sysmeter_Inis] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Sysmeter_Inis 64 C:\WINDOWS\INF\appletpp.inf

 

[PerUser_CharMap_Inis] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_CharMap_Inis 64 C:\WINDOWS\INF\appletpp.inf

 

[PerUser_DCC_Inis] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_DCC_Inis 64 C:\WINDOWS\INF\rna.inf

 

--------------------------------------------------

 

Enumerating ICQ Agent Autostart apps:

HKCU\Software\Mirabilis\ICQ\Agent\Apps

 

*Registry key not found*

 

--------------------------------------------------

 

Load/Run keys from C:\WINDOWS\WIN.INI:

 

load=

run=

 

--------------------------------------------------

 

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

 

Shell=Explorer.exe

SCRNSAVE.EXE=C:\WINDOWS\SYSTEM\BOÎTEF~1.SCR

drivers=mmsystem.dll power.drv

 

--------------------------------------------------

 

Checking for EXPLORER.EXE instances:

 

C:\WINDOWS\Explorer.exe: PRESENT!

 

C:\Explorer.exe: not present

C:\WINDOWS\Explorer\Explorer.exe: not present

C:\WINDOWS\System\Explorer.exe: not present

C:\WINDOWS\System32\Explorer.exe: not present

C:\WINDOWS\Command\Explorer.exe: not present

C:\WINDOWS\Fonts\Explorer.exe: not present

 

--------------------------------------------------

 

C:\WINDOWS\WININIT.INI listing:

 

*File not found*

 

--------------------------------------------------

 

C:\WINDOWS\WININIT.BAK listing:

(Created 10/3/2004, 8:6:48)

 

[Rename]

NUL=c:\windows\cookies\anyuser@realmedia[2].txt

NUL=c:\windows\cookies\anyuser@bluestreak[1].txt

NUL=c:\windows\cookies\anyuser@doubleclick[1].txt

NUL=c:\windows\cookies\anyuser@276[1].txt

 

--------------------------------------------------

 

C:\AUTOEXEC.BAT listing:

 

SET BLASTER=A220 I7 D1 H7 P330 T6

SET SBPCI=C:\PROGRA~1\CREATIVE\AUDIO\DOSDRV

SET Path=%Path%;"C:\ProgramFiles\ExecutiveSoftware\DiskeeperLite\"

REM ========== By ASUS CD/DVD-ROM driver ===========

rem - By Windows Setup - C:\WINDOWS\COMMAND\MSCDEX.EXE /D:ASUSCD01 /V

REM ============================================

mode con codepage prepare=((850) C:\WINDOWS\COMMAND\ega.cpi)

mode con codepage select=850

keyb cf,,C:\WINDOWS\COMMAND\keybrd2.sys

 

--------------------------------------------------

 

C:\CONFIG.SYS listing:

 

DEVICE=C:\WINDOWS\HIMEM.SYS

DEVICE=C:\WINDOWS\EMM386.EXE

[COMMON]

REM ========== By ASUS CD/DVD-ROM driver ===========

DEVICE=C:\ASUS_CD\ASUSCD.SYS /D:ASUSCD01

LASTDRIVE=Z

REM ============================================

device=C:\WINDOWS\COMMAND\display.sys con=(ega,,1)

Country=033,850,C:\WINDOWS\COMMAND\country.sys

 

--------------------------------------------------

 

C:\WINDOWS\WINSTART.BAT listing:

 

*File not found*

 

--------------------------------------------------

 

C:\WINDOWS\DOSSTART.BAT listing:

 

C:\PROGRA~1\CREATIVE\AUDIO\DOSDRV\SBINIT

C:\WINDOWS\COMMAND\MSCDEX.EXE /D:ASUSCD01 /V

C:\Program Files\Logitech\MouseWare\mouse.exe

 

--------------------------------------------------

 

Checking for superhidden extensions:

 

.lnk: HIDDEN! (arrow overlay: yes)

.pif: HIDDEN! (arrow overlay: yes)

.exe: not hidden

.com: not hidden

.bat: not hidden

.hta: not hidden

.scr: not hidden

.shs: HIDDEN!

.shb: HIDDEN!

.vbs: not hidden

.vbe: not hidden

.wsh: not hidden

.scf: HIDDEN! (arrow overlay: NO!)

.url: HIDDEN! (arrow overlay: yes)

.js: not hidden

.jse: not hidden

 

--------------------------------------------------

 

Verifying REGEDIT.EXE integrity:

 

- Regedit.exe found in C:\WINDOWS

- .reg open command is normal (regedit.exe %1)

- Regedit.exe has no CompanyName property! It is either missing or named something else.

