vila
****************************************
Bazooka Scanner v1.13.03
http://www.kephyr.com/spywarescanner/http://www.kephyr.com/spywarescanner/library/support@kephyr.com
Log created 14:38:50.
OS: Windows NT 5.1
Database version: 3.090000
Database format version: 1.020000
Database date: 20051005
Current date: 2005-10-16 14:38
****************************************
Result when scanning:
No threats found.
****************************************
Auto start entries:
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\desktop.ini
C:\Program Files\Microsoft Office\Office\OSA9.EXE -b -l
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\desktop.ini
C:\Program Files\Microsoft Office\Office\OSA9.EXE -b -l
C:\Documents and Settings\meak\Menu Démarrer\Programmes\Démarrage\desktop.ini
C:\Documents and Settings\meak\Menu Démarrer\Programmes\Démarrage\desktop.ini
Go here to analyse the startup entries and the associated files:
http://www.kephyr.com/filedb/index.php****************************************
Run entries:
ATIModeChange Ati2mdxx.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\ATIModeChange
ATIPTA C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\ATIPTA
ccApp "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\ccApp
URLLSTCK.exe C:\Program Files\Norton Internet Security\UrlLstCk.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\URLLSTCK.exe
PCMService "c:\Apps\Powercinema\PCMService.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\PCMService
ACTIVBOARD c:\apps\ABoard\ABoard.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\ACTIVBOARD
Symantec NetDriver Monitor C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Symantec NetDriver Monitor
VCSPlayer "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\VCSPlayer
CleanEasyImg c:\apps\easydvd\cleanall.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\CleanEasyImg
Xanadu C:\Program Files\Foreignword\Xanadu\Xanadu.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Xanadu
MessengerPlus3 "C:\Program Files\MessengerPlus! 3\MsgPlus1.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\MessengerPlus3
TkBellExe "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\TkBellExe
QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\QuickTime Task
WeatherOnTray C:\Program Files\HbTools\Bin\4.7.0.0\HbtWeatherOnTray.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\WeatherOnTray
HbTools C:\Program Files\HbTools\Bin\4.7.0.0\HbtOEAddOn.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\HbTools
SunJavaUpdateSched C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\SunJavaUpdateSched
thatpureencbags C:\Documents and Settings\All Users\Application Data\Curb platform that pure\Free Internet.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\thatpureencbags
MSMSGS "C:\Program Files\Messenger\msmsgs.exe" /background
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\MSMSGS
Blue4 C:\DOCUME~1\meak\APPLIC~1\INTERD~1\hideadminfive.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Blue4
BoontyBox "C:\Program Files\Boonty\BoontyBox\BoontyBox.exe" /boot
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\BoontyBox
MessengerPlus3 "C:\Program Files\MessengerPlus! 3\MsgPlus1.exe" /WinStart
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\MessengerPlus3
Go here to analyse the run entries and the associated files:
http://www.kephyr.com/filedb/index.php****************************************
Browser helper objects:
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} not set C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
{2A8A997F-BB9F-48F6-AA2B-2762D50F9289} ShprRprts C:\Program Files\ShopperReports\Bin\1.0.8.0\ShprRprt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A8A997F-BB9F-48F6-AA2B-2762D50F9289}
{53707962-6F74-2D53-2644-206D7942484F} not set C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
{74CC49F7-EB32-4A08-B204-948962A6E3DB} HbTools C:\Program Files\HbTools\Bin\4.7.0.0\HbtHostIE.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{74CC49F7-EB32-4A08-B204-948962A6E3DB}
{9ECB9560-04F9-4bbc-943D-298DDF1699E1} Web assistant C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9ECB9560-04F9-4bbc-943D-298DDF1699E1}
{AA58ED58-01DD-4d91-8333-CF10577473F7} not set c:\program files\google\googletoolbar1.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}
{BDF3E430-B101-42AD-A544-FADC6B084872} NAV Helper C:\Program Files\Norton AntiVirus\NavShExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}
{D81661F4-B71C-012F-CCB7-F2FE294B3A01} not set C:\DOCUME~1\THONGV~1.SN2\APPLIC~1\SETTIN~1\start plan.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D81661F4-B71C-012F-CCB7-F2FE294B3A01}
****************************************
Toolbars:
