Error message on every startup!
Solved
lacrame
Posted messages
1
Registration date
Status
Membre
Last intervention
-
sKe69 Posted messages 21955 Status Contributeur sécurité -
sKe69 Posted messages 21955 Status Contributeur sécurité -
Hello,
Every time I start a session, this error message pops up:
Error in C:\WINDOWS\system32\qyvjgsahzs.dll
Missing entry: DLLStart
This has been going on for 3 days, and I really don't know anything about computers, so if you could help me that would be very kind.
Thank you in advance.
Every time I start a session, this error message pops up:
Error in C:\WINDOWS\system32\qyvjgsahzs.dll
Missing entry: DLLStart
This has been going on for 3 days, and I really don't know anything about computers, so if you could help me that would be very kind.
Thank you in advance.
Configuration: Windows XP Firefox 3.0.4
26 réponses
- 1
- 2
Suivant
vieu bison boiteu
Posted messages
44334
Registration date
Status
Contributeur
Last intervention
Ambassadeur
3 591
Hi lacrame,
can you tell us what this DLL (in "msconfig") is related to?
(the entire line with what’s in the three columns)
I didn't find anything on the net
thanks
see you+
--
no links on the webpage in English
I'm already flying solo enough
can you tell us what this DLL (in "msconfig") is related to?
(the entire line with what’s in the three columns)
I didn't find anything on the net
thanks
see you+
--
no links on the webpage in English
I'm already flying solo enough
Pasthou,
I just unchecked the box, as you advised me, and the message no longer appears!
I am so happy and I thank you very much!!
Could I know what it is so that I can avoid this kind of thing in the future?
Thanks again.
See you soon.
I just unchecked the box, as you advised me, and the message no longer appears!
I am so happy and I thank you very much!!
Could I know what it is so that I can avoid this kind of thing in the future?
Thanks again.
See you soon.
To know what this is related to, you would need to enter the registry and do a search
I have two PCs running XP and XP Pro, they don't have it
and I haven't found anything on the net
a designation like this seems to be spyware
what you're going to do is go to this site = https://www.virustotal.com/gui/
with "Browse", you're going to look for the file in "C:\WINDOWS\system32\"
select it, "Open"
and start the scan by clicking "Send File"
the scan will take place, then a report will be displayed
you select the report like a word document, right click and "Copy"
and paste it into your reply
see you later
--
no links on a webpage in English
I'm already stealing enough on my own
I have two PCs running XP and XP Pro, they don't have it
and I haven't found anything on the net
a designation like this seems to be spyware
what you're going to do is go to this site = https://www.virustotal.com/gui/
with "Browse", you're going to look for the file in "C:\WINDOWS\system32\"
select it, "Open"
and start the scan by clicking "Send File"
the scan will take place, then a report will be displayed
you select the report like a word document, right click and "Copy"
and paste it into your reply
see you later
--
no links on a webpage in English
I'm already stealing enough on my own
vieu bison boiteu
Posted messages
44334
Registration date
Status
Contributeur
Last intervention
Ambassadeur
3 591
First, clean the registry using "jv16 pt" or "CCleaner"
to remove leftover files from uninstalled programs
here's what is recommended to do
<there is indeed an infection ... ^^
you need to ask for an RSIT or a ZHPDiag ... no other choice ^^ >
so start with HijackThis (which I indicated in post <10>)
___________________________________________________________________________________________
1- Download and install the HijackThis software:
here http://static.commentcamarche.net/www.commentcamarche.net/download/fichiers/HJTInstall.exe
or here http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe
or here http://www.clubic.com/lancer-le-telechargement-51452-0-hijackthis.html
--> Click on the setup to start the installation: follow the prompts and do not change the installation settings.
At the end of the installation, the program will launch automatically: close it by clicking on the red cross.
In the end, you should have a shortcut on your desktop and also a path like:
"C:\ program files\Trend Micro\HijackThis\HijackThis.exe " .
click on
"Do a system scan and save a logfile"
and at the end of the scan, the notepad will open with the report
copy and paste it into your reply
the report "hijackthis.log" will also be in C:\ program files\Trend Micro\HijackThis\
see you
--
no links on English web pages
I'm already stealing everything on my own
to remove leftover files from uninstalled programs
here's what is recommended to do
<there is indeed an infection ... ^^
you need to ask for an RSIT or a ZHPDiag ... no other choice ^^ >
so start with HijackThis (which I indicated in post <10>)
___________________________________________________________________________________________
1- Download and install the HijackThis software:
here http://static.commentcamarche.net/www.commentcamarche.net/download/fichiers/HJTInstall.exe
or here http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe
or here http://www.clubic.com/lancer-le-telechargement-51452-0-hijackthis.html
--> Click on the setup to start the installation: follow the prompts and do not change the installation settings.
At the end of the installation, the program will launch automatically: close it by clicking on the red cross.
In the end, you should have a shortcut on your desktop and also a path like:
"C:\ program files\Trend Micro\HijackThis\HijackThis.exe " .
click on
"Do a system scan and save a logfile"
and at the end of the scan, the notepad will open with the report
copy and paste it into your reply
the report "hijackthis.log" will also be in C:\ program files\Trend Micro\HijackThis\
see you
--
no links on English web pages
I'm already stealing everything on my own
vieu bison boiteu
Posted messages
44334
Registration date
Status
Contributeur
Last intervention
Ambassadeur
3 591
if you only do what is said in the post, a ".log" file will be created
for now, we are not talking about fixing lines
--
no link on the web page in English
I'm already stealing enough by myself
for now, we are not talking about fixing lines
--
no link on the web page in English
I'm already stealing enough by myself
Hi,
So, there's this whole line:
qyvjgsahzs C:\WINDOWS\System... SOFTWARE\Microsoft\Windows\Current\Version\Run
There you go.
Thanks.
See you.
So, there's this whole line:
qyvjgsahzs C:\WINDOWS\System... SOFTWARE\Microsoft\Windows\Current\Version\Run
There you go.
Thanks.
See you.
vieu bison boiteu
Posted messages
44334
Registration date
Status
Contributeur
Last intervention
Ambassadeur
3 591
Hi lacrame,
if you can do a Hijackthis
there's already a discussion
https://forum.pcastuces.com/default.asp
and the link to download it
https://www.pcastuces.com/logitheque/hijackthis.htm
you'll probably need to restart the PC (if it doesn't do so automatically) to complete the report
see you
--
no links on web pages in English
I already steal enough by myself
if you can do a Hijackthis
there's already a discussion
https://forum.pcastuces.com/default.asp
and the link to download it
https://www.pcastuces.com/logitheque/hijackthis.htm
you'll probably need to restart the PC (if it doesn't do so automatically) to complete the report
see you
--
no links on web pages in English
I already steal enough by myself
Hello old lame bison,
I have done the scan and here is the report:
Antivirus Version Last Update Result
AhnLab-V3 2008.12.10.2 2008.12.10 -
AntiVir 7.9.0.43 2008.12.10 TR/BHO.325120
Authentium 5.1.0.4 2008.12.10 -
Avast 4.8.1281.0 2008.12.10 -
AVG 8.0.0.199 2008.12.09 -
BitDefender 7.2 2008.12.10 Trojan.Generic.1212503
CAT-QuickHeal 10.00 2008.12.10 -
ClamAV 0.94.1 2008.12.10 Adware.AdRotator-10
Comodo 718 2008.12.10 -
DrWeb 4.44.0.09170 2008.12.10 -
eSafe 7.0.17.0 2008.12.09 -
eTrust-Vet 31.6.6253 2008.12.10 -
Ewido 4.0 2008.12.09 -
F-Prot 4.4.4.56 2008.12.10 -
F-Secure 8.0.14332.0 2008.12.10 -
Fortinet 3.117.0.0 2008.12.10 -
GData 19 2008.12.10 Trojan.Generic.1212503
Ikarus T3.1.1.45.0 2008.12.10 Trojan.BHO
K7AntiVirus 7.10.549 2008.12.09 -
Kaspersky 7.0.0.125 2008.12.10 -
McAfee 5459 2008.12.09 AdClicker-GI
McAfee+Artemis 5459 2008.12.09 AdClicker-GI
Microsoft 1.4205 2008.12.10 Adware:Win32/AdRotator
NOD32 3681 2008.12.10 probably a variant of Win32/Adware.GooochiBiz
Norman 5.80.02 2008.12.09 -
Panda 9.0.0.4 2008.12.09 Generic Trojan
PCTools 4.4.2.0 2008.12.09 -
Prevx1 V2 2008.12.10 Cloaked Malware
Rising 21.07.22.00 2008.12.10 Trojan.Win32.Undef.tdz
SecureWeb-Gateway 6.7.6 2008.12.10 Trojan.BHO.325120
Sophos 4.36.0 2008.12.10 SuperiorAds
Sunbelt 3.2.1801.2 2008.12.10 -
Symantec 10 2008.12.10 -
TheHacker 6.3.1.2.182 2008.12.10 -
TrendMicro 8.700.0.1004 2008.12.10 -
VBA32 3.12.8.10 2008.12.09 -
ViRobot 2008.12.10.1511 2008.12.10 -
VirusBuster 4.5.11.0 2008.12.09 Adware.Adrotator.Gen.2
Additional information
File size: 325120 bytes
MD5...: 591a6037f0ce87500556d602b30528d6
SHA1..: 2784fb5ffd7d0589191bf7cc0aeb90e2cc1f8be5
SHA256: 9e4d7a1d8dc801a2c7a9bfeeffaa9028c6ed63615ed562b776cb3a6cbb054e6e
SHA512: 875536aaa0624d4a336d23d8335bb8d3a05f6427ca38af2e099ba1a2a4ce3c1f
cddbc7640688bfbef680d99ad06b3eb9b70fb89f3972b326daf73230d8d1367c
ssdeep: 6144:lbpmOz9GgRx9r/wpDAwRlnjHTogIPqwLAtiCu54+iOdSncKZ:lbpmOz8gRx
9r/0rRlnjHTHIPqweiV7i3
PEiD..: -
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x1002d5d8
timedatestamp.....: 0x49253388 (Thu Nov 20 09:53:12 2008)
machinetype.......: 0x14c (I386)
( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x3f311 0x3f400 6.47 367dda58118cb1b84673d7cce806b3cf
.rdata 0x41000 0x757f 0x7600 4.88 12b17df958ba8b90d9144fd0caf3b825
.data 0x49000 0x3b00 0x1600 3.56 40900456cc056cc215b00c6362d76a93
.rsrc 0x4d000 0x34c 0x400 4.69 cc872a35f28b7739ca3ce94c69702baf
.reloc 0x4e000 0x6d46 0x6e00 4.19 a5d773e3995570cc5bf9b10424c45ea4
( 8 imports )
> RPCRT4.dll: UuidToStringW, RpcStringFreeW
> SHLWAPI.dll: StrStrIW, SHDeleteKeyW, UrlEscapeW, StrCmpIW, PathStripPathW
> urlmon.dll: URLDownloadToFileW
> KERNEL32.dll: InitializeCriticalSection, DeleteCriticalSection, EnterCriticalSection, LeaveCriticalSection, GetProcAddress, LoadLibraryA, ExitThread, GetSystemTime, CreateEventW, CloseHandle, DeleteFileW, MoveFileExW, FreeLibrary, LoadLibraryW, WideCharToMultiByte, MultiByteToWideChar, lstrlenW, GetStringTypeA, LCMapStringA, GetLocaleInfoA, InitializeCriticalSectionAndSpinCount, GetConsoleMode, GetConsoleCP, SetFilePointer, HeapReAlloc, VirtualAlloc, GetSystemTimeAsFileTime, GetCurrentProcessId, GetTickCount, QueryPerformanceCounter, VirtualFree, HeapDestroy, HeapCreate, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetStdHandle, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, CreateFileA, FlushFileBuffers, GetStringTypeW, GetEnvironmentStrings, FreeEnvironmentStringsA, GetStartupInfoA, GetFileType, SetHandleCount, IsValidCodePage, GetOEMCP, GetACP, GetCPInfo, GetModuleFileNameA, GetStdHandle, WriteFile, GetModuleHandleA, ExitProcess, HeapSize, Sleep, RaiseException, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, RtlUnwind, GetCurrentThreadId, GetCommandLineA, GetLastError, HeapFree, HeapAlloc, GetModuleHandleW, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, InterlockedIncrement, SetLastError, InterlockedDecrement, LCMapStringW
> USER32.dll: GetWindowTextW, EnumChildWindows, RealGetWindowClassW, CallWindowProcW, SetWindowLongW, SetPropW, GetWindowThreadProcessId, PostMessageW, SendMessageW, GetPropW, RemovePropW, OffsetRect, IntersectRect, InflateRect, ClientToScreen, SetWindowTextW, MsgWaitForMultipleObjects, PeekMessageW, TranslateMessage, DispatchMessageW, GetClassNameW, SetActiveWindow
> ADVAPI32.dll: RegQueryValueExW, ConvertStringSecurityDescriptorToSecurityDescriptorW, GetSecurityDescriptorSacl, SetSecurityInfo, RegOpenKeyExW, RegDeleteKeyW, RegQueryValueW, RegDeleteValueW, RegSetValueExW, RegCreateKeyW, RegCloseKey
> ole32.dll: CoTaskMemFree, CoCreateInstance, CoUninitialize, CoInitializeEx
> OLEAUT32.dll: -, -, -, -, -, -, -, -, -, -, -
( 5 exports )
DllCanUnloadNow, DllGetClassObject, DllPreinstall, DllRegisterServer, DllUnregisterServer
Prevx info: <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=8F9F589D00AB9BBFF6870407F72AF4000CB0E111' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=8F9F589D00AB9BBFF6870407F72AF4000CB0E111</a>
I have done the scan and here is the report:
Antivirus Version Last Update Result
AhnLab-V3 2008.12.10.2 2008.12.10 -
AntiVir 7.9.0.43 2008.12.10 TR/BHO.325120
Authentium 5.1.0.4 2008.12.10 -
Avast 4.8.1281.0 2008.12.10 -
AVG 8.0.0.199 2008.12.09 -
BitDefender 7.2 2008.12.10 Trojan.Generic.1212503
CAT-QuickHeal 10.00 2008.12.10 -
ClamAV 0.94.1 2008.12.10 Adware.AdRotator-10
Comodo 718 2008.12.10 -
DrWeb 4.44.0.09170 2008.12.10 -
eSafe 7.0.17.0 2008.12.09 -
eTrust-Vet 31.6.6253 2008.12.10 -
Ewido 4.0 2008.12.09 -
F-Prot 4.4.4.56 2008.12.10 -
F-Secure 8.0.14332.0 2008.12.10 -
Fortinet 3.117.0.0 2008.12.10 -
GData 19 2008.12.10 Trojan.Generic.1212503
Ikarus T3.1.1.45.0 2008.12.10 Trojan.BHO
K7AntiVirus 7.10.549 2008.12.09 -
Kaspersky 7.0.0.125 2008.12.10 -
McAfee 5459 2008.12.09 AdClicker-GI
McAfee+Artemis 5459 2008.12.09 AdClicker-GI
Microsoft 1.4205 2008.12.10 Adware:Win32/AdRotator
NOD32 3681 2008.12.10 probably a variant of Win32/Adware.GooochiBiz
Norman 5.80.02 2008.12.09 -
Panda 9.0.0.4 2008.12.09 Generic Trojan
PCTools 4.4.2.0 2008.12.09 -
Prevx1 V2 2008.12.10 Cloaked Malware
Rising 21.07.22.00 2008.12.10 Trojan.Win32.Undef.tdz
SecureWeb-Gateway 6.7.6 2008.12.10 Trojan.BHO.325120
Sophos 4.36.0 2008.12.10 SuperiorAds
Sunbelt 3.2.1801.2 2008.12.10 -
Symantec 10 2008.12.10 -
TheHacker 6.3.1.2.182 2008.12.10 -
TrendMicro 8.700.0.1004 2008.12.10 -
VBA32 3.12.8.10 2008.12.09 -
ViRobot 2008.12.10.1511 2008.12.10 -
VirusBuster 4.5.11.0 2008.12.09 Adware.Adrotator.Gen.2
Additional information
File size: 325120 bytes
MD5...: 591a6037f0ce87500556d602b30528d6
SHA1..: 2784fb5ffd7d0589191bf7cc0aeb90e2cc1f8be5
SHA256: 9e4d7a1d8dc801a2c7a9bfeeffaa9028c6ed63615ed562b776cb3a6cbb054e6e
SHA512: 875536aaa0624d4a336d23d8335bb8d3a05f6427ca38af2e099ba1a2a4ce3c1f
cddbc7640688bfbef680d99ad06b3eb9b70fb89f3972b326daf73230d8d1367c
ssdeep: 6144:lbpmOz9GgRx9r/wpDAwRlnjHTogIPqwLAtiCu54+iOdSncKZ:lbpmOz8gRx
9r/0rRlnjHTHIPqweiV7i3
PEiD..: -
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x1002d5d8
timedatestamp.....: 0x49253388 (Thu Nov 20 09:53:12 2008)
machinetype.......: 0x14c (I386)
( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x3f311 0x3f400 6.47 367dda58118cb1b84673d7cce806b3cf
.rdata 0x41000 0x757f 0x7600 4.88 12b17df958ba8b90d9144fd0caf3b825
.data 0x49000 0x3b00 0x1600 3.56 40900456cc056cc215b00c6362d76a93
.rsrc 0x4d000 0x34c 0x400 4.69 cc872a35f28b7739ca3ce94c69702baf
.reloc 0x4e000 0x6d46 0x6e00 4.19 a5d773e3995570cc5bf9b10424c45ea4
( 8 imports )
> RPCRT4.dll: UuidToStringW, RpcStringFreeW
> SHLWAPI.dll: StrStrIW, SHDeleteKeyW, UrlEscapeW, StrCmpIW, PathStripPathW
> urlmon.dll: URLDownloadToFileW
> KERNEL32.dll: InitializeCriticalSection, DeleteCriticalSection, EnterCriticalSection, LeaveCriticalSection, GetProcAddress, LoadLibraryA, ExitThread, GetSystemTime, CreateEventW, CloseHandle, DeleteFileW, MoveFileExW, FreeLibrary, LoadLibraryW, WideCharToMultiByte, MultiByteToWideChar, lstrlenW, GetStringTypeA, LCMapStringA, GetLocaleInfoA, InitializeCriticalSectionAndSpinCount, GetConsoleMode, GetConsoleCP, SetFilePointer, HeapReAlloc, VirtualAlloc, GetSystemTimeAsFileTime, GetCurrentProcessId, GetTickCount, QueryPerformanceCounter, VirtualFree, HeapDestroy, HeapCreate, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetStdHandle, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, CreateFileA, FlushFileBuffers, GetStringTypeW, GetEnvironmentStrings, FreeEnvironmentStringsA, GetStartupInfoA, GetFileType, SetHandleCount, IsValidCodePage, GetOEMCP, GetACP, GetCPInfo, GetModuleFileNameA, GetStdHandle, WriteFile, GetModuleHandleA, ExitProcess, HeapSize, Sleep, RaiseException, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, RtlUnwind, GetCurrentThreadId, GetCommandLineA, GetLastError, HeapFree, HeapAlloc, GetModuleHandleW, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, InterlockedIncrement, SetLastError, InterlockedDecrement, LCMapStringW
> USER32.dll: GetWindowTextW, EnumChildWindows, RealGetWindowClassW, CallWindowProcW, SetWindowLongW, SetPropW, GetWindowThreadProcessId, PostMessageW, SendMessageW, GetPropW, RemovePropW, OffsetRect, IntersectRect, InflateRect, ClientToScreen, SetWindowTextW, MsgWaitForMultipleObjects, PeekMessageW, TranslateMessage, DispatchMessageW, GetClassNameW, SetActiveWindow
> ADVAPI32.dll: RegQueryValueExW, ConvertStringSecurityDescriptorToSecurityDescriptorW, GetSecurityDescriptorSacl, SetSecurityInfo, RegOpenKeyExW, RegDeleteKeyW, RegQueryValueW, RegDeleteValueW, RegSetValueExW, RegCreateKeyW, RegCloseKey
> ole32.dll: CoTaskMemFree, CoCreateInstance, CoUninitialize, CoInitializeEx
> OLEAUT32.dll: -, -, -, -, -, -, -, -, -, -, -
( 5 exports )
DllCanUnloadNow, DllGetClassObject, DllPreinstall, DllRegisterServer, DllUnregisterServer
Prevx info: <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=8F9F589D00AB9BBFF6870407F72AF4000CB0E111' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=8F9F589D00AB9BBFF6870407F72AF4000CB0E111</a>
vieu bison boiteu
Posted messages
44334
Registration date
Status
Contributeur
Last intervention
Ambassadeur
3 591
Hi lacrame,
haven't you recently installed software like antivirus or anti-spyware that would be complementary to the main antivirus???