- Regedit.exe has no OriginalFilename property! It is either missing or named something else.

- Regedit.exe has no FileDescription property! It is either missing or named something else.

 

Registry check failed!

 

--------------------------------------------------

 

Enumerating Browser Helper Objects:

 

NAV Helper - C:\Program Files\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}

 

--------------------------------------------------

 

Enumerating Task Scheduler jobs:

 

Symantec NetDetect.job

Norton AntiVirus - Analyser mon ordinateur.job

 

--------------------------------------------------

 

Enumerating Download Program Files:

 

[Microsoft XML Parser for Java]

OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

 

[DirectAnimation Java Classes]

OSD = C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd

 

[internet Explorer Classes for Java]

OSD = C:\WINDOWS\Downloaded Program Files\Internet Explorer Classes for Java.osd

 

[Yahoo! Hearts]

CODEBASE = http://download.games.yahoo.com/games/clients/y/ht1_x.cab

OSD = C:\WINDOWS\Downloaded Program Files\Yahoo! Hearts.osd

 

[shockwave Flash Object]

InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX

CODEBASE = http://download.macromedia.com/pub/shockwa...ash/swflash.cab

 

[MessengerStatsClient Class]

InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\MESSENGERSTATSCLIENT.DLL

CODEBASE = http://messenger.zone.msn.com/binary/Messe...StatsClient.cab

 

[Minesweeper Flags Class]

InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\MINESWEEPER.DLL

CODEBASE = http://messenger.zone.msn.com/binary/MineSweeper.cab

 

--------------------------------------------------

 

Enumerating Winsock LSP files:

 

NameSpace #1: C:\WINDOWS\SYSTEM\rnr20.dll

Protocol #1: C:\WINDOWS\SYSTEM\mswsosp.dll

Protocol #2: C:\WINDOWS\SYSTEM\msafd.dll

Protocol #3: C:\WINDOWS\SYSTEM\msafd.dll

Protocol #4: C:\WINDOWS\SYSTEM\msafd.dll

Protocol #5: C:\WINDOWS\SYSTEM\rsvpsp.dll

Protocol #6: C:\WINDOWS\SYSTEM\rsvpsp.dll

 

--------------------------------------------------

 

Enumerating Win9x VxD services:

 

VNETSUP: vnetsup.vxd

NDIS: ndis.vxd,ndis2sup.vxd

JAVASUP: JAVASUP.VXD

CONFIGMG: *CONFIGMG

NTKern: *NTKERN

VWIN32: *VWIN32

VFBACKUP: *VFBACKUP

VCOMM: *VCOMM

COMBUFF: *COMBUFF

IFSMGR: *IFSMGR

IOS: *IOS

MTRR: *mtrr

SPOOLER: *SPOOLER

UDF: *UDF

VFAT: *VFAT

VCACHE: *VCACHE

VCOND: *VCOND

VCDFSD: *VCDFSD

VXDLDR: *VXDLDR

VDEF: *VDEF

VPICD: *VPICD

VTD: *VTD

REBOOT: *REBOOT

VDMAD: *VDMAD

VSD: *VSD

V86MMGR: *V86MMGR

PAGESWAP: *PAGESWAP

DOSMGR: *DOSMGR

VMPOLL: *VMPOLL

SHELL: *SHELL

PARITY: *PARITY

BIOSXLAT: *BIOSXLAT

VMCPD: *VMCPD

VTDAPI: *VTDAPI

PERF: *PERF

VRTWD: C:\WINDOWS\SYSTEM\vrtwd.386

VFIXD: C:\WINDOWS\SYSTEM\vfixd.vxd

VNETBIOS: vnetbios.vxd

VREDIR: vredir.vxd

DFS: dfs.vxd

SYMTDI: SYMTDI.VXD

VSDATA95: vsdata95.vxd

LMOUSE: LMOUSE.VXD

 

--------------------------------------------------

 

Enumerating ShellServiceObjectDelayLoad items:

 

WebCheck: C:\WINDOWS\SYSTEM\WEBCHECK.DLL

 

--------------------------------------------------

End of report, 21 724 bytes

Report generated in 0,394 seconds

 

Command line options:

/verbose - to add additional info on each section

/complete - to include empty sections and unsuspicious data

/full - to include several rarely-important sections

/force9x - to include Win9x-only startups even if running on WinNT

/forcent - to include WinNT-only startups even if running on Win9x

/forceall - to include all Win9x and WinNT startups, regardless of platform

/history - to list version history only