15 réponses
Hi,
Don't worry, it's not a virus, but I suppose you have downloaded either QuickTime or iTunes.
It's a so-called "spy" software for some, but well, it's the Apple site that includes it in the software now.
If you want, you can send me a report using Hijackthis.
Download and install Hijackthis on your desktop. Here is the explanatory link for Hijackthis below:
http://forum.telecharger.01net.com/microhebdo/questions_techniques_diverses/securite/tuto_hijackthisv202_version_install-346620/messages-1.html
Don't worry, it's not a virus, but I suppose you have downloaded either QuickTime or iTunes.
It's a so-called "spy" software for some, but well, it's the Apple site that includes it in the software now.
If you want, you can send me a report using Hijackthis.
Download and install Hijackthis on your desktop. Here is the explanatory link for Hijackthis below:
http://forum.telecharger.01net.com/microhebdo/questions_techniques_diverses/securite/tuto_hijackthisv202_version_install-346620/messages-1.html
Here is what I was able to do
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:40:03, on 25/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Alwil Software\Avast4\ashDisp.exe
C:\WINDOWS\system32\svehost.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Wanadoo\GestionnaireInternet.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Wanadoo\Watch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\Administrateur\Mes documents\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Links
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: {f43e46ca-61c9-e0ca-dd64-23a1488596c1} - {1c695884-1a32-46dd-ac0e-9c16ac64e34f} - C:\WINDOWS\system32\ritvntbg.dll
O2 - BHO: (no name) - {6A6EAE1B-4AD6-4035-974D-504D6DBAA9C3} - C:\WINDOWS\system32\iifecabb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {DC7015F4-80D8-4E0C-A3F8-61D783C61F76} - C:\WINDOWS\system32\khfFVmjG.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Pinnacle WebUpdater] "C:\Program Files\Pinnacle\Shared Files\\Programs\WebUpdater\WebUpdater.exe" -s -f=UpdateVersion.xml -url=http://cdn.pinnaclesys.com/SupportFiles
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Alwil Software\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Microsoft Updates] svehost.exe
O4 - HKLM\..\Run: [BM2b220cdc] Rundll32.exe "C:\WINDOWS\system32\vhjqoqlb.dll",s
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PMCRemote] C:\Program Files\Pinnacle\Shared Files\\Programs\Remote\Remoterm.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MagicRotation] C:\Program Files\MagicRotation\MagicPvt.exe
O4 - HKLM\..\Run: [Live Coal Barb Inside] C:\Documents and Settings\All Users\Application Data\Loud Dash Live Coal\Second thunk.exe
O4 - HKLM\..\Run: [Jugs Surf Inter Media] C:\Documents and Settings\All Users\Application Data\STORE LESS JUGS SURF\Hold Gram.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [EPSON Stylus C66 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE /P23 "EPSON Stylus C66 Series" /O6 "USB001" /M "Stylus C66"
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe" "ZTE Corporation\ZXDSL852"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [28113f40] rundll32.exe "C:\WINDOWS\system32\eanihvxc.dll",b
O4 - HKLM\..\RunServices: [Microsoft Updates] svehost.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [tittrxa] c:\windows\system32\tittrxa.exe tittrxa
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [PMCS] "C:\Program Files\Pinnacle\Shared Files\\Programs\MediaCenterService\PMC.Service.Main.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Instant Access] C:\WINDOWS\system32\prodsrvs.exe /res
O4 - HKCU\..\Run: [Info Gram] C:\DOCUME~1\ADMINI~1\APPLIC~1\SHIMON~1\support stupid.exe
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_S2D0.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Anti-Pub.lnk = C:\Program Files\Antipub\antipub.exe
O4 - Startup: TribalWeb.lnk = C:\Program Files\TribalWeb\tribalweb.exe
O4 - Global Startup: GammaTray.lnk = ?
O4 - Global Startup: MI7200L.lnk = ?
O4 - Global Startup: NCProTray.lnk = ?
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter to Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://kekabou.spaces.live.com/PhotoUpload/MsnPUpld.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: iifecabb - C:\WINDOWS\SYSTEM32\iifecabb.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MagicTuneEngine - Unknown owner - C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
--
End of file - 11018 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:40:03, on 25/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Alwil Software\Avast4\ashDisp.exe
C:\WINDOWS\system32\svehost.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Wanadoo\GestionnaireInternet.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Wanadoo\Watch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\Administrateur\Mes documents\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Links
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: {f43e46ca-61c9-e0ca-dd64-23a1488596c1} - {1c695884-1a32-46dd-ac0e-9c16ac64e34f} - C:\WINDOWS\system32\ritvntbg.dll
O2 - BHO: (no name) - {6A6EAE1B-4AD6-4035-974D-504D6DBAA9C3} - C:\WINDOWS\system32\iifecabb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {DC7015F4-80D8-4E0C-A3F8-61D783C61F76} - C:\WINDOWS\system32\khfFVmjG.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Pinnacle WebUpdater] "C:\Program Files\Pinnacle\Shared Files\\Programs\WebUpdater\WebUpdater.exe" -s -f=UpdateVersion.xml -url=http://cdn.pinnaclesys.com/SupportFiles
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Alwil Software\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Microsoft Updates] svehost.exe
O4 - HKLM\..\Run: [BM2b220cdc] Rundll32.exe "C:\WINDOWS\system32\vhjqoqlb.dll",s
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PMCRemote] C:\Program Files\Pinnacle\Shared Files\\Programs\Remote\Remoterm.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MagicRotation] C:\Program Files\MagicRotation\MagicPvt.exe
O4 - HKLM\..\Run: [Live Coal Barb Inside] C:\Documents and Settings\All Users\Application Data\Loud Dash Live Coal\Second thunk.exe
O4 - HKLM\..\Run: [Jugs Surf Inter Media] C:\Documents and Settings\All Users\Application Data\STORE LESS JUGS SURF\Hold Gram.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [EPSON Stylus C66 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE /P23 "EPSON Stylus C66 Series" /O6 "USB001" /M "Stylus C66"
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe" "ZTE Corporation\ZXDSL852"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [28113f40] rundll32.exe "C:\WINDOWS\system32\eanihvxc.dll",b
O4 - HKLM\..\RunServices: [Microsoft Updates] svehost.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [tittrxa] c:\windows\system32\tittrxa.exe tittrxa
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [PMCS] "C:\Program Files\Pinnacle\Shared Files\\Programs\MediaCenterService\PMC.Service.Main.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Instant Access] C:\WINDOWS\system32\prodsrvs.exe /res
O4 - HKCU\..\Run: [Info Gram] C:\DOCUME~1\ADMINI~1\APPLIC~1\SHIMON~1\support stupid.exe
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_S2D0.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Anti-Pub.lnk = C:\Program Files\Antipub\antipub.exe
O4 - Startup: TribalWeb.lnk = C:\Program Files\TribalWeb\tribalweb.exe
O4 - Global Startup: GammaTray.lnk = ?
O4 - Global Startup: MI7200L.lnk = ?
O4 - Global Startup: NCProTray.lnk = ?
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter to Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://kekabou.spaces.live.com/PhotoUpload/MsnPUpld.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: iifecabb - C:\WINDOWS\SYSTEM32\iifecabb.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MagicTuneEngine - Unknown owner - C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
--
End of file - 11018 bytes
Here is what I was able to do
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:40:03, on 25/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Alwil Software\Avast4\ashDisp.exe
C:\WINDOWS\system32\svehost.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Wanadoo\GestionnaireInternet.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Wanadoo\Watch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\Administrator\My Documents\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Links
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: {f43e46ca-61c9-e0ca-dd64-23a1488596c1} - {1c695884-1a32-46dd-ac0e-9c16ac64e34f} - C:\WINDOWS\system32\ritvntbg.dll
O2 - BHO: (no name) - {6A6EAE1B-4AD6-4035-974D-504D6DBAA9C3} - C:\WINDOWS\system32\iifecabb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {DC7015F4-80D8-4E0C-A3F8-61D783C61F76} - C:\WINDOWS\system32\khfFVmjG.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Pinnacle WebUpdater] "C:\Program Files\Pinnacle\Shared Files\\Programs\WebUpdater\WebUpdater.exe" -s -f=UpdateVersion.xml -url=http://cdn.pinnaclesys.com/SupportFiles
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Alwil Software\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Microsoft Updates] svehost.exe
O4 - HKLM\..\Run: [BM2b220cdc] Rundll32.exe "C:\WINDOWS\system32\vhjqoqlb.dll",s
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PMCRemote] C:\Program Files\Pinnacle\Shared Files\\Programs\Remote\Remoterm.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MagicRotation] C:\Program Files\MagicRotation\MagicPvt.exe
O4 - HKLM\..\Run: [Live Coal Barb Inside] C:\Documents and Settings\All Users\Application Data\Loud Dash Live Coal\Second thunk.exe
O4 - HKLM\..\Run: [Jugs Surf Inter Media] C:\Documents and Settings\All Users\Application Data\STORE LESS JUGS SURF\Hold Gram.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [EPSON Stylus C66 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE /P23 "EPSON Stylus C66 Series" /O6 "USB001" /M "Stylus C66"
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe" "ZTE Corporation\ZXDSL852"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [28113f40] rundll32.exe "C:\WINDOWS\system32\eanihvxc.dll",b
O4 - HKLM\..\RunServices: [Microsoft Updates] svehost.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [tittrxa] c:\windows\system32\tittrxa.exe tittrxa
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [PMCS] "C:\Program Files\Pinnacle\Shared Files\\Programs\MediaCenterService\PMC.Service.Main.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Instant Access] C:\WINDOWS\system32\prodsrvs.exe /res
O4 - HKCU\..\Run: [Info Gram] C:\DOCUME~1\ADMINI~1\APPLIC~1\SHIMON~1\support stupid.exe
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_S2D0.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Anti-Pub.lnk = C:\Program Files\Antipub\antipub.exe
O4 - Startup: TribalWeb.lnk = C:\Program Files\TribalWeb\tribalweb.exe
O4 - Global Startup: GammaTray.lnk = ?
O4 - Global Startup: MI7200L.lnk = ?
O4 - Global Startup: NCProTray.lnk = ?
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter to Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menu item: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menu item: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://kekabou.spaces.live.com/PhotoUpload/MsnPUpld.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: iifecabb - C:\WINDOWS\SYSTEM32\iifecabb.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MagicTuneEngine - Unknown owner - C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
--
End of file - 11018 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:40:03, on 25/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Alwil Software\Avast4\ashDisp.exe
C:\WINDOWS\system32\svehost.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Wanadoo\GestionnaireInternet.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Wanadoo\Watch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\Administrator\My Documents\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Links
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: {f43e46ca-61c9-e0ca-dd64-23a1488596c1} - {1c695884-1a32-46dd-ac0e-9c16ac64e34f} - C:\WINDOWS\system32\ritvntbg.dll
O2 - BHO: (no name) - {6A6EAE1B-4AD6-4035-974D-504D6DBAA9C3} - C:\WINDOWS\system32\iifecabb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {DC7015F4-80D8-4E0C-A3F8-61D783C61F76} - C:\WINDOWS\system32\khfFVmjG.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Pinnacle WebUpdater] "C:\Program Files\Pinnacle\Shared Files\\Programs\WebUpdater\WebUpdater.exe" -s -f=UpdateVersion.xml -url=http://cdn.pinnaclesys.com/SupportFiles
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Alwil Software\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Microsoft Updates] svehost.exe
O4 - HKLM\..\Run: [BM2b220cdc] Rundll32.exe "C:\WINDOWS\system32\vhjqoqlb.dll",s
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PMCRemote] C:\Program Files\Pinnacle\Shared Files\\Programs\Remote\Remoterm.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MagicRotation] C:\Program Files\MagicRotation\MagicPvt.exe
O4 - HKLM\..\Run: [Live Coal Barb Inside] C:\Documents and Settings\All Users\Application Data\Loud Dash Live Coal\Second thunk.exe
O4 - HKLM\..\Run: [Jugs Surf Inter Media] C:\Documents and Settings\All Users\Application Data\STORE LESS JUGS SURF\Hold Gram.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [EPSON Stylus C66 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE /P23 "EPSON Stylus C66 Series" /O6 "USB001" /M "Stylus C66"
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe" "ZTE Corporation\ZXDSL852"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [28113f40] rundll32.exe "C:\WINDOWS\system32\eanihvxc.dll",b
O4 - HKLM\..\RunServices: [Microsoft Updates] svehost.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [tittrxa] c:\windows\system32\tittrxa.exe tittrxa
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [PMCS] "C:\Program Files\Pinnacle\Shared Files\\Programs\MediaCenterService\PMC.Service.Main.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Instant Access] C:\WINDOWS\system32\prodsrvs.exe /res
O4 - HKCU\..\Run: [Info Gram] C:\DOCUME~1\ADMINI~1\APPLIC~1\SHIMON~1\support stupid.exe
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_S2D0.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Anti-Pub.lnk = C:\Program Files\Antipub\antipub.exe
O4 - Startup: TribalWeb.lnk = C:\Program Files\TribalWeb\tribalweb.exe
O4 - Global Startup: GammaTray.lnk = ?
O4 - Global Startup: MI7200L.lnk = ?
O4 - Global Startup: NCProTray.lnk = ?
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter to Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menu item: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menu item: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://kekabou.spaces.live.com/PhotoUpload/MsnPUpld.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: iifecabb - C:\WINDOWS\SYSTEM32\iifecabb.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MagicTuneEngine - Unknown owner - C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
--
End of file - 11018 bytes
ouhaahhh
you are very infected
let's start
Download to the desktop
Navilog.exe: http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe
= double-click on it to install and run
When installed
= type F
= Press a key until you reach the options
= Choose option 1 ( = type 1 )
a report: fixnavi.txt
in ==> C :
post the report.
you are very infected
let's start
Download to the desktop
Navilog.exe: http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe
= double-click on it to install and run
When installed
= type F
= Press a key until you reach the options
= Choose option 1 ( = type 1 )
a report: fixnavi.txt
in ==> C :
post the report.
Search Navipromo version 3.5.4 started on 25/04/2008 at 19:36:50,45
!!! Warning, this report may indicate legitimate files/programs!!!
!!! Post this report on the forum for analysis!!!
!!! Do not initiate the disinfection process without the advice of a specialist!!!
Tool executed from C:\Program Files\navilog1
Current session: "Administrator"
Updated on 15.04.2008 at 18:00 by IL-MAFIOSO
Microsoft Windows XP [version 5.1.2600]
Internet Explorer: 7.0.5730.13
File system: NTFS
Executed in normal mode
*** Searching for installed programs ***
*** Searching folders in "C:\WINDOWS" ***
*** Searching folders in "C:\Program Files" ***
*** Searching folders in "C:\DOCUME~1\ALLUSE~1\APPLIC~1" ***
*** Searching folders in "C:\Documents and Settings\Administrator\applic~1" ***
*** Searching folders in "C:\Documents and Settings\Administrator\locals~1\applic~1" ***
*** Searching folders in "C:\Documents and Settings\Administrator\menudm~1\progra~1" ***
*** Searching folders in "C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1" ***
*** Searching with Catchme-rootkit/stealth malware detector by gmer ***
for more info: http://www.gmer.net
No files found
*** Searching with GenericNaviSearch ***
!!! All these results may reveal legitimate files!!!
!!! Must be verified before any manual deletion!!!
* Searching in "C:\WINDOWS\system32" *
* Searching in "C:\Documents and Settings\Administrator\locals~1\applic~1" *
*** Searching files ***
C:\WINDOWS\pack.epk found!
C:\WINDOWS\system32\nvs2.inf found!
*** Searching specific keys in the Registry ***
HKEY_CURRENT_USER\Software\Lanconfig found!
*** Additional Search Module ***
(Searching specific files)
1) Searching for new Instant Access files:
2) Heuristic Search:
* In "C:\WINDOWS\system32":
tittrxa.dat found!
tittrxa_nav.dat found!
tittrxa_navps.dat found!
* In "C:\Documents and Settings\Administrator\locals~1\applic~1":
3) Searching for Certificates:
Egroup Certificate found!
Electronic-Group Certificate found!
OOO-Favorit Certificate found!
Sunny-Day-Design-Ltd Certificate absent!
4) Searching for known files:
C:\WINDOWS\system32\GjmVFfhk.ini2 found! Possible Vundo infection not handled by this tool!
*** Analysis completed on 25/04/2008 at 19:40:31,67 ***
Double click on the navilog1 shortcut.
Option 2 then confirm. (Enter)
Let yourself be guided.
Your computer will restart, otherwise do it manually.
Your desktop will disappear.
Wait until you see this message:
"*** Cleaning Finished on ..... ***"
Press a key as requested, Notepad will open.
Save the report.
Close Notepad. Your desktop will now reappear.
If your desktop does not reappear, press CTRL+ALT+DELETE to open the Task Manager.
Then go to the "processes" tab. Click at the top left on file and choose "New task (run)"
Type explorer and confirm. This will make your desktop appear
Start -> Control Panel -> Internet Options
Click on the "Content" tab then the "Certificates" tab and if you find this, especially in "trusted publishers":
Montorgueil; VIP
~~> Delete them if present! (not the others) <~~
Post the previously saved report (C:\cleannavi.txt)
As well as a new Hijackthis report.
The following programs install this infection:
* Go-astro
* GoRecord
* HotTVPlayer
* MailSkinner
* Messenger Skinner
* Instant Access
* InternetGameBox
* sudoplanet
* Webmediaplayer: except for the one from the following site > http://www.azertysite.new.fr/
* On the site www.games-desktop.com (Do not go there!)
Option 2 then confirm. (Enter)
Let yourself be guided.
Your computer will restart, otherwise do it manually.
Your desktop will disappear.
Wait until you see this message:
"*** Cleaning Finished on ..... ***"
Press a key as requested, Notepad will open.
Save the report.
Close Notepad. Your desktop will now reappear.
If your desktop does not reappear, press CTRL+ALT+DELETE to open the Task Manager.
Then go to the "processes" tab. Click at the top left on file and choose "New task (run)"
Type explorer and confirm. This will make your desktop appear
Start -> Control Panel -> Internet Options
Click on the "Content" tab then the "Certificates" tab and if you find this, especially in "trusted publishers":
Montorgueil; VIP
~~> Delete them if present! (not the others) <~~
Post the previously saved report (C:\cleannavi.txt)
As well as a new Hijackthis report.
The following programs install this infection:
* Go-astro
* GoRecord
* HotTVPlayer
* MailSkinner
* Messenger Skinner
* Instant Access
* InternetGameBox
* sudoplanet
* Webmediaplayer: except for the one from the following site > http://www.azertysite.new.fr/
* On the site www.games-desktop.com (Do not go there!)
Clean Navipromo version 3.5.4 started on 04/25/2008 at 19:49:45.14
Tool executed from C:\Program Files\navilog1
Current session: "Administrator"
Updated on 04/15/2008 at 6:00 PM by IL-MAFIOSO
Microsoft Windows XP [version 5.1.2600]
Internet Explorer: 7.0.5730.13
File system: NTFS
Automatic deletion mode
with support for Catchme and GNS results
*** fsbl1.txt not found ***
(Ensure that Catchme found nothing during the search)
*** Deletion with backups GenericNaviSearch results ***
* Deletion in "C:\WINDOWS\System32" *
* Deletion in "C:\Documents and Settings\Administrator\locals~1\applic~1" *
*** Deletion of folders in "C:\WINDOWS" ***
*** Deletion of folders in "C:\Program Files" ***
*** Deletion of folders in "C:\DOCUME~1\ALLUSE~1\APPLIC~1" ***
*** Deletion of folders in "C:\Documents and Settings\Administrator\applic~1" ***
*** Deletion of folders in "C:\Documents and Settings\Administrator\locals~1\applic~1" ***
*** Deletion of folders in "C:\Documents and Settings\Administrator\menudm~1\progra~1" ***
*** Deletion of folders in "C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1" ***
*** Deletion of files ***
C:\WINDOWS\pack.epk deleted!
C:\WINDOWS\system32\nvs2.inf deleted!
*** Deletion of temporary files ***
Cleaning contents of C:\WINDOWS\Temp completed!
Cleaning contents of C:\Documents and Settings\Administrator\locals~1\Temp completed!
*** Processing Additional Search ***
(Searching for specific files)
1) Deletion with backups of new Instant Access files:
2) Searching, creating backups and heuristic deletion:
* In "C:\WINDOWS\system32" *
tittrxa.dat found!
Copy of tittrxa.dat completed successfully!
tittrxa.dat deleted!
tittrxa_nav.dat found!
Copy of tittrxa_nav.dat completed successfully!
tittrxa_nav.dat deleted!
tittrxa_navps.dat found!
Copy of tittrxa_navps.dat completed successfully!
tittrxa_navps.dat deleted!
tittrxa.exe found!
Copy of tittrxa.exe completed successfully!
tittrxa.exe deleted!
C:\WINDOWS\prefetch\tittrxa*.pf found!
Copy of C:\WINDOWS\prefetch\tittrxa*.pf completed successfully!
C:\WINDOWS\prefetch\tittrxa*.pf deleted!
* In "C:\Documents and Settings\Administrator\locals~1\applic~1" *
*** Registry Backup to Safebackup folder ***
Registry backup completed successfully!
*** Registry Cleaning ***
Registry cleaning OK
*** Certificates ***
Egroup certificate deleted!
Electronic-Group certificate deleted!
OOO-Favorite certificate deleted!
Sunny-Day-Design-Ltd certificate absent!
*** Cleaning completed on 04/25/2008 at 19:54:39.29 ***
Tool executed from C:\Program Files\navilog1
Current session: "Administrator"
Updated on 04/15/2008 at 6:00 PM by IL-MAFIOSO
Microsoft Windows XP [version 5.1.2600]
Internet Explorer: 7.0.5730.13
File system: NTFS
Automatic deletion mode
with support for Catchme and GNS results
*** fsbl1.txt not found ***
(Ensure that Catchme found nothing during the search)
*** Deletion with backups GenericNaviSearch results ***
* Deletion in "C:\WINDOWS\System32" *
* Deletion in "C:\Documents and Settings\Administrator\locals~1\applic~1" *
*** Deletion of folders in "C:\WINDOWS" ***
*** Deletion of folders in "C:\Program Files" ***
*** Deletion of folders in "C:\DOCUME~1\ALLUSE~1\APPLIC~1" ***
*** Deletion of folders in "C:\Documents and Settings\Administrator\applic~1" ***
*** Deletion of folders in "C:\Documents and Settings\Administrator\locals~1\applic~1" ***
*** Deletion of folders in "C:\Documents and Settings\Administrator\menudm~1\progra~1" ***
*** Deletion of folders in "C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1" ***
*** Deletion of files ***
C:\WINDOWS\pack.epk deleted!
C:\WINDOWS\system32\nvs2.inf deleted!
*** Deletion of temporary files ***
Cleaning contents of C:\WINDOWS\Temp completed!
Cleaning contents of C:\Documents and Settings\Administrator\locals~1\Temp completed!
*** Processing Additional Search ***
(Searching for specific files)
1) Deletion with backups of new Instant Access files:
2) Searching, creating backups and heuristic deletion:
* In "C:\WINDOWS\system32" *
tittrxa.dat found!
Copy of tittrxa.dat completed successfully!
tittrxa.dat deleted!
tittrxa_nav.dat found!
Copy of tittrxa_nav.dat completed successfully!
tittrxa_nav.dat deleted!
tittrxa_navps.dat found!
Copy of tittrxa_navps.dat completed successfully!
tittrxa_navps.dat deleted!
tittrxa.exe found!
Copy of tittrxa.exe completed successfully!
tittrxa.exe deleted!
C:\WINDOWS\prefetch\tittrxa*.pf found!
Copy of C:\WINDOWS\prefetch\tittrxa*.pf completed successfully!
C:\WINDOWS\prefetch\tittrxa*.pf deleted!
* In "C:\Documents and Settings\Administrator\locals~1\applic~1" *
*** Registry Backup to Safebackup folder ***
Registry backup completed successfully!
*** Registry Cleaning ***
Registry cleaning OK
*** Certificates ***
Egroup certificate deleted!
Electronic-Group certificate deleted!
OOO-Favorite certificate deleted!
Sunny-Day-Design-Ltd certificate absent!
*** Cleaning completed on 04/25/2008 at 19:54:39.29 ***
and here is the new logfile
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:32:30, on 26/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Alwil Software\Avast4\ashDisp.exe
C:\WINDOWS\system32\svehost.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application
Launcher.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3
SSRP\E_S40RP7.EXE
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\MagicRotation\MagicPvt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL
Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\Program Files\Trust\MI-7200L Wireless Laser Mouse\panel.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\MagicTune Premium\MagicTune.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\Administrateur\Bureau\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
Links
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} -
C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} -
C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -
C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Pinnacle WebUpdater] "C:\Program Files\Pinnacle\Shared
Files\\Programs\WebUpdater\WebUpdater.exe" -s -f=UpdateVersion.xml
-url=http://cdn.pinnaclesys.com/SupportFiles
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Alwil Software\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Microsoft Updates] svehost.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe
TaskBarIcon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers
communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program
Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony
Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe"
-atboottime
O4 - HKLM\..\Run: [PMCRemote] C:\Program Files\Pinnacle\Shared
Files\\Programs\Remote\Remoterm.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MagicRotation] C:\Program Files\MagicRotation\MagicPvt.exe
O4 - HKLM\..\Run: [Live Coal Barb Inside] C:\Documents and Settings\All
Users\Application Data\Loud Dash Live Coal\Second thunk.exe
O4 - HKLM\..\Run: [Jugs Surf Inter Media] C:\Documents and Settings\All
Users\Application Data\STORE LESS JUGS SURF\Hold Gram.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [EPSON Stylus C66 Series]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE /P23 "EPSON Stylus
C66 Series" /O6 "USB001" /M "Stylus C66"
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\ZTE
Corporation\ZXDSL852\CnxDslTb.exe" "ZTE Corporation\ZXDSL852"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control
Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [28113f40] rundll32.exe
"C:\WINDOWS\system32\bgiptivx.dll",b
O4 - HKLM\..\Run: [BM2b220cdc] Rundll32.exe
"C:\WINDOWS\system32\cwjcclyu.dll",s
O4 - HKLM\..\RunServices: [Microsoft Updates] svehost.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe
appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [swg] C:\Program
Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [PMCS] "C:\Program Files\Pinnacle\Shared
Files\\Programs\MediaCenterService\PMC.Service.Main.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe"
/background
O4 - HKCU\..\Run: [Info Gram] C:\DOCUME~1\ADMINI~1\APPLIC~1\SHIMON~1\support
stupid.exe
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU
"C:\WINDOWS\TEMP\E_S2D0.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools
Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Anti-Pub.lnk = C:\Program Files\Antipub\antipub.exe
O4 - Startup: TribalWeb.lnk = C:\Program Files\TribalWeb\tribalweb.exe
O4 - Global Startup: GammaTray.lnk = ?
O4 - Global Startup: MI7200L.lnk = ?
O4 - Global Startup: NCProTray.lnk = ?
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL
Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program
Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter to Microsoft Excel -
res://C:\PROGRA~1\Microsoft Office\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\Microsoft Office\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -
C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -
{e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network
Diagnostic\xpnetdiag.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} -
https://www.orange.fr/portail (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload
Control) - http://kekabou.spaces.live.com/PhotoUpload/MsnPUpld.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -
C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software -
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. -
C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil
Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil
Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil
Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour
Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers
communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON
CORPORATION - C:\Documents and Settings\All Users\Application
Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. -
C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet
Publisher\FNPLicensingService.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France
Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program
Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation - C:\Program Files\Fichiers
communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program
Files\iPod\bin\iPodService.exe
O23 - Service: MagicTuneEngine - Unknown owner - C:\Program Files\MagicTune
Premium\MagicTuneEngine.exe
O23 - Service: SmartLinkService (SLService) - Smart Link -
C:\WINDOWS\SYSTEM32\slserv.exe
--
End of file - 10390 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:32:30, on 26/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Alwil Software\Avast4\ashDisp.exe
C:\WINDOWS\system32\svehost.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application
Launcher.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3
SSRP\E_S40RP7.EXE
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\MagicRotation\MagicPvt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL
Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\Program Files\Trust\MI-7200L Wireless Laser Mouse\panel.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\MagicTune Premium\MagicTune.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\Administrateur\Bureau\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
Links
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} -
C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} -
C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -
C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Pinnacle WebUpdater] "C:\Program Files\Pinnacle\Shared
Files\\Programs\WebUpdater\WebUpdater.exe" -s -f=UpdateVersion.xml
-url=http://cdn.pinnaclesys.com/SupportFiles
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Alwil Software\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Microsoft Updates] svehost.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe
TaskBarIcon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers
communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program
Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony
Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe"
-atboottime
O4 - HKLM\..\Run: [PMCRemote] C:\Program Files\Pinnacle\Shared
Files\\Programs\Remote\Remoterm.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MagicRotation] C:\Program Files\MagicRotation\MagicPvt.exe
O4 - HKLM\..\Run: [Live Coal Barb Inside] C:\Documents and Settings\All
Users\Application Data\Loud Dash Live Coal\Second thunk.exe
O4 - HKLM\..\Run: [Jugs Surf Inter Media] C:\Documents and Settings\All
Users\Application Data\STORE LESS JUGS SURF\Hold Gram.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [EPSON Stylus C66 Series]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE /P23 "EPSON Stylus
C66 Series" /O6 "USB001" /M "Stylus C66"
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\ZTE
Corporation\ZXDSL852\CnxDslTb.exe" "ZTE Corporation\ZXDSL852"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control
Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [28113f40] rundll32.exe
"C:\WINDOWS\system32\bgiptivx.dll",b
O4 - HKLM\..\Run: [BM2b220cdc] Rundll32.exe
"C:\WINDOWS\system32\cwjcclyu.dll",s
O4 - HKLM\..\RunServices: [Microsoft Updates] svehost.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe
appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [swg] C:\Program
Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [PMCS] "C:\Program Files\Pinnacle\Shared
Files\\Programs\MediaCenterService\PMC.Service.Main.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe"
/background
O4 - HKCU\..\Run: [Info Gram] C:\DOCUME~1\ADMINI~1\APPLIC~1\SHIMON~1\support
stupid.exe
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU
"C:\WINDOWS\TEMP\E_S2D0.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools
Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Anti-Pub.lnk = C:\Program Files\Antipub\antipub.exe
O4 - Startup: TribalWeb.lnk = C:\Program Files\TribalWeb\tribalweb.exe
O4 - Global Startup: GammaTray.lnk = ?
O4 - Global Startup: MI7200L.lnk = ?
O4 - Global Startup: NCProTray.lnk = ?
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL
Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program
Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter to Microsoft Excel -
res://C:\PROGRA~1\Microsoft Office\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\Microsoft Office\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -
C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -
{e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network
Diagnostic\xpnetdiag.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} -
https://www.orange.fr/portail (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload
Control) - http://kekabou.spaces.live.com/PhotoUpload/MsnPUpld.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -
C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software -
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. -
C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil
Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil
Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil
Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour
Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers
communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON
CORPORATION - C:\Documents and Settings\All Users\Application
Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. -
C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet
Publisher\FNPLicensingService.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France
Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program
Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation - C:\Program Files\Fichiers
communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program
Files\iPod\bin\iPodService.exe
O23 - Service: MagicTuneEngine - Unknown owner - C:\Program Files\MagicTune
Premium\MagicTuneEngine.exe
O23 - Service: SmartLinkService (SLService) - Smart Link -
C:\WINDOWS\SYSTEM32\slserv.exe
--
End of file - 10390 bytes
well, we removed a good part,
let's continue
download SDFix to your desktop: http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double-click on SDFix.exe to start the installation.
Click on Install: this will create a folder (default at the root of the hard drive) named SDFix.
It is essential to perform the cleaning with SDFix in Safe Mode:
how to restart in Safe Mode:http://mickael.barroux.free.fr/securite/desinfection.php#mode_sans_echec
Once in Safe Mode, double-click on RunThis.bat
Type Y and then press the Enter key on your keyboard to start the cleaning!
SDFix will proceed with the cleaning, please be patient...
This window informs you that SDFix needs to restart the computer to complete the cleaning.
Press any key on your keyboard to restart the PC.
When your PC restarts, SDFix will inform you that the cleaning is complete.
Press any key on your keyboard to open the report created by SDFix.
please post the report.
let's continue
download SDFix to your desktop: http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double-click on SDFix.exe to start the installation.
Click on Install: this will create a folder (default at the root of the hard drive) named SDFix.
It is essential to perform the cleaning with SDFix in Safe Mode:
how to restart in Safe Mode:http://mickael.barroux.free.fr/securite/desinfection.php#mode_sans_echec
Once in Safe Mode, double-click on RunThis.bat
Type Y and then press the Enter key on your keyboard to start the cleaning!
SDFix will proceed with the cleaning, please be patient...
This window informs you that SDFix needs to restart the computer to complete the cleaning.
Press any key on your keyboard to restart the PC.
When your PC restarts, SDFix will inform you that the cleaning is complete.
Press any key on your keyboard to open the report created by SDFix.
please post the report.
I'm sorry for taking so long to respond. I work weekend nights and my computer is running slow.
Thanks again for your patience.
Here is the report.
[b]SDFix: Version 1.175 [/b]
Run by Administrator on 26/04/2008 at 18:38
Microsoft Windows XP [version 5.1.2600]
Running From: C:\DOCUME~1\ADMINI~1\Desktop\d\SDFix
[b]Checking Services [/b]:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting
[b]Checking Files [/b]:
Trojan Files Found:
C:\WINDOWS\system32\svehost.exe - Deleted
Removing Temp Files
[b]ADS Check [/b]:
[b]Final Check [/b]:
catchme 0.3.1353.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-27 07:19:51
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"p0"="C:\Program Files\DAEMON Tools Pro\"
"h0"=dword:00000000
"hdf12"=hex:26,62,39,88,73,1d,59,bb,e5,d8,53,e3,d1,45,36,9a,0a,00,cd,d2,8d,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0"=hex:20,01,00,00,5c,01,40,39,42,22,58,83,fc,71,00,99,80,25,fe,81,b2,..
"hdf12"=hex:c7,4f,e8,dd,b6,93,1e,b5,fa,10,8c,92,14,36,14,5f,af,e9,ce,7c,b9,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:26,c5,66,93,4a,1b,5f,2b,7c,55,55,88,6e,09,31,fa,72,3e,87,5b,fd,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"p0"="C:\Program Files\DAEMON Tools Pro\"
"h0"=dword:00000000
"hdf12"=hex:26,62,39,88,73,1d,59,bb,e5,d8,53,e3,d1,45,36,9a,0a,00,cd,d2,8d,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0"=hex:20,01,00,00,5c,01,40,39,42,22,58,83,fc,71,00,99,80,25,fe,81,b2,..
"hdf12"=hex:c7,4f,e8,dd,b6,93,1e,b5,fa,10,8c,92,14,36,14,5f,af,e9,ce,7c,b9,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:26,c5,66,93,4a,1b,5f,2b,7c,55,55,88,6e,09,31,fa,72,3e,87,5b,fd,..
scanning hidden registry entries ...
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F40E2DF4-0858-ABAB-5E7C-1E2F3B30C4AF}]
"iaiaddgjdamkmelkkn"=hex:6b,61,70,63,69,6e,61,64,61,63,6f,6c,68,6d,69,6b,6d,6e,64,61,6f,..
"hacafonabmklnepp"=hex:6b,61,70,63,63,6e,63,63,68,69,65,6c,62,6a,70,70,64,65,61,67,64,..
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 537
[b]Remaining Services [/b]:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\MaxTV Online\\maxtv.exe"="C:\\Program Files\\MaxTV Online\\maxtv.exe:*:Enabled:maxtv"
"C:\\Program Files\\Mozilla Firefox 2 Beta 1\\firefox.exe"="C:\\Program Files\\Mozilla Firefox 2 Beta 1\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\MaxTV Online\\plugins\\PeerCast.exe"="C:\\Program Files\\MaxTV Online\\plugins\\PeerCast.exe:*:Enabled:PeerCast"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Disabled:eMule"
"C:\\Documents and Settings\\Administrator\\Local Settings\\Temp\\Rar$EX01.875\\Internet TV (PPLive, ppStream, Tvants, PCast, SopCast)\\SopCast\\SopCast.exe"="C:\\Documents and Settings\\Administrator\\Local Settings\\Temp\\Rar$EX01.875\\Internet TV (PPLive, ppStream, Tvants, PCast, SopCast)\\SopCast\\SopCast.exe:*:Disabled:SoP Client"
"C:\\Program Files\\SopCast\\SopCast.exe"="C:\\Program Files\\SopCast\\SopCast.exe:*:Disabled:SopCast"
"C:\\Program Files\\MaxTV Online\\plugins\\Streamer.exe"="C:\\Program Files\\MaxTV Online\\plugins\\Streamer.exe:*:Disabled:Streamer"
"C:\\PROGRA~1\\pcast\\PODCAS~1\\PODCAS~1.EXE"="C:\\PROGRA~1\\pcast\\PODCAS~1\\PODCAS~1.EXE:*:Enabled:Share Streaming"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MaxTV\\maxtv.exe"="C:\\Program Files\\MaxTV\\maxtv.exe:*:Enabled:MaxTV Online"
"D:\\GERMAIN\\emule0.47c-Xtreme5.4\\emule.exe"="D:\\GERMAIN\\emule0.47c-Xtreme5.4\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\MagicTune Premium\\MagicTune.exe"="C:\\Program Files\\MagicTune Premium\\MagicTune.exe:*:Enabled:MagicTune"
"C:\\Documents and Settings\\Administrator\\Local Settings\\Temp\\Rar$EX01.609\\emule.exe"="C:\\Documents and Settings\\Administrator\\Local Settings\\Temp\\Rar$EX01.609\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\TribalWeb\\tribalweb.exe"="C:\\Program Files\\TribalWeb\\tribalweb.exe:*:Enabled:tribalweb"
"C:\\Program Files\\Avid\\Avid Free DV\\AvidFreeDV.exe"="C:\\Program Files\\Avid\\Avid Free DV\\AvidFreeDV.exe:*:Enabled:Avid Editor"
"C:\\Program Files\\Pinnacle\\MediaCenter\\PMC.exe"="C:\\Program Files\\Pinnacle\\MediaCenter\\PMC.exe:LocalSubNet:Enabled:Pmc.exe"
"C:\\Program Files\\Pinnacle\\MediaCenter\\PMC.Tvtv.Spooler.exe"="C:\\Program Files\\Pinnacle\\MediaCenter\\PMC.Tvtv.Spooler.exe:LocalSubNet:Enabled:PMC.Tvtv.Spooler.exe"
"C:\\Program Files\\Pinnacle\\MediaCenter\\PSST.exe"="C:\\Program Files\\Pinnacle\\MediaCenter\\PSST.exe:LocalSubNet:Enabled:PSST.exe"
"C:\\Program Files\\Pinnacle\\Shared Files\\Programs\\MediaManager\\PMSManager.exe"="C:\\Program Files\\Pinnacle\\Shared Files\\Programs\\MediaManager\\PMSManager.exe:LocalSubNet:Enabled:PMSManager.exe"
"C:\\Program Files\\Pinnacle\\MediaCenter\\PMSInstallInit.exe"="C:\\Program Files\\Pinnacle\\MediaCenter\\PMSInstallInit.exe:LocalSubNet:Enabled:PMSInstallInit.exe"
"C:\\Program Files\\Pinnacle\\MediaCenter\\PMC.Tvtv.Wizard.exe"="C:\\Program Files\\Pinnacle\\MediaCenter\\PMC.Tvtv.Wizard.exe:LocalSubNet:Enabled:PMC.Tvtv.Wizard.exe"
"C:\\Program Files\\Pinnacle\\Shared Files\\Programs\\MediaServer\\PMSInstallInit.exe"="C:\\Program Files\\Pinnacle\\Shared Files\\Programs\\MediaServer\\PMSInstallInit.exe:LocalSubNet:Enabled:PMSInstallInit.exe"
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"="C:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe:*:Enabled:Render Manager"
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"="C:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe:*:Enabled:Studio"
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"="C:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile"
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"="C:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe:*:Enabled:umi"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\GameSpy Arcade\\Aphex.exe"="C:\\Program Files\\GameSpy Arcade\\Aphex.exe:*:Enabled:GameSpy Arcade"
"D:\\GERMAIN\\MotoGP URT 3 Demo\\motogp_demo.exe"="D:\\GERMAIN\\MotoGP URT 3 Demo\\motogp_demo.exe:*:Enabled:motogp_demo"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. The whole world can talk for free."
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"
"C:\\Program Files\\Pinnacle\\Shared Files\\Programs\\MediaCenterService\\PMC.Service.Main.exe"="C:\\Program Files\\Pinnacle\\Shared Files\\Programs\\MediaCenterService\\PMC.Service.Main.exe:LocalSubNet:Disabled:PMCService"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[b]Remaining Files [/b]:
File Backups: - C:\DOCUME~1\ADMINI~1\Desktop\d\SDFix\backups\backups.zip
[b]Files with Hidden Attributes [/b]:
Tue 5 Sep 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sat 27 Jan 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Wed 14 Nov 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0a639c949e790d609251685186692b3a\BITF.tmp"
Thu 10 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0a67b6c406b1d7e0f5c1e6f6d44a3f6e\BIT10.tmp"
Thu 10 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\18b19374451d28a8fbaf1939cf31ff45\BIT13.tmp"
Thu 10 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\22fb973e059470cc1b5d76c4ae605351\BIT17.tmp"
Thu 10 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\26924cbc8132a10b438ce6e2b49d4652\BITF.tmp"
Thu 10 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2769b111678c52099a3b3123b12f2325\BIT14.tmp"
Thu 10 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\30285791903730fbf957a83562db4ff4\BIT11.tmp"
Tue 13 Nov 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\8fe9ff09529e25ea24c2c5ce0cc38d43\BIT34.tmp"
Thu 10 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\9e870549834e2bceb796e44a1e3ac6f5\BIT16.tmp"
Wed 14 Nov 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ad213d081e2675ef87a62c73b8abf209\BITD.tmp"
Wed 14 Nov 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\c4f88f947d390c49edce5fbcc347ee34\BITE.tmp"
Thu 10 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\cb8921d0c7830b2f33c00fa4c8a10d17\BIT12.tmp"
Tue 13 Nov 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d63dcfdecb884ff700157395950ff6f6\BIT2B.tmp"
Thu 10 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d77b9b5b8fed23dd91f50d167cce60d3\BIT15.tmp"
[b]Finished![/b]
Thanks again for your patience.
Here is the report.
[b]SDFix: Version 1.175 [/b]
Run by Administrator on 26/04/2008 at 18:38
Microsoft Windows XP [version 5.1.2600]
Running From: C:\DOCUME~1\ADMINI~1\Desktop\d\SDFix
[b]Checking Services [/b]:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting
[b]Checking Files [/b]:
Trojan Files Found:
C:\WINDOWS\system32\svehost.exe - Deleted
Removing Temp Files
[b]ADS Check [/b]:
[b]Final Check [/b]:
catchme 0.3.1353.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-27 07:19:51
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"p0"="C:\Program Files\DAEMON Tools Pro\"
"h0"=dword:00000000
"hdf12"=hex:26,62,39,88,73,1d,59,bb,e5,d8,53,e3,d1,45,36,9a,0a,00,cd,d2,8d,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0"=hex:20,01,00,00,5c,01,40,39,42,22,58,83,fc,71,00,99,80,25,fe,81,b2,..
"hdf12"=hex:c7,4f,e8,dd,b6,93,1e,b5,fa,10,8c,92,14,36,14,5f,af,e9,ce,7c,b9,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:26,c5,66,93,4a,1b,5f,2b,7c,55,55,88,6e,09,31,fa,72,3e,87,5b,fd,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"p0"="C:\Program Files\DAEMON Tools Pro\"
"h0"=dword:00000000
"hdf12"=hex:26,62,39,88,73,1d,59,bb,e5,d8,53,e3,d1,45,36,9a,0a,00,cd,d2,8d,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0"=hex:20,01,00,00,5c,01,40,39,42,22,58,83,fc,71,00,99,80,25,fe,81,b2,..
"hdf12"=hex:c7,4f,e8,dd,b6,93,1e,b5,fa,10,8c,92,14,36,14,5f,af,e9,ce,7c,b9,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:26,c5,66,93,4a,1b,5f,2b,7c,55,55,88,6e,09,31,fa,72,3e,87,5b,fd,..
scanning hidden registry entries ...
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F40E2DF4-0858-ABAB-5E7C-1E2F3B30C4AF}]
"iaiaddgjdamkmelkkn"=hex:6b,61,70,63,69,6e,61,64,61,63,6f,6c,68,6d,69,6b,6d,6e,64,61,6f,..
"hacafonabmklnepp"=hex:6b,61,70,63,63,6e,63,63,68,69,65,6c,62,6a,70,70,64,65,61,67,64,..
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 537
[b]Remaining Services [/b]:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\MaxTV Online\\maxtv.exe"="C:\\Program Files\\MaxTV Online\\maxtv.exe:*:Enabled:maxtv"
"C:\\Program Files\\Mozilla Firefox 2 Beta 1\\firefox.exe"="C:\\Program Files\\Mozilla Firefox 2 Beta 1\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\MaxTV Online\\plugins\\PeerCast.exe"="C:\\Program Files\\MaxTV Online\\plugins\\PeerCast.exe:*:Enabled:PeerCast"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Disabled:eMule"
"C:\\Documents and Settings\\Administrator\\Local Settings\\Temp\\Rar$EX01.875\\Internet TV (PPLive, ppStream, Tvants, PCast, SopCast)\\SopCast\\SopCast.exe"="C:\\Documents and Settings\\Administrator\\Local Settings\\Temp\\Rar$EX01.875\\Internet TV (PPLive, ppStream, Tvants, PCast, SopCast)\\SopCast\\SopCast.exe:*:Disabled:SoP Client"
"C:\\Program Files\\SopCast\\SopCast.exe"="C:\\Program Files\\SopCast\\SopCast.exe:*:Disabled:SopCast"
"C:\\Program Files\\MaxTV Online\\plugins\\Streamer.exe"="C:\\Program Files\\MaxTV Online\\plugins\\Streamer.exe:*:Disabled:Streamer"
"C:\\PROGRA~1\\pcast\\PODCAS~1\\PODCAS~1.EXE"="C:\\PROGRA~1\\pcast\\PODCAS~1\\PODCAS~1.EXE:*:Enabled:Share Streaming"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MaxTV\\maxtv.exe"="C:\\Program Files\\MaxTV\\maxtv.exe:*:Enabled:MaxTV Online"
"D:\\GERMAIN\\emule0.47c-Xtreme5.4\\emule.exe"="D:\\GERMAIN\\emule0.47c-Xtreme5.4\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\MagicTune Premium\\MagicTune.exe"="C:\\Program Files\\MagicTune Premium\\MagicTune.exe:*:Enabled:MagicTune"
"C:\\Documents and Settings\\Administrator\\Local Settings\\Temp\\Rar$EX01.609\\emule.exe"="C:\\Documents and Settings\\Administrator\\Local Settings\\Temp\\Rar$EX01.609\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\TribalWeb\\tribalweb.exe"="C:\\Program Files\\TribalWeb\\tribalweb.exe:*:Enabled:tribalweb"
"C:\\Program Files\\Avid\\Avid Free DV\\AvidFreeDV.exe"="C:\\Program Files\\Avid\\Avid Free DV\\AvidFreeDV.exe:*:Enabled:Avid Editor"
"C:\\Program Files\\Pinnacle\\MediaCenter\\PMC.exe"="C:\\Program Files\\Pinnacle\\MediaCenter\\PMC.exe:LocalSubNet:Enabled:Pmc.exe"
"C:\\Program Files\\Pinnacle\\MediaCenter\\PMC.Tvtv.Spooler.exe"="C:\\Program Files\\Pinnacle\\MediaCenter\\PMC.Tvtv.Spooler.exe:LocalSubNet:Enabled:PMC.Tvtv.Spooler.exe"
"C:\\Program Files\\Pinnacle\\MediaCenter\\PSST.exe"="C:\\Program Files\\Pinnacle\\MediaCenter\\PSST.exe:LocalSubNet:Enabled:PSST.exe"
"C:\\Program Files\\Pinnacle\\Shared Files\\Programs\\MediaManager\\PMSManager.exe"="C:\\Program Files\\Pinnacle\\Shared Files\\Programs\\MediaManager\\PMSManager.exe:LocalSubNet:Enabled:PMSManager.exe"
"C:\\Program Files\\Pinnacle\\MediaCenter\\PMSInstallInit.exe"="C:\\Program Files\\Pinnacle\\MediaCenter\\PMSInstallInit.exe:LocalSubNet:Enabled:PMSInstallInit.exe"
"C:\\Program Files\\Pinnacle\\MediaCenter\\PMC.Tvtv.Wizard.exe"="C:\\Program Files\\Pinnacle\\MediaCenter\\PMC.Tvtv.Wizard.exe:LocalSubNet:Enabled:PMC.Tvtv.Wizard.exe"
"C:\\Program Files\\Pinnacle\\Shared Files\\Programs\\MediaServer\\PMSInstallInit.exe"="C:\\Program Files\\Pinnacle\\Shared Files\\Programs\\MediaServer\\PMSInstallInit.exe:LocalSubNet:Enabled:PMSInstallInit.exe"
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"="C:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe:*:Enabled:Render Manager"
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"="C:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe:*:Enabled:Studio"
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"="C:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile"
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"="C:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe:*:Enabled:umi"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\GameSpy Arcade\\Aphex.exe"="C:\\Program Files\\GameSpy Arcade\\Aphex.exe:*:Enabled:GameSpy Arcade"
"D:\\GERMAIN\\MotoGP URT 3 Demo\\motogp_demo.exe"="D:\\GERMAIN\\MotoGP URT 3 Demo\\motogp_demo.exe:*:Enabled:motogp_demo"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. The whole world can talk for free."
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"
"C:\\Program Files\\Pinnacle\\Shared Files\\Programs\\MediaCenterService\\PMC.Service.Main.exe"="C:\\Program Files\\Pinnacle\\Shared Files\\Programs\\MediaCenterService\\PMC.Service.Main.exe:LocalSubNet:Disabled:PMCService"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[b]Remaining Files [/b]:
File Backups: - C:\DOCUME~1\ADMINI~1\Desktop\d\SDFix\backups\backups.zip
[b]Files with Hidden Attributes [/b]:
Tue 5 Sep 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sat 27 Jan 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Wed 14 Nov 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0a639c949e790d609251685186692b3a\BITF.tmp"
Thu 10 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0a67b6c406b1d7e0f5c1e6f6d44a3f6e\BIT10.tmp"
Thu 10 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\18b19374451d28a8fbaf1939cf31ff45\BIT13.tmp"
Thu 10 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\22fb973e059470cc1b5d76c4ae605351\BIT17.tmp"
Thu 10 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\26924cbc8132a10b438ce6e2b49d4652\BITF.tmp"
Thu 10 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2769b111678c52099a3b3123b12f2325\BIT14.tmp"
Thu 10 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\30285791903730fbf957a83562db4ff4\BIT11.tmp"
Tue 13 Nov 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\8fe9ff09529e25ea24c2c5ce0cc38d43\BIT34.tmp"
Thu 10 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\9e870549834e2bceb796e44a1e3ac6f5\BIT16.tmp"
Wed 14 Nov 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ad213d081e2675ef87a62c73b8abf209\BITD.tmp"
Wed 14 Nov 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\c4f88f947d390c49edce5fbcc347ee34\BITE.tmp"
Thu 10 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\cb8921d0c7830b2f33c00fa4c8a10d17\BIT12.tmp"
Tue 13 Nov 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d63dcfdecb884ff700157395950ff6f6\BIT2B.tmp"
Thu 10 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d77b9b5b8fed23dd91f50d167cce60d3\BIT15.tmp"
[b]Finished![/b]
Good morning
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:03:49, on 28/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3
SSRP\E_S40RP7.EXE
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL
Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MagicRotation\MagicPvt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trust\MI-7200L Wireless Laser Mouse\panel.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Wanadoo\GestionnaireInternet.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrateur\Bureau\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
Links
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} -
C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} -
C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -
C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Pinnacle WebUpdater] "C:\Program Files\Pinnacle\Shared
Files\\Programs\WebUpdater\WebUpdater.exe" -s -f=UpdateVersion.xml
-url=http://cdn.pinnaclesys.com/SupportFiles
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Alwil Software\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe
TaskBarIcon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program
Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony
Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe"
-atboottime
O4 - HKLM\..\Run: [PMCRemote] C:\Program Files\Pinnacle\Shared
Files\\Programs\Remote\Remoterm.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MagicRotation] C:\Program Files\MagicRotation\MagicPvt.exe
O4 - HKLM\..\Run: [Live Coal Barb Inside] C:\Documents and Settings\All
Users\Application Data\Loud Dash Live Coal\Second thunk.exe
O4 - HKLM\..\Run: [Jugs Surf Inter Media] C:\Documents and Settings\All
Users\Application Data\STORE LESS JUGS SURF\Hold Gram.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [EPSON Stylus C66 Series]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE /P23 "EPSON Stylus
C66 Series" /O6 "USB001" /M "Stylus C66"
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\ZTE
Corporation\ZXDSL852\CnxDslTb.exe" "ZTE Corporation\ZXDSL852"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control
Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [28113f40] rundll32.exe
"C:\WINDOWS\system32\qqqfafjh.dll",b
O4 - HKLM\..\Run: [BM2b220cdc] Rundll32.exe
"C:\WINDOWS\system32\cnanrssc.dll",s
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe
appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [swg] C:\Program
Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [PMCS] "C:\Program Files\Pinnacle\Shared
Files\\Programs\MediaCenterService\PMC.Service.Main.exe"
O4 - HKCU\..\Run: [Info Gram] C:\DOCUME~1\ADMINI~1\APPLIC~1\SHIMON~1\support
stupid.exe
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU
"C:\WINDOWS\TEMP\E_S2D0.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools
Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
O4 - Startup: Anti-Pub.lnk = C:\Program Files\Antipub\antipub.exe
O4 - Startup: TribalWeb.lnk = C:\Program Files\TribalWeb\tribalweb.exe
O4 - Global Startup: GammaTray.lnk = ?
O4 - Global Startup: MI7200L.lnk = ?
O4 - Global Startup: NCProTray.lnk = ?
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL
Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program
Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter to Microsoft Excel -
res://C:\PROGRA~1\Microsoft Office\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menu item: Console Java (Sun) -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\Microsoft Office\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -
C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menu item: @xpsp3res.dll,-20001 -
{e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network
Diagnostic\xpnetdiag.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} -
https://www.orange.fr/portail (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload
Control) - http://kekabou.spaces.live.com/PhotoUpload/MsnPUpld.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -
C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software -
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. -
C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil
Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil
Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil
Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour
Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON
CORPORATION - C:\Documents and Settings\All Users\Application
Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. -
C:\Program Files\Common Files\Macrovision Shared\FLEXnet
Publisher\FNPLicensingService.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France
Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program
Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation - C:\Program Files\Common
Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program
Files\iPod\bin\iPodService.exe
O23 - Service: MagicTuneEngine - Unknown owner - C:\Program Files\MagicTune
Premium\MagicTuneEngine.exe
O23 - Service: SmartLinkService (SLService) - Smart Link -
C:\WINDOWS\SYSTEM32\slserv.exe
--
End of file - 9968 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:03:49, on 28/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3
SSRP\E_S40RP7.EXE
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL
Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MagicRotation\MagicPvt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trust\MI-7200L Wireless Laser Mouse\panel.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Wanadoo\GestionnaireInternet.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrateur\Bureau\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
Links
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} -
C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} -
C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -
C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Pinnacle WebUpdater] "C:\Program Files\Pinnacle\Shared
Files\\Programs\WebUpdater\WebUpdater.exe" -s -f=UpdateVersion.xml
-url=http://cdn.pinnaclesys.com/SupportFiles
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Alwil Software\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe
TaskBarIcon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program
Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony
Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe"
-atboottime
O4 - HKLM\..\Run: [PMCRemote] C:\Program Files\Pinnacle\Shared
Files\\Programs\Remote\Remoterm.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MagicRotation] C:\Program Files\MagicRotation\MagicPvt.exe
O4 - HKLM\..\Run: [Live Coal Barb Inside] C:\Documents and Settings\All
Users\Application Data\Loud Dash Live Coal\Second thunk.exe
O4 - HKLM\..\Run: [Jugs Surf Inter Media] C:\Documents and Settings\All
Users\Application Data\STORE LESS JUGS SURF\Hold Gram.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [EPSON Stylus C66 Series]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE /P23 "EPSON Stylus
C66 Series" /O6 "USB001" /M "Stylus C66"
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\ZTE
Corporation\ZXDSL852\CnxDslTb.exe" "ZTE Corporation\ZXDSL852"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control
Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [28113f40] rundll32.exe
"C:\WINDOWS\system32\qqqfafjh.dll",b
O4 - HKLM\..\Run: [BM2b220cdc] Rundll32.exe
"C:\WINDOWS\system32\cnanrssc.dll",s
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe
appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [swg] C:\Program
Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [PMCS] "C:\Program Files\Pinnacle\Shared
Files\\Programs\MediaCenterService\PMC.Service.Main.exe"
O4 - HKCU\..\Run: [Info Gram] C:\DOCUME~1\ADMINI~1\APPLIC~1\SHIMON~1\support
stupid.exe
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU
"C:\WINDOWS\TEMP\E_S2D0.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools
Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
O4 - Startup: Anti-Pub.lnk = C:\Program Files\Antipub\antipub.exe
O4 - Startup: TribalWeb.lnk = C:\Program Files\TribalWeb\tribalweb.exe
O4 - Global Startup: GammaTray.lnk = ?
O4 - Global Startup: MI7200L.lnk = ?
O4 - Global Startup: NCProTray.lnk = ?
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL
Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program
Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter to Microsoft Excel -
res://C:\PROGRA~1\Microsoft Office\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menu item: Console Java (Sun) -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\Microsoft Office\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -
C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menu item: @xpsp3res.dll,-20001 -
{e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network
Diagnostic\xpnetdiag.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} -
https://www.orange.fr/portail (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload
Control) - http://kekabou.spaces.live.com/PhotoUpload/MsnPUpld.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -
C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software -
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. -
C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil
Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil
Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil
Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour
Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON
CORPORATION - C:\Documents and Settings\All Users\Application
Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. -
C:\Program Files\Common Files\Macrovision Shared\FLEXnet
Publisher\FNPLicensingService.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France
Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program
Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation - C:\Program Files\Common
Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program
Files\iPod\bin\iPodService.exe
O23 - Service: MagicTuneEngine - Unknown owner - C:\Program Files\MagicTune
Premium\MagicTuneEngine.exe
O23 - Service: SmartLinkService (SLService) - Smart Link -
C:\WINDOWS\SYSTEM32\slserv.exe
--
End of file - 9968 bytes
hello
good
Download BTFix from Bibi26:
http://cluster1.easy-hebergement.net/
* Unzip the archive on your Desktop.
* Open the BTFix folder.
* Double click on BTFix.exe.
* Click on Search.
* A report will appear, copy/paste it into your next response.
good
Download BTFix from Bibi26:
http://cluster1.easy-hebergement.net/
* Unzip the archive on your Desktop.
* Open the BTFix folder.
* Double click on BTFix.exe.
* Click on Search.
* A report will appear, copy/paste it into your next response.
Hello,
this folder "bonjour" in program files that contains mdnsNSP.dll and mDNSResponder.exe is spyware I got it after installing Photoshop CS3. But how do I remove it? I did test this:
http://www.korben.info/wp-content/uploads/2007/07/aurevoir.rar
the first step (disabling the .exe file) works.
But the second step (deleting the dll) does not work and shows me an error message each time... how can I delete it?
this folder "bonjour" in program files that contains mdnsNSP.dll and mDNSResponder.exe is spyware I got it after installing Photoshop CS3. But how do I remove it? I did test this:
http://www.korben.info/wp-content/uploads/2007/07/aurevoir.rar
the first step (disabling the .exe file) works.
But the second step (deleting the dll) does not work and shows me an error message each time... how can I delete it?