Computer slow AND pop up in IE ... HIJACK REPORT HELP NEEDED !

gesatzs · Sep 6, 2008

My computer is slow, and windows are opened in IE without clicking...
:-(

I ran Spyware doctor twice... Kaspersky is up to date...
I hope you guys can help me reading this Hijack report ...
thanks :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:33:16, on 06/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\T-Mobile\web'n'walk Manager\GtDetectSc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS\vsnpstd2.exe
C:\Program Files\WinPatrol\winpatrol.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
E:\ProgramFiles\CS3\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
J:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Thomas\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\T-Mobile\web'n'walk Manager\web'n'walk Manager.exe
C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe
C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
J:\PROGRAM FILES\MSI\CORE CENTER\CORECENTER.EXE
J:\PROGRA~1\MICROS~1\Office12\OUTLOOK.EXE
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE
C:\Program Files\AxBx\Clean Virus MSN\CleanVirusMSN.exe
C:\PROGRAM FILES\POWERISO\PWRISOVM.EXE
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.9online.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.fr/nwshp?hl=fr&tab=wn&q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - E:\ProgramFiles\CS3\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - J:\flashget\jccatch.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: Skype Control Class - {9018F6A8-2495-45DF-9F16-C738F8F3C8FF} - C:\WINDOWS\system32\SkypeComm.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - E:\ProgramFiles\CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - J:\flashget\getflash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\ProgramFiles\CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - E:\ProgramFiles\CS3\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PtiuPbmd] Rundll32.exe ptipbm.dll,SetWriteBack
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Kupdate] C:\Documents and Settings\Thomas\Bureau\KavU.exe
O4 - HKLM\..\Run: [NetAnalyse] K:\NetAnalyse\NetAnalyse.exe
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [Flashget] J:\flashget\FlashGet.exe /min
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "E:\ProgramFiles\CS3\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\FICHIE~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "J:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BitTorrent] "K:\Program Files\Bittorent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [Internet Download Accelerator] C:\Program Files\IDA\ida.exe -autorun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Thomas\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: NetAnalyse.lnk = K:\NetAnalyse\NetAnalyse.exe
O4 - Global Startup: web'n'walk Manager.lnk = C:\Program Files\T-Mobile\web'n'walk Manager\web'n'walk Manager.exe
O4 - Global Startup: WlanUtility.lnk = C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe
O8 - Extra context menu item: &Download All with FlashGet - J:\flashget\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - J:\flashget\jc_link.htm
O8 - Extra context menu item: &Tout télécharger avec FlashGet - J:\flashget\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - J:\flashget\jc_link.htm
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://E:\ProgramFiles\CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir en Adobe PDF - res://E:\ProgramFiles\CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://E:\ProgramFiles\CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://E:\ProgramFiles\CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://E:\ProgramFiles\CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://E:\ProgramFiles\CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://E:\ProgramFiles\CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://E:\ProgramFiles\CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://J:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://J:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - J:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - J:\flashget\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - J:\flashget\FlashGet.exe
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - J:\Program Files\IrfanView\Ebay\Ebay.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {594ECDD4-A991-4208-A7B7-00DDAD9BE328} (Photosynth Class) - http://media.labs.live.com/all/ps/_code_/Photosynth.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1151611568796
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player/install/installer.exe
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (Contrôleur de DownloadManager) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Aattdat - - (no file)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe Version Cue CS3 {fr_FR} (Adobe Version Cue CS3) - Adobe Systems Incorporated - C:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GtDetectSc - Option - C:\Program Files\T-Mobile\web'n'walk Manager\GtDetectSc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - K:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007\Win32\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - K:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007\RpcSandraSrv.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

--
End of file - 14281 bytes

cdavfrew · Sep 6, 2008

Hi gesatzs

Sounds like a pesky problem.

First, please download Combofix.
With Combofix, at the download window, please rename it to Combo-fix(.exe) before downloading it.

Please disable all security programs, such as antiviruses, antispywares, and firewalls.
Also disable your internet connection.

