Page 2 of 2 FirstFirst 12
Results 11 to 15 of 15

Thread: "21.exe" virus ou "46.exe" virus and so on...

  1. #11
    Junior Member
    Join Date
    Feb 2008
    Location
    Paris
    Posts
    9

    Default Here are all the logs (third part).

    Remaining Services :



    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
    "C:\\Program Files\\Windows Media Player\\wmplayer.exe"="C:\\Program Files\\Windows Media Player\\wmplayer.exe:*:Enabled:Lecteur Windows Media"
    "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
    "C:\\Program Files\\Blubster\\Blubster.exe"="C:\\Program Files\\Blubster\\Blubster.exe:*:Enabled:Blubster"
    "C:\\DOCUME~1\\Yann\\LOCALS~1\\Temp\\72.exe"="C:\\DOCUME~1\\Yann\\LOCALS~1\\Temp\\72.exe:*:Enabled:@xpsp2res.dll,-22005"
    "C:\\DOCUME~1\\Yann\\LOCALS~1\\Temp\\50.exe"="C:\\DOCUME~1\\Yann\\LOCALS~1\\Temp\\50.exe:*:Enabled:@xpsp2res.dll,-22005"
    "C:\\DOCUME~1\\Yann\\LOCALS~1\\Temp\\75.exe"="C:\\DOCUME~1\\Yann\\LOCALS~1\\Temp\\75.exe:*:Enabled:@xpsp2res.dll,-22005"
    "C:\\DOCUME~1\\Yann\\LOCALS~1\\Temp\\21.exe"="C:\\DOCUME~1\\Yann\\LOCALS~1\\Temp\\21.exe:*:Enabled:@xpsp2res.dll,-22005"
    "C:\\DOCUME~1\\Yann\\LOCALS~1\\Temp\\86.exe"="C:\\DOCUME~1\\Yann\\LOCALS~1\\Temp\\86.exe:*:Enabled:@xpsp2res.dll,-22005"
    "C:\\DOCUME~1\\Yann\\LOCALS~1\\Temp\\12.exe"="C:\\DOCUME~1\\Yann\\LOCALS~1\\Temp\\12.exe:*:Enabled:@xpsp2res.dll,-22005"
    "C:\\DOCUME~1\\Yann\\LOCALS~1\\Temp\\46.exe"="C:\\DOCUME~1\\Yann\\LOCALS~1\\Temp\\46.exe:*:Enabled:@xpsp2res.dll,-22005"
    "C:\\DOCUME~1\\Yann\\LOCALS~1\\Temp\\05.exe"="C:\\DOCUME~1\\Yann\\LOCALS~1\\Temp\\05.exe:*:Enabled:@xpsp2res.dll,-22005"
    "C:\\DOCUME~1\\Yann\\LOCALS~1\\Temp\\78.exe"="C:\\DOCUME~1\\Yann\\LOCALS~1\\Temp\\78.exe:*:Enabled:@xpsp2res.dll,-22005"
    "C:\\DOCUME~1\\Yann\\LOCALS~1\\Temp\\56.exe"="C:\\DOCUME~1\\Yann\\LOCALS~1\\Temp\\56.exe:*:Enabled:@xpsp2res.dll,-22005"
    "C:\\DOCUME~1\\Yann\\LOCALS~1\\Temp\\76.exe"="C:\\DOCUME~1\\Yann\\LOCALS~1\\Temp\\76.exe:*:Enabled:@xpsp2res.dll,-22005"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

    Remaining Files :


    File Backups: - C:\SDFix\backups\backups.zip

    Files with Hidden Attributes :

    Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
    Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
    Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
    Thu 14 Dec 2006 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
    Mon 22 Aug 2005 29,184 A..H. --- "C:\Documents and Settings\Yann\Mes documents\CV Yann\~WRL3833.tmp"
    Wed 24 Aug 2005 22,016 A..H. --- "C:\Documents and Settings\Yann\Mes documents\CV Yann\~WRL4087.tmp"
    Tue 19 Feb 2008 224,734 ...HR --- "C:\WINDOWS\system32\drivers\etc\Hosts.bak"
    Mon 24 Sep 2007 34,304 A..H. --- "C:\Documents and Settings\Yann\Mes documents\1900 Boss‚e ancien temps\Photos Boss‚e\~WRL2366.tmp"
    Mon 22 Aug 2005 28,160 A..H. --- "C:\Documents and Settings\Yann\Mes documents\CV Yann\37\~WRL4035.tmp"
    Fri 23 Jun 2006 142,336 A..H. --- "C:\Documents and Settings\Yann\Mes documents\DGA\R‚union du 15062006\~WRL2857.tmp"
    Tue 7 Feb 2006 28,160 A..H. --- "C:\Documents and Settings\Yann\Mes documents\Copropri‚t‚\Assembl‚es g‚n‚rales\AG 2006\~WRL1227.tmp"
    Tue 7 Feb 2006 28,160 A..H. --- "C:\Documents and Settings\Yann\Mes documents\Copropri‚t‚\Assembl‚es g‚n‚rales\AG 2006\~WRL3722.tmp"
    Mon 19 Feb 2007 27,136 A..H. --- "C:\Documents and Settings\Yann\Mes documents\Copropri‚t‚\Assembl‚es g‚n‚rales\AG 2007\~WRL2294.tmp"
    Mon 12 Sep 2005 31,744 A..H. --- "C:\Documents and Settings\Yann\Mes documents\Copropri‚t‚\Assurance\D‚gƒt 2005\~WRL3862.tmp"
    Wed 28 May 2003 65,088 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\3COM 3c556 Packet\3C556.COM"
    Wed 28 May 2003 12,732 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\3COM 3c509 Packet\3C5X9PD.COM"
    Wed 28 May 2003 26,424 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\3COM 3c59x Packet\3C59XPD.COM"
    Wed 28 May 2003 28,062 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1207F Packet\EN5251PD.COM"
    Wed 28 May 2003 10,710 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1207C Packet\PCIPD.COM"
    Wed 28 May 2003 10,083 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1207D Packet\ACCPKT.COM"
    Wed 28 May 2003 10,257 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1207TX Packet\PCIPD.COM"
    Wed 28 May 2003 29,499 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1203 Packet\PCIPD.COM"
    Wed 28 May 2003 12,660 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1204 Packet\VLNWPD.COM"
    Wed 28 May 2003 11,031 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1207 Packet\PCIPD.COM"
    Wed 28 May 2003 17,952 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1200 Packet\EC32PD.COM"
    Wed 28 May 2003 9,424 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1208 Packet\1208PD.COM"
    Wed 28 May 2003 7,825 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1650 Packet\NWPD.COM"
    Wed 28 May 2003 13,673 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1640 Packet\NWPD.COM"
    Wed 28 May 2003 14,438 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1658 Packet\NWPD.COM"
    Wed 28 May 2003 7,825 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN166X Packet\NWPD.COM"
    Wed 28 May 2003 7,825 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1651 Packet\NWPD.COM"
    Wed 28 May 2003 7,825 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1652 Packet\NWPD.COM"
    Wed 28 May 2003 7,243 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1653 Packet\NE2PD.COM"
    Wed 28 May 2003 24,767 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN2216 Packet\PCMPD.COM"
    Wed 28 May 2003 7,463 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1625 Packet\NEPD.COM"
    Wed 28 May 2003 7,825 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1656 Packet\NWPD.COM"
    Wed 28 May 2003 10,286 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN2228 Packet\PCMPD.COM"
    Wed 28 May 2003 25,460 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN2218 Packet\PCMPD.COM"
    Wed 28 May 2003 28,866 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN2320 Packet\EN5251PD.COM"
    Wed 28 May 2003 14,438 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1657 Packet\NWPD.COM"
    Wed 28 May 2003 8,544 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\CATC USB Ethernet\Elndis.sys"
    Wed 28 May 2003 33,149 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\CATC USB Ethernet\Usbd.sys"
    Wed 28 May 2003 51,150 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPI1394.SYS"
    Wed 28 May 2003 35,340 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPI2DOS.SYS"
    Wed 28 May 2003 14,378 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPI4DOS.SYS"
    Wed 28 May 2003 37,984 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPI8DOS.SYS"
    Wed 28 May 2003 44,828 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPI8U2.SYS"
    Wed 28 May 2003 29,628 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPICD.SYS"
    Wed 28 May 2003 52,106 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPIEHCI.SYS"
    Wed 28 May 2003 49,250 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPIOHCI.SYS"
    Wed 28 May 2003 50,600 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPIUHCI.SYS"
    Wed 28 May 2003 161,792 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\BOOTSRV.SYS"
    Wed 28 May 2003 174,080 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\bootsrv16.sys"
    Wed 28 May 2003 21,971 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\BTCDROM.SYS"
    Wed 28 May 2003 30,955 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\BTDOSM.SYS"