{0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7}
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} C:\Program Files\Norton AntiVirus\NavShExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}
{74CC49F7-EB32-4A08-B204-948962A6E3DB} C:\Program Files\HbTools\Bin\4.7.0.0\HbtHostIE.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{74CC49F7-EB32-4A08-B204-948962A6E3DB}
{2318C2B1-4965-11d4-9B18-009027A5CD4F} c:\program files\google\googletoolbar1.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{2318C2B1-4965-11d4-9B18-009027A5CD4F}
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} C:\Program Files\Norton AntiVirus\NavShExt.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}
{74CC49F7-EB32-4A08-B204-948962A6E3DB} C:\Program Files\HbTools\Bin\4.7.0.0\HbtHostIE.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{74CC49F7-EB32-4A08-B204-948962A6E3DB}
{01E04581-4EEE-11D0-BFE9-00AA005B4383} C:\WINDOWS\System32\browseui.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{01E04581-4EEE-11D0-BFE9-00AA005B4383}
{0E5CBF21-D15F-11D0-8301-00AA005B4383} C:\WINDOWS\system32\SHELL32.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383}
{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} C:\Program Files\Norton AntiVirus\NavShExt.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}
{2318C2B1-4965-11D4-9B18-009027A5CD4F} c:\program files\google\googletoolbar1.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
{74CC49F7-EB32-4A08-B204-948962A6E3DB} C:\Program Files\HbTools\Bin\4.7.0.0\HbtHostIE.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{74CC49F7-EB32-4A08-B204-948962A6E3DB}
{4D5C8C25-D075-11d0-B416-00C04FB90376} C:\WINDOWS\System32\shdocvw.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
{7E66936C-FEA0-4984-AD26-7B6661AC5B2E} C:\Program Files\HbTools\Bin\4.7.0.0\HbtHostIE.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{7E66936C-FEA0-4984-AD26-7B6661AC5B2E}
{FE54FA40-D68C-11d2-98FA-00C0F0318AFE} C:\WINDOWS\System32\Shdocvw.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{FE54FA40-D68C-11d2-98FA-00C0F0318AFE}
{32683183-48a0-441b-a342-7c2a440a9478} Error when opening a registry key, the key doesn't exist. Key: HKEY_CLASSES_ROOT\CLSID\{32683183-48a0-441b-a342-7c2a440a9478}\InprocServer32
System error message: Le fichier spécifié est introuvable.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1} C:\WINDOWS\system32\SHELL32.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
{EFA24E61-B078-11D0-89E4-00C04FC9E26E} C:\WINDOWS\System32\shdocvw.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
{EFA24E64-B078-11D0-89E4-00C04FC9E26E} C:\WINDOWS\System32\shdocvw.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
****************************************
All processes:
[System Process]
System
smss.exe
csrss.exe
winlogon.exe
services.exe
lsass.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
spoolsv.exe
AOLacsd.exe
CDAC11BA.EXE
CCPROXY.EXE
CCSETMGR.EXE
navapsvc.exe
slserv.exe
SNDSrvc.exe
SPBBCSvc.exe
svchost.exe
symlcsvc.exe
wdfmgr.exe
vcssecs.exe
CCEVTMGR.EXE
SAVScan.exe
alg.exe
explorer.exe
atiptaxx.exe
CCAPP.EXE
PCMService.exe
ABOARD.EXE
vcsplay.exe
AOSD.EXE
MsgPlus1.exe
realsched.exe
qttask.exe
HbtWeatherOnTray.exe
HbtOEAddOn.exe
jusched.exe
msmsgs.exe
beep okay.exe
dwwin.exe
beep okay.exe
beep okay.exe
MFCDMA~1.EXE
hideadminfive.exe
iexplore.exe
beep okay.exe
iexplore.exe
mirc.exe
msiexec.exe
msiexec.exe
msiexec.exe
spywarescanner.exe
Go here to analyse the running processes:
http://www.kephyr.com/filedb/index.php****************************************
Internet Explorer Settings:
Default_Page_URL file://C:\APPS\IE\offline\fr.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
Default_Search_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
Local Page C:\WINDOWS\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
Start Page
http://www.microsoft.com/isapi/redir.dll?p...B_PVER}&ar=home HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix\
www http://
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\www
http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\
provider MSN
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\provider
Local Page C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
Search Bar
http://www.lzwzafcielidmu.org/APQILpa1MgAE...QMKA_ts5IH.html HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
Start Page
http://www.ndibpyqnwnmk.com/APQILpa1MgB3/G...urDkL5nZW/Y.jpg HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
Use Search Asst no
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Use Search Asst
CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
****************************************