• Run Combo-Fix.exe and follow the prompts.
**Understand that things like your system clock changing and your desktop disappearing might happen. Do not worry, because all will be restored later.
• Wait for the scan to be completed.
• If it requires a reboot, please do it.
• After the scan has completed entirely, please post the log here. The log will be located at C:\ComboFix(.txt)

Do not click on the Comobofix window, as it may cause it to stall.

Best Regards

gesatzs · Sep 7, 2008

Thanks a lot...
Here is the Conbo fix report :

ComboFix 08-09-05.02 - Thomas 2008-09-07 12:26:55.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1591 [GMT 2:00]
Endroit: C:\Documents and Settings\Thomas\Bureau\Combo-fix.exe
* Création d'un nouveau point de restauration

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Thomas\Cookies\thomas@revsci[1].txt
C:\Documents and Settings\Thomas\Cookies\thomas@trafiz[1].txt
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\system32\actskn43.ocx
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\SkypeComm.dll
C:\WINDOWS\system32\url(3).dll
C:\WINDOWS\system32\wanpacket.dll
C:\WINDOWS\system32\wpcap.dll
D:\Autorun.inf
G:\Autorun.inf
S:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_NPF

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-08-07 to 2008-09-07 ))))))))))))))))))))))))))))))))))))
.

2008-09-07 12:12 . 2008-09-07 12:13 5,234 --a------ C:\WINDOWS\system32\mstmpxmlfun.xml
2008-09-06 13:32 . 2008-09-06 13:32 <REP> d-------- C:\Program Files\Trend Micro
2008-09-06 13:25 . 2008-09-06 13:25 <REP> d-------- C:\Program Files\AxBx
2008-09-05 10:07 . 2008-09-05 10:07 <REP> d-------- C:\Program Files\Lavasoft
2008-09-05 10:07 . 2008-09-05 10:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-09-05 09:58 . 2008-09-05 21:36 <REP> d-------- C:\Program Files\Spyware Doctor
2008-09-05 09:58 . 2008-09-05 09:58 <REP> d-------- C:\Documents and Settings\Thomas\Application Data\PC Tools
2008-09-05 09:58 . 2008-09-07 12:21 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-05 09:58 . 2008-08-25 11:36 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-09-05 09:58 . 2008-08-25 11:36 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-09-05 09:58 . 2008-08-25 11:36 40,840 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-09-05 09:58 . 2008-06-02 15:19 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-09-04 14:46 . 2008-09-07 12:33 <REP> d-------- C:\Downloads
2008-08-18 23:04 . 2008-08-18 23:04 <REP> d-------- C:\Program Files\Safari
2008-08-18 22:59 . 2008-08-18 22:59 <REP> d-------- C:\Program Files\Apple Software Update
2008-08-16 10:29 . 2008-08-16 10:29 <REP> d-------- C:\Documents and Settings\Thomas\Incomplete
2008-08-16 10:25 . 2008-08-16 10:25 <REP> d-------- C:\Documents and Settings\Thomas\Application Data\LimeWire
2008-08-15 11:42 . 2008-08-15 11:42 <REP> d-------- C:\Documents and Settings\Thomas\Application Data\Auslogics
2008-08-15 11:41 . 2008-08-15 11:42 <REP> d-------- C:\Program Files\Auslogics
2008-08-15 10:50 . 2008-08-15 10:50 <REP> d-------- C:\Program Files\Skype
2008-08-15 10:50 . 2008-08-15 10:50 <REP> d-------- C:\Program Files\Fichiers communs\Skype
2008-08-15 10:50 . 2008-09-07 12:11 <REP> d-------- C:\Documents and Settings\Thomas\Application Data\skypePM
2008-08-15 10:50 . 2008-09-07 12:35 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-07 10:40 44,199,712 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-09-07 10:39 --------- d-----w C:\Documents and Settings\Thomas\Application Data\Skype
2008-09-07 10:34 1,534,240 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-09-07 10:31 606,296 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-09-07 10:31 154,208 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-09-07 10:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-09-05 08:06 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-08-29 17:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-08-26 20:57 --------- d-----w C:\Documents and Settings\Thomas\Application Data\Apple Computer
2008-08-18 21:55 --------- d-----w C:\Documents and Settings\Thomas\Application Data\ZoomBrowser EX
2008-08-18 14:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\ZoomBrowser
2008-08-15 08:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-08-07 05:39 96,976 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-07-24 09:48 87,855 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-07-22 15:47 --------- d-----w C:\Program Files\Fichiers communs\Macromedia
2008-07-22 15:40 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-22 14:31 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-07-15 15:08 --------- d-----w C:\Documents and Settings\Thomas\Application Data\Canon
2008-07-15 14:35 --------- d-----w C:\Program Files\Canon
2008-07-15 14:34 --------- d-----w C:\Program Files\Fichiers communs\Canon
2008-07-08 10:23 --------- d-----w C:\Program Files\T-Mobile
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 16:28 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2007-12-04 18:47 49 ----a-w C:\Documents and Settings\Thomas\info.dat
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-01-31 171448]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-08-11 21741864]
"AdobeUpdater"="C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe" [2007-02-28 2321600]
"Google Update"="C:\Documents and Settings\Thomas\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-04 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 36975]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"SNPSTD2"="C:\WINDOWS\vsnpstd2.exe" [2004-01-05 40960]
"WinPatrol"="C:\Program Files\WinPatrol\winpatrol.exe" [2007-10-26 292152]
"Flashget"="J:\flashget\FlashGet.exe" [2007-09-25 2007088]
"Acrobat Assistant 8.0"="E:\ProgramFiles\CS3\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 623992]
"Adobe_ID0EYTHM"="C:\PROGRA~1\FICHIE~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 1884160]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-06-02 267048]
"QuickTime Task"="J:\Program Files\QuickTime\qttask.exe" [2008-05-27 413696]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2007-12-18 227856]
"SoundMan"="SOUNDMAN.EXE" [2003-12-19 C:\WINDOWS\SOUNDMAN.EXE]
"PtiuPbmd"="ptipbm.dll" [2003-01-15 C:\WINDOWS\system32\ptipbm.dll]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"D:\\StubInstaller.exe"=
"K:\\Program Files\\LimeWire\\LimeWire.exe"=
"K:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2007\\sandra.exe"=
"K:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2007\\RpcSandraSrv.exe"=
"K:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2007\\Win32\\RpcDataSrv.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"K:\\Program Files\\eMule\\emule.exe"=
"K:\\MaxTV-v3\\MaxTV.exe"=
"J:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.321\\French\\setup.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 7.0\\avp.exe"=
"C:\\Program Files\\Fichiers communs\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"E:\\ProgramFiles\\CS3\\Adobe Dreamweaver CS3\\Dreamweaver.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"J:\\flashget\\flashget.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7080:TCP"= 7080:TCP:MaxTV tcp
"7080:UDP"= 7080:UDP:Max TV udp
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

R0 viasraid;viasraid;C:\WINDOWS\system32\DRIVERS\viasraid.sys [2003-10-31 77312]
R2 GtDetectSc;GtDetectSc;C:\Program Files\T-Mobile\web'n'walk Manager\GtDetectSc.exe [2007-11-05 204915]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 24592]
R3 PCAlertDriver;PCAlertDriver;J:\PROGRAM FILES\MSI\CORE CENTER\NTGLM7X.sys [2006-05-25 27648]
R3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2005-07-12 17664]
R3 RushTopDevice;RushTopDevice;J:\Program Files\MSI\Core Center\RushTop.sys [2006-05-23 39936]
S0 FVDSCSI;FVDSCSI;C:\WINDOWS\system32\DRIVERS\fvdscsi.sys [ ]
S3 GT72NDISIPXP;GT 72 IP NDIS;C:\WINDOWS\system32\DRIVERS\Gt51Ip.sys [2007-07-09 95744]
S3 GT72UBUS;GT 72 U BUS;C:\WINDOWS\system32\DRIVERS\gt72ubus.sys [2007-06-26 51968]
S3 GTPTSER;GT PT SER;C:\WINDOWS\system32\DRIVERS\gtptser.sys [2007-03-30 8064]
S3 snpstd2;USB PC Camera (SN9C103);C:\WINDOWS\system32\DRIVERS\snpstd2.sys [2004-03-22 302720]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 15104]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{92307805-4cd7-11dd-8ca3-0011672ab380}]
\Shell\AutoRun\command - L:\setup.exe AUTORUN=1

