Hello, Every time I start a session, this error message pops up: Error in C:\WINDOWS\system32\qyvjgsahzs.dll Missing entry: DLLStart This has been going on for 3 days, and I really don't know anything about computers, so if you could help me that would be very kind. Thank you in advance.

Start>run> and type msconfig.... in the startup tab check if there's a task that calls this DLL.... See you later pasthou

Error message on every startup! : CCM

Réponse 21 / 26

lacrame Posted messages 1 Registration date Status Membre Last intervention 1

By the way, can I delete all the programs you've had me install since the beginning?
Because it's too much!

Réponse 22 / 26

sKe69 Posted messages 21955 Status Contributeur sécurité 463

Hello,

By the way, can I delete all the programs you made me install from the beginning?
Because it’s too much!
-> Don't worry, we'll do it in due time and quickly... for now, don't touch anything on that side...

The next steps:

1- ! Log off and close all your running applications!

Restart Lop S&D,

---> This time choose option 2 (cleaning) and confirm...

-> Don't touch anything while the tool is working.

Once the scan is finished, the Notepad containing the report will open.
Post this report in your next response for analysis...

2- Run another RSIT scan, post the new "log.txt" obtained and wait for the next steps....

--
“Baby, I'm going on an airplane, And I don't know if I'll be back again”
IMPORTANT: don’t think you’re out of the woods until we
tell you!

lacrame Posted messages 1 Registration date Status Membre Last intervention 1

Lod Set D Report:

--------------------\\ Lop S&D 4.2.4-9c XP/Vista

Microsoft Windows XP Home Edition (v5.1.2600) Service Pack 3
X86-based PC (Uniprocessor Free: Intel(R) Pentium(R) 4 CPU 2.80GHz)
BIOS: Phoenix - AwardBIOS v6.00PG
USER: BOUBOULE (Administrator)
BOOT: Normal boot
Antivirus: avast! antivirus 4.8.1296 [VPS 081204-0] 4.8.1296 (Activated)
Firewall: ZoneAlarm Pro Firewall 7.0.483.000 (Activated)
A:\ (USB)
C:\ (Local Disk) - FAT32 - Total:39 Go (Free:17 Go)
D:\ (Local Disk) - FAT32 - Total:35 Go (Free:26 Go)
E:\ (CD or DVD)
F:\ (CD or DVD)

"C:\Lop SD" (UPDATE: 01-11-2008|16:30)
Option: [2] (13/12/2008|19:24)

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ DELETION

Delete! - C:\Program Files\BitTorrent Fastest Tool\3wPlayer-2.0.0.0-setup_0209.exe
Delete! - C:\Program Files\BitTorrent Fastest Tool\Come2PlayK2P_0209.exe
Delete! - C:\Program Files\BitTorrent Fastest Tool\Checklime.exe
Delete! - C:\Program Files\BitTorrent Fastest Tool\DWbrk03.exe
Delete! - C:\Program Files\BitTorrent Fastest Tool
-
[Hosts File] .. Restore!

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

--------------------\\ Listing of folders in APPLIC~1

[02/10/2008|19:14] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Adobe
[02/10/2008|19:12] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[02/10/2008|19:14] C:\DOCUME~1\DEFAUL~1\APPLIC~1\InterTrust
[02/10/2008|19:02] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[02/10/2008|19:16] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sun

[22/10/2008|12:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[31/10/2008|12:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[03/10/2008|23:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Arovax
[03/10/2008|22:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AVS4YOU
[02/10/2008|19:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
[06/10/2008|15:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\GameHouse
[10/10/2008|20:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[10/12/2008|02:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\iWin
[12/12/2008|15:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[04/10/2008|15:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[02/10/2008|19:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[02/10/2008|21:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSN6
[23/10/2008|15:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MythPeople
[11/12/2008|17:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NortonInstaller
[10/10/2008|20:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NOS
[25/11/2008|23:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\pixelStorm
[10/12/2008|14:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PlayFirst
[31/10/2008|12:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony Ericsson
[29/10/2008|10:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SpeedBit
[31/10/2008|12:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Teleca
[29/10/2008|10:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[02/10/2008|19:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TuneUp Software
[03/10/2008|22:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[04/10/2008|13:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[17/10/2008|20:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo!
[17/10/2008|23:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
[06/10/2008|15:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom

[02/10/2008|19:02] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

[10/12/2008|17:36] C:\DOCUME~1\LOCALS~1\APPLIC~1\Google
[02/10/2008|19:02] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[10/12/2008|17:36] C:\DOCUME~1\LOCALS~1\APPLIC~1\Yahoo!

