Page 1 of 2 12 LastLast
Results 1 to 10 of 17
  1. #1
    Member
    Join Date
    Mar 2011
    Posts
    10
    Points
    0

    Default suspicious files

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 15:05:33, on 02/03/2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.17095)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Tablet\Pen\Pen_TouchService.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
    C:\WINDOWS\System32\bcmwltry.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\Program Files\Streamzap\Remote\zremote.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe
    C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe
    C:\WINDOWS\system32\KADxMain.exe
    C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\WINDOWS\system32\WLTRAY.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
    C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
    C:\Program Files\Trend Micro\Web Protection Add-On\TMWebProtectTray.exe
    C:\Program Files\PCTuto\pctuto.exe
    C:\Program Files\Apoint\ApMsgFwd.exe
    C:\Documents and Settings\admin\Application Data\PCtuto\UpdatePCTuto\autoupdater.exe
    C:\Program Files\Apoint\HidFind.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\Program Files\Bamboo Dock\BambooCore.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\Program Files\Dell Support\DSAgnt.exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\Program Files\Boots F2CD\Picture Suite\InsDetect.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\PROGRA~1\MICROS~2\rapimgr.exe
    C:\Program Files\Bamboo Dock\Bamboo Dock\Bamboo Dock.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
    C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Wave Systems Corp\Common\DataServer.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdiserv.exe
    C:\WINDOWS\system32\lxdicoms.exe
    C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Tablet\Pen\Pen_Tablet.exe
    C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
    C:\Program Files\Trend Micro\Web Protection Add-On\TmProxy.exe
    C:\Program Files\Trend Micro\Web Protection Add-On\TMWebProtect.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    C:\WINDOWS\system32\fxssvc.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Page initiale personnalisée
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Page initiale personnalisée
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = Page de recherche Dell
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = Page initiale personnalisée
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.155.1:3128
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Tom's Guide France Toolbar - {a65e491f-a436-4952-b49a-b24ed99a0f67} - C:\Program Files\Tom's_Guide_France\tbTom'.dll
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
    O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Tom's Guide France Toolbar - {a65e491f-a436-4952-b49a-b24ed99a0f67} - C:\Program Files\Tom's_Guide_France\tbTom'.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
    O3 - Toolbar: Tom's Guide France Toolbar - {a65e491f-a436-4952-b49a-b24ed99a0f67} - C:\Program Files\Tom's_Guide_France\tbTom'.dll
    O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
    O4 - HKLM\..\Run: [StreamZap Remote] C:\Program Files\Streamzap\Remote\zremote.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
    O4 - HKLM\..\Run: [lxdimon.exe] "C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe"
    O4 - HKLM\..\Run: [lxdiamon] "C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe"
    O4 - HKLM\..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe
    O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
    O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\\Lexmark Fax Solutions\fm3032.exe" /s
    O4 - HKLM\..\Run: [Document Manager] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
    O4 - HKLM\..\Run: [TMWebProtectTray] "C:\Program Files\Trend Micro\Web Protection Add-On\TMWebProtectTray.exe"
    O4 - HKLM\..\Run: [PCTuto] "C:\Program Files\PCTuto\pctuto.exe"
    O4 - HKLM\..\Run: [autoupdater] C:\Documents and Settings\admin\Application Data\PCtuto\UpdatePCTuto\autoupdater.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [BambooCore] C:\Program Files\Bamboo Dock\BambooCore.exe
    O4 - HKLM\..\Run: [BambooScribeAutoStart.vbe] "C:\Program Files\Vision Objects\Bamboo Scribe\BambooScribeAutoStart.vbe"
    O4 - HKLM\..\Run: [cspep.exe] C:\Program Files\cspep\cspep.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKCU\..\Run: [Boots Insert Detect] C:\Program Files\Boots F2CD\Picture Suite\InsDetect.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
    O4 - HKCU\..\Run: [Bamboo Dock] "C:\Program Files\Bamboo Dock\Bamboo Dock\Bamboo Dock.exe"
    O4 - HKCU\..\Run: [BambooScribe.exe] "C:\Program Files\Vision Objects\Bamboo Scribe\BambooScribe.exe" /i
    O4 - HKCU\..\Run: [Registry Reviver] C:\Program Files\Reviversoft\Registry Reviver\RegistryReviver.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Outil de détection de support PMB.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
    O4 - Global Startup: Bluetooth Manager.lnk = ?
    O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
    O4 - Global Startup: EMBASSY Trust Suite Secure Update.lnk = C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1208879832109
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1208879975593
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
    O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: DataSvr2 - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Common\DataServer.exe
    O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
    O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
    O23 - Service: Fax - Unknown owner - C:\WINDOWS\system32\fxssvc.exe
    O23 - Service: Service Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
    O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: KL Deployment Wrapperc842df31-1b3e-45fa-97e8-a20b8d873ffa - Unknown owner - D:\INSTAL~B\WORKS~18\setup1.exe (file missing)
    O23 - Service: lxdiCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdiserv.exe
    O23 - Service: lxdi_device - - C:\WINDOWS\system32\lxdicoms.exe
    O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
    O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
    O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
    O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
    O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
    O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Program Files\Tablet\Pen\Pen_Tablet.exe
    O23 - Service: NTRU Hybrid TSS v2.0.25 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
    O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Web Protection Add-On\TmProxy.exe
    O23 - Service: Trend Micro Web Protection Add-On Service (TMWebProtect) - Trend Micro Inc. - C:\Program Files\Trend Micro\Web Protection Add-On\TMWebProtect.exe
    O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    O23 - Service: Wacom Consumer Touch Service (TouchServicePen) - Wacom Technology, Corp. - C:\Program Files\Tablet\Pen\Pen_TouchService.exe
    O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
    O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
    O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe

    --
    End of file - 17139 bytes

    SUPERAntiSpyware Scan Log
    SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

    Generated 03/02/2011 at 03:30 AM

    Application Version : 4.49.1000

    Core Rules Database Version : 6511
    Trace Rules Database Version: 4323

    Scan type : Complete Scan
    Total Scan Time : 01:01:11

    Memory items scanned : 919
    Memory threats detected : 0
    Registry items scanned : 7854
    Registry threats detected : 0
    File items scanned : 30980
    File threats detected : 2

