View Full Version : virtuonde problem
frufrudad
2007-11-21, 17:34
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:00:49, on 2007-11-21
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.msn.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\dtv\EXPLBAR.DLL
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1187462065759
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{00AF2554-46A8-456F-B83D-ADB679B97EB0}: NameServer = 67.69.184.7 67.69.184.159
O17 - HKLM\System\CS1\Services\Tcpip\..\{00AF2554-46A8-456F-B83D-ADB679B97EB0}: NameServer = 67.69.184.7 67.69.184.159
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 8862 bytes
frufrudad
2007-11-21, 17:40
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, November 21, 2007 8:34:55 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 21/11/2007
Kaspersky Anti-Virus database records: 462486
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
Scan Statistics:
Total number of scanned objects: 152780
Number of viruses found: 18
Number of infected objects: 90
Number of suspicious objects: 0
Duration of the scan process: 06:58:22
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7cea2fce4e6a3349a45b5fdb81a4d6e8_94c1c2f4-2f93-4757-9e3e-44ae02e7dc6b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\BOPDATA\_Date-20071120_Time-131313542_EnterceptExceptions.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\BOPDATA\_Date-20071120_Time-131313542_EnterceptRules.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Db\Agent_DENIS.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Db\PrdMgr_DENIS.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\AccessProtectionLog.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\BufferOverflowProtectionLog.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\OnAccessScanLog.txt Object is locked skipped
C:\Documents and Settings\DenisL\Application Data\Sun\Java\Deployment\cache\6.0\24\9541718-72ee937c/HiPointInstallShieldRT.class Infected: Trojan-Downloader.Java.OpenConnection.ap skipped
C:\Documents and Settings\DenisL\Application Data\Sun\Java\Deployment\cache\6.0\24\9541718-72ee937c ZIP: infected - 1 skipped
C:\Documents and Settings\DenisL\Application Data\Sun\Java\Deployment\cache\6.0\29\3c8283dd-6e953045/HiPointInstallShieldRT.class Infected: Trojan-Downloader.Java.OpenConnection.ap skipped
C:\Documents and Settings\DenisL\Application Data\Sun\Java\Deployment\cache\6.0\29\3c8283dd-6e953045 ZIP: infected - 1 skipped
C:\Documents and Settings\DenisL\Application Data\Sun\Java\Deployment\cache\6.0\37\63380ea5-33c86629/HiPointInstallShieldRT.class Infected: Trojan-Downloader.Java.OpenConnection.ap skipped
C:\Documents and Settings\DenisL\Application Data\Sun\Java\Deployment\cache\6.0\37\63380ea5-33c86629 ZIP: infected - 1 skipped
C:\Documents and Settings\DenisL\Application Data\Sun\Java\Deployment\cache\6.0\56\3c28cc78-34ce1cc3/HiPointInstallShieldRT.class Infected: Trojan-Downloader.Java.OpenConnection.ap skipped
C:\Documents and Settings\DenisL\Application Data\Sun\Java\Deployment\cache\6.0\56\3c28cc78-34ce1cc3 ZIP: infected - 1 skipped
C:\Documents and Settings\DenisL\Application Data\Sun\Java\Deployment\cache\6.0\56\63160338-214ff5af/BlackBox.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\DenisL\Application Data\Sun\Java\Deployment\cache\6.0\56\63160338-214ff5af/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\DenisL\Application Data\Sun\Java\Deployment\cache\6.0\56\63160338-214ff5af/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped
C:\Documents and Settings\DenisL\Application Data\Sun\Java\Deployment\cache\6.0\56\63160338-214ff5af ZIP: infected - 3 skipped
C:\Documents and Settings\DenisL\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-16d1c3da-6f270ab0.zip/BlackBox.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\DenisL\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-16d1c3da-6f270ab0.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\DenisL\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-16d1c3da-6f270ab0.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped
C:\Documents and Settings\DenisL\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-16d1c3da-6f270ab0.zip ZIP: infected - 3 skipped
C:\Documents and Settings\DenisL\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\eRT.jar-27406485-74428b44.zip/HiPointInstallShieldRT.class Infected: Trojan-Downloader.Java.OpenConnection.ap skipped
C:\Documents and Settings\DenisL\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\eRT.jar-27406485-74428b44.zip ZIP: infected - 1 skipped
C:\Documents and Settings\DenisL\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\eRT.jar-4b6298a9-3bd4b1f2.zip/HiPointInstallShieldRT.class Infected: Trojan-Downloader.Java.OpenConnection.ap skipped
C:\Documents and Settings\DenisL\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\eRT.jar-4b6298a9-3bd4b1f2.zip ZIP: infected - 1 skipped
C:\Documents and Settings\DenisL\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\nRT.jar-50316a3b-33389e9d.zip/HiPointInstallShieldRT.class Infected: Trojan-Downloader.Java.OpenConnection.ap skipped
C:\Documents and Settings\DenisL\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\nRT.jar-50316a3b-33389e9d.zip ZIP: infected - 1 skipped
C:\Documents and Settings\DenisL\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\nRT.jar-74249065-4245ef36.zip/HiPointInstallShieldRT.class Infected: Trojan-Downloader.Java.OpenConnection.ap skipped
C:\Documents and Settings\DenisL\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\nRT.jar-74249065-4245ef36.zip ZIP: infected - 1 skipped
C:\Documents and Settings\DenisL\Application Data\winantiviruspro2007freeinstall_fr[1].exe Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
C:\Documents and Settings\DenisL\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\DenisL\Local Settings\Application Data\ApplicationHistory\cli.exe.c88dbd71.ini.inuse Object is locked skipped
C:\Documents and Settings\DenisL\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\DenisL\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\DenisL\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\DenisL\Local Settings\Historique\History.IE5\MSHist012007112020071121\index.dat Object is locked skipped
C:\Documents and Settings\DenisL\Local Settings\Temp\genumfde.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\Documents and Settings\DenisL\Local Settings\Temp\kqiunbiu.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\Documents and Settings\DenisL\Local Settings\Temp\Perflib_Perfdata_818.dat Object is locked skipped
