Author Topic: About "webtracer" (Read 2169 times)

Darius_29 · « **on:** April 08, 2005, 04:40:01 PM »

What happens to me seem classical : home page and research page changed, new toolbar and new favorits in IE... And impossible to remove it ! I have ran AdAware but it came back...
Could you please help me ??

Here is my logfile :

Logfile of HijackThis v1.99.1
Scan saved at 23:18:57, on 08/04/05
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\WINLOGON.EXE
F:\PROGRAM FILES\CYBERSHOT\SONYTRAY.EXE
C:\PROGRAM FILES\SAGEM WI-FI USB 802.11G\WLANUTL.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
F:\PROGRAM FILES\HIJACK\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://rl.webtracer.cc/--/?bayzm (obfuscated)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://rl.webtracer.cc/-/?bayzm (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rl.webtracer.cc/---/?bayzm (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://rl.webtracer.cc/--/?bayzm (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rl.webtracer.cc/-/?bayzm (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://rl.webtracer.cc/-/?bayzm (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://rl.webtracer.cc/-/?bayzm (obfuscated)
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = cache.rez-gif.supelec.fr:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {C12B4EC1-1F65-11D3-91CA-00104B9C4765} - C:\Program Files\Copernic 2000\CopernicFind.dll
O1 - Hosts: 1159680172 auto.search.msn.com
O4 - HKLM\..\Run: [winlogon.exe] C:\WINDOWS\winlogon.exe
O4 - Startup: Image Transfer.lnk = F:\Program Files\CyberShot\SonyTray.exe
O4 - Startup: Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g.lnk = C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
O8 - Extra context menu item: Chercher avec Copernic - file://C:\Program Files\Copernic 2000\Search Extension.htm
O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_FR_1.1.62-DELEON.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_FR_1.1.62-DELEON.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_FR_1.1.62-DELEON.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_FR_1.1.62-DELEON.DLL/cmbacklinks.html
O9 - Extra button: RealGuide - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: (no name) - {2A465934-E5F0-11D2-91B5-00104B9C4765} - C:\Program Files\Copernic 2000\Copernic.exe
O9 - Extra 'Tools' menuitem: Lancer Copernic - {2A465934-E5F0-11D2-91B5-00104B9C4765} - C:\Program Files\Copernic 2000\Copernic.exe
O9 - Extra button: Copernic - {2A465936-E5F0-11D2-91B5-00104B9C4765} - C:\Program Files\Copernic 2000\Copernic.exe
O9 - Extra button: Traduire - {99EFB53C-C965-43CF-9F45-52242D134187} - file://C:\Program Files\Copernic 2000\Translate.htm
O9 - Extra 'Tools' menuitem: &Traduire avec Gist-In-Time - {99EFB53C-C965-43CF-9F45-52242D134187} - file://C:\Program Files\Copernic 2000\Translate.htm
O11 - Options group: [Accessibilité] Accessibilité
O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .wav: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O19 - User stylesheet: C:\WINDOWS\inf\info.dat

guestolo · « **Reply #1 on:** April 08, 2005, 05:30:12 PM »

Create a new folder on your desktop
Right click an empty spot on your desktop and select
NEW>>Folder

Name it Locate

Download and UNZIP to that new folder
Locate.zip

UNZIP the contents to that newly created folder
Open the Locate folder and Double click to run Locate.bat

Let it finish and then post back the log produced>> the contents of "Report.tx"
in the Locate folder

Darius_29 · « **Reply #2 on:** April 08, 2005, 05:58:12 PM »

OK,
the report.txt is empty.

I have made something wrong ?

guestolo · « **Reply #3 on:** April 08, 2005, 06:18:33 PM »

No, you didn't do nothing wrong, was just checking on something

Let's try some cleaning on your machine
Could you first
==Download and Install this small program
to help clean your temp folders,cookies, recylebin
Windows Cleanup
Install for now, don't run a scan yet

==Download and Install the free version of Ad-Aware SE Personal 1.05
Ensure you have this version or the paid version
Open Ad-Aware, ensure to click the check for updates now link and Connect to download the latest updates
When installing it may check for updates, but double check
Don't run a scan yet

==Set Windows To Show Hidden Files
* Open My Computer.
* Select the View menu and click Folder Options.
* Select the View Tab.
* In the Hidden files section select Show all files.
* Uncheck>Hide Extensions for know file types
* Click OK.

Please Print this out or save these instructions to a Notepad file and save it to your Desktop, also know how to start into safe mode, I'll need you to do that shortly
If unsure, use the link below to help you out

Disconnect from the Internet>>Close all browser windows, including this one

Do another scan with Hijackthis and put a check next to these entries:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://rl.webtracer.cc/--/?bayzm (obfuscated)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://rl.webtracer.cc/-/?bayzm (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rl.webtracer.cc/---/?bayzm (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://rl.webtracer.cc/--/?bayzm (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rl.webtracer.cc/-/?bayzm (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://rl.webtracer.cc/-/?bayzm (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://rl.webtracer.cc/-/?bayzm (obfuscated)

O1 - Hosts: 1159680172 auto.search.msn.com
O4 - HKLM\..\Run: [winlogon.exe] C:\WINDOWS\winlogon.exe

O19 - User stylesheet: C:\WINDOWS\inf\info.dat

After you have ticked the above entries, close All other open windows, including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Restart your computer into Safe mode

Find and delete these files if found
C:\WINDOWS\inf\info.dat <-file
C:\WINDOWS\winlogon.exe <-file

