|
Virus Burst- Critical System Error!
|
|
|
GillesRM
Newbie
|
14. September 2006 @ 22:30 |
Link to this message
|
|
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------
+ Created at: 06:01:04 15/09/2006
+ Scan result:
HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Kazaa\Promotions\Cydoor -> Adware.Cydoor : Cleaned.
HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329 -> Adware.Cydoor : Cleaned.
HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0 -> Adware.Cydoor : Cleaned.
HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_0 -> Adware.Cydoor : Cleaned.
HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_0\Seqn_1068 -> Adware.Cydoor : Cleaned.
HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_0\Seqn_1074 -> Adware.Cydoor : Cleaned.
HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_1 -> Adware.Cydoor : Cleaned.
HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_2 -> Adware.Cydoor : Cleaned.
HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_3 -> Adware.Cydoor : Cleaned.
HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_4 -> Adware.Cydoor : Cleaned.
HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1 -> Adware.Cydoor : Cleaned.
HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_0 -> Adware.Cydoor : Cleaned.
HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_0\Seqn_4492 -> Adware.Cydoor : Cleaned.
HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_0\Seqn_4496 -> Adware.Cydoor : Cleaned.
HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_0\Seqn_4543 -> Adware.Cydoor : Cleaned.
HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_1 -> Adware.Cydoor : Cleaned.
HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_2 -> Adware.Cydoor : Cleaned.
HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_3 -> Adware.Cydoor : Cleaned.
HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_4 -> Adware.Cydoor : Cleaned.
HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2 -> Adware.Cydoor : Cleaned.
HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_0 -> Adware.Cydoor : Cleaned.
HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_0\Seqn_1068 -> Adware.Cydoor : Cleaned.
HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_0\Seqn_1074 -> Adware.Cydoor : Cleaned.
HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_1 -> Adware.Cydoor : Cleaned.
HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_2 -> Adware.Cydoor : Cleaned.
HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_3 -> Adware.Cydoor : Cleaned.
HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_4 -> Adware.Cydoor : Cleaned.
HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3 -> Adware.Cydoor : Cleaned.
HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_0 -> Adware.Cydoor : Cleaned.
HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_0\Seqn_1068 -> Adware.Cydoor : Cleaned.
HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_0\Seqn_1074 -> Adware.Cydoor : Cleaned.
HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_1 -> Adware.Cydoor : Cleaned.
HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_2 -> Adware.Cydoor : Cleaned.
HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_3 -> Adware.Cydoor : Cleaned.
HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_4 -> Adware.Cydoor : Cleaned.
HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4 -> Adware.Cydoor : Cleaned.
HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_0 -> Adware.Cydoor : Cleaned.
HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_0\Seqn_1116 -> Adware.Cydoor : Cleaned.
HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_0\Seqn_1524 -> Adware.Cydoor : Cleaned.
HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_0\Seqn_1553 -> Adware.Cydoor : Cleaned.
HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_0\Seqn_1641 -> Adware.Cydoor : Cleaned.
HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_1 -> Adware.Cydoor : Cleaned.
HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_2 -> Adware.Cydoor : Cleaned.
HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_3 -> Adware.Cydoor : Cleaned.
HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_4 -> Adware.Cydoor : Cleaned.
HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Services -> Adware.Cydoor : Cleaned.
HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Services\Queue -> Adware.Cydoor : Cleaned.
HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Services\Status -> Adware.Cydoor : Cleaned.
HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{479FD0CF-5BE9-4C63-8CDA-B6D371C67BD5} -> Adware.Generic : Cleaned.
HKLM\SOFTWARE\SearchUpgrader -> Adware.KeenValue : Cleaned.
HKLM\SOFTWARE\SearchUpgrader\{7EE60CF1-2DFF-41B5-91C9-9C1C518053FC} -> Adware.KeenValue : Cleaned.
C:\Documents and Settings\Gilles\Mes documents\Downloads\Programs\WinFixer2005ScannerInstallFRA.exe -> Adware.Virtumonde : Cleaned.
C:\Kit Tiscali\Elements_Kit\PC1\Dialer Tiscali\InstallDialer.exe/Dialer.exe -> Heuristic.Win32.Dialer : Cleaned.