    Wed 28 May 2003 202,517 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\CMDS.EXE"
    Wed 28 May 2003 374,038 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\CMDS16.EXE"
    Wed 28 May 2003 22,158 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\COUNTRY.SYS"
    Wed 28 May 2003 1,608 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\DEVICE.COM"
    Wed 28 May 2003 15,345 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\DISPLAY.SYS"
    Wed 28 May 2003 7,840 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\DLSHELP.SYS"
    Wed 28 May 2003 56,821 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\E.EXE"
    Wed 28 May 2003 64,425 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\FLASHPT.SYS"
    Wed 28 May 2003 32,396 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\GUEST.EXE"
    Wed 28 May 2003 14,160 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\HIMEM.SYS"
    Wed 28 May 2003 10,898 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\KEYB.COM"
    Wed 28 May 2003 53,556 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\KEYBOARD.SYS"
    Wed 28 May 2003 15,777 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\MODE.COM"
    Wed 28 May 2003 37,681 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\MOUSE.COM"
    Wed 28 May 2003 354,304 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\msbootsrv16.sys"
    Wed 28 May 2003 21,180 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\MSCDEX.EXE"
    Wed 28 May 2003 354,263 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\Net.exe"
    Wed 28 May 2003 8,513 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\NETBIND.COM"
    Wed 28 May 2003 41,302 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\OAKCDROM.SYS"
    Wed 28 May 2003 129,240 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\OHCI.EXE"
    Wed 28 May 2003 28,439 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\Paralink.com"
    Wed 28 May 2003 13,770 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\PROTMAN.EXE"
    Wed 28 May 2003 130,980 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\UHCI.EXE"
    Wed 28 May 2003 11,854 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DEC EtherWorks ISA (DE305) Packet\DE305.COM"
    Wed 28 May 2003 52,715 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DEC EtherWORKS DE450 Packet\DE450.COM"
    Wed 28 May 2003 62,391 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DEC EtherWORKS DE500 Packet\DE500.COM"
    Wed 28 May 2003 11,491 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DLink DMF560-TX Packet\Lmpd.com"
    Wed 28 May 2003 17,791 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DLink DT620 Packet\Dt620pd.com"
    Wed 28 May 2003 17,043 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DLink DE400 Packet\De400pd.com"
    Wed 28 May 2003 11,786 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\IBM Crystal LAN Packet\Epktisa.com"
    Wed 28 May 2003 18,300 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Kingston EtheRx KNE110TX Packet\Ktc110p.com"
    Wed 28 May 2003 48,224 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Laneed LD 10-100AL Packet\L100al.com"
    Wed 28 May 2003 13,360 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Laneed LD-CDF Packet\Ldcdt.com"
    Wed 28 May 2003 9,190 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Laneed LD-PCI2TL Packet\Ldpcil.com"
    Wed 28 May 2003 12,567 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Melco LPC2-T\Lpchkat2.com"
    Wed 28 May 2003 44,640 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Planex FW-100TX Fast Ethernet Packet\FETPKT.COM"
    Wed 28 May 2003 56,896 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Planex FW-100TX Fast Ethernet Packet\Rtspkt.com"
    Wed 28 May 2003 44,640 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Planex FNW9x00T - ENW8300T Packet\fetpkt.com"
    Wed 28 May 2003 9,692 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\PXE Packet Driver\Undipd.com"
    Wed 28 May 2003 9,537 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\SN 2000p Packet\PNPPD.COM"
    Wed 28 May 2003 32,484 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\WaveLAN Packet\Wvlan42.com"
    Wed 28 May 2003 52,225 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom Ethernet 10-100 + Modem\Cbendis.exe"
    Wed 28 May 2003 48,491 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom RE10BT\Ce3ndis.exe"
    Wed 28 May 2003 50,405 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom RE10 - RE100 Packet\Ce3pd.com"
    Wed 28 May 2003 33,860 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom PE3-10Bx\Pe3ndis.exe"
    Wed 28 May 2003 50,175 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom Re-100Btx + Ce3B-100Btx\Ce3ndis.exe"
    Wed 28 May 2003 50,795 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom CBE10-100BTX\Cbendis.exe"
    Wed 28 May 2003 48,223 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom CBE10-100BTX Packet\Cbepd.com"
    Wed 28 May 2003 48,641 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom Ethernet II PS\Xpsndis.exe"
    Wed 28 May 2003 49,015 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom Ethernet II PS Packet\Xpspd.com"
    Wed 28 May 2003 53,786 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\pcdos\command.com"
    Wed 28 May 2003 44,240 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\pcdos\IBMBIO.COM"
    Wed 28 May 2003 42,550 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\pcdos\IBMDOS.COM"