Stay in safe mode

==Open Windows CleanUp!>>START>>programs>>Cleanup!
Click on the CleanUp button, let it finish scanning for files, when it's done
Don't restart the computer or log off yet

==Open Ad-Aware>>Perform a Full system scan
When it's finished scanning
At this point you should either right click on the screen and and choose the "Select All" Objects option or individually put a checkmark in each objects checkbox
click on the Next button. Ad-Aware SE will now present you with a confirmation box as to whether or not you would like to remove the objects you have just selected. Press the "OK" button

RESTART your computer back to Normal mode

Don't open a browser yet, instead access Internet Options via Control Panel
Under the Programs tab "Reset Web Settings"
Under the General tab---Reset home page

I don't see any Anti-Virus on your computer
Could you do the following please
If you have your own AV software, install it now, make sure it's fully updated and run a full system scan

If you don't have your own and need a free solution
I highly recommend that you download and install AVG free
from the link below
http://free.grisoft.com/doc/2/lng/us/tpl/v5

Scroll down and click on
AVG Free Edition installation files
File Version
avg70free_308a468.exe <-this link or similiar

Save the installer to desktop, double click to install and follow the prompts
Restart the computer if prompted
After installation, ensure you Check for updates>>> run a Full system scan, let it fix what it finds

Restart the computer again

Post back a fresh Hijackthis log

Darius_29 · « **Reply #4 on:** April 09, 2005, 05:23:07 AM »

OK,
I have ran NortonAntivirus2001, it has found nothong. It should Auto start but it doesn't since I am infected.

Here is the new logfile

Logfile of HijackThis v1.99.1
Scan saved at 12:15:05, on 09/04/05
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\POPROXY.EXE
F:\PROGRAM FILES\CYBERSHOT\SONYTRAY.EXE
C:\PROGRAM FILES\SAGEM WI-FI USB 802.11G\WLANUTL.EXE
C:\WINDOWS\NOTEPAD.EXE
F:\PROGRAM FILES\HIJACK\HIJACKTHIS.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rl.webtracer.cc/---/?bayzm (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rl.webtracer.cc/-/?bayzm (obfuscated)
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = cache.rez-gif.supelec.fr:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {C12B4EC1-1F65-11D3-91CA-00104B9C4765} - C:\Program Files\Copernic 2000\CopernicFind.dll
O4 - HKLM\..\Run: [Norton eMail Protect] C:\Program Files\Norton AntiVirus\POPROXY.EXE
O4 - Startup: Image Transfer.lnk = F:\Program Files\CyberShot\SonyTray.exe
O4 - Startup: Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g.lnk = C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
O8 - Extra context menu item: Chercher avec Copernic - file://C:\Program Files\Copernic 2000\Search Extension.htm
O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_FR_1.1.62-DELEON.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_FR_1.1.62-DELEON.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_FR_1.1.62-DELEON.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_FR_1.1.62-DELEON.DLL/cmbacklinks.html
O9 - Extra button: RealGuide - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: (no name) - {2A465934-E5F0-11D2-91B5-00104B9C4765} - C:\Program Files\Copernic 2000\Copernic.exe
O9 - Extra 'Tools' menuitem: Lancer Copernic - {2A465934-E5F0-11D2-91B5-00104B9C4765} - C:\Program Files\Copernic 2000\Copernic.exe
O9 - Extra button: Copernic - {2A465936-E5F0-11D2-91B5-00104B9C4765} - C:\Program Files\Copernic 2000\Copernic.exe
O9 - Extra button: Traduire - {99EFB53C-C965-43CF-9F45-52242D134187} - file://C:\Program Files\Copernic 2000\Translate.htm
O9 - Extra 'Tools' menuitem: &Traduire avec Gist-In-Time - {99EFB53C-C965-43CF-9F45-52242D134187} - file://C:\Program Files\Copernic 2000\Translate.htm
O11 - Options group: [Accessibilité] Accessibilité
O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .wav: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll

Darius_29 · « **Reply #5 on:** April 09, 2005, 10:10:33 AM »

There is an improvement : I can now chose my home page and search page, and I can delete the added favorits. But Norton has now detected something when starting IE, here is the Quarantine :

Norton AntiVirus Quarantine Report
Created: samedi 9 avril 2005 16:51:51
------------------------------------------------------------------------------

File Name
Location
Status Size Virus Name
User Name Machine Name Domain
Date Quarantined
Date Submitted

------------------------------------------------------------------------------

m[1].bin
C:\WINDOWS\Temporary Internet Files\Content.IE5\WLGDYFWF
Quarantined 39.0 KB Trojan.StartPage.M
darius DARIUS N/A
vendredi 8 avril 2005 20:58:08
Not submitted

------------------------------------------------------------------------------

IEAccess2.dll
C:\WINDOWS\SYSTEM
Quarantined 78.0 KB Download.Trojan
darius DARIUS N/A
mercredi 6 avril 2005 22:39:22
Not submitted

------------------------------------------------------------------------------

m[1].bin
C:\WINDOWS\Temporary Internet Files\Content.IE5\KZ69CJ4R
Quarantined 39.0 KB Trojan.StartPage.M
darius DARIUS N/A
samedi 9 avril 2005 16:45:54
Not submitted

------------------------------------------------------------------------------

DHTMLAccess.dll
C:\WINDOWS\SYSTEM
Quarantined 81.0 KB Download.Trojan
darius DARIUS N/A
mercredi 6 avril 2005 22:39:22
Not submitted