I'm coming across this page
http://www.prevx.com/default.asp?sec=interest1
http://www.codolien.info/logiciels-PDF-2/Prevx%20CSI.pdf
if so, there might be a setting that is not correct
see you later
--
no links on the web page in English
I'm already flying solo enough
haven't you recently installed software like antivirus or anti-spyware that would be complementary to the main antivirus???
I'm coming across this page
http://www.prevx.com/default.asp?sec=interest1
http://www.codolien.info/logiciels-PDF-2/Prevx%20CSI.pdf
if so, there might be a setting that is not correct
see you later
--
no links on the web page in English
I'm already flying solo enough
vieu bison boiteu
Posted messages
44334
Registration date
Status
Contributeur
Last intervention
Ambassadeur
3 591
So there are remnants in the registry
with HJT, we would see "no file" or "file missing"
reg cleaner
Download PowerTools 1.3.0.195 = http://puntocr.softriz.it/jv16pt.html
https://www.01net.com/404/
https://www.01net.com/404/
https://www.01net.com/404/
http://telechargement.zebulon.fr/201-jv16-powertools.html
http://www.zebulon.fr/articles/base-de-registre-3.php#nettoie
http://www.commentcamarche.net/telecharger/telecharger 171 regcleaner
tutorial for "jv16pt"
http://pagesperso-orange.fr/rginformatique/section%20virus/demo%20jv%2016%20v2.htm
see you later
--
no link on the English web page
I'm already stealing enough all by myself
with HJT, we would see "no file" or "file missing"
reg cleaner
Download PowerTools 1.3.0.195 = http://puntocr.softriz.it/jv16pt.html
https://www.01net.com/404/
https://www.01net.com/404/
https://www.01net.com/404/
http://telechargement.zebulon.fr/201-jv16-powertools.html
http://www.zebulon.fr/articles/base-de-registre-3.php#nettoie
http://www.commentcamarche.net/telecharger/telecharger 171 regcleaner
tutorial for "jv16pt"
http://pagesperso-orange.fr/rginformatique/section%20virus/demo%20jv%2016%20v2.htm
see you later
--
no link on the English web page
I'm already stealing enough all by myself
Hello everyone,
lacrame,
please post a HijackThis report as requested, you have nothing to fear if you follow the instructions given to you... ;)
Download and install the HijackThis software:
here HijackThis
or here http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe
or here https://www.clubic.com/telecharger-fiche17891-hijackthis.html
1- Click on the setup to start the installation: follow the prompts and do not change the installation settings.
At the end of the installation, the program will launch automatically: close it by clicking the red cross.
In the end, you should have a shortcut on your desktop and also a path like:
"C:\ program files\Trend Micro\HijackThis\HijackThis.exe " .
tutorial for use:
Look here, it's perfectly explained with images (thanks balltrap34),
http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm
( Do not fix ANY line yet, this may prevent your PC from functioning properly )
2- !! Disconnect and close all your running applications !!
Click on the desktop shortcut to launch the program:
run a HijackThis scan by clicking on: "Do a system scan and save a logfile"
---> Post the generated report for analysis...
--
"Baby, I'm going on an airplane, And I don't know if I'll be back again"
IMPORTANT: do not think you are in the clear until we have
told you so!
lacrame,
please post a HijackThis report as requested, you have nothing to fear if you follow the instructions given to you... ;)
Download and install the HijackThis software:
here HijackThis
or here http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe
or here https://www.clubic.com/telecharger-fiche17891-hijackthis.html
1- Click on the setup to start the installation: follow the prompts and do not change the installation settings.
At the end of the installation, the program will launch automatically: close it by clicking the red cross.
In the end, you should have a shortcut on your desktop and also a path like:
"C:\ program files\Trend Micro\HijackThis\HijackThis.exe " .
tutorial for use:
Look here, it's perfectly explained with images (thanks balltrap34),
http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm
( Do not fix ANY line yet, this may prevent your PC from functioning properly )
2- !! Disconnect and close all your running applications !!
Click on the desktop shortcut to launch the program:
run a HijackThis scan by clicking on: "Do a system scan and save a logfile"
---> Post the generated report for analysis...
--
"Baby, I'm going on an airplane, And I don't know if I'll be back again"
IMPORTANT: do not think you are in the clear until we have
told you so!
Hello everyone,
Thank you for reassuring and motivating me not to give up!
Here is the result:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:39:01, on 12/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Vista Start Menu\VistaStartMenu.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://outlook.live.com/owa/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Links
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: agadoo browser enhancer - {7ACAE7ED-A9CF-CBCB-3290-B37B0DB2005F} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Assistant Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\qcntqsdl.exe DWbrk03FF
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yodm3D] C:\WINDOWS\Resources\Themes\VistaXP\y3d\Yodm3D.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [VistaStartMenu] "C:\Program Files\Vista Start Menu\VistaStartMenu.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\dwwnw64r.exe
O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\qcntqsdl.exe
O8 - Extra context menu item: E&xporter to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: Search - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.acer.com/worldwide/selection.html
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
--
End of file - 8102 bytes
Thank you for reassuring and motivating me not to give up!
Here is the result:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:39:01, on 12/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Vista Start Menu\VistaStartMenu.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://outlook.live.com/owa/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Links
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: agadoo browser enhancer - {7ACAE7ED-A9CF-CBCB-3290-B37B0DB2005F} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Assistant Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\qcntqsdl.exe DWbrk03FF
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yodm3D] C:\WINDOWS\Resources\Themes\VistaXP\y3d\Yodm3D.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [VistaStartMenu] "C:\Program Files\Vista Start Menu\VistaStartMenu.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\dwwnw64r.exe
O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\qcntqsdl.exe
O8 - Extra context menu item: E&xporter to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: Search - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.acer.com/worldwide/selection.html
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
--
End of file - 8102 bytes
Hello,
seen ... quite a bit of work .... Let's start:
Download ToolBar S&D (from Eric_71/Team IDN) to your desktop:
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2
( Tutorial: https://sites.google.com/site/toolbarsd/aideenimages )
!! Disconnect and close all your running applications during the process !!
* Double-click on ToolBar SD.exe to launch the tool and follow the instructions...
--> Directly press 2 (option "cleaning") and then hit [Enter].
Cleaning starts.
! do not touch anything during deletion!
A report will be generated at the end of the process: post its content in your next reply
along with a new hijackthis report for analysis...
( the report is also saved here -> C:\TB.txt )
--
"Baby, I'm going on an airplane, And I don't know if I'll be back again"
IMPORTANT: do not think you're out of trouble until we
tell you so!
seen ... quite a bit of work .... Let's start:
Download ToolBar S&D (from Eric_71/Team IDN) to your desktop:
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2
( Tutorial: https://sites.google.com/site/toolbarsd/aideenimages )
!! Disconnect and close all your running applications during the process !!
* Double-click on ToolBar SD.exe to launch the tool and follow the instructions...
--> Directly press 2 (option "cleaning") and then hit [Enter].
Cleaning starts.
! do not touch anything during deletion!
A report will be generated at the end of the process: post its content in your next reply
along with a new hijackthis report for analysis...
( the report is also saved here -> C:\TB.txt )
--
"Baby, I'm going on an airplane, And I don't know if I'll be back again"
IMPORTANT: do not think you're out of trouble until we
tell you so!
I double-clicked on the Toolbar on the desktop but there was no "cleanup option", only the language choice and conducting a search, so I performed the search which resulted in this:
-----------\\ ToolBar S&D 1.2.6 XP/Vista
Microsoft Windows XP Home Edition (v5.1.2600) Service Pack 3
X86-based PC (Uniprocessor Free: Intel(R) Pentium(R) 4 CPU 2.80GHz)
BIOS: Phoenix - AwardBIOS v6.00PG
USER: BOUBOULE (Administrator)
BOOT: Normal boot
Antivirus: avast! antivirus 4.8.1296 [VPS 081204-0] 4.8.1296 (Activated)
Firewall: ZoneAlarm Pro Firewall 7.0.483.000 (Activated)
A:\ (USB)
C:\ (Local Disk) - FAT32 - Total: 39 Go (Free: 17 Go)
D:\ (Local Disk) - FAT32 - Total: 35 Go (Free: 24 Go)
E:\ (CD or DVD)
F:\ (CD or DVD)
G:\ (USB)
H:\ (USB)
I:\ (USB)
J:\ (USB)
"C:\ToolBar SD" (UPD: 04-12-2008|20:40)
Option: [1] (11/12/2008|15:14)
-----------\\ File/Folder Search...
C:\Program Files\GamesBar
C:\Program Files\GamesBar\Localization2-French.ini
-----------\\ Extensions
(kenshiro) - {a7c6cf7f-112c-4500-a7ea-39801a327e5f} => fireftp
(kenshiro) - {b9db16a4-6edc-47ec-a1f4-b86292ed211d} => dwhelper
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.google.fr/?gws_rd=ssl"
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://www.msn.com/fr-fr/?ocid=iehp"
--------------------\\ Searching for other infections
No other infections found!
1 - "C:\ToolBar SD\TB_1.txt" - 11/12/2008|15:15 - Option: [1]
-----------\\ End of report at 15:15:27,98
-----------\\ ToolBar S&D 1.2.6 XP/Vista
Microsoft Windows XP Home Edition (v5.1.2600) Service Pack 3
X86-based PC (Uniprocessor Free: Intel(R) Pentium(R) 4 CPU 2.80GHz)
BIOS: Phoenix - AwardBIOS v6.00PG
USER: BOUBOULE (Administrator)
BOOT: Normal boot
Antivirus: avast! antivirus 4.8.1296 [VPS 081204-0] 4.8.1296 (Activated)
Firewall: ZoneAlarm Pro Firewall 7.0.483.000 (Activated)
A:\ (USB)
C:\ (Local Disk) - FAT32 - Total: 39 Go (Free: 17 Go)
D:\ (Local Disk) - FAT32 - Total: 35 Go (Free: 24 Go)
E:\ (CD or DVD)
F:\ (CD or DVD)
G:\ (USB)
H:\ (USB)
I:\ (USB)
J:\ (USB)
"C:\ToolBar SD" (UPD: 04-12-2008|20:40)
Option: [1] (11/12/2008|15:14)
-----------\\ File/Folder Search...
C:\Program Files\GamesBar
C:\Program Files\GamesBar\Localization2-French.ini
-----------\\ Extensions
(kenshiro) - {a7c6cf7f-112c-4500-a7ea-39801a327e5f} => fireftp
(kenshiro) - {b9db16a4-6edc-47ec-a1f4-b86292ed211d} => dwhelper
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.google.fr/?gws_rd=ssl"
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://www.msn.com/fr-fr/?ocid=iehp"
--------------------\\ Searching for other infections
No other infections found!
1 - "C:\ToolBar SD\TB_1.txt" - 11/12/2008|15:15 - Option: [1]
-----------\\ End of report at 15:15:27,98
And here is the HijackThis scan:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:20:29, on 11/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Vista Start Menu\VistaStartMenu.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://outlook.live.com/owa/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Links
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: agadoo browser enhancer - {7ACAE7ED-A9CF-CBCB-3290-B37B0DB2005F} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Assistant Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\qcntqsdl.exe DWbrk03FF
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yodm3D] C:\WINDOWS\Resources\Themes\VistaXP\y3d\Yodm3D.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [VistaStartMenu] "C:\Program Files\Vista Start Menu\VistaStartMenu.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\dwwnw64r.exe
O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\qcntqsdl.exe
O8 - Extra context menu item: E&xporter to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Java Console (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: Search - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11D2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.acer.com/worldwide/selection.html
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
--
End of file - 8135 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:20:29, on 11/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Vista Start Menu\VistaStartMenu.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://outlook.live.com/owa/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Links
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: agadoo browser enhancer - {7ACAE7ED-A9CF-CBCB-3290-B37B0DB2005F} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Assistant Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\qcntqsdl.exe DWbrk03FF
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yodm3D] C:\WINDOWS\Resources\Themes\VistaXP\y3d\Yodm3D.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [VistaStartMenu] "C:\Program Files\Vista Start Menu\VistaStartMenu.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\dwwnw64r.exe
O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\qcntqsdl.exe
O8 - Extra context menu item: E&xporter to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Java Console (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: Search - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11D2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.acer.com/worldwide/selection.html
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
--
End of file - 8135 bytes
Well ...
the next steps in order:
1- You have Norton traces that need to be cleaned as follows:
Download the Norton removal tool to your desktop:
ftp://ftp.symantec.com/public/francais/removal_tools/Norton_Removal_Tool.exe
Log out.