    Finished!

  2. #12
    Junior Member
    Join Date
    Feb 2008
    Location
    Paris
    Posts
    9

    Default Here are all the logs (fourth part).

    4/ The HijackThis report :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 04:40:55, on 01/03/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
    C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\WINDOWS\system32\DVDRAMSV.exe
    C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Spyware Doctor\pctsAuxs.exe
    C:\Program Files\Spyware Doctor\pctsSvc.exe
    C:\Program Files\Spyware Doctor\pctsTray.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Program Files\TOSHIBA\PadTouch\PadExe.exe
    C:\Program Files\ltmoh\Ltmoh.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
    C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Program Files\EzButton\EzButton.EXE
    C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
    C:\WINDOWS\System32\ZoomingHook.exe
    C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
    C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    C:\WINDOWS\system32\LVComS.exe
    C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Le Petit Robert\prhyper.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\WINDOWS\system32\RAMASST.exe
    C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll
    O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [PadTouch] "C:\Program Files\TOSHIBA\PadTouch\PadExe.exe
    O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
    O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
    O4 - HKLM\..\Run: [EzButton] C:\Program Files\EzButton\EzButton.EXE
    O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
    O4 - HKLM\..\Run: [ZoomingHook] c:\WINDOWS\System32\ZoomingHook.exe
    O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
    O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [Watch] C:\PROGRA~1\minitel\Watch.exe
    O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
    O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Le Petit Robert Hyperappel] C:\Program Files\Le Petit Robert\prhyper.exe
    O4 - HKCU\..\Run: [iLike] C:\Program Files\iLike\1.1.27\ilikesidebar.exe /checkforupdate
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
    O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
    O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
    O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/reso...scbase8460.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/.../installer.exe
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: cmdrun - C:\WINDOWS\system\cmdrun.dll
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe
    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
    O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
    O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
    O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
    O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Yann/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg

    --
    End of file - 17593 bytes


    I had to send you 4 posts (from First part to Fourth part) in order to complete all the tasks you asked me to do.

    I hope these reports will help you.

    I did exactly all what you asked me to do.

    Best regards,
    Yann

  3. #13
    In Memoriam -Always in our heart pskelley's Avatar
    Join Date
    Oct 2005
    Location
    Clearwater, Florida
    Posts
    20,247

    Default

    Thanks for returning your information, looks like that file is clean, I don't understand the French, could you tell me what those results say at Virustotal.

    Do you know what that item is? Would you navigate to it and open the file then right click and choose properties. Post any information you see that might help know who the file belong to.
    O20 - Winlogon Notify: cmdrun - C:\WINDOWS\system\cmdrun.dll


    Looks like SDFix killed the IRCBot for us!

    1) How to make files and folders visible:
    Click Start > Open My Computer.
    Select the Tools menu and click Folder Options.
    Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
    Uncheck: Hide file extensions for known file types
    Uncheck the Hide protected operating system files (recommended) option.
    Click Yes to confirm. Click OK.
    You may reverse this for safety when we are finished.

    2) Please download ATF Cleaner by Atribune
    http://www.atribune.org/content/view/25/2/
    Save it to your Desktop. We will use this later.