C:\Documents and Settings\DenisL\Local Settings\Temp\Perflib_Perfdata_820.dat Object is locked skipped
C:\Documents and Settings\DenisL\Local Settings\Temp\Perflib_Perfdata_888.dat Object is locked skipped
C:\Documents and Settings\DenisL\Local Settings\Temp\qiqioeli.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\Documents and Settings\DenisL\Local Settings\Temp\qthjpijo.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\Documents and Settings\DenisL\Local Settings\Temp\wrxupgec.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\Documents and Settings\DenisL\Local Settings\Temp\xqhbdwhi.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\Documents and Settings\DenisL\Local Settings\Temp\~DF2DCD.tmp Object is locked skipped
C:\Documents and Settings\DenisL\Local Settings\Temp\~DF2E04.tmp Object is locked skipped
C:\Documents and Settings\DenisL\Local Settings\Temp\~DF4D99.tmp Object is locked skipped
C:\Documents and Settings\DenisL\Local Settings\Temp\~freesetup.exe/file01 Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
C:\Documents and Settings\DenisL\Local Settings\Temp\~freesetup.exe/file02/file01 Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
C:\Documents and Settings\DenisL\Local Settings\Temp\~freesetup.exe/file02 Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
C:\Documents and Settings\DenisL\Local Settings\Temp\~freesetup.exe/file18 Infected: not-a-virus:FraudTool.Win32.WinAntiVirus.2006 skipped
C:\Documents and Settings\DenisL\Local Settings\Temp\~freesetup.exe/file45 Infected: not-a-virus:FraudTool.Win32.BestSeller.a skipped
C:\Documents and Settings\DenisL\Local Settings\Temp\~freesetup.exe/file83 Infected: not-a-virus:Downloader.Win32.WinFixer.x skipped
C:\Documents and Settings\DenisL\Local Settings\Temp\~freesetup.exe Inno: infected - 6 skipped
C:\Documents and Settings\DenisL\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\DenisL\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\DenisL\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\DenisL\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\WINDOWS\CSC\00000001 Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\faf_017.exe Infected: Packed.Win32.Klone.j skipped
C:\WINDOWS\Internet Logs\DENIS.ldb Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{5321DCCB-3800-48B4-972D-3B29BB2DEA8C}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\auxgnvkl.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\dpadxykq.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\WINDOWS\system32\dpdrmpcb.dll Infected: Trojan.Win32.BHO.bw skipped
C:\WINDOWS\system32\drenbarq.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\WINDOWS\system32\drivers\fidbox.dat Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.idx Object is locked skipped
C:\WINDOWS\system32\dweveclg.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\WINDOWS\system32\fcfhrbmb.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\WINDOWS\system32\gpfbuolt.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\WINDOWS\system32\gsyvreai.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\WINDOWS\system32\gwsjaeis.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\hiultvvp.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\WINDOWS\system32\hyrooqkc.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\WINDOWS\system32\iflrgxmv.dll Infected: Trojan.Win32.BHO.bw skipped
C:\WINDOWS\system32\jdwxnwol.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\WINDOWS\system32\jmfvuwxo.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\WINDOWS\system32\jourkwdu.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\WINDOWS\system32\ktjvhsol.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\WINDOWS\system32\lcctpahi.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\WINDOWS\system32\lcgvoqxe.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\WINDOWS\system32\lhlnxsvm.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\WINDOWS\system32\llqvokjp.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kp skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\mhvioxih.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\WINDOWS\system32\mvxqurav.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kp skipped
C:\WINDOWS\system32\ncuycfmm.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\WINDOWS\system32\nnlkl.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.tm skipped
C:\WINDOWS\system32\oocmvyeu.exe Infected: Trojan-Downloader.Win32.Agent.dwq skipped
C:\WINDOWS\system32\oplparpb.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\WINDOWS\system32\orucrwmn.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\WINDOWS\system32\pgpuqfym.dll Infected: Trojan.Win32.BHO.hj skipped
C:\WINDOWS\system32\pqbocooj.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\WINDOWS\system32\pxwbxhqi.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\WINDOWS\system32\rgilsatc.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\WINDOWS\system32\rmvxfowh.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\WINDOWS\system32\rofwpcxd.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\WINDOWS\system32\rqrsqqq.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\WINDOWS\system32\rtaljjjc.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\WINDOWS\system32\skoqoywb.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\WINDOWS\system32\tqtoxxus.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\WINDOWS\system32\tsucscde.dll Infected: Trojan.Win32.BHO.bd skipped
C:\WINDOWS\system32\tvmerjxf.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\WINDOWS\system32\tvmmotdh.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\WINDOWS\system32\ufpjlovn.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\WINDOWS\system32\utvhgycu.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\WINDOWS\system32\waxcwdki.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\winnphgm.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\WINDOWS\system32\wpfnghdb.dll Infected: Trojan.Win32.BHO.hj skipped
C:\WINDOWS\system32\wvkucadu.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\WINDOWS\system32\wwloeqqq.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\WINDOWS\system32\xeuujcar.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\WINDOWS\Temp\hcqhkxgl.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\WINDOWS\Temp\macwhfab.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\WINDOWS\Temp\wygrfeif.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\WINDOWS\Temp\ZLT069f9.TMP Object is locked skipped
C:\WINDOWS\Temp\ZLT069fc.TMP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
Scan process completed.