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9549c17f-054d-11dc-b98e-0011094dc602}]
\Shell\AutoRun\command - M:\Autorun.exe HowToUse\HowToUse.html

*Newly Created Service* - PCALERTDRIVER
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-BitTorrent - K:\Program Files\Bittorent\bittorrent.exe
HKCU-Run-Internet Download Accelerator - C:\Program Files\IDA\ida.exe
HKLM-Run-Kupdate - C:\Documents and Settings\Thomas\Bureau\KavU.exe
HKLM-Run-NetAnalyse - K:\NetAnalyse\NetAnalyse.exe
HKLM-Run-adiras - adiras.exe
ShellExecuteHooks-{56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll

.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\mtkiih10.default\
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-07 12:34:52
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\T-Mobile\web'n'walk Manager\web'n'walk Manager.exe
C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe
C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe
C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\iPod\bin\iPodService.exe
J:\Program Files\MSI\Core Center\CoreCenter.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-09-07 12:43:58 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-07 10:43:37

Pre-Run: 4,149,768,192 octets libres
Post-Run: 8,063,758,336 octets libres

207 --- E O F --- 2008-08-29 17:07:11

cdavfrew · Sep 7, 2008

Hey gesatzs

Please download Superantispyware Free and install it. Follow the prompts and reboot if required.

Launch Superantispyware Free either by running C:\Program Files\SUPERANTISPWYARE.exe or right-click on the SuperAntispyware icon in your task bar (it looks like a bug) and click on Scan for Spyware, Adware, Malware...

Configuring SuperAntispyware

• Click on Preferences.
• In the tab General and Startup, make sure the box Start SuperAntispyware when Windows starts is unchecked. This will prevent SuperAntispyware from starting everytime, because it may interfere with other fixes that may be run.
• Navigate to the tab Scanning Control.
• Make sure only these boxes are checked:
Code:
Close browsers before scanning
Scan for tracking cookies
Terminate memory threats before quarantining
Scan Alternate Data Streams
Use Kernel Direct File Access (recommended)
Use Kernel Direct Registry Access (recommended)
Use Direct Disk Access (recommended)
• Click on Close.

Updating SuperAntispyware

• At the main window, click on Check for Updates....
• Wait for SuperAntispyware to be fully updated.

Scanning Time

• Close all browsers.
• At the main window, click on Scan your Computer....
• Make sure all drives (excluding CD drives) are checked, select Perform Complete Scan, and then click on Next.
• Wait for the scan to complete, and then click on Next>. This will quarantine and remove all detected items.
• Reboot your computer.

Post A Log

• Launch SuperAntispyware
• Click on Preferences
• Navigate to the tab Statistics/Logs.
• Choose the latest scan log, and the click on View Log....
• Copy and paste the contents of the log here in your next post.

Best Regards

gesatzs · Sep 8, 2008

Thanks
Here is the report :

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/08/2008 at 11:46 AM

Application Version : 4.21.1004

Core Rules Database Version : 3558
Trace Rules Database Version: 1546

Scan type : Complete Scan
Total Scan Time : 01:17:51

Memory items scanned : 415
Memory threats detected : 0
Registry items scanned : 5620
Registry threats detected : 0
File items scanned : 33535
File threats detected : 123

Adware.Tracking Cookie
C:\Documents and Settings\Thomas\Cookies\thomas@revsci[1].txt
C:\Documents and Settings\Thomas\Cookies\thomas@trackers.1st-affiliation[2].txt
C:\Documents and Settings\Thomas\Cookies\thomas@ehg-sanomadata.hitbox[2].txt
C:\Documents and Settings\Thomas\Cookies\thomas@doubleclick[1].txt
C:\Documents and Settings\Thomas\Cookies\thomas@j2global.122.2o7[1].txt
C:\Documents and Settings\Thomas\Cookies\thomas@stat.dealtime[1].txt
C:\Documents and Settings\Thomas\Cookies\thomas@www.cdiscount[2].txt
C:\Documents and Settings\Thomas\Cookies\thomas@advertising[3].txt
C:\Documents and Settings\Thomas\Cookies\thomas@track.effiliation[1].txt
C:\Documents and Settings\Thomas\Cookies\thomas@haynet.adbureau[2].txt
C:\Documents and Settings\Thomas\Cookies\thomas@www.fatpenguinmedia[1].txt
C:\Documents and Settings\Thomas\Cookies\thomas@samsung.solution.weborama[2].txt
C:\Documents and Settings\Thomas\Cookies\thomas@247realmedia[1].txt
C:\Documents and Settings\Thomas\Cookies\thomas@audit.median[1].txt
C:\Documents and Settings\Thomas\Cookies\thomas@audiag.112.2o7[1].txt
C:\Documents and Settings\Thomas\Cookies\thomas@statcounter[2].txt
C:\Documents and Settings\Thomas\Cookies\thomas@weborama[2].txt
C:\Documents and Settings\Thomas\Cookies\thomas@overture[1].txt
C:\Documents and Settings\Thomas\Cookies\thomas@mediaplex[1].txt
C:\Documents and Settings\Thomas\Cookies\thomas@mystat.synch[2].txt
C:\Documents and Settings\Thomas\Cookies\thomas@weba.cdiscount[1].txt
C:\Documents and Settings\Thomas\Cookies\thomas@4stats[2].txt
C:\Documents and Settings\Thomas\Cookies\thomas@smartadserver[1].txt
C:\Documents and Settings\Thomas\Cookies\thomas@fr.sitestat[4].txt
C:\Documents and Settings\Thomas\Cookies\thomas@tracking.lsfinteractive[1].txt
C:\Documents and Settings\Thomas\Cookies\thomas@paypal.112.2o7[1].txt
C:\Documents and Settings\Thomas\Cookies\thomas@tradedoubler[1].txt
C:\Documents and Settings\Thomas\Cookies\thomas@adtech[1].txt
C:\Documents and Settings\Thomas\Cookies\thomas@eas3.emediate[2].txt
C:\Documents and Settings\Thomas\Cookies\thomas@data.coremetrics[1].txt
C:\Documents and Settings\Thomas\Cookies\thomas@click-fr[1].txt
C:\Documents and Settings\Thomas\Cookies\thomas@aimfar.solution.weborama[2].txt
C:\Documents and Settings\Thomas\Cookies\thomas@kontera[2].txt
C:\Documents and Settings\Thomas\Cookies\thomas@revenue[2].txt
C:\Documents and Settings\Thomas\Cookies\thomas@adopt.euroclick[2].txt
C:\Documents and Settings\Thomas\Cookies\thomas@imrworldwide[2].txt
C:\Documents and Settings\Thomas\Cookies\thomas@adopt.specificclick[2].txt
C:\Documents and Settings\Thomas\Cookies\thomas@stats.adbrite[1].txt
C:\Documents and Settings\Thomas\Cookies\thomas@bs.serving-sys[2].txt
C:\Documents and Settings\Thomas\Cookies\thomas@date.ventivmedia[2].txt
C:\Documents and Settings\Thomas\Cookies\thomas@hitbox[2].txt
C:\Documents and Settings\Thomas\Cookies\thomas@xiti[2].txt
C:\Documents and Settings\Thomas\Cookies\thomas@tmadvertising.httpsvc.vitalstreamcdn[2].txt
C:\Documents and Settings\Thomas\Cookies\thomas@yourmedia[1].txt
C:\Documents and Settings\Thomas\Cookies\thomas@serving-sys[1].txt
C:\Documents and Settings\Thomas\Cookies\thomas@apmebf[1].txt
C:\Documents and Settings\Thomas\Cookies\thomas@tracking.publicidees[1].txt
C:\Documents and Settings\Thomas\Cookies\thomas@ipoint.targetpoint[1].txt
C:\Documents and Settings\Thomas\Cookies\thomas@adbrite[1].txt
C:\Documents and Settings\Thomas\Cookies\thomas@media.adrevolver[2].txt
C:\Documents and Settings\Thomas\Cookies\thomas@volvogroup.112.2o7[1].txt
C:\Documents and Settings\Thomas\Cookies\thomas@adviva[1].txt
C:\Documents and Settings\Thomas\Cookies\thomas@buzznet.112.2o7[1].txt
C:\Documents and Settings\Thomas\Cookies\thomas@tag.d-stat[1].txt
C:\Documents and Settings\Thomas\Cookies\thomas@fr.sitestat[1].txt
C:\Documents and Settings\Thomas\Cookies\thomas@wysistat[2].txt
C:\Documents and Settings\Thomas\Cookies\thomas@altimasa.112.2o7[1].txt
C:\Documents and Settings\Thomas\Cookies\thomas@cdiscount[1].txt
C:\Documents and Settings\Thomas\Cookies\thomas@eas.apm.emediate[2].txt
C:\Documents and Settings\Thomas\Cookies\thomas@ads.revsci[1].txt
C:\Documents and Settings\Thomas\Cookies\thomas@adverticum[1].txt
C:\Documents and Settings\Thomas\Cookies\thomas@bluestreak[2].txt
C:\Documents and Settings\Thomas\Cookies\thomas@ad.zanox[2].txt
C:\Documents and Settings\Thomas\Cookies\thomas@ad.caradisiac[1].txt
C:\Documents and Settings\Thomas\Cookies\thomas@zbox.zanox[1].txt
C:\Documents and Settings\Thomas\Cookies\thomas@nintendo.112.2o7[1].txt
C:\Documents and Settings\Thomas\Cookies\thomas@adserver.aol[1].txt
C:\Documents and Settings\Thomas\Cookies\thomas@atdmt[2].txt
C:\Documents and Settings\Thomas\Cookies\thomas@webstat.yamaha[2].txt
C:\Documents and Settings\Thomas\Cookies\thomas@estat[1].txt
C:\Documents and Settings\Thomas\Cookies\thomas@ad.yieldmanager[1].txt
C:\Documents and Settings\Thomas\Cookies\thomas@track.adform[2].txt
C:\Documents and Settings\Thomas\Cookies\thomas@tracking.dc-storm[1].txt
C:\Documents and Settings\Thomas\Cookies\thomas@zedo[1].txt
C:\Documents and Settings\Thomas\Cookies\thomas@optimize.indieclick[2].txt
C:\Documents and Settings\Thomas\Cookies\thomas@fr.sitestat[2].txt
C:\Documents and Settings\Thomas\Cookies\thomas@fr.sitestat[3].txt
C:\Documents and Settings\Thomas\Cookies\thomas@specificclick[1].txt
C:\Documents and Settings\Thomas\Cookies\thomas@fonciabanquepopulaire.solution.weborama[2].txt
C:\Documents and Settings\Thomas\Cookies\thomas@videoegg.adbureau[1].txt
C:\Documents and Settings\Thomas\Cookies\thomas@tracker.pegsanalytics[2].txt
C:\Documents and Settings\Thomas\Cookies\thomas@fl01.ct2.comclick[1].txt
C:\Documents and Settings\Thomas\Cookies\thomas@microsoftwindows.112.2o7[1].txt
C:\Documents and Settings\Thomas\Cookies\thomas@producemedia[2].txt
C:\Documents and Settings\Thomas\Cookies\thomas@stats.sports[1].txt
C:\Documents and Settings\Thomas\Cookies\thomas@adlegend[2].txt
C:\Documents and Settings\Thomas\Cookies\thomas@ads.shopreflex[2].txt
C:\Documents and Settings\Thomas\Cookies\thomas@ads.pointroll[1].txt
C:\Documents and Settings\Thomas\Cookies\thomas@ice.112.2o7[1].txt
C:\Documents and Settings\Thomas\Cookies\thomas@redcats.122.2o7[1].txt
C:\Documents and Settings\Thomas\Cookies\thomas@richmedia.yahoo[2].txt
C:\Documents and Settings\Thomas\Cookies\thomas@wwwmynewsbarfr.solution.weborama[2].txt