    This link has been down, you may download ATF-Cleaner here: http://www.scanwith.com/download/ATF_Cleaner.htm

    3) Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    (if you know this next file, you may leave it)
    O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Yann/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg

    Close all programs but HJT and all browser windows, then click on "Fix Checked"

    4) Right click Start > Explore and navigate to these files/folders and delete them if there.

    (even though ATF-Cleaner will clean these folder, I wish to be positive the files in red are deleted)

    C:\Documents and Settings\Yann\Local Settings\Temp\05.exe

    C:\Documents and Settings\Yann\Local Settings\Temp\78.exe

    C:\Documents and Settings\Yann\Local Settings\Temporary Internet Files\Content.IE5\HKRC0CUQ\serv1-4[1].exe

    5) Run ATF Cleaner
    Double-click ATF-Cleaner.exe to run the program.
    Click Select All found at the bottom of the list.
    Click the Empty Selected button.
    Click Exit on the Main menu to close the program.

    Post a new HJT log and let me know how the computer is running now.

    Thanks
    MS-MVP Consumer Security 2007-08-09
    Proud Member ASAP
    UNITE Member 2006

  4. #14
    Junior Member
    Join Date
    Feb 2008
    Location
    Paris
    Posts
    9

    Default Here are all the new logs.

    Hi

    1/ For cmdrun.dll Jotti : OK

    File: cmdrun.dll
    Status: OK
    MD5: c2d832299475baff56527fd16dc8d69c
    Packers detected: -
    Bit9 reports: No threat detected

    Scan taken on 01 Mar 2008 18:01:32
    A-Squared Found nothing
    AntiVir Found nothing
    ArcaVir Found nothing
    Avast Found nothing
    AVG Antivirus Found nothing
    BitDefender Found nothing
    ClamAV Found nothing
    CPsecure Found nothing
    Dr.Web Found nothing
    F-Prot Antivirus Found nothing
    F-Secure Anti-Virus Found nothing
    Fortinet Found nothing
    Ikarus Found nothing
    Kaspersky Anti-Virus Found nothing
    NOD32 Found nothing
    Norman Virus Control Found nothing
    Panda Antivirus Found nothing
    Rising Antivirus Found nothing
    Sophos Antivirus Found nothing
    VirusBuster Found nothing
    VBA32 Found nothing


    2/ For cmdrun.dll VirusTotal : OK
    In French : no problem

    Fichier cmdrun.dll reçu le 2008.03.01 18:59:33Antivirus Version Résultat
    AhnLab-V3 2008.2.29.1 2008.02.29 -
    AntiVir 7.6.0.73 2008.02.29 -
    Authentium 4.93.8 2008.03.01 -
    Avast 4.7.1098.0 2008.03.01 -
    AVG 7.5.0.516 2008.02.29 -
    BitDefender 7.2 2008.03.01 -
    CAT-QuickHeal 9.50 2008.03.01 -
    ClamAV 0.92.1 2008.03.01 -
    DrWeb 4.44.0.09170 2008.03.01 -
    eSafe 7.0.15.0 2008.02.28 -
    eTrust-Vet 31.3.5574 2008.02.29 -
    Ewido 4.0 2008.03.01 -
    FileAdvisor 1 2008.03.01 -
    Fortinet 3.14.0.0 2008.03.01 -
    F-Prot 4.4.2.54 2008.02.29 -
    F-Secure 6.70.13260.0 2008.03.01 -
    Ikarus T3.1.1.20 2008.03.01 -
    Kaspersky 7.0.0.125 2008.03.01 -
    McAfee 5242 2008.02.29 -
    Microsoft 1.3301 2008.03.01 -
    NOD32v2 2913 2008.03.01 -
    Norman 5.80.02 2008.02.29 -
    Panda 9.0.0.4 2008.03.01 -
    Prevx1 V2 2008.03.01 -
    Rising 20.33.52.00 2008.03.01 -
    Sophos 4.27.0 2008.03.01 -
    Sunbelt 3.0.906.0 2008.02.28 -
    Symantec 10 2008.03.01 -
    TheHacker 6.2.9.229 2008.02.25 -
    VBA32 3.12.6.2 2008.02.27 -
    VirusBuster 4.3.26:9 2008.02.29 -
    Webwasher-Gateway 6.6.2 2008.03.01 -

