Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infostealer.ldpinch.c Problem


  • Please log in to reply
17 replies to this topic

#1 gjfo

gjfo

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:35 AM

Posted 07 February 2008 - 11:49 PM

Hi,

I am not able to erase completely Infostealer. At each time that I start my computer it comes again.

Norton erases Infostealer at each start but my pc run slower and many times I have difficulty to start programs.

I try a scan from kaspersky. This one indicates some more infected objects and some parts of my problem that I erase like nav.exe and sysvideo.dll

I run Spybot Search and Destroy and this one found 3 malware related to Infostealer. I run Ad Aware to and find 2 more.

Before that I try to clean my pc with cleanmgr but it does not works correctly. I clean it manually including Internet history and content.ie5 folders, temp folder and recycle bin.

I ran McAfee Stinger and I finished that run by HijackThis.

All operation where made with system restoration disable.

At each start up Infostealer shows again and I do not know what item is reinstalling it and what I have to erase.

Are you able to help me to fix this?

Thank You.

Gjfo

HijackThis logs follow:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:48:58, on 2008-02-07
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Fichiers communs\System\RDPsvc2.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\System32\cleanmgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} (20-20 Technologies 3D Room Planner) - http://virtualstudio.live.2020.net/KBBProm...yerAX_Win32.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: ntsvc32k - Unknown owner - C:\Program Files\Fichiers communs\System\ntsvc32k.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: RDPsvc2 - Unknown owner - C:\Program Files\Fichiers communs\System\RDPsvc2.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/GATAN-~1/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg
O24 - Desktop Component 1: (no name) - file:///C:/DOCUME~1/GATAN-~1/LOCALS~1/Temp/msohtml1/01/clip_image001.gif
O24 - Desktop Component 2: (no name) - file:///C:/DOCUME~1/GATAN-~1/LOCALS~1/Temp/msohtml1/01/clip_image001.jpg
O24 - Desktop Component 3: (no name) - file:///C:/DOCUME~1/GATAN-~1/LOCALS~1/Temp/msohtml1/01/clip_image002.gif

--
End of file - 9215 bytes

BC AdBot (Login to Remove)

 


#2 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 15 February 2008 - 07:29 PM

Hi gjfo and Welcome to the forums. :thumbsup:

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply along with a fresh HijackThis log.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

#3 gjfo

gjfo
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  

Posted 16 February 2008 - 12:52 AM

Hi Cretemonster,

Thank You for your help,

Logs from MBAM and a fresh HijackThis are following

Gjfo

MBAM:

Malwarebytes' Anti-Malware 1.03
Database version: 365

Scan type: Quick Scan
Objects scanned: 23444
Time elapsed: 2 minute(s), 55 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
C:\Program Files\Fichiers communs\System\RDPsvc2.exe (Trojan.Agent) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ntsvc32k (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ntsvc32k (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ntsvc32k (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\rdpsvc2 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\rdpsvc2 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rdpsvc2 (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\lich.dat (Spyware.Passwords.LDPinch) -> Quarantined and deleted successfully.
C:\Program Files\Fichiers communs\System\ntsvc32k.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Fichiers communs\System\RDPsvc2.exe (Trojan.Agent) -> Quarantined and deleted successfully.


Fresh HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:41:35, on 2008-02-16
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil9c.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} (20-20 Technologies 3D Room Planner) - http://virtualstudio.live.2020.net/KBBProm...yerAX_Win32.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/GATAN-~1/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg
O24 - Desktop Component 1: (no name) - file:///C:/DOCUME~1/GATAN-~1/LOCALS~1/Temp/msohtml1/01/clip_image001.gif
O24 - Desktop Component 2: (no name) - file:///C:/DOCUME~1/GATAN-~1/LOCALS~1/Temp/msohtml1/01/clip_image001.jpg
O24 - Desktop Component 3: (no name) - file:///C:/DOCUME~1/GATAN-~1/LOCALS~1/Temp/msohtml1/01/clip_image002.gif

--
End of file - 8710 bytes

#4 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 16 February 2008 - 04:38 AM

Open up Internet Explorer and Click Tools--> Windows Update

Once you are fully up to date and all is patched,Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.


#5 gjfo

gjfo
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:35 AM

Posted 20 February 2008 - 04:34 PM

My apologises Cretemonster for this late reply I was outside house for some days

I made updates and DSS scan.