    Trojan.Agent/Gen-Alient
    C:\PROGRAM FILES\SATSUKI DECODER PACK\CPL\SDPCPL.EXE
    C:\DOCUMENTS AND SETTINGS\ADMIN\MENU DéMARRER\PROGRAMMES\SATSUKI DECODER PACK\CONFIGURATION.LNK

    Malwarebytes' Anti-Malware 1.50.1.1100
    Malwarebytes

    Version de la base de données: 5925

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 7.0.5730.13

    02/03/2011 11:14:28
    mbam-log-2011-03-02 (11-14-11).txt

    Type d'examen: Examen complet (C:\|)
    Elément(s) analysé(s): 258950
    Temps écoulé: 2 heure(s), 26 minute(s), 32 seconde(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 7
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 4

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_CLASSES_ROOT\CLSID\{293A63F7-C3B6-423a-9845-901AC0A7EE6E} (Trojan.Eorezo) -> No action taken.
    HKEY_CLASSES_ROOT\TypeLib\{0BF73E27-2734-4F7B-925A-4BBB1457F5FA} (Trojan.Eorezo) -> No action taken.
    HKEY_CLASSES_ROOT\Interface\{E2ED56B6-35FC-4484-9530-EC87FB458E78} (Trojan.Eorezo) -> No action taken.
    HKEY_CLASSES_ROOT\PCTutoBHO.PCTBHO.1 (Trojan.Eorezo) -> No action taken.
    HKEY_CLASSES_ROOT\PCTutoBHO.PCTBHO (Trojan.Eorezo) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{293A63F7-C3B6-423A-9845-901AC0A7EE6E} (Trojan.Eorezo) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{293A63F7-C3B6-423A-9845-901AC0A7EE6E} (Trojan.Eorezo) -> No action taken.

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    c:\program files\PCTuto\pctutobho.dll (Trojan.Eorezo) -> No action taken.
    c:\documents and settings\admin\application data\PCtuto\updatepctuto\updatepctuto.exe (Rogue.Eorezo) -> No action taken.
    c:\documents and settings\admin\mes documents\téléchargements\pctuto_353.exe (Trojan.StartPage) -> No action taken.
    c:\program files\lame_enc.dll (Spyware.OnlineGames) -> No action taken.

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 15:05:33, on 02/03/2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.17095)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Tablet\Pen\Pen_TouchService.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
    C:\WINDOWS\System32\bcmwltry.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\Program Files\Streamzap\Remote\zremote.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe
    C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe
    C:\WINDOWS\system32\KADxMain.exe
    C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\WINDOWS\system32\WLTRAY.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
    C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
    C:\Program Files\Trend Micro\Web Protection Add-On\TMWebProtectTray.exe
    C:\Program Files\PCTuto\pctuto.exe
    C:\Program Files\Apoint\ApMsgFwd.exe
    C:\Documents and Settings\admin\Application Data\PCtuto\UpdatePCTuto\autoupdater.exe
    C:\Program Files\Apoint\HidFind.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\Program Files\Bamboo Dock\BambooCore.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\Program Files\Dell Support\DSAgnt.exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\Program Files\Boots F2CD\Picture Suite\InsDetect.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\PROGRA~1\MICROS~2\rapimgr.exe
    C:\Program Files\Bamboo Dock\Bamboo Dock\Bamboo Dock.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
    C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Wave Systems Corp\Common\DataServer.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdiserv.exe
    C:\WINDOWS\system32\lxdicoms.exe
    C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Tablet\Pen\Pen_Tablet.exe
    C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
    C:\Program Files\Trend Micro\Web Protection Add-On\TmProxy.exe
    C:\Program Files\Trend Micro\Web Protection Add-On\TMWebProtect.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    C:\WINDOWS\system32\fxssvc.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Page initiale personnalisée
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Page initiale personnalisée
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = Page de recherche Dell
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = Page initiale personnalisée
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.155.1:3128
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Tom's Guide France Toolbar - {a65e491f-a436-4952-b49a-b24ed99a0f67} - C:\Program Files\Tom's_Guide_France\tbTom'.dll
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
    O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Tom's Guide France Toolbar - {a65e491f-a436-4952-b49a-b24ed99a0f67} - C:\Program Files\Tom's_Guide_France\tbTom'.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
    O3 - Toolbar: Tom's Guide France Toolbar - {a65e491f-a436-4952-b49a-b24ed99a0f67} - C:\Program Files\Tom's_Guide_France\tbTom'.dll
    O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
    O4 - HKLM\..\Run: [StreamZap Remote] C:\Program Files\Streamzap\Remote\zremote.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
    O4 - HKLM\..\Run: [lxdimon.exe] "C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe"
    O4 - HKLM\..\Run: [lxdiamon] "C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe"
    O4 - HKLM\..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe
    O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
    O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\\Lexmark Fax Solutions\fm3032.exe" /s
    O4 - HKLM\..\Run: [Document Manager] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
    O4 - HKLM\..\Run: [TMWebProtectTray] "C:\Program Files\Trend Micro\Web Protection Add-On\TMWebProtectTray.exe"
    O4 - HKLM\..\Run: [PCTuto] "C:\Program Files\PCTuto\pctuto.exe"
    O4 - HKLM\..\Run: [autoupdater] C:\Documents and Settings\admin\Application Data\PCtuto\UpdatePCTuto\autoupdater.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [BambooCore] C:\Program Files\Bamboo Dock\BambooCore.exe
    O4 - HKLM\..\Run: [BambooScribeAutoStart.vbe] "C:\Program Files\Vision Objects\Bamboo Scribe\BambooScribeAutoStart.vbe"
    O4 - HKLM\..\Run: [cspep.exe] C:\Program Files\cspep\cspep.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKCU\..\Run: [Boots Insert Detect] C:\Program Files\Boots F2CD\Picture Suite\InsDetect.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
    O4 - HKCU\..\Run: [Bamboo Dock] "C:\Program Files\Bamboo Dock\Bamboo Dock\Bamboo Dock.exe"
    O4 - HKCU\..\Run: [BambooScribe.exe] "C:\Program Files\Vision Objects\Bamboo Scribe\BambooScribe.exe" /i
    O4 - HKCU\..\Run: [Registry Reviver] C:\Program Files\Reviversoft\Registry Reviver\RegistryReviver.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Outil de détection de support PMB.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
    O4 - Global Startup: Bluetooth Manager.lnk = ?
    O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
    O4 - Global Startup: EMBASSY Trust Suite Secure Update.lnk = C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1208879832109
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1208879975593
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
    O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: DataSvr2 - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Common\DataServer.exe
    O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
    O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
    O23 - Service: Fax - Unknown owner - C:\WINDOWS\system32\fxssvc.exe
    O23 - Service: Service Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
    O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: KL Deployment Wrapperc842df31-1b3e-45fa-97e8-a20b8d873ffa - Unknown owner - D:\INSTAL~B\WORKS~18\setup1.exe (file missing)
    O23 - Service: lxdiCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdiserv.exe
    O23 - Service: lxdi_device - - C:\WINDOWS\system32\lxdicoms.exe
    O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
    O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
    O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
    O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
    O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
    O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Program Files\Tablet\Pen\Pen_Tablet.exe
    O23 - Service: NTRU Hybrid TSS v2.0.25 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
    O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Web Protection Add-On\TmProxy.exe
    O23 - Service: Trend Micro Web Protection Add-On Service (TMWebProtect) - Trend Micro Inc. - C:\Program Files\Trend Micro\Web Protection Add-On\TMWebProtect.exe
    O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    O23 - Service: Wacom Consumer Touch Service (TouchServicePen) - Wacom Technology, Corp. - C:\Program Files\Tablet\Pen\Pen_TouchService.exe
    O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
    O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
    O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe

    --
    End of file - 17139 bytes
    Last edited by Net_Surfer; 03-02-2011 at 02:50 PM. Reason: same thread.

  2. #2
    Member Net_Surfer's Avatar
    Join Date
    May 2008
    Location
    Paradise Ca.
    Posts
    1,179
    Points
    89
    Blog Entries
    4

    Default

    Hello everaym and Welcome to the Help2Go Spyware Help Forum

    Sorry for the delay!!
    .


    My nick is Net_Surfer and I will be helping you with your malware issues, this may or may not solve other issues you may have with your machine.

    Please note that whatever repairs we make, are for fixing "your computer problems only" and by no means should be used on another computer.

    I would also like to inform you that most of us here at Help2Go support forums offer our expert assistance out of the goodness of our hearts. Please be courteous and appreciative for the assistance provided!


    Please be patient and I'd be grateful if you would note the following:

    The cleaning process is not instant. Combofix, OTL and hijackthis logs can take some time to research, I use Google as resource to research what the problem is just to understand some of the infections that are infecting the computer and understand where I need to focus more on to ensure that the member get the best and honest service.

    so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.


    1. Please Read All Instructions Carefully and perform the steps fully and in the order they are written.
    2. If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
    3. Do not attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process. Never will there be an all in one solution for repairing an infected computer. You must have a great arsenal of utilities that can take care of what another program may miss or isn't as specialized as another.
    4. In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.
    5. Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.
    6. Please continue to review my answers until I tell you that your machine is clean and free of malware. (Absence of symptoms does not mean that everything is clear.
    Just because you can't see a problem doesn't mean it isn't there.

    If you can do these things, everything should go smoothly!

    ~~~~~~~~~~~~~~~~~
    Disable Spybot's TeaTimer

    While TeaTimer is an excellent tool for the prevention of spyware, it can also interfere with HijackThis fixes. Please disable TeaTimer for now until we are done.

    1. Right click Spybot in the System Tray (looks like a calendar with a padlock symbol). Choose Exit Spybot S&D Resident
    2. Run Spybot S&D
    3. Go to the Mode menu, and make sure Advanced Mode is selected.
    4. On the left hand side, choose Tools > Resident
    uncheck Resident TeaTimer and OK any prompt and Restart your computer.

    Note: If TeaTimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.

    If TeaTimer will not turn off then uninstall Spybot until we are done cleaning.
    ~~~~~~~~~~~~~~~~~~~~


    OK..If you have a Vista or Win7 computer ensure that you right click on the tools and run them as an Admin. IF XP double click on the program to run them.

    Before we begin, you should save these instructions in Notepad to your Desktop, or print them, for easy reference and to make sure you don't get lost.
    Make sure to work through the fixes in the exact order in which they are mentioned below and do not miss any steps out. If at any point you have questions, or are unsure of the instructions, do not hesitate to post here and ask for clarification before proceeding with the fixes.

    Please carefully follow the next set of steps:


    Launch Hijackthis.
    • Click on the Do a system scan only button.
    • checkmark the following entries: (*If they still there.)

      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.155.1:3128


    Then close all other windows and browsers except HijackThis and press fix checked.

    Exit/Close the Hijackthis program.

    Next....



    If you can not download and run the following tools, then I would like for you to try another approach:

    If you have the use of another computer please either use a Flash Drive or a CD to download the following and transfer them for use on the infected machine.
    Be sure you put them on the desktop of the infected computer.


    Step 1.

    * exeHelper by Raktor.

    Please download: exeHelper to your desktop.
    Double-click on exeHelper.com to run the fix.
    A black window should pop up, press any key to close once the fix is completed.
    Post the contents of exehelperlog.txt (Will be created in the directory where you ran exeHelper.com, and should open at the end of the scan)
    Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

    Step 2.

    Code:
    Clé(s) du Registre infectée(s): 7
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 4
    
    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)
    
    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)
    
    Clé(s) du Registre infectée(s):
    HKEY_CLASSES_ROOT\CLSID\{293A63F7-C3B6-423a-9845-901AC0A7EE6E} (Trojan.Eorezo) -> No action taken.
    HKEY_CLASSES_ROOT\TypeLib\{0BF73E27-2734-4F7B-925A-4BBB1457F5FA} (Trojan.Eorezo) -> No action taken.
    HKEY_CLASSES_ROOT\Interface\{E2ED56B6-35FC-4484-9530-EC87FB458E78} (Trojan.Eorezo) -> No action taken.
    HKEY_CLASSES_ROOT\PCTutoBHO.PCTBHO.1 (Trojan.Eorezo) -> No action taken.
    HKEY_CLASSES_ROOT\PCTutoBHO.PCTBHO (Trojan.Eorezo) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{293A63F7-C3B6-423A-9845-901AC0A7EE6E} (Trojan.Eorezo) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{293A63F7-C3B6-423A-9845-901AC0A7EE6E} (Trojan.Eorezo) -> No action taken.
    