    Information additionnelle
    File size: 22213 bytes
    MD5: c2d832299475baff56527fd16dc8d69c
    SHA1: d26d9a24625e4559538a9a92a60171d9c762d475
    PEiD: -


    3/ With HJT the three lines are fixed
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Yann/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg


    4/ ATF cleaner run


    5/ New HijackThis report

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:31:12, on 01/03/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
    C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\WINDOWS\system32\DVDRAMSV.exe
    C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Spyware Doctor\pctsAuxs.exe
    C:\Program Files\Spyware Doctor\pctsSvc.exe
    C:\Program Files\Spyware Doctor\pctsTray.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Program Files\TOSHIBA\PadTouch\PadExe.exe
    C:\Program Files\ltmoh\Ltmoh.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
    C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
    C:\Program Files\EzButton\EzButton.EXE
    C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
    C:\WINDOWS\System32\ZoomingHook.exe
    C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
    C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
    C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    C:\WINDOWS\system32\LVComS.exe
    C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Le Petit Robert\prhyper.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\WINDOWS\system32\RAMASST.exe
    C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
    C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll
    O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [PadTouch] "C:\Program Files\TOSHIBA\PadTouch\PadExe.exe
    O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
    O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
    O4 - HKLM\..\Run: [EzButton] C:\Program Files\EzButton\EzButton.EXE
    O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
    O4 - HKLM\..\Run: [ZoomingHook] c:\WINDOWS\System32\ZoomingHook.exe
    O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
    O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [Watch] C:\PROGRA~1\minitel\Watch.exe
    O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
    O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Le Petit Robert Hyperappel] C:\Program Files\Le Petit Robert\prhyper.exe
    O4 - HKCU\..\Run: [iLike] C:\Program Files\iLike\1.1.27\ilikesidebar.exe /checkforupdate
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
    O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
    O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
    O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/reso...scbase8460.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/.../installer.exe
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: cmdrun - C:\WINDOWS\system\cmdrun.dll
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe
    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
    O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
    O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
    O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe

    End of file - 17434 bytes

    I'm going to work with computer to answer your last question

    Best regards
    Yann

  5. #15
    In Memoriam -Always in our heart pskelley's Avatar
    Join Date
    Oct 2005
    Location
    Clearwater, Florida
    Posts
    20,247

    Default

    Thanks for returning your HJT log, see this:
    http://forums.spybot.info/showpost.p...80&postcount=2
    C:\Program Files\Java\j2re1.4.2_05\ <<< your Java program is BADLY outdated. Download the newest version and uninstall all old versions in Add Remove programs.

    You have infected System Restore files, follow the directions in this link to clean those:
    http://www.microsoft.com/windowsxp/u...s/mcgill1.mspx
    C:\System Volume Information\_restore{3B0B07F2-42FE-4807-B606-4B97DC04CDF5}\RP323\A0051591.DLL ------> AdWare.Win32.MyWay.c skipped
    C:\System Volume Information\_restore{3B0B07F2-42FE-4807-B606-4B97DC04CDF5}\RP327\A0053071.exe ------> Trojan-Proxy.Win32.Agent.zm

    Run a last Kaspersky online scan to make sure you are clean, no need to post a clean scan.

    Some good information for you:
    http://users.telenet.be/bluepatchy/m...wcomputer.html
    http://www.microsoft.com/windowsxp/u...s/mcgill1.mspx

    Here is some great information from experts in this field that will help you stay clean and safe online.
    http://users.telenet.be/bluepatchy/m...revention.html
    http://forums.spybot.info/showthread.php?t=279
    http://russelltexas.com/malware/allclear.htm
    http://forum.malwareremoval.com/viewtopic.php?t=14
    http://www.bleepingcomputer.com/forums/topict2520.html
    http://cybercoyote.org/security/not-admin.shtml

    http://www.malwarecomplaints.info/

    Thanks...pskelley
    Safer Networking Forums
    http://www.spybot.info/en/donate/index.html
    If you are reading this information...thank a teacher,
    If you are reading it in English...thank a soldier.
    MS-MVP Consumer Security 2007-08-09
    Proud Member ASAP
    UNITE Member 2006

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •