Hello, Hello everyone, I'm writing to you today because I'm having quite a few issues with my PC. Since it wasn't running fast, I tried running scans with various software to locate the problem, followed by antivirus programs which despite what their reports indicated, didn't seem to work, as the computer still has bugs that I can't resolve. For example: when I want to uninstall a program, the "add or remove programs" window takes 5 minutes to open. Anyway, I imagine my PC is still infected, so if anyone could kindly give me some information to help me get rid of these little problems for good, it would be really nice. Thanks in advance.

Hi, download Spybot because it's the best antivirus https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/26157.html it goes super fast and if it bugs again, do a defragmentation.

HELP infected computer : CCM

Réponse 41 / 57

turbulent13 Posted messages 41 Status Membre

Hello, I just got back from work, here is the report Toolbar

-----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft Windows XP Professional (v5.1.2600) Service Pack 2
X86-based PC (Uniprocessor Free: Mobile AMD Sempron(tm) Processor 3600+)
BIOS: PhoenixBIOS 4.0 Release 6.1
USER: POLO (Administrator)
BOOT: Normal boot
Antivirus: AntiVir Desktop 9.0.1.26 (Activated)
C:\ (Local Disk) - NTFS - Total: 69 Go (Free: 32 Go)
D:\ (Local Disk) - NTFS - Total: 34 Go (Free: 14 Go)
E:\ (Local Disk) - NTFS - Total: 35 Go (Free: 5 Go)
F:\ (CD or DVD)

"D:\ToolBar SD" (UPDATE: 21-12-2008|20:47)
Option: [1] (05/06/2009|19:30)

-----------\\ File / Folder Search ...

D:\WINDOWS\Prefetch\BITLORD_1.01.EXE-32F7B7E8.pf
D:\DOCUME~1\POLO\Cookies\polo@bitlord[1].txt

-----------\\ Extensions

(POLO) - {635abd67-4fe9-1b23-4f01-e679fa7484c1} => ytoolbar
(POLO) - {7c5c0f58-e061-457d-9033-77307f5ed00c} => torrentman
(POLO) - {b9db16a4-6edc-47ec-a1f4-b86292ed211d} => dwhelper

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Local Page"="D:\\WINDOWS\\system32\\blank.htm"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page Redirect Cache"="https://www.msn.com/fr-fr?ocid=iehp"
"Default_search_url"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Local Page"="D:\\WINDOWS\\system32\\blank.htm"
"Start Page"="https://www.msn.com/fr-fr/"
"Search bar"="http://www.bing.com/spresults.aspx"

--------------------\\ Searching for other infections

No other infections found!

1 - "D:\ToolBar SD\TB_1.txt" - 05/06/2009|19:31 - Option: [1]

-----------\\ End of report at 19:31:32,04

Réponse 42 / 57

darkpoet Posted messages 1696 Status Contributeur sécurité 62

thank you DllD

turbulent13 is restarting toolbarsd option 2 as DllD said it's better to get rid of (bitlord)
--
to teach is always to learn

Réponse 43 / 57

turbulent13 Posted messages 41 Status Membre

ok ok it's done here is the ToolBar report
but can you please help me understand why I can no longer download anything, neither with BitLord nor with eMule...
because deleting BitLord personally is not an issue, but whatever program I use, the download is not working.
THANK YOU.
ToolBar report:

-----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft Windows XP Professional (v5.1.2600) Service Pack 2
X86-based PC (Uniprocessor Free: Mobile AMD Sempron(tm) Processor 3600+)
BIOS: PhoenixBIOS 4.0 Release 6.1
USER: POLO (Administrator)
BOOT: Normal boot
Antivirus: AntiVir Desktop 9.0.1.26 (Activated)
C:\ (Local Disk) - NTFS - Total: 69 Go (Free: 32 Go)
D:\ (Local Disk) - NTFS - Total: 34 Go (Free: 13 Go)
E:\ (Local Disk) - NTFS - Total: 35 Go (Free: 5 Go)
F:\ (CD or DVD)
G:\ (Local Disk) - NTFS - Total: 465 Go (Free: 350 Go)

"D:\ToolBar SD" (UPDATE: 21-12-2008|20:47)
Option: [2] (06/06/2009|13:33)

-----------\\ REMOVAL

Remove! - D:\WINDOWS\Prefetch\BITLORD_1.01.EXE-32F7B7E8.pf

-----------\\ File / Folder Search...

D:\Program Files\BitLord
D:\Program Files\BitLord\BitLord.exe
D:\Program Files\BitLord\BitLord.url
D:\Program Files\BitLord\BitLord.xml
D:\Program Files\BitLord\Downloads
D:\Program Files\BitLord\Downloads.xml
D:\Program Files\BitLord\lang
D:\Program Files\BitLord\License.txt
D:\Program Files\BitLord\rules
D:\Program Files\BitLord\Torrents
D:\Program Files\BitLord\uninst.exe
D:\Program Files\BitLord\Downloads\CSI.Las.Vegas.S07E11-16.FRENCH.DVDRiP.XViD-ANDR0S
D:\Program Files\BitLord\Downloads\CSI.Las.Vegas.S07E17-18.FRENCH.HDTV.XviD-JMT
D:\Program Files\BitLord\Downloads\Dexter.S01E07-12.FRENCH.DVDRip.XviD-JMT
D:\Program Files\BitLord\Downloads\JCVD[2008]DvDrip[Eng]-FXG
D:\Program Files\BitLord\Downloads\CSI.Las.Vegas.S07E11-16.FRENCH.DVDRiP.XViD-ANDR0S\CSI.Las.Vegas.S07E11.FRENCH.DVDRiP.XViD-ANDR0S.avi.bc!
D:\Program Files\BitLord\Downloads\CSI.Las.Vegas.S07E11-16.FRENCH.DVDRiP.XViD-ANDR0S\CSI.Las.Vegas.S07E12.FRENCH.DVDRiP.XViD-ANDR0S.avi.bc!
D:\Program Files\BitLord\Downloads\CSI.Las.Vegas.S07E11-16.FRENCH.DVDRiP.XViD-ANDR0S\CSI.Las.Vegas.S07E13.FRENCH.DVDRiP.XViD-ANDR0S.avi.bc!
D:\Program Files\BitLord\Downloads\CSI.Las.Vegas.S07E11-16.FRENCH.DVDRiP.XViD-ANDR0S\CSI.Las.Vegas.S07E14.FRENCH.DVDRiP.XViD-ANDR0S.avi.bc!
D:\Program Files\BitLord\Downloads\CSI.Las.Vegas.S07E11-16.FRENCH.DVDRiP.XViD-ANDR0S\CSI.Las.Vegas.S07E15.FRENCH.DVDRiP.XViD-ANDR0S.avi.bc!
D:\Program Files\BitLord\Downloads\CSI.Las.Vegas.S07E11-16.FRENCH.DVDRiP.XViD-ANDR0S\CSI.Las.Vegas.S07E16.FRENCH.DVDRiP.XViD-ANDR0S.avi.bc!
D:\Program Files\BitLord\Downloads\CSI.Las.Vegas.S07E17-18.FRENCH.HDTV.XviD-JMT\CSI.Las.Vegas.S07E17.FRENCH.HDTV.XviD-JMT.avi.bc!
D:\Program Files\BitLord\Downloads\CSI.Las.Vegas.S07E17-18.FRENCH.HDTV.XviD-JMT\CSI.Las.Vegas.S07E18.FRENCH.HDTV.XviD-JMT.avi.bc!
D:\Program Files\BitLord\Downloads\Dexter.S01E07-12.FRENCH.DVDRip.XviD-JMT\Dexter.S01E07.FRENCH.DVDRip.XviD-JMT.avi.bc!
D:\Program Files\BitLord\Downloads\Dexter.S01E07-12.FRENCH.DVDRip.XviD-JMT\Dexter.S01E08.FRENCH.DVDRip.XviD-JMT.avi.bc!
D:\Program Files\BitLord\Downloads\Dexter.S01E07-12.FRENCH.DVDRip.XviD-JMT\Dexter.S01E09.FRENCH.DVDRip.XviD-JMT.avi.bc!
D:\Program Files\BitLord\Downloads\Dexter.S01E07-12.FRENCH.DVDRip.XviD-JMT\Dexter.S01E10.FRENCH.DVDRip.XviD-JMT.avi.bc!
D:\Program Files\BitLord\Downloads\Dexter.S01E07-12.FRENCH.DVDRip.XviD-JMT\Dexter.S01E11.FRENCH.DVDRip.XviD-JMT.avi.bc!
D:\Program Files\BitLord\Downloads\Dexter.S01E07-12.FRENCH.DVDRip.XviD-JMT\Dexter.S01E12.FiNAL.FRENCH.DVDRip.XviD-JMT.avi.bc!
D:\Program Files\BitLord\Downloads\JCVD[2008]DvDrip[Eng]-FXG\FXGâ„c.nfo
D:\Program Files\BitLord\Downloads\JCVD[2008]DvDrip[Eng]-FXG\JCVD[2008]DvDrip[Eng]-FXG.avi
D:\Program Files\BitLord\Downloads\JCVD[2008]DvDrip[Eng]-FXG\JCVD[Eng][Subs].srt
D:\Program Files\BitLord\lang\lang_ar_ae.xml
D:\Program Files\BitLord\lang\lang_bg_bg.xml
D:\Program Files\BitLord\lang\lang_ca_es.xml
D:\Program Files\BitLord\lang\lang_cz_cz.xml
D:\Program Files\BitLord\lang\lang_da_dk.xml
D:\Program Files\BitLord\lang\lang_de_de.xml
D:\Program Files\BitLord\lang\lang_el_gr.xml
D:\Program Files\BitLord\lang\lang_en_us.xml
D:\Program Files\BitLord\lang\lang_es_ar.xml
D:\Program Files\BitLord\lang\lang_es_es.xml
D:\Program Files\BitLord\lang\lang_et_ee.xml
D:\Program Files\BitLord\lang\lang_fi_fi.xml
D:\Program Files\BitLord\lang\lang_fr_fr.xml
D:\Program Files\BitLord\lang\lang_gl_es.xml
D:\Program Files\BitLord\lang\lang_he_il.xml
D:\Program Files\BitLord\lang\lang_hu_hu.xml
D:\Program Files\BitLord\lang\lang_it_it.xml
D:\Program Files\BitLord\lang\lang_jp_jp.xml
D:\Program Files\BitLord\lang\lang_ko_kr.xml
D:\Program Files\BitLord\lang\lang_nb_no.xml
D:\Program Files\BitLord\lang\lang_nl_nl.xml
D:\Program Files\BitLord\lang\lang_pl_pl.xml
D:\Program Files\BitLord\lang\lang_pt_br.xml
D:\Program Files\BitLord\lang\lang_pt_pt.xml
D:\Program Files\BitLord\lang\lang_ro_ro.xml
D:\Program Files\BitLord\lang\lang_ru_ru.xml
D:\Program Files\BitLord\lang\lang_sk_sk.xml
D:\Program Files\BitLord\lang\lang_sl_si.xml
D:\Program Files\BitLord\lang\lang_sr_sr.xml
D:\Program Files\BitLord\lang\lang_sv_se.xml
D:\Program Files\BitLord\lang\lang_th_th.xml
D:\Program Files\BitLord\lang\lang_tr_tr.xml
D:\Program Files\BitLord\lang\lang_va_es.xml
D:\Program Files\BitLord\lang\lang_zh_tw.xml
D:\Program Files\BitLord\rules\ipfilter.dat
D:\Program Files\BitLord\rules\tracker.dat
D:\Program Files\BitLord\Torrents\CSI.Las.Vegas.S07E11-16.FRENCH.DVDRiP.XViD-ANDR0S.torrent
D:\Program Files\BitLord\Torrents\CSI.Las.Vegas.S07E11-16.FRENCH.DVDRiP.XViD-ANDR0S.xml
D:\Program Files\BitLord\Torrents\CSI.Las.Vegas.S07E17-18.FRENCH.HDTV.XviD-JMT.torrent
D:\Program Files\BitLord\Torrents\CSI.Las.Vegas.S07E17-18.FRENCH.HDTV.XviD-JMT.xml
D:\Program Files\BitLord\Torrents\Dexter.S01E07-12.FRENCH.DVDRip.XviD-JMT.torrent
D:\Program Files\BitLord\Torrents\Dexter.S01E07-12.FRENCH.DVDRip.XviD-JMT.xml
D:\Program Files\BitLord\Torrents\JCVD[2008]DvDrip[Eng]-FXG.torrent
D:\Program Files\BitLord\Torrents\JCVD[2008]DvDrip[Eng]-FXG.xml
D:\DOCUME~1\POLO\Desktop\BitLord.lnk
D:\WINDOWS\Prefetch\BITLORD.EXE-27A8448C.pf
D:\WINDOWS\Prefetch\BITLORD_1.01(4).EXE-08101BD2.pf
D:\DOCUME~1\POLO\Menu Démarrer\Programmes\BitLord
D:\DOCUME~1\POLO\Cookies\polo@bitlord[2].txt

-----------\\ Extensions

(POLO) - {635abd67-4fe9-1b23-4f01-e679fa7484c1} => ytoolbar
(POLO) - {7c5c0f58-e061-457d-9033-77307f5ed00c} => torrentman
(POLO) - {b9db16a4-6edc-47ec-a1f4-b86292ed211d} => dwhelper

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="D:\\WINDOWS\\system32\\blank.htm"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page Redirect Cache"="https://www.msn.com/fr-fr?ocid=iehp"
"Default_search_url"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="http://www.emule-france.com"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Local Page"="D:\\WINDOWS\\system32\\blank.htm"
"Start Page"="https://www.msn.com/fr-fr/"
"Search bar"="http://www.bing.com/spresults.aspx"

--------------------\\ Searching for other infections

No other infection found!

1 - "D:\ToolBar SD\TB_1.txt" - 05/06/2009|19:31 - Option: [1]
2 - "D:\ToolBar SD\TB_2.txt" - 06/06/2009|13:34 - Option: [2]

-----------\\ End of report at 13:34:09.84

Réponse 44 / 57

darkpoet Posted messages 1696 Status Contributeur sécurité 62

ok redo this again please

--
to teach is always to learn

Réponse 45 / 57

crapoulou Posted messages 28002 Registration date Status Modérateur, Contributeur sécurité Last intervention 8 046

Hi,
With darkpoet's agreement, for personal reasons, I will finish your disinfection.
You can post a new RSIT.
In the meantime, I will check what you have done.
Crapoulou.
--
Got a problem? Head over to CCM!
There’s no problem without a solution.

Réponse 46 / 57

turbulent13 Posted messages 41 Status Membre

OK hello to you crapoulou and thanks for the helping hand
here are the 2 RSIT reports to start the log:

Logfile of random's system information tool 1.06 (written by random/random)
Run by POLO at 2009-06-07 01:00:18
Microsoft Windows XP Professional Service Pack 2
System drive D: has 12 GB (35%) free of 35 GB
Total RAM: 1791 MB (72% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:00:29, on 07/06/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Avira\AntiVir Desktop\sched.exe
D:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
D:\Program Files\Avira\AntiVir Desktop\avguard.exe
D:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\WgaTray.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Real\RealPlayer\RealPlay.exe
D:\Program Files\Avira\AntiVir Desktop\avgnt.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Windows Live\Messenger\msnmsgr.exe
D:\Program Files\Mozilla Firefox\firefox.exe
E:\RSIT.exe
D:\Program Files\trend micro\POLO.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.emule-france.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Links
R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
R3 - URLSearchHook: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - D:\Program Files\TorrentMan\tbTor1.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - D:\Program Files\TorrentMan\tbTor1.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Assistant Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O3 - Toolbar: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - D:\Program Files\TorrentMan\tbTor1.dll
O4 - HKLM\..\Run: [RealTray] D:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar Search - res://D:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Add to AMV Converter... - C:\AMVConverter\grab.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\MediaManager\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menu item: Java Console (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - D:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menu item: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - D:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - D:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menu item: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: d:\windows\system32\nwprovau.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{CB32D5A6-B35C-4DD8-8A18-D5C55C029EC9}: NameServer = 86.64.145.144,84.103.237.144
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - D:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - D:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - D:\PROGRA~1\Common Files\AOL\ACS\AOLacsd.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - Unknown owner - E:\Program Files\MAGIX\Common\Database\bin\fbserver.exe (file missing)
O23 - Service: Ma-Config Service (maconfservice) - Unknown owner - C:\maconfservice.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe

--
End of file - 5709 bytes

======Scheduled tasks folder======

D:\WINDOWS\tasks\WGASetup.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll [2008-03-25 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7c5c0f58-e061-457d-9033-77307f5ed00c}]
TorrentMan Toolbar - D:\Program Files\TorrentMan\tbTor1.dll [2009-06-03 2094616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Assistant Helper - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{4982D40A-C53B-4615-B15B-B5B5E98D167C}
{7c5c0f58-e061-457d-9033-77307f5ed00c} - TorrentMan Toolbar - D:\Program Files\TorrentMan\tbTor1.dll [2009-06-03 2094616]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RealTray"=D:\Program Files\Real\RealPlayer\RealPlay.exe [2009-04-04 26112]
"NvCplDaemon"=D:\WINDOWS\system32\NvCpl.dll [2007-06-25 8433664]
"avgnt"=D:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=D:\WINDOWS\system32\ctfmon.exe [2004-08-19 15360]
"msnmsgr"=D:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
D:\Program Files\Common Files\AOL\ACS\AOLDial.exe [2004-04-08 496752]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
D:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2008-02-22 72192]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
D:\WINDOWS\system32\ctfmon.exe [2004-08-19 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure Manager]
D:\Program Files\Orange\AntivirusFirewall\Common\FSM32.EXE /splash []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure TNB]
D:\Program Files\Orange\AntivirusFirewall\FSGUI\TNBUtil.exe /CHECKALL /WAITFORSW []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
D:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
D:\WINDOWS\system32\NvCpl.dll [2007-06-25 8433664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
D:\WINDOWS\RTHDCPL.EXE [2009-04-30 17881088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
C:\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^POLO^Menu Démarrer^Programmes^Démarrage^Notification de cadeaux MSN.lnk]
D:\DOCUME~1\POLO\APPLIC~1\MICROS~1\NOTIFI~1\lsnfier.exe [2009-04-30 135680]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^POLO^Menu Démarrer^Programmes^Démarrage^RocketDock.lnk]
D:\WINDOWS\BRICOP~1\VISTAI~1\ROCKET~1\ROCKET~1.EXE [2007-03-19 630784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LMIinit]
D:\WINDOWS\system32\LMIinit.dll [2008-05-19 87352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
D:\WINDOWS\system32\WgaLogon.dll [2008-09-06 267304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutorun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\WINDOWS\system32\usmt\migwiz.exe"="D:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:File and Settings Transfer Assistant"
"D:\Program Files\Messenger\msmsgs.exe"="D:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"D:\Program Files\Windows Live\Messenger\msnmsgr.exe"="D:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"D:\Program Files\Windows Live\Messenger\livecall.exe"="D:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"D:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe"="D:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe:*:Enabled:AOL"
"D:\Program Files\BitLord\BitLord.exe"=""=""
"D:\Program Files\eMule\emule.exe"="D:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"D:\Program Files\BitLord\BitLord.exe"="D:\Program Files\BitLord\BitLord.exe:*:Enabled:BitLord"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\Program Files\Windows Live\Messenger\msnmsgr.exe"="D:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"D:\Program Files\Windows Live\Messenger\livecall.exe"="D:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"D:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="D:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"D:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe"="D:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe:*:Enabled:AOL"
"C:\AOL 9.0a\waol.exe"="C:\AOL 9.0a\waol.exe:*:Enabled:AOL 9.0a"

======List of files/folders created in the last 1 months======

2009-06-07 01:00:18 ----D---- D:\rsit
2009-06-06 17:20:12 ----D---- D:\Documents and Settings\POLO\Application Data\.ABC
2009-06-06 17:20:02 ----D---- D:\Program Files\ABC
2009-06-06 16:45:20 ----D---- D:\Documents and Settings\All Users\Application Data\MailFrontier
2009-06-06 16:44:58 ----A---- D:\WINDOWS\system32\SpOrder.dll
2009-06-06 16:43:05 ----D---- D:\WINDOWS\Internet Logs
2009-06-06 15:18:32 ----D---- D:\Program Files\BitLord
2009-06-06 14:23:04 ----D---- D:\Documents and Settings\POLO\Application Data\vlc
2009-06-05 20:54:31 ----D---- D:\Program Files\eMule
2009-06-05 19:30:48 ----A---- D:\TB.txt
2009-06-05 19:29:16 ----D---- D:\ToolBar SD
2009-06-04 23:17:12 ----D---- D:\Program Files\CCleaner
2009-06-04 23:05:23 ----A---- D:\TCleaner.txt
2009-06-04 20:33:50 ----SHD---- D:\RECYCLER
2009-06-03 19:32:17 ----D---- D:\WINDOWS\temp
2009-06-03 19:26:39 ----A---- D:\WINDOWS\zip.exe
2009-06-03 19:26:39 ----A---- D:\WINDOWS\SWXCACLS.exe
2009-06-03 19:26:39 ----A---- D:\WINDOWS\SWSC.exe
2009-06-03 19:26:39 ----A---- D:\WINDOWS\SWREG.exe
2009-06-03 19:26:39 ----A---- D:\WINDOWS\sed.exe
2009-06-03 19:26:39 ----A---- D:\WINDOWS\PEV.exe
2009-06-03 19:26:39 ----A---- D:\WINDOWS\NIRCMD.exe
2009-06-03 19:26:39 ----A---- D:\WINDOWS\grep.exe
2009-06-03 19:26:33 ----D---- D:\WINDOWS\ERDNT
2009-06-03 11:17:51 ----D---- D:\Program Files\TorrentMan
2009-06-03 10:18:57 ----D---- D:\Program Files\Common Files\ODBC
2009-06-02 21:49:50 ----D---- D:\Documents and Settings\POLO\Application Data\Ableton
2009-06-02 21:49:50 ----D---- D:\Documents and Settings\All Users\Application Data\Ableton
2009-06-02 17:51:43 ----D---- D:\Program Files\Malwarebytes' Anti-Malware
2009-06-01 23:17:20 ----D---- D:\Program Files\Avira
2009-06-01 19:01:51 ----D---- D:\Program Files\Trend Micro
2009-05-31 13:32:35 ----D---- D:\Documents and Settings\POLO\Application Data\Lavasoft
2009-05-29 14:09:03 ----D---- D:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-05-29 13:21:38 ----D---- D:\Program Files\NT Registry Optimizer
2009-05-28 22:23:17 ----D---- D:\Documents and Settings\POLO\Application Data\Malwarebytes
2009-05-28 22:23:10 ----D---- D:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-05-28 22:08:19 ----D---- D:\WINDOWS\pss
2009-05-28 22:00:41 ----D---- D:\Program Files\VS Revo Group
2009-05-25 03:03:55 ----HDC---- D:\WINDOWS\$NtUninstallKB923689$
2009-05-25 03:00:55 ----HDC---- D:\WINDOWS\$NtUninstallKB936782_WMP10$
2009-05-22 21:00:45 ----D---- D:\WINDOWS\system32\URTTEMP
2009-05-22 14:00:38 ----D---- D:\WINDOWS\system32\RTCOM
2009-05-22 14:00:17 ----A---- D:\WINDOWS\vncutil.exe
2009-05-22 14:00:17 ----A---- D:\WINDOWS\SOUNDMAN.EXE
2009-05-22 14:00:17 ----A---- D:\WINDOWS\SkyTel.exe
2009-05-22 14:00:15 ----A---- D:\WINDOWS\RtlUpd.exe
2009-05-22 14:00:14 ----A---- D:\WINDOWS\RTLCPL.EXE
2009-05-22 14:00:12 ----A---- D:\WINDOWS\system32\RtkCoInstXP.dll
2009-05-22 14:00:12 ----A---- D:\WINDOWS\RtkAudioService.exe
2009-05-22 14:00:09 ----A---- D:\WINDOWS\RTHDCPL.EXE
2009-05-22 14:00:07 ----A---- D:\WINDOWS\MicCal.exe
2009-05-22 14:00:03 ----D---- D:\Program Files\Realtek
2009-05-22 14:00:03 ----A---- D:\WINDOWS\ALCWZRD.EXE
2009-05-22 14:00:03 ----A---- D:\WINDOWS\ALCMTR.EXE
2009-05-22 13:59:55 ----A---- D:\WINDOWS\RtlExUpd.dll
2009-05-22 13:53:51 ----D---- D:\Documents and Settings\All Users\Application Data\ma-config.com
2009-05-17 13:09:48 ----D---- D:\Documents and Settings\All Users\Application Data\Babylon
2009-05-17 13:09:47 ----D---- D:\Documents and Settings\POLO\Application Data\Babylon
2009-05-16 20:48:35 ----D---- D:\Documents and Settings\POLO\Application Data\Serif
2009-05-15 21:34:35 ----A---- D:\WINDOWS\wininit.ini
2009-05-15 13:38:32 ----D---- D:\Documents and Settings\POLO\Application Data\F-Secure
2009-05-15 13:33:37 ----D---- D:\Program Files\Orange
2009-05-15 13:33:14 ----D---- D:\Documents and Settings\All Users\Application Data\fssg
2009-05-15 13:32:25 ----D---- D:\Documents and Settings\All Users\Application Data\f-secure
2009-05-13 18:15:38 ----D---- D:\Documents and Settings\POLO\Application Data\Icons
2009-05-12 19:02:10 ----D---- D:\Program Files\Securitoo
2009-05-12 19:01:30 ----A---- D:\WINDOWS\system32\w32n50.dll
2009-05-12 19:01:20 ----D---- D:\Program Files\OrangeHSS
2009-05-12 18:59:49 ----A---- D:\WINDOWS\system32\atl71.dll

======List of files/folders modified in the last 1 months======

2009-06-07 01:00:24 ----D---- D:\WINDOWS\Prefetch
2009-06-07 00:52:16 ----D---- D:\Program Files\Mozilla Firefox
2009-06-07 00:50:49 ----D---- D:\WINDOWS\system32\CatRoot2
2009-06-07 00:50:26 ----RD---- D:\Program Files
2009-06-07 00:50:26 ----D---- D:\WINDOWS\system32\drivers
2009-06-07 00:50:26 ----D---- D:\WINDOWS\system32
2009-06-07 00:49:34 ----A---- D:\WINDOWS\SchedLgU.Txt
2009-06-07 00:48:32 ----D---- D:\WINDOWS
2009-06-06 16:44:53 ----HD---- D:\WINDOWS\inf
2009-06-04 02:03:56 ----D---- D:\Documents and Settings\POLO\Application Data\LimeWire
2009-06-03 19:30:54 ----A---- D:\WINDOWS\system.ini
2009-06-03 19:30:10 ----D---- D:\WINDOWS\AppPatch
2009-06-03 19:30:08 ----D---- D:\Program Files\Common Files
2009-06-03 18:53:08 ----SHD---- D:\WINDOWS\Installer
2009-06-03 10:19:03 ----SD---- D:\Documents and Settings\POLO\Application Data\Microsoft
2009-06-03 10:18:57 ----SD---- D:\Documents and Settings\All Users\Application Data\Microsoft
2009-06-02 17:54:05 ----D---- D:\Documents and Settings
2009-06-01 23:17:20 ----D---- D:\Documents and Settings\All Users\Application Data\Avira
2009-06-01 23:15:24 ----D---- D:\WINDOWS\WinSxS
2009-06-01 21:09:57 ----SD---- D:\WINDOWS\Downloaded Program Files
2009-05-31 14:40:53 ----A---- D:\WINDOWS\system32\PerfStringBackup.INI
2009-05-29 13:16:31 ----D---- D:\WINDOWS\system32\config
2009-05-29 13:16:12 ----D---- D:\WINDOWS\system32\wbem
2009-05-29 13:16:12 ----D---- D:\WINDOWS\Registration
2009-05-28 23:18:54 ----D---- D:\WINDOWS\Debug
2009-05-28 22:09:50 ----A---- D:\WINDOWS\win.ini
2009-05-28 22:04:39 ----D---- D:\Program Files\Internet Explorer
2009-05-28 00:58:08 ----D---- D:\Documents and Settings\POLO\Application Data\dvdcss
2009-05-25 13:29:54 ----D---- D:\WINDOWS\security
2009-05-25 03:05:35 ----D---- D:\WINDOWS\system32\CatRoot
2009-05-25 03:04:30 ----RSHDC---- D:\WINDOWS\system32\dllcache
2009-05-22 21:01:12 ----RSD---- D:\WINDOWS\assembly
2009-05-22 17:49:27 ----D---- D:\Program Files\Windows Media Player
2009-05-22 17:49:16 ----D---- D:\WINDOWS\Help
2009-05-22 17:48:56 ----D---- D:\WINDOWS\RegisteredPackages
2009-05-22 14:16:17 ----D---- D:\Program Files\Messenger Plus! Live
2009-05-22 14:16:16 ----SHDC---- D:\Program Files\Common Files\WindowsLiveInstaller
2009-05-22 14:00:03 ----HD---- D:\Program Files\InstallShield Installation Information
2009-05-18 09:47:05 ----A---- D:\WINDOWS\CDPlayer.ini
2009-05-16 20:47:27 ----RSD---- D:\WINDOWS\Fonts
2009-05-14 23:41:49 ----D---- D:\Program Files\Movie Maker

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\D:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; D:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 ssmdrv;ssmdrv; D:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-02-13 28376]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; D:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2004-08-04 8832]
R2 ASCTRM;ASCTRM; D:\WINDOWS\system32\drivers\ASCTRM.sys [2009-04-04 8552]
R2 avgntflt;avgntflt; D:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-03-24 55640]
R2 LMIRfsDriver;LogMeIn Remote Driver; D:\WINDOWS\system32\DRIVERS\lmirmdrv.sys [2009-04-04 17776]

Réponse 47 / 57

crapoulou Posted messages 28002 Registration date Status Modérateur, Contributeur sécurité Last intervention 8 046

As it has been said and repeated to you enough, you need to uninstall Bitlord:

D:\Program Files\BitLord\uninst.exe

Restart option 2 of Toolbar S&D to get rid of it!
Post the generated report.

*********

Your Windows is hacked: big security flaw. Moreover, you are downloading on P2P: reinfection is almost guaranteed but hey, it's you who has the troubles, not me.

********

Do you have Antivir and F secure simultaneously on the machine?
Uninstall F-Secure, it's less effective.

--
Got a problem? Come to CCM!
There's no problem without a solution.

Réponse 48 / 57

turbulent13 Posted messages 41 Status Membre

Hi
So, just for clarification, it’s a colleague who gave me XP to replace Vista, but given the problems it causes, I assure you that if it were possible, I would gladly go back to my real Vista.
Otherwise, here’s the toolbar report after removal:
-----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : Mobile AMD Sempron(tm) Processor 3600+ )
BIOS : PhoenixBIOS 4.0 Release 6.1
USER : POLO ( Administrator )
BOOT : Normal boot
Antivirus : AntiVir Desktop 9.0.1.26 (Activated)
C:\ (Local Disk) - NTFS - Total:69 Go (Free:32 Go)
D:\ (Local Disk) - NTFS - Total:34 Go (Free:7 Go)
E:\ (Local Disk) - NTFS - Total:35 Go (Free:32 Go)
F:\ (CD or DVD)

"D:\ToolBar SD" ( LAST UPDATED : 12-21-2008|20:47 )
Option : [2] ( 06/08/2009| 2:03 )

-----------\\ REMOVAL

Deleting! - D:\Program Files\BitLord\BitLord.exe
Deleting! - D:\Program Files\BitLord\BitLord.url
Deleting! - D:\Program Files\BitLord\BitLord.xml
Deleting! - D:\Program Files\BitLord\Downloads
Deleting! - D:\Program Files\BitLord\Downloads.xml
Deleting! - D:\Program Files\BitLord\lang
Deleting! - D:\Program Files\BitLord\License.txt
Deleting! - D:\Program Files\BitLord\rules
Deleting! - D:\Program Files\BitLord\Torrents
Deleting! - D:\Program Files\BitLord\uninst.exe
Deleting! - D:\DOCUME~1\POLO\Desktop\BitLord.lnk
Deleting! - D:\WINDOWS\Prefetch\BITLORD.EXE-27A8448C.pf
Deleting! - D:\WINDOWS\Prefetch\BITLORD_1.01(2).EXE-2BD92A6D.pf
Deleting! - D:\DOCUME~1\POLO\MENUDM~1\PROGRA~1\BitLord
Deleting! - D:\DOCUME~1\POLO\Cookies\polo@bitlord[1].txt
Deleting! - D:\DOCUME~1\POLO\Cookies\polo@bitlord[2].txt
Deleting! - D:\Program Files\BitLord

-----------\\ Searching for Files / Folders ...