    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)
    
    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)
    
    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)
    
    Fichier(s) infecté(s):
    c:\program files\PCTuto\pctutobho.dll (Trojan.Eorezo) -> No action taken.
    c:\documents and settings\admin\application data\PCtuto\updatepctuto\updatepctuto.exe (Rogue.Eorezo) -> No action taken.
    c:\documents and settings\admin\mes documents\téléchargements\pctuto_353.exe (Trojan.StartPage) -> No action taken.
    c:\program files\lame_enc.dll (Spyware.OnlineGames) -> No action taken.
    Your report log of malwarebytes shows that not action was taken!

    There is no sense in running it if you are going to ignore everything it found.

    This usually occurs if you forget to click "Remove Selected" and instead only clicked "Save Logfile.

    We should Re-run MBAM like this:

    Let's get your MalwareBytes AntiMalware updated and run a final scan:

    Please update MBAM and run another scan:
    Start MBAM
    Click on the Update tab



    click Check for Updates



    If it says that MBAM needs to close to update it... let it close and then restart.
    Then click the Scan button.

    Don't forget:
    • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
    • Click OK to close the message box and continue with the removal process.
    • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
    • Make sure that everything is checked, and click Remove Selected.
    • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
    • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
    • Copy and paste the contents of that report in your next reply and exit MBAM.
    Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
    Post the report that comes up after the scan.


    Step 3.

    * Please visit this webpage for instructions for downloading and running ComboFix if you have problems running it:

    Please download ComboFix from one of the following mirrors, and save it to your desktop.
    Warning: This tool is not a toy and not for everyday use!.
    Link 1
    Link 2
    Link 3
    • Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix..This because Security Software may see some components ComboFix uses as suspicious and blocks the tool, or even deletes it. Please visit HERE if you don't know how.
    • Please insert all usb-drives before running Combofix
    • Close any open browsers.
    • Double click on your desktop.
      If using Vista/Win7, right-click and Run as Administrator...
    • Read and accept (Press Yes) to the disclaimer. *If using Windows XP... Please allow Combofix tool to download and install the Microsoft Recovery Console.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.
      Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.
      **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
    • *Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

      Post the log from ComboFix in your next reply.


    *EXTRA NOTES*

    * If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
    * If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
    * If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

    Summary of the logs I will need in your next reply:
    • ExeHelper log.
    • The ComboFix log.
    • MBAM log.

    How are things your end ?


    Upon completing the above steps I will review your logs again and take the steps necessary with you to get your machine back in working order clean and free of malware.

    Again, Please DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean and free of malware!!!

    The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day then I will close the topic.

    Kind regards
    Net_Surfer
    Last edited by Net_Surfer; 03-02-2011 at 03:19 PM.
    Our help here is always free but it does cost money to keep the site running. If you feel we've helped you kindly, Click here: >> Please Donate to the Forum <<


    "Obstacles are what you see when yo take your eyes off your Goals"

    Net_Surfer is a Graduate of BleepingComputer Malware Removal Training ProgramYou too could train to help others!.

  3. #3
    Member
    Join Date
    Mar 2011
    Posts
    10
    Points
    0

    Default

    Hello Net_Surfer and thank you for your help.

    Here is the exehelperlog

    exeHelper by Raktor
    Build 20100414
    Run at 00:30:06 on 03/04/11
    Now searching...
    Checking for numerical processes...
    Checking for sysguard processes...
    Checking for bad processes...
    Checking for bad files...
    Checking for bad registry entries...
    Resetting filetype association for .exe
    Resetting filetype association for .com
    Resetting userinit and shell values...
    Resetting policies...
    --Finished--


    I hope it is allright. Now, I am going to start the step 2.

    Kind regards
    Everaym

  4. #4
    Member
    Join Date
    Mar 2011
    Posts
    10
    Points
    0

    Default

    hello Net_Surfer
    This is the mbam-log

    Malwarebytes' Anti-Malware 1.50.1.1100
    Malwarebytes

    Version de la base de données: 5947

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 7.0.5730.13

    04/03/2011 02:35:28
    mbam-log-2011-03-04 (02-35-28).txt

    Type d'examen: Examen complet (C:\|)
    Elément(s) analysé(s): 260640
    Temps écoulé: 1 heure(s), 43 minute(s), 20 seconde(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 0
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 0

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Now I go to the next step.
    Thank you again for your help
    Best regards
    Everaym

  5. #5
    Member
    Join Date
    Mar 2011
    Posts
    10
    Points
    0

    Default

    Hello Net_Surfer
    I think I have made a mistake because I didn't have the report for ComboFix. A Avast window appeared that I shut and i think I shouldn't have done it. And after I had a blue screen with a message asking for a reboot. so now I don't know what to do. I hope I haven't done somthing too bad.

    Best regards
    Everaym

  6. #6
    Member Net_Surfer's Avatar
    Join Date
    May 2008
    Location
    Paradise Ca.
    Posts
    1,179
    Points
    89
    Blog Entries
    4

    Default

    Hi

    Reboot your computer and ensure that you disable your antivirus and run combofix again...Combofix may ask you that needs to be updated...Allow it to update!
    Our help here is always free but it does cost money to keep the site running. If you feel we've helped you kindly, Click here: >> Please Donate to the Forum <<


    "Obstacles are what you see when yo take your eyes off your Goals"

    Net_Surfer is a Graduate of BleepingComputer Malware Removal Training ProgramYou too could train to help others!.