Then uninstall Norton with "Norton removal tool": double-click on it and follow the instructions ... you need to uninstall it properly (do the process twice if possible).
2- Download: - CCleaner
https://www.pcastuces.com/logitheque/ccleaner.htm
This software will allow you to remove all temporary files and fix your registry.
When installing:
-make sure to choose "français" as the language.
-before clicking the "install" button, uncheck all the "additional options" except the first two.
A tutorial (help):
http://perso.orange.fr/jesses/Docs/Logiciels/CCleaner.htm
---> Usage:
! log out and close all running applications!
* go to "cleaner": do -scan- then -clean-
* go to "registry": do -search for errors- and -repair all errors-
( several times until there are no errors left ).
( CCleaner: a tool to keep on your PC, super useful for good clean-up ... )
3- Download SmitfraudFix (by S!Ri, balltrap34 and moe31):
http://siri.urz.free.fr/Fix/SmitfraudFix.exe
Install the software on your desktop (and not anywhere else!).
!! Log out, close all your applications, and disable your defenses (anti-virus, anti-spyware,...) during the process !!
Tutorial (help): http://siri.urz.free.fr/Fix/SmitfraudFix.php
Another animated tutorial (thanks balltrapp34 ;) ): http://pagesperso-orange.fr/rginformatique/section%20virus/smitfraudfix.htm
Usage ---> option 1 / Search:
Double-click the "Smitfraudfix.exe" icon and select 1 (and nothing else without our consent!) to create a report of the files responsible for the infection.
Post the report ("rapport.txt" which can be found under C:\) and wait for further instructions...
(Note: "process.exe", a component of the tool, is detected by some antivirus programs as a "RiskTool". It is not a virus, but a utility designed to terminate processes. In the wrong hands, this utility could stop security software.)
--
"Baby, I'm going on an airplane, And I don't know if I'll be back again"
IMPORTANT: do not think you are out of the woods until we
tell you!
the next steps in order:
1- You have Norton traces that need to be cleaned as follows:
Download the Norton removal tool to your desktop:
ftp://ftp.symantec.com/public/francais/removal_tools/Norton_Removal_Tool.exe
Log out.
Then uninstall Norton with "Norton removal tool": double-click on it and follow the instructions ... you need to uninstall it properly (do the process twice if possible).
2- Download: - CCleaner
https://www.pcastuces.com/logitheque/ccleaner.htm
This software will allow you to remove all temporary files and fix your registry.
When installing:
-make sure to choose "français" as the language.
-before clicking the "install" button, uncheck all the "additional options" except the first two.
A tutorial (help):
http://perso.orange.fr/jesses/Docs/Logiciels/CCleaner.htm
---> Usage:
! log out and close all running applications!
* go to "cleaner": do -scan- then -clean-
* go to "registry": do -search for errors- and -repair all errors-
( several times until there are no errors left ).
( CCleaner: a tool to keep on your PC, super useful for good clean-up ... )
3- Download SmitfraudFix (by S!Ri, balltrap34 and moe31):
http://siri.urz.free.fr/Fix/SmitfraudFix.exe
Install the software on your desktop (and not anywhere else!).
!! Log out, close all your applications, and disable your defenses (anti-virus, anti-spyware,...) during the process !!
Tutorial (help): http://siri.urz.free.fr/Fix/SmitfraudFix.php
Another animated tutorial (thanks balltrapp34 ;) ): http://pagesperso-orange.fr/rginformatique/section%20virus/smitfraudfix.htm
Usage ---> option 1 / Search:
Double-click the "Smitfraudfix.exe" icon and select 1 (and nothing else without our consent!) to create a report of the files responsible for the infection.
Post the report ("rapport.txt" which can be found under C:\) and wait for further instructions...
(Note: "process.exe", a component of the tool, is detected by some antivirus programs as a "RiskTool". It is not a virus, but a utility designed to terminate processes. In the wrong hands, this utility could stop security software.)
--
"Baby, I'm going on an airplane, And I don't know if I'll be back again"
IMPORTANT: do not think you are out of the woods until we
tell you!
try right-clicking on it / save target as and save it on your desktop ...
if that doesn't work, try using Internet Explorer as your browser ....
--
"Baby, I'm going on an airplane, And I don't know if I'll be back again"
IMPORTANT : do not think you are out of the woods until
someone has told you so!
if that doesn't work, try using Internet Explorer as your browser ....
--
"Baby, I'm going on an airplane, And I don't know if I'll be back again"
IMPORTANT : do not think you are out of the woods until
someone has told you so!
We're going to do it differently... download it from here:
https://www.sendspace.com/file/mz0qfd
and do the thing...
--
"Baby, I'm going on an airplane, And I don't know if I'll be back again"
IMPORTANT: don't think you're in the clear until we
tell you so!
https://www.sendspace.com/file/mz0qfd
and do the thing...
--
"Baby, I'm going on an airplane, And I don't know if I'll be back again"
IMPORTANT: don't think you're in the clear until we
tell you so!
It's done, here is the result:
SmitFraudFix v2.383
Report made at 17:45:29.14, 11/12/2008
Executed from C:\Documents and Settings\BOUBOULE\Desktop\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
The file system type is FAT32
Fix executed in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Vista Start Menu\VistaStartMenu.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wscntfy.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\BOUBOULE
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\BOUBOULE\LOCALS~1\Temp
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\BOUBOULE\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\BOUBOULE\Favorites
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
C:\Program Files\Google\googletoolbar1.dll PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted Keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Items
»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, the following keys are not necessarily infected!!!
o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, the following keys are not necessarily infected!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, the following keys are not necessarily infected!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, the following keys are not necessarily infected!!!
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, the following keys are not necessarily infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, the following keys are not necessarily infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, the following keys are not necessarily infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» RK
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Realtek RTL8139/810x Family Fast Ethernet NIC - Packet scheduling miniport
DNS Server Search Order: 192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{5F82AB08-BA5A-4D37-8C6A-5F3FBA9825DA}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{5F82AB08-BA5A-4D37-8C6A-5F3FBA9825DA}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{5F82AB08-BA5A-4D37-8C6A-5F3FBA9825DA}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
»»»»»»»»»»»»»»»»»»»»»»»» Infection search wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» End
SmitFraudFix v2.383
Report made at 17:45:29.14, 11/12/2008
Executed from C:\Documents and Settings\BOUBOULE\Desktop\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
The file system type is FAT32
Fix executed in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Vista Start Menu\VistaStartMenu.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wscntfy.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\BOUBOULE
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\BOUBOULE\LOCALS~1\Temp
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\BOUBOULE\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\BOUBOULE\Favorites
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
C:\Program Files\Google\googletoolbar1.dll PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted Keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Items
»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, the following keys are not necessarily infected!!!
o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, the following keys are not necessarily infected!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, the following keys are not necessarily infected!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, the following keys are not necessarily infected!!!
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, the following keys are not necessarily infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, the following keys are not necessarily infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, the following keys are not necessarily infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» RK
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Realtek RTL8139/810x Family Fast Ethernet NIC - Packet scheduling miniport
DNS Server Search Order: 192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{5F82AB08-BA5A-4D37-8C6A-5F3FBA9825DA}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{5F82AB08-BA5A-4D37-8C6A-5F3FBA9825DA}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{5F82AB08-BA5A-4D37-8C6A-5F3FBA9825DA}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
»»»»»»»»»»»»»»»»»»»»»»»» Infection search wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» End
Well ...
Continuation of the procedure (cleaning), do exactly as follows:
Imperative: Start in safe mode.
/!\ Never start in safe mode via MSCONFIG /!\
How to enter Safe Mode:
1) Restart your computer.
2) Press the F8 key immediately, (F5 on some PCs) right after the "Beep".
3) Continue pressing until the screen with the startup options appears.
4) Choose the first option: Safe Mode, and confirm by pressing [Enter].
5) Select your usual account (not Administrator).
Note: No connection is possible in safe mode, so make sure to copy or print the procedure to avoid mistakes...
* Double-click on SmitfraudFix.exe
* Select 2 and press "Enter" in the menu to remove the files responsible for the infection.
--> If needed:
* When asked: Do you want to clean the registry? answer Y (yes) and press Enter to unblock the wallpaper and remove the registry keys of the infection.
(The fix will determine if the wininet.dll file is infected.)
* When asked: "Fix the infected file?" answer Y (yes) and press Enter
to replace the corrupted file.
* A restart will be requested to complete the cleaning procedure.
If the restart does not occur, do it manually (this is important!).
The report is located at the root of the C hard drive.
(in the file C:\report.txt)
Post this latest report along with a new hijackthis report (do in normal mode) and wait for further instructions...
--
"Baby, I'm going on an airplane, And I don't know if I'll be back again"
IMPORTANT: do not think you are in the clear until
you have been told so!
Continuation of the procedure (cleaning), do exactly as follows:
Imperative: Start in safe mode.
/!\ Never start in safe mode via MSCONFIG /!\
How to enter Safe Mode:
1) Restart your computer.
2) Press the F8 key immediately, (F5 on some PCs) right after the "Beep".
3) Continue pressing until the screen with the startup options appears.
4) Choose the first option: Safe Mode, and confirm by pressing [Enter].
5) Select your usual account (not Administrator).
Note: No connection is possible in safe mode, so make sure to copy or print the procedure to avoid mistakes...
* Double-click on SmitfraudFix.exe
* Select 2 and press "Enter" in the menu to remove the files responsible for the infection.
--> If needed:
* When asked: Do you want to clean the registry? answer Y (yes) and press Enter to unblock the wallpaper and remove the registry keys of the infection.
(The fix will determine if the wininet.dll file is infected.)
* When asked: "Fix the infected file?" answer Y (yes) and press Enter
to replace the corrupted file.
* A restart will be requested to complete the cleaning procedure.
If the restart does not occur, do it manually (this is important!).
The report is located at the root of the C hard drive.
(in the file C:\report.txt)
Post this latest report along with a new hijackthis report (do in normal mode) and wait for further instructions...
--
"Baby, I'm going on an airplane, And I don't know if I'll be back again"
IMPORTANT: do not think you are in the clear until
you have been told so!
I'll explain: there are 3 accounts on my computer:
- an administrator account protected by a password that I do not know (and it's my older brother's account who just left for the army and it's his computer)
- an administrator account protected by a password (which belongs to me)
- a guest account for my little brother and other family members.
- an administrator account protected by a password that I do not know (and it's my older brother's account who just left for the army and it's his computer)
- an administrator account protected by a password (which belongs to me)
- a guest account for my little brother and other family members.
re,
protected administrator session with a password (which belongs to me)
-> this one ;)
--
"Baby, I'm going on an airplane, And I don't know if I'll be back again"
IMPORTANT : don't think you're in the clear until we
tell you so!
protected administrator session with a password (which belongs to me)
-> this one ;)
--
"Baby, I'm going on an airplane, And I don't know if I'll be back again"
IMPORTANT : don't think you're in the clear until we
tell you so!
I still ran the HijackThis scan:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:19:28, on 11/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Vista Start Menu\VistaStartMenu.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://outlook.live.com/owa/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Links
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: agadoo browser enhancer - {7ACAE7ED-A9CF-CBCB-3290-B37B0DB2005F} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Assistant Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yodm3D] C:\WINDOWS\Resources\Themes\VistaXP\y3d\Yodm3D.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [VistaStartMenu] "C:\Program Files\Vista Start Menu\VistaStartMenu.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\dwwnw64r.exe
O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\qcntqsdl.exe
O8 - Extra context menu item: E&xporter to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: Search - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.acer.com/worldwide/selection.html
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
--
End of file - 7669 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:19:28, on 11/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Vista Start Menu\VistaStartMenu.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://outlook.live.com/owa/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Links
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: agadoo browser enhancer - {7ACAE7ED-A9CF-CBCB-3290-B37B0DB2005F} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Assistant Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yodm3D] C:\WINDOWS\Resources\Themes\VistaXP\y3d\Yodm3D.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [VistaStartMenu] "C:\Program Files\Vista Start Menu\VistaStartMenu.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\dwwnw64r.exe
O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\qcntqsdl.exe
O8 - Extra context menu item: E&xporter to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: Search - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.acer.com/worldwide/selection.html
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
--
End of file - 7669 bytes
bon ...
continue with this :
Download SDFix to your desktop :
here http://downloads.andymanchesta.com/RemovalTools/SDFix.exe.
or here http://sdfix.net/SDFix.exe
--> Double-click on SDFix.exe and choose "Install" .
( tutorial here : https://www.malekal.com/slenfbot-still-an-other-irc-bot/ )
Then once the installation is complete ,
Mandatory : Boot in safe mode .
/!\ Never boot in safe mode via MSCONFIG /!\
How to go into Safe Mode :
1) Restart your computer .
2) Tap the F8 key immediately, (F5 on some PCs) right after the "Beep" .
3) Keep tapping until the screen with the boot options appears .
4) Choose the first option : Safe Mode , and confirm by pressing [Enter] .
5) Choose your usual account ( and not Administrator ).
note: no login possible in safe mode, so be sure to copy or print the instructions to avoid errors ...
Open the SDFix folder that has just been created in the C:\ directory and double-click on RunThis.bat to launch the tool .
--> Type Y to start the script ...
The Fix removes the virus services and cleans the registry, thus a restart is necessary, so :
press any key to restart when prompted .
The PC will take time to start up (that's normal), after the Desktop loads press any key when "Finished" appears .
The SDFix report will open on the screen and will also be saved in the folder
C:\SDFix under the name "Report.txt".
Post this in your next reply along with a new Hijackthis report for analysis ...
--
"Baby, I'm going on an airplane, And I don't know if I'll be back again"
IMPORTANT : don't think you're out of trouble until we
tell you so!
continue with this :
Download SDFix to your desktop :
here http://downloads.andymanchesta.com/RemovalTools/SDFix.exe.
or here http://sdfix.net/SDFix.exe
--> Double-click on SDFix.exe and choose "Install" .
( tutorial here : https://www.malekal.com/slenfbot-still-an-other-irc-bot/ )
Then once the installation is complete ,
Mandatory : Boot in safe mode .
/!\ Never boot in safe mode via MSCONFIG /!\
How to go into Safe Mode :
1) Restart your computer .
2) Tap the F8 key immediately, (F5 on some PCs) right after the "Beep" .
3) Keep tapping until the screen with the boot options appears .
4) Choose the first option : Safe Mode , and confirm by pressing [Enter] .
5) Choose your usual account ( and not Administrator ).
note: no login possible in safe mode, so be sure to copy or print the instructions to avoid errors ...
Open the SDFix folder that has just been created in the C:\ directory and double-click on RunThis.bat to launch the tool .
--> Type Y to start the script ...
The Fix removes the virus services and cleans the registry, thus a restart is necessary, so :
press any key to restart when prompted .
The PC will take time to start up (that's normal), after the Desktop loads press any key when "Finished" appears .
The SDFix report will open on the screen and will also be saved in the folder
C:\SDFix under the name "Report.txt".
Post this in your next reply along with a new Hijackthis report for analysis ...
--
"Baby, I'm going on an airplane, And I don't know if I'll be back again"
IMPORTANT : don't think you're out of trouble until we
tell you so!
I have finished here is the SDFix report:
[b]SDFix: Version 1.240 [/b]
Run by BOUBOULE on 11/12/2008 at 20:56
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
[b]Checking Services [/b]:
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
[b]Checking Files [/b]:
Trojan Files Found:
C:\WINDOWS\system32\msnav32.ax - Deleted
C:\WINDOWS\system32\zxdnt3d.cfg - Deleted
Removing Temp Files
[b]ADS Check [/b]:
[b]Final Check [/b]:
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-11 21:03:11
Windows 5.1.2600 Service Pack 3 FAT NTAPI
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
[b]Remaining Services [/b]:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program Files\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\DAP\\DAP.EXE"="C:\\Program Files\\DAP\\DAP.EXE:*:Enabled:Download Accelerator Plus"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[b]Remaining Files [/b]:
File Backups: - C:\SDFix\backups\backups.zip
[b]Files with Hidden Attributes [/b]:
Thu 2 Oct 2008 1,024 ...HR --- "C:\WINDOWS\system32\NTICDMK32.dll"
[b]Finished![/b]
[b]SDFix: Version 1.240 [/b]
Run by BOUBOULE on 11/12/2008 at 20:56
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
[b]Checking Services [/b]:
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
[b]Checking Files [/b]:
Trojan Files Found:
C:\WINDOWS\system32\msnav32.ax - Deleted
C:\WINDOWS\system32\zxdnt3d.cfg - Deleted
Removing Temp Files
[b]ADS Check [/b]:
[b]Final Check [/b]:
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-11 21:03:11
Windows 5.1.2600 Service Pack 3 FAT NTAPI
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
[b]Remaining Services [/b]:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program Files\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\DAP\\DAP.EXE"="C:\\Program Files\\DAP\\DAP.EXE:*:Enabled:Download Accelerator Plus"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[b]Remaining Files [/b]:
File Backups: - C:\SDFix\backups\backups.zip
[b]Files with Hidden Attributes [/b]:
Thu 2 Oct 2008 1,024 ...HR --- "C:\WINDOWS\system32\NTICDMK32.dll"
[b]Finished![/b]
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:12:14, on 11/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Vista Start Menu\VistaStartMenu.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://outlook.live.com/owa/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Links
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: agadoo browser enhancer - {7ACAE7ED-A9CF-CBCB-3290-B37B0DB2005F} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Assistant Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yodm3D] C:\WINDOWS\Resources\Themes\VistaXP\y3d\Yodm3D.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [VistaStartMenu] "C:\Program Files\Vista Start Menu\VistaStartMenu.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\dwwnw64r.exe
O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\qcntqsdl.exe
O8 - Extra context menu item: E&xporter to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: Search - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://GLOBAL.ACER.COM/
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
--
End of file - 7735 bytes
Scan saved at 21:12:14, on 11/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Vista Start Menu\VistaStartMenu.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://outlook.live.com/owa/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Links
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: agadoo browser enhancer - {7ACAE7ED-A9CF-CBCB-3290-B37B0DB2005F} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Assistant Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yodm3D] C:\WINDOWS\Resources\Themes\VistaXP\y3d\Yodm3D.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [VistaStartMenu] "C:\Program Files\Vista Start Menu\VistaStartMenu.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\dwwnw64r.exe
O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\qcntqsdl.exe
O8 - Extra context menu item: E&xporter to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: Search - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://GLOBAL.ACER.COM/
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
--
End of file - 7735 bytes
well ... we're moving forward ...
1- Run another CCleaner (including registry).
2- Download MalwareByte's:
here http://www.commentcamarche.net/telecharger/telecharger 34055379 malwarebytes anti malware
or here: http://www.malwarebytes.org/mbam.php
* Install it (make sure to choose "français"; do not modify the installation settings) and update it.
(NB: If you are missing "COMCTL32.OCX" during installation, then download it here: https://www.malekal.com/tutorial-aboutbuster/)
* Go through the tutorial to familiarize yourself with the program:
https://forum.pcastuces.com/sujet.asp?f=31&s=3
(that said, it's very easy to use).
! Disconnect and close all running applications!
* Launch Malwarebyte's.
Perform a so-called "Quick" scan.
--> Let the program work (and do not do anything else with the PC during the scan).
--> at the end click on "results".
--> Check that all infected objects are selected, then click on "delete".
Note: if you need to restart your PC to complete the cleanup, do it!
Post the saved report after deleting the infected objects (in the "report/log" tab of Malwarebytes, the most recent one) for analysis...
Once the MBAM report is posted, do this:
3- Download Random's System Information Tool (RSIT) from random/random and save the executable on your Desktop.
-> http://images.malwareremoval.com/random/RSIT.exe
! Make sure to close all your running applications !
Double-click on "RSIT.exe" to run it.
-> A first window opens with the title: "Disclaimer of warranty".
* In front of the option "List files/folders created ...", choose: 2 months
* then click on "Continue" to start the analysis...
(Note: If the latest version of HijackThis is not detected on your PC, RSIT will download it and will ask you to accept the license.)
-> let the scan run and do not touch the PC...
When the analysis is finished, two text files will open (probably with Notepad).
Post the content of "log.txt" (that’s the one that appears on the screen), as well as "info.txt" (which you will see in the taskbar), for analysis and wait for the next steps...
Important: post one report, then the other in the next reply... if you try to post both at the same time,
it may take too long for the forum... And if "log.txt" alone doesn't go through either, do it in two parts... thank you...
(Note: the reports will also be saved in this folder -> C:\rsit)
--
"Baby, I'm going on an airplane, And I don't know if I'll be back again"
IMPORTANT: don’t think you're out of trouble until we
tell you so!
1- Run another CCleaner (including registry).
2- Download MalwareByte's:
here http://www.commentcamarche.net/telecharger/telecharger 34055379 malwarebytes anti malware
or here: http://www.malwarebytes.org/mbam.php
* Install it (make sure to choose "français"; do not modify the installation settings) and update it.
(NB: If you are missing "COMCTL32.OCX" during installation, then download it here: https://www.malekal.com/tutorial-aboutbuster/)
* Go through the tutorial to familiarize yourself with the program:
https://forum.pcastuces.com/sujet.asp?f=31&s=3
(that said, it's very easy to use).
! Disconnect and close all running applications!
* Launch Malwarebyte's.
Perform a so-called "Quick" scan.
--> Let the program work (and do not do anything else with the PC during the scan).
--> at the end click on "results".
--> Check that all infected objects are selected, then click on "delete".
Note: if you need to restart your PC to complete the cleanup, do it!
Post the saved report after deleting the infected objects (in the "report/log" tab of Malwarebytes, the most recent one) for analysis...
Once the MBAM report is posted, do this:
3- Download Random's System Information Tool (RSIT) from random/random and save the executable on your Desktop.
-> http://images.malwareremoval.com/random/RSIT.exe
! Make sure to close all your running applications !
Double-click on "RSIT.exe" to run it.
-> A first window opens with the title: "Disclaimer of warranty".
* In front of the option "List files/folders created ...", choose: 2 months
* then click on "Continue" to start the analysis...
(Note: If the latest version of HijackThis is not detected on your PC, RSIT will download it and will ask you to accept the license.)
-> let the scan run and do not touch the PC...
When the analysis is finished, two text files will open (probably with Notepad).
Post the content of "log.txt" (that’s the one that appears on the screen), as well as "info.txt" (which you will see in the taskbar), for analysis and wait for the next steps...
Important: post one report, then the other in the next reply... if you try to post both at the same time,
it may take too long for the forum... And if "log.txt" alone doesn't go through either, do it in two parts... thank you...
(Note: the reports will also be saved in this folder -> C:\rsit)
--
"Baby, I'm going on an airplane, And I don't know if I'll be back again"
IMPORTANT: don’t think you're out of trouble until we
tell you so!
Hello,
Here is the Malwarebytes report:
Malwarebytes' Anti-Malware 1.31
Database version: 1492
Windows 5.1.2600 Service Pack 3
12/12/2008 15:43:52
mbam-log-2008-12-12 (15-43-52).txt
Scan type: Quick scan
Items examined: 58619
Elapsed time: 2 minute(s), 41 second(s)
Infected memory process(es): 0
Infected memory module(s): 0
Infected Registry key(s): 2
Infected Registry value(s): 0
Infected Registry data item(s): 0
Infected folder(s): 0
Infected file(s): 0
Infected memory process(es):
(No harmful items detected)
Infected memory module(s):
(No harmful items detected)
Infected Registry key(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7acae7ed-a9cf-cbcb-3290-b37b0db2005f} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7acae7ed-a9cf-cbcb-3290-b37b0db2005f} (Adware.BHO) -> Quarantined and deleted successfully.
Infected Registry value(s):
(No harmful items detected)
Infected Registry data item(s):
(No harmful items detected)
Infected folder(s):
(No harmful items detected)
Infected file(s):
(No harmful items detected)
Here is the Malwarebytes report:
Malwarebytes' Anti-Malware 1.31
Database version: 1492
Windows 5.1.2600 Service Pack 3
12/12/2008 15:43:52
mbam-log-2008-12-12 (15-43-52).txt
Scan type: Quick scan
Items examined: 58619
Elapsed time: 2 minute(s), 41 second(s)
Infected memory process(es): 0
Infected memory module(s): 0
Infected Registry key(s): 2
Infected Registry value(s): 0
Infected Registry data item(s): 0
Infected folder(s): 0
Infected file(s): 0
Infected memory process(es):
(No harmful items detected)
Infected memory module(s):
(No harmful items detected)
Infected Registry key(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7acae7ed-a9cf-cbcb-3290-b37b0db2005f} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7acae7ed-a9cf-cbcb-3290-b37b0db2005f} (Adware.BHO) -> Quarantined and deleted successfully.
Infected Registry value(s):
(No harmful items detected)
Infected Registry data item(s):
(No harmful items detected)
Infected folder(s):
(No harmful items detected)
Infected file(s):
(No harmful items detected)
Hi lacrame,
(for your information)
for what you just did post 2°) = for "Adware.BHO"
< Adware/BHO.cz/Adware.WebAssist.A is an adware that opens unwanted websites during web browsing.
It can notably open the website: http://ww1.mp3000.net >
http://www.malekal.com/Adware_BHO.cz_Adware.WebAssist.A.php
good continuation
see you +
--
no link on the web page in English
I'm already flying enough on my own
(for your information)
for what you just did post 2°) = for "Adware.BHO"
< Adware/BHO.cz/Adware.WebAssist.A is an adware that opens unwanted websites during web browsing.
It can notably open the website: http://ww1.mp3000.net >
http://www.malekal.com/Adware_BHO.cz_Adware.WebAssist.A.php
good continuation
see you +
--
no link on the web page in English
I'm already flying enough on my own
Hello,
well ...
the RSIT reports now ...
--
"Baby, I'm going on an airplane, And I don't know if I'll be back again"
IMPORTANT: don't think you're in the clear until we
tell you so!
well ...
the RSIT reports now ...
--
"Baby, I'm going on an airplane, And I don't know if I'll be back again"
IMPORTANT: don't think you're in the clear until we
tell you so!
Report "log.txt" :
Logfile of random's system information tool 1.04 (written by random/random)
Run by BOUBOULE at 2008-12-12 15:51:30
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 17 GB (43%) free of 40 GB
Total RAM: 1279 MB (67% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:51:37, on 12/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Vista Start Menu\VistaStartMenu.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\BOUBOULE\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\BOUBOULE.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://outlook.live.com/owa/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Links
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Assistant Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yodm3D] C:\WINDOWS\Resources\Themes\VistaXP\y3d\Yodm3D.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [VistaStartMenu] "C:\Program Files\Vista Start Menu\VistaStartMenu.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\dwwnw64r.exe
O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\qcntqsdl.exe
O8 - Extra context menu item: E&xporter to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menu item: Java Console (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: Search - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menu item: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menu item: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.acer.com/worldwide/selection.html
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
--
End of file - 7670 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\One Click Maintenance.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn\yt.dll [2008-05-15 817936]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
BitComet Helper - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll [2007-09-28 521528]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Assistant Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-11-04 737776]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F}
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn\yt.dll [2008-05-15 817936]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"=C:\WINDOWS\SiSUSBrg.exe [2002-07-12 106496]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2008-07-09 919016]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-11-26 81000]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2008-12-03 399504]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]
"Yodm3D"=C:\WINDOWS\Resources\Themes\VistaXP\y3d\Yodm3D.exe [2007-06-26 2058752]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-10-15 68856]
"VistaStartMenu"=C:\Program Files\Vista Start Menu\VistaStartMenu.exe [2008-10-08 2145792]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{cb4f3435-d5dc-b011-d183-3be40371df7c}]
C:\WINDOWS\system32\qyvjgsahzs.dll [2008-11-20 325120]
C:\Documents and Settings\BOUBOULE\Start Menu\Programs\Startup
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
DW_Start.lnk - C:\WINDOWS\system32\dwwnw64r.exe
Deewoo.lnk - C:\WINDOWS\system32\qcntqsdl.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\DAP\DAP.EXE"="C:\Program Files\DAP\DAP.EXE:*:Enabled:Download Accelerator Plus"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{27112af6-b7fb-11dd-87cc-000d87ee4b1b}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs
======List of files/folders created in the last 2 months======
2008-12-12 15:51:30 ----D---- C:\rsit
2008-12-12 15:38:46 ----D---- C:\Documents and Settings\BOUBOULE\Application Data\Malwarebytes
2008-12-12 15:38:35 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-12 15:38:35 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-12 14:59:44 ----HD---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-12 14:53:19 ----HD---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-12 14:53:15 ----D---- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-12-12 14:52:25 ----HD---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-12 14:52:17 ----HD---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-11 20:54:33 ----D---- C:\WINDOWS\ERUNT
2008-12-11 20:30:11 ----D---- C:\SDFix
2008-12-11 17:45:32 ----A---- C:\WINDOWS\system32\tmp.txt
2008-12-11 17:45:29 ----A---- C:\report.txt
2008-12-11 17:34:15 ----D---- C:\Program Files\CCleaner
2008-12-11 17:18:47 ----D---- C:\Documents and Settings\All Users\Application Data\NortonInstaller
2008-12-11 15:14:08 ----A---- C:\TB.txt
2008-12-11 15:12:02 ----D---- C:\ToolBar SD
2008-12-11 14:38:06 ----D---- C:\Program Files\Trend Micro
2008-12-10 17:10:38 ----A---- C:\WINDOWS\system32\aswBoot.exe
2008-12-10 16:25:51 ----A---- C:\WINDOWS\system32\capicom.dll
2008-12-10 14:36:16 ----D---- C:\Documents and Settings\BOUBOULE\Application Data\PlayFirst
2008-12-10 14:36:16 ----D---- C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-12-10 02:35:11 ----D---- C:\Documents and Settings\BOUBOULE\Application Data\iWin
2008-12-10 02:35:11 ----D---- C:\Documents and Settings\All Users\Application Data\iWin
2008-12-10 02:34:45 ----D---- C:\Program Files\GamesBar
2008-12-10 02:34:41 ----D---- C:\Program Files\Common Files\Oberon Media
2008-12-10 02:34:40 ----D---- C:\Program Files\Gamenext
2008-12-09 14:35:40 ----D---- C:\WINDOWS\pss
2008-12-09 13:23:56 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-12-07 23:58:00 ----D---- C:\Documents and Settings\BOUBOULE\Application Data\Vista Start Menu
2008-12-07 23:57:47 ----D---- C:\Program Files\Vista Start Menu
2008-12-06 15:07:56 ----SHD---- C:\FOUND.008
2008-12-06 15:01:22 ----D---- C:\Program Files\BitTorrent Fastest Tool
2008-12-04 14:50:28 ----SHD---- C:\FOUND.007
2008-12-04 14:43:34 ----A---- C:\WINDOWS\system32\ptpusb.dll
2008-12-04 14:43:33 ----A---- C:\WINDOWS\system32\ptpusd.dll
2008-12-02 16:00:18 ----D---- C:\Documents and Settings\BOUBOULE\Application Data\AlterLab
2008-12-02 15:59:17 ----D---- C:\Program Files\Pogo FR
2008-12-02 15:59:17 ----D---- C:\Program Files\Oberon Media
2008-11-29 16:58:39 ----D---- C:\Documents and Settings\BOUBOULE\Application Data\Leadertech
2008-11-26 22:02:30 ----D---- C:\Documents and Settings\BOUBOULE\Application Data\Meridian93
2008-11-26 22:02:13 ----D---- C:\Program Files\Zylom Games
2008-11-25 23:49:26 ----D---- C:\Documents and Settings\All Users\Application Data\pixelStorm
2008-11-23 17:41:08 ----SHD---- C:\FOUND.006
2008-11-22 19:02:44 ----D---- C:\Documents and Settings\BOUBOULE\Application Data\TuneUp Software
2008-11-21 13:15:15 ----A---- C:\WINDOWS\system32\lfgif13n.dll
2008-11-21 13:15:14 ----A---- C:\WINDOWS\system32\ltkrn13n.dll
2008-11-21 13:15:14 ----A---- C:\WINDOWS\system32\ltimg13n.dll
2008-11-21 13:15:14 ----A---- C:\WINDOWS\system32\ltfil13n.dll
2008-11-21 13:15:14 ----A---- C:\WINDOWS\system32\ltefx13n.dll
2008-11-21 13:15:14 ----A---- C:\WINDOWS\system32\ltdis13n.dll
2008-11-21 13:15:14 ----A---- C:\WINDOWS\system32\lfcmp13n.dll
2008-11-21 13:15:14 ----A---- C:\WINDOWS\system32\lfbmp13n.dll
2008-11-14 18:24:26 ----SHD---- C:\FOUND.005
2008-11-14 16:14:56 ----D---- C:\Program Files\PhotoFiltre
2008-11-14 15:15:53 ----D---- C:\Program Files\MSECache
2008-11-13 14:58:15 ----D---- C:\Documents and Settings\BOUBOULE\Application Data\funkitron
2008-11-13 03:03:50 ----HD---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-13 03:02:30 ----HD---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-13 03:00:57 ----HD---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-11 00:43:24 ----SHD---- C:\FOUND.004
2008-11-08 16:20:30 ----D---- C:\Documents and Settings\BOUBOULE\Application Data\Template
2008-11-08 09:24:44 ----SHD---- C:\FOUND.003
2008-11-06 00:32:28 ----HD---- C:\WINDOWS\$NtUninstallKB939683$
2008-11-04 15:34:41 ----D---- C:\Documents and Settings\BOUBOULE\Application Data\Teleca
2008-11-04 15:34:28 ----D---- C:\Documents and Settings\BOUBOULE\Application Data\Sony Ericsson
2008-11-01 15:03:44 ----SHD---- C:\FOUND.002
2008-10-31 12:48:00 ----D---- C:\Program Files\Apple Software Update
2008-10-31 12:47:51 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-10-31 12:46:40 ----D---- C:\Program Files\Sony
2008-10-31 12:42:44 ----RSD---- C:\WINDOWS\assembly
2008-10-31 12:42:04 ----D---- C:\WINDOWS\Microsoft.NET
2008-10-31 12:38:41 ----D---- C:\Program Files\Common Files\Sony Ericsson Shared
2008-10-31 12:38:40 ----D---- C:\Program Files\Common Files\Teleca Shared
2008-10-31 12:38:38 ----D---- C:\Program Files\Sony Ericsson
2008-10-31 12:38:16 ----D---- C:\WINDOWS\Downloaded Installations
2008-10-31 12:37:45 ----D---- C:\Documents and Settings\All Users\Application Data\Teleca
2008-10-31 12:37:45 ----D---- C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2008-10-30 20:29:31 ----D---- C:\Documents and Settings\BOUBOULE\Application Data\WinRAR
2008-10-29 10:38:09 ----D---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-29 10:37:58 ----D---- C:\Documents and Settings\All Users\Application Data\SpeedBit
2008-10-29 10:37:46 ----D---- C:\Program Files\DAP
2008-10-27 14:34:17 ----HD---- C:\WINDOWS\$NtUninstallKB941569$
2008-10-27 14:34:00 ----HD---- C:\WINDOWS\$NtUninstallKB929399$
2008-10-27 14:33:43 ----HD---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-10-27 14:33:34 ----HD---- C:\WINDOWS\$NtUninstallKB936782_WMP11$
2008-10-26 15:24:27 ----N---- C:\WINDOWS\system32\spmsg.dll
2008-10-26 15:24:26 ----HD---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2008-10-26 15:23:38 ----D---- C:\Program Files\Windows Media Connect 2
2008-10-26 14:16:17 ----D---- C:\Documents and Settings\BOUBOULE\Application Data\Samsung
2008-10-24 00:59:04 ----HD---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-24 00:58:57 ----D---- C:\Program Files\MSXML 4.0
2008-10-23 19:24:52 ----A---- C:\WINDOWS\system32\framedyn.dll
2008-10-23 19:22:50 ----D---- C:\WINDOWS\system32\Samsung_USB_Drivers
2008-10-23 19:22:46 ----D---- C:\Program Files\Samsung
2008-10-23 15:42:31 ----D---- C:\Documents and Settings\All Users\Application Data\MythPeople
2008-10-22 12:07:48 ----D---- C:\Program Files\Common Files\Adobe AIR
2008-10-22 12:05:19 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-10-22 09:13:04 ----D---- C:\Program Files\BitComet Accelerator 1.0
2008-10-21 21:03:54 ----D---- C:\Program Files\WinRAR
2008-10-18 16:25:33 ----D---- C:\Documents and Settings\BOUBOULE\Application Data\GamesCafe
2008-10-18 12:14:50 ----D---- C:\Documents and Settings\BOUBOULE\Application Data\Yahoo!
2008-10-17 23:11:23 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-10-17 20:57:04 ----A---- C:\WINDOWS\system32\vfwwdm32.dll
Logfile of random's system information tool 1.04 (written by random/random)
Run by BOUBOULE at 2008-12-12 15:51:30
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 17 GB (43%) free of 40 GB
Total RAM: 1279 MB (67% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:51:37, on 12/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Vista Start Menu\VistaStartMenu.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\BOUBOULE\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\BOUBOULE.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://outlook.live.com/owa/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Links
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Assistant Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yodm3D] C:\WINDOWS\Resources\Themes\VistaXP\y3d\Yodm3D.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [VistaStartMenu] "C:\Program Files\Vista Start Menu\VistaStartMenu.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\dwwnw64r.exe
O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\qcntqsdl.exe
O8 - Extra context menu item: E&xporter to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menu item: Java Console (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: Search - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menu item: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menu item: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.acer.com/worldwide/selection.html
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
--
End of file - 7670 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\One Click Maintenance.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn\yt.dll [2008-05-15 817936]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
BitComet Helper - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll [2007-09-28 521528]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Assistant Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-11-04 737776]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F}
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn\yt.dll [2008-05-15 817936]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"=C:\WINDOWS\SiSUSBrg.exe [2002-07-12 106496]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2008-07-09 919016]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-11-26 81000]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2008-12-03 399504]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]
"Yodm3D"=C:\WINDOWS\Resources\Themes\VistaXP\y3d\Yodm3D.exe [2007-06-26 2058752]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-10-15 68856]
"VistaStartMenu"=C:\Program Files\Vista Start Menu\VistaStartMenu.exe [2008-10-08 2145792]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{cb4f3435-d5dc-b011-d183-3be40371df7c}]
C:\WINDOWS\system32\qyvjgsahzs.dll [2008-11-20 325120]
C:\Documents and Settings\BOUBOULE\Start Menu\Programs\Startup
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
DW_Start.lnk - C:\WINDOWS\system32\dwwnw64r.exe
Deewoo.lnk - C:\WINDOWS\system32\qcntqsdl.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\DAP\DAP.EXE"="C:\Program Files\DAP\DAP.EXE:*:Enabled:Download Accelerator Plus"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{27112af6-b7fb-11dd-87cc-000d87ee4b1b}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs
======List of files/folders created in the last 2 months======
2008-12-12 15:51:30 ----D---- C:\rsit
2008-12-12 15:38:46 ----D---- C:\Documents and Settings\BOUBOULE\Application Data\Malwarebytes
2008-12-12 15:38:35 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-12 15:38:35 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-12 14:59:44 ----HD---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-12 14:53:19 ----HD---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-12 14:53:15 ----D---- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-12-12 14:52:25 ----HD---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-12 14:52:17 ----HD---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-11 20:54:33 ----D---- C:\WINDOWS\ERUNT
2008-12-11 20:30:11 ----D---- C:\SDFix
2008-12-11 17:45:32 ----A---- C:\WINDOWS\system32\tmp.txt
2008-12-11 17:45:29 ----A---- C:\report.txt
2008-12-11 17:34:15 ----D---- C:\Program Files\CCleaner
2008-12-11 17:18:47 ----D---- C:\Documents and Settings\All Users\Application Data\NortonInstaller
2008-12-11 15:14:08 ----A---- C:\TB.txt
2008-12-11 15:12:02 ----D---- C:\ToolBar SD
2008-12-11 14:38:06 ----D---- C:\Program Files\Trend Micro
2008-12-10 17:10:38 ----A---- C:\WINDOWS\system32\aswBoot.exe
2008-12-10 16:25:51 ----A---- C:\WINDOWS\system32\capicom.dll
2008-12-10 14:36:16 ----D---- C:\Documents and Settings\BOUBOULE\Application Data\PlayFirst
2008-12-10 14:36:16 ----D---- C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-12-10 02:35:11 ----D---- C:\Documents and Settings\BOUBOULE\Application Data\iWin
2008-12-10 02:35:11 ----D---- C:\Documents and Settings\All Users\Application Data\iWin
2008-12-10 02:34:45 ----D---- C:\Program Files\GamesBar
2008-12-10 02:34:41 ----D---- C:\Program Files\Common Files\Oberon Media
2008-12-10 02:34:40 ----D---- C:\Program Files\Gamenext
2008-12-09 14:35:40 ----D---- C:\WINDOWS\pss
2008-12-09 13:23:56 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-12-07 23:58:00 ----D---- C:\Documents and Settings\BOUBOULE\Application Data\Vista Start Menu
2008-12-07 23:57:47 ----D---- C:\Program Files\Vista Start Menu
2008-12-06 15:07:56 ----SHD---- C:\FOUND.008
2008-12-06 15:01:22 ----D---- C:\Program Files\BitTorrent Fastest Tool
2008-12-04 14:50:28 ----SHD---- C:\FOUND.007
2008-12-04 14:43:34 ----A---- C:\WINDOWS\system32\ptpusb.dll
2008-12-04 14:43:33 ----A---- C:\WINDOWS\system32\ptpusd.dll
2008-12-02 16:00:18 ----D---- C:\Documents and Settings\BOUBOULE\Application Data\AlterLab
2008-12-02 15:59:17 ----D---- C:\Program Files\Pogo FR
2008-12-02 15:59:17 ----D---- C:\Program Files\Oberon Media
2008-11-29 16:58:39 ----D---- C:\Documents and Settings\BOUBOULE\Application Data\Leadertech
2008-11-26 22:02:30 ----D---- C:\Documents and Settings\BOUBOULE\Application Data\Meridian93
2008-11-26 22:02:13 ----D---- C:\Program Files\Zylom Games
2008-11-25 23:49:26 ----D---- C:\Documents and Settings\All Users\Application Data\pixelStorm
2008-11-23 17:41:08 ----SHD---- C:\FOUND.006
2008-11-22 19:02:44 ----D---- C:\Documents and Settings\BOUBOULE\Application Data\TuneUp Software
2008-11-21 13:15:15 ----A---- C:\WINDOWS\system32\lfgif13n.dll
2008-11-21 13:15:14 ----A---- C:\WINDOWS\system32\ltkrn13n.dll
2008-11-21 13:15:14 ----A---- C:\WINDOWS\system32\ltimg13n.dll
2008-11-21 13:15:14 ----A---- C:\WINDOWS\system32\ltfil13n.dll
2008-11-21 13:15:14 ----A---- C:\WINDOWS\system32\ltefx13n.dll
2008-11-21 13:15:14 ----A---- C:\WINDOWS\system32\ltdis13n.dll
2008-11-21 13:15:14 ----A---- C:\WINDOWS\system32\lfcmp13n.dll
2008-11-21 13:15:14 ----A---- C:\WINDOWS\system32\lfbmp13n.dll
2008-11-14 18:24:26 ----SHD---- C:\FOUND.005
2008-11-14 16:14:56 ----D---- C:\Program Files\PhotoFiltre
2008-11-14 15:15:53 ----D---- C:\Program Files\MSECache
2008-11-13 14:58:15 ----D---- C:\Documents and Settings\BOUBOULE\Application Data\funkitron
2008-11-13 03:03:50 ----HD---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-13 03:02:30 ----HD---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-13 03:00:57 ----HD---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-11 00:43:24 ----SHD---- C:\FOUND.004
2008-11-08 16:20:30 ----D---- C:\Documents and Settings\BOUBOULE\Application Data\Template
2008-11-08 09:24:44 ----SHD---- C:\FOUND.003
2008-11-06 00:32:28 ----HD---- C:\WINDOWS\$NtUninstallKB939683$
2008-11-04 15:34:41 ----D---- C:\Documents and Settings\BOUBOULE\Application Data\Teleca
2008-11-04 15:34:28 ----D---- C:\Documents and Settings\BOUBOULE\Application Data\Sony Ericsson
2008-11-01 15:03:44 ----SHD---- C:\FOUND.002
2008-10-31 12:48:00 ----D---- C:\Program Files\Apple Software Update
2008-10-31 12:47:51 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-10-31 12:46:40 ----D---- C:\Program Files\Sony
2008-10-31 12:42:44 ----RSD---- C:\WINDOWS\assembly
2008-10-31 12:42:04 ----D---- C:\WINDOWS\Microsoft.NET
2008-10-31 12:38:41 ----D---- C:\Program Files\Common Files\Sony Ericsson Shared
2008-10-31 12:38:40 ----D---- C:\Program Files\Common Files\Teleca Shared
2008-10-31 12:38:38 ----D---- C:\Program Files\Sony Ericsson
2008-10-31 12:38:16 ----D---- C:\WINDOWS\Downloaded Installations
2008-10-31 12:37:45 ----D---- C:\Documents and Settings\All Users\Application Data\Teleca
2008-10-31 12:37:45 ----D---- C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2008-10-30 20:29:31 ----D---- C:\Documents and Settings\BOUBOULE\Application Data\WinRAR
2008-10-29 10:38:09 ----D---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-29 10:37:58 ----D---- C:\Documents and Settings\All Users\Application Data\SpeedBit
2008-10-29 10:37:46 ----D---- C:\Program Files\DAP
2008-10-27 14:34:17 ----HD---- C:\WINDOWS\$NtUninstallKB941569$
2008-10-27 14:34:00 ----HD---- C:\WINDOWS\$NtUninstallKB929399$
2008-10-27 14:33:43 ----HD---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-10-27 14:33:34 ----HD---- C:\WINDOWS\$NtUninstallKB936782_WMP11$
2008-10-26 15:24:27 ----N---- C:\WINDOWS\system32\spmsg.dll
2008-10-26 15:24:26 ----HD---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2008-10-26 15:23:38 ----D---- C:\Program Files\Windows Media Connect 2
2008-10-26 14:16:17 ----D---- C:\Documents and Settings\BOUBOULE\Application Data\Samsung
2008-10-24 00:59:04 ----HD---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-24 00:58:57 ----D---- C:\Program Files\MSXML 4.0
2008-10-23 19:24:52 ----A---- C:\WINDOWS\system32\framedyn.dll
2008-10-23 19:22:50 ----D---- C:\WINDOWS\system32\Samsung_USB_Drivers
2008-10-23 19:22:46 ----D---- C:\Program Files\Samsung
2008-10-23 15:42:31 ----D---- C:\Documents and Settings\All Users\Application Data\MythPeople
2008-10-22 12:07:48 ----D---- C:\Program Files\Common Files\Adobe AIR
2008-10-22 12:05:19 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-10-22 09:13:04 ----D---- C:\Program Files\BitComet Accelerator 1.0
2008-10-21 21:03:54 ----D---- C:\Program Files\WinRAR
2008-10-18 16:25:33 ----D---- C:\Documents and Settings\BOUBOULE\Application Data\GamesCafe
2008-10-18 12:14:50 ----D---- C:\Documents and Settings\BOUBOULE\Application Data\Yahoo!
2008-10-17 23:11:23 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-10-17 20:57:04 ----A---- C:\WINDOWS\system32\vfwwdm32.dll
Report "info.txt":
info.txt logfile of random's system information tool 1.04 2008-12-12 15:51:40
======Uninstall list======
-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Adobe Acrobat 5.0-->C:\WINDOWS\ISUN040C.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Apple Software Update-->MsiExec.exe /I{A260B422-70E1-41E2-957D-F76FA21266D5}
WinRAR-->C:\Program Files\WinRAR\uninstall.exe
ArcSoft VideoImpression 1.6-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A0ACD7D7-E79D-4593-BBF8-65D17889FA25}\Setup.exe" -l0x40c -uninst
Arovax AntiSpyware 2.1.143-->C:\Program Files\Arovax AntiSpyware\uninst.exe
Windows Live Connection Assistant-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
ATI Display Driver-->rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
BitComet 0.94-->C:\Program Files\BitComet\uninst.exe
BitComet Accelerator 1.0-->C:\Program Files\BitComet Accelerator 1.0\uninstall.exe
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Clean Virus MSN-->"C:\Program Files\AxBx\Clean Virus MSN\unins000.exe"
Update for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Update for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Disc2Phone-->MsiExec.exe /X{1C75E8E0-29D5-4298-AE16-B8604FD9DDE4}
EVEREST Ultimate Edition v4.50-->"C:\Program Files\Lavalys\EVEREST Ultimate Edition\unins000.exe"
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Java 2 Runtime Environment, SE v1.4.2_01-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142010}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
K-Lite Codec Pack 3.6.5 Full-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Messenger Plus! Live & Sponsor (CiD)-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works 7.0-->MsiExec.exe /I{64D114CE-4234-45C2-B60A-2B07D5A48F72}
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Mozilla Firefox (3.0.4)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
NTI CD & DVD-Maker 6.5 Gold -->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{C438B7C4-B4F8-49C5-A4DF-FF6F1F242778} /l1036 AnyText
PhotoFiltre-->"C:\Program Files\PhotoFiltre\Uninst.exe"
PowerDVD-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
SAMSUNG Mobile Modem Driver Set-->C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
Samsung Mobile phone USB driver Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Samsung PC Studio 3 USB Driver Installer-->"C:\Program Files\InstallShield Installation Information\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}\setup.exe" -runfromtemp -l0x040c -removeonly
Samsung PC Studio 3-->"C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -runfromtemp -l0x040c -removeonly
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Sony Ericsson Device Data-->MsiExec.exe /I{C92E7DF1-624A-4D95-A4C4-18CB491B44A4}
Sony Ericsson Drivers-->MsiExec.exe /I{C60BA916-9E44-4DA4-B11A-9E27B7624EF5}
Sony Ericsson PC Suite-->C:\WINDOWS\Installer\{D6BF6477-8369-489F-8DE6-3731F4B88560}\setup.exe /uninstall
Sony Ericsson PC Suite-->MsiExec.exe /I{D59AC9E9-FFAE-471B-B1FF-4B311D23417A}
tdk-screensaver-a03-->C:\WINDOWS\system32\tdk-screensaver-a03.scr /u
Trust 150 Spacecam Portable-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EED808CB-6C61-4A5C-8910-91A45F61506A}\Setup.exe" -l0x9
TuneUp Utilities 2006-->MsiExec.exe /I{868D7896-99D4-4513-BC62-2B3AD3E24926}
USB Disk Win98 Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4E79A62F-7A2D-4058-BCE0-94E6B9E2F162}\Setup.exe"
Vista Start Menu 3.02-->"C:\Program Files\Vista Start Menu\unins000.exe"
VLC media player 0.9.4-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
Windows Live Mail-->MsiExec.exe /I{C514C594-23AA-4F13-A070-DB8BDB27594F}
Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Yahoo! Messenger-->C:\PROGRA~1\YAHOO!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\YAHOO!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
ZoneAlarm Pro-->C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe
======Hosts File======
127.0.0.1 localhost
======Security center information======
AV: avast! antivirus 4.8.1296 [VPS 081204-0] (outdated)
FW: ZoneAlarm Pro Firewall
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Samsung\Samsung PC Studio 3\;C:\Program Files\Common Files\Teleca Shared
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0209
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"tvdumpflags"=8
-----------------EOF-----------------
info.txt logfile of random's system information tool 1.04 2008-12-12 15:51:40
======Uninstall list======
-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Adobe Acrobat 5.0-->C:\WINDOWS\ISUN040C.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Apple Software Update-->MsiExec.exe /I{A260B422-70E1-41E2-957D-F76FA21266D5}
WinRAR-->C:\Program Files\WinRAR\uninstall.exe
ArcSoft VideoImpression 1.6-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A0ACD7D7-E79D-4593-BBF8-65D17889FA25}\Setup.exe" -l0x40c -uninst
Arovax AntiSpyware 2.1.143-->C:\Program Files\Arovax AntiSpyware\uninst.exe
Windows Live Connection Assistant-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
ATI Display Driver-->rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
BitComet 0.94-->C:\Program Files\BitComet\uninst.exe
BitComet Accelerator 1.0-->C:\Program Files\BitComet Accelerator 1.0\uninstall.exe
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Clean Virus MSN-->"C:\Program Files\AxBx\Clean Virus MSN\unins000.exe"
Update for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Update for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Disc2Phone-->MsiExec.exe /X{1C75E8E0-29D5-4298-AE16-B8604FD9DDE4}
EVEREST Ultimate Edition v4.50-->"C:\Program Files\Lavalys\EVEREST Ultimate Edition\unins000.exe"
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Java 2 Runtime Environment, SE v1.4.2_01-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142010}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
K-Lite Codec Pack 3.6.5 Full-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Messenger Plus! Live & Sponsor (CiD)-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works 7.0-->MsiExec.exe /I{64D114CE-4234-45C2-B60A-2B07D5A48F72}
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Mozilla Firefox (3.0.4)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
NTI CD & DVD-Maker 6.5 Gold -->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{C438B7C4-B4F8-49C5-A4DF-FF6F1F242778} /l1036 AnyText
PhotoFiltre-->"C:\Program Files\PhotoFiltre\Uninst.exe"
PowerDVD-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
SAMSUNG Mobile Modem Driver Set-->C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
Samsung Mobile phone USB driver Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Samsung PC Studio 3 USB Driver Installer-->"C:\Program Files\InstallShield Installation Information\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}\setup.exe" -runfromtemp -l0x040c -removeonly
Samsung PC Studio 3-->"C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -runfromtemp -l0x040c -removeonly
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Sony Ericsson Device Data-->MsiExec.exe /I{C92E7DF1-624A-4D95-A4C4-18CB491B44A4}
Sony Ericsson Drivers-->MsiExec.exe /I{C60BA916-9E44-4DA4-B11A-9E27B7624EF5}
Sony Ericsson PC Suite-->C:\WINDOWS\Installer\{D6BF6477-8369-489F-8DE6-3731F4B88560}\setup.exe /uninstall
Sony Ericsson PC Suite-->MsiExec.exe /I{D59AC9E9-FFAE-471B-B1FF-4B311D23417A}
tdk-screensaver-a03-->C:\WINDOWS\system32\tdk-screensaver-a03.scr /u
Trust 150 Spacecam Portable-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EED808CB-6C61-4A5C-8910-91A45F61506A}\Setup.exe" -l0x9
TuneUp Utilities 2006-->MsiExec.exe /I{868D7896-99D4-4513-BC62-2B3AD3E24926}
USB Disk Win98 Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4E79A62F-7A2D-4058-BCE0-94E6B9E2F162}\Setup.exe"
Vista Start Menu 3.02-->"C:\Program Files\Vista Start Menu\unins000.exe"
VLC media player 0.9.4-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
Windows Live Mail-->MsiExec.exe /I{C514C594-23AA-4F13-A070-DB8BDB27594F}
Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Yahoo! Messenger-->C:\PROGRA~1\YAHOO!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\YAHOO!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
ZoneAlarm Pro-->C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe
======Hosts File======
127.0.0.1 localhost
======Security center information======
AV: avast! antivirus 4.8.1296 [VPS 081204-0] (outdated)
FW: ZoneAlarm Pro Firewall
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Samsung\Samsung PC Studio 3\;C:\Program Files\Common Files\Teleca Shared
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0209
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"tvdumpflags"=8
-----------------EOF-----------------
There are still some left!
Do this now:
1 - Go to Control Panel / Add or Remove Programs.
Check the list to see if you find a program like: "CID Help", "Circle Development" or
"Adverts" ----> if they are there, delete them.
2 - Download Lop S&D:
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2
Log out and close all your running applications.
Double-click on the .exe you just downloaded to start the installation.
Once the installation is done, click on the shortcut to launch the tool.
There, let yourself be guided:
---> choose option 1 (scan) and confirm.
(Do not choose the cleaning option (2 or 3)).
Once the scan is finished, the Notepad containing the report will open.
Post this report in your next response for analysis.
Tutorial: https://sites.google.com/site/eric71mespages/lop.sd.exe
--
"Baby, I'm going on an airplane, And I don't know if I'll be back again"
IMPORTANT: do not think you are off the hook until we
tell you so!
Do this now:
1 - Go to Control Panel / Add or Remove Programs.
Check the list to see if you find a program like: "CID Help", "Circle Development" or
"Adverts" ----> if they are there, delete them.
2 - Download Lop S&D:
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2
Log out and close all your running applications.
Double-click on the .exe you just downloaded to start the installation.
Once the installation is done, click on the shortcut to launch the tool.
There, let yourself be guided:
---> choose option 1 (scan) and confirm.
(Do not choose the cleaning option (2 or 3)).
Once the scan is finished, the Notepad containing the report will open.
Post this report in your next response for analysis.
Tutorial: https://sites.google.com/site/eric71mespages/lop.sd.exe
--
"Baby, I'm going on an airplane, And I don't know if I'll be back again"
IMPORTANT: do not think you are off the hook until we
tell you so!
Report Lot Set D :
--------------------\\ Lop S&D 4.2.4-9c XP/Vista
Microsoft Windows XP Home Edition (v5.1.2600) Service Pack 3
X86-based PC (Uniprocessor Free: Intel(R) Pentium(R) 4 CPU 2.80GHz)
BIOS: Phoenix - AwardBIOS v6.00PG
USER: BOUBOULE (Administrator)
BOOT: Normal boot
Antivirus: avast! antivirus 4.8.1296 [VPS 081204-0] 4.8.1296 (Activated)
Firewall: ZoneAlarm Pro Firewall 7.0.483.000 (Activated)
A:\ (USB)
C:\ (Local Disk) - FAT32 - Total: 39 Go (Free: 16 Go)
D:\ (Local Disk) - FAT32 - Total: 35 Go (Free: 24 Go)
E:\ (CD or DVD)
F:\ (CD or DVD)
G:\ (USB)
H:\ (USB)
I:\ (USB)
J:\ (USB)
"C:\Lop SD" (LAST UPDATE: 01-11-2008|16:30)
Option: [1] (13/12/2008|0:30)
--------------------\\ Listing of folders in APPLIC~1
[02/10/2008|19:14] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Adobe
[02/10/2008|19:12] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[02/10/2008|19:14] C:\DOCUME~1\DEFAUL~1\APPLIC~1\InterTrust
[02/10/2008|19:02] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[02/10/2008|19:16] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sun
[22/10/2008|12:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[31/10/2008|12:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[03/10/2008|23:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Arovax
[03/10/2008|22:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AVS4YOU
[02/10/2008|19:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
[06/10/2008|15:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\GameHouse
[10/10/2008|20:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[10/12/2008|02:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\iWin
[12/12/2008|15:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[04/10/2008|15:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[02/10/2008|19:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[02/10/2008|21:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSN6
[23/10/2008|15:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MythPeople
[11/12/2008|17:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NortonInstaller
[10/10/2008|20:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NOS
[25/11/2008|23:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\pixelStorm
[10/12/2008|14:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PlayFirst
[31/10/2008|12:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony Ericsson
[29/10/2008|10:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SpeedBit
[31/10/2008|12:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Teleca
[29/10/2008|10:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[02/10/2008|19:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TuneUp Software
[03/10/2008|22:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[04/10/2008|13:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[17/10/2008|20:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo!
[17/10/2008|23:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
[06/10/2008|15:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom
[02/10/2008|19:02] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[10/12/2008|17:36] C:\DOCUME~1\LOCALS~1\APPLIC~1\Google
[02/10/2008|19:02] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[10/12/2008|17:36] C:\DOCUME~1\LOCALS~1\APPLIC~1\Yahoo!
[02/10/2008|19:14] C:\DOCUME~1\kenshiro\APPLIC~1\Adobe
[10/10/2008|20:05] C:\DOCUME~1\kenshiro\APPLIC~1\AdobeUM
[31/10/2008|13:04] C:\DOCUME~1\kenshiro\APPLIC~1\Apple Computer
[03/10/2008|22:59] C:\DOCUME~1\kenshiro\APPLIC~1\AVS4YOU
[22/10/2008|12:08] C:\DOCUME~1\kenshiro\APPLIC~1\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[03/10/2008|22:52] C:\DOCUME~1\kenshiro\APPLIC~1\CometNetwork
[08/10/2008|21:21] C:\DOCUME~1\kenshiro\APPLIC~1\DivX
[23/10/2008|05:00] C:\DOCUME~1\kenshiro\APPLIC~1\dvdcss
[11/10/2008|11:45] C:\DOCUME~1\kenshiro\APPLIC~1\Google
[02/10/2008|22:21] C:\DOCUME~1\kenshiro\APPLIC~1\Help
[02/10/2008|19:12] C:\DOCUME~1\kenshiro\APPLIC~1\Identities
[02/10/2008|19:14] C:\DOCUME~1\kenshiro\APPLIC~1\InterTrust
[02/10/2008|22:21] C:\DOCUME~1\kenshiro\APPLIC~1\Macromedia
[05/10/2008|13:15] C:\DOCUME~1\kenshiro\APPLIC~1\Media Player Classic
[02/10/2008|19:02] C:\DOCUME~1\kenshiro\APPLIC~1\Microsoft
[03/10/2008|22:52] C:\DOCUME~1\kenshiro\APPLIC~1\Mozilla
[02/10/2008|21:51] C:\DOCUME~1\kenshiro\APPLIC~1\MSN6
[31/10/2008|12:39] C:\DOCUME~1\kenshiro\APPLIC~1\Sony Ericsson
[02/10/2008|19:16] C:\DOCUME~1\kenshiro\APPLIC~1\Sun
[10/11/2008|19:56] C:\DOCUME~1\kenshiro\APPLIC~1\Teleca
[21/10/2008|09:31] C:\DOCUME~1\kenshiro\APPLIC~1\Template
[02/10/2008|19:32] C:\DOCUME~1\kenshiro\APPLIC~1\TuneUp Software
[07/10/2008|20:39] C:\DOCUME~1\kenshiro\APPLIC~1\vlc
[02/10/2008|19:34] C:\DOCUME~1\kenshiro\APPLIC~1\Winamp
[21/10/2008|21:04] C:\DOCUME~1\kenshiro\APPLIC~1\WinRAR
[22/10/2008|12:14] C:\DOCUME~1\kenshiro\APPLIC~1\Yahoo!