------------------------------------------------------------------------------

jpka.dll
C:\WINDOWS\SYSTEM
Quarantined 39.0 KB Trojan.StartPage.M
darius DARIUS N/A
samedi 9 avril 2005 16:45:58
Not submitted

------------------------------------------------------------------------------

emch.dll
C:\WINDOWS\SYSTEM
Quarantined 39.0 KB Trojan.StartPage.M
darius DARIUS N/A
vendredi 8 avril 2005 20:58:22
Not submitted

------------------------------------------------------------------------------

ZoneAlarm has also blocked several entry from 0.0.0.0. (UDP Port 68)
to 255.255.255.255 (DHCP)

guestolo · « **Reply #6 on:** April 09, 2005, 10:57:36 AM »

Your Anti-Virus software is badly outdated, I bet we're not seeing all the bad guys
You should either upgrade your version of Norton's or uninstall it and use
AVG's newer version both have a better scanning engine
You don't want to run 2 anti-virus on your computer however

Before you do the above

====Download and Install this small program
to help clean your temp folders,cookies, recylebin
Windows Cleanup
Install for now, don't run a scan yet

==Download this virus checker from eScan
Mwav.exe
There's nothing to install, Save it to your hard disk for now
We'll need it later

Restart your computer into Safe mode

==Open Windows CleanUp!>>START>>Programs>>Cleanup!
Click on the CleanUp button, let it finish scanning for files, when it's done
Don't restart the computer yet

Double click to run eScan's Mwav scan
It will self extract

Select all local drives, scan all files, press 'SCAN' and when it is completed, anything found will be displayed in the lower pane.
In the Virus Log Information Pane
Left click and Highlight all the info in the Lower pane--- Use "CTRL and the C" keys on your Keyboard to copy all found in the lower pane and save it too a notepad file

****If prompted that a Virus was found and you need to purchase the product to remove the malware, just close out the prompt and let it continue scanning
We just want to see where the bad guys are

Restart back to Normal mode and post back a fresh Hijackthis log and the log from eScan's Mwav scan

Darius_29 · « **Reply #7 on:** April 11, 2005, 04:49:19 PM »

OK,
eScan installation failled, so I can't run a scan.
AVG scan had found 2 trojan but I don't have the log anymore since I re-install it...sorry

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/unsure.gif\' class=\'bbc_emoticon\' alt=\':unsure:\' />

Here is the new HJT logfile :

Logfile of HijackThis v1.99.1
Scan saved at 23:04:30, on 11/04/05
Platform: Windows 98 Gold (Win9x 4.10.1998)
SIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
F:\PROGRAM FILES\CYBERSHOT\SONYTRAY.EXE
F:\PROGRAM FILES\HIJACK\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = cache.rez-gif.supelec.fr:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {C12B4EC1-1F65-11D3-91CA-00104B9C4765} - C:\Program Files\Copernic 2000\CopernicFind.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - Startup: Image Transfer.lnk = F:\Program Files\CyberShot\SonyTray.exe
O8 - Extra context menu item: Chercher avec Copernic - file://C:\Program Files\Copernic 2000\Search Extension.htm
O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_FR_1.1.62-DELEON.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_FR_1.1.62-DELEON.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_FR_1.1.62-DELEON.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_FR_1.1.62-DELEON.DLL/cmbacklinks.html
O9 - Extra button: RealGuide - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: (no name) - {2A465934-E5F0-11D2-91B5-00104B9C4765} - C:\Program Files\Copernic 2000\Copernic.exe
O9 - Extra 'Tools' menuitem: Lancer Copernic - {2A465934-E5F0-11D2-91B5-00104B9C4765} - C:\Program Files\Copernic 2000\Copernic.exe
O9 - Extra button: Copernic - {2A465936-E5F0-11D2-91B5-00104B9C4765} - C:\Program Files\Copernic 2000\Copernic.exe
O9 - Extra button: Traduire - {99EFB53C-C965-43CF-9F45-52242D134187} - file://C:\Program Files\Copernic 2000\Translate.htm
O9 - Extra 'Tools' menuitem: &Traduire avec Gist-In-Time - {99EFB53C-C965-43CF-9F45-52242D134187} - file://C:\Program Files\Copernic 2000\Translate.htm
O11 - Options group: [Accessibilité] Accessibilité
O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .wav: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O18 - Filter hijack: text/webviewhtml - (no CLSID) - (no file)

guestolo · « **Reply #8 on:** April 11, 2005, 05:05:54 PM »

Sorry, I asked you to download and install Windows CleanUp! twice
Once was good enough

I take it with AVG installed you uninstalled Norton's
You don't need more than one AV running

Do the following

Do another scan with Hijackthis and put a check next to these entries:

O18 - Filter hijack: text/webviewhtml - (no CLSID) - (no file)

After you have ticked the above entries, close All other open windows, including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Run Windows CleanUp! one more time

Restart your computer

Post back a fresh Hijackthis log

Not sure why eScan wouldn't run

You must Save it to disk rather than Open when you click the link

Let me know how everythings running

Also, let me know how your connected to the Internet
Cable>>DSL?
Are you directly connected through a modem or are you running through a Router?

Darius_29 · « **Reply #9 on:** April 13, 2005, 12:32:16 PM »

OK, the last entry is still there.

AVG has found trojan Startpage.19.AN
in C:\WINDOWS\SYSTEM\knjnf.dll
when I opened IE yesterday.
Nothing has happened today.

