HELP infected computer - Page 3

Solved
Previous
  • 1
  • 2
  • 3
  1. turbulent13 Posted messages 41 Status Member
     
    Hello, I just got back from work, here is the report Toolbar

    -----------\\ ToolBar S&D 1.2.8 XP/Vista

    Microsoft Windows XP Professional (v5.1.2600) Service Pack 2
    X86-based PC (Uniprocessor Free: Mobile AMD Sempron(tm) Processor 3600+)
    BIOS: PhoenixBIOS 4.0 Release 6.1
    USER: POLO (Administrator)
    BOOT: Normal boot
    Antivirus: AntiVir Desktop 9.0.1.26 (Activated)
    C:\ (Local Disk) - NTFS - Total: 69 Go (Free: 32 Go)
    D:\ (Local Disk) - NTFS - Total: 34 Go (Free: 14 Go)
    E:\ (Local Disk) - NTFS - Total: 35 Go (Free: 5 Go)
    F:\ (CD or DVD)

    "D:\ToolBar SD" (UPDATE: 21-12-2008|20:47)
    Option: [1] (05/06/2009|19:30)

    -----------\\ File / Folder Search ...

    D:\WINDOWS\Prefetch\BITLORD_1.01.EXE-32F7B7E8.pf
    D:\DOCUME~1\POLO\Cookies\polo@bitlord[1].txt

    -----------\\ Extensions

    (POLO) - {635abd67-4fe9-1b23-4f01-e679fa7484c1} => ytoolbar
    (POLO) - {7c5c0f58-e061-457d-9033-77307f5ed00c} => torrentman
    (POLO) - {b9db16a4-6edc-47ec-a1f4-b86292ed211d} => dwhelper

    -----------\\ [..\Internet Explorer\Main]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
    "Local Page"="D:\\WINDOWS\\system32\\blank.htm"
    "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
    "Start Page Redirect Cache"="https://www.msn.com/fr-fr?ocid=iehp"
    "Default_search_url"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    "Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
    "Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
    "Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
    "Local Page"="D:\\WINDOWS\\system32\\blank.htm"
    "Start Page"="https://www.msn.com/fr-fr/"
    "Search bar"="http://www.bing.com/spresults.aspx"

    --------------------\\ Searching for other infections

    No other infections found!

    1 - "D:\ToolBar SD\TB_1.txt" - 05/06/2009|19:31 - Option: [1]

    -----------\\ End of report at 19:31:32,04
    0
  2. darkpoet Posted messages 1696 Status Security Contributor 62
     
    thank you DllD

    turbulent13 is restarting toolbarsd option 2 as DllD said it's better to get rid of (bitlord)
    --
    to teach is always to learn
    0
  3. turbulent13 Posted messages 41 Status Member
     
    ok ok it's done here is the ToolBar report
    but can you please help me understand why I can no longer download anything, neither with BitLord nor with eMule...
    because deleting BitLord personally is not an issue, but whatever program I use, the download is not working.
    THANK YOU.
    ToolBar report:

    -----------\\ ToolBar S&D 1.2.8 XP/Vista

    Microsoft Windows XP Professional (v5.1.2600) Service Pack 2
    X86-based PC (Uniprocessor Free: Mobile AMD Sempron(tm) Processor 3600+)
    BIOS: PhoenixBIOS 4.0 Release 6.1
    USER: POLO (Administrator)
    BOOT: Normal boot
    Antivirus: AntiVir Desktop 9.0.1.26 (Activated)
    C:\ (Local Disk) - NTFS - Total: 69 Go (Free: 32 Go)
    D:\ (Local Disk) - NTFS - Total: 34 Go (Free: 13 Go)
    E:\ (Local Disk) - NTFS - Total: 35 Go (Free: 5 Go)
    F:\ (CD or DVD)
    G:\ (Local Disk) - NTFS - Total: 465 Go (Free: 350 Go)

    "D:\ToolBar SD" (UPDATE: 21-12-2008|20:47)
    Option: [2] (06/06/2009|13:33)

    -----------\\ REMOVAL

    Remove! - D:\WINDOWS\Prefetch\BITLORD_1.01.EXE-32F7B7E8.pf

    -----------\\ File / Folder Search...

    D:\Program Files\BitLord
    D:\Program Files\BitLord\BitLord.exe
    D:\Program Files\BitLord\BitLord.url
    D:\Program Files\BitLord\BitLord.xml
    D:\Program Files\BitLord\Downloads
    D:\Program Files\BitLord\Downloads.xml
    D:\Program Files\BitLord\lang
    D:\Program Files\BitLord\License.txt
    D:\Program Files\BitLord\rules
    D:\Program Files\BitLord\Torrents
    D:\Program Files\BitLord\uninst.exe
    D:\Program Files\BitLord\Downloads\CSI.Las.Vegas.S07E11-16.FRENCH.DVDRiP.XViD-ANDR0S
    D:\Program Files\BitLord\Downloads\CSI.Las.Vegas.S07E17-18.FRENCH.HDTV.XviD-JMT
    D:\Program Files\BitLord\Downloads\Dexter.S01E07-12.FRENCH.DVDRip.XviD-JMT
    D:\Program Files\BitLord\Downloads\JCVD[2008]DvDrip[Eng]-FXG
    D:\Program Files\BitLord\Downloads\CSI.Las.Vegas.S07E11-16.FRENCH.DVDRiP.XViD-ANDR0S\CSI.Las.Vegas.S07E11.FRENCH.DVDRiP.XViD-ANDR0S.avi.bc!
    D:\Program Files\BitLord\Downloads\CSI.Las.Vegas.S07E11-16.FRENCH.DVDRiP.XViD-ANDR0S\CSI.Las.Vegas.S07E12.FRENCH.DVDRiP.XViD-ANDR0S.avi.bc!
    D:\Program Files\BitLord\Downloads\CSI.Las.Vegas.S07E11-16.FRENCH.DVDRiP.XViD-ANDR0S\CSI.Las.Vegas.S07E13.FRENCH.DVDRiP.XViD-ANDR0S.avi.bc!
    D:\Program Files\BitLord\Downloads\CSI.Las.Vegas.S07E11-16.FRENCH.DVDRiP.XViD-ANDR0S\CSI.Las.Vegas.S07E14.FRENCH.DVDRiP.XViD-ANDR0S.avi.bc!
    D:\Program Files\BitLord\Downloads\CSI.Las.Vegas.S07E11-16.FRENCH.DVDRiP.XViD-ANDR0S\CSI.Las.Vegas.S07E15.FRENCH.DVDRiP.XViD-ANDR0S.avi.bc!
    D:\Program Files\BitLord\Downloads\CSI.Las.Vegas.S07E11-16.FRENCH.DVDRiP.XViD-ANDR0S\CSI.Las.Vegas.S07E16.FRENCH.DVDRiP.XViD-ANDR0S.avi.bc!
    D:\Program Files\BitLord\Downloads\CSI.Las.Vegas.S07E17-18.FRENCH.HDTV.XviD-JMT\CSI.Las.Vegas.S07E17.FRENCH.HDTV.XviD-JMT.avi.bc!
    D:\Program Files\BitLord\Downloads\CSI.Las.Vegas.S07E17-18.FRENCH.HDTV.XviD-JMT\CSI.Las.Vegas.S07E18.FRENCH.HDTV.XviD-JMT.avi.bc!
    D:\Program Files\BitLord\Downloads\Dexter.S01E07-12.FRENCH.DVDRip.XviD-JMT\Dexter.S01E07.FRENCH.DVDRip.XviD-JMT.avi.bc!
    D:\Program Files\BitLord\Downloads\Dexter.S01E07-12.FRENCH.DVDRip.XviD-JMT\Dexter.S01E08.FRENCH.DVDRip.XviD-JMT.avi.bc!
    D:\Program Files\BitLord\Downloads\Dexter.S01E07-12.FRENCH.DVDRip.XviD-JMT\Dexter.S01E09.FRENCH.DVDRip.XviD-JMT.avi.bc!
    D:\Program Files\BitLord\Downloads\Dexter.S01E07-12.FRENCH.DVDRip.XviD-JMT\Dexter.S01E10.FRENCH.DVDRip.XviD-JMT.avi.bc!
    D:\Program Files\BitLord\Downloads\Dexter.S01E07-12.FRENCH.DVDRip.XviD-JMT\Dexter.S01E11.FRENCH.DVDRip.XviD-JMT.avi.bc!
    D:\Program Files\BitLord\Downloads\Dexter.S01E07-12.FRENCH.DVDRip.XviD-JMT\Dexter.S01E12.FiNAL.FRENCH.DVDRip.XviD-JMT.avi.bc!
    D:\Program Files\BitLord\Downloads\JCVD[2008]DvDrip[Eng]-FXG\FXGâ„c.nfo
    D:\Program Files\BitLord\Downloads\JCVD[2008]DvDrip[Eng]-FXG\JCVD[2008]DvDrip[Eng]-FXG.avi
    D:\Program Files\BitLord\Downloads\JCVD[2008]DvDrip[Eng]-FXG\JCVD[Eng][Subs].srt
    D:\Program Files\BitLord\lang\lang_ar_ae.xml
    D:\Program Files\BitLord\lang\lang_bg_bg.xml
    D:\Program Files\BitLord\lang\lang_ca_es.xml
    D:\Program Files\BitLord\lang\lang_cz_cz.xml
    D:\Program Files\BitLord\lang\lang_da_dk.xml
    D:\Program Files\BitLord\lang\lang_de_de.xml
    D:\Program Files\BitLord\lang\lang_el_gr.xml
    D:\Program Files\BitLord\lang\lang_en_us.xml
    D:\Program Files\BitLord\lang\lang_es_ar.xml
    D:\Program Files\BitLord\lang\lang_es_es.xml
    D:\Program Files\BitLord\lang\lang_et_ee.xml
    D:\Program Files\BitLord\lang\lang_fi_fi.xml
    D:\Program Files\BitLord\lang\lang_fr_fr.xml
    D:\Program Files\BitLord\lang\lang_gl_es.xml
    D:\Program Files\BitLord\lang\lang_he_il.xml
    D:\Program Files\BitLord\lang\lang_hu_hu.xml
    D:\Program Files\BitLord\lang\lang_it_it.xml
    D:\Program Files\BitLord\lang\lang_jp_jp.xml
    D:\Program Files\BitLord\lang\lang_ko_kr.xml
    D:\Program Files\BitLord\lang\lang_nb_no.xml
    D:\Program Files\BitLord\lang\lang_nl_nl.xml
    D:\Program Files\BitLord\lang\lang_pl_pl.xml
    D:\Program Files\BitLord\lang\lang_pt_br.xml
    D:\Program Files\BitLord\lang\lang_pt_pt.xml
    D:\Program Files\BitLord\lang\lang_ro_ro.xml
    D:\Program Files\BitLord\lang\lang_ru_ru.xml
    D:\Program Files\BitLord\lang\lang_sk_sk.xml
    D:\Program Files\BitLord\lang\lang_sl_si.xml
    D:\Program Files\BitLord\lang\lang_sr_sr.xml
    D:\Program Files\BitLord\lang\lang_sv_se.xml
    D:\Program Files\BitLord\lang\lang_th_th.xml
    D:\Program Files\BitLord\lang\lang_tr_tr.xml
    D:\Program Files\BitLord\lang\lang_va_es.xml
    D:\Program Files\BitLord\lang\lang_zh_tw.xml
    D:\Program Files\BitLord\rules\ipfilter.dat
    D:\Program Files\BitLord\rules\tracker.dat
    D:\Program Files\BitLord\Torrents\CSI.Las.Vegas.S07E11-16.FRENCH.DVDRiP.XViD-ANDR0S.torrent
    D:\Program Files\BitLord\Torrents\CSI.Las.Vegas.S07E11-16.FRENCH.DVDRiP.XViD-ANDR0S.xml
    D:\Program Files\BitLord\Torrents\CSI.Las.Vegas.S07E17-18.FRENCH.HDTV.XviD-JMT.torrent
    D:\Program Files\BitLord\Torrents\CSI.Las.Vegas.S07E17-18.FRENCH.HDTV.XviD-JMT.xml
    D:\Program Files\BitLord\Torrents\Dexter.S01E07-12.FRENCH.DVDRip.XviD-JMT.torrent
    D:\Program Files\BitLord\Torrents\Dexter.S01E07-12.FRENCH.DVDRip.XviD-JMT.xml
    D:\Program Files\BitLord\Torrents\JCVD[2008]DvDrip[Eng]-FXG.torrent
    D:\Program Files\BitLord\Torrents\JCVD[2008]DvDrip[Eng]-FXG.xml
    D:\DOCUME~1\POLO\Desktop\BitLord.lnk
    D:\WINDOWS\Prefetch\BITLORD.EXE-27A8448C.pf
    D:\WINDOWS\Prefetch\BITLORD_1.01(4).EXE-08101BD2.pf
    D:\DOCUME~1\POLO\Menu Démarrer\Programmes\BitLord
    D:\DOCUME~1\POLO\Cookies\polo@bitlord[2].txt