[02/10/2008|19:14] C:\DOCUME~1\ADMINI~1\APPLIC~1\Adobe
[02/10/2008|19:12] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
[02/10/2008|19:14] C:\DOCUME~1\ADMINI~1\APPLIC~1\InterTrust
[06/10/2008|12:56] C:\DOCUME~1\ADMINI~1\APPLIC~1\Macromedia
[02/10/2008|19:02] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
[06/10/2008|12:52] C:\DOCUME~1\ADMINI~1\APPLIC~1\Mozilla
[02/10/2008|19:16] C:\DOCUME~1\ADMINI~1\APPLIC~1\Sun
[02/10/2008|19:14] C:\DOCUME~1\BOUBOULE\APPLIC~1\Adobe
[02/12/2008|16:00] C:\DOCUME~1\BOUBOULE\APPLIC~1\AlterLab
[04/10/2008|13:03] C:\DOCUME~1\BOUBOULE\APPLIC~1\CometNetwork
[06/10/2008|18:14] C:\DOCUME~1\BOUBOULE\APPLIC~1\DivX
[09/10/2008|13:25] C:\DOCUME~1\BOUBOULE\APPLIC~1\dvdcss
[13/11/2008|14:58] C:\DOCUME~1\BOUBOULE\APPLIC~1\funkitron
[18/10/2008|16:25] C:\DOCUME~1\BOUBOULE\APPLIC~1\GamesCafe
[14/10/2008|14:41] C:\DOCUME~1\BOUBOULE\APPLIC~1\Google
[02/10/2008|19:12] C:\DOCUME~1\BOUBOULE\APPLIC~1\Identities
[02/10/2008|19:14] C:\DOCUME~1\BOUBOULE\APPLIC~1\InterTrust
[10/12/2008|02:35] C:\DOCUME~1\BOUBOULE\APPLIC~1\iWin
[29/11/2008|16:58] C:\DOCUME~1\BOUBOULE\APPLIC~1\Leadertech
[04/10/2008|13:04] C:\DOCUME~1\BOUBOULE\APPLIC~1\Macromedia
[12/12/2008|15:38] C:\DOCUME~1\BOUBOULE\APPLIC~1\Malwarebytes
[06/10/2008|18:14] C:\DOCUME~1\BOUBOULE\APPLIC~1\Media Player Classic
[26/11/2008|22:02] C:\DOCUME~1\BOUBOULE\APPLIC~1\Meridian93
[02/10/2008|19:02] C:\DOCUME~1\BOUBOULE\APPLIC~1\Microsoft
[04/10/2008|13:03] C:\DOCUME~1\BOUBOULE\APPLIC~1\Mozilla
[10/12/2008|14:36] C:\DOCUME~1\BOUBOULE\APPLIC~1\PlayFirst
[26/10/2008|14:16] C:\DOCUME~1\BOUBOULE\APPLIC~1\Samsung
[07/10/2008|15:09] C:\DOCUME~1\BOUBOULE\APPLIC~1\Shopping Blocks
[04/11/2008|15:34] C:\DOCUME~1\BOUBOULE\APPLIC~1\Sony Ericsson
[02/10/2008|19:16] C:\DOCUME~1\BOUBOULE\APPLIC~1\Sun
[04/11/2008|15:34] C:\DOCUME~1\BOUBOULE\APPLIC~1\Teleca
[08/11/2008|16:20] C:\DOCUME~1\BOUBOULE\APPLIC~1\Template
[22/11/2008|19:02] C:\DOCUME~1\BOUBOULE\APPLIC~1\TuneUp Software
[07/12/2008|23:58] C:\DOCUME~1\BOUBOULE\APPLIC~1\Vista Start Menu
[08/10/2008|14:28] C:\DOCUME~1\BOUBOULE\APPLIC~1\vlc
[09/10/2008|13:23] C:\DOCUME~1\BOUBOULE\APPLIC~1\Wallpaper
[14/10/2008|17:56] C:\DOCUME~1\BOUBOULE\APPLIC~1\Winamp
[30/10/2008|20:29] C:\DOCUME~1\BOUBOULE\APPLIC~1\WinRAR
[18/10/2008|12:14] C:\DOCUME~1\BOUBOULE\APPLIC~1\Yahoo!
[06/10/2008|15:09] C:\DOCUME~1\BOUBOULE\APPLIC~1\Zylom
[02/10/2008|19:14] C:\DOCUME~1\INVITÉ\APPLIC~1\Adobe
[01/11/2008|15:08] C:\DOCUME~1\INVITÉ\APPLIC~1\Apple Computer
[13/11/2008|18:03] C:\DOCUME~1\INVITÉ\APPLIC~1\DivX
[09/10/2008|23:35] C:\DOCUME~1\INVITÉ\APPLIC~1\dvdcss
[10/10/2008|23:39] C:\DOCUME~1\INVITÉ\APPLIC~1\Google
[02/10/2008|19:12] C:\DOCUME~1\INVITÉ\APPLIC~1\Identities
[02/10/2008|19:14] C:\DOCUME~1\INVITÉ\APPLIC~1\InterTrust
[06/10/2008|01:33] C:\DOCUME~1\INVITÉ\APPLIC~1\Macromedia
[02/10/2008|19:02] C:\DOCUME~1\INVITÉ\APPLIC~1\Microsoft
[06/10/2008|00:41] C:\DOCUME~1\INVITÉ\APPLIC~1\Mozilla
[13/11/2008|18:03] C:\DOCUME~1\INVITÉ\APPLIC~1\Sony Ericsson
[02/10/2008|19:16] C:\DOCUME~1\INVITÉ\APPLIC~1\Sun
[11/10/2008|09:55] C:\DOCUME~1\INVITÉ\APPLIC~1\TuneUp Software
[08/10/2008|08:54] C:\DOCUME~1\INVITÉ\APPLIC~1\vlc
[27/10/2008|00:23] C:\DOCUME~1\INVITÉ\APPLIC~1\WinRAR
[17/10/2008|23:11] C:\DOCUME~1\INVITÉ\APPLIC~1\Yahoo!
--------------------\\ Scheduled Tasks in C:\WINDOWS\tasks
[12/12/2008 12:26][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[05/12/2008 17:15][--a------] C:\WINDOWS\tasks\Single Click Maintenance.job
[12/12/2008 21:58][--ah-----] C:\WINDOWS\tasks\SA.DAT
[28/08/2001 20:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini
--------------------\\ Listing of folders in C:\Program Files
[02/10/2008|19:14] C:\Program Files\Adobe
[03/10/2008|21:27] C:\Program Files\Alwil Software
[31/10/2008|12:48] C:\Program Files\Apple Software Update
[17/10/2008|20:55] C:\Program Files\ArcSoft
[03/10/2008|23:23] C:\Program Files\Arovax AntiSpyware
[02/10/2008|19:12] C:\Program Files\AvRack
[04/10/2008|13:27] C:\Program Files\AxBx
[02/10/2008|19:53] C:\Program Files\BitComet
[22/10/2008|09:13] C:\Program Files\BitComet Accelerator 1.0
[06/12/2008|15:01] C:\Program Files\BitTorrent Fastest Tool
[07/10/2008|14:59] C:\Program Files\Boonty
[11/12/2008|17:34] C:\Program Files\CCleaner
[02/10/2008|19:06] C:\Program Files\ComPlus Applications
[02/10/2008|19:14] C:\Program Files\CyberLink
[29/10/2008|10:37] C:\Program Files\DAP
[07/10/2008|17:49] C:\Program Files\DivX
[06/10/2008|12:00] C:\Program Files\eMule
[02/10/2008|19:02] C:\Program Files\Common Files
[10/12/2008|02:34] C:\Program Files\Gamenext
[10/12/2008|02:34] C:\Program Files\GamesBar
[10/10/2008|20:07] C:\Program Files\Google
[02/10/2008|19:12] C:\Program Files\InstallShield Installation Information
[02/10/2008|19:06] C:\Program Files\Internet Explorer
[02/10/2008|19:16] C:\Program Files\Java
[05/10/2008|13:14] C:\Program Files\K-Lite Codec Pack
[03/10/2008|20:54] C:\Program Files\Lavalys
[12/12/2008|15:38] C:\Program Files\Malwarebytes' Anti-Malware
[02/10/2008|19:05] C:\Program Files\Messenger
[04/10/2008|13:25] C:\Program Files\Messenger Plus! Live
[12/12/2008|14:53] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[02/10/2008|19:07] C:\Program Files\microsoft frontpage
[02/10/2008|19:50] C:\Program Files\Microsoft Office
[02/10/2008|19:44] C:\Program Files\Microsoft Works
[02/10/2008|19:51] C:\Program Files\Microsoft.NET
[02/10/2008|19:06] C:\Program Files\Movie Maker
[04/10/2008|15:53] C:\Program Files\Mozilla Firefox
[14/11/2008|15:15] C:\Program Files\MSECache
[02/10/2008|19:05] C:\Program Files\MSN
[02/10/2008|19:05] C:\Program Files\MSN Gaming Zone
[24/10/2008|00:58] C:\Program Files\MSXML 4.0
[02/10/2008|19:06] C:\Program Files\NetMeeting
[02/10/2008|19:13] C:\Program Files\NewTech Infosystems
[10/10/2008|20:07] C:\Program Files\NOS
[02/12/2008|15:59] C:\Program Files\Oberon Media
[02/10/2008|19:06] C:\Program Files\Outlook Express
[14/11/2008|16:14] C:\Program Files\PhotoFiltre
[02/12/2008|15:59] C:\Program Files\Pogo FR
[02/10/2008|19:12] C:\Program Files\Realtek Sound Manager
[23/10/2008|19:22] C:\Program Files\Samsung
[02/10/2008|19:05] C:\Program Files\Online Services
[31/10/2008|12:46] C:\Program Files\Sony
[31/10/2008|12:38] C:\Program Files\Sony Ericsson
[11/12/2008|14:38] C:\Program Files\Trend Micro
[17/10/2008|20:55] C:\Program Files\Trust
[02/10/2008|19:32] C:\Program Files\TuneUp Utilities 2006
[02/10/2008|19:12] C:\Program Files\Uninstall Information
[12/10/2008|16:20] C:\Program Files\USB Disk Win98 Driver
[07/10/2008|20:38] C:\Program Files\VideoLAN
[07/12/2008|23:57] C:\Program Files\Vista Start Menu
[02/10/2008|19:34] C:\Program Files\Winamp
[04/10/2008|13:21] C:\Program Files\Windows Live
[26/10/2008|15:23] C:\Program Files\Windows Media Connect 2
[02/10/2008|19:05] C:\Program Files\Windows Media Player
[02/10/2008|19:05] C:\Program Files\Windows NT
[02/10/2008|19:05] C:\Program Files\WindowsUpdate
[21/10/2008|21:03] C:\Program Files\WinRAR
[02/10/2008|19:07] C:\Program Files\xerox
[17/10/2008|20:01] C:\Program Files\Yahoo!
[05/10/2008|11:55] C:\Program Files\Zone Labs
[26/11/2008|22:02] C:\Program Files\Zylom Games
--------------------\\ Listing of folders in C:\Program Files\Common Files
[02/10/2008|19:14] C:\Program Files\Common Files\Adobe
[22/10/2008|12:07] C:\Program Files\Common Files\Adobe AIR
[03/10/2008|22:59] C:\Program Files\Common Files\AVSMedia
[02/10/2008|19:51] C:\Program Files\Common Files\DESIGNER
[02/10/2008|19:12] C:\Program Files\Common Files\InstallShield
[02/10/2008|19:16] C:\Program Files\Common Files\Java
[02/10/2008|19:02] C:\Program Files\Common Files\Microsoft Shared
[02/10/2008|19:06] C:\Program Files\Common Files\MSSoap
[10/12/2008|02:34] C:\Program Files\Common Files\Oberon Media
[02/10/2008|19:02] C:\Program Files\Common Files\ODBC
[02/10/2008|19:06] C:\Program Files\Common Files\Services
[17/10/2008|20:55] C:\Program Files\Common Files\snpstd
[31/10/2008|12:38] C:\Program Files\Common Files\Sony Ericsson Shared
[02/10/2008|19:02] C:\Program Files\Common Files\SpeechEngines
[09/12/2008|13:23] C:\Program Files\Common Files\Symantec Shared
[02/10/2008|19:06] C:\Program Files\Common Files\System
[31/10/2008|12:38] C:\Program Files\Common Files\Teleca Shared
[04/10/2008|13:21] C:\Program Files\Common Files\WindowsLiveInstaller
[02/10/2008|19:32] C:\Program Files\Common Files\Wise Installation Wizard
--------------------\\ Process
(35 Processes)
... OK !
--------------------\\ Search with S_Lop
No Lop files / folders found!
--------------------\\ Search for Lop Files / Folders
C:\Program Files\BitTorrent Fastest Tool
C:\Program Files\BitTorrent Fastest Tool\3wPlayer-2.0.0.0-setup_0209.exe
C:\Program Files\BitTorrent Fastest Tool\Come2PlayK2P_0209.exe
C:\Program Files\BitTorrent Fastest Tool\Checklime.exe
C:\Program Files\BitTorrent Fastest Tool\DWbrk03.exe
--------------------\\ Registry Verification
..... OK !
--------------------\\ Hosts file verification
Hosts file CLEAN
--------------------\\ Search for files with Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-13 00:32:31
Windows 5.1.2600 Service Pack 3 FAT NTAPI
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0
--------------------\\ Search for other infections
No other infections found!
[F:2][D:0]-> C:\DOCUME~1\BOUBOULE\LOCALS~1\Temp
[F:15][D:0]-> C:\DOCUME~1\BOUBOULE\Cookies
[F:6][D:4]-> C:\DOCUME~1\BOUBOULE\LOCALS~1\TEMPOR~1\content.IE5
[F:2][D:0]-> C:\Recycled
1 - "C:\Lop SD\LopR_1.txt" - 13/12/2008|0:33 - Option: [1]
--------------------\\ End of report at 0:33:15
--------------------\\ Lop S&D 4.2.4-9c XP/Vista
Microsoft Windows XP Home Edition (v5.1.2600) Service Pack 3
X86-based PC (Uniprocessor Free: Intel(R) Pentium(R) 4 CPU 2.80GHz)
BIOS: Phoenix - AwardBIOS v6.00PG
USER: BOUBOULE (Administrator)
BOOT: Normal boot
Antivirus: avast! antivirus 4.8.1296 [VPS 081204-0] 4.8.1296 (Activated)
Firewall: ZoneAlarm Pro Firewall 7.0.483.000 (Activated)
A:\ (USB)
C:\ (Local Disk) - FAT32 - Total: 39 Go (Free: 16 Go)
D:\ (Local Disk) - FAT32 - Total: 35 Go (Free: 24 Go)
E:\ (CD or DVD)
F:\ (CD or DVD)
G:\ (USB)
H:\ (USB)
I:\ (USB)
J:\ (USB)
"C:\Lop SD" (LAST UPDATE: 01-11-2008|16:30)
Option: [1] (13/12/2008|0:30)
--------------------\\ Listing of folders in APPLIC~1
[02/10/2008|19:14] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Adobe
[02/10/2008|19:12] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[02/10/2008|19:14] C:\DOCUME~1\DEFAUL~1\APPLIC~1\InterTrust
[02/10/2008|19:02] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[02/10/2008|19:16] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sun
[22/10/2008|12:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[31/10/2008|12:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[03/10/2008|23:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Arovax
[03/10/2008|22:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AVS4YOU
[02/10/2008|19:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
[06/10/2008|15:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\GameHouse
[10/10/2008|20:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[10/12/2008|02:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\iWin
[12/12/2008|15:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[04/10/2008|15:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[02/10/2008|19:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[02/10/2008|21:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSN6
[23/10/2008|15:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MythPeople
[11/12/2008|17:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NortonInstaller
[10/10/2008|20:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NOS
[25/11/2008|23:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\pixelStorm
[10/12/2008|14:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PlayFirst
[31/10/2008|12:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony Ericsson
[29/10/2008|10:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SpeedBit
[31/10/2008|12:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Teleca
[29/10/2008|10:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[02/10/2008|19:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TuneUp Software
[03/10/2008|22:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[04/10/2008|13:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[17/10/2008|20:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo!
[17/10/2008|23:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
[06/10/2008|15:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom
[02/10/2008|19:02] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[10/12/2008|17:36] C:\DOCUME~1\LOCALS~1\APPLIC~1\Google
[02/10/2008|19:02] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[10/12/2008|17:36] C:\DOCUME~1\LOCALS~1\APPLIC~1\Yahoo!
[02/10/2008|19:14] C:\DOCUME~1\kenshiro\APPLIC~1\Adobe
[10/10/2008|20:05] C:\DOCUME~1\kenshiro\APPLIC~1\AdobeUM
[31/10/2008|13:04] C:\DOCUME~1\kenshiro\APPLIC~1\Apple Computer
[03/10/2008|22:59] C:\DOCUME~1\kenshiro\APPLIC~1\AVS4YOU
[22/10/2008|12:08] C:\DOCUME~1\kenshiro\APPLIC~1\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[03/10/2008|22:52] C:\DOCUME~1\kenshiro\APPLIC~1\CometNetwork
[08/10/2008|21:21] C:\DOCUME~1\kenshiro\APPLIC~1\DivX
[23/10/2008|05:00] C:\DOCUME~1\kenshiro\APPLIC~1\dvdcss
[11/10/2008|11:45] C:\DOCUME~1\kenshiro\APPLIC~1\Google
[02/10/2008|22:21] C:\DOCUME~1\kenshiro\APPLIC~1\Help
[02/10/2008|19:12] C:\DOCUME~1\kenshiro\APPLIC~1\Identities
[02/10/2008|19:14] C:\DOCUME~1\kenshiro\APPLIC~1\InterTrust
[02/10/2008|22:21] C:\DOCUME~1\kenshiro\APPLIC~1\Macromedia
[05/10/2008|13:15] C:\DOCUME~1\kenshiro\APPLIC~1\Media Player Classic
[02/10/2008|19:02] C:\DOCUME~1\kenshiro\APPLIC~1\Microsoft
[03/10/2008|22:52] C:\DOCUME~1\kenshiro\APPLIC~1\Mozilla
[02/10/2008|21:51] C:\DOCUME~1\kenshiro\APPLIC~1\MSN6
[31/10/2008|12:39] C:\DOCUME~1\kenshiro\APPLIC~1\Sony Ericsson
[02/10/2008|19:16] C:\DOCUME~1\kenshiro\APPLIC~1\Sun
[10/11/2008|19:56] C:\DOCUME~1\kenshiro\APPLIC~1\Teleca
[21/10/2008|09:31] C:\DOCUME~1\kenshiro\APPLIC~1\Template
[02/10/2008|19:32] C:\DOCUME~1\kenshiro\APPLIC~1\TuneUp Software
[07/10/2008|20:39] C:\DOCUME~1\kenshiro\APPLIC~1\vlc
[02/10/2008|19:34] C:\DOCUME~1\kenshiro\APPLIC~1\Winamp
[21/10/2008|21:04] C:\DOCUME~1\kenshiro\APPLIC~1\WinRAR
[22/10/2008|12:14] C:\DOCUME~1\kenshiro\APPLIC~1\Yahoo!
[02/10/2008|19:14] C:\DOCUME~1\ADMINI~1\APPLIC~1\Adobe
[02/10/2008|19:12] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
[02/10/2008|19:14] C:\DOCUME~1\ADMINI~1\APPLIC~1\InterTrust
[06/10/2008|12:56] C:\DOCUME~1\ADMINI~1\APPLIC~1\Macromedia
[02/10/2008|19:02] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
[06/10/2008|12:52] C:\DOCUME~1\ADMINI~1\APPLIC~1\Mozilla
[02/10/2008|19:16] C:\DOCUME~1\ADMINI~1\APPLIC~1\Sun
[02/10/2008|19:14] C:\DOCUME~1\BOUBOULE\APPLIC~1\Adobe
[02/12/2008|16:00] C:\DOCUME~1\BOUBOULE\APPLIC~1\AlterLab
[04/10/2008|13:03] C:\DOCUME~1\BOUBOULE\APPLIC~1\CometNetwork
[06/10/2008|18:14] C:\DOCUME~1\BOUBOULE\APPLIC~1\DivX
[09/10/2008|13:25] C:\DOCUME~1\BOUBOULE\APPLIC~1\dvdcss
[13/11/2008|14:58] C:\DOCUME~1\BOUBOULE\APPLIC~1\funkitron
[18/10/2008|16:25] C:\DOCUME~1\BOUBOULE\APPLIC~1\GamesCafe
[14/10/2008|14:41] C:\DOCUME~1\BOUBOULE\APPLIC~1\Google
[02/10/2008|19:12] C:\DOCUME~1\BOUBOULE\APPLIC~1\Identities
[02/10/2008|19:14] C:\DOCUME~1\BOUBOULE\APPLIC~1\InterTrust
[10/12/2008|02:35] C:\DOCUME~1\BOUBOULE\APPLIC~1\iWin
[29/11/2008|16:58] C:\DOCUME~1\BOUBOULE\APPLIC~1\Leadertech
[04/10/2008|13:04] C:\DOCUME~1\BOUBOULE\APPLIC~1\Macromedia
[12/12/2008|15:38] C:\DOCUME~1\BOUBOULE\APPLIC~1\Malwarebytes
[06/10/2008|18:14] C:\DOCUME~1\BOUBOULE\APPLIC~1\Media Player Classic
[26/11/2008|22:02] C:\DOCUME~1\BOUBOULE\APPLIC~1\Meridian93
[02/10/2008|19:02] C:\DOCUME~1\BOUBOULE\APPLIC~1\Microsoft
[04/10/2008|13:03] C:\DOCUME~1\BOUBOULE\APPLIC~1\Mozilla
[10/12/2008|14:36] C:\DOCUME~1\BOUBOULE\APPLIC~1\PlayFirst
[26/10/2008|14:16] C:\DOCUME~1\BOUBOULE\APPLIC~1\Samsung
[07/10/2008|15:09] C:\DOCUME~1\BOUBOULE\APPLIC~1\Shopping Blocks
[04/11/2008|15:34] C:\DOCUME~1\BOUBOULE\APPLIC~1\Sony Ericsson
[02/10/2008|19:16] C:\DOCUME~1\BOUBOULE\APPLIC~1\Sun
[04/11/2008|15:34] C:\DOCUME~1\BOUBOULE\APPLIC~1\Teleca
[08/11/2008|16:20] C:\DOCUME~1\BOUBOULE\APPLIC~1\Template
[22/11/2008|19:02] C:\DOCUME~1\BOUBOULE\APPLIC~1\TuneUp Software
[07/12/2008|23:58] C:\DOCUME~1\BOUBOULE\APPLIC~1\Vista Start Menu
[08/10/2008|14:28] C:\DOCUME~1\BOUBOULE\APPLIC~1\vlc
[09/10/2008|13:23] C:\DOCUME~1\BOUBOULE\APPLIC~1\Wallpaper
[14/10/2008|17:56] C:\DOCUME~1\BOUBOULE\APPLIC~1\Winamp
[30/10/2008|20:29] C:\DOCUME~1\BOUBOULE\APPLIC~1\WinRAR
[18/10/2008|12:14] C:\DOCUME~1\BOUBOULE\APPLIC~1\Yahoo!
[06/10/2008|15:09] C:\DOCUME~1\BOUBOULE\APPLIC~1\Zylom
[02/10/2008|19:14] C:\DOCUME~1\INVITÉ\APPLIC~1\Adobe
[01/11/2008|15:08] C:\DOCUME~1\INVITÉ\APPLIC~1\Apple Computer
[13/11/2008|18:03] C:\DOCUME~1\INVITÉ\APPLIC~1\DivX
[09/10/2008|23:35] C:\DOCUME~1\INVITÉ\APPLIC~1\dvdcss
[10/10/2008|23:39] C:\DOCUME~1\INVITÉ\APPLIC~1\Google
[02/10/2008|19:12] C:\DOCUME~1\INVITÉ\APPLIC~1\Identities
[02/10/2008|19:14] C:\DOCUME~1\INVITÉ\APPLIC~1\InterTrust
[06/10/2008|01:33] C:\DOCUME~1\INVITÉ\APPLIC~1\Macromedia
[02/10/2008|19:02] C:\DOCUME~1\INVITÉ\APPLIC~1\Microsoft
[06/10/2008|00:41] C:\DOCUME~1\INVITÉ\APPLIC~1\Mozilla
[13/11/2008|18:03] C:\DOCUME~1\INVITÉ\APPLIC~1\Sony Ericsson
[02/10/2008|19:16] C:\DOCUME~1\INVITÉ\APPLIC~1\Sun
[11/10/2008|09:55] C:\DOCUME~1\INVITÉ\APPLIC~1\TuneUp Software
[08/10/2008|08:54] C:\DOCUME~1\INVITÉ\APPLIC~1\vlc
[27/10/2008|00:23] C:\DOCUME~1\INVITÉ\APPLIC~1\WinRAR
[17/10/2008|23:11] C:\DOCUME~1\INVITÉ\APPLIC~1\Yahoo!
--------------------\\ Scheduled Tasks in C:\WINDOWS\tasks
[12/12/2008 12:26][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[05/12/2008 17:15][--a------] C:\WINDOWS\tasks\Single Click Maintenance.job
[12/12/2008 21:58][--ah-----] C:\WINDOWS\tasks\SA.DAT
[28/08/2001 20:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini
--------------------\\ Listing of folders in C:\Program Files
[02/10/2008|19:14] C:\Program Files\Adobe
[03/10/2008|21:27] C:\Program Files\Alwil Software
[31/10/2008|12:48] C:\Program Files\Apple Software Update
[17/10/2008|20:55] C:\Program Files\ArcSoft
[03/10/2008|23:23] C:\Program Files\Arovax AntiSpyware
[02/10/2008|19:12] C:\Program Files\AvRack
[04/10/2008|13:27] C:\Program Files\AxBx
[02/10/2008|19:53] C:\Program Files\BitComet
[22/10/2008|09:13] C:\Program Files\BitComet Accelerator 1.0
[06/12/2008|15:01] C:\Program Files\BitTorrent Fastest Tool
[07/10/2008|14:59] C:\Program Files\Boonty
[11/12/2008|17:34] C:\Program Files\CCleaner
[02/10/2008|19:06] C:\Program Files\ComPlus Applications
[02/10/2008|19:14] C:\Program Files\CyberLink
[29/10/2008|10:37] C:\Program Files\DAP
[07/10/2008|17:49] C:\Program Files\DivX
[06/10/2008|12:00] C:\Program Files\eMule
[02/10/2008|19:02] C:\Program Files\Common Files
[10/12/2008|02:34] C:\Program Files\Gamenext
[10/12/2008|02:34] C:\Program Files\GamesBar
[10/10/2008|20:07] C:\Program Files\Google
[02/10/2008|19:12] C:\Program Files\InstallShield Installation Information
[02/10/2008|19:06] C:\Program Files\Internet Explorer
[02/10/2008|19:16] C:\Program Files\Java
[05/10/2008|13:14] C:\Program Files\K-Lite Codec Pack
[03/10/2008|20:54] C:\Program Files\Lavalys
[12/12/2008|15:38] C:\Program Files\Malwarebytes' Anti-Malware
[02/10/2008|19:05] C:\Program Files\Messenger
[04/10/2008|13:25] C:\Program Files\Messenger Plus! Live
[12/12/2008|14:53] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[02/10/2008|19:07] C:\Program Files\microsoft frontpage
[02/10/2008|19:50] C:\Program Files\Microsoft Office
[02/10/2008|19:44] C:\Program Files\Microsoft Works
[02/10/2008|19:51] C:\Program Files\Microsoft.NET
[02/10/2008|19:06] C:\Program Files\Movie Maker
[04/10/2008|15:53] C:\Program Files\Mozilla Firefox
[14/11/2008|15:15] C:\Program Files\MSECache
[02/10/2008|19:05] C:\Program Files\MSN
[02/10/2008|19:05] C:\Program Files\MSN Gaming Zone
[24/10/2008|00:58] C:\Program Files\MSXML 4.0
[02/10/2008|19:06] C:\Program Files\NetMeeting
[02/10/2008|19:13] C:\Program Files\NewTech Infosystems
[10/10/2008|20:07] C:\Program Files\NOS
[02/12/2008|15:59] C:\Program Files\Oberon Media
[02/10/2008|19:06] C:\Program Files\Outlook Express
[14/11/2008|16:14] C:\Program Files\PhotoFiltre
[02/12/2008|15:59] C:\Program Files\Pogo FR
[02/10/2008|19:12] C:\Program Files\Realtek Sound Manager
[23/10/2008|19:22] C:\Program Files\Samsung
[02/10/2008|19:05] C:\Program Files\Online Services
[31/10/2008|12:46] C:\Program Files\Sony
[31/10/2008|12:38] C:\Program Files\Sony Ericsson
[11/12/2008|14:38] C:\Program Files\Trend Micro
[17/10/2008|20:55] C:\Program Files\Trust
[02/10/2008|19:32] C:\Program Files\TuneUp Utilities 2006
[02/10/2008|19:12] C:\Program Files\Uninstall Information
[12/10/2008|16:20] C:\Program Files\USB Disk Win98 Driver
[07/10/2008|20:38] C:\Program Files\VideoLAN
[07/12/2008|23:57] C:\Program Files\Vista Start Menu
[02/10/2008|19:34] C:\Program Files\Winamp
[04/10/2008|13:21] C:\Program Files\Windows Live
[26/10/2008|15:23] C:\Program Files\Windows Media Connect 2
[02/10/2008|19:05] C:\Program Files\Windows Media Player
[02/10/2008|19:05] C:\Program Files\Windows NT
[02/10/2008|19:05] C:\Program Files\WindowsUpdate
[21/10/2008|21:03] C:\Program Files\WinRAR
[02/10/2008|19:07] C:\Program Files\xerox
[17/10/2008|20:01] C:\Program Files\Yahoo!
[05/10/2008|11:55] C:\Program Files\Zone Labs
[26/11/2008|22:02] C:\Program Files\Zylom Games
--------------------\\ Listing of folders in C:\Program Files\Common Files
[02/10/2008|19:14] C:\Program Files\Common Files\Adobe
[22/10/2008|12:07] C:\Program Files\Common Files\Adobe AIR
[03/10/2008|22:59] C:\Program Files\Common Files\AVSMedia
[02/10/2008|19:51] C:\Program Files\Common Files\DESIGNER
[02/10/2008|19:12] C:\Program Files\Common Files\InstallShield
[02/10/2008|19:16] C:\Program Files\Common Files\Java
[02/10/2008|19:02] C:\Program Files\Common Files\Microsoft Shared
[02/10/2008|19:06] C:\Program Files\Common Files\MSSoap
[10/12/2008|02:34] C:\Program Files\Common Files\Oberon Media
[02/10/2008|19:02] C:\Program Files\Common Files\ODBC
[02/10/2008|19:06] C:\Program Files\Common Files\Services
[17/10/2008|20:55] C:\Program Files\Common Files\snpstd
[31/10/2008|12:38] C:\Program Files\Common Files\Sony Ericsson Shared
[02/10/2008|19:02] C:\Program Files\Common Files\SpeechEngines
[09/12/2008|13:23] C:\Program Files\Common Files\Symantec Shared
[02/10/2008|19:06] C:\Program Files\Common Files\System
[31/10/2008|12:38] C:\Program Files\Common Files\Teleca Shared
[04/10/2008|13:21] C:\Program Files\Common Files\WindowsLiveInstaller
[02/10/2008|19:32] C:\Program Files\Common Files\Wise Installation Wizard
--------------------\\ Process
(35 Processes)
... OK !
--------------------\\ Search with S_Lop
No Lop files / folders found!
--------------------\\ Search for Lop Files / Folders
C:\Program Files\BitTorrent Fastest Tool
C:\Program Files\BitTorrent Fastest Tool\3wPlayer-2.0.0.0-setup_0209.exe
C:\Program Files\BitTorrent Fastest Tool\Come2PlayK2P_0209.exe
C:\Program Files\BitTorrent Fastest Tool\Checklime.exe
C:\Program Files\BitTorrent Fastest Tool\DWbrk03.exe
--------------------\\ Registry Verification
..... OK !
--------------------\\ Hosts file verification
Hosts file CLEAN
--------------------\\ Search for files with Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-13 00:32:31
Windows 5.1.2600 Service Pack 3 FAT NTAPI
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0
--------------------\\ Search for other infections
No other infections found!
[F:2][D:0]-> C:\DOCUME~1\BOUBOULE\LOCALS~1\Temp
[F:15][D:0]-> C:\DOCUME~1\BOUBOULE\Cookies
[F:6][D:4]-> C:\DOCUME~1\BOUBOULE\LOCALS~1\TEMPOR~1\content.IE5
[F:2][D:0]-> C:\Recycled
1 - "C:\Lop SD\LopR_1.txt" - 13/12/2008|0:33 - Option: [1]
--------------------\\ End of report at 0:33:15
Hi Lacrame,
just a quick question
C:\Program Files\NOS
what software is that???
I only found this online = http://www.nos-amps.com/index.php?op=edito
there's some Norton lying around
= C:\Program Files\Common Files\Symantec Shared
= C:\DOCUME~1\ALLUSE~1\APPLIC~1\NortonInstaller
see you later
--
no link on the website in English
I'm already flying solo enough
just a quick question
C:\Program Files\NOS
what software is that???
I only found this online = http://www.nos-amps.com/index.php?op=edito
there's some Norton lying around
= C:\Program Files\Common Files\Symantec Shared
= C:\DOCUME~1\ALLUSE~1\APPLIC~1\NortonInstaller
see you later
--
no link on the website in English
I'm already flying solo enough
- 1
- 2
Suivant
Thank you.
@+
pasthou