Here is the last logfile :

Logfile of HijackThis v1.99.1
Scan saved at 19:12:19, on 13/04/05
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\ZONEALARM\ZLCLIENT.EXE
F:\PROGRAM FILES\CYBERSHOT\SONYTRAY.EXE
F:\PROGRAM FILES\HIJACK\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = cache.rez-gif.supelec.fr:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {C12B4EC1-1F65-11D3-91CA-00104B9C4765} - C:\Program Files\Copernic 2000\CopernicFind.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRAM FILES\ZONEALARM\ZLCLIENT.EXE
O4 - HKLM\..\Run: [Norton eMail Protect] C:\Program Files\Norton AntiVirus\POPROXY.EXE
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - Startup: Image Transfer.lnk = F:\Program Files\CyberShot\SonyTray.exe
O8 - Extra context menu item: Chercher avec Copernic - file://C:\Program Files\Copernic 2000\Search Extension.htm
O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_FR_1.1.62-DELEON.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_FR_1.1.62-DELEON.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_FR_1.1.62-DELEON.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_FR_1.1.62-DELEON.DLL/cmbacklinks.html
O9 - Extra button: RealGuide - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: (no name) - {2A465934-E5F0-11D2-91B5-00104B9C4765} - C:\Program Files\Copernic 2000\Copernic.exe
O9 - Extra 'Tools' menuitem: Lancer Copernic - {2A465934-E5F0-11D2-91B5-00104B9C4765} - C:\Program Files\Copernic 2000\Copernic.exe
O9 - Extra button: Copernic - {2A465936-E5F0-11D2-91B5-00104B9C4765} - C:\Program Files\Copernic 2000\Copernic.exe
O9 - Extra button: Traduire - {99EFB53C-C965-43CF-9F45-52242D134187} - file://C:\Program Files\Copernic 2000\Translate.htm
O9 - Extra 'Tools' menuitem: &Traduire avec Gist-In-Time - {99EFB53C-C965-43CF-9F45-52242D134187} - file://C:\Program Files\Copernic 2000\Translate.htm
O11 - Options group: [Accessibilité] Accessibilité
O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .wav: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O17 - HKLM\System\CCS\Services\VxD\MSTCP: SearchList = 192.168
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 192.168.3.1
O18 - Filter hijack: text/webviewhtml - (no CLSID) - (no file)

guestolo · « **Reply #10 on:** April 13, 2005, 08:49:24 PM »

Open Notepad (START>>>RUN>>>type in notepad)
Hit OK
Copy the contents of the CODE box to notepad
In Notepad click FILE>>SAVE AS
IMPORTANT>>>Change the Save as Type to All Files.
Name the file as fix.reg

Save this file on the desktop

Code: [Select]

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\text/webviewhtml]
@="WebView MIME Filter"
"CLSID"="{733AC4CB-F1A4-11d0-B951-00A0C90312E1}"

Double click on fix.reg and allow to merge to the registry

Restart your computer

Back in Windows

Can you please
download Startdreck.zip startdreck.zip

UNZIP to its own folder.... DoubleClick: 'StartDreck.exe'

Hit: -config
hit: -Unmark all
Check these boxes only:
*Registry->run keys
*Registry->Browser helper objects
*System/drivers> Running processes
hit >ok.

Use the "save" tab, to save, name and post this log

Copy and Paste the contents of that log back here

Download and save to Desktop DLLCompare

Start the Program and click the Run Locate.com

Let it complete the SCAN, which won't take long

Click the Compare button to start the next process.This will take a bit longer.
The results appear in two panes - files in the upper pane have been verified to 'exist'.
Files in the lower pane were 'not able to be accessed'.
Very few files should be listed in the lower pane,if any, when the Compare scan is complete.
Click on each of the listed entries in the lower pane to select them. Right-click on the file and use the option Rescan. This will cause Windows Find to see if the file does exist, and then if so it will be removed from the list to reduce the number of identified files.

Click the Make a Log of what was found button
Post back this log

Could you also post a fresh Hijackthis log too

I'm checking on something to ensure that your clean

Guest · « **Reply #11 on:** April 14, 2005, 01:05:46 PM »

OK,
I've ran the .reg file,
DLLCompare hasn't found any file that were 'not able to be accessed';
I'm connected to Internet by french ADSL and I'm connected with a modem, by Wi-Fi.

Here is StartDreck log file, and then HJT 's one

StartDreck (build 2.1.7 public stable) - 2005-04-14 @ 19:23:46 (GMT +02:00)
Platform: Windows 98 (Win 4.10.1998 )
Internet Explorer: 6.0.2600.0000
Logged in as darius at DARIUS

»Registry
»Run Keys
»Current User
»Run
»RunOnce
»Default User
»Run
»RunOnce
»Local Machine
»Run
*AVG7_CC=C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
*AVG7_EMC=C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
*AVG7_AMSVR=C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
*Zone Labs Client=C:\PROGRAM FILES\ZONEALARM\ZLCLIENT.EXE
*Norton eMail Protect=C:\Program Files\Norton AntiVirus\POPROXY.EXE
»RunOnce
»RunServices
*TrueVector=C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
»RunServicesOnce
**iz=rundll32 C:\WINDOWS\JAUTOEDP.DAT,DllGetClassObject
»RunOnceEx
»RunServicesOnceEx
»Browser Helper Objects (LM)
»Files
»System/Drivers
»Running Processes
+FF0F6E1D=C:\WINDOWS\SYSTEM\KERNEL32.DLL
+FF00AE7D=C:\WINDOWS\SYSTEM\MSGSRV32.EXE
+FF00A38D=C:\WINDOWS\SYSTEM\MPREXE.EXE
+FF00D4ED=C:\WINDOWS\SYSTEM\mmtask.tsk
+FF00D339=C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
+FF006FD5=C:\WINDOWS\RUNDLL32.EXE
+FF013399=C:\WINDOWS\EXPLORER.EXE
+FF029451=C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
+FFFF5611=C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
+FF03B98D=C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
+FF020DF1=C:\PROGRAM FILES\ZONEALARM\ZLCLIENT.EXE
+FF0240AD=F:\PROGRAM FILES\CYBERSHOT\SONYTRAY.EXE
+FF05B07D=C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
+FF0528A5=F:\PROGRAM FILES\STARTDRECK\STARTDRECK.EXE
»Application specific