[02/10/2008|19:14] C:\DOCUME~1\kenshiro\APPLIC~1\Adobe
[10/10/2008|20:05] C:\DOCUME~1\kenshiro\APPLIC~1\AdobeUM
[31/10/2008|13:04] C:\DOCUME~1\kenshiro\APPLIC~1\Apple Computer
[03/10/2008|22:59] C:\DOCUME~1\kenshiro\APPLIC~1\AVS4YOU
[22/10/2008|12:08] C:\DOCUME~1\kenshiro\APPLIC~1\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[03/10/2008|22:52] C:\DOCUME~1\kenshiro\APPLIC~1\CometNetwork
[08/10/2008|21:21] C:\DOCUME~1\kenshiro\APPLIC~1\DivX
[23/10/2008|05:00] C:\DOCUME~1\kenshiro\APPLIC~1\dvdcss
[11/10/2008|11:45] C:\DOCUME~1\kenshiro\APPLIC~1\Google
[02/10/2008|22:21] C:\DOCUME~1\kenshiro\APPLIC~1\Help
[02/10/2008|19:12] C:\DOCUME~1\kenshiro\APPLIC~1\Identities
[02/10/2008|19:14] C:\DOCUME~1\kenshiro\APPLIC~1\InterTrust
[02/10/2008|22:21] C:\DOCUME~1\kenshiro\APPLIC~1\Macromedia
[05/10/2008|13:15] C:\DOCUME~1\kenshiro\APPLIC~1\Media Player Classic
[02/10/2008|19:02] C:\DOCUME~1\kenshiro\APPLIC~1\Microsoft
[03/10/2008|22:52] C:\DOCUME~1\kenshiro\APPLIC~1\Mozilla
[02/10/2008|21:51] C:\DOCUME~1\kenshiro\APPLIC~1\MSN6
[31/10/2008|12:39] C:\DOCUME~1\kenshiro\APPLIC~1\Sony Ericsson
[02/10/2008|19:16] C:\DOCUME~1\kenshiro\APPLIC~1\Sun
[10/11/2008|19:56] C:\DOCUME~1\kenshiro\APPLIC~1\Teleca
[21/10/2008|09:31] C:\DOCUME~1\kenshiro\APPLIC~1\Template
[02/10/2008|19:32] C:\DOCUME~1\kenshiro\APPLIC~1\TuneUp Software
[07/10/2008|20:39] C:\DOCUME~1\kenshiro\APPLIC~1\vlc
[02/10/2008|19:34] C:\DOCUME~1\kenshiro\APPLIC~1\Winamp
[21/10/2008|21:04] C:\DOCUME~1\kenshiro\APPLIC~1\WinRAR
[22/10/2008|12:14] C:\DOCUME~1\kenshiro\APPLIC~1\Yahoo!

[02/10/2008|19:14] C:\DOCUME~1\ADMINI~1\APPLIC~1\Adobe
[02/10/2008|19:12] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
[02/10/2008|19:14] C:\DOCUME~1\ADMINI~1\APPLIC~1\InterTrust
[06/10/2008|12:56] C:\DOCUME~1\ADMINI~1\APPLIC~1\Macromedia
[02/10/2008|19:02] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
[06/10/2008|12:52] C:\DOCUME~1\ADMINI~1\APPLIC~1\Mozilla
[02/10/2008|19:16] C:\DOCUME~1\ADMINI~1\APPLIC~1\Sun

[02/10/2008|19:14] C:\DOCUME~1\BOUBOULE\APPLIC~1\Adobe
[02/12/2008|16:00] C:\DOCUME~1\BOUBOULE\APPLIC~1\AlterLab
[04/10/2008|13:03] C:\DOCUME~1\BOUBOULE\APPLIC~1\CometNetwork
[06/10/2008|18:14] C:\DOCUME~1\BOUBOULE\APPLIC~1\DivX
[09/10/2008|13:25] C:\DOCUME~1\BOUBOULE\APPLIC~1\dvdcss
[13/11/2008|14:58] C:\DOCUME~1\BOUBOULE\APPLIC~1\funkitron
[18/10/2008|16:25] C:\DOCUME~1\BOUBOULE\APPLIC~1\GamesCafe
[14/10/2008|14:41] C:\DOCUME~1\BOUBOULE\APPLIC~1\Google
[02/10/2008|19:12] C:\DOCUME~1\BOUBOULE\APPLIC~1\Identities
[02/10/2008|19:14] C:\DOCUME~1\BOUBOULE\APPLIC~1\InterTrust
[10/12/2008|02:35] C:\DOCUME~1\BOUBOULE\APPLIC~1\iWin
[29/11/2008|16:58] C:\DOCUME~1\BOUBOULE\APPLIC~1\Leadertech
[04/10/2008|13:04] C:\DOCUME~1\BOUBOULE\APPLIC~1\Macromedia
[12/12/2008|15:38] C:\DOCUME~1\BOUBOULE\APPLIC~1\Malwarebytes
[06/10/2008|18:14] C:\DOCUME~1\BOUBOULE\APPLIC~1\Media Player Classic
[26/11/2008|22:02] C:\DOCUME~1\BOUBOULE\APPLIC~1\Meridian93
[02/10/2008|19:02] C:\DOCUME~1\BOUBOULE\APPLIC~1\Microsoft
[04/10/2008|13:03] C:\DOCUME~1\BOUBOULE\APPLIC~1\Mozilla
[10/12/2008|14:36] C:\DOCUME~1\BOUBOULE\APPLIC~1\PlayFirst
[26/10/2008|14:16] C:\DOCUME~1\BOUBOULE\APPLIC~1\Samsung
[07/10/2008|15:09] C:\DOCUME~1\BOUBOULE\APPLIC~1\Shopping Blocks
[04/11/2008|15:34] C:\DOCUME~1\BOUBOULE\APPLIC~1\Sony Ericsson
[02/10/2008|19:16] C:\DOCUME~1\BOUBOULE\APPLIC~1\Sun
[04/11/2008|15:34] C:\DOCUME~1\BOUBOULE\APPLIC~1\Teleca
[08/11/2008|16:20] C:\DOCUME~1\BOUBOULE\APPLIC~1\Template
[22/11/2008|19:02] C:\DOCUME~1\BOUBOULE\APPLIC~1\TuneUp Software
[07/12/2008|23:58] C:\DOCUME~1\BOUBOULE\APPLIC~1\Vista Start Menu
[08/10/2008|14:28] C:\DOCUME~1\BOUBOULE\APPLIC~1\vlc
[09/10/2008|13:23] C:\DOCUME~1\BOUBOULE\APPLIC~1\Wallpaper
[14/10/2008|17:56] C:\DOCUME~1\BOUBOULE\APPLIC~1\Winamp
[30/10/2008|20:29] C:\DOCUME~1\BOUBOULE\APPLIC~1\WinRAR
[18/10/2008|12:14] C:\DOCUME~1\BOUBOULE\APPLIC~1\Yahoo!
[06/10/2008|15:09] C:\DOCUME~1\BOUBOULE\APPLIC~1\Zylom

[02/10/2008|19:14] C:\DOCUME~1\INVITÉ\APPLIC~1\Adobe
[01/11/2008|15:08] C:\DOCUME~1\INVITÉ\APPLIC~1\Apple Computer
[13/11/2008|18:03] C:\DOCUME~1\INVITÉ\APPLIC~1\DivX
[09/10/2008|23:35] C:\DOCUME~1\INVITÉ\APPLIC~1\dvdcss
[10/10/2008|23:39] C:\DOCUME~1\INVITÉ\APPLIC~1\Google
[02/10/2008|19:12] C:\DOCUME~1\INVITÉ\APPLIC~1\Identities
[02/10/2008|19:14] C:\DOCUME~1\INVITÉ\APPLIC~1\InterTrust
[06/10/2008|01:33] C:\DOCUME~1\INVITÉ\APPLIC~1\Macromedia
[02/10/2008|19:02] C:\DOCUME~1\INVITÉ\APPLIC~1\Microsoft
[06/10/2008|00:41] C:\DOCUME~1\INVITÉ\APPLIC~1\Mozilla
[13/11/2008|18:03] C:\DOCUME~1\INVITÉ\APPLIC~1\Sony Ericsson
[02/10/2008|19:16] C:\DOCUME~1\INVITÉ\APPLIC~1\Sun
[11/10/2008|09:55] C:\DOCUME~1\INVITÉ\APPLIC~1\TuneUp Software
[08/10/2008|08:54] C:\DOCUME~1\INVITÉ\APPLIC~1\vlc
[27/10/2008|00:23] C:\DOCUME~1\INVITÉ\APPLIC~1\WinRAR
[17/10/2008|23:11] C:\DOCUME~1\INVITÉ\APPLIC~1\Yahoo!

--------------------\\ Scheduled tasks in C:\WINDOWS\tasks

[13/12/2008 18:56][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskUser.job
[12/12/2008 12:26][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[05/12/2008 17:15][--a------] C:\WINDOWS\tasks\One Click Maintenance.job
[13/12/2008 13:40][--ah-----] C:\WINDOWS\tasks\SA.DAT
[28/08/2001 20:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing of folders in C:\Program Files