C:\Documents and Settings\Thomas\Cookies\thomas@lorealparis.solution.weborama[2].txt
C:\Documents and Settings\Thomas\Cookies\thomas@e-2dj6wmkyghazadq.stats.esomniture[2].txt
C:\Documents and Settings\Thomas\Cookies\thomas@statse.webtrendslive[2].txt
C:\Documents and Settings\Thomas\Cookies\thomas@uk.sitestat[4].txt
C:\Documents and Settings\Thomas\Cookies\thomas@uk.sitestat[1].txt
C:\Documents and Settings\Thomas\Cookies\thomas@sixapart.adbureau[2].txt
C:\Documents and Settings\Thomas\Cookies\thomas@tacoda[2].txt
C:\Documents and Settings\Thomas\Cookies\thomas@www.googleadservices[3].txt
C:\Documents and Settings\Thomas\Cookies\thomas@questionmarket[1].txt
C:\Documents and Settings\Thomas\Cookies\thomas@tracker.pegsanalytics[1].txt
C:\Documents and Settings\Thomas\Cookies\thomas@ads.ratiatum[2].txt
C:\Documents and Settings\Thomas\Cookies\thomas@nl.sitestat[1].txt
C:\Documents and Settings\Thomas\Cookies\thomas@atwola[2].txt
C:\Documents and Settings\Thomas\Cookies\thomas@www.clickmanage[2].txt
C:\Documents and Settings\Thomas\Cookies\thomas@boursoramabanque.solution.weborama[2].txt
C:\Documents and Settings\Thomas\Cookies\thomas@easyvoyagejanvier2008.solution.weborama[2].txt
C:\Documents and Settings\Thomas\Cookies\thomas@valueclick[1].txt
C:\Documents and Settings\Thomas\Cookies\thomas@casalemedia[1].txt
C:\Documents and Settings\Thomas\Cookies\thomas@adrevolver[2].txt
C:\Documents and Settings\Thomas\Cookies\thomas@fortuneopub.solution.weborama[2].txt
C:\Documents and Settings\Thomas\Cookies\thomas@media.adrevolver[3].txt
C:\Documents and Settings\Thomas\Cookies\thomas@mmstat[2].txt
C:\Documents and Settings\Thomas\Cookies\thomas@cetelem.solution.weborama[2].txt
C:\Documents and Settings\Thomas\Cookies\thomas@himedia.112.2o7[1].txt
C:\Documents and Settings\Thomas\Cookies\thomas@uk.sitestat[3].txt
C:\Documents and Settings\Thomas\Cookies\thomas@uk.sitestat[2].txt
C:\Documents and Settings\Thomas\Cookies\thomas@ehg-bbc.hitbox[1].txt
C:\Documents and Settings\Thomas\Cookies\thomas@tribalfusion[2].txt
C:\Documents and Settings\Thomas\Cookies\thomas@infobebes.solution.weborama[2].txt
C:\Documents and Settings\Thomas\Cookies\thomas@advertising[1].txt
C:\QooBox\Quarantine\C\Documents and Settings\Thomas\Cookies\thomas@revsci[1].txt.vir

cdavfrew · Sep 8, 2008

You look clean.

Tell me what problems you're still having.

Best Regards

gesatzs · Sep 8, 2008

It all good now. (so far...)
Combo fix seems to have corrected few things, Kaspersky finished the job (although I ran it before...).

A great thanks for your help...

thomas.

cdavfrew · Sep 8, 2008

You're welcome

Log in or Sign up

Computer slow AND pop up in IE ... HIJACK REPORT HELP NEEDED !

gesatzs Member

cdavfrew Regular member

gesatzs Member

cdavfrew Regular member

gesatzs Member

cdavfrew Regular member

gesatzs Member

cdavfrew Regular member

Share This Page

Log in or Sign up

Computer slow AND pop up in IE ... HIJACK REPORT HELP NEEDED !

gesatzs Member

cdavfrew Regular member

gesatzs Member

cdavfrew Regular member

gesatzs Member

cdavfrew Regular member

gesatzs Member

cdavfrew Regular member

Share This Page

Useful Searches