-----------\\ Extensions

(POLO) - {635abd67-4fe9-1b23-4f01-e679fa7484c1} => ytoolbar
(POLO) - {7c5c0f58-e061-457d-9033-77307f5ed00c} => torrentman
(POLO) - {b9db16a4-6edc-47ec-a1f4-b86292ed211d} => dwhelper

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="D:\\WINDOWS\\system32\\blank.htm"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page Redirect Cache"="https://www.msn.com/fr-fr?ocid=iehp"
"Default_search_url"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="http://www.emule-france.com"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Local Page"="D:\\WINDOWS\\system32\\blank.htm"
"Start Page"="https://www.msn.com/fr-fr/"
"Search bar"="http://www.bing.com/spresults.aspx"

--------------------\\ Searching for other infections

No other infections found!

1 - "D:\ToolBar SD\TB_1.txt" - 06/05/2009|19:31 - Option : [1]
2 - "D:\ToolBar SD\TB_2.txt" - 06/06/2009|13:34 - Option : [2]
3 - "D:\ToolBar SD\TB_3.txt" - 06/08/2009| 2:02 - Option : [1]
4 - "D:\ToolBar SD\TB_4.txt" - 06/08/2009| 2:03 - Option : [2]

-----------\\ End of report at 2:03:56.06

Réponse 49 / 57

crapoulou Posted messages 28002 Registration date Status Modérateur, Contributeur sécurité Last intervention 8 046

Post a new RSIT report to see where we stand.
--
Got a problem? Check out CCM!
There's no problem without a solution.

Réponse 50 / 57

turbulent13 Posted messages 41 Status Membre

voila nouveau rsit, merci

Logfile of random's system information tool 1.06 (written by random/random)
Run by POLO at 2009-06-09 00:30:58
Microsoft Windows XP Professional Service Pack 2
System drive D: has 14 GB (41%) free of 35 GB
Total RAM: 1791 MB (79% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:31:02, on 09/06/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Avira\AntiVir Desktop\sched.exe
D:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
D:\Program Files\Avira\AntiVir Desktop\avguard.exe
D:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\WgaTray.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Real\RealPlayer\RealPlay.exe
D:\Program Files\Avira\AntiVir Desktop\avgnt.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Windows Live\Messenger\msnmsgr.exe
E:\RSIT(2).exe
D:\Program Files\trend micro\POLO.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.emule-france.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Links
R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
R3 - URLSearchHook: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - D:\Program Files\TorrentMan\tbTor1.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - D:\Program Files\TorrentMan\tbTor1.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Assistant Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O3 - Toolbar: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - D:\Program Files\TorrentMan\tbTor1.dll
O4 - HKLM\..\Run: [RealTray] D:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O8 - Extra context menu item: &Recherche AOL Toolbar - res://D:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Add to AMV Converter... - C:\AMVConverter\grab.html
O8 - Extra context menu item: E&xporter to Microsoft Excel - res://C:\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\MediaManager\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - D:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - D:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - D:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: d:\windows\system32\nwprovau.dll
O16 - DPF: {9DF1C00D-8426-4337-972C-DC042D19A916} (FTMediaPlayer Class) - http://webtv.guidetv.orange.fr/resources/OCS_8884.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CB32D5A6-B35C-4DD8-8A18-D5C55C029EC9}: NameServer = 86.64.145.144,84.103.237.144
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - D:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - D:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - D:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - Unknown owner - E:\Program Files\MAGIX\Common\Database\bin\fbserver.exe (file missing)
O23 - Service: Ma-Config Service (maconfservice) - Unknown owner - C:\maconfservice.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe

--
End of file - 5795 bytes

======Scheduled tasks folder======

D:\WINDOWS\tasks\WGASetup.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll [2008-03-25 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7c5c0f58-e061-457d-9033-77307f5ed00c}]
TorrentMan Toolbar - D:\Program Files\TorrentMan\tbTor1.dll [2009-06-03 2094616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Assistant Helper - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{4982D40A-C53B-4615-B15B-B5B5E98D167C}
{7c5c0f58-e061-457d-9033-77307f5ed00c} - TorrentMan Toolbar - D:\Program Files\TorrentMan\tbTor1.dll [2009-06-03 2094616]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RealTray"=D:\Program Files\Real\RealPlayer\RealPlay.exe [2009-04-04 26112]
"NvCplDaemon"=D:\WINDOWS\system32\NvCpl.dll [2007-06-25 8433664]
"avgnt"=D:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=D:\WINDOWS\system32\ctfmon.exe [2004-08-19 15360]
"msnmsgr"=D:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
D:\Program Files\Common Files\AOL\ACS\AOLDial.exe [2004-04-08 496752]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
D:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2008-02-22 72192]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
D:\WINDOWS\system32\ctfmon.exe [2004-08-19 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure Manager]
D:\Program Files\Orange\AntivirusFirewall\Common\FSM32.EXE /splash []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure TNB]
D:\Program Files\Orange\AntivirusFirewall\FSGUI\TNBUtil.exe /CHECKALL /WAITFORSW []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
D:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
D:\WINDOWS\system32\NvCpl.dll [2007-06-25 8433664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
D:\WINDOWS\RTHDCPL.EXE [2009-04-30 17881088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
C:\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^POLO^Menu Démarrer^Programmes^Démarrage^Notification de cadeaux MSN.lnk]
D:\DOCUME~1\POLO\APPLIC~1\MICROS~1\NOTIFI~1\lsnfier.exe [2009-04-30 135680]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^POLO^Menu Démarrer^Programmes^Démarrage^RocketDock.lnk]
D:\WINDOWS\BRICOP~1\VISTAI~1\ROCKET~1\ROCKET~1.EXE [2007-03-19 630784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LMIinit]
D:\WINDOWS\system32\LMIinit.dll [2008-05-19 87352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
D:\WINDOWS\system32\WgaLogon.dll [2008-09-06 267304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutorun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\WINDOWS\system32\usmt\migwiz.exe"="D:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:File and Settings Transfer Assistant"
"D:\Program Files\Messenger\msmsgs.exe"="D:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"D:\Program Files\Windows Live\Messenger\msnmsgr.exe"="D:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"D:\Program Files\Windows Live\Messenger\livecall.exe"="D:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"D:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe"="D:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe:*:Enabled:AOL"
"D:\Program Files\BitLord\BitLord.exe""=""
"D:\Program Files\eMule\emule.exe"="D:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"D:\Program Files\BitLord\BitLord.exe"="D:\Program Files\BitLord\BitLord.exe:*:Enabled:BitLord"
"D:\Program Files\ABC\abc.exe"="D:\Program Files\ABC\abc.exe:*:Enabled:abc"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\Program Files\Windows Live\Messenger\msnmsgr.exe"="D:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"D:\Program Files\Windows Live\Messenger\livecall.exe"="D:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"D:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="D:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"D:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe"="D:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe:*:Enabled:AOL"
"C:\AOL 9.0a\waol.exe"="C:\AOL 9.0a\waol.exe:*:Enabled:AOL 9.0a"