Logfile of HijackThis v1.99.1
Scan saved at 19:37:28, on 14/04/05
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\ZONEALARM\ZLCLIENT.EXE
F:\PROGRAM FILES\CYBERSHOT\SONYTRAY.EXE
F:\PROGRAM FILES\HIJACK\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = cache.rez-gif.supelec.fr:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {C12B4EC1-1F65-11D3-91CA-00104B9C4765} - C:\Program Files\Copernic 2000\CopernicFind.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRAM FILES\ZONEALARM\ZLCLIENT.EXE
O4 - HKLM\..\Run: [Norton eMail Protect] C:\Program Files\Norton AntiVirus\POPROXY.EXE
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - Startup: Image Transfer.lnk = F:\Program Files\CyberShot\SonyTray.exe
O8 - Extra context menu item: Chercher avec Copernic - file://C:\Program Files\Copernic 2000\Search Extension.htm
O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_FR_1.1.62-DELEON.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_FR_1.1.62-DELEON.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_FR_1.1.62-DELEON.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_FR_1.1.62-DELEON.DLL/cmbacklinks.html
O9 - Extra button: RealGuide - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: (no name) - {2A465934-E5F0-11D2-91B5-00104B9C4765} - C:\Program Files\Copernic 2000\Copernic.exe
O9 - Extra 'Tools' menuitem: Lancer Copernic - {2A465934-E5F0-11D2-91B5-00104B9C4765} - C:\Program Files\Copernic 2000\Copernic.exe
O9 - Extra button: Copernic - {2A465936-E5F0-11D2-91B5-00104B9C4765} - C:\Program Files\Copernic 2000\Copernic.exe
O9 - Extra button: Traduire - {99EFB53C-C965-43CF-9F45-52242D134187} - file://C:\Program Files\Copernic 2000\Translate.htm
O9 - Extra 'Tools' menuitem: &Traduire avec Gist-In-Time - {99EFB53C-C965-43CF-9F45-52242D134187} - file://C:\Program Files\Copernic 2000\Translate.htm
O11 - Options group: [Accessibilité] Accessibilité
O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .wav: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O17 - HKLM\System\CCS\Services\VxD\MSTCP: SearchList = 192.168
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 192.168.3.1
O18 - Filter hijack: text/webviewhtml - (no CLSID) - (no file)

guestolo · « **Reply #12 on:** April 14, 2005, 10:15:13 PM »

Download and save to desktop CWShredder.exe
We'll need this later

Download and UNZIP to Desktop Remove.zip
So you now have Remove.reg on the desktop
We'll need this later
[attachment=144:attachment]

Please Print the rest of this out or write it down

I need you to Restart your computer into MS-Dos Mode
START>>Shutdown>>select Restart in MS-DOS mode
OK

At restart you should be at this prompt

C:\WINDOWS>

Type in the below excluding the (Enter), that indicates hitting Enter on your Keyboard>>>Take note of all the spaces too

attrib -r -s -h C:\WINDOWS\JAUTOEDP.DAT (Enter)
del JAUTOEDP.DAT (Enter)

If you want a rundown of what that should all look like with all the spaces, I've included below the same commands with = signs indicating where there should be a single space, you will not input the = sign, just the space
======================================================
attrib=-r=-s=-h=C:\WINDOWS\JAUTOEDP.DAT
del=JAUTOEDP.DAT
======================================================

Use CTRL+ALT+DEL to Restart your computer back to Normal mode
Double click on Remove.reg and allow to merge to the registry

Run CWShredder and click the FIX button, let it fix what it finds

Restart your computer again

Post back a fresh hijackthis log and a Fresh Startdreck log

Darius_29 · « **Reply #13 on:** April 16, 2005, 06:13:06 AM »

OK,
CWShredder hasn't found anything.

Here are HijackThis and Startdreck log :