C:\Kit Tiscali\Programs\InstallDialer.exe/Dialer.exe -> Heuristic.Win32.Dialer : Cleaned.
C:\WINDOWS\Downloaded Program Files\__delete_on_reboot__g_r_a_t_w_e_e_._d_l_l_ -> Hijacker.Delf.bc : Cleaned.
[2604] C:\WINDOWS\DOWNLO~1\gratwee.dll -> Hijacker.Delf.bc : Error during cleaning.
C:\WINDOWS\Downloaded Program Files\popcaploader.dll -> Not-A-Virus.Downloader.Win32.PopCap.a : Cleaned.
:mozilla.8:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.9:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
C:\Documents and Settings\Gilles\Cookies\gilles@247realmedia[2].txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.10:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Gilles\Cookies\gilles@aolfr.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Gilles\Cookies\gilles@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Gilles\Cookies\gilles@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.15:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt -> TrackingCookie.Ad-logics : Cleaned.
:mozilla.275:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.276:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.277:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.278:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.19:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.20:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
C:\Documents and Settings\Gilles\Cookies\gilles@adtech[2].txt -> TrackingCookie.Adtech : Cleaned.
C:\Documents and Settings\Gilles\Cookies\gilles@clickbank[2].txt -> TrackingCookie.Clickbank : Cleaned.
:mozilla.59:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.60:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.82:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt -> TrackingCookie.Comclick : Cleaned.
:mozilla.83:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt -> TrackingCookie.Comclick : Cleaned.
:mozilla.84:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt -> TrackingCookie.Comclick : Cleaned.
:mozilla.80:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt -> TrackingCookie.Estat : Cleaned.
:mozilla.48:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Gilles\Cookies\gilles@as1.falkag[2].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Gilles\Cookies\gilles@hotlog[1].txt -> TrackingCookie.Hotlog : Cleaned.
:mozilla.284:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.285:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.151:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.152:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.165:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.166:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
C:\Documents and Settings\Gilles\Cookies\gilles@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.170:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.173:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.174:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.175:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.176:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.56:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Gilles\Cookies\gilles@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.261:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.262:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.263:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.289:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
C:\Documents and Settings\Gilles\Cookies\gilles@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.181:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt -> TrackingCookie.Spylog : Cleaned.
:mozilla.184:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.11:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt -> TrackingCookie.Texttbnru : Cleaned.
:mozilla.194:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.196:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.215:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt -> TrackingCookie.Weborama : Cleaned.
:mozilla.216:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt -> TrackingCookie.Weborama : Cleaned.
:mozilla.217:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt -> TrackingCookie.Weborama : Cleaned.
:mozilla.218:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt -> TrackingCookie.Weborama : Cleaned.
C:\Documents and Settings\Gilles\Cookies\gilles@weborama[1].txt -> TrackingCookie.Weborama : Cleaned.
:mozilla.270:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.271:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
C:\Documents and Settings\Gilles\Cookies\gilles@yadro[2].txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.13:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.14:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.279:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.280:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
::Report end
|
|
Advertisement
|
 |
|
|
|
GillesRM
Newbie
|
14. September 2006 @ 22:47 |
Link to this message
|
Logfile of HijackThis v1.99.1
Scan saved at 09:11:04, on 15/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\INTERV~1\WinDVR\WINSCH~1.EXE
C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Error Safe\ers.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\AOL 8.0b\waol.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\AOL 8.0b\aoltray.exe
C:\Program Files\AOL 8.0b\shellmon.exe
C:\Program Files\HijackThis_v1.99.1.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: GRATWEE - {4E7BD74F-2B8D-469E-D7FB-E878B587BD7D} - C:\WINDOWS\DOWNLO~1\gratwee.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WINSCHEDULER] C:\PROGRA~1\INTERV~1\WinDVR\WINSCH~1.EXE
O4 - HKLM\..\Run: [NVIDIA Remote Control Panel] NVAREM.EXE /S /Q /R /L /A1 /B0 /C0 /D2 /E0
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O5 "LPT1:" /M "Stylus CX3600"
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series (Copie 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P36 "EPSON Stylus CX3600 Series (Copie 1)" /O6 "USB001" /M "Stylus CX3600"
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Piolet] C:\Program Files\Piolet\Piolet.exe SILENT
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Wspn] C:\Program Files\Wspn\wspn.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Error Safe] C:\Program Files\Error Safe\ers.exe /min
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [YeppStudioAgent] C:\Program Files\Samsung\SamsungMediaStudio4.1\SamsungMediaStudioAgent.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [NvCplScan] nvsc32.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AOL 8.0 Icône AOL.lnk = C:\Program Files\AOL 8.0b\aoltray.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.fr.aol.com/molbin/sha...84/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5CA8D349-C6E7-11D4-8166-009027DF3BB2} (France Telecom MDDK ActiveX Control) - http://accueil.ava.serveur-ava.com/stkid_data/ocx/mDKid.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.fr.aol.com/molbin/sha...,21/mcgdmgr.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://arcade.icq.com/carlo/zuma/popcaploader_v5.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee.com Personal firewall Service (MpfService) - McAfee.com Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\WINDOWS\System32\x10nets.exe
|
|
maca1
Senior Member
|
15. September 2006 @ 06:21 |
Link to this message
|
Panda ActiveScan report?
My Computer -> Tools -> Folder Options -> View tab -> Select Show Hidden Files and Folders.
Run a scan with HijackThis and place a check beside the following
O2 - BHO: GRATWEE - {4E7BD74F-2B8D-469E-D7FB-E878B587BD7D} - C:\WINDOWS\DOWNLO~1\gratwee.dll (file missing)
O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O4 - HKLM\..\Run: [Error Safe] C:\Program Files\Error Safe\ers.exe /min
O4 - HKCU\..\Run: [NvCplScan] nvsc32.exe
Make sure all other windows are closed and click Fix Checked
=================================
Reboot into safe mode
Search for and delete the following Files and folders in bold
C:\Program Files\Error Safe\
nvsc32.exe <-Find by Start -> Search
Reboot to normal mode
========================================
Post a hjackthis log with the panda report
This message has been edited since posting. Last time this message was edited on 15. September 2006 @ 06:23
|
|
GillesRM
Newbie
|
15. September 2006 @ 06:51 |
Link to this message
|
|
sorry i thought i had posted the panda one :
Incident Status Location
Potentially unwanted tool:Application/Winfixer2005 Not disinfected C:\PROGRA~1\ERRORS~1\flfxr15.dll
Adware:adware/cydoor Not disinfected C:\WINDOWS\system32\cd_clint.dll
Spyware:Cookie/fe.lea.lycos Not disinfected C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt[.fe.lea.lycos.fr/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Gilles\Cookies\gilles@247realmedia[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Gilles\Cookies\gilles@xiti[1].txt
|
|
maca1
Senior Member
|
15. September 2006 @ 07:03 |
Link to this message
|
DownLoad http://www.downloads.subratam.org/KillBox.zip
Copy these instructions to Notepad for safe mode.
Restart your computer into safe mode now. (keep tapping F8 on startup)
Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the X button after you enter each file. It will ask for confimation to delete the file. Click Yes.
Note:
It is possible that Killbox will tell you that one or more files do not
exist. If that happens, just continue on with all the files.
C:\PROGRA~1\ERRORS~1\flfxr15.dll
C:\WINDOWS\system32\cd_clint.dll
C:\PROGRA~1\ERRORS~1\
C:\Program Files\Error Safe
Post a new HijackThis log
This message has been edited since posting. Last time this message was edited on 15. September 2006 @ 07:04
|
|
GillesRM
Newbie
|
15. September 2006 @ 07:36 |
Link to this message
|
Logfile of HijackThis v1.99.1
Scan saved at 17:58:06, on 15/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security
Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\INTERV~1\WinDVR\WINSCH~1.EXE
C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
C:\Program Files\AOL 8.0b\aoltray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis_v1.99.1.exe
R0 - HKCU\Software\Microsoft\Internet
Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D
-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0
\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-
B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON
Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-
C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON
Web-To-Page.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} -
(no file)
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C}
- C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -
c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32
\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WINSCHEDULER] C:\PROGRA~1\INTERV~1
\WinDVR\WINSCH~1.EXE
O4 - HKLM\..\Run: [NVIDIA Remote Control Panel] NVAREM.EXE /S /Q
/R /L /A1 /B0 /C0 /D2 /E0
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers
communs\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26
"EPSON Stylus CX3600 Series" /O5 "LPT1:" /M "Stylus CX3600"
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series (Copie 1)]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P36
"EPSON Stylus CX3600 Series (Copie 1)" /O6 "USB001" /M "Stylus
CX3600"
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1
\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Piolet] C:\Program Files\Piolet\Piolet.exe
SILENT
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Wspn] C:\Program Files\Wspn\wspn.exe
O4 - HKLM\..\Run: [RealTray] C:\Program
Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [YeppStudioAgent] C:\Program
Files\Samsung\SamsungMediaStudio4.1\SamsungMediaStudioAgent.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program
Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep
0 -k
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0
-u
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware
4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [AOLSAV] C:\PROGRA~1\TECHCI~1
\AOLSAV\AOLAgent.exe
O4 - HKLM\..\Run: [msci] C:\DOCUME~1\Gilles\LOCALS~1
\Temp\2006915175220_mcinfo.exe /insfin
O4 - Global Startup: AOL 8.0 Icône AOL.lnk = C:\Program Files\AOL
8.0b\aoltray.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk =
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Recherche AOL Toolbar -
res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Version de la page actuelle
disponible dans le cache Google - res://c:\program
files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-
B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-
B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-
A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-
A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-
00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-
00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-
11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class)
- http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class)
- https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo
Class) - https://www-
secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
http://download.av.fr.aol.com/molbin/sha...l/fr/4,0,0,84/m
cinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo
Upload Tool) -
http://by102fd.bay102.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5CA8D349-C6E7-11D4-8166-009027DF3BB2} (France Telecom
MDDK ActiveX Control) - http://accueil.ava.serveur-
ava.com/stkid_data/ocx/mDKid.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D}
(MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/Mes...Client.cab31267
.cab
O16 - DPF: {981D847D-2C06-4FB7-A09C-4F0A48601B2C} (DiagSetup
Class) - http://techcity.aol.fr/download/img/DiagSetup.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan
Installer Class) -
http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}
(MsnMessengerSetupDownloadControl Class) -
http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} -
http://download.av.fr.aol.com/molbin/sha.../fr/1,0,0,21/mc
gdmgr.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader
Object) - http://arcade.icq.com/carlo/zuma/popcaploader_v5.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat
Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -
"C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program
Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware
Development a.s. - C:\Program Files\ewido anti-spyware 4.0
\guard.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) -
Symantec Corporation - C:\Program Files\Norton
AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA
Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental)
(rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d
-f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: ScriptBlocking Service (SBService) - Symantec
Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) -
Symantec Corporation - C:\Program Files\Fichiers communs\Symantec
Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation -
C:\Program Files\Fichiers communs\Symantec Shared\Security
Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) -
America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 -
C:\WINDOWS\System32\x10nets.exe
|
|
GillesRM
Newbie
|
15. September 2006 @ 08:06 |
Link to this message
|
|
I just removed McAffee for a test, and it seems I have less problems while booting my computer... This program is a real shit do you know of better antiviruses escept photoshop?
Also, I had lots of problems with rebooting these days, and I didn't succeed in starting in safe mode, everytime I try, the keyboard gets frozen so I can't choose any option and I have to reboot once again
I also tried to reinstall windows, and didn''t succeed : when I run the cd while using windows, it says the version on the cd is earlier than the one I have now so it's not possible but I should reboot and start from the cd itself instead of windows, but when I do this it doesn't work either. I also tried to format the hard drive and it didn't work either...
Do you think all this is related to the already existing problem? Do you have an idea of what I should do, even if windows is going to run properly now, I might need an advice if I want to re-install later..
|
|
maca1
Senior Member
|
15. September 2006 @ 08:44 |
Link to this message
|
First rescan with HijackThis and make sure Wordwrap is not selected in notepad, i can't read the log like that.
get AVG free anit-virus.
This message has been edited since posting. Last time this message was edited on 15. September 2006 @ 08:44
|
|
GillesRM
Newbie
|
15. September 2006 @ 08:51 |
Link to this message
|
I'm not sure what you mean by wordwrap, I guess it's "automatic reaturn to the line below if the sentence is larger than the window... :-)
Logfile of HijackThis v1.99.1
Scan saved at 19:12:50, on 15/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\INTERV~1\WinDVR\WINSCH~1.EXE
C:\WINDOWS\system32\NVAREM.EXE
C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\System32\x10nets.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\AOL 8.0b\aoltray.exe
C:\Program Files\AOL 8.0b\waol.exe
C:\Program Files\AOL 8.0b\shellmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis_v1.99.1.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WINSCHEDULER] C:\PROGRA~1\INTERV~1\WinDVR\WINSCH~1.EXE
O4 - HKLM\..\Run: [NVIDIA Remote Control Panel] NVAREM.EXE /S /Q /R /L /A1 /B0 /C0 /D2 /E0
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O5 "LPT1:" /M "Stylus CX3600"
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series (Copie 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P36 "EPSON Stylus CX3600 Series (Copie 1)" /O6 "USB001" /M "Stylus CX3600"
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Piolet] C:\Program Files\Piolet\Piolet.exe SILENT
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Wspn] C:\Program Files\Wspn\wspn.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [YeppStudioAgent] C:\Program Files\Samsung\SamsungMediaStudio4.1\SamsungMediaStudioAgent.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [AOLSAV] C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
O4 - Global Startup: AOL 8.0 Icône AOL.lnk = C:\Program Files\AOL 8.0b\aoltray.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.fr.aol.com/molbin/sha...84/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5CA8D349-C6E7-11D4-8166-009027DF3BB2} (France Telecom MDDK ActiveX Control) - http://accueil.ava.serveur-ava.com/stkid_data/ocx/mDKid.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {981D847D-2C06-4FB7-A09C-4F0A48601B2C} (DiagSetup Class) - http://techcity.aol.fr/download/img/DiagSetup.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.fr.aol.com/molbin/sha...,21/mcgdmgr.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://arcade.icq.com/carlo/zuma/popcaploader_v5.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9EE044B2-D5F7-43D2-ABCA-D30FC9182443}: NameServer = 205.188.146.145
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\WINDOWS\System32\x10nets.exe
|
|
maca1
Senior Member
|
15. September 2006 @ 09:14 |
Link to this message
|
In notepad, Format-> Wordwrap. It's fine now.
Your log is clean. As for antivirus,, make sure you have only one installed so if you install AVG, unistall Norton. What are things like now?
|
|
GillesRM
Newbie
|
16. September 2006 @ 07:35 |
Link to this message
|
|
Thanks a lot, evertything seems to be completely ok now!!!
I still have those problems though :
1 / I still can go in safe mode, as my keyboard freezes when I try, but there's nothing I can do about it excepted buying another keyboard : I read in a french forum that It's because it's a usb connected keyboard...
2/ When I try to boot from a cd (like AVGantivirus rescue disk or even my windows restore cd), it just doesn't work and start windows normally (I type F11, then I have the menu with the blue square asking me from which drive I want to start, I select the cd and then Windows starts normally)
|
|
DebRN67
Suspended due to non-functional email address
|
25. November 2006 @ 11:01 |
Link to this message
|
|
hello all ~ I simply wanted to say thank you for this information about roguescanfix. I ran it, with baited breath, & it is the only thing that worked. After hours of trying various products & other "tricks", this ereased my problem w/one fail swoop try. thank you ~ all of you ~ that post openly & honestly about products or sites that work. each one of you is greatly appreciated. debbie
|
Member
|
25. November 2006 @ 18:24 |
Link to this message
|
|
Your welcome~ ^^; Anytime. :)))
-Jay-
Dell I530
Q9300
6GB DDR2
EVGA GTX 470
Antec 750W blue
|
|
Advertisement
|
|
|
|
CrazyJ_32
Junior Member
|
6. December 2006 @ 06:36 |
Link to this message
|
I have something id like to add.
I recently got this damn thing but I think it was an updated version. At first my IE could not go to any other page than the virus page itself and i got other "warnings" in the taskbar.
Lavasoft Ad-Aware got rid of everything, including the processes, except this little bastard in the taskbar:
And it had the same standard issue "system detected virus activities blah blah blah..."
After some thorough investigation I found the culprit was vcehaeb.dll (in system32) To delete it i had to kill all instances of explorer.exe (process explorer; a wonderful alternative to task manager, told me explorer was handling the dll) Then I ran a simple progam (Mplay32) and used the file-->open dialog to locate and destroy the little bastard.
No more pop-up in the notifications area :)
|