======List of files/folders created in the last 1 months======

2009-06-08 13:30:20 ----A---- D:\WINDOWS\system32\d3dx9_36.dll
2009-06-07 01:00:18 ----D---- D:\rsit
2009-06-06 17:20:12 ----D---- D:\Documents and Settings\POLO\Application Data\.ABC
2009-06-06 17:20:02 ----D---- D:\Program Files\ABC
2009-06-06 16:45:20 ----D---- D:\Documents and Settings\All Users\Application Data\MailFrontier
2009-06-06 16:44:58 ----A---- D:\WINDOWS\system32\SpOrder.dll
2009-06-06 16:43:05 ----D---- D:\WINDOWS\Internet Logs
2009-06-06 14:23:04 ----D---- D:\Documents and Settings\POLO\Application Data\vlc
2009-06-05 20:54:31 ----D---- D:\Program Files\eMule
2009-06-05 19:30:48 ----A---- D:\TB.txt
2009-06-05 19:29:16 ----D---- D:\ToolBar SD
2009-06-04 23:17:12 ----D---- D:\Program Files\CCleaner
2009-06-04 23:05:23 ----A---- D:\TCleaner.txt
2009-06-04 20:33:50 ----SHD---- D:\RECYCLER
2009-06-03 19:32:17 ----D---- D:\WINDOWS\temp
2009-06-03 19:26:39 ----A---- D:\WINDOWS\zip.exe
2009-06-03 19:26:39 ----A---- D:\WINDOWS\SWXCACLS.exe
2009-06-03 19:26:39 ----A---- D:\WINDOWS\SWSC.exe
2009-06-03 19:26:39 ----A---- D:\WINDOWS\SWREG.exe
2009-06-03 19:26:39 ----A---- D:\WINDOWS\sed.exe
2009-06-03 19:26:39 ----A---- D:\WINDOWS\PEV.exe
2009-06-03 19:26:39 ----A---- D:\WINDOWS\NIRCMD.exe
2009-06-03 19:26:39 ----A---- D:\WINDOWS\grep.exe
2009-06-03 19:26:33 ----D---- D:\WINDOWS\ERDNT
2009-06-03 11:17:51 ----D---- D:\Program Files\TorrentMan
2009-06-03 10:18:57 ----D---- D:\Program Files\Common Files\ODBC
2009-06-02 21:49:50 ----D---- D:\Documents and Settings\POLO\Application Data\Ableton
2009-06-02 21:49:50 ----D---- D:\Documents and Settings\All Users\Application Data\Ableton
2009-06-02 17:51:43 ----D---- D:\Program Files\Malwarebytes' Anti-Malware
2009-06-01 23:17:20 ----D---- D:\Program Files\Avira
2009-06-01 19:01:51 ----D---- D:\Program Files\Trend Micro
2009-05-31 13:32:35 ----D---- D:\Documents and Settings\POLO\Application Data\Lavasoft
2009-05-29 14:09:03 ----D---- D:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-05-29 13:21:38 ----D---- D:\Program Files\NT Registry Optimizer
2009-05-28 22:23:17 ----D---- D:\Documents and Settings\POLO\Application Data\Malwarebytes
2009-05-28 22:23:10 ----D---- D:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-05-28 22:08:19 ----D---- D:\WINDOWS\pss
2009-05-28 22:00:41 ----D---- D:\Program Files\VS Revo Group
2009-05-25 03:03:55 ----HDC---- D:\WINDOWS\$NtUninstallKB923689$
2009-05-25 03:00:55 ----HDC---- D:\WINDOWS\$NtUninstallKB936782_WMP10$
2009-05-22 21:00:45 ----D---- D:\WINDOWS\system32\URTTEMP
2009-05-22 14:00:38 ----D---- D:\WINDOWS\system32\RTCOM
2009-05-22 14:00:17 ----A---- D:\WINDOWS\vncutil.exe
2009-05-22 14:00:17 ----A---- D:\WINDOWS\SOUNDMAN.EXE
2009-05-22 14:00:17 ----A---- D:\WINDOWS\SkyTel.exe
2009-05-22 14:00:15 ----A---- D:\WINDOWS\RtlUpd.exe
2009-05-22 14:00:14 ----A---- D:\WINDOWS\RTLCPL.EXE
2009-05-22 14:00:12 ----A---- D:\WINDOWS\system32\RtkCoInstXP.dll
2009-05-22 14:00:12 ----A---- D:\WINDOWS\RtkAudioService.exe
2009-05-22 14:00:09 ----A---- D:\WINDOWS\RTHDCPL.EXE
2009-05-22 14:00:07 ----A---- D:\WINDOWS\MicCal.exe
2009-05-22 14:00:03 ----D---- D:\Program Files\Realtek
2009-05-22 14:00:03 ----A---- D:\WINDOWS\ALCWZRD.EXE
2009-05-22 14:00:03 ----A---- D:\WINDOWS\ALCMTR.EXE
2009-05-22 13:59:55 ----A---- D:\WINDOWS\RtlExUpd.dll
2009-05-22 13:53:51 ----D---- D:\Documents and Settings\All Users\Application Data\ma-config.com
2009-05-17 13:09:48 ----D---- D:\Documents and Settings\All Users\Application Data\Babylon
2009-05-17 13:09:47 ----D---- D:\Documents and Settings\POLO\Application Data\Babylon
2009-05-16 20:48:35 ----D---- D:\Documents and Settings\POLO\Application Data\Serif
2009-05-15 21:34:35 ----A---- D:\WINDOWS\wininit.ini
2009-05-15 13:38:32 ----D---- D:\Documents and Settings\POLO\Application Data\F-Secure
2009-05-15 13:33:37 ----D---- D:\Program Files\Orange
2009-05-15 13:33:14 ----D---- D:\Documents and Settings\All Users\Application Data\fssg
2009-05-15 13:32:25 ----D---- D:\Documents and Settings\All Users\Application Data\f-secure
2009-05-13 18:15:38 ----D---- D:\Documents and Settings\POLO\Application Data\Icons
2009-05-12 19:02:10 ----D---- D:\Program Files\Securitoo
2009-05-12 19:01:30 ----A---- D:\WINDOWS\system32\w32n50.dll
2009-05-12 19:01:20 ----D---- D:\Program Files\OrangeHSS
2009-05-12 18:59:49 ----A---- D:\WINDOWS\system32\atl71.dll

======List of files/folders modified in the last 1 months======

2009-06-09 00:31:01 ----D---- D:\WINDOWS\Prefetch
2009-06-09 00:27:49 ----D---- D:\Program Files\Mozilla Firefox
2009-06-08 20:43:56 ----D---- D:\WINDOWS\system32\CatRoot2
2009-06-08 16:04:00 ----D---- D:\WINDOWS
2009-06-08 14:25:22 ----A---- D:\WINDOWS\SchedLgU.Txt
2009-06-08 13:30:26 ----SD---- D:\WINDOWS\Downloaded Program Files
2009-06-08 13:30:22 ----D---- D:\WINDOWS\system32
2009-06-08 13:30:21 ----HD---- D:\WINDOWS\inf
2009-06-08 13:30:19 ----D---- D:\WINDOWS\system32\DirectX
2009-06-08 02:03:31 ----RD---- D:\Program Files
2009-06-07 00:50:26 ----D---- D:\WINDOWS\system32\drivers
2009-06-04 02:03:56 ----D---- D:\Documents and Settings\POLO\Application Data\LimeWire
2009-06-03 19:30:54 ----A---- D:\WINDOWS\system.ini
2009-06-03 19:30:10 ----D---- D:\WINDOWS\AppPatch
2009-06-03 19:30:08 ----D---- D:\Program Files\Common Files
2009-06-03 18:53:08 ----SHD---- D:\WINDOWS\Installer
2009-06-03 10:19:03 ----SD---- D:\Documents and Settings\POLO\Application Data\Microsoft
2009-06-03 10:18:57 ----SD---- D:\Documents and Settings\All Users\Application Data\Microsoft
2009-06-02 17:54:05 ----D---- D:\Documents and Settings
2009-06-01 23:17:20 ----D---- D:\Documents and Settings\All Users\Application Data\Avira
2009-06-01 23:15:24 ----D---- D:\WINDOWS\WinSxS
2009-05-31 14:40:53 ----A---- D:\WINDOWS\system32\PerfStringBackup.INI
2009-05-29 13:16:31 ----D---- D:\WINDOWS\system32\config
2009-05-29 13:16:12 ----D---- D:\WINDOWS\system32\wbem
2009-05-29 13:16:12 ----D---- D:\WINDOWS\Registration
2009-05-28 23:18:54 ----D---- D:\WINDOWS\Debug
2009-05-28 22:09:50 ----A---- D:\WINDOWS\win.ini
2009-05-28 22:04:39 ----D---- D:\Program Files\Internet Explorer
2009-05-28 00:58:08 ----D---- D:\Documents and Settings\POLO\Application Data\dvdcss
2009-05-25 13:29:54 ----D---- D:\WINDOWS\security
2009-05-25 03:05:35 ----D---- D:\WINDOWS\system32\CatRoot
2009-05-25 03:04:30 ----RSHDC---- D:\WINDOWS\system32\dllcache
2009-05-22 21:01:12 ----RSD---- D:\WINDOWS\assembly
2009-05-22 17:49:27 ----D---- D:\Program Files\Windows Media Player
2009-05-22 17:49:16 ----D---- D:\WINDOWS\Help
2009-05-22 17:48:56 ----D---- D:\WINDOWS\RegisteredPackages
2009-05-22 14:16:17 ----D---- D:\Program Files\Messenger Plus! Live
2009-05-22 14:16:16 ----SHDC---- D:\Program Files\Common Files\WindowsLiveInstaller
2009-05-22 14:00:03 ----HD---- D:\Program Files\InstallShield Installation Information
2009-05-18 09:47:05 ----A---- D:\WINDOWS\CDPlayer.ini
2009-05-16 20:47:27 ----RSD---- D:\WINDOWS\Fonts
2009-05-14 23:41:49 ----D---- D:\Program Files\Movie Maker

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\D:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; D:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 ssmdrv;ssmdrv; D:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-02-13 28376]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; D:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2004-08-04 8832]
R2 ASCTRM;ASCTRM; D:\WINDOWS\system32\drivers\ASCTRM.sys [2009-04-04 8552]
R2 avgntflt;avgntflt; D:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-03-24 55640]
R2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\D:\WINDOWS\system32\drivers\LMIRfsDriver.sys []
R2 mdmxsdk;mdmxsdk; D:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2007-05-17 12672]
R2 NwlnkIpx;Ipx Protocol; D:\WINDOWS\system32\DRIVERS\NwlnkIpx.sys [2004-08-04 8792]

Réponse 51 / 57

crapoulou Posted messages 28002 Registration date Status Modérateur, Contributeur sécurité Last intervention 8 046

Please run a full scan with Antivir and post the report, please...
--
Do you have a problem? Head over to CCM!
There is no problem without a solution.

Réponse 52 / 57

turbulent13 Posted messages 41 Status Membre

Good evening,
here is the Avira report; apparently, it found one or more viruses, and I had it repaired. It seems to have worked.

Avira AntiVir Personal
Report file creation date: Tuesday, June 9, 2009, 8:47 PM

The scan covers 1,459,945 virus strains.

License holder: Avira AntiVir Personal - FREE Antivirus
Serial number: 0000149996-ADJIE-0000001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Started normally
Identifier: SYSTEM
Computer name: PAULO

Version information:
BUILD.DAT: 9.0.0.65 17959 Bytes 04/22/2009 12:06:00
AVSCAN.EXE: 9.0.3.6 466689 Bytes 04/21/2009 12:20:54
AVSCAN.DLL: 9.0.3.0 49409 Bytes 03/03/2009 09:21:02
LUKE.DLL: 9.0.3.2 209665 Bytes 02/20/2009 10:35:11
LUKERES.DLL: 9.0.2.0 13569 Bytes 03/03/2009 09:21:31
ANTIVIR0.VDF: 7.1.0.0 15603712 Bytes 10/27/2008 11:30:36
ANTIVIR1.VDF: 7.1.2.12 3336192 Bytes 02/11/2009 07:33:26
ANTIVIR2.VDF: 7.1.4.38 2692096 Bytes 05/29/2009 09:18:02
ANTIVIR3.VDF: 7.1.4.71 287232 Bytes 06/08/2009 10:44:26
Engine version: 8.2.0.180
AEVDF.DLL: 8.1.1.1 106868 Bytes 06/02/2009 09:18:08
AESCRIPT.DLL: 8.1.2.0 389497 Bytes 06/02/2009 09:18:08
AESCN.DLL: 8.1.2.3 127347 Bytes 06/02/2009 09:18:07
AERDL.DLL: 8.1.1.3 438645 Bytes 10/29/2008 05:24:41
AEPACK.DLL: 8.1.3.18 401783 Bytes 06/02/2009 09:18:07
AEOFFICE.DLL: 8.1.0.36 196987 Bytes 02/26/2009 07:01:56
AEHEUR.DLL: 8.1.0.129 1761655 Bytes 06/02/2009 09:18:06
AEHELP.DLL: 8.1.2.2 119158 Bytes 02/26/2009 07:01:56
AEGEN.DLL: 8.1.1.44 348532 Bytes 06/02/2009 09:18:04
AEEMU.DLL: 8.1.0.9 393588 Bytes 10/09/2008 01:32:40
AECORE.DLL: 8.1.6.12 180599 Bytes 06/02/2009 09:18:03
AEBB.DLL: 8.1.0.3 53618 Bytes 10/09/2008 01:32:40
AVWINLL.DLL: 9.0.0.3 18177 Bytes 12/12/2008 07:47:30
AVPREF.DLL: 9.0.0.1 43777 Bytes 12/03/2008 10:39:26
AVREP.DLL: 8.0.0.3 155905 Bytes 01/20/2009 01:34:28
AVREG.DLL: 9.0.0.0 36609 Bytes 11/07/2008 02:24:42
AVARKT.DLL: 9.0.0.3 292609 Bytes 03/24/2009 02:05:22
AVEVTLOG.DLL: 9.0.0.7 167169 Bytes 01/30/2009 09:36:37
SQLITE3.DLL: 3.6.1.0 326401 Bytes 01/28/2009 02:03:49
SMTPLIB.DLL: 9.2.0.25 28417 Bytes 02/02/2009 07:20:57
NETNT.DLL: 9.0.0.0 11521 Bytes 11/07/2008 02:40:59
RCIMAGE.DLL: 9.0.0.21 2438401 Bytes 02/17/2009 12:49:32
RCTEXT.DLL: 9.0.37.0 88321 Bytes 04/15/2009 09:07:05

Configuration for the current scan:
Task name...............................: Full system scan
Configuration file......................: d:\program files\avira\antivir desktop\sysscan.avp
Documentation.................................: low
Primary action.............................: interactive
Secondary action.............................: ignore
Scan master boot sectors..: on
Scan boot sectors.........: on
Boot sectors...........................: C:, D:, E:,
Scan active programs..........: on
Scanning registry.......: on
Rootkit detection.........................: on
System file integrity check......: off
File search mode.....................: All files
Search in archives....................: on
Limit recursion depth..........: 20
Smart Archive Extensions......................: on
Macrovirus heuristics.....................: on
File heuristics...........................: medium

Scan start: Tuesday, June 9, 2009 8:47 PM

The search for hidden objects begins.
An instance of the ARK library is already running.

The search for started processes begins:
Process scan 'avscan.exe' - '1' module(s) are being checked
Process scan 'avscan.exe' - '1' module(s) are being checked
Process scan 'avcenter.exe' - '1' module(s) are being checked
Process scan 'firefox.exe' - '1' module(s) are being checked
Process scan 'msnmsgr.exe' - '1' module(s) are being checked
Process scan 'ctfmon.exe' - '1' module(s) are being checked
Process scan 'avgnt.exe' - '1' module(s) are being checked
Process scan 'realplay.exe' - '1' module(s) are being checked
Process scan 'explorer.exe' - '1' module(s) are being checked
Process scan 'WgaTray.exe' - '1' module(s) are being checked
Process scan 'alg.exe' - '1' module(s) are being checked
Process scan 'wdfmgr.exe' - '1' module(s) are being checked
Process scan 'svchost.exe' - '1' module(s) are being checked
Process scan 'nvsvc32.exe' - '1' module(s) are being checked
Process scan 'AOLacsd.exe' - '1' module(s) are being checked
Process scan 'avguard.exe' - '1' module(s) are being checked
Process scan 'ACService.exe' - '1' module(s) are being checked
Process scan 'svchost.exe' - '1' module(s) are being checked
Process scan 'sched.exe' - '1' module(s) are being checked
Process scan 'spoolsv.exe' - '1' module(s) are being checked
Process scan 'svchost.exe' - '1' module(s) are being checked
Process scan 'svchost.exe' - '1' module(s) are being checked
Process scan 'svchost.exe' - '1' module(s) are being checked
Process scan 'svchost.exe' - '1' module(s) are being checked
Process scan 'svchost.exe' - '1' module(s) are being checked
Process scan 'svchost.exe' - '1' module(s) are being checked
Process scan 'lsass.exe' - '1' module(s) are being checked
Process scan 'services.exe' - '1' module(s) are being checked
Process scan 'winlogon.exe' - '1' module(s) are being checked
Process scan 'csrss.exe' - '1' module(s) are being checked
Process scan 'smss.exe' - '1' module(s) are being checked
'31' processes have been checked with '31' modules

The search for master boot sectors begins:
Master boot sector HD0
[INFO] No virus found!

The search for boot sectors begins:
Boot sector 'C:\'
[INFO] No virus found!
Boot sector 'D:\'
[INFO] No virus found!
Boot sector 'E:\'
[INFO] No virus found!

The search for executable file references (registry) begins:
The registry has been checked ( '50' files).

The search for selected files begins:

Search beginning in 'C:\' <DATA>
Search beginning in 'D:\'
D:\pagefile.sys
[WARNING] Unable to open the file!
[NOTE] This file is a Windows system file.
[NOTE] It is correct that this file cannot be opened for the scan.
D:\System Volume Information\_restore{64BD409B-71B8-4529-9E0E-682A29E94023}\RP231\A0158647.exe
[RESULT] Contains Trojan TR/Trash.Gen
D:\System Volume Information\_restore{64BD409B-71B8-4529-9E0E-682A29E94023}\RP231\A0158650.DLL
[RESULT] Contains Trojan TR/Trash.Gen
D:\System Volume Information\_restore{64BD409B-71B8-4529-9E0E-682A29E94023}\RP231\A0158656.DLL
[RESULT] Contains Trojan TR/Trash.Gen
D:\System Volume Information\_restore{64BD409B-71B8-4529-9E0E-682A29E94023}\RP231\A0158661.dll
[RESULT] Contains Trojan TR/Trash.Gen
D:\System Volume Information\_restore{64BD409B-71B8-4529-9E0E-682A29E94023}\RP231\A0158664.EXE
[RESULT] Contains Trojan TR/Trash.Gen
D:\System Volume Information\_restore{64BD409B-71B8-4529-9E0E-682A29E94023}\RP231\A0158672.EXE
[RESULT] Contains Trojan TR/Trash.Gen
Search beginning in 'E:\' <DATA2>
E:\WDM_R223.exe.part
[0] Archive type: CAB SFX (self extracting)
--> \data1.cab
[WARNING] No other file could be decompressed from this archive. The archive is closed.
[WARNING] No other file could be decompressed from this archive. The archive is closed.

Start of disinfection:
D:\System Volume Information\_restore{64BD409B-71B8-4529-9E0E-682A29E94023}\RP231\A0158647.exe
[RESULT] Contains Trojan TR/Trash.Gen
[NOTE] The file has been moved to the quarantine directory under the name '4a5fb7bc.qua'!
D:\System Volume Information\_restore{64BD409B-71B8-4529-9E0E-682A29E94023}\RP231\A0158650.DLL
[RESULT] Contains Trojan TR/Trash.Gen
[NOTE] The file has been moved to the quarantine directory under the name '4bd4293d.qua'!
D:\System Volume Information\_restore{64BD409B-71B8-4529-9E0E-682A29E94023}\RP231\A0158656.DLL
[RESULT] Contains Trojan TR/Trash.Gen
[NOTE] The file has been moved to the quarantine directory under the name '4bd9c025.qua'!
D:\System Volume Information\_restore{64BD409B-71B8-4529-9E0E-682A29E94023}\RP231\A0158661.dll
[RESULT] Contains Trojan TR/Trash.Gen
[NOTE] The file has been moved to the quarantine directory under the name '4bd73095.qua'!
D:\System Volume Information\_restore{64BD409B-71B8-4529-9E0E-682A29E94023}\RP231\A0158664.EXE
[RESULT] Contains Trojan TR/Trash.Gen
[NOTE] The file has been moved to the quarantine directory under the name '4bd6394d.qua'!
D:\System Volume Information\_restore{64BD409B-71B8-4529-9E0E-682A29E94023}\RP231\A0158672.EXE
[RESULT] Contains Trojan TR/Trash.Gen
[NOTE] The file has been moved to the quarantine directory under the name '4bd52105.qua'!

End of scan: Tuesday, June 9, 2009 9:27 PM
Time taken: 22:29 Minute(s)

The scan was performed in its entirety

5533 Directories were checked
149035 Files were checked
6 Viruses or unwanted programs were found
0 Files were classified as suspicious
0 Files were deleted
0 Viruses or unwanted programs were repaired
6 Files were moved to quarantine
0 Files were renamed
1 Unable to check files
149028 Uninfected files
1243 Archives were checked
3 Warnings
7 Notes

Réponse 53 / 57

crapoulou Posted messages 28002 Registration date Status Modérateur, Contributeur sécurité Last intervention 8 046

Clear the Antivir quarantine.
How's the PC?
--
Do you have a problem? Check out CCM!
There is no problem without a solution.

Réponse 54 / 57

turbulent13 Posted messages 41 Status Membre

Hi
So to start off, I'm sorry for not getting back to you sooner, but usually when I get a message on CCM, I receive an email, which wasn't the case with your last message.

Anyway, I was actually going to ask you where we stood?
As of today the PC is working very well except for this downloading issue (I can download, but it’s ridiculous, like out of 20 downloads, I only manage to get one or two going, the others stay stuck at zero). Still, aside from this problem, everything seems fine. A huge THANK YOU to Darkpoet and to you, crapoulou, for all of this; fortunately, there are people like you who care about others...

Réponse 55 / 57

crapoulou Posted messages 28002 Registration date Status Modérateur, Contributeur sécurité Last intervention 8 046

Relaunch Hijackthis.
Here:
D:\Program Files\trend micro\POLO.exe

Click on "Do a system scan only".
Check these lines:

O4 - HKLM\..\Run: [RealTray] D:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

Then click on fix checked.
Close Hijackthis.

***********

To remove all traces of the software used to address specific infections:

Download toolscleaner to your Desktop
= = = =>>> Click here <<<= = = =
* Double-click on ToolsCleaner2.exe and let it work
* Click on Search and let the scan finish.
* Click on Delete to finalize.
* You can, if you wish, use the Optional options.
* Click on Quit so that the report can be generated.

***********

You can keep Malwarebytes anti-malware as anti-malware; it is very effective. (Even if it doesn’t solve all problems, of course...!)
However, it doesn’t have a resident scan in free mode! So, to use it, you need to launch it, perform updates, and do a full scan afterward.

**********

* Download Ccleaner Slim:
= = = = >>> Click here <<< = = = =

* Install it.
* Choose the Cleaner tab

Exit your Internet browser before running it, uncheck the last box (Advanced if checked) then click on "run the cleaner" when it finishes scanning, click on the bottom right on "run the cleaner" and accept with yes.
Be careful, it may empty your recycle bin: if you want to recover files accidentally deleted, it's better to do it now.

* Choose the Registry tab

- Click on Search for issues
- Once the search is complete, click on Fix selected issues (by default, everything is selected, leave it as is)
- When prompted Do you want to backup changes made to the registry, respond Yes and save the file in “.reg” format naming it by the date, for example, placing it on the desktop. Then continue.
- In the window that opens next, click on Fix all selected issues then OK
- Repeat until no issues appear (or only one recurring).
- Close Ccleaner.

* Image tutorial HERE if needed.

Note: The backup allows you to restore the registry to its state before the manipulation in case there are issues, but this has never happened to me! It's better to take precautions, that’s all. ;-)

--
Do you have a problem? Visit CCM!
There's no problem without a solution.

Réponse 56 / 57

turbulent13 Posted messages 41 Status Membre

It's done, thank you again for everything.
For the download, do you know what I can do?

Réponse 57 / 57

crapoulou Posted messages 28002 Registration date Status Modérateur, Contributeur sécurité Last intervention 8 046

I don't know, sorry.
Delete toolscleaner.
A+.
--
Do you have a problem? Check out CCM!
There's no problem without a solution.

HELP infected computer - Page 3

How to get the character µ on the android keyboard.

Texture issues in enshrouded

Access issue to my "contact me" profile

Windows spotlight is not working.

My tv turns off and then on again repeatedly?

Executable from a python file

Pay in 4 installments cdiscount

The alt gr key is not working on my keyboard.

Code 80072efe how to get windows update working again

Video in ".3gp" format