Logfile of HijackThis v1.99.1
Scan saved at 13:00:55, on 16/04/05
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\ZONEALARM\ZLCLIENT.EXE
F:\PROGRAM FILES\CYBERSHOT\SONYTRAY.EXE
F:\PROGRAM FILES\HIJACK\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = cache.rez-gif.supelec.fr:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {C12B4EC1-1F65-11D3-91CA-00104B9C4765} - C:\Program Files\Copernic 2000\CopernicFind.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRAM FILES\ZONEALARM\ZLCLIENT.EXE
O4 - HKLM\..\Run: [Norton eMail Protect] C:\Program Files\Norton AntiVirus\POPROXY.EXE
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - Startup: Image Transfer.lnk = F:\Program Files\CyberShot\SonyTray.exe
O8 - Extra context menu item: Chercher avec Copernic - file://C:\Program Files\Copernic 2000\Search Extension.htm
O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_FR_1.1.62-DELEON.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_FR_1.1.62-DELEON.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_FR_1.1.62-DELEON.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_FR_1.1.62-DELEON.DLL/cmbacklinks.html
O9 - Extra button: RealGuide - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: (no name) - {2A465934-E5F0-11D2-91B5-00104B9C4765} - C:\Program Files\Copernic 2000\Copernic.exe
O9 - Extra 'Tools' menuitem: Lancer Copernic - {2A465934-E5F0-11D2-91B5-00104B9C4765} - C:\Program Files\Copernic 2000\Copernic.exe
O9 - Extra button: Copernic - {2A465936-E5F0-11D2-91B5-00104B9C4765} - C:\Program Files\Copernic 2000\Copernic.exe
O9 - Extra button: Traduire - {99EFB53C-C965-43CF-9F45-52242D134187} - file://C:\Program Files\Copernic 2000\Translate.htm
O9 - Extra 'Tools' menuitem: &Traduire avec Gist-In-Time - {99EFB53C-C965-43CF-9F45-52242D134187} - file://C:\Program Files\Copernic 2000\Translate.htm
O11 - Options group: [Accessibilité] Accessibilité
O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .wav: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O17 - HKLM\System\CCS\Services\VxD\MSTCP: SearchList = 192.168
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 192.168.3.1
O18 - Filter hijack: text/webviewhtml - (no CLSID) - (no file)

StartDreck (build 2.1.7 public stable) - 2005-04-16 @ 13:01:52 (GMT +02:00)
Platform: Windows 98 (Win 4.10.1998 )
Internet Explorer: 6.0.2600.0000
Logged in as darius at DARIUS

»Registry
»Run Keys
»Current User
»Run
»RunOnce
»Default User
»Run
»RunOnce
»Local Machine
»Run
*AVG7_CC=C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
*AVG7_EMC=C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
*AVG7_AMSVR=C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
*Zone Labs Client=C:\PROGRAM FILES\ZONEALARM\ZLCLIENT.EXE
*Norton eMail Protect=C:\Program Files\Norton AntiVirus\POPROXY.EXE
»RunOnce
»RunServices
*TrueVector=C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
»RunServicesOnce
»RunOnceEx
»RunServicesOnceEx
»File Associations (CR)
+.bat
*batfile="%1" %*
+.com
*comfile="%1" %*
+.disabled
*SpybotSD.DisabledFile="F:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\blindman.exe" "%1"
+.exe
*exefile="%1" %*
+.hta
*htafile=C:\WINDOWS\SYSTEM\MSHTA.EXE "%1" %*
+.htm
*htmlfile="C:\PROGRA~1\INTERN~1\iexplore.exe" -nohome
+.html
*htmlfile="C:\PROGRA~1\INTERN~1\iexplore.exe" -nohome
+.js
*JSFile=C:\WINDOWS\WScript.exe "%1" %*
+.jse
*JSEFile=C:\WINDOWS\WScript.exe "%1" %*
+.pif
*piffile="%1" %*
+.reg
*regfile=regedit.exe "%1"
+.scr
*scrfile="%1" /S
+.txt
*txtfile=C:\WINDOWS\NOTEPAD.EXE %1
+.vbs
*VBSFile=C:\WINDOWS\WScript.exe "%1" %*
+.vbe
*VBEFile=C:\WINDOWS\WScript.exe "%1" %*
+.wsh
*WSHFile=C:\WINDOWS\WScript.exe "%1" %*
+.wsf
*WSFFile=C:\WINDOWS\WScript.exe "%1" %*
+.lnk
`lnkfile= [key or value does not exist]
»Browser Helper Objects (LM)
*{53707962-6F74-2D53-2644-206D7942484F}
`InprocServer32=F:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
»Files
»Autostart Folders
»Current User
*C:\WINDOWS\Menu Démarrer\Programmes\Démarrage\Image Transfer.lnk
»Default User
*C:\WINDOWS\Menu Démarrer\Programmes\Démarrage\Image Transfer.lnk
»Local Machine
»INI-Files
»WIN.INI\[windows]
*LOAD=
*RUN=
»SYSTEM.INI\[boot]
*SHELL=explorer.exe
»Text Files
*C:\msdos.sys
*C:\config.sys
*C:\autoexec.bat
*C:\WINDOWS\SYSTEM\autoexec.nt
*C:\WINDOWS\wininit.bak
*C:\WINDOWS\dosstart.bat
*C:\WINDOWS\hosts
»System/Drivers
»Running Processes
+FF0F6E61=C:\WINDOWS\SYSTEM\KERNEL32.DLL
+FF00AE01=C:\WINDOWS\SYSTEM\MSGSRV32.EXE
+FF00A3F1=C:\WINDOWS\SYSTEM\MPREXE.EXE
+FF009965=C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
+FF003559=C:\WINDOWS\SYSTEM\mmtask.tsk
+FF012E5D=C:\WINDOWS\EXPLORER.EXE
+FF015E11=C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
+FF013365=C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
+FF02D9A1=C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
+FF022939=C:\PROGRAM FILES\ZONEALARM\ZLCLIENT.EXE
+FF0244E1=F:\PROGRAM FILES\CYBERSHOT\SONYTRAY.EXE
+FF05FB29=C:\WINDOWS\NOTEPAD.EXE
+FF05FAC1=F:\PROGRAM FILES\STARTDRECK\STARTDRECK.EXE
»NT Services
»Application specific

guestolo · « **Reply #14 on:** April 16, 2005, 01:22:56 PM »

Startdreck looks clean now

Can you ensure you still have fix.reg
Make sure you saved it as all files
and named it fix.reg
from the post before

Restart your computer into SAFE MODE

In safe
Do another scan with Hijackthis and put a check next to these entries:

O18 - Filter hijack: text/webviewhtml - (no CLSID) - (no file)

After you have ticked the above entries, close All other open windows, including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Double click on fix.reg and allow to merge to the registry

Restart back to Normal mode and post a fresh hijackthis log

Question:
You appear to be running through a proxy server
Indicated by this line in hijackthis
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = cache.rez-gif.supelec.fr:3128

Do you recognize the proxy server your running through?