    -----------\\ Extensions

    (POLO) - {635abd67-4fe9-1b23-4f01-e679fa7484c1} => ytoolbar
    (POLO) - {7c5c0f58-e061-457d-9033-77307f5ed00c} => torrentman
    (POLO) - {b9db16a4-6edc-47ec-a1f4-b86292ed211d} => dwhelper

    -----------\\ [..\Internet Explorer\Main]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Local Page"="D:\\WINDOWS\\system32\\blank.htm"
    "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
    "Start Page Redirect Cache"="https://www.msn.com/fr-fr?ocid=iehp"
    "Default_search_url"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
    "Start Page"="http://www.emule-france.com"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    "Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
    "Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
    "Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
    "Local Page"="D:\\WINDOWS\\system32\\blank.htm"
    "Start Page"="https://www.msn.com/fr-fr/"
    "Search bar"="http://www.bing.com/spresults.aspx"

    --------------------\\ Searching for other infections

    No other infection found!

    1 - "D:\ToolBar SD\TB_1.txt" - 05/06/2009|19:31 - Option: [1]
    2 - "D:\ToolBar SD\TB_2.txt" - 06/06/2009|13:34 - Option: [2]

    -----------\\ End of report at 13:34:09.84
    0
  4. darkpoet Posted messages 1696 Status Security Contributor 62
     
    ok redo this again please

    --
    to teach is always to learn
    0
  5. crapoulou Posted messages 28002 Registration date   Status Moderator, Security Contributor Last intervention   8 046
     
    Hi,
    With darkpoet's agreement, for personal reasons, I will finish your disinfection.
    You can post a new RSIT.
    In the meantime, I will check what you have done.
    Crapoulou.
    --
    Got a problem? Head over to CCM!
    There’s no problem without a solution.
    0
  6. turbulent13 Posted messages 41 Status Member
     
    OK hello to you crapoulou and thanks for the helping hand
    here are the 2 RSIT reports to start the log:


    Logfile of random's system information tool 1.06 (written by random/random)
    Run by POLO at 2009-06-07 01:00:18
    Microsoft Windows XP Professional Service Pack 2
    System drive D: has 12 GB (35%) free of 35 GB
    Total RAM: 1791 MB (72% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 01:00:29, on 07/06/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\Program Files\Avira\AntiVir Desktop\sched.exe
    D:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    D:\Program Files\Avira\AntiVir Desktop\avguard.exe
    D:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    D:\WINDOWS\system32\nvsvc32.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\system32\WgaTray.exe
    D:\WINDOWS\Explorer.EXE
    D:\Program Files\Real\RealPlayer\RealPlay.exe
    D:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    D:\WINDOWS\system32\ctfmon.exe
    D:\Program Files\Windows Live\Messenger\msnmsgr.exe
    D:\Program Files\Mozilla Firefox\firefox.exe
    E:\RSIT.exe
    D:\Program Files\trend micro\POLO.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.emule-france.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Links
    R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
    R3 - URLSearchHook: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - D:\Program Files\TorrentMan\tbTor1.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O2 - BHO: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - D:\Program Files\TorrentMan\tbTor1.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Assistant Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
    O3 - Toolbar: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - D:\Program Files\TorrentMan\tbTor1.dll
    O4 - HKLM\..\Run: [RealTray] D:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
    O8 - Extra context menu item: &AOL Toolbar Search - res://D:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: Add to AMV Converter... - C:\AMVConverter\grab.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\MediaManager\grab.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menu item: Java Console (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - D:\WINDOWS\system32\shdocvw.dll
    O9 - Extra 'Tools' menu item: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - D:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - D:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menu item: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: d:\windows\system32\nwprovau.dll
    O17 - HKLM\System\CCS\Services\Tcpip\..\{CB32D5A6-B35C-4DD8-8A18-D5C55C029EC9}: NameServer = 86.64.145.144,84.103.237.144
    O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - D:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - D:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - D:\PROGRA~1\Common Files\AOL\ACS\AOLacsd.exe
    O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - Unknown owner - E:\Program Files\MAGIX\Common\Database\bin\fbserver.exe (file missing)
    O23 - Service: Ma-Config Service (maconfservice) - Unknown owner - C:\maconfservice.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe

    --
    End of file - 5709 bytes

    ======Scheduled tasks folder======

    D:\WINDOWS\tasks\WGASetup.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    SSVHelper Class - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll [2008-03-25 509328]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7c5c0f58-e061-457d-9033-77307f5ed00c}]
    TorrentMan Toolbar - D:\Program Files\TorrentMan\tbTor1.dll [2009-06-03 2094616]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
    Windows Live Sign-in Assistant Helper - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {4982D40A-C53B-4615-B15B-B5B5E98D167C}
    {7c5c0f58-e061-457d-9033-77307f5ed00c} - TorrentMan Toolbar - D:\Program Files\TorrentMan\tbTor1.dll [2009-06-03 2094616]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "RealTray"=D:\Program Files\Real\RealPlayer\RealPlay.exe [2009-04-04 26112]
    "NvCplDaemon"=D:\WINDOWS\system32\NvCpl.dll [2007-06-25 8433664]
    "avgnt"=D:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"=D:\WINDOWS\system32\ctfmon.exe [2004-08-19 15360]
    "msnmsgr"=D:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
    D:\Program Files\Common Files\AOL\ACS\AOLDial.exe [2004-04-08 496752]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
    D:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2008-02-22 72192]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
    D:\WINDOWS\system32\ctfmon.exe [2004-08-19 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure Manager]
    D:\Program Files\Orange\AntivirusFirewall\Common\FSM32.EXE /splash []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure TNB]
    D:\Program Files\Orange\AntivirusFirewall\FSGUI\TNBUtil.exe /CHECKALL /WAITFORSW []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    D:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    D:\WINDOWS\system32\NvCpl.dll [2007-06-25 8433664]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
    D:\WINDOWS\RTHDCPL.EXE [2009-04-30 17881088]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
    C:\Office10\OSA.EXE [2001-02-13 83360]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^POLO^Menu Démarrer^Programmes^Démarrage^Notification de cadeaux MSN.lnk]
    D:\DOCUME~1\POLO\APPLIC~1\MICROS~1\NOTIFI~1\lsnfier.exe [2009-04-30 135680]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^POLO^Menu Démarrer^Programmes^Démarrage^RocketDock.lnk]
    D:\WINDOWS\BRICOP~1\VISTAI~1\ROCKET~1\ROCKET~1.EXE [2007-03-19 630784]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LMIinit]
    D:\WINDOWS\system32\LMIinit.dll [2008-05-19 87352]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    D:\WINDOWS\system32\WgaLogon.dll [2008-09-06 267304]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
    "authentication packages"=msv1_0
    nwprovau

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=323
    "NoDriveAutorun"=67108863
    "NoDrives"=0

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "HonorAutoRunSetting"=
    "NoDriveAutoRun"=
    "NoDriveTypeAutoRun"=
    "NoDrives"=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "D:\WINDOWS\system32\usmt\migwiz.exe"="D:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:File and Settings Transfer Assistant"
    "D:\Program Files\Messenger\msmsgs.exe"="D:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
    "D:\Program Files\Windows Live\Messenger\msnmsgr.exe"="D:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "D:\Program Files\Windows Live\Messenger\livecall.exe"="D:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
    "D:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe"="D:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe:*:Enabled:AOL"
    "D:\Program Files\BitLord\BitLord.exe"=""=""
    "D:\Program Files\eMule\emule.exe"="D:\Program Files\eMule\emule.exe:*:Enabled:eMule"
    "D:\Program Files\BitLord\BitLord.exe"="D:\Program Files\BitLord\BitLord.exe:*:Enabled:BitLord"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "D:\Program Files\Windows Live\Messenger\msnmsgr.exe"="D:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "D:\Program Files\Windows Live\Messenger\livecall.exe"="D:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
    "D:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="D:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
    "D:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe"="D:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe:*:Enabled:AOL"
    "C:\AOL 9.0a\waol.exe"="C:\AOL 9.0a\waol.exe:*:Enabled:AOL 9.0a"

    ======List of files/folders created in the last 1 months======

    2009-06-07 01:00:18 ----D---- D:\rsit
    2009-06-06 17:20:12 ----D---- D:\Documents and Settings\POLO\Application Data\.ABC
    2009-06-06 17:20:02 ----D---- D:\Program Files\ABC
    2009-06-06 16:45:20 ----D---- D:\Documents and Settings\All Users\Application Data\MailFrontier
    2009-06-06 16:44:58 ----A---- D:\WINDOWS\system32\SpOrder.dll
    2009-06-06 16:43:05 ----D---- D:\WINDOWS\Internet Logs
    2009-06-06 15:18:32 ----D---- D:\Program Files\BitLord
    2009-06-06 14:23:04 ----D---- D:\Documents and Settings\POLO\Application Data\vlc
    2009-06-05 20:54:31 ----D---- D:\Program Files\eMule
    2009-06-05 19:30:48 ----A---- D:\TB.txt
    2009-06-05 19:29:16 ----D---- D:\ToolBar SD
    2009-06-04 23:17:12 ----D---- D:\Program Files\CCleaner
    2009-06-04 23:05:23 ----A---- D:\TCleaner.txt
    2009-06-04 20:33:50 ----SHD---- D:\RECYCLER
    2009-06-03 19:32:17 ----D---- D:\WINDOWS\temp
    2009-06-03 19:26:39 ----A---- D:\WINDOWS\zip.exe
    2009-06-03 19:26:39 ----A---- D:\WINDOWS\SWXCACLS.exe
    2009-06-03 19:26:39 ----A---- D:\WINDOWS\SWSC.exe
    2009-06-03 19:26:39 ----A---- D:\WINDOWS\SWREG.exe
    2009-06-03 19:26:39 ----A---- D:\WINDOWS\sed.exe
    2009-06-03 19:26:39 ----A---- D:\WINDOWS\PEV.exe
    2009-06-03 19:26:39 ----A---- D:\WINDOWS\NIRCMD.exe
    2009-06-03 19:26:39 ----A---- D:\WINDOWS\grep.exe
    2009-06-03 19:26:33 ----D---- D:\WINDOWS\ERDNT
    2009-06-03 11:17:51 ----D---- D:\Program Files\TorrentMan
    2009-06-03 10:18:57 ----D---- D:\Program Files\Common Files\ODBC
    2009-06-02 21:49:50 ----D---- D:\Documents and Settings\POLO\Application Data\Ableton
    2009-06-02 21:49:50 ----D---- D:\Documents and Settings\All Users\Application Data\Ableton
    2009-06-02 17:51:43 ----D---- D:\Program Files\Malwarebytes' Anti-Malware
    2009-06-01 23:17:20 ----D---- D:\Program Files\Avira
    2009-06-01 19:01:51 ----D---- D:\Program Files\Trend Micro
    2009-05-31 13:32:35 ----D---- D:\Documents and Settings\POLO\Application Data\Lavasoft
    2009-05-29 14:09:03 ----D---- D:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
    2009-05-29 13:21:38 ----D---- D:\Program Files\NT Registry Optimizer
    2009-05-28 22:23:17 ----D---- D:\Documents and Settings\POLO\Application Data\Malwarebytes
    2009-05-28 22:23:10 ----D---- D:\Documents and Settings\All Users\Application Data\Malwarebytes
    2009-05-28 22:08:19 ----D---- D:\WINDOWS\pss
    2009-05-28 22:00:41 ----D---- D:\Program Files\VS Revo Group
    2009-05-25 03:03:55 ----HDC---- D:\WINDOWS\$NtUninstallKB923689$
    2009-05-25 03:00:55 ----HDC---- D:\WINDOWS\$NtUninstallKB936782_WMP10$
    2009-05-22 21:00:45 ----D---- D:\WINDOWS\system32\URTTEMP
    2009-05-22 14:00:38 ----D---- D:\WINDOWS\system32\RTCOM
    2009-05-22 14:00:17 ----A---- D:\WINDOWS\vncutil.exe
    2009-05-22 14:00:17 ----A---- D:\WINDOWS\SOUNDMAN.EXE
    2009-05-22 14:00:17 ----A---- D:\WINDOWS\SkyTel.exe
    2009-05-22 14:00:15 ----A---- D:\WINDOWS\RtlUpd.exe
    2009-05-22 14:00:14 ----A---- D:\WINDOWS\RTLCPL.EXE
    2009-05-22 14:00:12 ----A---- D:\WINDOWS\system32\RtkCoInstXP.dll
    2009-05-22 14:00:12 ----A---- D:\WINDOWS\RtkAudioService.exe
    2009-05-22 14:00:09 ----A---- D:\WINDOWS\RTHDCPL.EXE
    2009-05-22 14:00:07 ----A---- D:\WINDOWS\MicCal.exe
    2009-05-22 14:00:03 ----D---- D:\Program Files\Realtek
    2009-05-22 14:00:03 ----A---- D:\WINDOWS\ALCWZRD.EXE
    2009-05-22 14:00:03 ----A---- D:\WINDOWS\ALCMTR.EXE
    2009-05-22 13:59:55 ----A---- D:\WINDOWS\RtlExUpd.dll
    2009-05-22 13:53:51 ----D---- D:\Documents and Settings\All Users\Application Data\ma-config.com
    2009-05-17 13:09:48 ----D---- D:\Documents and Settings\All Users\Application Data\Babylon
    2009-05-17 13:09:47 ----D---- D:\Documents and Settings\POLO\Application Data\Babylon
    2009-05-16 20:48:35 ----D---- D:\Documents and Settings\POLO\Application Data\Serif
    2009-05-15 21:34:35 ----A---- D:\WINDOWS\wininit.ini
    2009-05-15 13:38:32 ----D---- D:\Documents and Settings\POLO\Application Data\F-Secure
    2009-05-15 13:33:37 ----D---- D:\Program Files\Orange
    2009-05-15 13:33:14 ----D---- D:\Documents and Settings\All Users\Application Data\fssg
    2009-05-15 13:32:25 ----D---- D:\Documents and Settings\All Users\Application Data\f-secure
    2009-05-13 18:15:38 ----D---- D:\Documents and Settings\POLO\Application Data\Icons
    2009-05-12 19:02:10 ----D---- D:\Program Files\Securitoo
    2009-05-12 19:01:30 ----A---- D:\WINDOWS\system32\w32n50.dll
    2009-05-12 19:01:20 ----D---- D:\Program Files\OrangeHSS
    2009-05-12 18:59:49 ----A---- D:\WINDOWS\system32\atl71.dll

    ======List of files/folders modified in the last 1 months======

    2009-06-07 01:00:24 ----D---- D:\WINDOWS\Prefetch
    2009-06-07 00:52:16 ----D---- D:\Program Files\Mozilla Firefox
    2009-06-07 00:50:49 ----D---- D:\WINDOWS\system32\CatRoot2
    2009-06-07 00:50:26 ----RD---- D:\Program Files
    2009-06-07 00:50:26 ----D---- D:\WINDOWS\system32\drivers
    2009-06-07 00:50:26 ----D---- D:\WINDOWS\system32
    2009-06-07 00:49:34 ----A---- D:\WINDOWS\SchedLgU.Txt
    2009-06-07 00:48:32 ----D---- D:\WINDOWS
    2009-06-06 16:44:53 ----HD---- D:\WINDOWS\inf
    2009-06-04 02:03:56 ----D---- D:\Documents and Settings\POLO\Application Data\LimeWire
    2009-06-03 19:30:54 ----A---- D:\WINDOWS\system.ini
    2009-06-03 19:30:10 ----D---- D:\WINDOWS\AppPatch
    2009-06-03 19:30:08 ----D---- D:\Program Files\Common Files
    2009-06-03 18:53:08 ----SHD---- D:\WINDOWS\Installer
    2009-06-03 10:19:03 ----SD---- D:\Documents and Settings\POLO\Application Data\Microsoft
    2009-06-03 10:18:57 ----SD---- D:\Documents and Settings\All Users\Application Data\Microsoft
    2009-06-02 17:54:05 ----D---- D:\Documents and Settings
    2009-06-01 23:17:20 ----D---- D:\Documents and Settings\All Users\Application Data\Avira
    2009-06-01 23:15:24 ----D---- D:\WINDOWS\WinSxS
    2009-06-01 21:09:57 ----SD---- D:\WINDOWS\Downloaded Program Files
    2009-05-31 14:40:53 ----A---- D:\WINDOWS\system32\PerfStringBackup.INI
    2009-05-29 13:16:31 ----D---- D:\WINDOWS\system32\config
    2009-05-29 13:16:12 ----D---- D:\WINDOWS\system32\wbem
    2009-05-29 13:16:12 ----D---- D:\WINDOWS\Registration
    2009-05-28 23:18:54 ----D---- D:\WINDOWS\Debug
    2009-05-28 22:09:50 ----A---- D:\WINDOWS\win.ini
    2009-05-28 22:04:39 ----D---- D:\Program Files\Internet Explorer
    2009-05-28 00:58:08 ----D---- D:\Documents and Settings\POLO\Application Data\dvdcss
    2009-05-25 13:29:54 ----D---- D:\WINDOWS\security
    2009-05-25 03:05:35 ----D---- D:\WINDOWS\system32\CatRoot
    2009-05-25 03:04:30 ----RSHDC---- D:\WINDOWS\system32\dllcache
    2009-05-22 21:01:12 ----RSD---- D:\WINDOWS\assembly
    2009-05-22 17:49:27 ----D---- D:\Program Files\Windows Media Player
    2009-05-22 17:49:16 ----D---- D:\WINDOWS\Help
    2009-05-22 17:48:56 ----D---- D:\WINDOWS\RegisteredPackages
    2009-05-22 14:16:17 ----D---- D:\Program Files\Messenger Plus! Live
    2009-05-22 14:16:16 ----SHDC---- D:\Program Files\Common Files\WindowsLiveInstaller
    2009-05-22 14:00:03 ----HD---- D:\Program Files\InstallShield Installation Information
    2009-05-18 09:47:05 ----A---- D:\WINDOWS\CDPlayer.ini
    2009-05-16 20:47:27 ----RSD---- D:\WINDOWS\Fonts
    2009-05-14 23:41:49 ----D---- D:\Program Files\Movie Maker

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 avgio;avgio; \??\D:\Program Files\Avira\AntiVir Desktop\avgio.sys []
    R1 avipbb;avipbb; D:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
    R1 ssmdrv;ssmdrv; D:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-02-13 28376]
    R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; D:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2004-08-04 8832]
    R2 ASCTRM;ASCTRM; D:\WINDOWS\system32\drivers\ASCTRM.sys [2009-04-04 8552]
    R2 avgntflt;avgntflt; D:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-03-24 55640]
    R2 LMIRfsDriver;LogMeIn Remote Driver; D:\WINDOWS\system32\DRIVERS\lmirmdrv.sys [2009-04-04 17776]
    0
  7. crapoulou Posted messages 28002 Registration date   Status Moderator, Security Contributor Last intervention   8 046
     
    As it has been said and repeated to you enough, you need to uninstall Bitlord:
    D:\Program Files\BitLord\uninst.exe

    Restart option 2 of Toolbar S&D to get rid of it!
    Post the generated report.

    *********

    Your Windows is hacked: big security flaw. Moreover, you are downloading on P2P: reinfection is almost guaranteed but hey, it's you who has the troubles, not me.

    ********

    Do you have Antivir and F secure simultaneously on the machine?
    Uninstall F-Secure, it's less effective.

    --
    Got a problem? Come to CCM!
    There's no problem without a solution.
    0
  8. turbulent13 Posted messages 41 Status Member
     
    Hi
    So, just for clarification, it’s a colleague who gave me XP to replace Vista, but given the problems it causes, I assure you that if it were possible, I would gladly go back to my real Vista.
    Otherwise, here’s the toolbar report after removal:

    -----------\\ ToolBar S&D 1.2.8 XP/Vista

    Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 2
    X86-based PC ( Uniprocessor Free : Mobile AMD Sempron(tm) Processor 3600+ )
    BIOS : PhoenixBIOS 4.0 Release 6.1
    USER : POLO ( Administrator )
    BOOT : Normal boot
    Antivirus : AntiVir Desktop 9.0.1.26 (Activated)
    C:\ (Local Disk) - NTFS - Total:69 Go (Free:32 Go)
    D:\ (Local Disk) - NTFS - Total:34 Go (Free:7 Go)
    E:\ (Local Disk) - NTFS - Total:35 Go (Free:32 Go)
    F:\ (CD or DVD)

    "D:\ToolBar SD" ( LAST UPDATED : 12-21-2008|20:47 )
    Option : [2] ( 06/08/2009| 2:03 )

    -----------\\ REMOVAL

    Deleting! - D:\Program Files\BitLord\BitLord.exe
    Deleting! - D:\Program Files\BitLord\BitLord.url
    Deleting! - D:\Program Files\BitLord\BitLord.xml
    Deleting! - D:\Program Files\BitLord\Downloads
    Deleting! - D:\Program Files\BitLord\Downloads.xml
    Deleting! - D:\Program Files\BitLord\lang
    Deleting! - D:\Program Files\BitLord\License.txt
    Deleting! - D:\Program Files\BitLord\rules
    Deleting! - D:\Program Files\BitLord\Torrents
    Deleting! - D:\Program Files\BitLord\uninst.exe
    Deleting! - D:\DOCUME~1\POLO\Desktop\BitLord.lnk
    Deleting! - D:\WINDOWS\Prefetch\BITLORD.EXE-27A8448C.pf
    Deleting! - D:\WINDOWS\Prefetch\BITLORD_1.01(2).EXE-2BD92A6D.pf
    Deleting! - D:\DOCUME~1\POLO\MENUDM~1\PROGRA~1\BitLord
    Deleting! - D:\DOCUME~1\POLO\Cookies\polo@bitlord[1].txt
    Deleting! - D:\DOCUME~1\POLO\Cookies\polo@bitlord[2].txt
    Deleting! - D:\Program Files\BitLord

    -----------\\ Searching for Files / Folders ...

    -----------\\ Extensions

    (POLO) - {635abd67-4fe9-1b23-4f01-e679fa7484c1} => ytoolbar
    (POLO) - {7c5c0f58-e061-457d-9033-77307f5ed00c} => torrentman
    (POLO) - {b9db16a4-6edc-47ec-a1f4-b86292ed211d} => dwhelper

    -----------\\ [..\Internet Explorer\Main]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Local Page"="D:\\WINDOWS\\system32\\blank.htm"
    "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
    "Start Page Redirect Cache"="https://www.msn.com/fr-fr?ocid=iehp"
    "Default_search_url"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
    "Start Page"="http://www.emule-france.com"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    "Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
    "Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
    "Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
    "Local Page"="D:\\WINDOWS\\system32\\blank.htm"
    "Start Page"="https://www.msn.com/fr-fr/"
    "Search bar"="http://www.bing.com/spresults.aspx"

    --------------------\\ Searching for other infections

    No other infections found!

    1 - "D:\ToolBar SD\TB_1.txt" - 06/05/2009|19:31 - Option : [1]
    2 - "D:\ToolBar SD\TB_2.txt" - 06/06/2009|13:34 - Option : [2]
    3 - "D:\ToolBar SD\TB_3.txt" - 06/08/2009| 2:02 - Option : [1]
    4 - "D:\ToolBar SD\TB_4.txt" - 06/08/2009| 2:03 - Option : [2]

    -----------\\ End of report at 2:03:56.06
    0
  9. crapoulou Posted messages 28002 Registration date   Status Moderator, Security Contributor Last intervention   8 046
     
    Post a new RSIT report to see where we stand.
    --
    Got a problem? Check out CCM!
    There's no problem without a solution.
    0
  10. turbulent13 Posted messages 41 Status Member
     
    voila nouveau rsit, merci

    Logfile of random's system information tool 1.06 (written by random/random)
    Run by POLO at 2009-06-09 00:30:58
    Microsoft Windows XP Professional Service Pack 2
    System drive D: has 14 GB (41%) free of 35 GB
    Total RAM: 1791 MB (79% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 00:31:02, on 09/06/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\Program Files\Avira\AntiVir Desktop\sched.exe
    D:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    D:\Program Files\Avira\AntiVir Desktop\avguard.exe
    D:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    D:\WINDOWS\system32\nvsvc32.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\system32\WgaTray.exe
    D:\WINDOWS\Explorer.EXE
    D:\Program Files\Real\RealPlayer\RealPlay.exe
    D:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    D:\WINDOWS\system32\ctfmon.exe
    D:\Program Files\Windows Live\Messenger\msnmsgr.exe
    E:\RSIT(2).exe
    D:\Program Files\trend micro\POLO.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.emule-france.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Links
    R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
    R3 - URLSearchHook: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - D:\Program Files\TorrentMan\tbTor1.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O2 - BHO: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - D:\Program Files\TorrentMan\tbTor1.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Assistant Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
    O3 - Toolbar: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - D:\Program Files\TorrentMan\tbTor1.dll
    O4 - HKLM\..\Run: [RealTray] D:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
    O8 - Extra context menu item: &Recherche AOL Toolbar - res://D:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: Add to AMV Converter... - C:\AMVConverter\grab.html
    O8 - Extra context menu item: E&xporter to Microsoft Excel - res://C:\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\MediaManager\grab.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - D:\WINDOWS\system32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - D:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - D:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: d:\windows\system32\nwprovau.dll
    O16 - DPF: {9DF1C00D-8426-4337-972C-DC042D19A916} (FTMediaPlayer Class) - http://webtv.guidetv.orange.fr/resources/OCS_8884.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{CB32D5A6-B35C-4DD8-8A18-D5C55C029EC9}: NameServer = 86.64.145.144,84.103.237.144
    O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - D:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - D:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - D:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - Unknown owner - E:\Program Files\MAGIX\Common\Database\bin\fbserver.exe (file missing)
    O23 - Service: Ma-Config Service (maconfservice) - Unknown owner - C:\maconfservice.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe

    --
    End of file - 5795 bytes

    ======Scheduled tasks folder======

    D:\WINDOWS\tasks\WGASetup.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    SSVHelper Class - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll [2008-03-25 509328]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7c5c0f58-e061-457d-9033-77307f5ed00c}]
    TorrentMan Toolbar - D:\Program Files\TorrentMan\tbTor1.dll [2009-06-03 2094616]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
    Windows Live Sign-in Assistant Helper - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {4982D40A-C53B-4615-B15B-B5B5E98D167C}
    {7c5c0f58-e061-457d-9033-77307f5ed00c} - TorrentMan Toolbar - D:\Program Files\TorrentMan\tbTor1.dll [2009-06-03 2094616]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "RealTray"=D:\Program Files\Real\RealPlayer\RealPlay.exe [2009-04-04 26112]
    "NvCplDaemon"=D:\WINDOWS\system32\NvCpl.dll [2007-06-25 8433664]
    "avgnt"=D:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"=D:\WINDOWS\system32\ctfmon.exe [2004-08-19 15360]
    "msnmsgr"=D:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
    D:\Program Files\Common Files\AOL\ACS\AOLDial.exe [2004-04-08 496752]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
    D:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2008-02-22 72192]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
    D:\WINDOWS\system32\ctfmon.exe [2004-08-19 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure Manager]
    D:\Program Files\Orange\AntivirusFirewall\Common\FSM32.EXE /splash []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure TNB]
    D:\Program Files\Orange\AntivirusFirewall\FSGUI\TNBUtil.exe /CHECKALL /WAITFORSW []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    D:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    D:\WINDOWS\system32\NvCpl.dll [2007-06-25 8433664]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
    D:\WINDOWS\RTHDCPL.EXE [2009-04-30 17881088]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
    C:\Office10\OSA.EXE [2001-02-13 83360]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^POLO^Menu Démarrer^Programmes^Démarrage^Notification de cadeaux MSN.lnk]
    D:\DOCUME~1\POLO\APPLIC~1\MICROS~1\NOTIFI~1\lsnfier.exe [2009-04-30 135680]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^POLO^Menu Démarrer^Programmes^Démarrage^RocketDock.lnk]
    D:\WINDOWS\BRICOP~1\VISTAI~1\ROCKET~1\ROCKET~1.EXE [2007-03-19 630784]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LMIinit]
    D:\WINDOWS\system32\LMIinit.dll [2008-05-19 87352]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    D:\WINDOWS\system32\WgaLogon.dll [2008-09-06 267304]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
    "authentication packages"=msv1_0
    nwprovau

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=323
    "NoDriveAutorun"=67108863
    "NoDrives"=0

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "HonorAutoRunSetting"=
    "NoDriveAutoRun"=
    "NoDriveTypeAutoRun"=
    "NoDrives"=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "D:\WINDOWS\system32\usmt\migwiz.exe"="D:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:File and Settings Transfer Assistant"
    "D:\Program Files\Messenger\msmsgs.exe"="D:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
    "D:\Program Files\Windows Live\Messenger\msnmsgr.exe"="D:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "D:\Program Files\Windows Live\Messenger\livecall.exe"="D:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
    "D:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe"="D:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe:*:Enabled:AOL"
    "D:\Program Files\BitLord\BitLord.exe""=""
    "D:\Program Files\eMule\emule.exe"="D:\Program Files\eMule\emule.exe:*:Enabled:eMule"
    "D:\Program Files\BitLord\BitLord.exe"="D:\Program Files\BitLord\BitLord.exe:*:Enabled:BitLord"
    "D:\Program Files\ABC\abc.exe"="D:\Program Files\ABC\abc.exe:*:Enabled:abc"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "D:\Program Files\Windows Live\Messenger\msnmsgr.exe"="D:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "D:\Program Files\Windows Live\Messenger\livecall.exe"="D:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
    "D:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="D:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
    "D:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe"="D:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe:*:Enabled:AOL"
    "C:\AOL 9.0a\waol.exe"="C:\AOL 9.0a\waol.exe:*:Enabled:AOL 9.0a"

    ======List of files/folders created in the last 1 months======

    2009-06-08 13:30:20 ----A---- D:\WINDOWS\system32\d3dx9_36.dll
    2009-06-07 01:00:18 ----D---- D:\rsit
    2009-06-06 17:20:12 ----D---- D:\Documents and Settings\POLO\Application Data\.ABC
    2009-06-06 17:20:02 ----D---- D:\Program Files\ABC
    2009-06-06 16:45:20 ----D---- D:\Documents and Settings\All Users\Application Data\MailFrontier
    2009-06-06 16:44:58 ----A---- D:\WINDOWS\system32\SpOrder.dll
    2009-06-06 16:43:05 ----D---- D:\WINDOWS\Internet Logs
    2009-06-06 14:23:04 ----D---- D:\Documents and Settings\POLO\Application Data\vlc
    2009-06-05 20:54:31 ----D---- D:\Program Files\eMule
    2009-06-05 19:30:48 ----A---- D:\TB.txt
    2009-06-05 19:29:16 ----D---- D:\ToolBar SD
    2009-06-04 23:17:12 ----D---- D:\Program Files\CCleaner
    2009-06-04 23:05:23 ----A---- D:\TCleaner.txt
    2009-06-04 20:33:50 ----SHD---- D:\RECYCLER
    2009-06-03 19:32:17 ----D---- D:\WINDOWS\temp
    2009-06-03 19:26:39 ----A---- D:\WINDOWS\zip.exe
    2009-06-03 19:26:39 ----A---- D:\WINDOWS\SWXCACLS.exe
    2009-06-03 19:26:39 ----A---- D:\WINDOWS\SWSC.exe
    2009-06-03 19:26:39 ----A---- D:\WINDOWS\SWREG.exe
    2009-06-03 19:26:39 ----A---- D:\WINDOWS\sed.exe
    2009-06-03 19:26:39 ----A---- D:\WINDOWS\PEV.exe
    2009-06-03 19:26:39 ----A---- D:\WINDOWS\NIRCMD.exe
    2009-06-03 19:26:39 ----A---- D:\WINDOWS\grep.exe
    2009-06-03 19:26:33 ----D---- D:\WINDOWS\ERDNT
    2009-06-03 11:17:51 ----D---- D:\Program Files\TorrentMan
    2009-06-03 10:18:57 ----D---- D:\Program Files\Common Files\ODBC
    2009-06-02 21:49:50 ----D---- D:\Documents and Settings\POLO\Application Data\Ableton
    2009-06-02 21:49:50 ----D---- D:\Documents and Settings\All Users\Application Data\Ableton
    2009-06-02 17:51:43 ----D---- D:\Program Files\Malwarebytes' Anti-Malware
    2009-06-01 23:17:20 ----D---- D:\Program Files\Avira
    2009-06-01 19:01:51 ----D---- D:\Program Files\Trend Micro
    2009-05-31 13:32:35 ----D---- D:\Documents and Settings\POLO\Application Data\Lavasoft
    2009-05-29 14:09:03 ----D---- D:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
    2009-05-29 13:21:38 ----D---- D:\Program Files\NT Registry Optimizer
    2009-05-28 22:23:17 ----D---- D:\Documents and Settings\POLO\Application Data\Malwarebytes
    2009-05-28 22:23:10 ----D---- D:\Documents and Settings\All Users\Application Data\Malwarebytes
    2009-05-28 22:08:19 ----D---- D:\WINDOWS\pss
    2009-05-28 22:00:41 ----D---- D:\Program Files\VS Revo Group
    2009-05-25 03:03:55 ----HDC---- D:\WINDOWS\$NtUninstallKB923689$
    2009-05-25 03:00:55 ----HDC---- D:\WINDOWS\$NtUninstallKB936782_WMP10$
    2009-05-22 21:00:45 ----D---- D:\WINDOWS\system32\URTTEMP
    2009-05-22 14:00:38 ----D---- D:\WINDOWS\system32\RTCOM
    2009-05-22 14:00:17 ----A---- D:\WINDOWS\vncutil.exe
    2009-05-22 14:00:17 ----A---- D:\WINDOWS\SOUNDMAN.EXE
    2009-05-22 14:00:17 ----A---- D:\WINDOWS\SkyTel.exe
    2009-05-22 14:00:15 ----A---- D:\WINDOWS\RtlUpd.exe
    2009-05-22 14:00:14 ----A---- D:\WINDOWS\RTLCPL.EXE
    2009-05-22 14:00:12 ----A---- D:\WINDOWS\system32\RtkCoInstXP.dll
    2009-05-22 14:00:12 ----A---- D:\WINDOWS\RtkAudioService.exe
    2009-05-22 14:00:09 ----A---- D:\WINDOWS\RTHDCPL.EXE
    2009-05-22 14:00:07 ----A---- D:\WINDOWS\MicCal.exe
    2009-05-22 14:00:03 ----D---- D:\Program Files\Realtek
    2009-05-22 14:00:03 ----A---- D:\WINDOWS\ALCWZRD.EXE
    2009-05-22 14:00:03 ----A---- D:\WINDOWS\ALCMTR.EXE
    2009-05-22 13:59:55 ----A---- D:\WINDOWS\RtlExUpd.dll
    2009-05-22 13:53:51 ----D---- D:\Documents and Settings\All Users\Application Data\ma-config.com
    2009-05-17 13:09:48 ----D---- D:\Documents and Settings\All Users\Application Data\Babylon
    2009-05-17 13:09:47 ----D---- D:\Documents and Settings\POLO\Application Data\Babylon
    2009-05-16 20:48:35 ----D---- D:\Documents and Settings\POLO\Application Data\Serif
    2009-05-15 21:34:35 ----A---- D:\WINDOWS\wininit.ini
    2009-05-15 13:38:32 ----D---- D:\Documents and Settings\POLO\Application Data\F-Secure
    2009-05-15 13:33:37 ----D---- D:\Program Files\Orange
    2009-05-15 13:33:14 ----D---- D:\Documents and Settings\All Users\Application Data\fssg
    2009-05-15 13:32:25 ----D---- D:\Documents and Settings\All Users\Application Data\f-secure
    2009-05-13 18:15:38 ----D---- D:\Documents and Settings\POLO\Application Data\Icons
    2009-05-12 19:02:10 ----D---- D:\Program Files\Securitoo
    2009-05-12 19:01:30 ----A---- D:\WINDOWS\system32\w32n50.dll
    2009-05-12 19:01:20 ----D---- D:\Program Files\OrangeHSS
    2009-05-12 18:59:49 ----A---- D:\WINDOWS\system32\atl71.dll

    ======List of files/folders modified in the last 1 months======

    2009-06-09 00:31:01 ----D---- D:\WINDOWS\Prefetch
    2009-06-09 00:27:49 ----D---- D:\Program Files\Mozilla Firefox
    2009-06-08 20:43:56 ----D---- D:\WINDOWS\system32\CatRoot2
    2009-06-08 16:04:00 ----D---- D:\WINDOWS
    2009-06-08 14:25:22 ----A---- D:\WINDOWS\SchedLgU.Txt
    2009-06-08 13:30:26 ----SD---- D:\WINDOWS\Downloaded Program Files
    2009-06-08 13:30:22 ----D---- D:\WINDOWS\system32
    2009-06-08 13:30:21 ----HD---- D:\WINDOWS\inf
    2009-06-08 13:30:19 ----D---- D:\WINDOWS\system32\DirectX
    2009-06-08 02:03:31 ----RD---- D:\Program Files
    2009-06-07 00:50:26 ----D---- D:\WINDOWS\system32\drivers
    2009-06-04 02:03:56 ----D---- D:\Documents and Settings\POLO\Application Data\LimeWire
    2009-06-03 19:30:54 ----A---- D:\WINDOWS\system.ini
    2009-06-03 19:30:10 ----D---- D:\WINDOWS\AppPatch
    2009-06-03 19:30:08 ----D---- D:\Program Files\Common Files
    2009-06-03 18:53:08 ----SHD---- D:\WINDOWS\Installer
    2009-06-03 10:19:03 ----SD---- D:\Documents and Settings\POLO\Application Data\Microsoft
    2009-06-03 10:18:57 ----SD---- D:\Documents and Settings\All Users\Application Data\Microsoft
    2009-06-02 17:54:05 ----D---- D:\Documents and Settings
    2009-06-01 23:17:20 ----D---- D:\Documents and Settings\All Users\Application Data\Avira
    2009-06-01 23:15:24 ----D---- D:\WINDOWS\WinSxS
    2009-05-31 14:40:53 ----A---- D:\WINDOWS\system32\PerfStringBackup.INI
    2009-05-29 13:16:31 ----D---- D:\WINDOWS\system32\config
    2009-05-29 13:16:12 ----D---- D:\WINDOWS\system32\wbem
    2009-05-29 13:16:12 ----D---- D:\WINDOWS\Registration
    2009-05-28 23:18:54 ----D---- D:\WINDOWS\Debug
    2009-05-28 22:09:50 ----A---- D:\WINDOWS\win.ini
    2009-05-28 22:04:39 ----D---- D:\Program Files\Internet Explorer
    2009-05-28 00:58:08 ----D---- D:\Documents and Settings\POLO\Application Data\dvdcss
    2009-05-25 13:29:54 ----D---- D:\WINDOWS\security
    2009-05-25 03:05:35 ----D---- D:\WINDOWS\system32\CatRoot
    2009-05-25 03:04:30 ----RSHDC---- D:\WINDOWS\system32\dllcache
    2009-05-22 21:01:12 ----RSD---- D:\WINDOWS\assembly
    2009-05-22 17:49:27 ----D---- D:\Program Files\Windows Media Player
    2009-05-22 17:49:16 ----D---- D:\WINDOWS\Help
    2009-05-22 17:48:56 ----D---- D:\WINDOWS\RegisteredPackages
    2009-05-22 14:16:17 ----D---- D:\Program Files\Messenger Plus! Live
    2009-05-22 14:16:16 ----SHDC---- D:\Program Files\Common Files\WindowsLiveInstaller
    2009-05-22 14:00:03 ----HD---- D:\Program Files\InstallShield Installation Information
    2009-05-18 09:47:05 ----A---- D:\WINDOWS\CDPlayer.ini
    2009-05-16 20:47:27 ----RSD---- D:\WINDOWS\Fonts
    2009-05-14 23:41:49 ----D---- D:\Program Files\Movie Maker

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 avgio;avgio; \??\D:\Program Files\Avira\AntiVir Desktop\avgio.sys []
    R1 avipbb;avipbb; D:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
    R1 ssmdrv;ssmdrv; D:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-02-13 28376]
    R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; D:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2004-08-04 8832]
    R2 ASCTRM;ASCTRM; D:\WINDOWS\system32\drivers\ASCTRM.sys [2009-04-04 8552]
    R2 avgntflt;avgntflt; D:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-03-24 55640]
    R2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\D:\WINDOWS\system32\drivers\LMIRfsDriver.sys []
    R2 mdmxsdk;mdmxsdk; D:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2007-05-17 12672]
    R2 NwlnkIpx;Ipx Protocol; D:\WINDOWS\system32\DRIVERS\NwlnkIpx.sys [2004-08-04 8792]
    0
  11. crapoulou Posted messages 28002 Registration date   Status Moderator, Security Contributor Last intervention   8 046
     
    Please run a full scan with Antivir and post the report, please...
    --
    Do you have a problem? Head over to CCM!
    There is no problem without a solution.
    0
  12. turbulent13 Posted messages 41 Status Member
     
    Good evening,
    here is the Avira report; apparently, it found one or more viruses, and I had it repaired. It seems to have worked.

    Avira AntiVir Personal
    Report file creation date: Tuesday, June 9, 2009, 8:47 PM

    The scan covers 1,459,945 virus strains.

    License holder: Avira AntiVir Personal - FREE Antivirus
    Serial number: 0000149996-ADJIE-0000001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Boot mode: Started normally
    Identifier: SYSTEM
    Computer name: PAULO

    Version information:
    BUILD.DAT: 9.0.0.65 17959 Bytes 04/22/2009 12:06:00
    AVSCAN.EXE: 9.0.3.6 466689 Bytes 04/21/2009 12:20:54
    AVSCAN.DLL: 9.0.3.0 49409 Bytes 03/03/2009 09:21:02
    LUKE.DLL: 9.0.3.2 209665 Bytes 02/20/2009 10:35:11
    LUKERES.DLL: 9.0.2.0 13569 Bytes 03/03/2009 09:21:31
    ANTIVIR0.VDF: 7.1.0.0 15603712 Bytes 10/27/2008 11:30:36
    ANTIVIR1.VDF: 7.1.2.12 3336192 Bytes 02/11/2009 07:33:26
    ANTIVIR2.VDF: 7.1.4.38 2692096 Bytes 05/29/2009 09:18:02
    ANTIVIR3.VDF: 7.1.4.71 287232 Bytes 06/08/2009 10:44:26
    Engine version: 8.2.0.180
    AEVDF.DLL: 8.1.1.1 106868 Bytes 06/02/2009 09:18:08
    AESCRIPT.DLL: 8.1.2.0 389497 Bytes 06/02/2009 09:18:08
    AESCN.DLL: 8.1.2.3 127347 Bytes 06/02/2009 09:18:07
    AERDL.DLL: 8.1.1.3 438645 Bytes 10/29/2008 05:24:41
    AEPACK.DLL: 8.1.3.18 401783 Bytes 06/02/2009 09:18:07
    AEOFFICE.DLL: 8.1.0.36 196987 Bytes 02/26/2009 07:01:56
    AEHEUR.DLL: 8.1.0.129 1761655 Bytes 06/02/2009 09:18:06
    AEHELP.DLL: 8.1.2.2 119158 Bytes 02/26/2009 07:01:56
    AEGEN.DLL: 8.1.1.44 348532 Bytes 06/02/2009 09:18:04
    AEEMU.DLL: 8.1.0.9 393588 Bytes 10/09/2008 01:32:40
    AECORE.DLL: 8.1.6.12 180599 Bytes 06/02/2009 09:18:03
    AEBB.DLL: 8.1.0.3 53618 Bytes 10/09/2008 01:32:40
    AVWINLL.DLL: 9.0.0.3 18177 Bytes 12/12/2008 07:47:30
    AVPREF.DLL: 9.0.0.1 43777 Bytes 12/03/2008 10:39:26
    AVREP.DLL: 8.0.0.3 155905 Bytes 01/20/2009 01:34:28
    AVREG.DLL: 9.0.0.0 36609 Bytes 11/07/2008 02:24:42
    AVARKT.DLL: 9.0.0.3 292609 Bytes 03/24/2009 02:05:22
    AVEVTLOG.DLL: 9.0.0.7 167169 Bytes 01/30/2009 09:36:37
    SQLITE3.DLL: 3.6.1.0 326401 Bytes 01/28/2009 02:03:49
    SMTPLIB.DLL: 9.2.0.25 28417 Bytes 02/02/2009 07:20:57
    NETNT.DLL: 9.0.0.0 11521 Bytes 11/07/2008 02:40:59
    RCIMAGE.DLL: 9.0.0.21 2438401 Bytes 02/17/2009 12:49:32
    RCTEXT.DLL: 9.0.37.0 88321 Bytes 04/15/2009 09:07:05

    Configuration for the current scan:
    Task name...............................: Full system scan
    Configuration file......................: d:\program files\avira\antivir desktop\sysscan.avp
    Documentation.................................: low
    Primary action.............................: interactive
    Secondary action.............................: ignore
    Scan master boot sectors..: on
    Scan boot sectors.........: on
    Boot sectors...........................: C:, D:, E:,
    Scan active programs..........: on
    Scanning registry.......: on
    Rootkit detection.........................: on
    System file integrity check......: off
    File search mode.....................: All files
    Search in archives....................: on
    Limit recursion depth..........: 20
    Smart Archive Extensions......................: on
    Macrovirus heuristics.....................: on
    File heuristics...........................: medium

    Scan start: Tuesday, June 9, 2009 8:47 PM

    The search for hidden objects begins.
    An instance of the ARK library is already running.

    The search for started processes begins:
    Process scan 'avscan.exe' - '1' module(s) are being checked
    Process scan 'avscan.exe' - '1' module(s) are being checked
    Process scan 'avcenter.exe' - '1' module(s) are being checked
    Process scan 'firefox.exe' - '1' module(s) are being checked
    Process scan 'msnmsgr.exe' - '1' module(s) are being checked
    Process scan 'ctfmon.exe' - '1' module(s) are being checked
    Process scan 'avgnt.exe' - '1' module(s) are being checked
    Process scan 'realplay.exe' - '1' module(s) are being checked
    Process scan 'explorer.exe' - '1' module(s) are being checked
    Process scan 'WgaTray.exe' - '1' module(s) are being checked
    Process scan 'alg.exe' - '1' module(s) are being checked
    Process scan 'wdfmgr.exe' - '1' module(s) are being checked
    Process scan 'svchost.exe' - '1' module(s) are being checked
    Process scan 'nvsvc32.exe' - '1' module(s) are being checked
    Process scan 'AOLacsd.exe' - '1' module(s) are being checked
    Process scan 'avguard.exe' - '1' module(s) are being checked
    Process scan 'ACService.exe' - '1' module(s) are being checked
    Process scan 'svchost.exe' - '1' module(s) are being checked
    Process scan 'sched.exe' - '1' module(s) are being checked
    Process scan 'spoolsv.exe' - '1' module(s) are being checked
    Process scan 'svchost.exe' - '1' module(s) are being checked
    Process scan 'svchost.exe' - '1' module(s) are being checked
    Process scan 'svchost.exe' - '1' module(s) are being checked
    Process scan 'svchost.exe' - '1' module(s) are being checked
    Process scan 'svchost.exe' - '1' module(s) are being checked
    Process scan 'svchost.exe' - '1' module(s) are being checked
    Process scan 'lsass.exe' - '1' module(s) are being checked
    Process scan 'services.exe' - '1' module(s) are being checked
    Process scan 'winlogon.exe' - '1' module(s) are being checked
    Process scan 'csrss.exe' - '1' module(s) are being checked
    Process scan 'smss.exe' - '1' module(s) are being checked
    '31' processes have been checked with '31' modules

    The search for master boot sectors begins:
    Master boot sector HD0
    [INFO] No virus found!

