Virus issues

Question

Hello,
I have a virus problem that I can't resolve; I can't open Windows normally, it keeps looping at startup, the solution is to press F8 in debug mode.
I have Firefox and there is a problem with pop-up windows that open by themselves, or when I click on a page in Google, for example, it redirects me to another link, usually for ads...
I launched Avast, which found viruses, and Malwarebytes also found some; the problem persists, it would be nice if someone could help me, thanks...
Here is my HijackThis, by the way, there are references in lines that I haven't used in ages (eMule, Carrefour, Tiscali)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:48:00, on 12/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\ACD Systems\FR\DevDetect.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\PhotoWise\quicklnk.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\RbtProt\sgsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Alwil Software\Avast4\ashChest.exe
C:\Documents and Settings\********\Mes documents\Téléchargements\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Links
R3 - URLSearchHook: (no name) - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
O2 - BHO: Help for Adobe PDF Reader link - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O4 - HKLM\..\Run: [VOBRegCheck] C:\WINDOWS\System32\VOBREGCheck.exe -CheckReg
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TiscaliParam] C:\Program Files\Tiscali\Dialer\bootparam.exe
O4 - HKLM\..\Run: [SearchUpgrader] C:\Program Files\Common files\SearchUpgrader\SearchUpgrader.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Device Detector] "C:\Program Files\Fichiers communs\ACD Systems\FR\DevDetect.exe" -autorun
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: PhotoWise QuickLink.lnk = C:\Program Files\PhotoWise\quicklnk.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: PhotoWise QuickLink.lnk = C:\Program Files\PhotoWise\quicklnk.exe (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Startup: PhotoWise QuickLink.lnk = C:\Program Files\PhotoWise\quicklnk.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Download with NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: Download all with NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddList.html
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menu item: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menu item: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menu item: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.carrefour.fr/
O15 - Trusted Zone: http://*.emule-france.com
O15 - Trusted Zone: http://fr.justin.tv
O16 - DPF: {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} (DLoader Class) - http://dl.uc.sina.com/cab/downloader.cab
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} (VodClient Control Class) - http://www.spvod.com/soft/vjocx-ch-spvod.cab
O17 - HKLM\System\CS2\Services\Tcpip\..\{0881A4DB-E331-4D72-AB3C-F36D0049269D}: NameServer = 194.2.0.20,194.2.0.50
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: SoftGuard Service (SG_Service) - Unknown owner - C:\Program Files\Fichiers communs\RbtProt\sgsrv.exe

--
End of file - 7922 bytes

Configuration: Windows XP Firefox 3.5.5

sherred · Answer

Download AD-Remover (by Cyrildu17 / C_XX) to your desktop:

http://sd-1.archive-host.com/membres/up/16506160323759868/AD-R.exe
/!\ Disconnect and close all running applications

● Double click on the installer, and install it in its default location (C:\Program files)
● Double click on the Ad-remover icon located on your desktop
● In the main menu, select the "SCAN" option
● Post the report that appears at the end.

(the report is also saved under C:\Ad-report(date).log)

(CTRL+A to select all, CTRL+C to copy, and CTRL+V to paste)
then
download GenProc http://www.genproc.com/GenProc.exe

double-click on GenProc.exe and post the content of the report
--
When limits are crossed, there is no longer any limit
What I wrote, I wrote

sherred · Answer

http://pagesperso-orange.fr/NosTools/ad_remover.html -- When the thresholds are crossed, there is no more limit What I wrote, I wrote it

sherred · Answer

Disable the TeaTimer in Spybot (Thanks to Nico):

To disable the TeaTimer:
=> Open Spybot S&D
=> In the "Mode" menu, select the advanced mode.
=> A window will ask for confirmation, click "yes".
=> Once the advanced mode is active, open the "Tools" tab.
=> Click on Resident.
=> The Resident section has two lines that are normally checked:
*Resident "SDHelper" (blocks harmful downloads for Internet Explorer) active.

* Resident "TeaTimer" (Protection of fundamental system settings) active.

=> Uncheck the TeaTimer line.
=> Restart Spybot (close it and reopen it)
=> Go back to the Resident menu and check that it is indeed disabled.
--
When the limits are crossed, there is no more limit
What I wrote, I wrote it.

savathi · Answer

Ad-Report-Scan Report

======= AD-REMOVER REPORT 1.1.4.6_E | WINDOWS XP/VISTA/7 ONLY =======
.
Updated by C_XX on 12/11/2009 at 20:53
Contact: AdRemover.contact@gmail.com
Website: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Started at: 13:05:07, 12/12/2009 | Normal Mode | Option: SCAN
Executed from: C:\Program Files\Ad-Remover\
Operating System: Microsoft® Windows XP™ Service Pack 3 v5.1.2600
PC Name: ***** | Current User: **********
.
============== ITEM(S) FOUND ==============
.

C:\DOCUME~1\******\APPLIC~1\Mozilla\Firefox\Profiles\x4a0hq4a.default\searchplugins\askcom.xml
C:\Program Files\DaemonTools_WhenUSave_Installer
C:\DOCUME~1\********\LOCALS~1\Temp\AskSearch
C:\Program Files\Mozilla Firefox\components\---W2N-36i-i.dll
.
HKCU\software\microsoft\internet explorer\searchscopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440}
.
============== Additional Scan ==============
.
.
* Mozilla FireFox Version 3.5.5 [en] *
.
Profile Name: x4a0hq4a.default (*************)
.
(*******, prefs.js) Browser.download.lastDir, H:
(*******, prefs.js) Browser.search.defaultenginename, Ask.com
(*******, prefs.js) Browser.search.selectedEngine, Google
(*******, prefs.js) Browser.startup.homepage, hxxp://google.fr/
.
(*******, prefs.js) FOUND - Browser.search.defaultengine, Ask.com
(*******, prefs.js) FOUND - Browser.search.defaultenginename, Ask.com
(*******, prefs.js) FOUND - Browser.search.order.1, Ask.com
.
.
.
* Internet Explorer Version 7.0.5730.11 *
.
[HKEY_CURRENT_USER\..\Internet Explorer\Main]
.
Do404Search: 01000000
Local Page: C:\WINDOWS\system32\blank.htm
Show_ToolBar: yes
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Enable Browser Extensions: yes
Start Page: hxxp://www.orange.fr/
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
.
Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=69157
Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Delete_Temp_Files_On_Exit: yes
Local Page: %SystemRoot%\system32\blank.htm
Start Page: hxxp://go.microsoft.com/fwlink/?LinkId=69157
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
.
============== Suspect (Cracks, Serials, ...) ==============
.
C:\Documents and Settings\***********\Application Data\Macromedia\Flash Player\#SharedObjects\LVGMY7XF\localhost\Documents and Settings\********\My Documents\Robobat Robot Office 19 with crack\Intro\Fra\5pack_fr.exe
C:\Documents and Settings\***********\Local Settings\Temp\Temporary directory 1 for [PC GAME] Worms Armageddon + All weapons unblocked + cracked + xp patch by Lupen[FUMAI].zip
C:\Documents and Settings\**********\Local Settings\Temp\Temporary directory 2 for [PC GAME] Worms Armageddon + All weapons unblocked + cracked + xp patch by Lupen[FUMAI].zip
C:\Documents and Settings\**********\Local Settings\Temp\Temporary directory 22 for - Nero Burning Rom 6.6.0.6 Nero Vision Express 3.0.1.18 Nero Mediaplayer 1.4.0.27 Neromix 1.4.0.27 Neronet 1.2.0.2 By Doogyice With Patch Fr.zip
C:\Documents and Settings\**********\Local Settings\Temp\Temporary directory 23 for - Nero Burning Rom 6.6.0.6 Nero Vision Express 3.0.1.18 Nero Mediaplayer 1.4.0.27 Neromix 1.4.0.27 Neronet 1.2.0.2 By Doogyice With Patch Fr.zip
C:\Documents and Settings\**********\Local Settings\Temp\Temporary directory 24 for - Nero Burning Rom 6.6.0.6 Nero Vision Express 3.0.1.18 Nero Mediaplayer 1.4.0.27 Neromix 1.4.0.27 Neronet 1.2.0.2 By Doogyice With Patch Fr.zip
C:\Documents and Settings\**********\Local Settings\Temp\Temporary directory 3 for Norton AntiVirus 2004 Pro FINAL with KeyGen & LiveUpdateExtender.zip
C:\Documents and Settings\**********\Local Settings\Temp\Temporary directory 6 for Norton AntiVirus 2004 Pro FINAL with KeyGen & LiveUpdateExtender.zip
C:\Documents and Settings\**********\My Documents\excel\[PC GAME] Worms Armageddon + All weapons unblocked + cracked + xp patch by Lupen[FUMAI].zip
C:\Documents and Settings\**********\My Documents\Robobat Robot Office 19 with crack\Intro.exe
C:\Documents and Settings\**********\My Documents\Robobat Robot Office 19 with crack\!crack\HASPEmulPE-XP_2_33_a002W.exe
C:\Documents and Settings\**********\My Documents\Robobat Robot Office 19 with crack\!crack\hinstall.exe
C:\Documents and Settings\**********\My Documents\Robobat Robot Office 19 with crack\!crack\keygen.exe
C:\Documents and Settings\**********\My Documents\Robobat Robot Office 19 with crack\Install\Acis\setup.exe
C:\Documents and Settings\**********\My Documents\Robobat Robot Office 19 with crack\Install\Acrobat Reader\AdbeRdr60_enu.exe
C:\Documents and Settings\**********\My Documents\Robobat Robot Office 19 with crack\Install\Acrobat Reader\AdbeRdr60_fra.exe
C:\Documents and Settings\**********\My Documents\Robobat Robot Office 19 with crack\Install\Apilog - acapulco\setup.exe
C:\Documents and Settings\**********\My Documents\Robobat Robot Office 19 with crack\Install\Apilog - bahia\setup.exe