Darius_29 · « **Reply #15 on:** April 18, 2005, 04:06:45 PM »

OK, I have ran HijackThis and the fix.reg file one more time, in safe mode. The last entry is still there.

I am not running through the proxy of the log anymore.

Logfile of HijackThis v1.99.1
Scan saved at 22:56:40, on 18/04/05
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\ZONEALARM\ZLCLIENT.EXE
F:\PROGRAM FILES\CYBERSHOT\SONYTRAY.EXE
F:\PROGRAM FILES\HIJACK\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = cache.rez-gif.supelec.fr:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {C12B4EC1-1F65-11D3-91CA-00104B9C4765} - C:\Program Files\Copernic 2000\CopernicFind.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRAM FILES\ZONEALARM\ZLCLIENT.EXE
O4 - HKLM\..\Run: [Norton eMail Protect] C:\Program Files\Norton AntiVirus\POPROXY.EXE
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - Startup: Image Transfer.lnk = F:\Program Files\CyberShot\SonyTray.exe
O8 - Extra context menu item: Chercher avec Copernic - file://C:\Program Files\Copernic 2000\Search Extension.htm
O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_FR_1.1.62-DELEON.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_FR_1.1.62-DELEON.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_FR_1.1.62-DELEON.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_FR_1.1.62-DELEON.DLL/cmbacklinks.html
O9 - Extra button: RealGuide - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: (no name) - {2A465934-E5F0-11D2-91B5-00104B9C4765} - C:\Program Files\Copernic 2000\Copernic.exe
O9 - Extra 'Tools' menuitem: Lancer Copernic - {2A465934-E5F0-11D2-91B5-00104B9C4765} - C:\Program Files\Copernic 2000\Copernic.exe
O9 - Extra button: Copernic - {2A465936-E5F0-11D2-91B5-00104B9C4765} - C:\Program Files\Copernic 2000\Copernic.exe
O9 - Extra button: Traduire - {99EFB53C-C965-43CF-9F45-52242D134187} - file://C:\Program Files\Copernic 2000\Translate.htm
O9 - Extra 'Tools' menuitem: &Traduire avec Gist-In-Time - {99EFB53C-C965-43CF-9F45-52242D134187} - file://C:\Program Files\Copernic 2000\Translate.htm
O11 - Options group: [Accessibilité] Accessibilité
O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .wav: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O17 - HKLM\System\CCS\Services\VxD\MSTCP: SearchList = 192.168
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 192.168.3.1
O18 - Filter hijack: text/webviewhtml - (no CLSID) - (no file)

guestolo · « **Reply #16 on:** April 18, 2005, 11:23:19 PM »

Can you try this please
Download and UNZIP to dekstop
018fix.zip
So you now have 018fix.reg on the desktop
[attachment=154:attachment]

Double click on 018 fix and allow to merge to the registry

Restart your computer

Back in Windows post back a fresh Hijackthis log

After that
Double click on fix.reg and allow to merge to the registry and post back another hijackthis log afterwards
I just want to compare the 2

Darius_29 · « **Reply #17 on:** April 19, 2005, 01:19:38 PM »

OK,

Here is the first one :

Logfile of HijackThis v1.99.1
Scan saved at 20:11:58, on 19/04/05
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\ZONEALARM\ZLCLIENT.EXE
F:\PROGRAM FILES\CYBERSHOT\SONYTRAY.EXE
F:\PROGRAM FILES\HIJACK\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = cache.rez-gif.supelec.fr:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {C12B4EC1-1F65-11D3-91CA-00104B9C4765} - C:\Program Files\Copernic 2000\CopernicFind.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRAM FILES\ZONEALARM\ZLCLIENT.EXE
O4 - HKLM\..\Run: [Norton eMail Protect] C:\Program Files\Norton AntiVirus\POPROXY.EXE
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - Startup: Image Transfer.lnk = F:\Program Files\CyberShot\SonyTray.exe
O8 - Extra context menu item: Chercher avec Copernic - file://C:\Program Files\Copernic 2000\Search Extension.htm
O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_FR_1.1.62-DELEON.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_FR_1.1.62-DELEON.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_FR_1.1.62-DELEON.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_FR_1.1.62-DELEON.DLL/cmbacklinks.html
O9 - Extra button: RealGuide - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: (no name) - {2A465934-E5F0-11D2-91B5-00104B9C4765} - C:\Program Files\Copernic 2000\Copernic.exe
O9 - Extra 'Tools' menuitem: Lancer Copernic - {2A465934-E5F0-11D2-91B5-00104B9C4765} - C:\Program Files\Copernic 2000\Copernic.exe
O9 - Extra button: Copernic - {2A465936-E5F0-11D2-91B5-00104B9C4765} - C:\Program Files\Copernic 2000\Copernic.exe
O9 - Extra button: Traduire - {99EFB53C-C965-43CF-9F45-52242D134187} - file://C:\Program Files\Copernic 2000\Translate.htm
O9 - Extra 'Tools' menuitem: &Traduire avec Gist-In-Time - {99EFB53C-C965-43CF-9F45-52242D134187} - file://C:\Program Files\Copernic 2000\Translate.htm
O11 - Options group: [Accessibilité] Accessibilité
O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .wav: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O17 - HKLM\System\CCS\Services\VxD\MSTCP: SearchList = 192.168
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 192.168.3.1