[02/10/2008|19:14] C:\Program Files\Adobe
[03/10/2008|21:27] C:\Program Files\Alwil Software
[31/10/2008|12:48] C:\Program Files\Apple Software Update
[17/10/2008|20:55] C:\Program Files\ArcSoft
[03/10/2008|23:23] C:\Program Files\Arovax AntiSpyware
[02/10/2008|19:12] C:\Program Files\AvRack
[04/10/2008|13:27] C:\Program Files\AxBx
[02/10/2008|19:53] C:\Program Files\BitComet
[22/10/2008|09:13] C:\Program Files\BitComet Accelerator 1.0
[07/10/2008|14:59] C:\Program Files\Boonty
[11/12/2008|17:34] C:\Program Files\CCleaner
[02/10/2008|19:06] C:\Program Files\ComPlus Applications
[02/10/2008|19:14] C:\Program Files\CyberLink
[29/10/2008|10:37] C:\Program Files\DAP
[07/10/2008|17:49] C:\Program Files\DivX
[06/10/2008|12:00] C:\Program Files\eMule
[02/10/2008|19:02] C:\Program Files\Common Files
[10/12/2008|02:34] C:\Program Files\Gamenext
[10/12/2008|02:34] C:\Program Files\GamesBar
[10/10/2008|20:07] C:\Program Files\Google
[02/10/2008|19:12] C:\Program Files\InstallShield Installation Information
[02/10/2008|19:06] C:\Program Files\Internet Explorer
[02/10/2008|19:16] C:\Program Files\Java
[05/10/2008|13:14] C:\Program Files\K-Lite Codec Pack
[03/10/2008|20:54] C:\Program Files\Lavalys
[12/12/2008|15:38] C:\Program Files\Malwarebytes' Anti-Malware
[02/10/2008|19:05] C:\Program Files\Messenger
[04/10/2008|13:25] C:\Program Files\Messenger Plus! Live
[12/12/2008|14:53] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[02/10/2008|19:07] C:\Program Files\microsoft frontpage
[02/10/2008|19:50] C:\Program Files\Microsoft Office
[02/10/2008|19:44] C:\Program Files\Microsoft Works
[02/10/2008|19:51] C:\Program Files\Microsoft.NET
[02/10/2008|19:06] C:\Program Files\Movie Maker
[04/10/2008|15:53] C:\Program Files\Mozilla Firefox
[14/11/2008|15:15] C:\Program Files\MSECache
[02/10/2008|19:05] C:\Program Files\MSN
[02/10/2008|19:05] C:\Program Files\MSN Gaming Zone
[24/10/2008|00:58] C:\Program Files\MSXML 4.0
[02/10/2008|19:06] C:\Program Files\NetMeeting
[02/10/2008|19:13] C:\Program Files\NewTech Infosystems
[10/10/2008|20:07] C:\Program Files\NOS
[02/12/2008|15:59] C:\Program Files\Oberon Media
[02/10/2008|19:06] C:\Program Files\Outlook Express
[14/11/2008|16:14] C:\Program Files\PhotoFiltre
[02/12/2008|15:59] C:\Program Files\Pogo FR
[02/10/2008|19:12] C:\Program Files\Realtek Sound Manager
[23/10/2008|19:22] C:\Program Files\Samsung
[02/10/2008|19:05] C:\Program Files\Online Services
[31/10/2008|12:46] C:\Program Files\Sony
[31/10/2008|12:38] C:\Program Files\Sony Ericsson
[11/12/2008|14:38] C:\Program Files\Trend Micro
[17/10/2008|20:55] C:\Program Files\Trust
[02/10/2008|19:32] C:\Program Files\TuneUp Utilities 2006
[02/10/2008|19:12] C:\Program Files\Uninstall Information
[12/10/2008|16:20] C:\Program Files\USB Disk Win98 Driver
[07/10/2008|20:38] C:\Program Files\VideoLAN
[07/12/2008|23:57] C:\Program Files\Vista Start Menu
[02/10/2008|19:34] C:\Program Files\Winamp
[04/10/2008|13:21] C:\Program Files\Windows Live
[26/10/2008|15:23] C:\Program Files\Windows Media Connect 2
[02/10/2008|19:05] C:\Program Files\Windows Media Player
[02/10/2008|19:05] C:\Program Files\Windows NT
[02/10/2008|19:05] C:\Program Files\WindowsUpdate
[21/10/2008|21:03] C:\Program Files\WinRAR
[02/10/2008|19:07] C:\Program Files\xerox
[17/10/2008|20:01] C:\Program Files\Yahoo!
[05/10/2008|11:55] C:\Program Files\Zone Labs
[26/11/2008|22:02] C:\Program Files\Zylom Games

--------------------\\ Listing of folders in C:\Program Files\Common Files

[02/10/2008|19:14] C:\Program Files\Common Files\Adobe
[22/10/2008|12:07] C:\Program Files\Common Files\Adobe AIR
[03/10/2008|22:59] C:\Program Files\Common Files\AVSMedia
[02/10/2008|19:51] C:\Program Files\Common Files\DESIGNER
[02/10/2008|19:12] C:\Program Files\Common Files\InstallShield
[02/10/2008|19:16] C:\Program Files\Common Files\Java
[02/10/2008|19:02] C:\Program Files\Common Files\Microsoft Shared
[02/10/2008|19:06] C:\Program Files\Common Files\MSSoap
[10/12/2008|02:34] C:\Program Files\Common Files\Oberon Media
[02/10/2008|19:02] C:\Program Files\Common Files\ODBC
[02/10/2008|19:06] C:\Program Files\Common Files\Services
[17/10/2008|20:55] C:\Program Files\Common Files\snpstd
[31/10/2008|12:38] C:\Program Files\Common Files\Sony Ericsson Shared
[02/10/2008|19:02] C:\Program Files\Common Files\SpeechEngines
[09/12/2008|13:23] C:\Program Files\Common Files\Symantec Shared
[02/10/2008|19:06] C:\Program Files\Common Files\System
[31/10/2008|12:38] C:\Program Files\Common Files\Teleca Shared
[04/10/2008|13:21] C:\Program Files\Common Files\WindowsLiveInstaller
[02/10/2008|19:32] C:\Program Files\Common Files\Wise Installation Wizard

--------------------\\ Processes

(35 Processes)

... OK!

--------------------\\ Searching with S_Lop

No Lop file/folder found!

--------------------\\ Searching for Lop Files/Folders

No Lop file/folder found!

--------------------\\ Registry Check

..... OK!

--------------------\\ Hosts file check

Hosts file CLEAN

--------------------\\ Searching for files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-13 19:27:02
Windows 5.1.2600 Service Pack 3 FAT NTAPI
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Searching for other infections

No other infection found!

[F:10][D:5]-> C:\DOCUME~1\BOUBOULE\LOCALS~1\Temp
[F:17][D:0]-> C:\DOCUME~1\BOUBOULE\Cookies
[F:193][D:4]-> C:\DOCUME~1\BOUBOULE\LOCALS~1\TEMPOR~1\content.IE5
[F:2][D:0]-> C:\Recycled

1 - "C:\Lop SD\LopR_1.txt" - 13/12/2008| 0:33 - Option: [1]
2 - "C:\Lop SD\LopR_2.txt" - 13/12/2008|19:27 - Option: [2]

--------------------\\ End of the report at 19:27:47

lacrame Posted messages 1 Registration date Status Membre Last intervention 1 > lacrame Posted messages 1 Registration date Status Membre Last intervention

Log file of random's system information tool 1.04 (written by random/random)
Run by BOUBOULE at 2008-12-13 19:29:56
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 18 GB (43%) free of 40 GB
Total RAM: 1279 MB (67% free)

Log file of Trend Micro HijackThis v2.0.2
Scan saved at 19:30:07, on 13/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Vista Start Menu\VistaStartMenu.exe
C:\Documents and Settings\BOUBOULE\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Documents and Settings\BOUBOULE\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\BOUBOULE.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://outlook.live.com/owa/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Links
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Assistant Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yodm3D] C:\WINDOWS\Resources\Themes\VistaXP\y3d\Yodm3D.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [VistaStartMenu] "C:\Program Files\Vista Start Menu\VistaStartMenu.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\BOUBOULE\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\dwwnw64r.exe
O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\qcntqsdl.exe
O8 - Extra context menu item: E&xporter to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menu item: Java Console (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: Search - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menu item: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menu item: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.acer.com/worldwide/selection.html
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

--
End of file - 7749 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Maintenance in 1 click.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskUser.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn\yt.dll [2008-05-15 817936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
BitComet Helper - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll [2007-09-28 521528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Assistant Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-11-04 737776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F}
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn\yt.dll [2008-05-15 817936]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"=C:\WINDOWS\SiSUSBrg.exe [2002-07-12 106496]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2008-07-09 919016]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-11-26 81000]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]
"Yodm3D"=C:\WINDOWS\Resources\Themes\VistaXP\y3d\Yodm3D.exe [2007-06-26 2058752]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-10-15 68856]
"VistaStartMenu"=C:\Program Files\Vista Start Menu\VistaStartMenu.exe [2008-10-08 2145792]
"Google Update"=C:\Documents and Settings\BOUBOULE\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-13 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{cb4f3435-d5dc-b011-d183-3be40371df7c}]
C:\WINDOWS\system32\qyvjgsahzs.dll [2008-11-20 325120]

C:\Documents and Settings\BOUBOULE\Start Menu\Programs\Startup
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
DW_Start.lnk - C:\WINDOWS\system32\dwwnw64r.exe
Deewoo.lnk - C:\WINDOWS\system32\qcntqsdl.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\DAP\DAP.EXE"="C:\Program Files\DAP\DAP.EXE:*:Enabled:Download Accelerator Plus"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{27112af6-b7fb-11dd-87cc-000d87ee4b1b}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs

======List of files/folders created in the last 2 months======

2008-12-13 00:30:16 ----A---- C:\lopR.txt
2008-12-13 00:27:54 ----D---- C:\Lop SD
2008-12-12 15:51:30 ----D---- C:\rsit
2008-12-12 15:38:46 ----D---- C:\Documents and Settings\BOUBOULE\Application Data\Malwarebytes
2008-12-12 15:38:35 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-12 15:38:35 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-12 14:59:44 ----HD---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-12 14:53:19 ----HD---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-12 14:53:15 ----D---- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-12-12 14:52:25 ----HD---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-12 14:52:17 ----HD---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-11 20:54:33 ----D---- C:\WINDOWS\ERUNT
2008-12-11 20:30:11 ----D---- C:\SDFix
2008-12-11 17:45:32 ----A---- C:\WINDOWS\system32\tmp.txt
2008-12-11 17:45:29 ----A---- C:\rapport.txt
2008-12-11 17:34:15 ----D---- C:\Program Files\CCleaner
2008-12-11 17:18:47 ----D---- C:\Documents and Settings\All Users\Application Data\NortonInstaller
2008-12-11 15:14:08 ----A---- C:\TB.txt
2008-12-11 15:12:02 ----D---- C:\ToolBar SD
2008-12-11 14:38:06 ----D---- C:\Program Files\Trend Micro
2008-12-10 17:10:38 ----A---- C:\WINDOWS\system32\aswBoot.exe
2008-12-10 16:25:51 ----A---- C:\WINDOWS\system32\capicom.dll
2008-12-10 14:36:16 ----D---- C:\Documents and Settings\BOUBOULE\Application Data\PlayFirst
2008-12-10 14:36:16 ----D---- C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-12-10 02:35:11 ----D---- C:\Documents and Settings\BOUBOULE\Application Data\iWin
2008-12-10 02:35:11 ----D---- C:\Documents and Settings\All Users\Application Data\iWin
2008-12-10 02:34:45 ----D---- C:\Program Files\GamesBar
2008-12-10 02:34:41 ----D---- C:\Program Files\Common Files\Oberon Media
2008-12-10 02:34:40 ----D---- C:\Program Files\Gamenext
2008-12-09 14:35:40 ----D---- C:\WINDOWS\pss
2008-12-09 13:23:56 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-12-07 23:58:00 ----D---- C:\Documents and Settings\BOUBOULE\Application Data\Vista Start Menu
2008-12-07 23:57:47 ----D---- C:\Program Files\Vista Start Menu
2008-12-06 15:07:56 ----SHD---- C:\FOUND.008
2008-12-04 14:50:28 ----SHD---- C:\FOUND.007
2008-12-04 14:43:34 ----A---- C:\WINDOWS\system32\ptpusb.dll
2008-12-04 14:43:33 ----A---- C:\WINDOWS\system32\ptpusd.dll
2008-12-02 16:00:18 ----D---- C:\Documents and Settings\BOUBOULE\Application Data\AlterLab
2008-12-02 15:59:17 ----D---- C:\Program Files\Pogo FR
2008-12-02 15:59:17 ----D---- C:\Program Files\Common Files\Oberon Media
2008-11-29 16:58:39 ----D---- C:\Documents and Settings\BOUBOULE\Application Data\Leadertech
2008-11-26 22:02:30 ----D---- C:\Documents and Settings\BOUBOULE\Application Data\Meridian93
2008-11-26 22:02:13 ----D---- C:\Program Files\Zylom Games
2008-11-25 23:49:26 ----D---- C:\Documents and Settings\All Users\Application Data\pixelStorm
2008-11-23 17:41:08 ----SHD---- C:\FOUND.006
2008-11-22 19:02:44 ----D---- C:\Documents and Settings\BOUBOULE\Application Data\TuneUp Software
2008-11-21 13:15:15 ----A---- C:\WINDOWS\system32\lfgif13n.dll
2008-11-21 13:15:14 ----A---- C:\WINDOWS\system32\ltkrn13n.dll
2008-11-21 13:15:14 ----A---- C:\WINDOWS\system32\ltimg13n.dll
2008-11-21 13:15:14 ----A---- C:\WINDOWS\system32\ltfil13n.dll
2008-11-21 13:15:14 ----A---- C:\WINDOWS\system32\ltefx13n.dll
2008-11-21 13:15:14 ----A---- C:\WINDOWS\system32\ltdis13n.dll
2008-11-21 13:15:14 ----A---- C:\WINDOWS\system32\lfcmp13n.dll
2008-11-21 13:15:14 ----A---- C:\WINDOWS\system32\lfbmp13n.dll
2008-11-14 18:24:26 ----SHD---- C:\FOUND.005
2008-11-14 16:14:56 ----D---- C:\Program Files\PhotoFiltre
2008-11-14 15:15:53 ----D---- C:\Program Files\MSECache
2008-11-13 14:58:15 ----D---- C:\Documents and Settings\BOUBOULE\Application Data\funkitron
2008-11-13 03:03:50 ----HD---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-13 03:02:30 ----HD---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-13 03:00:57 ----HD---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-11 00:43:24 ----SHD---- C:\FOUND.004
2008-11-08 16:20:30 ----D---- C:\Documents and Settings\BOUBOULE\Application Data\Template
2008-11-08 09:24:44 ----SHD---- C:\FOUND.003
2008-11-06 00:32:28 ----HD---- C:\WINDOWS\$NtUninstallKB939683$
2008-11-04 15:34:41 ----D---- C:\Documents and Settings\BOUBOULE\Application Data\Teleca
2008-11-04 15:34:28 ----D---- C:\Documents and Settings\BOUBOULE\Application Data\Sony Ericsson
2008-11-01 15:03:44 ----SHD---- C:\FOUND.002
2008-10-31 12:48:00 ----D---- C:\Program Files\Apple Software Update
2008-10-31 12:47:51 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-10-31 12:46:40 ----D---- C:\Program Files\Sony
2008-10-31 12:42:44 ----RSD---- C:\WINDOWS\assembly
2008-10-31 12:42:04 ----D---- C:\WINDOWS\Microsoft.NET
2008-10-31 12:38:41 ----D---- C:\Program Files\Common Files\Sony Ericsson Shared
2008-10-31 12:38:40 ----D---- C:\Program Files\Common Files\Teleca Shared
2008-10-31 12:38:38 ----D---- C:\Program Files\Sony Ericsson
2008-10-31 12:38:16 ----D---- C:\WINDOWS\Downloaded Installations
2008-10-31 12:37:45 ----D---- C:\Documents and Settings\All Users\Application Data\Teleca
2008-10-31 12:37:45 ----D---- C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2008-10-30 20:29:31 ----D---- C:\Documents and Settings\BOUBOULE\Application Data\WinRAR
2008-10-29 10:38:09 ----D---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-29 10:37:58 ----D---- C:\Documents and Settings\All Users\Application Data\SpeedBit
2008-10-29 10:37:46 ----D---- C:\Program Files\DAP
2008-10-27 14:34:17 ----HD---- C:\WINDOWS\$NtUninstallKB941569$
2008-10-27 14:34:00 ----HD---- C:\WINDOWS\$NtUninstallKB929399$
2008-10-27 14:33:43 ----HD---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-10-27 14:33:34 ----HD---- C:\WINDOWS\$NtUninstallKB936782_WMP11$
2008-10-26 15:24:27 ----N---- C:\WINDOWS\system32\spmsg.dll
2008-10-26 15:24:26 ----HD---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2008-10-26 15:23:38 ----D---- C:\Program Files\Windows Media Connect 2
2008-10-26 14:16:17 ----D---- C:\Documents and Settings\BOUBOULE\Application Data\Samsung
2008-10-24 00:59:04 ----HD---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-24 00:58:57 ----D---- C:\Program Files\MSXML 4.0
2008-10-23 19:24:52 ----A---- C:\WINDOWS\system32\framedyn.dll
2008-10-23 19:22:50 ----D---- C:\WINDOWS\system32\Samsung_USB_Drivers
2008-10-23 19:22:46 ----D---- C:\Program Files\Samsung
2008-10-23 15:42:31 ----D---- C:\Documents and Settings\All Users\Application Data\MythPeople
2008-10-22 12:07:48 ----D---- C:\Program Files\Common Files\Adobe AIR
2008-10-22 12:05:19 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-10-22 09:13:04 ----D---- C:\Program Files\BitComet Accelerator 1.0
2008-10-21 21:03:54 ----D---- C:\Program Files\WinRAR
2008-10-18 16:25:33 ----D---- C:\Documents and Settings\BOUBOULE\Application Data\GamesCafe
2008-10-18 12:14:50 ----D---- C:\Documents and Settings\BOUBOULE\Application Data\Yahoo!
2008-10-17 23:11:23 ----D---- C:\Documents and Settings\All

Réponse 23 / 26

sKe69 Posted messages 21955 Status Contributeur sécurité 463

Hello,

We continue:

Download UsbFix (by Chiquitine29 and Chimay8) to your desktop:

http://sd-1.archive-host.com/membres/up/116615172019703188/UsbFix.exe

! Disconnect from the internet and close all ongoing applications !

--> Double-click on the .exe to start the installation of the tool (do not change the installation settings).

Mandatory:
Connect all your external units to your PC (USB key, external hard drive, flash disk, MP3 player, etc...) that may have been infected, as well as any CD and DVD-ROM that you may use most often (but do not open them!).

--> Double-click on the shortcut "UsbFix" on your desktop to launch the tool:

* Press 1 (option "cleaning") then [enter] and follow the instructions...

--> The PC will restart... let the tool work and do not touch anything...
(Note: for unused external units, click on "continue" when the warning message appears)

--> Once back at your desktop, wait for the end cleaning message,
then press a key so that the report "UsbFix.txt" is displayed.

Copy/paste its content into your next reply for analysis and wait for the next steps...

(Note: the UsbFix.txt report is saved at the root of the hard drive > C:\UsbFix.txt)

PS: If the desktop does not reappear, press Ctrl + Alt + Del, Tab "File" -> "New Task":
type explorer.exe and validate.
--
"Baby, I'm going on an airplane, And I don't know if I'll be back again"
IMPORTANT: do not think you are out of trouble until it has been told to you!

lacrame Posted messages 1 Registration date Status Membre Last intervention 1

Hello,

UsbFix Report:

-------------- UsbFix V2.413.4 ---------------

* User: BOUBOULE - SHINTA
* Tools updated on 11/12/2008 by Chiquitine29 and Chimay8
* Search conducted at 17:58:13 on 15/12/2008
* Windows XP - Internet Explorer 7.0.5730.13

--------------- [ Active Processes ] ----------------

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\DOCUME~1\BOUBOULE\LOCALS~1\Temp\1.tmp\b2e.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Vista Start Menu\VistaStartMenu.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

--------------- [ Drive Information ] ----------------

C: - Local drive

D: - Local drive

K: - Local drive

+- Autorun content: K:\autorun.inf

[autorun]
icon = .\Maxtor_Desktop.ico

--------------- [ Drive C ] ----------------

C: - Local drive

+- Listing of present files:

[02/10/2008 19:07][--a------] C:\AUTOEXEC.BAT
[03/10/2008 23:08][-rahs----] C:\NTDETECT.COM
[09/12/2008 14:43][-rahs----] C:\boot.ini
[11/12/2008 20:09][--a------] C:\rapport.txt
[11/12/2008 20:09][--a------] C:\TB.txt
[11/12/2008 20:09][--a------] C:\lopR.txt
[11/12/2008 20:09][--a------] C:\UsbFix.txt
[][] C:\hiberfil.sys
[][] C:\PAGEFILE.SYS
[][] C:\CONFIG.SYS
[][] C:\IO.SYS
[][] C:\MSDOS.SYS

--------------- [ Drive D ] ----------------

D: - Local drive

+- Listing of present files:

--------------- [ Drive K ] ----------------

K: - Local drive

+- Listing of present files:

[21/04/2008 09:33][--a------] K:\autorun.inf

--------------- [ Registry / Startup ] ----------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
CTFMON.EXE=C:\WINDOWS\system32\ctfmon.exe
MsnMsgr=" Yodm3D=C:\WINDOWS\Resources\Themes\VistaXP\y3d\Yodm3D.exe
swg=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
VistaStartMenu="
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
SiSUSBRG=C:\WINDOWS\SiSUSBrg.exe
ZoneAlarm Client=" avast!=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
Installed=1
=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
Installed=1
NoChange=1
=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
Installed=1
=

--------------- [ Registry / Mountpoint2 ] ----------------

Deleted! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{27112af6-b7fb-11dd-87cc-000d87ee4b1b}\Shell\AutoRun\command

--------------- [ Disk Cleanup ] ----------------

Deleted! - [11/12/2008 20:09][--a------] C:\WINDOWS\system32\tmp.reg
Deleted! - [11/12/2008 20:09][--a------] C:\WINDOWS\system32\tmp.txt
Deleted! - [21/04/2008 09:33][--a------] K:\autorun.inf

--------------- [ Summary ] ----------------

-> /!\ The result should be interpreted by a specialist /!\

[02/10/2008 19:07][--a------] C:\AUTOEXEC.BAT
[03/10/2008 23:08][-rahs----] C:\NTDETECT.COM
[09/12/2008 14:43][-rahs----] C:\boot.ini

--------------- ! End of report ! ----------------

Réponse 24 / 26

sKe69 Posted messages 21955 Status Contributeur sécurité 463

Hello,

Very well ...

Here are the next steps:

Download ComboFix (by sUBs) to your Desktop (and not elsewhere!):

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

--------------------------------------------- [ ! WARNING ! ] ----------------------------------------------------------
!! Disconnect, close your running applications (as well as your browser) and DISABLE ALL YOUR PROTECTIONS (anti-virus, anti-spyware guard, firewall) during the operation:
indeed, if activated, they could greatly interfere with the scanning and cleaning process of the tool (even crash the PC)... You will reactivate them afterwards !!
--->Important: if you encounter difficulties at this stage, let me know before proceeding ... Tutorial (help) here: https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
Note: for XP, be sure to install the Windows Recovery Console as indicated in the tutorial above ...
---------------------------------------------------------------------------------------------------------------------------------

Then:
double-click on the "combofix.exe" icon to launch the tool.

Press the Y (Yes) key to start the scan.

Important notes:
-> do not use your mouse or keyboard (or any other pointing device) while the program runs. This could freeze the computer.
-> The PC may restart by itself (to finalize the cleaning), let it do so.
-> If the tool tells you: "combofix has detected the presence of a rootkit and needs to restart your machine", you accept ...
-> if a Windows error message appears at any time: click the red cross at the top right of the window to close it (and not on anything else! otherwise no report ...)

The report will be created here: C:\Combofix.txt

Be sure to reactivate your protections.

Post the Combofix report along with a new RSIT report (Log.txt) for analysis ...

--
"Baby, I'm going on an airplane, And I don't know if I'll be back again"
IMPORTANT: do not think you are out of trouble until we have
told you so!

lacrame Posted messages 1 Registration date Status Membre Last intervention 1

Should I install the recovery console in my case?

Réponse 25 / 26

sKe69 Posted messages 21955 Status Contributeur sécurité 463

yes, it is strongly recommended ...
--
"Baby, I'm going on an airplane, And I don't know if I'll be back again"
IMPORTANT: do not think you are in the clear until someone has told you so!

lacrame Posted messages 1 Registration date Status Membre Last intervention 1

The problem is that I don't have the CD to install it!

Réponse 26 / 26

sKe69 Posted messages 21955 Status Contributeur sécurité 463

Everything is explained in the tutorial for those who don't have the CD! ^^
Take your time and look closely... ^^

(a small summary done by DllD here:
http://www.commentcamarche.net/forum/affich 9649591 plantage avec combofix?page=2#64)

--
"Baby, I'm going on an airplane, And I don't know if I'll be back again"
IMPORTANT: don't think you're out of the woods until we've told you so!

Error message on every startup! - Page 2

Alexandra ledermann pirouette

Texture issues in enshrouded

Pixma mx495 printer error code b204 and still under warranty

Canon mb5350 - cartridge replacement impossible

Have you ever been scammed by justlo?

Nexplay reviews

How to cancel adopte un maturé subscription

Non-functioning rj45 sockets

Sbc ru 252 universal remote code

Chicsoso reviews - is the site reliable?