C:\Documents and Settings\**********\My Documents\Robobat Robot Office 19 with crack\Install\Apilog - hookipa\setup.exe
C:\Documents and Settings\**********\My Documents\Robobat Robot Office 19 with crack\Install\Apilog - ipanema\setup.exe
C:\Documents and Settings\**********\My Documents\Robobat Robot Office 19 with crack\Install\Apilog - marina\setup.exe
C:\Documents and Settings\**********\My Documents\Robobat Robot Office 19 with crack\Install\Apilog - paloma\setup.exe
C:\Documents and Settings\**********\My Documents\Robobat Robot Office 19 with crack\Install\Calculators\setup.exe
C:\Documents and Settings\**********\My Documents\Robobat Robot Office 19 with crack\Install\CBS Pro\setup.exe
C:\Documents and Settings\**********\My Documents\Robobat Robot Office 19 with crack\Install\Cosmo Player 2.0\cp20setup.exe
C:\Documents and Settings\**********\My Documents\Robobat Robot Office 19 with crack\Install\Csp\setup.exe
C:\Documents and Settings\**********\My Documents\Robobat Robot Office 19 with crack\Install\DAO\DISK1\SETUP.EXE
C:\Documents and Settings\**********\My Documents\Robobat Robot Office 19 with crack\Install\DAO\DISK1\UNINST.EXE
C:\Documents and Settings\**********\My Documents\Robobat Robot Office 19 with crack\Install\DirectX\DirectX9\dxsetup.exe
C:\Documents and Settings\**********\My Documents\Robobat Robot Office 19 with crack\Install\ESOP\setup.exe
C:\Documents and Settings\**********\My Documents\Robobat Robot Office 19 with crack\Install\Hasp\hdd32.exe
C:\Documents and Settings\**********\My Documents\Robobat Robot Office 19 with crack\Install\Hasp\diagnostix\diagnostix.exe
C:\Documents and Settings\**********\My Documents\Robobat Robot Office 19 with crack\Install\Hasp\diagnostix\ndiag16.exe
C:\Documents and Settings\***********\My Documents\Robobat Robot Office 19 with crack\Install\Hasp\diagnostix\ndiagdos.exe
C:\Documents and Settings\***********\My Documents\Robobat Robot Office 19 with crack\Install\Hasp\diagnostix\usbready.exe
C:\Documents and Settings\***********\My Documents\Robobat Robot Office 19 with crack\Install\Hasp\diagnostix\install\diagnostix.exe
C:\Documents and Settings\***********\My Documents\Robobat Robot Office 19 with crack\Install\Hasp\drivers\4.95\hinstall.exe
C:\Documents and Settings\***********\My Documents\Robobat Robot Office 19 with crack\Install\Hasp\drivers\4.96\hinstall.exe
C:\Documents and Settings\***********\My Documents\Robobat Robot Office 19 with crack\Install\Hasp\drivers\4.98\hinstall.exe
C:\Documents and Settings\***********\My Documents\Robobat Robot Office 19 with crack\Install\Hasp\drivers\5.11\haspdinst.exe
C:\Documents and Settings\***********\My Documents\Robobat Robot Office 19 with crack\Install\Hasp\monitor\aksmon.exe
C:\Documents and Settings\***********\My Documents\Robobat Robot Office 19 with crack\Install\Hasp\monitor\hls32svc.exe
C:\Documents and Settings\***********\My Documents\Robobat Robot Office 19 with crack\Install\Hasp\monitor\install\AKSMON32.EXE
C:\Documents and Settings\**********\My Documents\Robobat Robot Office 19 with crack\Install\Hasp\servers\novell\sap2file.exe
C:\Documents and Settings\**********\My Documents\Robobat Robot Office 19 with crack\Install\Hasp\servers\win32\lmsetup.exe
C:\Documents and Settings\**********\My Documents\Robobat Robot Office 19 with crack\Install\Kpm\setup.exe
C:\Documents and Settings\**********\My Documents\Robobat Robot Office 19 with crack\Install\Kremote\setup.exe
C:\Documents and Settings\**********\My Documents\Robobat Robot Office 19 with crack\Install\Navigator\setup.exe
C:\Documents and Settings\**********\My Documents\Robobat Robot Office 19 with crack\Install\Net_Mon\setup.exe
C:\Documents and Settings\**********\My Documents\Robobat Robot Office 19 with crack\Install\Net_Prot\setup.exe
C:\Documents and Settings\*********\My Documents\Robobat Robot Office 19 with crack\Install\Rcad\setup.exe
C:\Documents and Settings\**********\My Documents\Robobat Robot Office 19 with crack\Install\RCAD - Enablers\setup.exe
C:\Documents and Settings\**********\My Documents\Robobat Robot Office 19 with crack\Install\Robot\setup.exe
C:\Documents and Settings\**********\My Documents\Robobat Robot Office 19 with crack\Install\RobotOffice\setup.exe
C:\Documents and Settings\*********\My Documents\Robobat Robot Office 19 with crack\Install\ROC\setup.exe
C:\Documents and Settings\*********\My Documents\Robobat Robot Office 19 with crack\Install\ROM\setup.exe
C:\Documents and Settings\**********\My Documents\Robobat Robot Office 19 with crack\Install\Simulog\setup.exe
C:\Documents and Settings\***********\My Documents\Robobat Robot Office 19 with crack\Install\Simulog - server\lmgrd.exe
C:\Documents and Settings\**********\My Documents\Robobat Robot Office 19 with crack\Install\Simulog - server\lmtools.exe
C:\Documents and Settings\**********\My Documents\Robobat Robot Office 19 with crack\Install\Simulog - server\lmutil.exe
C:\Documents and Settings\***********\My Documents\Robobat Robot Office 19 with crack\Install\Simulog - server\simulogd.exe
C:\Documents and Settings\***********\My Documents\Robobat Robot Office 19 with crack\Install\SolidDXF\setup.exe
C:\Documents and Settings\***********\My Documents\Robobat Robot Office 19 with crack\Install\TSCC Codec\TSCC.exe
C:\Documents and Settings\***********\My Documents\Robobat Robot Office 19 with crack\Install\UpdateService\installshieldupdateservice.exe
C:\Documents and Settings\***********\My Documents\Robobat Robot Office 19 with crack\Intro\Eng\4pack_en.exe
C:\Documents and Settings\***********\My Documents\Robobat Robot Office 19 with crack\Intro\Eng\demo32.exe
C:\Documents and Settings\************\My Documents\Robobat Robot Office 19 with crack\Intro\EngExp\4pack_en.exe
C:\Documents and Settings\************\My Documents\Robobat Robot Office 19 with crack\Intro\EngExp\demo32.exe
C:\Documents and Settings\************\My Documents\Robobat Robot Office 19 with crack\Intro\Fra\5pack_fr.exe
C:\Documents and Settings\************\My Documents\Robobat Robot Office 19 with crack\Intro\Fra\demo32.exe
C:\Documents and Settings\************\My Documents\Robobat Robot Office 19 with crack\Intro\Fra\inst.exe
C:\Documents and Settings\************\My Documents\Robobat Robot Office 19 with crack\Intro\Pol\5pack_pl.exe
C:\Documents and Settings\************\My Documents\Robobat Robot Office 19 with crack\Intro\Pol\demo32.exe
C:\Documents and Settings\************\My Documents\Robobat Robot Office 19 with crack\Intro\Rom\4pack_en.exe
C:\Documents and Settings\************\My Documents\Robobat Robot Office 19 with crack\Intro\Rom\demo32.exe
C:\Documents and Settings\************\My Documents\Robobat Robot Office 19 with crack\Intro\Rus\4pack_ru.exe
C:\Documents and Settings\************\My Documents\Robobat Robot Office 19 with crack\Intro\Rus\demo32.exe
C:\Documents and Settings\************\My Documents\Robobat Robot Office 19 with crack\Manuals\Italian\robot\robot_manual_ita_180.zip
C:\Documents and Settings\************\My Documents\Robobat Robot Office 19 with crack\Manuals\Spanish\robot\robot_manual_spa_180.zip
C:\Documents and Settings\**********\My Documents\***********\[PC GAME] Worms Armageddon + All weapons unblocked + cracked + xp patch by Lupen[FUMAI].zip
C:\Documents and Settings\*********\My Documents\************\[PC GAME] Worms Armageddon + All weapons unblocked + cracked + xp patch by Lupen[FUMAI]\wormsarm\clokspl.exe
C:\Documents and Settings\*********\My Documents\***********\[PC GAME] Worms Armageddon + All weapons unblocked + cracked + xp patch by Lupen[FUMAI]\wormsarm\Landgen.exe
C:\Documents and Settings\*********\My Documents\**********\[PC GAME] Worms Armageddon + All weapons unblocked + cracked + xp patch by Lupen[FUMAI]\wormsarm\RegSetup.exe
C:\Documents and Settings\**********\My Documents\***********\[PC GAME] Worms Armageddon + All weapons unblocked + cracked + xp patch by Lupen[FUMAI]\wormsarm\Silkworm_patch.exe
C:\Documents and Settings\*********\My Documents\***********\[PC GAME] Worms Armageddon + All weapons unblocked + cracked + xp patch by Lupen[FUMAI]\wormsarm\WA.exe
C:\Documents and Settings\**********\My Documents\***********\[PC GAME] Worms Armageddon + All weapons unblocked + cracked + xp patch by Lupen[FUMAI]\wormsarm\User\BankEditor.exe
C:\Documents and Settings\***********\My Documents\Th‚o doc\star_wars_battlefront_2_patch_v1.1_europe_18913.exe
.
===================================
.
518 Bytes - C:\Ad-Report-SCAN[1].log
518 Bytes - C:\Ad-Report-SCAN[2].log
518 Bytes - C:\Ad-Report-SCAN[3].log
14274 Bytes - C:\Ad-Report-SCAN[4].log
.
490 Files - C:\DOCUME~1\********\LOCALS~1\Temp
16 Files - C:\WINDOWS\Temp
114 Files - C:\WINDOWS\Prefetch
.
6 Files - C:\Program Files\Ad-Remover\BACKUP
0 Files - C:\Program Files\Ad-Remover\QUARANTINE
.
End at: 13:49:10 | 12/12/2009 - SCAN[4]
.
============== E.O.F ==============
.

savathi · Answer

GenProc Report GenProc 2.660 [1] - 12/12/2009 at 13:52:57 @ Windows XP Service Pack 3 - Normal mode @ Internet Explorer 7.0.5730.11 [Default browser]  GenProc did not detect any characteristic infection and suggests following the procedure below:   Post a Nod32 report https://www.eset.com/ (you must use Internet Explorer) - check all boxes each time, and when it is done, paste the report: C:\Program Files\EsetOnlineScanner\log.txt    ~~~~ ADDITIONAL INFORMATION ~~~~  catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-12-12 13:53:19 Windows 5.1.2600 Service Pack 3  scanning hidden services & system hive ...  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "h0"=dword:00000000 "khjeh"=hex:e7,59,ae,85,4b,ec,84,c0,ba,c4,ea,e3,49,61,b5,bd,d9,1b,3b,4a,08,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "h0"=dword:00000000 "khjeh"=hex:e7,59,ae,85,4b,ec,84,c0,ba,c4,ea,e3,49,61,b5,bd,d9,1b,3b,4a,08,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "h0"=dword:00000000 "khjeh"=hex:e7,59,ae,85,4b,ec,84,c0,ba,c4,ea,e3,49,61,b5,bd,d9,1b,3b,4a,08,..  scanning hidden registry entries ...  scan completed successfully hidden services: 0   ZHPDiag v1.24.37 report by Nicolas Coolman Run by *********** at 12/12/2009 13:55:47 Web site : http://www.premiumorange.com/zeb-help-process/zhpdiag.html Platform : Microsoft Windows XP (5.1.2600) Service Pack 3 MSIE: Internet Explorer v7.0.5730.11 MFIE: Mozilla Firefox (3.5.5)  Boot mode: Normal (Normal boot) Total RAM: 511.5 MB (55% free) System drive C: has 44 GB (59%) free of 74 GB  ---\ [MD5.6A38C3BF1DA4914C78169A76665B12B9] - C:\WINDOWS\System32\VOBREGCheck.exe [MD5.6FBC8DB25F9875340CC97C91ACD0CE50] - C:\WINDOWS\System32\PSDrvCheck.exe [MD5.0A7E9FDF3BF1980CA09FEEAC7F52EFBC] - C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [MD5.2AA094D7778A0AF7E60FEE9DA78AA92F] - C:\Program Files\Common files\ACD Systems\FR\DevDetect.exe [MD5.6AB4C021FBD36DC6764924C312428D97] - C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [MD5.452FA961163EF4AEE4815796A13AB2CF] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [MD5.59DC5BB82E4C8E0B3EADCFDBC44BA6E4] - C:\WINDOWS\system32\ctfmon.exe [MD5.5DEBC3519D489411073FA7E56FFB4A93] - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [MD5.E4BDF223CD75478BF44567B4D5C2634D] - C:\WINDOWS\System32\svchost.exe [MD5.0AAF6B848185899CF76AE04E62EAB3D2] - C:\Program Files\Alwil Software\Avast4\ashServ.exe [MD5.C3FB1D70CB88722267949694BA51759E] - C:\WINDOWS\system32\services.exe [MD5.39133291CB607BDD87CFC565A4A1E7A5] - C:\Program Files\Java\jre6\bin\jqs.exe [MD5.91E6024D6D4DCDECDB36C43ECF9BBECB] - C:\WINDOWS\System32\lsass.exe [MD5.363A95796B635ABAAD6415DCAE64A5AB] - C:\Program Files\Common files\RbtProt\sgsrv.exe [MD5.460E4CE148BD07218DA0B6A3D31885A9] - C:\WINDOWS\system32\spoolsv.exe [MD5.C81B8635DEE0D3EF5F64B3DD643023A5] - C:\WINDOWS\System32\wdfmgr.exe  ---\ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp  ---\ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local  ---\ R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll R3 - URLSearchHook: Microsoft Url Search Hook - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (not file)  ---\ O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll  ---\ O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - O3 - Toolbar: (no name) - {1E796980-9CC5-11D1-A83F-00C04FC99D61} - O3 - Toolbar: (no name) - {710EB7A1-45ED-11D0-924A-0020AFC7AC4D} -  ---\ O4 - HKLM\..\Run: [VOBRegCheck] C:\WINDOWS\System32\VOBREGCheck.exe -CheckReg O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [TiscaliParam] C:\Program Files\Tiscali\Dialer\bootparam.exe O4 - HKLM\..\Run: [SearchUpgrader] C:\Program Files\Common files\SearchUpgrader\SearchUpgrader.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Device Detector] C:\Program Files\Common files\ACD Systems\FR\DevDetect.exe" -autorun O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Uniblue RegistryBooster2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S O4 - HKLM\..\policies\Explorer: [HonorAutoRunSetting] Data=1 O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE O4 - Global Startup: hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe O4 - Global Startup: Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe O4 - Global Startup: OpenOffice.org 3.0.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe O4 - Global Startup: PhotoWise QuickLink.lnk - C:\Program Files\PhotoWise\quicklnk.exe  ---\ O8 - Extra context menu item: &Download with NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html O8 - Extra context menu item: Download everything with NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddList.html  ---\ O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe,302  ---\ O10 - WLSP:\000000000001\Winsock LSP File - C:\WINDOWS\system32\mswsock.dll O10 - WLSP:\000000000002\Winsock LSP File - C:\WINDOWS\system32\winrnr.dll O10 - WLSP:\000000000003\Winsock LSP File - C:\WINDOWS\system32\mswsock.dll  ---\ O14 - IERESET.INF: START_PAGE_URL=START_PAGE_URL=http://www.carrefour.fr/  ---\ O15 - Trusted Zone: [HKCU\...\Domains] emule-france.com  ---\ O16 - DPF: DirectAnimation Java Classes (DirectAnimation Java Classes) - file://C:\WINDOWS\Java\classes\dajava.cab O16 - DPF: Microsoft XML Parser for Java (Microsoft XML Parser for Java) - file://C:\WINDOWS\Java\classes\xmldso.cab O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} () - http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab O16 - DPF: {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} (DLoader Class) - http://dl.uc.sina.com/cab/downloader.cab O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} () - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37867.075462963 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} (VodClient Control Class) - http://www.spvod.com/soft/vjocx-ch-spvod.cab  ---\ O17 - HKLM\System\CS2\Services\Tcpip\..\{0881A4DB-E331-4D72-AB3C-F36D0049269D}: NameServer = 194.2.0.20,194.2.0.50  ---\ O18 - Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll O18 - Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll O18 - Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll O18 - Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll O18 - Handler: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\Windows\System32\mshtml.dll O18 - Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\System32\wiascr.dll O18 - Filter: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll O18 - Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\Windows\system32\SHELL32.dll  ---\ O20 - Winlogon Notify: dimsntfy - C:\WINDOWS\System32\dimsntfy.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\System32\WgaLogon.dll  ---\ O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\system32\SHELL32.dll O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\System32\stobject.dll  ---\ O22 - SharedTaskScheduler: (no name) - {8C7461EF-2B13-11d2-BE35-3078302C2030} - %SystemRoot%\System32\browseui.dll  ---\ O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus (avast! Antivirus) - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - C:\Program Files\Java\jre6\bin\jqs.exe -service -config C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf O23 - Service: SoftGuard Service (SG_Service) - C:\Program Files\Common files\RbtProt\sgsrv.exe O23 - Service: Print Spooler (Spooler) - C:\WINDOWS\system32\spoolsv.exe O23 - Service: Windows User Mode Driver Framework (UMWdf) - C:\WINDOWS\System32\wdfmgr.exe  ---\ O39 - APT:Automatic Scheduled Task - C:\WINDOWS\Tasks\Symantec NetDetect.job  ---\ O41 - Driver: Network Support Environment AFD (AFD) - C:\WINDOWS\System32\drivers\afd.sys O41 - Driver: AMD K7 Processor Driver (AmdK7) - C:\WINDOWS\System32\DRIVERS\amdk7.sys O41 - Driver: CD-ROM Driver (Cdrom) - C:\WINDOWS\System32\DRIVERS\cdrom.sys O41 - Driver: PS/2 Keyboard and Mouse Driver (i8042prt) - C:\WINDOWS\System32\DRIVERS\i8042prt.sys O41 - Driver: CD Burning Filter Driver (Imapi) - C:\WINDOWS\System32\DRIVERS\imapi.sys O41 - Driver: IPSEC Driver (IPSec) - C:\WINDOWS\System32\DRIVERS\ipsec.sys O41 - Driver: Keyboard Class Driver (Kbdclass) - C:\WINDOWS\System32\DRIVERS\kbdclass.sys O41 - Driver: Mouse Class Driver (Mouclass) - C:\WINDOWS\System32\DRIVERS\mouclass.sys O41 - Driver: MRXSMB (MRxSmb) - C:\WINDOWS\System32\DRIVERS\mrxsmb.sys O41 - Driver: NetBIOS Interface (NetBIOS) - C:\WINDOWS\System32\DRIVERS
etbios.sys O41 - Driver: TCP/IP over NetBIOS (NetBT) - C:\WINDOWS\System32\DRIVERS
etbt.sys O41 - Driver: (no object) (nv) - C:\WINDOWS\System32\DRIVERS
v4_mini.sys O41 - Driver: Processor Driver (Processor) - C:\WINDOWS\System32\DRIVERS\processr.sys O41 - Driver: Remote Access Automatic Connection Driver (RasAcd) - C:\WINDOWS\System32\DRIVERSasacd.sys O41 - Driver: Rdbss (Rdbss) - C:\WINDOWS\System32\DRIVERSdbss.sys O41 - Driver: (no object) (RDPCDD) - C:\WINDOWS\System32\DRIVERS\RDPCDD.sys O41 - Driver: CD Audio Digital Read Filter Driver (redbook) - C:\WINDOWS\System32\DRIVERSedbook.sys O41 - Driver: Serial Port Driver (Serial) - C:\WINDOWS\System32\DRIVERS\serial.sys O41 - Driver: TCP/IP Protocol Driver (Tcpip) - C:\WINDOWS\System32\DRIVERS	cpip.sys O41 - Driver: Terminal Device Driver (TermDD) - C:\WINDOWS\System32\DRIVERS	ermdd.sys O41 - Driver: VGA Video Card. (VgaSave) - C:\WINDOWS\System32\drivers\vga.sys O41 - Driver: Windows Sockets 2.0 Non-IFS Service Provider Support Environment (WS2IFSL) - C:\WINDOWS\System32\drivers\ws2ifsl.sys  ---\ O42 - Software: ACDSee for PENTAX 2.0 O42 - Software: Ad-Remover By C_XX O42 - Software: Adobe Acrobat 5.0 O42 - Software: Adobe Flash Player 10 ActiveX O42 - Software: Adobe Flash Player 10 Plugin O42 - Software: Adobe Reader 9.1 - French O42 - Software: AnswerWorks Runtime O42 - Software: Audacity 1.2.6 O42 - Software: AutoCAD LT 2002 - French O42 - Software: AutoCAD R14.0 - French O42 - Software: COMMBât 2003 O42 - Software: Caesar 3 O42 - Software: GUILD WARS O42 - Software: Information about your PC O42 - Software: InstantCopy O42 - Software: IsoBuster 2.0 O42 - Software: J2SE Runtime Environment 5.0 O42 - Software: Java(TM) 6 Update 17 O42 - Software: Java(TM) 6 Update 7 O42 - Software: LEGO Chess Game O42 - Software: Windows Media Player 10 O42 - Software: LimeWire 5.3.6 O42 - Software: LiveUpdate 2.5 (Symantec Corporation) O42 - Software: MSN Messenger 6.0 O42 - Software: MUSICMATCH(R) Jukebox O42 - Software: Malwarebytes' Anti-Malware O42 - Software: Medi@Show O42 - Software: Medion Flash XL O42 - Software: Microsoft .NET Framework (French) O42 - Software: Microsoft .NET Framework 1.0 Hotfix (KB928367) O42 - Software: Microsoft .NET Framework 1.1 O42 - Software: Microsoft .NET Framework 1.1 French Language Pack O42 - Software: Microsoft .NET Framework 1.1 Security Update (KB953297) O42 - Software: Microsoft Data Access Components KB870669 O42 - Software: Microsoft Internationalized Domain Names Mitigation APIs O42 - Software: Microsoft National Language Support Downlevel APIs O42 - Software: Microsoft Office 2000 CD-ROM 2 O42 - Software: Microsoft Office 2000 Small Business O42 - Software: Microsoft PowerPoint Viewer 97 O42 - Software: Microsoft Works 7.0 O42 - Software: Mozilla Firefox (3.5.5) O42 - Software: Nero - Burning Rom O42 - Software: Net Transport 1.94.282 O42 - Software: OpenOffice.org 3.0 O42 - Software: PPMate Network TV 2.0.0.39 O42 - Software: HP Photo and Imaging 2.0 - All-in-One O42 - Software: HP Photo and Imaging 2.0 - All-in-One Driver O42 - Software: PhotoWise O42 - Software: Power Cinema O42 - Software: PowerDVD O42 - Software: PowerDirector O42 - Software: QuickTime O42 - Software: RealPlayer O42 - Software: Realtek AC'97 Audio O42 - Software: Shockwave O42 - Software: Sina

sherred · Answer

I see Norton AntiVirus 2004, do not install it

* Relaunch "Ad-remover": from the main menu select the "cleanup" option.

--> the program will work ...

* Post the report that appears at the end + a new Hijackthis for analysis ...

( the report is also saved under C:\Ad-report.log )

/!\ If the Desktop does not reappear press Ctrl + Alt + Del, Tab "File", "New task", type explorer.exe and validate) /!\

Download a-squared Free
https://www.pcastuces.com/logitheque/telechargement.asp?num=1227
https://www.clubic.com/telecharger-fiche20274-a-squared-free.html
Double-click the a-squared Free executable to start the installation.
Select the language of your choice, here French, then click Ok.
During installation you will see checkboxes, including this one:

Organize scans via the context menu: check this box, which will allow you to analyze a file by right-clicking on it.

At the end of the installation, check the Start a-squared free box,

A small window will appear, for the update click No
once on the home screen, you can adjust the software settings, update the virus database,
Click on Settings present in the left column. Leave the General tab as it is configured. Select the Update tab and uncheck the boxes Install Help and Install additional language modules.
Do not touch the other tabs.
At the top of the software, click on Online update
finally, click in the left column on Scan the PC
--
When the limits are crossed, there are no more limits
What I have written, I have written

sherred · Answer

no problem at all -- When the boundaries are crossed, there is no more limit What I have written, I have written

savathi · Answer

new hijackthis:  Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:10:38, on 14/12/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16945) Boot mode: Safe mode with network support  Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32
otepad.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\**\Desktop\hijackthis-2.0.2.75917.exe C:\DOCUME~1\**\LOCALS~1\Temp\hijackthis-2.0.2.75917.exe  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Links R3 - URLSearchHook: (no name) - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file) O2 - BHO: Help for Adobe PDF Reader link - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file) O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [VOBRegCheck] C:\WINDOWS\System32\VOBREGCheck.exe -CheckReg O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [TiscaliParam] C:\Program Files\Tiscali\Dialer\bootparam.exe O4 - HKLM\..\Run: [SearchUpgrader] C:\Program Files\Common files\SearchUpgrader\SearchUpgrader.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Device Detector] "C:\Program Files\Common Files\ACD Systems\FR\DevDetect.exe" -autorun O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Uniblue RegistryBooster2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - S-1-5-18 Startup: PhotoWise QuickLink.lnk = C:\Program Files\PhotoWise\quicklnk.exe (User 'SYSTEM') O4 - .DEFAULT Startup: PhotoWise QuickLink.lnk = C:\Program Files\PhotoWise\quicklnk.exe (User 'Default user') O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe O4 - Startup: PhotoWise QuickLink.lnk = C:\Program Files\PhotoWise\quicklnk.exe O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: &Download with NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html O8 - Extra context menu item: Download e&verything with NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddList.html O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.carrefour.fr/ O15 - Trusted Zone: http://*.emule-france.com O15 - Trusted Zone: http://fr.justin.tv O16 - DPF: {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} (DLoader Class) - http://dl.uc.sina.com/cab/downloader.cab O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} (VodClient Control Class) - http://www.spvod.com/soft/vjocx-ch-spvod.cab O17 - HKLM\System\CS2\Services\Tcpip\..\{0881A4DB-E331-4D72-AB3C-F36D0049269D}: NameServer = 194.2.0.20,194.2.0.50 O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: SoftGuard Service (SG_Service) - Unknown owner - C:\Program Files\Common Files\RbtProt\sgsrv.exe  -- End of file - 6783 bytes

sherred · Answer

a-squared Free found something? -- When the barriers are crossed, there are no more limits What I wrote, I wrote

sherred · Answer

Yes, you can put everything in quarantine and delete the quarantine, then uninstall a-squared Free
then
download Malwarebytes here http://www.malwarebytes.org/mbam/program/mbam-setup.exe
the program will automatically update itself.
If the COMCTL32.OCX file is missing, you can download it here
https://www.malekal.com/tutorial-aboutbuster/
Once updated, the program will start; click on the settings tab, and check the box: "Stop Internet Explorer during removal".

Now click on the scan tab and check the box: "perform a quick scan".

Then click on "scan".

Let the scanner scan the PC...

If any items were found > click on remove selected.

If you are prompted to restart > click on "yes".

At the end a report will open; save it in a way that you can find it to post it on the forum.

Please copy and paste the report.

PS: reports are also stored in the report/log tab

--
When the limits are crossed, there are no more limits
What I wrote, I wrote it

sherred · Answer

Download Navilog1.exe http://il.mafioso.pagesperso-orange.fr/Navifix/Navilog1.exe?thread
Choose Save as... and save it to your desktop.
Then double click on navilog1.exe to start the installation.
If your antivirus triggers an alert during the download, ignore it
it's a false positive, a false alarm...
Once the installation is complete, the fix will run automatically.
If not, double-click on the Navilog1 shortcut on your desktop
In the main menu, choose 1 and confirm.

Scan Completed
Press any key, the notepad will open.
Copy/paste the entire report
--
When limits are crossed, there are no more bounds
What I wrote, I wrote

savathi · Answer

For your information, Avast found a virus: original file: svchost.exe source folder: c:\windows	emp	qbw.tmp file size: 101888 virus description: Win32:FakeAlert-FC (Trj) file ID: 38

sherred · Answer

Ccleaner https://www.commentcamarche.net/telecharger/utilitaires/5647-ccleaner/
*Uncheck in the Options menu - Advanced submenu:
Only delete files from the Windows temp folder that are older than 48 hours.
You clean up
Windows temporary files
Cookies, cache, history from Internet Explorer, Opera, and Firefox
Recent documents from Windows
and then repair the registry.
--
When the limits are crossed, there are no more boundaries.
What I wrote, I wrote.

sherred · Answer

Download Rooter from the IDN team to your desktop:
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/Rooter.exe?attachauth=ANoY7cpzQksLcJt-e1z30LGu7t4JjUhh8amzWs_oSPSJpXbXp8ythGbW2WF8ysioh5NNlarrn7zMnYCRfsT5rCwNrfw5_CZYELApylTiY_MGu0G6uKzWpLEF2YXM3tF7nKZZAWj0JSAajXlZhd8dIyI3MrZ-lAIT5ZrAdcrct9_7bshwVpaZRPizuMTv9SDvmvY31BX4Vvvh2F2Brp1cy_K0jtTTfjttEA%3D%3D&attredirects=2

! Disconnect from the internet and close all running applications!

* Run Rooter and let the tool work.

Once finished, post the report obtained for analysis ...
--
When the limits are crossed, there are no more limits
What I wrote, I wrote it

sherred · Answer

Download SmitfraudFix: http://siri.urz.free.fr/Fix/SmitfraudFix.exe
http://siri.urz.free.fr/Fix/SmitfraudFix.php
- Save it to your desktop

- Double-click on SmitfraudFix.exe and choose option 2 then press Enter

Answer No to the following two questions: if asked
Do you want to clean the registry?
Fix the infected file?
A report.txt will be generated and you save it to your desktop for later retrieval
and then restart the pc
finally post the report
--
When the limits are crossed, there are no more boundaries
What I wrote, I wrote

sherred · Answer

ok
Download combofix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
click combofix.exe.
press 1 (Yes) to start the scan.
once finished, a report will appear. Copy/paste this report into your next response.
The report is also located here: C:\Combofix.txt

Disconnect from the internet, close all running program windows, and temporarily
disable antivirus and other protections during the scan
During the scan, do not use your PC

once the scan is finished, re-enable all your antivirus and antispyware protections
--
When the thresholds are crossed, there is no limit
What I wrote, I wrote it

sherred · Answer

exact it has been deleted go to c:\windows	emp and delete all files with a .tmp extension  -- When the limits are crossed, there are no more boundaries What I wrote, I wrote

sherred · Answer

Download LOP S&D https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2
Launch the installer and a shortcut will be created immediately
Double-click on the Lop S&D shortcut present on your Desktop.
Select the desired language,
then choose Option 1 (Scan)
Wait until the scan is finished.
Post the generated report (also located here C:\lopR.txt)
(If the Desktop does not reappear at the end of the scan, open the Task Manager by pressing the keys simultaneously "Ctrl + Alt + Delete", then in the File tab, choose New Task, type "explorer.exe" and confirm)
(In case the report does not open, it can be found at C:\LopR.txt)

Tutorial: https://sites.google.com/site/eric71mespages/lop.sd.exe
http://forum.telecharger.01net.com/forum/high-tech/PRODUITS/Questions-techniques/eliminez-pubs-cid-sujet_198443_1.htm
--
When the limits are crossed, there are no more boundaries
What I wrote, I wrote

Virus issues

18 réponses

Texture issues in enshrouded

Old lullaby

Unable to connect to freebox os

Edit ad on leboncoin for free

Freebox wifi password

Computer tower that won't turn on

Blocked: are my messages still being delivered?

Video intercom inspector

Your computer can't use another display.

Fransat decoder stuck