    The search for boot sectors begins:
    Boot sector 'C:\'
    [INFO] No virus found!
    Boot sector 'D:\'
    [INFO] No virus found!
    Boot sector 'E:\'
    [INFO] No virus found!

    The search for executable file references (registry) begins:
    The registry has been checked ( '50' files).

    The search for selected files begins:

    Search beginning in 'C:\' <DATA>
    Search beginning in 'D:\'
    D:\pagefile.sys
    [WARNING] Unable to open the file!
    [NOTE] This file is a Windows system file.
    [NOTE] It is correct that this file cannot be opened for the scan.
    D:\System Volume Information\_restore{64BD409B-71B8-4529-9E0E-682A29E94023}\RP231\A0158647.exe
    [RESULT] Contains Trojan TR/Trash.Gen
    D:\System Volume Information\_restore{64BD409B-71B8-4529-9E0E-682A29E94023}\RP231\A0158650.DLL
    [RESULT] Contains Trojan TR/Trash.Gen
    D:\System Volume Information\_restore{64BD409B-71B8-4529-9E0E-682A29E94023}\RP231\A0158656.DLL
    [RESULT] Contains Trojan TR/Trash.Gen
    D:\System Volume Information\_restore{64BD409B-71B8-4529-9E0E-682A29E94023}\RP231\A0158661.dll
    [RESULT] Contains Trojan TR/Trash.Gen
    D:\System Volume Information\_restore{64BD409B-71B8-4529-9E0E-682A29E94023}\RP231\A0158664.EXE
    [RESULT] Contains Trojan TR/Trash.Gen
    D:\System Volume Information\_restore{64BD409B-71B8-4529-9E0E-682A29E94023}\RP231\A0158672.EXE
    [RESULT] Contains Trojan TR/Trash.Gen
    Search beginning in 'E:\' <DATA2>
    E:\WDM_R223.exe.part
    [0] Archive type: CAB SFX (self extracting)
    --> \data1.cab
    [WARNING] No other file could be decompressed from this archive. The archive is closed.
    [WARNING] No other file could be decompressed from this archive. The archive is closed.

    Start of disinfection:
    D:\System Volume Information\_restore{64BD409B-71B8-4529-9E0E-682A29E94023}\RP231\A0158647.exe
    [RESULT] Contains Trojan TR/Trash.Gen
    [NOTE] The file has been moved to the quarantine directory under the name '4a5fb7bc.qua'!
    D:\System Volume Information\_restore{64BD409B-71B8-4529-9E0E-682A29E94023}\RP231\A0158650.DLL
    [RESULT] Contains Trojan TR/Trash.Gen
    [NOTE] The file has been moved to the quarantine directory under the name '4bd4293d.qua'!
    D:\System Volume Information\_restore{64BD409B-71B8-4529-9E0E-682A29E94023}\RP231\A0158656.DLL
    [RESULT] Contains Trojan TR/Trash.Gen
    [NOTE] The file has been moved to the quarantine directory under the name '4bd9c025.qua'!
    D:\System Volume Information\_restore{64BD409B-71B8-4529-9E0E-682A29E94023}\RP231\A0158661.dll
    [RESULT] Contains Trojan TR/Trash.Gen
    [NOTE] The file has been moved to the quarantine directory under the name '4bd73095.qua'!
    D:\System Volume Information\_restore{64BD409B-71B8-4529-9E0E-682A29E94023}\RP231\A0158664.EXE
    [RESULT] Contains Trojan TR/Trash.Gen
    [NOTE] The file has been moved to the quarantine directory under the name '4bd6394d.qua'!
    D:\System Volume Information\_restore{64BD409B-71B8-4529-9E0E-682A29E94023}\RP231\A0158672.EXE
    [RESULT] Contains Trojan TR/Trash.Gen
    [NOTE] The file has been moved to the quarantine directory under the name '4bd52105.qua'!

    End of scan: Tuesday, June 9, 2009 9:27 PM
    Time taken: 22:29 Minute(s)

    The scan was performed in its entirety

    5533 Directories were checked
    149035 Files were checked
    6 Viruses or unwanted programs were found
    0 Files were classified as suspicious
    0 Files were deleted
    0 Viruses or unwanted programs were repaired
    6 Files were moved to quarantine
    0 Files were renamed
    1 Unable to check files
    149028 Uninfected files
    1243 Archives were checked
    3 Warnings
    7 Notes
    0
  13. crapoulou Posted messages 28002 Registration date   Status Moderator, Security Contributor Last intervention   8 046
     
    Clear the Antivir quarantine.
    How's the PC?
    --
    Do you have a problem? Check out CCM!
    There is no problem without a solution.
    0
  14. turbulent13 Posted messages 41 Status Member
     
    Hi
    So to start off, I'm sorry for not getting back to you sooner, but usually when I get a message on CCM, I receive an email, which wasn't the case with your last message.

    Anyway, I was actually going to ask you where we stood?
    As of today the PC is working very well except for this downloading issue (I can download, but it’s ridiculous, like out of 20 downloads, I only manage to get one or two going, the others stay stuck at zero). Still, aside from this problem, everything seems fine. A huge THANK YOU to Darkpoet and to you, crapoulou, for all of this; fortunately, there are people like you who care about others...
    0
  15. crapoulou Posted messages 28002 Registration date   Status Moderator, Security Contributor Last intervention   8 046
     
    Relaunch Hijackthis.
    Here:
    D:\Program Files\trend micro\POLO.exe

    Click on "Do a system scan only".
    Check these lines:
    O4 - HKLM\..\Run: [RealTray] D:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

    Then click on fix checked.
    Close Hijackthis.

    ***********

    To remove all traces of the software used to address specific infections:

    Download toolscleaner to your Desktop
    = = = =>>> Click here <<<= = = =
    * Double-click on ToolsCleaner2.exe and let it work
    * Click on Search and let the scan finish.
    * Click on Delete to finalize.
    * You can, if you wish, use the Optional options.
    * Click on Quit so that the report can be generated.

    ***********

    You can keep Malwarebytes anti-malware as anti-malware; it is very effective. (Even if it doesn’t solve all problems, of course...!)
    However, it doesn’t have a resident scan in free mode! So, to use it, you need to launch it, perform updates, and do a full scan afterward.

    **********

    * Download Ccleaner Slim:
    = = = = >>> Click here <<< = = = =

    * Install it.
    * Choose the Cleaner tab

    Exit your Internet browser before running it, uncheck the last box (Advanced if checked) then click on "run the cleaner" when it finishes scanning, click on the bottom right on "run the cleaner" and accept with yes.
    Be careful, it may empty your recycle bin: if you want to recover files accidentally deleted, it's better to do it now.

    * Choose the Registry tab

    - Click on Search for issues
    - Once the search is complete, click on Fix selected issues (by default, everything is selected, leave it as is)
    - When prompted Do you want to backup changes made to the registry, respond Yes and save the file in “.reg” format naming it by the date, for example, placing it on the desktop. Then continue.
    - In the window that opens next, click on Fix all selected issues then OK
    - Repeat until no issues appear (or only one recurring).
    - Close Ccleaner.

    * Image tutorial HERE if needed.

    Note: The backup allows you to restore the registry to its state before the manipulation in case there are issues, but this has never happened to me! It's better to take precautions, that’s all. ;-)

    --
    Do you have a problem? Visit CCM!
    There's no problem without a solution.
    0
  16. turbulent13 Posted messages 41 Status Member
     
    It's done, thank you again for everything.
    For the download, do you know what I can do?
    0
  17. crapoulou Posted messages 28002 Registration date   Status Moderator, Security Contributor Last intervention   8 046
     
    I don't know, sorry.
    Delete toolscleaner.
    A+.
    --
    Do you have a problem? Check out CCM!
    There's no problem without a solution.
    0
Previous
  • 1
  • 2
  • 3