Here is the next one :

Logfile of HijackThis v1.99.1
Scan saved at 20:12:39, on 19/04/05
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\ZONEALARM\ZLCLIENT.EXE
F:\PROGRAM FILES\CYBERSHOT\SONYTRAY.EXE
F:\PROGRAM FILES\HIJACK\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = cache.rez-gif.supelec.fr:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {C12B4EC1-1F65-11D3-91CA-00104B9C4765} - C:\Program Files\Copernic 2000\CopernicFind.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRAM FILES\ZONEALARM\ZLCLIENT.EXE
O4 - HKLM\..\Run: [Norton eMail Protect] C:\Program Files\Norton AntiVirus\POPROXY.EXE
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - Startup: Image Transfer.lnk = F:\Program Files\CyberShot\SonyTray.exe
O8 - Extra context menu item: Chercher avec Copernic - file://C:\Program Files\Copernic 2000\Search Extension.htm
O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_FR_1.1.62-DELEON.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_FR_1.1.62-DELEON.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_FR_1.1.62-DELEON.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_FR_1.1.62-DELEON.DLL/cmbacklinks.html
O9 - Extra button: RealGuide - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: (no name) - {2A465934-E5F0-11D2-91B5-00104B9C4765} - C:\Program Files\Copernic 2000\Copernic.exe
O9 - Extra 'Tools' menuitem: Lancer Copernic - {2A465934-E5F0-11D2-91B5-00104B9C4765} - C:\Program Files\Copernic 2000\Copernic.exe
O9 - Extra button: Copernic - {2A465936-E5F0-11D2-91B5-00104B9C4765} - C:\Program Files\Copernic 2000\Copernic.exe
O9 - Extra button: Traduire - {99EFB53C-C965-43CF-9F45-52242D134187} - file://C:\Program Files\Copernic 2000\Translate.htm
O9 - Extra 'Tools' menuitem: &Traduire avec Gist-In-Time - {99EFB53C-C965-43CF-9F45-52242D134187} - file://C:\Program Files\Copernic 2000\Translate.htm
O11 - Options group: [Accessibilité] Accessibilité
O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .wav: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O17 - HKLM\System\CCS\Services\VxD\MSTCP: SearchList = 192.168
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 192.168.3.1
O18 - Filter hijack: text/webviewhtml - (no CLSID) - (no file)

guestolo · « **Reply #18 on:** April 20, 2005, 07:02:31 PM »

I remember you said you weren't going through the proxy any more

You can have hijackthis fix these entries with all other windows closed

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = cache.rez-gif.supelec.fr:3128
O18 - Filter hijack: text/webviewhtml - (no CLSID) - (no file)

After you have fixed checked the above

Merge 018 fix to the registry again

Restart your computer and post back a fresh hijackthis log

Darius_29 · « **Reply #19 on:** April 24, 2005, 01:10:23 PM »

Ok, here is the new log.
Everything seems to work quite well, I havn't had any alert for few days now.

Logfile of HijackThis v1.99.1
Scan saved at 22:10:47, on 21/04/05
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\ZONEALARM\ZLCLIENT.EXE
F:\PROGRAM FILES\CYBERSHOT\SONYTRAY.EXE
F:\PROGRAM FILES\HIJACK\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {C12B4EC1-1F65-11D3-91CA-00104B9C4765} - C:\Program Files\Copernic 2000\CopernicFind.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRAM FILES\ZONEALARM\ZLCLIENT.EXE
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - Startup: Image Transfer.lnk = F:\Program Files\CyberShot\SonyTray.exe
O8 - Extra context menu item: Chercher avec Copernic - file://C:\Program Files\Copernic 2000\Search Extension.htm
O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_FR_1.1.62-DELEON.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_FR_1.1.62-DELEON.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_FR_1.1.62-DELEON.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_FR_1.1.62-DELEON.DLL/cmbacklinks.html
O9 - Extra button: RealGuide - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: (no name) - {2A465934-E5F0-11D2-91B5-00104B9C4765} - C:\Program Files\Copernic 2000\Copernic.exe
O9 - Extra 'Tools' menuitem: Lancer Copernic - {2A465934-E5F0-11D2-91B5-00104B9C4765} - C:\Program Files\Copernic 2000\Copernic.exe
O9 - Extra button: Copernic - {2A465936-E5F0-11D2-91B5-00104B9C4765} - C:\Program Files\Copernic 2000\Copernic.exe
O9 - Extra button: Traduire - {99EFB53C-C965-43CF-9F45-52242D134187} - file://C:\Program Files\Copernic 2000\Translate.htm
O9 - Extra 'Tools' menuitem: &Traduire avec Gist-In-Time - {99EFB53C-C965-43CF-9F45-52242D134187} - file://C:\Program Files\Copernic 2000\Translate.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O11 - Options group: [Accessibilité] Accessibilité
O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .wav: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O17 - HKLM\System\CCS\Services\VxD\MSTCP: SearchList = 192.168
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 192.168.3.1

News:

Author Topic: About "webtracer" (Read 2169 times)

Guest