suspicious files

**everaym** · 03-02-2011 09:11 AM

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:05:33, on 02/03/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17095)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Tablet\Pen\Pen_TouchService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Program Files\Streamzap\Remote\zremote.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe
C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe
C:\WINDOWS\system32\KADxMain.exe
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Apoint\Apoint.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Trend Micro\Web Protection Add-On\TMWebProtectTray.exe
C:\Program Files\PCTuto\pctuto.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Documents and Settings\admin\Application Data\PCtuto\UpdatePCTuto\autoupdater.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Bamboo Dock\BambooCore.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Boots F2CD\Picture Suite\InsDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\Program Files\Bamboo Dock\Bamboo Dock\Bamboo Dock.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Wave Systems Corp\Common\DataServer.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdiserv.exe
C:\WINDOWS\system32\lxdicoms.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
C:\Program Files\Trend Micro\Web Protection Add-On\TmProxy.exe
C:\Program Files\Trend Micro\Web Protection Add-On\TMWebProtect.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Page initiale personnalisée
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Page initiale personnalisée
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = Page de recherche Dell
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = Page initiale personnalisée
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.155.1:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Tom's Guide France Toolbar - {a65e491f-a436-4952-b49a-b24ed99a0f67} - C:\Program Files\Tom's_Guide_France\tbTom'.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Tom's Guide France Toolbar - {a65e491f-a436-4952-b49a-b24ed99a0f67} - C:\Program Files\Tom's_Guide_France\tbTom'.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: Tom's Guide France Toolbar - {a65e491f-a436-4952-b49a-b24ed99a0f67} - C:\Program Files\Tom's_Guide_France\tbTom'.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O4 - HKLM\..\Run: [StreamZap Remote] C:\Program Files\Streamzap\Remote\zremote.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [lxdimon.exe] "C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe"
O4 - HKLM\..\Run: [lxdiamon] "C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe"
O4 - HKLM\..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [Document Manager] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [TMWebProtectTray] "C:\Program Files\Trend Micro\Web Protection Add-On\TMWebProtectTray.exe"
O4 - HKLM\..\Run: [PCTuto] "C:\Program Files\PCTuto\pctuto.exe"
O4 - HKLM\..\Run: [autoupdater] C:\Documents and Settings\admin\Application Data\PCtuto\UpdatePCTuto\autoupdater.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [BambooCore] C:\Program Files\Bamboo Dock\BambooCore.exe
O4 - HKLM\..\Run: [BambooScribeAutoStart.vbe] "C:\Program Files\Vision Objects\Bamboo Scribe\BambooScribeAutoStart.vbe"
O4 - HKLM\..\Run: [cspep.exe] C:\Program Files\cspep\cspep.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Boots Insert Detect] C:\Program Files\Boots F2CD\Picture Suite\InsDetect.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [Bamboo Dock] "C:\Program Files\Bamboo Dock\Bamboo Dock\Bamboo Dock.exe"
O4 - HKCU\..\Run: [BambooScribe.exe] "C:\Program Files\Vision Objects\Bamboo Scribe\BambooScribe.exe" /i
O4 - HKCU\..\Run: [Registry Reviver] C:\Program Files\Reviversoft\Registry Reviver\RegistryReviver.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Outil de détection de support PMB.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: EMBASSY Trust Suite Secure Update.lnk = C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1208879832109
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1208879975593
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DataSvr2 - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Common\DataServer.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Fax - Unknown owner - C:\WINDOWS\system32\fxssvc.exe
O23 - Service: Service Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KL Deployment Wrapperc842df31-1b3e-45fa-97e8-a20b8d873ffa - Unknown owner - D:\INSTAL~B\WORKS~18\setup1.exe (file missing)
O23 - Service: lxdiCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdiserv.exe
O23 - Service: lxdi_device - - C:\WINDOWS\system32\lxdicoms.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Program Files\Tablet\Pen\Pen_Tablet.exe
O23 - Service: NTRU Hybrid TSS v2.0.25 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Web Protection Add-On\TmProxy.exe
O23 - Service: Trend Micro Web Protection Add-On Service (TMWebProtect) - Trend Micro Inc. - C:\Program Files\Trend Micro\Web Protection Add-On\TMWebProtect.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Wacom Consumer Touch Service (TouchServicePen) - Wacom Technology, Corp. - C:\Program Files\Tablet\Pen\Pen_TouchService.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe

--
End of file - 17139 bytes

SUPERAntiSpyware Scan Log
SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

Generated 03/02/2011 at 03:30 AM

Application Version : 4.49.1000

Core Rules Database Version : 6511
Trace Rules Database Version: 4323

Scan type : Complete Scan
Total Scan Time : 01:01:11

Memory items scanned : 919
Memory threats detected : 0
Registry items scanned : 7854
Registry threats detected : 0
File items scanned : 30980
File threats detected : 2

Trojan.Agent/Gen-Alient
C:\PROGRAM FILES\SATSUKI DECODER PACK\CPL\SDPCPL.EXE
C:\DOCUMENTS AND SETTINGS\ADMIN\MENU DéMARRER\PROGRAMMES\SATSUKI DECODER PACK\CONFIGURATION.LNK

Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes

Version de la base de données: 5925

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

02/03/2011 11:14:28
mbam-log-2011-03-02 (11-14-11).txt

Type d'examen: Examen complet (C:\|)
Elément(s) analysé(s): 258950
Temps écoulé: 2 heure(s), 26 minute(s), 32 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 7
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 4

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{293A63F7-C3B6-423a-9845-901AC0A7EE6E} (Trojan.Eorezo) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{0BF73E27-2734-4F7B-925A-4BBB1457F5FA} (Trojan.Eorezo) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{E2ED56B6-35FC-4484-9530-EC87FB458E78} (Trojan.Eorezo) -> No action taken.
HKEY_CLASSES_ROOT\PCTutoBHO.PCTBHO.1 (Trojan.Eorezo) -> No action taken.
HKEY_CLASSES_ROOT\PCTutoBHO.PCTBHO (Trojan.Eorezo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{293A63F7-C3B6-423A-9845-901AC0A7EE6E} (Trojan.Eorezo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{293A63F7-C3B6-423A-9845-901AC0A7EE6E} (Trojan.Eorezo) -> No action taken.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
c:\program files\PCTuto\pctutobho.dll (Trojan.Eorezo) -> No action taken.
c:\documents and settings\admin\application data\PCtuto\updatepctuto\updatepctuto.exe (Rogue.Eorezo) -> No action taken.
c:\documents and settings\admin\mes documents\téléchargements\pctuto_353.exe (Trojan.StartPage) -> No action taken.
c:\program files\lame_enc.dll (Spyware.OnlineGames) -> No action taken.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:05:33, on 02/03/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17095)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Tablet\Pen\Pen_TouchService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Program Files\Streamzap\Remote\zremote.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe
C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe
C:\WINDOWS\system32\KADxMain.exe
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Apoint\Apoint.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Trend Micro\Web Protection Add-On\TMWebProtectTray.exe
C:\Program Files\PCTuto\pctuto.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Documents and Settings\admin\Application Data\PCtuto\UpdatePCTuto\autoupdater.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Bamboo Dock\BambooCore.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Boots F2CD\Picture Suite\InsDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\Program Files\Bamboo Dock\Bamboo Dock\Bamboo Dock.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Wave Systems Corp\Common\DataServer.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdiserv.exe
C:\WINDOWS\system32\lxdicoms.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
C:\Program Files\Trend Micro\Web Protection Add-On\TmProxy.exe
C:\Program Files\Trend Micro\Web Protection Add-On\TMWebProtect.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Page initiale personnalisée
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Page initiale personnalisée
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = Page de recherche Dell
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = Page initiale personnalisée
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.155.1:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Tom's Guide France Toolbar - {a65e491f-a436-4952-b49a-b24ed99a0f67} - C:\Program Files\Tom's_Guide_France\tbTom'.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Tom's Guide France Toolbar - {a65e491f-a436-4952-b49a-b24ed99a0f67} - C:\Program Files\Tom's_Guide_France\tbTom'.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: Tom's Guide France Toolbar - {a65e491f-a436-4952-b49a-b24ed99a0f67} - C:\Program Files\Tom's_Guide_France\tbTom'.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O4 - HKLM\..\Run: [StreamZap Remote] C:\Program Files\Streamzap\Remote\zremote.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [lxdimon.exe] "C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe"
O4 - HKLM\..\Run: [lxdiamon] "C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe"
O4 - HKLM\..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [Document Manager] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [TMWebProtectTray] "C:\Program Files\Trend Micro\Web Protection Add-On\TMWebProtectTray.exe"
O4 - HKLM\..\Run: [PCTuto] "C:\Program Files\PCTuto\pctuto.exe"
O4 - HKLM\..\Run: [autoupdater] C:\Documents and Settings\admin\Application Data\PCtuto\UpdatePCTuto\autoupdater.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [BambooCore] C:\Program Files\Bamboo Dock\BambooCore.exe
O4 - HKLM\..\Run: [BambooScribeAutoStart.vbe] "C:\Program Files\Vision Objects\Bamboo Scribe\BambooScribeAutoStart.vbe"
O4 - HKLM\..\Run: [cspep.exe] C:\Program Files\cspep\cspep.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Boots Insert Detect] C:\Program Files\Boots F2CD\Picture Suite\InsDetect.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [Bamboo Dock] "C:\Program Files\Bamboo Dock\Bamboo Dock\Bamboo Dock.exe"
O4 - HKCU\..\Run: [BambooScribe.exe] "C:\Program Files\Vision Objects\Bamboo Scribe\BambooScribe.exe" /i
O4 - HKCU\..\Run: [Registry Reviver] C:\Program Files\Reviversoft\Registry Reviver\RegistryReviver.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Outil de détection de support PMB.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: EMBASSY Trust Suite Secure Update.lnk = C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1208879832109
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1208879975593
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DataSvr2 - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Common\DataServer.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Fax - Unknown owner - C:\WINDOWS\system32\fxssvc.exe
O23 - Service: Service Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KL Deployment Wrapperc842df31-1b3e-45fa-97e8-a20b8d873ffa - Unknown owner - D:\INSTAL~B\WORKS~18\setup1.exe (file missing)
O23 - Service: lxdiCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdiserv.exe
O23 - Service: lxdi_device - - C:\WINDOWS\system32\lxdicoms.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Program Files\Tablet\Pen\Pen_Tablet.exe
O23 - Service: NTRU Hybrid TSS v2.0.25 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Web Protection Add-On\TmProxy.exe
O23 - Service: Trend Micro Web Protection Add-On Service (TMWebProtect) - Trend Micro Inc. - C:\Program Files\Trend Micro\Web Protection Add-On\TMWebProtect.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Wacom Consumer Touch Service (TouchServicePen) - Wacom Technology, Corp. - C:\Program Files\Tablet\Pen\Pen_TouchService.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe

--
End of file - 17139 bytes

**Net_Surfer** · 03-02-2011 03:03 PM

Hello everaym and Welcome to the Help2Go Spyware Help Forum

Sorry for the delay!!.

My nick is Net_Surfer and I will be helping you with your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing "your computer problems only" and by no means should be used on another computer.

I would also like to inform you that most of us here at Help2Go support forums offer our expert assistance out of the goodness of our hearts. Please be courteous and appreciative for the assistance provided!

Please be patient and I'd be grateful if you would note the following:

The cleaning process is not instant. Combofix, OTL and hijackthis logs can take some time to research, I use Google as resource to research what the problem is just to understand some of the infections that are infecting the computer and understand where I need to focus more on to ensure that the member get the best and honest service.

so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.

Please Read All Instructions Carefully and perform the steps fully and in the order they are written.
If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
Do not attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process. Never will there be an all in one solution for repairing an infected computer. You must have a great arsenal of utilities that can take care of what another program may miss or isn't as specialized as another.
In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.
Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.
Please continue to review my answers until I tell you that your machine is clean and free of malware. (Absence of symptoms does not mean that everything is clear.

Just because you can't see a problem doesn't mean it isn't there.

If you can do these things, everything should go smoothly!

~~~~~~~~~~~~~~~~~
Disable Spybot's TeaTimer

While TeaTimer is an excellent tool for the prevention of spyware, it can also interfere with HijackThis fixes. Please disable TeaTimer for now until we are done.

1. Right click Spybot in the System Tray (looks like a calendar with a padlock symbol). Choose Exit Spybot S&D Resident
2. Run Spybot S&D
3. Go to the Mode menu, and make sure Advanced Mode is selected.
4. On the left hand side, choose Tools > Resident
uncheck Resident TeaTimer and OK any prompt and Restart your computer.

Note: If TeaTimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.

If TeaTimer will not turn off then uninstall Spybot until we are done cleaning.
~~~~~~~~~~~~~~~~~~~~

OK..If you have a Vista or Win7 computer ensure that you right click on the tools and run them as an Admin. IF XP double click on the program to run them.

Before we begin, you should save these instructions in Notepad to your Desktop, or print them, for easy reference and to make sure you don't get lost.
Make sure to work through the fixes in the exact order in which they are mentioned below and do not miss any steps out. If at any point you have questions, or are unsure of the instructions, do not hesitate to post here and ask for clarification before proceeding with the fixes.

Please carefully follow the next set of steps:

Launch Hijackthis.

Click on the Do a system scan only button.
checkmark the following entries: (*If they still there.)

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.155.1:3128

Then close all other windows and browsers except HijackThis and press fix checked.

Exit/Close the Hijackthis program.

Next....

If you can not download and run the following tools, then I would like for you to try another approach:

If you have the use of another computer please either use a Flash Drive or a CD to download the following and transfer them for use on the infected machine.
Be sure you put them on the desktop of the infected computer.

Step 1.

* exeHelper by Raktor.

Please download: exeHelper to your desktop.
Double-click on exeHelper.com to run the fix.
A black window should pop up, press any key to close once the fix is completed.
Post the contents of exehelperlog.txt (Will be created in the directory where you ran exeHelper.com, and should open at the end of the scan)
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

Step 2.

Code:

Clé(s) du Registre infectée(s): 7
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 4

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{293A63F7-C3B6-423a-9845-901AC0A7EE6E} (Trojan.Eorezo) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{0BF73E27-2734-4F7B-925A-4BBB1457F5FA} (Trojan.Eorezo) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{E2ED56B6-35FC-4484-9530-EC87FB458E78} (Trojan.Eorezo) -> No action taken.
HKEY_CLASSES_ROOT\PCTutoBHO.PCTBHO.1 (Trojan.Eorezo) -> No action taken.
HKEY_CLASSES_ROOT\PCTutoBHO.PCTBHO (Trojan.Eorezo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{293A63F7-C3B6-423A-9845-901AC0A7EE6E} (Trojan.Eorezo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{293A63F7-C3B6-423A-9845-901AC0A7EE6E} (Trojan.Eorezo) -> No action taken.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
c:\program files\PCTuto\pctutobho.dll (Trojan.Eorezo) -> No action taken.
c:\documents and settings\admin\application data\PCtuto\updatepctuto\updatepctuto.exe (Rogue.Eorezo) -> No action taken.
c:\documents and settings\admin\mes documents\téléchargements\pctuto_353.exe (Trojan.StartPage) -> No action taken.
c:\program files\lame_enc.dll (Spyware.OnlineGames) -> No action taken.

Your report log of malwarebytes shows that not action was taken!

There is no sense in running it if you are going to ignore everything it found.

This usually occurs if you forget to click "Remove Selected" and instead only clicked "Save Logfile.

We should Re-run MBAM like this:

Let's get your

MalwareBytes AntiMalware updated and run a final scan:

Please update MBAM and run another scan:
Start MBAM
Click on the Update tab

click Check for Updates

If it says that MBAM needs to close to update it... let it close and then restart.
Then click the Scan button.

Don't forget:

When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
Make sure that everything is checked, and click Remove Selected.
When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Post the report that comes up after the scan.

Step 3.

* Please visit this webpage for instructions for downloading and running ComboFix if you have problems running it:

Please download ComboFix from one of the following mirrors, and save it to your desktop.
Warning: This tool is not a toy and not for everyday use!.
Link 1
Link 2
Link 3

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix..This because Security Software may see some components ComboFix uses as suspicious and blocks the tool, or even deletes it. Please visit HERE if you don't know how.
Please insert all usb-drives before running Combofix
Close any open browsers.
Double click on your desktop.
If using Vista/Win7, right-click and Run as Administrator...
Read and accept (Press Yes) to the disclaimer. *If using Windows XP... Please allow Combofix tool to download and install the Microsoft Recovery Console.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.
Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
*Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Post the log from ComboFix in your next reply.

*EXTRA NOTES*

* If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
* If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
* If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

Summary of the logs I will need in your next reply:
ExeHelper log.
The ComboFix log.
MBAM log.

How are things your end ?

Upon completing the above steps I will review your logs again and take the steps necessary with you to get your machine back in working order clean and free of malware.

Again, Please DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean and free of malware!!!

The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day then I will close the topic.

Kind regards
Net_Surfer

**everaym** · 03-03-2011 06:47 PM

Hello Net_Surfer and thank you for your help.

Here is the exehelperlog

exeHelper by Raktor
Build 20100414
Run at 00:30:06 on 03/04/11
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

I hope it is allright. Now, I am going to start the step 2.

Kind regards
Everaym

**everaym** · 03-04-2011 04:16 AM

hello Net_Surfer
This is the mbam-log

Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes

Version de la base de données: 5947

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

04/03/2011 02:35:28
mbam-log-2011-03-04 (02-35-28).txt

Type d'examen: Examen complet (C:\|)
Elément(s) analysé(s): 260640
Temps écoulé: 1 heure(s), 43 minute(s), 20 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

Now I go to the next step.
Thank you again for your help
Best regards
Everaym

**everaym** · 03-04-2011 06:18 AM

Hello Net_Surfer
I think I have made a mistake because I didn't have the report for ComboFix. A Avast window appeared that I shut and i think I shouldn't have done it. And after I had a blue screen with a message asking for a reboot. so now I don't know what to do. I hope I haven't done somthing too bad.

Best regards
Everaym

**Net_Surfer** · 03-05-2011 12:10 AM

Hi

Reboot your computer and ensure that you disable your antivirus and run combofix again...Combofix may ask you that needs to be updated...Allow it to update!

**everaym** · 03-05-2011 07:20 PM

Hello
This is the ComboFix log :

ComboFix 11-03-05.01 - admin 06/03/2011 0:37.2.1 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1918.1222 [GMT 1:00]
Lancé depuis: c:\documents and settings\admin\Bureau\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Un nouveau point de restauration a été créé
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Exécution préalable -------
.
C:\Acr65F0.tmp
c:\documents and settings\admin\Application Data\OfferBox\config.dat
c:\documents and settings\admin\Application Data\OfferBox\config.xml
c:\program files\Bamboo Dock\Bamboo Dock\Bamboo Dock.exe
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2011-02-05 au 2011-03-05 ))))))))))))))))))))))))))))))))))))
.
.
2011-03-02 10:47 . 2011-02-23 14:56 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-03-02 02:52 . 2011-03-02 02:52 -------- d-----w- c:\documents and settings\admin\Application Data\Malwarebytes
2011-03-02 02:52 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-02 02:52 . 2011-03-02 02:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-03-02 02:52 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-02 02:52 . 2011-03-02 15:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-02 02:49 . 2011-03-02 02:49 7734208 ----a-w- c:\program files\mbam-setup-1.50.1.1100.exe
2011-03-02 01:22 . 2011-03-02 01:22 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-03-02 01:22 . 2011-03-02 01:22 -------- d-----w- c:\documents and settings\admin\Application Data\SUPERAntiSpyware.com
2011-03-02 01:22 . 2011-03-02 01:23 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-03-02 00:36 . 2011-03-02 00:36 3033192 ----a-w- c:\program files\ccsetup304.exe
2011-03-01 17:45 . 2011-03-01 17:45 388096 ----a-r- c:\documents and settings\admin\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-03-01 17:42 . 2011-03-01 17:42 1402880 ----a-w- c:\program files\HijackThis.msi
2011-02-24 21:26 . 2011-02-24 21:27 -------- d-----w- c:\program files\eRightSoft
2011-02-24 20:43 . 2011-02-24 20:43 -------- d-----w- c:\documents and settings\admin\Application Data\Reviversoft
2011-02-24 20:42 . 2010-12-13 12:24 11264 ----a-w- c:\windows\system32\roboot.exe
2011-02-24 20:34 . 2011-02-24 20:42 -------- d-----w- c:\documents and settings\admin\Local Settings\Application Data\OpenCandy
2011-02-24 20:34 . 2011-02-24 20:34 -------- d-----w- c:\documents and settings\admin\Application Data\OpenCandy
2011-02-15 13:35 . 2011-02-15 13:35 -------- d-----w- c:\program files\iPod
2011-02-15 13:25 . 2011-02-15 13:25 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Tom's_Guide_France
2011-02-07 19:18 . 2011-02-10 18:49 -------- d-----w- c:\program files\GeoGebra
2011-02-07 19:16 . 2011-02-07 19:20 -------- d--h--w- c:\program files\Zero G Registry
2011-02-07 19:16 . 2011-02-07 19:16 -------- d--h--w- c:\documents and settings\admin\InstallAnywhere
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-24 21:21 . 2011-01-27 22:18 22980091 ----a-w- c:\program files\SUPERsetup.exe
2011-02-23 15:04 . 2010-07-06 18:12 40648 ----a-w- c:\windows\avastSS.scr
2011-02-23 15:04 . 2010-07-06 18:12 190016 ----a-w- c:\windows\system32\aswBoot.exe
2011-02-23 14:56 . 2010-07-06 18:13 301528 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-02-23 14:55 . 2010-07-06 18:13 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-02-23 14:55 . 2010-07-06 18:13 102232 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-02-23 14:55 . 2010-07-06 18:13 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-02-23 14:55 . 2010-07-06 18:13 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-02-23 14:54 . 2010-07-06 18:13 30680 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-02-23 14:54 . 2010-07-06 18:13 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-01-21 14:44 . 2004-08-19 12:03 441344 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-16 17:31 . 2011-01-16 17:30 8014504 ----a-w- c:\program files\PILOTE SON.EXE
2011-01-16 16:50 . 2011-01-16 16:50 126603 ----a-w- c:\program files\TomsDownloader412.exe
2011-01-16 15:18 . 2011-01-16 15:18 11873890 ----a-w- c:\program files\audacity_audacity_1.3.12_beta_francais_10372.exe
2011-01-09 12:05 . 2011-01-09 12:04 24557368 ----a-w- c:\program files\install_artrage_2.6.0_wacom.exe
2011-01-07 14:09 . 2004-08-19 12:03 290048 ----a-w- c:\windows\system32\atmfd.dll
2011-01-05 03:02 . 2011-01-05 02:47 288612352 ----a-w- c:\program files\Bamboo Scribe 3.2.exe
2011-01-05 02:44 . 2011-01-05 02:44 3910624 ----a-w- c:\program files\BambooExploreSetup_v1_2.exe
2011-01-05 00:17 . 2011-01-05 00:16 12701696 ----a-w- c:\program files\artrage2.5_winwacom.msi
2011-01-04 17:13 . 2011-01-04 17:13 126592 ----a-w- c:\program files\TomsDownloader15245.exe
2010-12-31 14:04 . 2004-08-19 12:03 1855104 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2004-08-19 12:03 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:06 . 2004-08-19 12:03 832512 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:06 . 2004-08-19 12:03 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2010-12-20 23:06 . 2004-08-19 12:03 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-12-20 23:06 . 2004-08-19 12:03 17408 ------w- c:\windows\system32\corpol.dll
2010-12-20 17:26 . 2004-08-19 12:03 736768 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2004-08-19 12:03 389120 ------w- c:\windows\system32\html.iec
2010-12-17 20:52 . 2010-12-17 20:52 318904 ----a-w- c:\program files\WindowsMedia-Firefox-Plugin.exe
2010-12-11 19:43 . 2010-12-11 19:43 6274424 ----a-w- c:\program files\Silverlight.exe
2010-12-09 16:43 . 2010-12-09 16:43 16409960 ----a-w- c:\program files\spybotsd162.exe
2010-12-09 15:15 . 2004-08-19 12:03 743424 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 15:14 . 2004-08-03 23:48 2029056 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-12-09 15:14 . 2004-08-19 12:03 2150912 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 14:30 . 2004-08-19 12:03 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-12-04 22:13 . 2010-12-04 22:12 2963664 ----a-w- c:\program files\ccsetup301.exe
2010-12-02 09:48 . 2010-12-02 09:48 568648 ----a-w- c:\program files\GoogleEarthSetup.exe
2010-11-27 17:54 . 2010-05-13 14:33 81898280 ----a-w- c:\program files\iTunesSetup.exe
2010-11-11 22:26 . 2010-11-11 22:24 32756790 ----a-w- c:\program files\Install_PRNclient_FR1200007.exe
2010-11-11 22:10 . 2010-11-11 22:08 31624251 ----a-w- c:\program files\Install_PRNprofnote_FR1200007.exe
2010-07-11 15:36 . 2010-07-11 15:36 9308032 ------w- c:\program files\WPAO_en_v1.3_1033.exe
2010-07-11 14:39 . 2010-07-11 14:39 1439435 ------w- c:\program files\winrar_winrar_3.93_final_32_bits_francais_9632.exe
2010-07-06 18:00 . 2010-07-06 17:52 48463656 ------w- c:\program files\setup_av_free_fre.exe
2010-06-25 22:24 . 2010-06-25 22:23 424306528 ------w- c:\program files\SPU_4200c.exe
2010-06-25 21:45 . 2010-06-25 21:45 1370016 ------w- c:\program files\SPUDownloadManager_1006b.exe
2010-05-11 21:44 . 2010-05-11 21:44 2675023 ------w- c:\program files\FFmpeg_2009_07_20_for_Audacity_on_Windows(2).exe
2010-01-21 15:53 . 2010-01-21 15:52 4169192 ------w- c:\program files\yg.exe
2010-01-21 15:13 . 2010-01-21 15:13 3782822 ------w- c:\program files\ConvertHelperSetup.exe
2010-01-09 14:56 . 2010-01-09 14:56 1956528 ------w- c:\program files\install_flash_player_ax.exe
2009-12-27 12:02 . 2009-12-27 11:55 1924200 ------w- c:\program files\install_flash_player.exe
2009-10-21 23:06 . 2009-10-21 22:45 273931544 ------w- c:\program files\dartfish_pro_5_5_10925.exe
2009-06-20 17:55 . 2009-06-20 17:55 1086608 ------w- c:\program files\Google Updater.exe
2009-06-07 11:17 . 2009-06-07 11:14 85069220 ------w- c:\program files\XBMC_for_Windows-9.04.1.exe
2009-05-12 18:03 . 2009-05-12 18:02 830523 ------w- c:\program files\wlsetup-custom.exe.part
2009-03-31 12:03 . 2009-03-31 11:56 19057955 ------w- c:\program files\PCJongle20080213.EXE
2009-03-24 19:46 . 2009-03-24 19:43 15145769 ------w- c:\program files\installation_pncfr1000108.exe
2009-02-27 17:40 . 2009-02-27 17:40 1161576 ------w- c:\program files\wlsetup-custom.exe
2009-02-15 22:27 . 2009-02-15 21:40 448702592 ------w- c:\program files\X12-30194.exe
2009-02-12 18:44 . 2009-02-12 18:44 7321032 ------w- c:\program files\daemon-tools_daemon_tools_4.30.3_francais_10729.exe
2008-12-05 20:46 . 2008-12-05 20:45 24758792 ------w- c:\program files\NetFx20SP1_x86.exe
2008-12-05 17:36 . 2008-12-05 17:35 29540960 ------w- c:\program files\setupfre.exe
2006-05-03 10:06 163328 --sha-r- c:\windows\system32\flvDX.dll
2007-02-21 11:47 31232 --sha-r- c:\windows\system32\msfDX.dll
2008-03-16 13:30 216064 --sha-r- c:\windows\system32\nbDX.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{a65e491f-a436-4952-b49a-b24ed99a0f67}"= "c:\program files\Tom's_Guide_France\tbTom'.dll" [2010-11-23 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{a65e491f-a436-4952-b49a-b24ed99a0f67}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-11-23 17:55 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a65e491f-a436-4952-b49a-b24ed99a0f67}]
2010-11-23 17:55 3908192 ----a-w- c:\program files\Tom's_Guide_France\tbTom'.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{a65e491f-a436-4952-b49a-b24ed99a0f67}"= "c:\program files\Tom's_Guide_France\tbTom'.dll" [2010-11-23 3908192]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-11-23 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{a65e491f-a436-4952-b49a-b24ed99a0f67}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{A65E491F-A436-4952-B49A-B24ED99A0F67}"= "c:\program files\Tom's_Guide_France\tbTom'.dll" [2010-11-23 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{a65e491f-a436-4952-b49a-b24ed99a0f67}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 15:04 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-20 39408]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-08-28 395776]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"Boots Insert Detect"="c:\program files\Boots F2CD\Picture Suite\InsDetect.exe" [2003-02-17 262144]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-03-28 3325952]
"Bamboo Dock"="c:\program files\Bamboo Dock\Bamboo Dock\Bamboo Dock.exe" [BU]
"BambooScribe.exe"="c:\program files\Vision Objects\Bamboo Scribe\BambooScribe.exe" [2010-10-27 2994176]
"Registry Reviver"="c:\program files\Reviversoft\Registry Reviver\RegistryReviver.exe" [BU]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-02-18 2423752]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StreamZap Remote"="c:\program files\Streamzap\Remote\zremote.exe" [2005-03-28 655360]
"SigmatelSysTrayApp"="stsystra.exe" [2007-02-18 303104]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]
"lxdimon.exe"="c:\program files\Lexmark 3500-4500 Series\lxdimon.exe" [2007-07-16 434864]
"lxdiamon"="c:\program files\Lexmark 3500-4500 Series\lxdiamon.exe" [2007-07-16 25264]
"KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624]
"ITSecMng"="%ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [BU]
"FaxCenterServer"="c:\program files\\Lexmark Fax Solutions\fm3032.exe" [2007-07-16 311984]
"Document Manager"="c:\program files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe" [2006-09-08 102400]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-06-13 127036]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-10-09 2183168]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 90112]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-04-15 159744]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2011-02-23 3451496]
"TMWebProtectTray"="c:\program files\Trend Micro\Web Protection Add-On\TMWebProtectTray.exe" [2009-09-02 288136]
"PCTuto"="c:\program files\PCTuto\pctuto.exe" [2010-08-04 966656]
"autoupdater"="c:\documents and settings\admin\Application Data\PCtuto\UpdatePCTuto\autoupdater.exe" [2010-08-17 659456]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"BambooCore"="c:\program files\Bamboo Dock\BambooCore.exe" [2011-01-04 629336]
"BambooScribeAutoStart.vbe"="c:\program files\Vision Objects\Bamboo Scribe\BambooScribeAutoStart.vbe" [2010-10-11 1005]
"cspep.exe"="c:\program files\cspep\cspep.exe" [2010-12-09 684032]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\admin\Menu D‚marrer\Programmes\D‚marrage\
Outil de d‚tection de support PMB.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2010-6-25 333088]
.
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-2-22 2938184]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-7-11 50688]
EMBASSY Trust Suite Secure Update.lnk - c:\program files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe [2006-8-25 192512]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wxvault.dll
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\wlsetup-custom.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Toshiba\\Bluetooth Toshiba Stack\\TosBtProc1.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\system32\\lxdicoms.exe"=
"c:\\Program Files\\Lexmark 3500-4500 Series\\lxdiamon.exe"=
"c:\\Program Files\\Lexmark 3500-4500 Series\\App4R.exe"=
"c:\\WINDOWS\\system32\\lxdicfg.exe"=
"c:\\Program Files\\Lexmark 3500-4500 Series\\lxdimon.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdipswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxditime.exe"=
"c:\\Program Files\\Abbyy FineReader 6.0 Sprint\\Scan\\ScanMan6.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdijswx.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdiwbgw.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
R0 atiide;atiide;c:\windows\system32\drivers\atiide.sys [11/07/2007 15:33 3456]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [02/03/2011 11:47 371544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [06/07/2010 19:13 301528]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [06/07/2010 19:13 19544]
R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [02/11/2006 12:32 97536]
.
Contenu du dossier 'Tâches planifiées'
.
2011-02-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50]
.
2011-03-05 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-20 17:56]
.
2011-03-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-20 17:09]
.
2011-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-20 17:09]
.
2011-03-04 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 13:07]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/ig/dell?hl=fr&client=dell-row-rel&channel=fr&ibd=4070711
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\admin\Application Data\Mozilla\Firefox\Profiles\32d0986o.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: network.proxy.type - 4
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
.
- - - - ORPHELINS SUPPRIMES - - - -
.
MSConfigStartUp-avast! - c:\progra~1\ALWILS~1\Avast4\ashDisp.exe
AddRemove-EoS-{5CCCD423-F673-4CD8-9464-9D950F49BBC3} - c:\documents and settings\admin\Bureau\Empire of Sports\Uninstall.exe
AddRemove-HijackThis - c:\program files\HijackThis.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-03-06 00:53
Windows 5.1.2600 Service Pack 3 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
.
- - - - - - - > 'winlogon.exe'(1872)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\Ati2evxx.dll
c:\windows\System32\BCMLogon.dll
.
- - - - - - - > 'explorer.exe'(5468)
c:\windows\system32\eappprxy.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Satsuki Decoder Pack\Filtres\mmfinfo.dll
c:\program files\Satsuki Decoder Pack\Filtres\mkunicode.dll
c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA
c:\progra~1\SPYBOT~1\SDHelper.dll
c:\windows\System32\DLA\DLASHX_W.DLL
c:\windows\system32\DLAAPI_W.DLL
c:\windows\System32\DLA\DLACResW.dll
.
Heure de fin: 2011-03-06 01:09:45
ComboFix-quarantined-files.txt 2011-03-06 00:09
.
Avant-CF: 10*850*652*160 octets libres
Après-CF: 10*810*200*064 octets libres
.
- - End Of File - - AB37EB249BCC44F304D1CE271E7332BB

Best regards
Everaym

**Net_Surfer** · 03-06-2011 05:30 AM

Hello again Everaym

How is your computer running now?

* ESET Online Scan

Sometimes malware that is removed from your computer leaves other traces behind. These traces may not be active, but they are unwanted on your computer.
Therefore, by using ESET online scanner it is possible for us to find leftover or missed malware files on your computer and we can now further clean up your computer.

You can use either Internet Explorer or Mozilla FireFox for this scan.
NOTE:This scan requires Internet Explorer to work. Vista/Windows 7 users need to run Internet Explorer as Administrator.
To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run As Administrator from the context menu.

Please go here then click on:

Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
Select the option YES, I accept the Terms of Use then click on:
When prompted allow the Add-On/Active X to install.
Make sure that the option Remove found threats IS checked, and the option Scan archives is checked.
Now click on Advanced Settings and select the following:

- Scan for potentially unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth Technology
Now click on:
The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
When completed the Online Scan will begin automatically.
Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
Now click on:
Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
Copy and paste that log as a reply to this topic.

NOTE: A log.txt file will also be created and automatically saved in the C:\Program Files\EsetOnlineScanner\ folder.
If you did not save the ESETScan log, click Start > Run..., then type or copy and paste everything inside the code box below into the Open dialogue box:

Code:

C:\Program Files\ESET\EsetOnlineScanner\log.txt

Click Ok and the scan results will open in Notepad.
Copy and paste the contents of log.txt in your next reply.

In some instances if no malware is found there will be no log produced.

Some online scanners will detect existing anti-virus software and refuse to cooperate. You may have to disable the real-time protection components of your existing anti-virus and try running the scan again. If you do this, remember to turn them back on after you are finished.
~~~~~~~~~~~~~

Note:
*If you are running a 64bit system:
The ESET Online Scanner is a 32-bit application, which means it must be run through in the 32-bit version of Internet Explorer, and as an Administrator. To do so, right-click on the Internet Explorer (32-bit) icon in the Start Menu and select "Run as administrator" from the context menu.

**everaym** · 03-06-2011 09:25 AM

Hello Net_Surfer

My computer still behave wierdly. When I switch it on there is always a commercial internet page which opens without me asking to go on the net. I don't know if that's due to a malware.
Here is the Esetlog :

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=7.00.6000.17095 (vista_gdr.101217-1830)
# OnlineScanner.ocx=1.0.0.6425
# api_version=3.0.2
# EOSSerial=7151baeb59dcdd408ca974a54edbd3b2
# end=stopped
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-03-06 01:46:44
# local_time=2011-03-06 02:46:44 (+0100, Paris, Madrid)
# country="France"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 414232 414232 0 0
# compatibility_mode=768 16777215 100 0 20975819 20975819 0 0
# compatibility_mode=8192 67108863 100 0 463 463 0 0
# scanned=45206
# found=1
# cleaned=1
# scan_time=3480
C:\Documents and Settings\admin\Application Data\OpenCandy\OpenCandy_2E8EEAD6AFF84B27A0D5A1043FBA9BDF\RegistryReviverSetup-ppi_.exe Win32/Adware.RegistryReviver application (deleted - quarantined) 00000000000000000000000000000000 C

Kind regards
Everaym

**Net_Surfer** · 03-06-2011 03:54 PM

Hi

We will take a deeper look at your system with OTL.

Download: >>> OTL by Old Timer <<< to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Check the boxes beside LOP Check and Purity Check

.

.

Now copy the lines below.

netsvcs
msconfig
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT
right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.

.
Click the Run Scan button.
Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them with your next reply.

=========

Thread: suspicious files

LinkBack

Thread Tools

suspicious files