Here are the results

Thank You,
gjfo

main.txt:

Deckard's System Scanner v20071014.68
Run by gjfo on 2008-02-20 15:48:37
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2008-02-20 20:48:42 UTC - RP1 - Point de vérification système


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as gjfo.exe) --------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:49:16, on 2008-02-20
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\gjfo\Bureau\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\gjfo.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil9c.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} (20-20 Technologies 3D Room Planner) - http://virtualstudio.live.2020.net/KBBProm...yerAX_Win32.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1203540225093
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/GATAN-~1/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg
O24 - Desktop Component 1: (no name) - file:///C:/DOCUME~1/GATAN-~1/LOCALS~1/Temp/msohtml1/01/clip_image001.gif
O24 - Desktop Component 2: (no name) - file:///C:/DOCUME~1/GATAN-~1/LOCALS~1/Temp/msohtml1/01/clip_image001.jpg
O24 - Desktop Component 3: (no name) - file:///C:/DOCUME~1/GATAN-~1/LOCALS~1/Temp/msohtml1/01/clip_image002.gif

--
End of file - 9312 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 AsIO - c:\windows\system32\drivers\asio.sys

S3 Secdrv - c:\windows\system32\drivers\secdrv.sys (file missing)
S3 sysvideo32 - c:\program files\fichiers communs\system\sysvideo32.dll (file missing)
S3 winmgt32k - c:\program files\fichiers communs\system\winmgt32k.dll (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 RichVideo (Cyberlink RichVideo Service(CRVS)) - "c:\program files\cyberlink\shared files\richvideo.exe" <Not Verified; ; RichVideo Module>

S? ntsvc32k -
S? RDPsvc2 -
S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe
S3 NMIndexingService - "c:\program files\fichiers communs\ahead\lib\nmindexingservice.exe" <Not Verified; Nero AG; Nero Home>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: PCI Device
Device ID: PCI\VEN_8086&DEV_27D8&SUBSYS_82371043&REV_01\3&11583659&0&D8
Manufacturer:
Name: PCI Device
PNP Device ID: PCI\VEN_8086&DEV_27D8&SUBSYS_82371043&REV_01\3&11583659&0&D8
Service:

Class GUID: {36FC9E60-C465-11CF-8056-444553540000}
Description: Intel® 82801GB USB2 Enhanced Host Controller - 27CC
Device ID: PCI\VEN_8086&DEV_27CC&SUBSYS_81791043&REV_01\3&11583659&0&EF
Manufacturer: Intel
Name: Intel® 82801GB USB2 Enhanced Host Controller - 27CC
PNP Device ID: PCI\VEN_8086&DEV_27CC&SUBSYS_81791043&REV_01\3&11583659&0&EF
Service: usbehci


-- Scheduled Tasks -------------------------------------------------------------

2008-02-15 20:00:14 596 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Analyser mon ordinateur - gjfo.job


-- Files created between 2008-01-20 and 2008-02-20 -----------------------------

2008-02-20 15:46:17 0 d-------- C:\WINDOWS\System32\bits
2008-02-20 15:43:49 0 d-------- C:\WINDOWS\LastGood
2008-02-20 00:50:27 0 dr-h----- C:\Documents and Settings\gjfo\Recent
2008-02-18 16:38:43 0 d-------- C:\WINDOWS\Sun
2008-02-18 16:38:43 0 d-------- C:\Documents and Settings\gjfo\Application Data\Sun
2008-02-18 16:36:17 0 d-------- C:\Program Files\Java
2008-02-18 16:35:40 0 d-------- C:\Program Files\Fichiers communs\Java
2008-02-16 00:31:15 0 d-------- C:\Documents and Settings\gjfo\Application Data\Malwarebytes
2008-02-16 00:31:05 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-02-16 00:31:04 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-02-08 19:02:29 0 d-------- C:\Program Files\Lavalys
2008-02-07 22:48:46 0 d-------- C:\Program Files\Trend Micro
2008-02-07 15:15:46 0 d-------- C:\Program Files\Lavasoft
2008-02-07 15:15:46 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-06 23:38:45 0 d-------- C:\WINDOWS\System32\Kaspersky Lab
2008-02-06 19:56:20 0 d-------- C:\Documents and Settings\Administrateur\Application Data\Mozilla
2008-02-06 17:13:31 0 d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
2008-02-06 17:13:31 0 d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-02-06 17:13:31 0 dr-h----- C:\Documents and Settings\Administrateur\SendTo
2008-02-06 17:13:31 0 d--h----- C:\Documents and Settings\Administrateur\Recent
2008-02-06 17:13:31 524288 --ah----- C:\Documents and Settings\Administrateur\NTUSER.DAT
2008-02-06 17:13:31 0 d--h----- C:\Documents and Settings\Administrateur\Modèles
2008-02-06 17:13:31 0 d-------- C:\Documents and Settings\Administrateur\Mes documents
2008-02-06 17:13:31 0 dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
2008-02-06 17:13:31 0 d--h----- C:\Documents and Settings\Administrateur\Local Settings
2008-02-06 17:13:31 0 d-------- C:\Documents and Settings\Administrateur\Favoris
2008-02-06 17:13:31 0 d---s---- C:\Documents and Settings\Administrateur\Cookies
2008-02-06 17:13:31 0 d-------- C:\Documents and Settings\Administrateur\Bureau
2008-02-06 17:13:31 0 dr-h----- C:\Documents and Settings\Administrateur\Application Data
2008-02-06 17:13:31 0 d---s---- C:\Documents and Settings\Administrateur\Application Data\Microsoft
2008-02-06 17:11:45 0 d-------- C:\WINDOWS\pss
2008-02-06 13:20:09 0 d-------- C:\WINDOWS\System32\NtmsData
2008-02-05 12:29:22 0 d-------- C:\Program Files\FileZilla FTP Client
2008-02-04 17:22:42 45056 --a------ C:\WINDOWS\hubmqwo.exe
2008-02-03 15:41:47 11358208 --a------ C:\Documents and Settings\gjfo\ntuser.dat
2008-01-27 15:33:45 0 d-------- C:\Program Files\7-Zip


-- Find3M Report ---------------------------------------------------------------

2008-02-20 15:27:35 0 d-------- C:\Documents and Settings\gjfo\Application Data\FileZilla
2008-02-18 16:36:59 1395 --a------ C:\WINDOWS\mozver.dat
2008-02-18 16:35:40 0 d-------- C:\Program Files\Fichiers communs
2008-02-17 01:06:43 0 d-------- C:\Program Files\Paint Shop Pro 6
2008-02-15 18:47:34 0 d-------- C:\Program Files\Fichiers communs\Symantec Shared
2008-02-07 15:14:49 0 d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-02-06 13:37:42 0 d-------- C:\Program Files\Norton AntiVirus
2008-02-06 11:29:34 0 d-------- C:\Program Files\SpywareBlaster
2008-01-27 22:38:52 0 d-------- C:\Program Files\AceExpertFTP
2008-01-27 15:29:47 0 d-------- C:\Program Files\PowerArchiver
2007-12-20 21:39:55 784 --a------ C:\Documents and Settings\gjfo\Application Data\mpauth.dat
2007-12-19 12:30:43 109 --ahs---- C:\WINDOWS\System32\15424186.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2007-02-21 15:29]
"SSC_UserPrompt"="C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe" [2005-07-29 09:35]
"igfxtray"="C:\WINDOWS\System32\igfxtray.exe" [2006-03-22 23:17]
"igfxhkcmd"="C:\WINDOWS\System32\hkcmd.exe" [2006-03-22 23:13]
"igfxpers"="C:\WINDOWS\System32\igfxpers.exe" [2006-03-22 23:17]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-06-10 00:36]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 08:41]
"NeroCheck"="C:\WINDOWS\System32\\NeroCheck.exe" [2001-07-09 05:50]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 14:10]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 21:55]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 14:40]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-26 12:39]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"FlashPlayerUpdate"=C:\WINDOWS\System32\Macromed\Flash\FlashUtil9c.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"




-- End of Deckard's System Scanner: finished at 2008-02-20 15:49:55 ------------


extra.txt:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professionnel (build 2600)
Architecture: X86; Language: French

CPU 0: Intel® Pentium® 4 CPU 3.06GHz
CPU 1: Intel® Pentium® 4 CPU 3.06GHz
Percentage of Memory in Use: 35%
Physical Memory (total/avail): 1015.17 MiB / 659.75 MiB
Pagefile Memory (total/avail): 2446.29 MiB / 2157.81 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1957.7 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 74.52 GiB total, 31.16 GiB free.
D: is CDROM (No Media)
E: is CDROM (CDFS)

\\.\PHYSICALDRIVE0 - ST380817AS - 74.53 GiB - 1 partition
\PARTITION0 (bootable) - Système de fichiers installable - 74.52 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is disabled.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\gjfo\Application Data
CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Fichiers communs
COMPUTERNAME=APPALACHES
ComSpec=C:\WINDOWS\system32\cmd.exe
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\gjfo
LOGONSERVER=\\APPALACHES
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0409
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\GATAN-~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\GATAN-~1\LOCALS~1\Temp
USERDOMAIN=APPALACHES
USERNAME=gjfo
USERPROFILE=C:\Documents and Settings\gjfo
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

gjfo (admin)
Administrateur (new local, admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.57 --> "C:\Program Files\7-Zip\Uninstall.exe"
AceFTP v1 --> C:\PROGRA~1\ACEEXP~1\UNWISE.EXE C:\PROGRA~1\ACEEXP~1\INSTALL.LOG
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\System32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Photoshop 7.0.1 --> C:\WINDOWS\ISUN040C.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Reader 8.1.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Adsen FavIcon --> "C:\Program Files\Adsen FavIcon\unins000.exe"
Agfa ScanWise 1.70 --> C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Agfa\ScanWise 1_70\uninst.isu" -c"C:\Program Files\Agfa\ScanWise 1_70\UNINSTALL.DLL"
ccCommon --> MsiExec.exe /I{DC367608-64A7-4BF7-92F4-8BAA25BA02DB}
Correctif Windows XP - KB842773 --> C:\WINDOWS\$NtUninstallKB842773$\spuninst\spuninst.exe
CuteFTP 5.0 XP --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{18DF995F-2ACC-47E4-A33B-A703F4D39E92}\Setup.exe" -l0x40c /l040C UNINSTALL
DVD Suite --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
EVEREST Ultimate Edition v4.20 --> "C:\Program Files\Lavalys\EVEREST Ultimate Edition\unins000.exe"
Eye Candy 4000 --> C:\PROGRA~1\PAINTS~1\Plugins\EYECAN~1\UNWISE.EXE C:\PROGRA~1\PAINTS~1\Plugins\EYECAN~1\INSTALL.LOG
FileZilla Client 3.0.6 --> C:\Program Files\FileZilla FTP Client\uninstall.exe
Good Keywords v2.0.051705 --> "C:\Program Files\Softnik Technologies\Good Keywords v2\unins000.exe"
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
GSiteCrawler --> C:\PROGRA~1\SOFTplus\GSITEC~1\UNWISE.EXE C:\PROGRA~1\SOFTplus\GSITEC~1\INSTALL.LOG
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Intel® Graphics Media Accelerator Driver --> RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2776 PCI\VEN_8086&DEV_2772
Intel® PRO Network Connections Drivers --> Prounstl.exe
Internet Worm Protection --> MsiExec.exe /I{2908F0CB-C1D4-447F-97A2-CFC135C9F8D4}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Kaspersky Online Scanner --> C:\WINDOWS\System32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
LiveReg (Symantec Corporation) --> C:\Program Files\Fichiers communs\Symantec Shared\LiveReg\VCSetup.exe /REMOVE
LiveUpdate 3.0 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Macromedia Flash MX --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}\Setup.exe" -l0x40c UNINSTALL
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9}
Mozilla Firefox (2.0.0.12) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Nero - Burning Rom --> MsiExec.exe /X{A4D7B764-4140-11D4-88EB-0050DA3579C0}
Nero 7 Essentials --> MsiExec.exe /X{2B04D44F-1D1B-4E0E-8431-D04F87C21033}
Norton AntiVirus 2005 --> MsiExec.exe /X{C6F5B6CF-609C-428E-876F-CA83176C021B}
Norton AntiVirus 2005 (Symantec Corporation) --> C:\Program Files\Fichiers communs\Symantec Shared\SymSetup\{C6F5B6CF-609C-428E-876F-CA83176C021B}.exe /X
Norton AntiVirus Help --> MsiExec.exe /I{34EEB1F5-E939-40A1-A6BA-957282A4B2C8}
Norton AntiVirus Parent MSI --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton AntiVirus SYMLT MSI --> MsiExec.exe /I{D1FF75E7-DD42-4CFD-B052-20B3FFF4EDB8}
Norton WMI Update --> MsiExec.exe /X{F64306A5-4C32-41bb-B153-53986527FAB4}
Notepad++ --> C:\Program Files\Notepad++\uninstall.exe
Opera 9.24 --> MsiExec.exe /X{4676DB43-A5E5-40AD-ACBB-5D80AFD2AFC4}
Pagis Viewer 2.0 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Xerox\Pagis Viewer 2.0\Uninst.isu"
Paint Shop Pro 6.0 (ESD) --> C:\PROGRA~1\PAINTS~1\Unwise.exe C:\PROGRA~1\PAINTS~1\INSTALL.LOG
PC Probe II --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F7338FA3-DAB5-49B2-900D-0AFB5760C166}\setup.exe" -l0x40c
Pdf995 --> C:\Program Files\pdf995\setup.exe uninstall
PowerDVD --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PowerProducer --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall
QuickTime --> MsiExec.exe /I{08094E03-AFE4-4853-9D31-6D0743DF5328}
SnagIt 5 --> C:\Program Files\TechSmith\SnagIt\SIUNINST.EXE
SnagIt 8 --> MsiExec.exe /I{DA0BF7AB-88EB-4675-8FA1-531EAD938821}
SPBBC --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
SpywareGuard v2.2 --> "C:\Program Files\SpywareGuard\unins000.exe"
Symantec --> MsiExec.exe /I{228F6876-A313-40A3-91C0-C3CBE6997D09}
Symantec Script Blocking Installer --> MsiExec.exe /I{D327AFC9-7BAA-473A-8319-6EB7A0D40138}
SymNet --> MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
TopStyle Lite (Version 3.0) --> C:\WINDOWS\unlite3.exe "C:\Program Files\Bradbury\TopStyle3\"
Trackless --> C:\Program Files\Trackless\bcuninst.exe
WebBug --> MsiExec.exe /I{23474DBC-AAC3-4049-8BBD-19C1E0585235}
WebExpert 5 --> C:\WINDOWS\iun6002.exe "C:\Program Files\Visicom Media\WebExpert 5\irunin.ini"
WebLog Expert Lite 3.0 --> "C:\Program Files\WebLog Expert Lite\unins000.exe"
WinHTTrack Website Copier 3.41-3 --> "C:\Program Files\WinHTTrack\unins000.exe"
Xenu's Link Sleuth --> "C:\Program Files\Xenu\unins000.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type9386 / Error
Event Submitted/Written: 02/18/2008 11:59:20 PM
Event ID/Source: 1000 / Application Error
Event Description:
Application défaillante msimn.exe, version 6.0.2600.0, module défaillant unknown, version 0.0.0.0, adresse de défaillance 0x007a31c6.

Event Record #/Type9385 / Error
Event Submitted/Written: 02/18/2008 10:00:51 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Application bloquée WINWORD.EXE, version 11.0.5604.0, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Event Record #/Type9345 / Error
Event Submitted/Written: 02/16/2008 08:42:06 PM
Event ID/Source: 1000 / Application Error
Event Description:
Application défaillante wexpert.exe, version 1.0.0.0, module défaillant kernel32.dll, version 5.1.2600.0, adresse de défaillance 0x0000d756.

Event Record #/Type9209 / Error
Event Submitted/Written: 02/10/2008 01:11:51 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Application bloquée wexpert.exe, version 1.0.0.0, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Event Record #/Type9208 / Error
Event Submitted/Written: 02/10/2008 01:00:57 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Application bloquée IEXPLORE.EXE, version 6.0.2600.0, module bloqué QuickTimeEssentials.qtx, version 7.1.6.200, adresse de blocage 0x0003dae0.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type13378 / Error
Event Submitted/Written: 02/16/2008 00:37:39 AM
Event ID/Source: 7034 / Service Control Manager
Event Description:
Le service RDPsvc2 s'est terminé de façon inattendue pour la 1ème fois.

Event Record #/Type13307 / Warning
Event Submitted/Written: 02/12/2008 07:24:04 AM
Event ID/Source: 36 / W32Time
Event Description:
Le service de temps n'a pas pu synchroniser l'heure système de 49152
secondes car aucun fournisseur de temps n'a pu fournir de datage
utilisable. L'horloge système n'est pas synchronisée.

Event Record #/Type13248 / Error
Event Submitted/Written: 02/10/2008 11:55:10 AM
Event ID/Source: 10010 / DCOM
Event Description:
Le serveur {7160A13D-73DA-4CEA-95B9-37356478588A} ne s'est pas enregistré sur DCOM avant la fin du temps imparti.

Event Record #/Type13247 / Error
Event Submitted/Written: 02/10/2008 11:53:47 AM
Event ID/Source: 10010 / DCOM
Event Description:
Le serveur {7160A13D-73DA-4CEA-95B9-37356478588A} ne s'est pas enregistré sur DCOM avant la fin du temps imparti.

Event Record #/Type13246 / Error
Event Submitted/Written: 02/10/2008 11:50:56 AM
Event ID/Source: 10010 / DCOM
Event Description:
Le serveur {7160A13D-73DA-4CEA-95B9-37356478588A} ne s'est pas enregistré sur DCOM avant la fin du temps imparti.



-- End of Deckard's System Scanner: finished at 2008-02-20 15:49:55 ------------

#6 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 21 February 2008 - 06:04 PM

OK,looks like some leftovers to clean up and check the system out with some online scans.

Click Start--> Run--> Type in cmd and click OK.

Once the command prompt appears,type in the following exactly as I have it written including all space and then hit enter,do each of these one at a time and you should see a message telling you the service was deleted successfully.

sc delete sysvideo32

sc delete winmgt32k

sc delete ntsvc32k

sc delete RDPsvc2



Please run the F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only
  • Follow the Instruction on the F-Secure page for proper installation.
  • Accept the License Agreement.
  • Once the ActiveX installs,Click Full System Scan
  • Once the download completes,the scan will begin automatically.
  • The scan will take some time to finish,so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and Copy&Paste the entire report in your next reply.


#7 gjfo

gjfo
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  

Posted 22 February 2008 - 09:30 AM

Hi Cretemonster,

This the last scan that you asked

Thank You,
gjfo

Scanning Report
Thursday, February 21, 2008 22:37:39 - 08:57:04

Computer name: APPALACHES
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\
Result: 132 malware found
Backdoor.Win32.IRCBot.apb (virus)

* C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\552639E3.EXE (Renamed & Submitted)
* C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\7E0A3007.EXE (Renamed & Submitted)

Rootkit.Win32.Agent.vn (virus)

* C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\047E26B8.DLL (Submitted)
* C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\0A1F2169.DLL (Submitted)
* C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\0B116AA9.DLL (Submitted)
* C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\189C7F60.DLL (Submitted)
* C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\19BD10B1.DLL (Submitted)
* C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\19C03AAE.DLL (Submitted)
* C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\1A020266.DLL (Submitted)
* C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\1D0307E9.DLL (Submitted)
* C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\1FA451E3.DLL (Submitted)
* C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\28932043.DLL (Submitted)
* C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\2AB46A9E.DLL (Submitted)
* C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\2B335003.DLL (Submitted)
* C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\2B5473DF.DLL (Submitted)
* C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\2DE63DB7.DLL (Submitted)
* C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\31FE30EB.DLL (Submitted)
* C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\33DC1B17.DLL (Submitted)
* C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\34063CE8.DLL (Submitted)
* C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\34AD715B.DLL (Submitted)
* C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\36C16B53.DLL (Submitted)
* C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\36E10F2F.DLL (Submitted)
* C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\36EF21B5.DLL (Submitted)
* C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\37194386.DLL (Submitted)
* C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\374D4195.DLL (Submitted)
* C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\376D6571.DLL (Submitted)
* C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\38A75B3B.DLL (Submitted)
* C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\38C12B1E.DLL (Submitted)
* C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\39235F90.DLL (Submitted)
* C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\3944036C.DLL (Submitted)
* C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\3A673DE4.DLL (Submitted)
* C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\3A6A67E0.DLL (Submitted)
* C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\3A925FB5.DLL (Submitted)
* C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\3B037B80.DLL (Submitted)
* C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\3B317E70.DLL (Submitted)
* C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\3B554C48.DLL (Submitted)
* C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\3C2B38CE.DLL (Submitted)
* C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\3C2E62CA.DLL (Submitted)
* C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\3C5F5895.DLL (Submitted)
* C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\3CA579B4.DLL (Submitted)
* C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\3CBF4997.DLL (Submitted)
* C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\3CE3176F.DLL (Submitted)
* C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\3E5052B1.DLL (Submitted)
* C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\407C31BE.DLL (Submitted)
* C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\44B2332A.DLL (Submitted)
* C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\469E6AF6.DLL (Submitted)
* C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\49E1318C.DLL (Submitted)
* C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\4B836433.DLL (Submitted)
* C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\4B860E30.DLL (Submitted)
* C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\4BB703FA.DLL (Submitted)
* C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\4DEC638C.DLL (Submitted)
* C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\4E16055D.DLL (Submitted)
* C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\56D4103E.DLL (Submitted)
* C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\58F65A99.DLL (Submitted)
* C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\5CA93432.DLL (Submitted)
* C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\5CE427F1.DLL (Submitted)
* C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\5D0B1FC6.DLL (Submitted)
* C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\5D256FAA.DLL (Submitted)
* C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\5E721636.DLL (Submitted)
* C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\5E754033.DLL (Submitted)
* C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\5E990E0B.DLL (Submitted)
* C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\5F360163.DLL (Submitted)
* C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\5F602335.DLL (Submitted)
* C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\6053534B.DLL (Submitted)
* C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\60F57977.DLL (Submitted)
* C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\61161D53.DLL (Submitted)
* C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\672D31BB.DLL (Submitted)
* C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\6B910A8F.DLL (Submitted)
* C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\6C174459.DLL (Submitted)
* C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\6C3B1232.DLL (Submitted)
* C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\6DD1414E.DLL (Submitted)
* C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\6DD46B4B.DLL (Submitted)
* C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\6DEA3857.DLL (Submitted)
* C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\6E0B5C33.DLL (Submitted)
* C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\6E0C350E.DLL (Submitted)
* C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\70087203.DLL (Submitted)
* C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\702915DF.DLL (Submitted)
* C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\70A146C7.DLL (Submitted)
* C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\70C83E9C.DLL (Submitted)
* C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\7194232A.DLL (Submitted)
* C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\71BF44FC.DLL (Submitted)
* C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\72ED4C41.DLL (Submitted)
* C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\730E701D.DLL (Submitted)
* C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\741411BE.DLL (Submitted)
* C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\754679AB.DLL (Submitted)
* C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\75671D87.DLL (Submitted)
* C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\78386D9D.DLL (Submitted)
* C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\796009E5.DLL (Submitted)

Tracking Cookie (spyware)

* System

Trojan-Downloader.Win32.Agent.dpe (virus)

* C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\7784465F.SYS (Renamed & Submitted)

Trojan-Downloader.Win32.Diehard.dr (virus)

* C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\5C3A20AC.SYS (Renamed & Submitted)

Trojan-Downloader.Win32.Small.hyn (virus)

* C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\4CC657F2.EXE (Renamed & Submitted)
* C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\55A9787D.EXE (Renamed & Submitted)
* C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\66E168EF.EXE (Renamed & Submitted)

Trojan-Dropper.Win32.Agent.dyc (virus)

* C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\5C823C5D.EXE (Renamed & Submitted)

Trojan-PSW.Win32.LdPinch.fmd (virus)

* C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\4E994BF0.EXE (Renamed & Submitted)

Trojan-PSW.Win32.Sinowal.gj (virus)

* C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\0FFF13A8.EXE (Renamed & Submitted)

Trojan-Proxy.Win32.Agent.pm (virus)

* C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\03274746.SYS (Renamed & Submitted)
* C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\06E75E7D.SYS (Renamed & Submitted)
* C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\0D2140D5.SYS (Renamed & Submitted)
* C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\106E5FB7.SYS (Renamed & Submitted)
* C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\10EA0864.SYS (Renamed & Submitted)
* C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\132570C8.SYS (Renamed & Submitted)
* C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\18D447AD.SYS (Renamed & Submitted)
* C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\1D8E7274.SYS (Renamed & Submitted)
* C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\1E1470B6.SYS (Renamed & Submitted)
* C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\1FA45717.SYS (Renamed & Submitted)
* C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\24214AAF.SYS (Renamed & Submitted)
* C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\2C1D402A.SYS (Renamed & Submitted)
* C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\2CFA6D87.SYS (Renamed & Submitted)
* C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\395D6158.SYS (Renamed & Submitted)
* C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\3B0469C4.SYS (Renamed & Submitted)
* C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\3C77022B.SYS (Renamed & Submitted)
* C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\3CD37056.SYS (Renamed & Submitted)
* C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\43B6202F.SYS (Renamed & Submitted)
* C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\47834C8E.SYS (Renamed & Submitted)
* C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\496B2304.SYS (Renamed & Submitted)
* C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\4B874F53.SYS (Renamed & Submitted)
* C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\507D20F5.SYS (Renamed & Submitted)
* C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\50FF2553.SYS (Renamed & Submitted)
* C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\5413690E.SYS (Renamed & Submitted)
* C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\6053206A.SYS (Renamed & Submitted)
* C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\6CAD09A2.SYS (Renamed & Submitted)
* C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\6E7D4976.SYS (Renamed & Submitted)
* C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\72047423.SYS (Renamed & Submitted)
* C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\72C1066C.SYS (Renamed & Submitted)
* C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\76F13615.SYS (Renamed & Submitted)
* C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\7BC30DF7.SYS (Renamed & Submitted)
* C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\7E715E5D.SYS (Renamed & Submitted)

Trojan.Win32.Shutdowner.cl (virus)

* C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\592547B0.EXE (Renamed & Submitted)

W32/Gaobot_based.D (virus)

* C:\DOCUMENTS AND SETTINGS\GJFO\BUREAU\EYEDROPPER.EXE (Submitted)
* C:\DOCUMENTS AND SETTINGS\GJFO\BUREAU\BUREAU-LIBRE\INSTALL�\EYEDROPPER.EXE (Submitted)

Statistics
Scanned:

* Files: 166408
* System: 4887
* Not scanned: 7

Actions:

* Disinfected: 0
* Renamed: 43
* Deleted: 0
* None: 89
* Submitted: 131

Files not scanned:

* C:\PAGEFILE.SYS
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
* C:\WINDOWS\SYSTEM32\CONFIG\SAM
* C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
* C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
* C:\PROGRAM FILES\FICHIERS COMMUNS\SYMANTEC SHARED\CCPD-LC\SYMLCRST.DLL

Options
Scanning engines:

* F-Secure USS: 2.20.0
* F-Secure Hydra: 2.6.7470, 2008-02-22
* F-Secure AVP: 7.0.171, 2008-02-22
* F-Secure Pegasus: 1.20.0, 2008-01-20
* F-Secure Blacklight: 1.0.64

Scanning options:

* Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD JPG LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
* Use Advanced heuristics

#8 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 22 February 2008 - 08:39 PM

F-Secure doesnt think this is a very good item to have around.

C:\DOCUMENTS AND SETTINGS\GJFO\BUREAU\EYEDROPPER.EXE

What you know abou it?


Please go HERE to run Panda's TotalScan
  • Select the bubble for Full scan
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • Then the scan will begin
  • When the scan completes, click the Save button on the right of Scan details
  • Save it to a convenient location. Post the contents of the TotalScan report


#9 gjfo

gjfo
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:35 AM

Posted 22 February 2008 - 09:45 PM

Hi Cretemonster,

Eyedropper is a little program that I have since many years. I use it identify color codes for graphic works. I never have problem with it.

I will come back with the Panda's report.

Gjfo

#10 gjfo

gjfo
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  

Posted 22 February 2008 - 11:13 PM

Here is the TotalScan report

;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-02-22 23:05:23
PROTECTIONS: 1
MALWARE: 7
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Norton Antivirus 2005 11.0.16.4 No Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00046761 adware/xupiter Adware No 0 Yes No c:\documents and settings\GJFO\favoris\cool stuff
00167672 Cookie/DomainSponsor TrackingCookie No 0 Yes No C:\Documents and Settings\GJFO\Cookies\GJFO@landing.domainsponsor[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Deckard\System Scanner\backup\DOCUME~1\GATAN-~1\LOCALS~1\Temp\Cookies\GJFO@xiti[1].txt
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\GJFO\Cookies\GJFO@weborama[1].txt
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Deckard\System Scanner\backup\DOCUME~1\GATAN-~1\LOCALS~1\Temp\Cookies\GJFO@server.iad.liveperson[2].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Deckard\System Scanner\backup\DOCUME~1\GATAN-~1\LOCALS~1\Temp\Cookies\GJFO@realmedia[1].txt
02901119 Trj/Downloader.SPJ Virus/Trojan No 1 Yes No C:\6E.tmp
;===================================================================================================================================================================================
SUSPECTS
Location
;===================================================================================================================================================================================
;===================================================================================================================================================================================

#11 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 23 February 2008 - 07:46 AM

Excellent information in that file I asked about.. :thumbsup:

C:\6E.tmp<-- Delete please

You may find more just like this but with different names like 3B.tmp,pretty obvious and safe to delete.

One last scan please,Id like to see one that totally clear so open up your Norton Antivirus and navigate to the Quarantine section,get in there and empty it out please.

Now we need to reset System Restore and Clear out all the old infected restore points.
  • Click Start
  • Right-Click "My Computer" and Select Properties.
  • Click on the "System Restore" tab.
  • Place a checkmark in the box for "Turn off System Restore" and Click "Apply."
  • Restart the Computer.
  • Return to System Restore and Uncheck the box for "Turn off System Restore" and Click "Apply."
  • A fresh Restore Point will be created.

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.


#12 gjfo

gjfo
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:35 AM

Posted 23 February 2008 - 01:44 PM

Hi,

I have to use my pc today and Kaspersky scan freeze all the time.

I will try a new scan during the night.

Gjfo

#13 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 23 February 2008 - 02:15 PM

Hmmm,try it without the option to scan mail archives and try it again.

#14 gjfo

gjfo
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  

Posted 23 February 2008 - 08:11 PM

Hi

The only thing left is a proxy software by AnalogX not active proxyi analogX.exe v 4.14
Describe by Kaspersky as: Infected: not-a-virus:Server-Proxy.Win32.AnalogX.414

I do not have a "Save Report as .txt" button on the Kaspersky page. I only have the choice to save as html.

My apologize if it is difficult to read in this reply.

Here is the Scan Report:

KASPERSKY ONLINE SCANNER REPORT
Saturday, February 23, 2008 7:47:51 PM
Operating System: Microsoft Windows XP Professional, (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 23/02/2008
Kaspersky Anti-Virus database records: 577049
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
D:\
E:\
Scan Statistics
Total number of scanned objects 293405
Number of viruses found 1
Number of infected objects 1
Number of suspicious objects 0
Duration of the scan process 02:07:27

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2008-02-23_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\GJFO\Application Data\Mozilla\Firefox\Profiles\qhqee8ud.default\cert8.db Object is locked skipped
C:\Documents and Settings\GJFO\Application Data\Mozilla\Firefox\Profiles\qhqee8ud.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\GJFO\Application Data\Mozilla\Firefox\Profiles\qhqee8ud.default\history.dat Object is locked skipped
C:\Documents and Settings\GJFO\Application Data\Mozilla\Firefox\Profiles\qhqee8ud.default\key3.db Object is locked skipped
C:\Documents and Settings\GJFO\Application Data\Mozilla\Firefox\Profiles\qhqee8ud.default\parent.lock Object is locked skipped
C:\Documents and Settings\GJFO\Application Data\Mozilla\Firefox\Profiles\qhqee8ud.default\search.sqlite Object is locked skipped
C:\Documents and Settings\GJFO\Application Data\Mozilla\Firefox\Profiles\qhqee8ud.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\GJFO\Application Data\Mozilla\Firefox\Profiles\qhqee8ud.default\webappsstore.sqlite Object is locked skipped
C:\Documents and Settings\GJFO\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\GJFO\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\GJFO\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\GJFO\Local Settings\Application Data\Mozilla\Firefox\Profiles\qhqee8ud.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\GJFO\Local Settings\Application Data\Mozilla\Firefox\Profiles\qhqee8ud.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\GJFO\Local Settings\Application Data\Mozilla\Firefox\Profiles\qhqee8ud.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\GJFO\Local Settings\Application Data\Mozilla\Firefox\Profiles\qhqee8ud.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\GJFO\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\GJFO\Local Settings\Historique\History.IE5\MSHist012008022320080224\index.dat Object is locked skipped
C:\Documents and Settings\GJFO\Local Settings\Temp\~DF6E6B.tmp Object is locked skipped
C:\Documents and Settings\GJFO\Local Settings\Temp\~DF8AEC.tmp Object is locked skipped
C:\Documents and Settings\GJFO\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\GJFO\Mes documents\telecharge 8\proxyi analogX.exe Infected: not-a-virus:Server-Proxy.Win32.AnalogX.414 skipped
C:\Documents and Settings\GJFO\ntuser.dat Object is locked skipped
C:\Documents and Settings\GJFO\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\Fichiers communs\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Fichiers communs\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Fichiers communs\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Fichiers communs\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Fichiers communs\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Fichiers communs\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\Fichiers communs\Symantec Shared\SPPolicy.log Object is locked skipped
C:\Program Files\Fichiers communs\Symantec Shared\SPStart.log Object is locked skipped
C:\Program Files\Fichiers communs\Symantec Shared\SPStop.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\Program Files\TechSmith\SnagIt 8\SnagIt Add-in.dot Object is locked skipped
C:\System Volume Information\_restore{EC3C0CF4-5422-4475-80B0-655D4D6D714E}\RP1\change.log Object is locked skipped
C:\WINDOWS\Debug\oakley.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.

#15 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 24 February 2008 - 01:50 PM

Is that something that you use?

I dont find alot of information on it at all.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users