  7. #7
    Member
    Join Date
    Mar 2011
    Posts
    10
    Points
    0

    Default

    Hello
    This is the ComboFix log :

    ComboFix 11-03-05.01 - admin 06/03/2011 0:37.2.1 - x86
    Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1918.1222 [GMT 1:00]
    Lancé depuis: c:\documents and settings\admin\Bureau\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    * Un nouveau point de restauration a été créé
    .
    .
    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    ---- Exécution préalable -------
    .
    C:\Acr65F0.tmp
    c:\documents and settings\admin\Application Data\OfferBox\config.dat
    c:\documents and settings\admin\Application Data\OfferBox\config.xml
    c:\program files\Bamboo Dock\Bamboo Dock\Bamboo Dock.exe
    .
    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2011-02-05 au 2011-03-05 ))))))))))))))))))))))))))))))))))))
    .
    .
    2011-03-02 10:47 . 2011-02-23 14:56 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-03-02 02:52 . 2011-03-02 02:52 -------- d-----w- c:\documents and settings\admin\Application Data\Malwarebytes
    2011-03-02 02:52 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-03-02 02:52 . 2011-03-02 02:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2011-03-02 02:52 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-03-02 02:52 . 2011-03-02 15:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-03-02 02:49 . 2011-03-02 02:49 7734208 ----a-w- c:\program files\mbam-setup-1.50.1.1100.exe
    2011-03-02 01:22 . 2011-03-02 01:22 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
    2011-03-02 01:22 . 2011-03-02 01:22 -------- d-----w- c:\documents and settings\admin\Application Data\SUPERAntiSpyware.com
    2011-03-02 01:22 . 2011-03-02 01:23 -------- d-----w- c:\program files\SUPERAntiSpyware
    2011-03-02 00:36 . 2011-03-02 00:36 3033192 ----a-w- c:\program files\ccsetup304.exe
    2011-03-01 17:45 . 2011-03-01 17:45 388096 ----a-r- c:\documents and settings\admin\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-03-01 17:42 . 2011-03-01 17:42 1402880 ----a-w- c:\program files\HijackThis.msi
    2011-02-24 21:26 . 2011-02-24 21:27 -------- d-----w- c:\program files\eRightSoft
    2011-02-24 20:43 . 2011-02-24 20:43 -------- d-----w- c:\documents and settings\admin\Application Data\Reviversoft
    2011-02-24 20:42 . 2010-12-13 12:24 11264 ----a-w- c:\windows\system32\roboot.exe
    2011-02-24 20:34 . 2011-02-24 20:42 -------- d-----w- c:\documents and settings\admin\Local Settings\Application Data\OpenCandy
    2011-02-24 20:34 . 2011-02-24 20:34 -------- d-----w- c:\documents and settings\admin\Application Data\OpenCandy
    2011-02-15 13:35 . 2011-02-15 13:35 -------- d-----w- c:\program files\iPod
    2011-02-15 13:25 . 2011-02-15 13:25 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Tom's_Guide_France
    2011-02-07 19:18 . 2011-02-10 18:49 -------- d-----w- c:\program files\GeoGebra
    2011-02-07 19:16 . 2011-02-07 19:20 -------- d--h--w- c:\program files\Zero G Registry
    2011-02-07 19:16 . 2011-02-07 19:16 -------- d--h--w- c:\documents and settings\admin\InstallAnywhere
    .
    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-02-24 21:21 . 2011-01-27 22:18 22980091 ----a-w- c:\program files\SUPERsetup.exe
    2011-02-23 15:04 . 2010-07-06 18:12 40648 ----a-w- c:\windows\avastSS.scr
    2011-02-23 15:04 . 2010-07-06 18:12 190016 ----a-w- c:\windows\system32\aswBoot.exe
    2011-02-23 14:56 . 2010-07-06 18:13 301528 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2011-02-23 14:55 . 2010-07-06 18:13 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2011-02-23 14:55 . 2010-07-06 18:13 102232 ----a-w- c:\windows\system32\drivers\aswmon2.sys
    2011-02-23 14:55 . 2010-07-06 18:13 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
    2011-02-23 14:55 . 2010-07-06 18:13 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2011-02-23 14:54 . 2010-07-06 18:13 30680 ----a-w- c:\windows\system32\drivers\aavmker4.sys
    2011-02-23 14:54 . 2010-07-06 18:13 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2011-01-21 14:44 . 2004-08-19 12:03 441344 ----a-w- c:\windows\system32\shimgvw.dll
    2011-01-16 17:31 . 2011-01-16 17:30 8014504 ----a-w- c:\program files\PILOTE SON.EXE
    2011-01-16 16:50 . 2011-01-16 16:50 126603 ----a-w- c:\program files\TomsDownloader412.exe
    2011-01-16 15:18 . 2011-01-16 15:18 11873890 ----a-w- c:\program files\audacity_audacity_1.3.12_beta_francais_10372.exe
    2011-01-09 12:05 . 2011-01-09 12:04 24557368 ----a-w- c:\program files\install_artrage_2.6.0_wacom.exe
    2011-01-07 14:09 . 2004-08-19 12:03 290048 ----a-w- c:\windows\system32\atmfd.dll
    2011-01-05 03:02 . 2011-01-05 02:47 288612352 ----a-w- c:\program files\Bamboo Scribe 3.2.exe
    2011-01-05 02:44 . 2011-01-05 02:44 3910624 ----a-w- c:\program files\BambooExploreSetup_v1_2.exe
    2011-01-05 00:17 . 2011-01-05 00:16 12701696 ----a-w- c:\program files\artrage2.5_winwacom.msi
    2011-01-04 17:13 . 2011-01-04 17:13 126592 ----a-w- c:\program files\TomsDownloader15245.exe
    2010-12-31 14:04 . 2004-08-19 12:03 1855104 ----a-w- c:\windows\system32\win32k.sys
    2010-12-22 12:34 . 2004-08-19 12:03 301568 ----a-w- c:\windows\system32\kerberos.dll
    2010-12-20 23:06 . 2004-08-19 12:03 832512 ----a-w- c:\windows\system32\wininet.dll
    2010-12-20 23:06 . 2004-08-19 12:03 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
    2010-12-20 23:06 . 2004-08-19 12:03 78336 ----a-w- c:\windows\system32\ieencode.dll
    2010-12-20 23:06 . 2004-08-19 12:03 17408 ------w- c:\windows\system32\corpol.dll
    2010-12-20 17:26 . 2004-08-19 12:03 736768 ----a-w- c:\windows\system32\lsasrv.dll
    2010-12-20 12:55 . 2004-08-19 12:03 389120 ------w- c:\windows\system32\html.iec
    2010-12-17 20:52 . 2010-12-17 20:52 318904 ----a-w- c:\program files\WindowsMedia-Firefox-Plugin.exe