Hello frufrudad and welcome to the Forums :)
You're infected.
Please rename HijackThis.exe to skanneri.exe
Please download VundoFix.exe (http://www.atribune.org/ccount/click.php?id=4) to your desktop.
Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt and a new HiJackThis log.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.
frufrudad
2007-11-22, 23:43
done as you ask, thank's for the help, reports below...
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:34:00, on 2007-11-22
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.msn.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {FA9EC40E-E8BE-4A72-BA33-1B2191FF9BC0} - C:\WINDOWS\system32\nnlkl.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\dtv\EXPLBAR.DLL
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1187462065759
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{00AF2554-46A8-456F-B83D-ADB679B97EB0}: NameServer = 67.69.184.7 67.69.184.159
O17 - HKLM\System\CS1\Services\Tcpip\..\{00AF2554-46A8-456F-B83D-ADB679B97EB0}: NameServer = 67.69.184.7 67.69.184.159
O20 - Winlogon Notify: hgghf - C:\WINDOWS\system32\hgghf.dll (file missing)
O20 - Winlogon Notify: xxyyabx - xxyyabx.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 9795 bytes
VundoFix V6.6.2
Checking Java version...
Java version is 1.5.0.7
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.10
Java version is 1.5.0.11
Scan started at 16:32:29 2007-11-22
Listing files found while scanning....
C:\windows\system32\aviwsydp.dll
C:\windows\system32\dpdrmpcb.dll
C:\windows\system32\dxcpwfor.ini
C:\windows\system32\exqwxsjy.dll
C:\windows\system32\iflrgxmv.dll
C:\windows\system32\jqtdvsej.dll
C:\windows\system32\jxqnurhw.dll
C:\windows\system32\kpqdcunh.dll
C:\WINDOWS\system32\lklnn.bak1
C:\WINDOWS\system32\lklnn.bak2
C:\WINDOWS\system32\lklnn.ini
C:\WINDOWS\system32\lklnn.ini2
C:\WINDOWS\system32\nnlkl.dll
C:\windows\system32\pgpuqfym.dll
C:\windows\system32\qkbjvllu.dll
C:\windows\system32\rofwpcxd.dll
C:\WINDOWS\system32\rqrsqqq.dll
C:\windows\system32\tsucscde.dll
C:\windows\system32\tushuqlu.ini
C:\windows\system32\ulquhsut.dll
C:\windows\system32\vxiytxmu.dll
C:\windows\system32\wpfnghdb.dll
C:\windows\system32\xlbqlull.dll
C:\windows\system32\yoghafjs.dll
Beginning removal...
Attempting to delete C:\windows\system32\aviwsydp.dll
C:\windows\system32\aviwsydp.dll Has been deleted!
Attempting to delete C:\windows\system32\dpdrmpcb.dll
C:\windows\system32\dpdrmpcb.dll Has been deleted!
Attempting to delete C:\windows\system32\dxcpwfor.ini
C:\windows\system32\dxcpwfor.ini Has been deleted!
Attempting to delete C:\windows\system32\exqwxsjy.dll
C:\windows\system32\exqwxsjy.dll Has been deleted!
Attempting to delete C:\windows\system32\iflrgxmv.dll
C:\windows\system32\iflrgxmv.dll Has been deleted!
Attempting to delete C:\windows\system32\jqtdvsej.dll
C:\windows\system32\jqtdvsej.dll Has been deleted!
Attempting to delete C:\windows\system32\jxqnurhw.dll
C:\windows\system32\jxqnurhw.dll Has been deleted!
Attempting to delete C:\windows\system32\kpqdcunh.dll
C:\windows\system32\kpqdcunh.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\lklnn.bak1
C:\WINDOWS\system32\lklnn.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\lklnn.bak2
C:\WINDOWS\system32\lklnn.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\lklnn.ini
C:\WINDOWS\system32\lklnn.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\lklnn.ini2
C:\WINDOWS\system32\lklnn.ini2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\nnlkl.dll
C:\WINDOWS\system32\nnlkl.dll Has been deleted!
Attempting to delete C:\windows\system32\pgpuqfym.dll
C:\windows\system32\pgpuqfym.dll Has been deleted!
Attempting to delete C:\windows\system32\qkbjvllu.dll
C:\windows\system32\qkbjvllu.dll Has been deleted!
Attempting to delete C:\windows\system32\rofwpcxd.dll
C:\windows\system32\rofwpcxd.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\rqrsqqq.dll
C:\WINDOWS\system32\rqrsqqq.dll Could not be deleted.
Attempting to delete C:\windows\system32\tsucscde.dll
C:\windows\system32\tsucscde.dll Has been deleted!
Attempting to delete C:\windows\system32\tushuqlu.ini
C:\windows\system32\tushuqlu.ini Has been deleted!
Attempting to delete C:\windows\system32\ulquhsut.dll
C:\windows\system32\ulquhsut.dll Has been deleted!
Attempting to delete C:\windows\system32\vxiytxmu.dll
C:\windows\system32\vxiytxmu.dll Has been deleted!
Attempting to delete C:\windows\system32\wpfnghdb.dll
C:\windows\system32\wpfnghdb.dll Has been deleted!
Attempting to delete C:\windows\system32\xlbqlull.dll
C:\windows\system32\xlbqlull.dll Has been deleted!
Attempting to delete C:\windows\system32\yoghafjs.dll
C:\windows\system32\yoghafjs.dll Has been deleted!
Performing Repairs to the registry.
Done!
Beginning removal...
Attempting to delete C:\WINDOWS\system32\rqrsqqq.dll
C:\WINDOWS\system32\rqrsqqq.dll Has been deleted!
Performing Repairs to the registry.
Done!
Hi again, we'll continue :)
You should print these instructions or save these to a text file. Follow these instructions carefully.
Download ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1) by Atribune to your desktop.
Do NOT run yet.
Run HijackThis, click Do a system scan only, and check the box next to each of these entries if still present. Close all other windows and press Fix checked. If something isn't there, please continue with the next entry in the list.
O2 - BHO: (no name) - {FA9EC40E-E8BE-4A72-BA33-1B2191FF9BC0} - C:\WINDOWS\system32\nnlkl.dll (file missing)
O20 - Winlogon Notify: hgghf - C:\WINDOWS\system32\hgghf.dll (file missing)
O20 - Winlogon Notify: xxyyabx - xxyyabx.dll (file missing)
Run ATF Cleaner Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
Download Dr.Web CureIt to the desktop -> ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
Restart your computer to the safe mode:
Restart your computer
Start tapping the F8 key when the computer restarts.
When the start menu opens, choose Safe mode
Press Enter. The computer then begins to start in Safe mode.
Run a scan with Dr.Web CureIt Doubleclick the drweb-cureit.exe file and Allow to run the express scan
This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
Once the short scan has finished, you should now mark the drives that you want to scan.
Select all drives. A red dot shows which drives have been chosen.
Click the green arrow at the right, and the scan will start.
Click 'Yes to all' if it asks if you want to cure/move the file.
When the scan has finished, look if you can click next icon next to the files found http://users.telenet.be/bluepatchy/miekiemoes/images/check.gif
If so, click it and then click the next icon right below and select Move incurable
After the scan, in the menu, click file and choose save report list
Save the report to your desktop. The report will be called DrWeb.csv
Close Dr.Web Cureit.
Reboot the computer in Normal Mode,
Post the Cure-it report and a fresh HijackThis log
frufrudad
2007-11-24, 03:28
Hi Jack
FYI since my last post, i update my java, delete all versions i had and install a freshly downloaded jre 6. I hope it is ok for you.
I dont know if my Dr Web scan is ok. Program was not showing as you describe it; done the short scan, select all drive, then yes to all when asked. When scan finished, done select all, quarantine (allfiles found during scan were deleted during he scan except one: fab-017.exe (adware.hotbot) witch must be now in quarantine.
Below HJT and DrWeb report as requested
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:56:15, on 2007-11-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.msn.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\dtv\EXPLBAR.DLL
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1187462065759
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 9292 bytes
winantiviruspro2007freeinstall_fr[1].exe C:\Documents and Settings\DenisL\Application Data Trojan.DownLoader.10963 Supprimé.
genumfde.exe C:\Documents and Settings\DenisL\Local Settings\Temp Trojan.Virtumod Supprimé.
kqiunbiu.exe C:\Documents and Settings\DenisL\Local Settings\Temp Trojan.Virtumod Supprimé.
qiqioeli.exe C:\Documents and Settings\DenisL\Local Settings\Temp Trojan.Virtumod Supprimé.
qthjpijo.exe C:\Documents and Settings\DenisL\Local Settings\Temp Trojan.Virtumod Supprimé.
wrxupgec.exe C:\Documents and Settings\DenisL\Local Settings\Temp Trojan.Virtumod Supprimé.
xqhbdwhi.exe C:\Documents and Settings\DenisL\Local Settings\Temp Trojan.Virtumod Supprimé.
aviwsydp.dll.bad C:\VundoFix Backups Trojan.Virtumod Supprimé.
dpdrmpcb.dll.bad C:\VundoFix Backups Trojan.Virtumod Supprimé.
exqwxsjy.dll.bad C:\VundoFix Backups Trojan.Virtumod Supprimé.
iflrgxmv.dll.bad C:\VundoFix Backups Trojan.Virtumod Supprimé.
jqtdvsej.dll.bad C:\VundoFix Backups Trojan.Virtumod Supprimé.
jxqnurhw.dll.bad C:\VundoFix Backups Trojan.Virtumod Supprimé.
kpqdcunh.dll.bad C:\VundoFix Backups Trojan.Virtumod Supprimé.
nnlkl.dll.bad C:\VundoFix Backups Trojan.Virtumod Supprimé.
pgpuqfym.dll.bad C:\VundoFix Backups Trojan.Virtumod Supprimé.
qkbjvllu.dll.bad C:\VundoFix Backups Trojan.Virtumod Supprimé.
rofwpcxd.dll.bad C:\VundoFix Backups Trojan.Virtumod Supprimé.
rqrsqqq.dll.bad C:\VundoFix Backups Trojan.Virtumod Supprimé.
tsucscde.dll.bad C:\VundoFix Backups Trojan.Virtumod Supprimé.
ulquhsut.dll.bad C:\VundoFix Backups Trojan.Virtumod Supprimé.
vxiytxmu.dll.bad C:\VundoFix Backups Trojan.Virtumod Supprimé.
wpfnghdb.dll.bad C:\VundoFix Backups Trojan.Virtumod Supprimé.
xlbqlull.dll.bad C:\VundoFix Backups Trojan.Virtumod Supprimé.
yoghafjs.dll.bad C:\VundoFix Backups Trojan.Virtumod Supprimé.
faf_017.exe C:\WINDOWS Adware.Hotbot Quarantaine.
auxgnvkl.exe C:\WINDOWS\system32 Trojan.Virtumod Supprimé.
chpcxgqx.dll C:\WINDOWS\system32 Trojan.Virtumod Supprimé.
ctksoidy.dll C:\WINDOWS\system32 Trojan.Virtumod Supprimé.
ddvokdbq.dll C:\WINDOWS\system32 Trojan.Virtumod Supprimé.
dpadxykq.exe C:\WINDOWS\system32 Trojan.Virtumod Supprimé.
drenbarq.exe C:\WINDOWS\system32 Trojan.Virtumod Supprimé.
dweveclg.exe C:\WINDOWS\system32 Trojan.Virtumod Supprimé.
ekhpqasq.dll C:\WINDOWS\system32 Trojan.Virtumod Supprimé.
fcfhrbmb.exe C:\WINDOWS\system32 Trojan.Virtumod Supprimé.
gpfbuolt.exe C:\WINDOWS\system32 Trojan.Virtumod Supprimé.
gsyvreai.exe C:\WINDOWS\system32 Trojan.Virtumod Supprimé.
gwsjaeis.exe C:\WINDOWS\system32 Trojan.EzulaAd Supprimé.
hiultvvp.exe C:\WINDOWS\system32 Trojan.Virtumod Supprimé.
hyrooqkc.exe C:\WINDOWS\system32 Trojan.Virtumod Supprimé.
jdwxnwol.exe C:\WINDOWS\system32 Trojan.Virtumod Supprimé.
jmfvuwxo.exe C:\WINDOWS\system32 Trojan.Virtumod Supprimé.
jourkwdu.exe C:\WINDOWS\system32 Trojan.EzulaAd Supprimé.
ktjvhsol.exe C:\WINDOWS\system32 Trojan.Virtumod Supprimé.
lcctpahi.exe C:\WINDOWS\system32 Trojan.Virtumod Supprimé.
lcgvoqxe.exe C:\WINDOWS\system32 Trojan.Virtumod Supprimé.
lhlnxsvm.exe C:\WINDOWS\system32 Trojan.Virtumod Supprimé.
lknlkhcw.dll C:\WINDOWS\system32 Trojan.Virtumod Supprimé.
llqvokjp.dll C:\WINDOWS\system32 Trojan.Virtumod Supprimé.
ltnqyrss.dll C:\WINDOWS\system32 Trojan.Virtumod Supprimé.
mhvioxih.exe C:\WINDOWS\system32 Trojan.EzulaAd Supprimé.
mvxqurav.dll C:\WINDOWS\system32 Trojan.Virtumod Supprimé.
ncuycfmm.exe C:\WINDOWS\system32 Trojan.EzulaAd Supprimé.
ntoklnjd.dll C:\WINDOWS\system32 Trojan.Virtumod Supprimé.
ohrvdgdk.dll C:\WINDOWS\system32 Trojan.Virtumod Supprimé.
oocmvyeu.exe C:\WINDOWS\system32 Trojan.Virtumod Supprimé.
oplparpb.exe C:\WINDOWS\system32 Trojan.Virtumod Supprimé.
orucrwmn.exe C:\WINDOWS\system32 Trojan.EzulaAd Supprimé.
pqbocooj.exe C:\WINDOWS\system32 Trojan.Virtumod Supprimé.
pxwbxhqi.exe C:\WINDOWS\system32 Trojan.EzulaAd Supprimé.
qtaermmf.dll C:\WINDOWS\system32 Trojan.Virtumod Supprimé.
rgilsatc.exe C:\WINDOWS\system32 Trojan.Virtumod Supprimé.
rmvxfowh.exe C:\WINDOWS\system32 Trojan.Virtumod Supprimé.
rtaljjjc.exe C:\WINDOWS\system32 Trojan.Virtumod Supprimé.
rtcflrqm.dll C:\WINDOWS\system32 Trojan.Virtumod Supprimé.
seislwol.dll C:\WINDOWS\system32 Trojan.Virtumod Supprimé.
skoqoywb.exe C:\WINDOWS\system32 Trojan.Virtumod Supprimé.
tqtoxxus.exe C:\WINDOWS\system32 Trojan.Virtumod Supprimé.
tvmerjxf.exe C:\WINDOWS\system32 Trojan.EzulaAd Supprimé.
tvmmotdh.exe C:\WINDOWS\system32 Trojan.EzulaAd Supprimé.
ufpjlovn.exe C:\WINDOWS\system32 Trojan.Virtumod Supprimé.
utvhgycu.exe C:\WINDOWS\system32 Trojan.Virtumod Supprimé.
vuimupdr.dll C:\WINDOWS\system32 Trojan.Virtumod Supprimé.
vxioerwu.dll C:\WINDOWS\system32 Trojan.Virtumod Supprimé.
waxcwdki.exe C:\WINDOWS\system32 Trojan.EzulaAd Supprimé.
winnphgm.exe C:\WINDOWS\system32 Trojan.EzulaAd Supprimé.
wvkucadu.exe C:\WINDOWS\system32 Trojan.Virtumod Supprimé.
wwloeqqq.exe C:\WINDOWS\system32 Trojan.EzulaAd Supprimé.
xeuujcar.exe C:\WINDOWS\system32 Trojan.Virtumod Supprimé.
hcqhkxgl.exe C:\WINDOWS\Temp Trojan.Virtumod Supprimé.
wygrfeif.exe C:\WINDOWS\Temp Trojan.Virtumod Supprimé.
Ok we'll run one more tool just in case...
1. Download this file - combofix.exe (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
frufrudad
2007-11-25, 04:37
ComboFix 07-11-19.3 - DenisL 2007-11-24 21:56:28.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.127 [GMT -5:00]
Running from: C:\Documents and Settings\DenisL\Bureau\ComboFix.exe
* Created a new restore point
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\DenisL\Application Data\DriveCleaner Free
C:\Documents and Settings\DenisL\Application Data\DriveCleaner Free\Logs\update.log
C:\WINDOWS\cookies.ini
c:\WINDOWS\system32\seolcpisr.dat
C:\WINDOWS\system32\seolcpisr.exe
C:\WINDOWS\system32\seolcpisr_nav.dat
C:\WINDOWS\system32\seolcpisr_navps.dat
C:\WINDOWS\system32\stera.log
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_FOPN
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-10-25 to 2007-11-25 ))))))))))))))))))))))))))))))))))))
.
2007-11-23 15:54 <REP> d-------- C:\Documents and Settings\DenisL\DoctorWeb
2007-11-23 09:49 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-11-23 09:48 5,532 --a------ C:\WINDOWS\system32\jupdate-1.6.0_03-b05.log
2007-11-23 09:47 <REP> d-------- C:\Program Files\Fichiers communs\Java
2007-11-22 16:32 <REP> d-------- C:\VundoFix Backups
2007-11-21 10:58 <REP> d-------- C:\Program Files\Trend Micro
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-25 03:09 6,379,552 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2007-11-25 03:07 77,876 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2007-11-23 14:49 --------- d-----w C:\Program Files\Java
2007-10-22 02:31 --------- d-----w C:\Program Files\Picasa2
2007-10-21 13:31 --------- d-----w C:\Program Files\MSN Messenger
2007-10-21 13:11 --------- d-----w C:\Program Files\Microsoft IntelliPoint
2007-10-08 21:19 --------- d-----w C:\Program Files\Microsoft Games
2007-09-30 18:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Creative
2007-09-30 18:20 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-09-30 18:18 --------- d-----w C:\Program Files\Creative
2007-09-30 18:14 --------- d--h--w C:\Program Files\Creative Installation Information
2007-09-30 18:05 --------- d-----w C:\Program Files\Fichiers communs\Creative
2007-09-06 21:14 75,248 ----a-w C:\WINDOWS\zllsputility.exe
2007-09-06 21:14 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
2007-06-26 01:39 6,409 --sh--w C:\WINDOWS\system32\fhggh.bak1
2007-07-01 14:01 1,244,273 --sh--w C:\WINDOWS\system32\fhggh.bak2
2007-07-02 21:06 1,245,366 --sh--w C:\WINDOWS\system32\fhggh.ini2
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATI DeviceDetect"="C:\Program Files\ATI Multimedia\main\ATIDtct.EXE" [2005-12-23 00:20]
"Steam"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 07:00]
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-26 19:26]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 16:41]
"type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 03:51]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2004-06-03 03:50]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-08-18 08:00]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 03:50]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-24 02:24]
"Network Associates Error Reporting Service"="C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe" [2003-10-07 09:48]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-09-06 16:14]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 07:00]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-09-27 20:17]
R1 NaiAvTdi1;NaiAvTdi1;C:\WINDOWS\system32\drivers\mvstdi5x.sys
R3 dpK0Bx01;Pilote supérieur de lecteur d'empreintes digitales;C:\WINDOWS\system32\DRIVERS\dpK0Bx01.sys
R3 UsbdpFP;Pilote de classe Lecteur d'empreintes digitales;C:\WINDOWS\system32\DRIVERS\UsbdpFP.sys
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{00e1bc70-f52c-11db-853a-0050bae125f1}]
\Shell\AutoRun\command - H:\LaunchU3.exe
*Newly Created Service* - ENTDRV51
.
**************************************************************************
catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-24 22:11:22
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-11-24 22:14:19 - machine was rebooted
.
--- E O F ---
Hi, we'll continue :)
Open notepad and copy/paste the text in the quotebox below into it:
File::
C:\WINDOWS\system32\fhggh.bak1
C:\WINDOWS\system32\fhggh.bak2
C:\WINDOWS\system32\fhggh.ini2
Save this as "CFScript"
http://img.photobucket.com/albums/v666/sUBs/CFScript.gif
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.
Please do an online scan with Kaspersky WebScanner (http://www.kaspersky.com/virusscanner)
Click on Kaspersky Online Scanner
You will be promted to install an ActiveX component from Kaspersky, Click Yes.
The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT
Now click on Scan Settings
In the scan settings make that the following are selected:
Scan using the following Anti-Virus database:
Extended (if available otherwise Standard)
Scan Options:
Scan Archives
Scan Mail Bases
Click OK
Now under select a target to scan:Select My Computer
This will program will start and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
Now click on the Save as Text button:
Save the file to your desktop.
Copy and paste that information in your next post.
Also please let me know how the pc is running now.
frufrudad
2007-11-25, 19:18
Hi Jack
FYI both times i ran the combofix scan, i run it with my internet acces off. Both times my zone alarm firewall warn me for 6-7 times that ¨nircmd.cfexe¨ was trying to acces the internet thrusted zone. I denied the acces every times. Only file i found looking like this on my computer is c:\windows\preftech\nircmd.cfexe-19ff4781.pr
below are combofix rep. and the HJT report. I will run the kasperby scan tonight and send it in 20 hours aprox.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:03:02, on 2007-11-25
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.msn.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\dtv\EXPLBAR.DLL
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1187462065759
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 9153 bytes
ComboFix 07-11-19.3 - DenisL 2007-11-25 12:46:06.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.104 [GMT -5:00]
Running from: C:\Documents and Settings\DenisL\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\DenisL\Bureau\CFScript.txt
* Created a new restore point
FILE
C:\WINDOWS\system32\fhggh.bak1
C:\WINDOWS\system32\fhggh.bak2
C:\WINDOWS\system32\fhggh.ini2
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\fhggh.bak1
C:\WINDOWS\system32\fhggh.bak2
C:\WINDOWS\system32\fhggh.ini2
.
((((((((((((((((((((((((((((( Fichiers créés 2007-10-25 to 2007-11-25 ))))))))))))))))))))))))))))))))))))
.
2007-11-23 15:54 <REP> d-------- C:\Documents and Settings\DenisL\DoctorWeb
2007-11-23 09:49 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-11-23 09:48 5,532 --a------ C:\WINDOWS\system32\jupdate-1.6.0_03-b05.log
2007-11-23 09:47 <REP> d-------- C:\Program Files\Fichiers communs\Java
2007-11-22 16:32 <REP> d-------- C:\VundoFix Backups
2007-11-21 10:58 <REP> d-------- C:\Program Files\Trend Micro
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-25 17:51 6,461,472 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2007-11-25 04:53 78,380 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2007-11-23 14:49 --------- d-----w C:\Program Files\Java
2007-10-22 02:31 --------- d-----w C:\Program Files\Picasa2
2007-10-21 13:31 --------- d-----w C:\Program Files\MSN Messenger
2007-10-21 13:11 --------- d-----w C:\Program Files\Microsoft IntelliPoint
2007-10-08 21:19 --------- d-----w C:\Program Files\Microsoft Games
2007-09-30 18:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Creative
2007-09-30 18:20 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-09-30 18:18 --------- d-----w C:\Program Files\Creative
2007-09-30 18:14 --------- d--h--w C:\Program Files\Creative Installation Information
2007-09-30 18:05 --------- d-----w C:\Program Files\Fichiers communs\Creative
2007-09-06 21:14 75,248 ----a-w C:\WINDOWS\zllsputility.exe
2007-09-06 21:14 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATI DeviceDetect"="C:\Program Files\ATI Multimedia\main\ATIDtct.EXE" [2005-12-23 00:20]
"Steam"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 07:00]
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-26 19:26]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 16:41]
"type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 03:51]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2004-06-03 03:50]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-08-18 08:00]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 03:50]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-24 02:24]
"Network Associates Error Reporting Service"="C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe" [2003-10-07 09:48]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-09-06 16:14]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 07:00]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-09-27 20:17]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-04-06 01:17:18]
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 01:06:58]
R1 NaiAvTdi1;NaiAvTdi1;C:\WINDOWS\system32\drivers\mvstdi5x.sys
R3 dpK0Bx01;Pilote supérieur de lecteur d'empreintes digitales;C:\WINDOWS\system32\DRIVERS\dpK0Bx01.sys
R3 UsbdpFP;Pilote de classe Lecteur d'empreintes digitales;C:\WINDOWS\system32\DRIVERS\UsbdpFP.sys
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{00e1bc70-f52c-11db-853a-0050bae125f1}]
\Shell\AutoRun\command - H:\LaunchU3.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3535a2c4-92be-11da-8297-806d6172696f}]
\Shell\AutoRun\command - G:\autostart.exe
.
**************************************************************************
catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-25 12:52:15
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-11-25 12:53:55
C:\ComboFix2.txt ... 2007-11-24 22:14
.
--- E O F ---
frufrudad
2007-11-26, 13:42
Hi Jack, computer running way better , no more pop-ups,faster internet, evrething seems ok.
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, November 26, 2007 7:26:59 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 26/11/2007
Kaspersky Anti-Virus database records: 465721
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
Scan Statistics:
Total number of scanned objects: 102864
Number of viruses found: 4
Number of infected objects: 13
Number of suspicious objects: 0
Duration of the scan process: 05:38:30
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7cea2fce4e6a3349a45b5fdb81a4d6e8_94c1c2f4-2f93-4757-9e3e-44ae02e7dc6b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\BOPDATA\_Date-20071125_Time-233024914_EnterceptExceptions.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\BOPDATA\_Date-20071125_Time-233024914_EnterceptRules.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Db\Agent_DENIS.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Db\PrdMgr_DENIS.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\AccessProtectionLog.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\BufferOverflowProtectionLog.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\OnAccessScanLog.txt Object is locked skipped
C:\Documents and Settings\DenisL\Application Data\Sun\Java\Deployment\cache\6.0\24\9541718-72ee937c/HiPointInstallShieldRT.class Infected: Trojan-Downloader.Java.OpenConnection.ap skipped
C:\Documents and Settings\DenisL\Application Data\Sun\Java\Deployment\cache\6.0\24\9541718-72ee937c ZIP: infected - 1 skipped
C:\Documents and Settings\DenisL\Application Data\Sun\Java\Deployment\cache\6.0\29\3c8283dd-6e953045/HiPointInstallShieldRT.class Infected: Trojan-Downloader.Java.OpenConnection.ap skipped
C:\Documents and Settings\DenisL\Application Data\Sun\Java\Deployment\cache\6.0\29\3c8283dd-6e953045 ZIP: infected - 1 skipped
C:\Documents and Settings\DenisL\Application Data\Sun\Java\Deployment\cache\6.0\37\63380ea5-33c86629/HiPointInstallShieldRT.class Infected: Trojan-Downloader.Java.OpenConnection.ap skipped
C:\Documents and Settings\DenisL\Application Data\Sun\Java\Deployment\cache\6.0\37\63380ea5-33c86629 ZIP: infected - 1 skipped
C:\Documents and Settings\DenisL\Application Data\Sun\Java\Deployment\cache\6.0\56\3c28cc78-34ce1cc3/HiPointInstallShieldRT.class Infected: Trojan-Downloader.Java.OpenConnection.ap skipped
C:\Documents and Settings\DenisL\Application Data\Sun\Java\Deployment\cache\6.0\56\3c28cc78-34ce1cc3 ZIP: infected - 1 skipped
C:\Documents and Settings\DenisL\Application Data\Sun\Java\Deployment\cache\6.0\56\63160338-214ff5af/BlackBox.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\DenisL\Application Data\Sun\Java\Deployment\cache\6.0\56\63160338-214ff5af/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\DenisL\Application Data\Sun\Java\Deployment\cache\6.0\56\63160338-214ff5af/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped
C:\Documents and Settings\DenisL\Application Data\Sun\Java\Deployment\cache\6.0\56\63160338-214ff5af ZIP: infected - 3 skipped
C:\Documents and Settings\DenisL\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\DenisL\DoctorWeb\Quarantine\faf_017.exe Infected: Packed.Win32.Klone.j skipped
C:\Documents and Settings\DenisL\Local Settings\Application Data\ApplicationHistory\cli.exe.c88dbd71.ini.inuse Object is locked skipped
C:\Documents and Settings\DenisL\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\DenisL\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\DenisL\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\DenisL\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\DenisL\Local Settings\Historique\History.IE5\MSHist012007112620071127\index.dat Object is locked skipped
C:\Documents and Settings\DenisL\Local Settings\Temp\Perflib_Perfdata_7b8.dat Object is locked skipped
C:\Documents and Settings\DenisL\Local Settings\Temp\Perflib_Perfdata_fd4.dat Object is locked skipped
C:\Documents and Settings\DenisL\Local Settings\Temp\Perflib_Perfdata_ff4.dat Object is locked skipped
C:\Documents and Settings\DenisL\Local Settings\Temp\~DFF701.tmp Object is locked skipped
C:\Documents and Settings\DenisL\Local Settings\Temp\~DFF73F.tmp Object is locked skipped
C:\Documents and Settings\DenisL\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\DenisL\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\DenisL\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{67E77431-88EB-4BA1-A94F-263D6629576C}\RP3\change.log Object is locked skipped
C:\WINDOWS\CSC\00000001 Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\DENIS.ldb Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.dat Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.idx Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\ZLT048d2.TMP Object is locked skipped
C:\WINDOWS\Temp\ZLT048d5.TMP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
Scan process completed.
Hi again, it is looking clean now :)
Some lefotvers in Java cache.
Download ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1) by Atribune to your desktop.
Run ATF Cleaner Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
You can remove the tools we used.
Then you should update your Java to the latest version (6u3) Start
Control Panel
Add/Remove Programs
Delete the old Java,
J2SE Runtime Environment 5.0 Update 7
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 6.0 Update 1
Download the latest version of Java Runtime Environment (JRE) 6u3 (http://java.sun.com/javase/downloads/index.jsp).
Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications."
Click the "Download" button to the right.
Check the box that says: "Accept License Agreement."
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Install it
=============
Now that you seem to be clean, please follow these simple steps in order to keep your computer clean and secure:
Clear your system restore (http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/mcgill1.mspx)
This will clear the system restore folders from possible malware that was left behind during the cleaning process.
Use ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1)
Download and install ATF Cleaner. Clean your temporary files & folders with it regularly.
Use Ad-Aware (http://www.bleepingcomputer.com/forums/?showtutorial=48)
Download and install Ad-Aware. Update it and scan your computer regularly with it.
Use AVG Anti-Spyware (http://www.ewido.net/en/)
Download and install AVG Anti-Spyware. Update it and scan your computer regularly with it.
Use Spybot S&D (http://www.bleepingcomputer.com/forums/?showtutorial=43)
Download and install Spybot S&D. Update it and scan your computer regularly with it.
Install SpywareBlaster (http://www.bleepingcomputer.com/tutorials/tutorial49.html)
SpywareBlaster will prevent spyware from being installed.
Install MVPS Hosts file (http://mvps.org/winhelp2002/hosts.htm)
This prevents your computer from connecting to harmful sites.
Use Firefox browser (http://www.mozilla.org)
Firefox is faster and more secure browser than Internet Explorer.
Keep your systen up-to-date (http://windowsupdate.microsoft.com)
Visit Windows Update regularly. How to enable Automatic Updates? (http://www.bleepingcomputer.com/tutorials/tutorial35.html)
Keep your antivirus (http://forum.malwareremoval.com/viewtopic.php?p=53#53) and firewall (http://forum.malwareremoval.com/viewtopic.php?p=56#56) up-to-date
Scan your computer regularly with you antivirus software.
Read this article by TonyKlein (http://forums.spybot.info/showthread.php?t=279)
So how did I get infected in the first place?
Stand Up and Be Counted ! (http://www.malwarecomplaints.info/index.php)
The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.
Stay clean and be safe ;)
frufrudad
2007-11-28, 04:44
Hi Jack,
I have done all off the last instructions you gave me except for Firefox... not ready yet... will think about it.
Computer is running good, fast and without pop-ups.
Thank you so mutch for your professionnal help.
Merci beaucoup pour votre excellent support,
Salutations,
Terveiset,
Denis L.
Quebec, Canada
That's great news and you're very welcome (Ole hyvä ;)) :D:
As the problem appears to be resolved this topic has been archived.
If you need it re-opened please send a private message (pm) to a forum staff member and provide a link to the thread; this applies only to the original topic starter.
Glad we could help :2thumb: