1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Virus Burst- Critical System Error!

Discussion in 'Windows - Virus and spyware problems' started by Jay05, Sep 5, 2006.

  1. GillesRM

    GillesRM Member

    Joined:
    Sep 14, 2006
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    11
    Hi I am so sorry it took me sooo long! I haf big problems with rebooting, and I couldn't even do it in safe mode (everytime, after pressing f8 to access the modes menu, the keyboard got frozen!), now it seems that my computer is ok, I can even tell you it hadn't been so fast for a long time :)

    so in the two following threads I'm sending you the two reports (sorry, the smitfraud one is in french :)

    Thanks a big lot again, I could never have done this without a real human being explaining me step by step :)
     
  2. GillesRM

    GillesRM Member

    Joined:
    Sep 14, 2006
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    11
    SmitFraudFix v2.88

    Rapport fait à 3:37:06,09, 15/09/2006
    Executé à partir de C:\Program Files\SmitfraudFix\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
    Fix executé en mode normal

    »»»»»»»»»»»»»»»»»»»»»»»» Avant SmitFraudFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{2be26361-58a2-4836-be57-b838f02fec3f}"="astrogeology"


    »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

    C:\WINDOWS\system32\qxfgcg.dll supprimé
    C:\Documents and Settings\Gilles\Application Data\Microsoft\Internet Explorer\Quick Launch\Virus-Burst 6.1.lnk supprimé
    C:\DOCUME~1\ALLUSE~1\MENUDM~1\Online Security Guide.url supprimé
    C:\DOCUME~1\ALLUSE~1\MENUDM~1\Security Troubleshooting.url supprimé
    C:\Program Files\Media-Codec\ supprimé

    »»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


    »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

    Nettoyage terminé.

    »»»»»»»»»»»»»»»»»»»»»»»» Après SmitFraudFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» Fin

     
  3. GillesRM

    GillesRM Member

    Joined:
    Sep 14, 2006
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    11
    Logfile of HijackThis v1.99.1
    Scan saved at 04:03:35, on 15/09/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Spyware Doctor\sdhelp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\system32\fxssvc.exe
    C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\INTERV~1\WinDVR\WINSCH~1.EXE
    C:\WINDOWS\system32\NVAREM.EXE
    C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    C:\PROGRA~1\NORTON~1\navapw32.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\MessengerPlus! 3\MsgPlus.exe
    C:\Program Files\Spyware Doctor\swdoctor.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    C:\Program Files\AOL 8.0b\aoltray.exe
    C:\WINDOWS\System32\x10nets.exe
    C:\Program Files\AOL 8.0b\waol.exe
    C:\Program Files\AOL 8.0b\shellmon.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\HijackThis_v1.99.1.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: GRATWEE - {4E7BD74F-2B8D-469E-D7FB-E878B587BD7D} - C:\WINDOWS\DOWNLO~1\gratwee.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [WINSCHEDULER] C:\PROGRA~1\INTERV~1\WinDVR\WINSCH~1.EXE
    O4 - HKLM\..\Run: [NVIDIA Remote Control Panel] NVAREM.EXE /S /Q /R /L /A1 /B0 /C0 /D2 /E0
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
    O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O5 "LPT1:" /M "Stylus CX3600"
    O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series (Copie 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P36 "EPSON Stylus CX3600 Series (Copie 1)" /O6 "USB001" /M "Stylus CX3600"
    O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [Piolet] C:\Program Files\Piolet\Piolet.exe SILENT
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [Wspn] C:\Program Files\Wspn\wspn.exe
    O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [Error Safe] C:\Program Files\Error Safe\ers.exe /min
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [YeppStudioAgent] C:\Program Files\Samsung\SamsungMediaStudio4.1\SamsungMediaStudioAgent.exe
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKCU\..\Run: [NvCplScan] nvsc32.exe
    O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: AOL 8.0 Icône AOL.lnk = C:\Program Files\AOL 8.0b\aoltray.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
    O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.fr.aol.com/molbin/shared/mcinsctl/fr/4,0,0,84/mcinsctl.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {5CA8D349-C6E7-11D4-8166-009027DF3BB2} (France Telecom MDDK ActiveX Control) - http://accueil.ava.serveur-ava.com/stkid_data/ocx/mDKid.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.fr.aol.com/molbin/shared/mcgdmgr/fr/1,0,0,21/mcgdmgr.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://arcade.icq.com/carlo/zuma/popcaploader_v5.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{9EE044B2-D5F7-43D2-ABCA-D30FC9182443}: NameServer = 205.188.146.145
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    O23 - Service: McAfee.com Personal Firewall Service (MpfService) - McAfee.com Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
    O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\WINDOWS\System32\x10nets.exe

     
  4. GillesRM

    GillesRM Member

    Joined:
    Sep 14, 2006
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    11
    I hope everybody will excuse me for the flooding :)

    Well, everything seems to be okay now, but the reports indicates i have still lots of those annoying spywares, though those ones don't seem to harm much. Do you know a particular antivirus or anti-something program that could efficiently remove all that and prevent those to come ? (I prefer asking this to someone who knows better, so if i pay for a program, at least i'm sure to pay for the good one :)

    Thanks a lot again I really have no idea how I would have come up without help!!
     
  5. maca1

    maca1 Regular member

    Joined:
    Mar 15, 2006
    Messages:
    630
    Likes Received:
    0
    Trophy Points:
    26
    Hi, still more to do, go to add /remove programs and remove [bold]Errorsafe [/bold]if listed

    Download Ewido Anti-Spyware http://www.ewido.net/en/download/
    · Install and run ewido
    · Click Scanner
    · select the "Settings" tab.
    · Once in the Settings screen click on "Recommended actions" and then select "Delete".
    · Select "Automatically generate report after every scan"
    · UnSelect "Only if threats were found"
    · Click Complete System Scan and the scan will begin.
    · When the scan is finished, Set all items to delete
    · Click Apply all actions
    · Click the Save report button.
    · Save the report to your C: Drive
    Reboot
    Post that log and a new HiJack log


    Run ActiveScan online virus scan:
    http://www.pandasoftware.com/products/activescan.htm
    When the scan is finished, save the results from the scan!

    Come back here and post a new Hijack This log along with the logs from the Ewido and Panda scans.

    I'll get back with you 2moro
     
    Last edited: Sep 14, 2006
  6. GillesRM

    GillesRM Member

    Joined:
    Sep 14, 2006
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    11
    ---------------------------------------------------------
    ewido anti-spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 06:01:04 15/09/2006

    + Scan result:



    HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Kazaa\Promotions\Cydoor -> Adware.Cydoor : Cleaned.
    HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329 -> Adware.Cydoor : Cleaned.
    HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0 -> Adware.Cydoor : Cleaned.
    HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_0 -> Adware.Cydoor : Cleaned.
    HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_0\Seqn_1068 -> Adware.Cydoor : Cleaned.
    HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_0\Seqn_1074 -> Adware.Cydoor : Cleaned.
    HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_1 -> Adware.Cydoor : Cleaned.
    HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_2 -> Adware.Cydoor : Cleaned.
    HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_3 -> Adware.Cydoor : Cleaned.
    HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_4 -> Adware.Cydoor : Cleaned.
    HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1 -> Adware.Cydoor : Cleaned.
    HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_0 -> Adware.Cydoor : Cleaned.
    HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_0\Seqn_4492 -> Adware.Cydoor : Cleaned.
    HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_0\Seqn_4496 -> Adware.Cydoor : Cleaned.
    HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_0\Seqn_4543 -> Adware.Cydoor : Cleaned.
    HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_1 -> Adware.Cydoor : Cleaned.
    HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_2 -> Adware.Cydoor : Cleaned.
    HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_3 -> Adware.Cydoor : Cleaned.
    HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_4 -> Adware.Cydoor : Cleaned.
    HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2 -> Adware.Cydoor : Cleaned.
    HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_0 -> Adware.Cydoor : Cleaned.
    HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_0\Seqn_1068 -> Adware.Cydoor : Cleaned.
    HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_0\Seqn_1074 -> Adware.Cydoor : Cleaned.
    HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_1 -> Adware.Cydoor : Cleaned.
    HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_2 -> Adware.Cydoor : Cleaned.
    HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_3 -> Adware.Cydoor : Cleaned.
    HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_4 -> Adware.Cydoor : Cleaned.
    HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3 -> Adware.Cydoor : Cleaned.
    HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_0 -> Adware.Cydoor : Cleaned.
    HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_0\Seqn_1068 -> Adware.Cydoor : Cleaned.
    HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_0\Seqn_1074 -> Adware.Cydoor : Cleaned.
    HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_1 -> Adware.Cydoor : Cleaned.
    HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_2 -> Adware.Cydoor : Cleaned.
    HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_3 -> Adware.Cydoor : Cleaned.
    HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_4 -> Adware.Cydoor : Cleaned.
    HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4 -> Adware.Cydoor : Cleaned.
    HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_0 -> Adware.Cydoor : Cleaned.
    HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_0\Seqn_1116 -> Adware.Cydoor : Cleaned.
    HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_0\Seqn_1524 -> Adware.Cydoor : Cleaned.
    HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_0\Seqn_1553 -> Adware.Cydoor : Cleaned.
    HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_0\Seqn_1641 -> Adware.Cydoor : Cleaned.
    HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_1 -> Adware.Cydoor : Cleaned.
    HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_2 -> Adware.Cydoor : Cleaned.
    HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_3 -> Adware.Cydoor : Cleaned.
    HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_4 -> Adware.Cydoor : Cleaned.
    HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Services -> Adware.Cydoor : Cleaned.
    HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Services\Queue -> Adware.Cydoor : Cleaned.
    HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Services\Status -> Adware.Cydoor : Cleaned.
    HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{479FD0CF-5BE9-4C63-8CDA-B6D371C67BD5} -> Adware.Generic : Cleaned.
    HKLM\SOFTWARE\SearchUpgrader -> Adware.KeenValue : Cleaned.
    HKLM\SOFTWARE\SearchUpgrader\{7EE60CF1-2DFF-41B5-91C9-9C1C518053FC} -> Adware.KeenValue : Cleaned.
    C:\Documents and Settings\Gilles\Mes documents\Downloads\Programs\WinFixer2005ScannerInstallFRA.exe -> Adware.Virtumonde : Cleaned.
    C:\Kit Tiscali\Elements_Kit\PC1\Dialer Tiscali\InstallDialer.exe/Dialer.exe -> Heuristic.Win32.Dialer : Cleaned.
    C:\Kit Tiscali\Programs\InstallDialer.exe/Dialer.exe -> Heuristic.Win32.Dialer : Cleaned.
    C:\WINDOWS\Downloaded Program Files\__delete_on_reboot__g_r_a_t_w_e_e_._d_l_l_ -> Hijacker.Delf.bc : Cleaned.
    [2604] C:\WINDOWS\DOWNLO~1\gratwee.dll -> Hijacker.Delf.bc : Error during cleaning.
    C:\WINDOWS\Downloaded Program Files\popcaploader.dll -> Not-A-Virus.Downloader.Win32.PopCap.a : Cleaned.
    :mozilla.8:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
    :mozilla.9:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
    C:\Documents and Settings\Gilles\Cookies\gilles@247realmedia[2].txt -> TrackingCookie.247realmedia : Cleaned.
    :mozilla.10:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\Gilles\Cookies\gilles@aolfr.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\Gilles\Cookies\gilles@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\Gilles\Cookies\gilles@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.15:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt -> TrackingCookie.Ad-logics : Cleaned.
    :mozilla.275:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
    :mozilla.276:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
    :mozilla.277:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
    :mozilla.278:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
    :mozilla.19:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
    :mozilla.20:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
    C:\Documents and Settings\Gilles\Cookies\gilles@adtech[2].txt -> TrackingCookie.Adtech : Cleaned.
    C:\Documents and Settings\Gilles\Cookies\gilles@clickbank[2].txt -> TrackingCookie.Clickbank : Cleaned.
    :mozilla.59:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt -> TrackingCookie.Com : Cleaned.
    :mozilla.60:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt -> TrackingCookie.Com : Cleaned.
    :mozilla.82:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt -> TrackingCookie.Comclick : Cleaned.
    :mozilla.83:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt -> TrackingCookie.Comclick : Cleaned.
    :mozilla.84:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt -> TrackingCookie.Comclick : Cleaned.
    :mozilla.80:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt -> TrackingCookie.Estat : Cleaned.
    :mozilla.48:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
    C:\Documents and Settings\Gilles\Cookies\gilles@as1.falkag[2].txt -> TrackingCookie.Falkag : Cleaned.
    C:\Documents and Settings\Gilles\Cookies\gilles@hotlog[1].txt -> TrackingCookie.Hotlog : Cleaned.
    :mozilla.284:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
    :mozilla.285:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
    :mozilla.151:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
    :mozilla.152:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
    :mozilla.165:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
    :mozilla.166:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
    C:\Documents and Settings\Gilles\Cookies\gilles@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned.
    :mozilla.170:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
    :mozilla.173:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
    :mozilla.174:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
    :mozilla.175:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
    :mozilla.176:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
    :mozilla.56:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
    C:\Documents and Settings\Gilles\Cookies\gilles@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
    :mozilla.261:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
    :mozilla.262:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
    :mozilla.263:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
    :mozilla.289:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
    C:\Documents and Settings\Gilles\Cookies\gilles@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : Cleaned.
    :mozilla.181:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt -> TrackingCookie.Spylog : Cleaned.
    :mozilla.184:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.11:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt -> TrackingCookie.Texttbnru : Cleaned.
    :mozilla.194:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
    :mozilla.196:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
    :mozilla.215:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt -> TrackingCookie.Weborama : Cleaned.
    :mozilla.216:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt -> TrackingCookie.Weborama : Cleaned.
    :mozilla.217:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt -> TrackingCookie.Weborama : Cleaned.
    :mozilla.218:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt -> TrackingCookie.Weborama : Cleaned.
    C:\Documents and Settings\Gilles\Cookies\gilles@weborama[1].txt -> TrackingCookie.Weborama : Cleaned.
    :mozilla.270:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
    :mozilla.271:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
    C:\Documents and Settings\Gilles\Cookies\gilles@yadro[2].txt -> TrackingCookie.Yadro : Cleaned.
    :mozilla.13:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.14:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.279:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
    :mozilla.280:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.


    ::Report end

     
  7. GillesRM

    GillesRM Member

    Joined:
    Sep 14, 2006
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    11
    Logfile of HijackThis v1.99.1
    Scan saved at 09:11:04, on 15/09/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Spyware Doctor\sdhelp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\system32\fxssvc.exe
    C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\INTERV~1\WinDVR\WINSCH~1.EXE
    C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    C:\PROGRA~1\NORTON~1\navapw32.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    c:\program files\mcafee.com\agent\mcagent.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\Error Safe\ers.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\MessengerPlus! 3\MsgPlus.exe
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    C:\Program Files\AOL 8.0b\waol.exe
    C:\Program Files\Spyware Doctor\swdoctor.exe
    C:\Program Files\AOL 8.0b\aoltray.exe
    C:\Program Files\AOL 8.0b\shellmon.exe
    C:\Program Files\HijackThis_v1.99.1.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: GRATWEE - {4E7BD74F-2B8D-469E-D7FB-E878B587BD7D} - C:\WINDOWS\DOWNLO~1\gratwee.dll (file missing)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [WINSCHEDULER] C:\PROGRA~1\INTERV~1\WinDVR\WINSCH~1.EXE
    O4 - HKLM\..\Run: [NVIDIA Remote Control Panel] NVAREM.EXE /S /Q /R /L /A1 /B0 /C0 /D2 /E0
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
    O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O5 "LPT1:" /M "Stylus CX3600"
    O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series (Copie 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P36 "EPSON Stylus CX3600 Series (Copie 1)" /O6 "USB001" /M "Stylus CX3600"
    O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [Piolet] C:\Program Files\Piolet\Piolet.exe SILENT
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [Wspn] C:\Program Files\Wspn\wspn.exe
    O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [Error Safe] C:\Program Files\Error Safe\ers.exe /min
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [YeppStudioAgent] C:\Program Files\Samsung\SamsungMediaStudio4.1\SamsungMediaStudioAgent.exe
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKCU\..\Run: [NvCplScan] nvsc32.exe
    O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: AOL 8.0 Icône AOL.lnk = C:\Program Files\AOL 8.0b\aoltray.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
    O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.fr.aol.com/molbin/shared/mcinsctl/fr/4,0,0,84/mcinsctl.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {5CA8D349-C6E7-11D4-8166-009027DF3BB2} (France Telecom MDDK ActiveX Control) - http://accueil.ava.serveur-ava.com/stkid_data/ocx/mDKid.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.fr.aol.com/molbin/shared/mcgdmgr/fr/1,0,0,21/mcgdmgr.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://arcade.icq.com/carlo/zuma/popcaploader_v5.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    O23 - Service: McAfee.com Personal Firewall Service (MpfService) - McAfee.com Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
    O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\WINDOWS\System32\x10nets.exe

     
  8. maca1

    maca1 Regular member

    Joined:
    Mar 15, 2006
    Messages:
    630
    Likes Received:
    0
    Trophy Points:
    26
    Panda ActiveScan report?

    My Computer -> Tools -> Folder Options -> View tab -> Select Show Hidden Files and Folders.


    Run a scan with hijackthis and place a check beside the following

    O2 - BHO: GRATWEE - {4E7BD74F-2B8D-469E-D7FB-E878B587BD7D} - C:\WINDOWS\DOWNLO~1\gratwee.dll (file missing)
    O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
    O4 - HKLM\..\Run: [Error Safe] C:\Program Files\Error Safe\ers.exe /min
    O4 - HKCU\..\Run: [NvCplScan] nvsc32.exe

    Make sure all other windows are closed and click Fix Checked


    =================================

    Reboot into safe mode

    Search for and delete the following Files and folders in bold

    C:\Program Files\[bold]Error Safe[/bold]\

    [bold]nvsc32.exe [/bold] <-Find by Start -> Search

    Reboot to normal mode

    ========================================

    Post a hjackthis log with the panda report
     
    Last edited: Sep 15, 2006
  9. GillesRM

    GillesRM Member

    Joined:
    Sep 14, 2006
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    11
    sorry i thought i had posted the panda one :



    Incident Status Location

    Potentially unwanted tool:Application/Winfixer2005 Not disinfected C:\PROGRA~1\ERRORS~1\flfxr15.dll
    Adware:adware/cydoor Not disinfected C:\WINDOWS\system32\cd_clint.dll
    Spyware:Cookie/fe.lea.lycos Not disinfected C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt[.fe.lea.lycos.fr/]
    Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt[.realmedia.com/]
    Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Gilles\Cookies\gilles@247realmedia[1].txt
    Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Gilles\Cookies\gilles@xiti[1].txt
     
  10. maca1

    maca1 Regular member

    Joined:
    Mar 15, 2006
    Messages:
    630
    Likes Received:
    0
    Trophy Points:
    26








    DownLoad http://www.downloads.subratam.org/KillBox.zip

    Copy these instructions to Notepad for safe mode.

    Restart your computer into safe mode now. (keep tapping F8 on startup)

    Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the X button after you enter each file. It will ask for confimation to delete the file. Click Yes.

    Note:

    It is possible that Killbox will tell you that one or more files do not
    exist. If that happens, just continue on with all the files.


    C:\PROGRA~1\ERRORS~1\flfxr15.dll
    C:\WINDOWS\system32\cd_clint.dll
    C:\PROGRA~1\ERRORS~1\
    C:\Program Files\Error Safe

    Post a new hijackthis log






     
    Last edited: Sep 15, 2006
  11. GillesRM

    GillesRM Member

    Joined:
    Sep 14, 2006
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    11
    Logfile of HijackThis v1.99.1
    Scan saved at 17:58:06, on 15/09/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\system32\fxssvc.exe
    C:\Program Files\Fichiers communs\Symantec Shared\Security

    Center\SymWSC.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wscntfy.exe
    C:\PROGRA~1\INTERV~1\WinDVR\WINSCH~1.EXE
    C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\PROGRA~1\NORTON~1\navapw32.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\MessengerPlus! 3\MsgPlus.exe
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
    C:\Program Files\AOL 8.0b\aoltray.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\HijackThis_v1.99.1.exe

    R0 - HKCU\Software\Microsoft\Internet

    Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D

    -784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0

    \ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -

    C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-

    B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON

    Web-To-Page.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-

    C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON

    Web-To-Page.dll
    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} -

    (no file)
    O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C}

    - C:\Program Files\AOL Toolbar\toolbar.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -

    c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32

    \NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [WINSCHEDULER] C:\PROGRA~1\INTERV~1

    \WinDVR\WINSCH~1.EXE
    O4 - HKLM\..\Run: [NVIDIA Remote Control Panel] NVAREM.EXE /S /Q

    /R /L /A1 /B0 /C0 /D2 /E0
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers

    communs\Logitech\QCDriver\LVCOMS.EXE
    O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series]

    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26

    "EPSON Stylus CX3600 Series" /O5 "LPT1:" /M "Stylus CX3600"
    O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series (Copie 1)]

    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P36

    "EPSON Stylus CX3600 Series (Copie 1)" /O6 "USB001" /M "Stylus

    CX3600"
    O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
    O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1

    \SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [Piolet] C:\Program Files\Piolet\Piolet.exe

    SILENT
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [Wspn] C:\Program Files\Wspn\wspn.exe
    O4 - HKLM\..\Run: [RealTray] C:\Program

    Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [YeppStudioAgent] C:\Program

    Files\Samsung\SamsungMediaStudio4.1\SamsungMediaStudioAgent.exe
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program

    Files\MessengerPlus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep

    0 -k
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0

    -u
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware

    4.0\ewido.exe" /minimized
    O4 - HKLM\..\Run: [AOLSAV] C:\PROGRA~1\TECHCI~1

    \AOLSAV\AOLAgent.exe
    O4 - HKLM\..\Run: [msci] C:\DOCUME~1\Gilles\LOCALS~1

    \Temp\2006915175220_mcinfo.exe /insfin
    O4 - Global Startup: AOL 8.0 Icône AOL.lnk = C:\Program Files\AOL

    8.0b\aoltray.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk =

    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: &Recherche AOL Toolbar -

    res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: Version de la page actuelle

    disponible dans le cache Google - res://c:\program

    files\google\GoogleToolbar2.dll/cmcache.html
    O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-

    B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-

    B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-

    A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
    O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-

    A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-

    00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-

    00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-

    11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class)

    - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class)

    - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
    O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo

    Class) - https://www-

    secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -

    http://download.av.fr.aol.com/molbin/shared/mcinsctl/fr/4,0,0,84/m

    cinsctl.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo

    Upload Tool) -

    http://by102fd.bay102.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {5CA8D349-C6E7-11D4-8166-009027DF3BB2} (France Telecom

    MDDK ActiveX Control) - http://accueil.ava.serveur-

    ava.com/stkid_data/ocx/mDKid.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D}

    (MessengerStatsClient Class) -

    http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267

    .cab
    O16 - DPF: {981D847D-2C06-4FB7-A09C-4F0A48601B2C} (DiagSetup

    Class) - http://techcity.aol.fr/download/img/DiagSetup.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan

    Installer Class) -

    http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}

    (MsnMessengerSetupDownloadControl Class) -

    http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} -

    http://download.av.fr.aol.com/molbin/shared/mcgdmgr/fr/1,0,0,21/mc

    gdmgr.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader

    Object) - http://arcade.icq.com/carlo/zuma/popcaploader_v5.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat

    Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -

    "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program

    Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware

    Development a.s. - C:\Program Files\ewido anti-spyware 4.0

    \guard.exe
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) -

    Symantec Corporation - C:\Program Files\Norton

    AntiVirus\navapsvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA

    Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental)

    (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d

    -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
    O23 - Service: ScriptBlocking Service (SBService) - Symantec

    Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) -

    Symantec Corporation - C:\Program Files\Fichiers communs\Symantec

    Shared\SNDSrvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation -

    C:\Program Files\Fichiers communs\Symantec Shared\Security

    Center\SymWSC.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) -

    America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
    O23 - Service: X10 Device Network Service (x10nets) - X10 -

    C:\WINDOWS\System32\x10nets.exe

     
  12. GillesRM

    GillesRM Member

    Joined:
    Sep 14, 2006
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    11
    I just removed McAffee for a test, and it seems I have less problems while booting my computer... This program is a real shit do you know of better antiviruses escept photoshop?


    Also, I had lots of problems with rebooting these days, and I didn't succeed in starting in safe mode, everytime I try, the keyboard gets frozen so I can't choose any option and I have to reboot once again

    I also tried to reinstall windows, and didn''t succeed : when I run the cd while using windows, it says the version on the cd is earlier than the one I have now so it's not possible but I should reboot and start from the cd itself instead of windows, but when I do this it doesn't work either. I also tried to format the hard drive and it didn't work either...

    Do you think all this is related to the already existing problem? Do you have an idea of what I should do, even if windows is going to run properly now, I might need an advice if I want to re-install later..
     
  13. maca1

    maca1 Regular member

    Joined:
    Mar 15, 2006
    Messages:
    630
    Likes Received:
    0
    Trophy Points:
    26
    First rescan with hijackthis and make sure Wordwrap is not selected in notepad, i can't read the log like that.
    get AVg free anit-virus.
     
    Last edited: Sep 15, 2006
  14. GillesRM

    GillesRM Member

    Joined:
    Sep 14, 2006
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    11
    I'm not sure what you mean by wordwrap, I guess it's "automatic reaturn to the line below if the sentence is larger than the window... :)


    Logfile of HijackThis v1.99.1
    Scan saved at 19:12:50, on 15/09/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\system32\fxssvc.exe
    C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\INTERV~1\WinDVR\WINSCH~1.EXE
    C:\WINDOWS\system32\NVAREM.EXE
    C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\PROGRA~1\NORTON~1\navapw32.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\MessengerPlus! 3\MsgPlus.exe
    C:\WINDOWS\System32\x10nets.exe
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\AOL 8.0b\aoltray.exe
    C:\Program Files\AOL 8.0b\waol.exe
    C:\Program Files\AOL 8.0b\shellmon.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\HijackThis_v1.99.1.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
    O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [WINSCHEDULER] C:\PROGRA~1\INTERV~1\WinDVR\WINSCH~1.EXE
    O4 - HKLM\..\Run: [NVIDIA Remote Control Panel] NVAREM.EXE /S /Q /R /L /A1 /B0 /C0 /D2 /E0
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
    O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O5 "LPT1:" /M "Stylus CX3600"
    O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series (Copie 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P36 "EPSON Stylus CX3600 Series (Copie 1)" /O6 "USB001" /M "Stylus CX3600"
    O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
    O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [Piolet] C:\Program Files\Piolet\Piolet.exe SILENT
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [Wspn] C:\Program Files\Wspn\wspn.exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [YeppStudioAgent] C:\Program Files\Samsung\SamsungMediaStudio4.1\SamsungMediaStudioAgent.exe
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKLM\..\Run: [AOLSAV] C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
    O4 - Global Startup: AOL 8.0 Icône AOL.lnk = C:\Program Files\AOL 8.0b\aoltray.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
    O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
    O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.fr.aol.com/molbin/shared/mcinsctl/fr/4,0,0,84/mcinsctl.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {5CA8D349-C6E7-11D4-8166-009027DF3BB2} (France Telecom MDDK ActiveX Control) - http://accueil.ava.serveur-ava.com/stkid_data/ocx/mDKid.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {981D847D-2C06-4FB7-A09C-4F0A48601B2C} (DiagSetup Class) - http://techcity.aol.fr/download/img/DiagSetup.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.fr.aol.com/molbin/shared/mcgdmgr/fr/1,0,0,21/mcgdmgr.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://arcade.icq.com/carlo/zuma/popcaploader_v5.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{9EE044B2-D5F7-43D2-ABCA-D30FC9182443}: NameServer = 205.188.146.145
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
    O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\WINDOWS\System32\x10nets.exe

     
  15. maca1

    maca1 Regular member

    Joined:
    Mar 15, 2006
    Messages:
    630
    Likes Received:
    0
    Trophy Points:
    26
    In notepad, Format-> Wordwrap. It's fine now.

    Your log is clean. As for antivirus,, make sure you have only one installed so if you install AVG, unistall Norton. What are things like now?
     
  16. GillesRM

    GillesRM Member

    Joined:
    Sep 14, 2006
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    11
    Thanks a lot, evertything seems to be completely ok now!!!
    I still have those problems though :

    1 / I still can go in safe mode, as my keyboard freezes when I try, but there's nothing I can do about it excepted buying another keyboard : I read in a french forum that It's because it's a usb connected keyboard...

    2/ When I try to boot from a cd (like AVGantivirus rescue disk or even my windows restore cd), it just doesn't work and start windows normally (I type F11, then I have the menu with the blue square asking me from which drive I want to start, I select the cd and then Windows starts normally)
     
  17. DebRN67

    DebRN67 Guest

    hello all ~ I simply wanted to say thank you for this information about roguescanfix. I ran it, with baited breath, & it is the only thing that worked. After hours of trying various products & other "tricks", this ereased my problem w/one fail swoop try. thank you ~ all of you ~ that post openly & honestly about products or sites that work. each one of you is greatly appreciated. debbie
     
  18. Jay05

    Jay05 Regular member

    Joined:
    Apr 23, 2004
    Messages:
    733
    Likes Received:
    0
    Trophy Points:
    26
    Your welcome~ ^^; Anytime. :)))
     
  19. CrazyJ_32

    CrazyJ_32 Member

    Joined:
    May 18, 2006
    Messages:
    48
    Likes Received:
    0
    Trophy Points:
    16
    I have something id like to add.

    I recently got this damn thing but I think it was an updated version. At first my IE could not go to any other page than the virus page itself and i got other "warnings" in the taskbar.

    Lavasoft Ad-aware got rid of everything, including the processes, except this little bastard in the taskbar:

    [​IMG]

    And it had the same standard issue "system detected virus activities blah blah blah..."

    After some thorough investigation I found the culprit was vcehaeb.dll (in system32) To delete it i had to kill all instances of explorer.exe (process explorer; a wonderful alternative to task manager, told me explorer was handling the dll) Then I ran a simple progam (Mplay32) and used the file-->open dialog to locate and destroy the little bastard.

    No more pop-up in the notifications area :)
     

Share This Page