    2010-12-11 19:43 . 2010-12-11 19:43 6274424 ----a-w- c:\program files\Silverlight.exe
    2010-12-09 16:43 . 2010-12-09 16:43 16409960 ----a-w- c:\program files\spybotsd162.exe
    2010-12-09 15:15 . 2004-08-19 12:03 743424 ----a-w- c:\windows\system32\ntdll.dll
    2010-12-09 15:14 . 2004-08-03 23:48 2029056 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2010-12-09 15:14 . 2004-08-19 12:03 2150912 ----a-w- c:\windows\system32\ntoskrnl.exe
    2010-12-09 14:30 . 2004-08-19 12:03 33280 ----a-w- c:\windows\system32\csrsrv.dll
    2010-12-04 22:13 . 2010-12-04 22:12 2963664 ----a-w- c:\program files\ccsetup301.exe
    2010-12-02 09:48 . 2010-12-02 09:48 568648 ----a-w- c:\program files\GoogleEarthSetup.exe
    2010-11-27 17:54 . 2010-05-13 14:33 81898280 ----a-w- c:\program files\iTunesSetup.exe
    2010-11-11 22:26 . 2010-11-11 22:24 32756790 ----a-w- c:\program files\Install_PRNclient_FR1200007.exe
    2010-11-11 22:10 . 2010-11-11 22:08 31624251 ----a-w- c:\program files\Install_PRNprofnote_FR1200007.exe
    2010-07-11 15:36 . 2010-07-11 15:36 9308032 ------w- c:\program files\WPAO_en_v1.3_1033.exe
    2010-07-11 14:39 . 2010-07-11 14:39 1439435 ------w- c:\program files\winrar_winrar_3.93_final_32_bits_francais_9632.exe
    2010-07-06 18:00 . 2010-07-06 17:52 48463656 ------w- c:\program files\setup_av_free_fre.exe
    2010-06-25 22:24 . 2010-06-25 22:23 424306528 ------w- c:\program files\SPU_4200c.exe
    2010-06-25 21:45 . 2010-06-25 21:45 1370016 ------w- c:\program files\SPUDownloadManager_1006b.exe
    2010-05-11 21:44 . 2010-05-11 21:44 2675023 ------w- c:\program files\FFmpeg_2009_07_20_for_Audacity_on_Windows(2).exe
    2010-01-21 15:53 . 2010-01-21 15:52 4169192 ------w- c:\program files\yg.exe
    2010-01-21 15:13 . 2010-01-21 15:13 3782822 ------w- c:\program files\ConvertHelperSetup.exe
    2010-01-09 14:56 . 2010-01-09 14:56 1956528 ------w- c:\program files\install_flash_player_ax.exe
    2009-12-27 12:02 . 2009-12-27 11:55 1924200 ------w- c:\program files\install_flash_player.exe
    2009-10-21 23:06 . 2009-10-21 22:45 273931544 ------w- c:\program files\dartfish_pro_5_5_10925.exe
    2009-06-20 17:55 . 2009-06-20 17:55 1086608 ------w- c:\program files\Google Updater.exe
    2009-06-07 11:17 . 2009-06-07 11:14 85069220 ------w- c:\program files\XBMC_for_Windows-9.04.1.exe
    2009-05-12 18:03 . 2009-05-12 18:02 830523 ------w- c:\program files\wlsetup-custom.exe.part
    2009-03-31 12:03 . 2009-03-31 11:56 19057955 ------w- c:\program files\PCJongle20080213.EXE
    2009-03-24 19:46 . 2009-03-24 19:43 15145769 ------w- c:\program files\installation_pncfr1000108.exe
    2009-02-27 17:40 . 2009-02-27 17:40 1161576 ------w- c:\program files\wlsetup-custom.exe
    2009-02-15 22:27 . 2009-02-15 21:40 448702592 ------w- c:\program files\X12-30194.exe
    2009-02-12 18:44 . 2009-02-12 18:44 7321032 ------w- c:\program files\daemon-tools_daemon_tools_4.30.3_francais_10729.exe
    2008-12-05 20:46 . 2008-12-05 20:45 24758792 ------w- c:\program files\NetFx20SP1_x86.exe
    2008-12-05 17:36 . 2008-12-05 17:35 29540960 ------w- c:\program files\setupfre.exe
    2006-05-03 10:06 163328 --sha-r- c:\windows\system32\flvDX.dll
    2007-02-21 11:47 31232 --sha-r- c:\windows\system32\msfDX.dll
    2008-03-16 13:30 216064 --sha-r- c:\windows\system32\nbDX.dll
    .
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{a65e491f-a436-4952-b49a-b24ed99a0f67}"= "c:\program files\Tom's_Guide_France\tbTom'.dll" [2010-11-23 3908192]
    .
    [HKEY_CLASSES_ROOT\clsid\{a65e491f-a436-4952-b49a-b24ed99a0f67}]
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
    2010-11-23 17:55 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a65e491f-a436-4952-b49a-b24ed99a0f67}]
    2010-11-23 17:55 3908192 ----a-w- c:\program files\Tom's_Guide_France\tbTom'.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{a65e491f-a436-4952-b49a-b24ed99a0f67}"= "c:\program files\Tom's_Guide_France\tbTom'.dll" [2010-11-23 3908192]
    "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-11-23 3908192]
    .
    [HKEY_CLASSES_ROOT\clsid\{a65e491f-a436-4952-b49a-b24ed99a0f67}]
    .
    [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{A65E491F-A436-4952-B49A-B24ED99A0F67}"= "c:\program files\Tom's_Guide_France\tbTom'.dll" [2010-11-23 3908192]
    .
    [HKEY_CLASSES_ROOT\clsid\{a65e491f-a436-4952-b49a-b24ed99a0f67}]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2011-02-23 15:04 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-20 39408]
    "DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-08-28 395776]
    "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
    "Boots Insert Detect"="c:\program files\Boots F2CD\Picture Suite\InsDetect.exe" [2003-02-17 262144]
    "EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-03-28 3325952]
    "Bamboo Dock"="c:\program files\Bamboo Dock\Bamboo Dock\Bamboo Dock.exe" [BU]
    "BambooScribe.exe"="c:\program files\Vision Objects\Bamboo Scribe\BambooScribe.exe" [2010-10-27 2994176]
    "Registry Reviver"="c:\program files\Reviversoft\Registry Reviver\RegistryReviver.exe" [BU]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-02-18 2423752]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "StreamZap Remote"="c:\program files\Streamzap\Remote\zremote.exe" [2005-03-28 655360]
    "SigmatelSysTrayApp"="stsystra.exe" [2007-02-18 303104]
    "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]
    "lxdimon.exe"="c:\program files\Lexmark 3500-4500 Series\lxdimon.exe" [2007-07-16 434864]
    "lxdiamon"="c:\program files\Lexmark 3500-4500 Series\lxdiamon.exe" [2007-07-16 25264]
    "KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624]
    "ITSecMng"="%ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [BU]
    "FaxCenterServer"="c:\program files\\Lexmark Fax Solutions\fm3032.exe" [2007-07-16 311984]
    "Document Manager"="c:\program files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe" [2006-09-08 102400]
    "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-06-13 127036]
    "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-10-09 2183168]
    "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 90112]
    "Apoint"="c:\program files\Apoint\Apoint.exe" [2007-04-15 159744]
    "avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2011-02-23 3451496]
    "TMWebProtectTray"="c:\program files\Trend Micro\Web Protection Add-On\TMWebProtectTray.exe" [2009-09-02 288136]
    "PCTuto"="c:\program files\PCTuto\pctuto.exe" [2010-08-04 966656]
    "autoupdater"="c:\documents and settings\admin\Application Data\PCtuto\UpdatePCTuto\autoupdater.exe" [2010-08-17 659456]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
    "BambooCore"="c:\program files\Bamboo Dock\BambooCore.exe" [2011-01-04 629336]
    "BambooScribeAutoStart.vbe"="c:\program files\Vision Objects\Bamboo Scribe\BambooScribeAutoStart.vbe" [2010-10-11 1005]
    "cspep.exe"="c:\program files\cspep\cspep.exe" [2010-12-09 684032]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
    .
    c:\documents and settings\admin\Menu D‚marrer\Programmes\D‚marrage\
    Outil de d‚tection de support PMB.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2010-6-25 333088]
    .
    c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-2-22 2938184]
    Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-7-11 50688]
    EMBASSY Trust Suite Secure Update.lnk - c:\program files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe [2006-8-25 192512]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\system32\wxvault.dll
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
    "c:\\Program Files\\wlsetup-custom.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Toshiba\\Bluetooth Toshiba Stack\\TosBtProc1.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\WINDOWS\\system32\\lxdicoms.exe"=
    "c:\\Program Files\\Lexmark 3500-4500 Series\\lxdiamon.exe"=
    "c:\\Program Files\\Lexmark 3500-4500 Series\\App4R.exe"=
    "c:\\WINDOWS\\system32\\lxdicfg.exe"=
    "c:\\Program Files\\Lexmark 3500-4500 Series\\lxdimon.exe"=
    "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdipswx.exe"=
    "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxditime.exe"=
    "c:\\Program Files\\Abbyy FineReader 6.0 Sprint\\Scan\\ScanMan6.exe"=
    "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdijswx.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
    "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdiwbgw.exe"=
    "c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
    .
    R0 atiide;atiide;c:\windows\system32\drivers\atiide.sys [11/07/2007 15:33 3456]
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [02/03/2011 11:47 371544]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [06/07/2010 19:13 301528]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [06/07/2010 19:13 19544]
    R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [02/11/2006 12:32 97536]
    .
    Contenu du dossier 'Tâches planifiées'
    .
    2011-02-22 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50]
    .
    2011-03-05 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-20 17:56]
    .
    2011-03-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-09-20 17:09]
    .
    2011-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-09-20 17:09]
    .
    2011-03-04 c:\windows\Tasks\OGALogon.job
    - c:\windows\system32\OGAEXEC.exe [2009-08-03 13:07]
    .
    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://www.google.fr/ig/dell?hl=fr&client=dell-row-rel&channel=fr&ibd=4070711
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Settings,ProxyOverride = *.local
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
    FF - ProfilePath - c:\documents and settings\admin\Application Data\Mozilla\Firefox\Profiles\32d0986o.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
    FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
    FF - prefs.js: network.proxy.type - 4
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
    .
    - - - - ORPHELINS SUPPRIMES - - - -
    .
    MSConfigStartUp-avast! - c:\progra~1\ALWILS~1\Avast4\ashDisp.exe
    AddRemove-EoS-{5CCCD423-F673-4CD8-9464-9D950F49BBC3} - c:\documents and settings\admin\Bureau\Empire of Sports\Uninstall.exe
    AddRemove-HijackThis - c:\program files\HijackThis.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
    Rootkit scan 2011-03-06 00:53
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    Recherche de processus cachés ...
    .
    Recherche d'éléments en démarrage automatique cachés ...
    .
    Recherche de fichiers cachés ...
    .
    Scan terminé avec succès
    Fichiers cachés: 0
    .
    **************************************************************************
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------
    .
    - - - - - - - > 'winlogon.exe'(1872)
    c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    c:\windows\system32\Ati2evxx.dll
    c:\windows\System32\BCMLogon.dll
    .
    - - - - - - - > 'explorer.exe'(5468)
    c:\windows\system32\eappprxy.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    c:\program files\Satsuki Decoder Pack\Filtres\mmfinfo.dll
    c:\program files\Satsuki Decoder Pack\Filtres\mkunicode.dll
    c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll
    c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA
    c:\progra~1\SPYBOT~1\SDHelper.dll
    c:\windows\System32\DLA\DLASHX_W.DLL
    c:\windows\system32\DLAAPI_W.DLL
    c:\windows\System32\DLA\DLACResW.dll
    .
    Heure de fin: 2011-03-06 01:09:45
    ComboFix-quarantined-files.txt 2011-03-06 00:09
    .
    Avant-CF: 10*850*652*160 octets libres
    Après-CF: 10*810*200*064 octets libres
    .
    - - End Of File - - AB37EB249BCC44F304D1CE271E7332BB

    Best regards
    Everaym

  8. #8
    Member Net_Surfer's Avatar
    Join Date
    May 2008
    Location
    Paradise Ca.
    Posts
    1,179
    Points
    89
    Blog Entries
    4

    Default

    Hello again Everaym

    How is your computer running now?

    * ESET Online Scan

    Sometimes malware that is removed from your computer leaves other traces behind. These traces may not be active, but they are unwanted on your computer.
    Therefore, by using ESET online scanner it is possible for us to find leftover or missed malware files on your computer and we can now further clean up your computer
    .

    You can use either Internet Explorer or Mozilla FireFox for this scan.
    NOTE:This scan requires Internet Explorer to work. Vista/Windows 7 users need to run Internet Explorer as Administrator.
    To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run As Administrator from the context menu
    .
    • Please go here then click on:
      Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
      All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
    • Select the option YES, I accept the Terms of Use then click on:
    • When prompted allow the Add-On/Active X to install.
    • Make sure that the option Remove found threats IS checked, and the option Scan archives is checked.
    • Now click on Advanced Settings and select the following:
      • Scan for potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth Technology
    • Now click on:
    • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
    • When completed the Online Scan will begin automatically.
    • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
    • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
    • Now click on:
    • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
    • Copy and paste that log as a reply to this topic.

    NOTE: A log.txt file will also be created and automatically saved in the C:\Program Files\EsetOnlineScanner\ folder.
    If you did not save the ESETScan log, click Start > Run..., then type or copy and paste everything inside the code box below into the Open dialogue box:

    Code:
    C:\Program Files\ESET\EsetOnlineScanner\log.txt
    • Click Ok and the scan results will open in Notepad.
    • Copy and paste the contents of log.txt in your next reply.


    In some instances if no malware is found there will be no log produced.

    Some online scanners will detect existing anti-virus software and refuse to cooperate. You may have to disable the real-time protection components of your existing anti-virus and try running the scan again. If you do this, remember to turn them back on after you are finished.
    ~~~~~~~~~~~~~

    Note:
    *If you are running a 64bit system:
    The ESET Online Scanner is a 32-bit application, which means it must be run through in the 32-bit version of Internet Explorer, and as an Administrator. To do so, right-click on the Internet Explorer (32-bit) icon in the Start Menu and select "Run as administrator" from the context menu.
    Our help here is always free but it does cost money to keep the site running. If you feel we've helped you kindly, Click here: >> Please Donate to the Forum <<


    "Obstacles are what you see when yo take your eyes off your Goals"

    Net_Surfer is a Graduate of BleepingComputer Malware Removal Training ProgramYou too could train to help others!.

  9. #9
    Member
    Join Date
    Mar 2011
    Posts
    10
    Points
    0

    Default

    Hello Net_Surfer

    My computer still behave wierdly. When I switch it on there is always a commercial internet page which opens without me asking to go on the net. I don't know if that's due to a malware.
    Here is the Esetlog :

    ESETSmartInstaller@High as CAB hook log:
    OnlineScanner.ocx - registred OK
    # version=7
    # iexplore.exe=7.00.6000.17095 (vista_gdr.101217-1830)
    # OnlineScanner.ocx=1.0.0.6425
    # api_version=3.0.2
    # EOSSerial=7151baeb59dcdd408ca974a54edbd3b2
    # end=stopped
    # remove_checked=true
    # archives_checked=true
    # unwanted_checked=true
    # unsafe_checked=true
    # antistealth_checked=true
    # utc_time=2011-03-06 01:46:44
    # local_time=2011-03-06 02:46:44 (+0100, Paris, Madrid)
    # country="France"
    # lang=1033
    # osver=5.1.2600 NT Service Pack 3
    # compatibility_mode=512 16777215 100 0 414232 414232 0 0
    # compatibility_mode=768 16777215 100 0 20975819 20975819 0 0
    # compatibility_mode=8192 67108863 100 0 463 463 0 0
    # scanned=45206
    # found=1
    # cleaned=1
    # scan_time=3480
    C:\Documents and Settings\admin\Application Data\OpenCandy\OpenCandy_2E8EEAD6AFF84B27A0D5A1043FBA9BDF\RegistryReviverSetup-ppi_.exe Win32/Adware.RegistryReviver application (deleted - quarantined) 00000000000000000000000000000000 C

    Kind regards
    Everaym

  10. #10
    Member Net_Surfer's Avatar
    Join Date
    May 2008
    Location
    Paradise Ca.
    Posts
    1,179
    Points
    89
    Blog Entries
    4

    Default

    Hi

    We will take a deeper look at your system with OTL.

    • Download: >>> OTL by Old Timer <<< to your desktop.
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Check the boxes beside LOP Check and Purity Check
    .

    .

    • Now copy the lines below.

      netsvcs
      msconfig
      %SYSTEMDRIVE%\*.exe
      /md5start
      eventlog.dll
      scecli.dll
      netlogon.dll
      cngaudit.dll
      sceclt.dll
      ntelogon.dll
      logevent.dll
      iaStor.sys
      nvstor.sys
      atapi.sys
      IdeChnDr.sys
      viasraid.sys
      AGP440.sys
      vaxscsi.sys
      nvatabus.sys
      viamraid.sys
      nvata.sys
      nvgts.sys
      iastorv.sys
      ViPrt.sys
      eNetHook.dll
      ahcix86.sys
      KR10N.sys
      nvstor32.sys
      ahcix86s.sys
      nvrd32.sys
      symmpi.sys
      adp3132.sys
      /md5stop
      %systemroot%\*. /mp /s
      %systemroot%\system32\*.dll /lockedfiles
      %systemroot%\Tasks\*.job /lockedfiles
      %systemroot%\system32\drivers\*.sys /lockedfiles
      CREATERESTOREPOINT


    • right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.


      .
    • Click the Run Scan button.


    • Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them with your next reply.

    =========
    Our help here is always free but it does cost money to keep the site running. If you feel we've helped you kindly, Click here: >> Please Donate to the Forum <<


    "Obstacles are what you see when yo take your eyes off your Goals"

    Net_Surfer is a Graduate of BleepingComputer Malware Removal Training ProgramYou too could train to help others!.

Page 1 of 2 12 LastLast