Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected Machine


  • This topic is locked This topic is locked
13 replies to this topic

#1 Ols

Ols

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:08 AM

Posted 04 April 2008 - 08:47 AM

Hello everyone,
Since the last week my computer is telling me that i've a lot of spywares and things like that!!
I've also create a topic before in the "Am I infected?"
Here is the link to the topic: http://www.bleepingcomputer.com/forums/t/139114/spywareiemonster/
Here is what I've done:
Scan with malwarebytes-antimalware
Scan with ad-aware
Scan with Vundo
and scan with Spybot where i've found:
BlueStreak
BurstMedia
CasinoPopupStuff
Microsoft Windows App Fire Wall Bypass
Microsoft Windows Explorer
Microsoft Windows Redirected Hosts
Microsoft Windows SecurityCenter.RegistryTools
Microsoft Windows SecurityCenter.Taskmanager
Right Media
Statcounter
Tradedoubler
Virtumonde
Virtumonde.dll
Win32.Agent.bfj
Win32.Qhost.abh
But when I want to clear all of this mess my computer reboots automatically

So I scan with Hijackthis and here is the log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:35:45, on 04/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PcScnSrv.exe
C:\WINDOWS\Explorer.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PccGuide.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\nrnrptxf.exe
C:\WINDOWS\system32\regsvr32.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\StarOffice7\program\soffice.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\shell.exe
F3 - REG:win.ini: run=""
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {542B0DDA-728E-1484-5BF6-09D79576B3F0} - C:\WINDOWS\system32\vvxuvjqc.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: {bc3e429f-6ab5-001b-1fd4-6c6f0a8ae589} - {985ea8a0-f6c6-4df1-b100-5ba6f924e3cb} - C:\WINDOWS\system32\qioacddw.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [nrnrptxf] C:\WINDOWS\system32\nrnrptxf.exe
O4 - HKLM\..\Run: [zgpmpejc] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\zgpmpejc.dll"
O4 - HKLM\..\Run: [30388e3c] rundll32.exe "C:\WINDOWS\system32\euhejiim.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WOOKIT] C:\Program Files\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Program Files\Octoshape Streaming Services\Ols\OctoshapeClient.exe" -inv:bootrun
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKLM\..\Policies\Explorer\Run: [h4ReHu0JcX] C:\WINDOWS\TEMP\win65C.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: StarOffice 7.lnk = C:\Program Files\StarOffice7\program\quickstart.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: StarOffice 7.lnk = C:\Program Files\StarOffice7\program\quickstart.exe (User 'Default user')
O4 - .DEFAULT User Startup: StarOffice 7.lnk = C:\Program Files\StarOffice7\program\quickstart.exe (User 'Default user')
O4 - Startup: StarOffice 7.lnk = C:\Program Files\StarOffice7\program\quickstart.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O16 - DPF: WebControlDeploy - http://grouper.com/v1/GrouperSetup.cab
O16 - DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} (InstallerObj Class) - http://www.m6video.fr/1click/install/files/installer2.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {46C66BBD-E667-4DAD-9683-58050E7C9FDC} (CDPass Class) - http://www.cdpass.com/cdkey/CDPass.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by134fd.bay134.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/webplayer/stage6/...owserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1193840050781
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {B9907873-6560-4A36-B76B-9DADE84A7F55} (FnacmusicDnl.DnlManager) - https://www.fnacmusic.com/telechargementFna...nacmusicDnl.CAB
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
O23 - Service: Protection Trend Micro contre les programmes espions (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcScnSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe

--
End of file - 13911 bytes

Thanks for help
(Sorry for my English but I'm French...)

BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:12:08 AM

Posted 04 April 2008 - 06:01 PM

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. :thumbsup:

Please download ComboFix and save it to your desktop.

Prior to running Combofix.exe you should disable your antivirus program and disconnect from the internet.

Double click combofix.exe and follow the prompts.
When it's done running it will produce a log for you. Please post that log in your next reply.

Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 Ols

Ols
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:08 AM

Posted 06 April 2008 - 10:47 AM

Here is the log done with combofix!!
Some informations are in French so I hope that you'll understand!
The good news is that I can go to my control panel now!

ComboFix 08-04-04.1 - Ols 2008-04-06 17:15:04.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.609 [GMT 2:00]
Endroit: C:\Documents and Settings\Ols\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Ols\Bureauvirii
C:\WINDOWS\a.bat
C:\WINDOWS\base64.tmp
C:\WINDOWS\BM330bbda0.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\FVProtect.exe
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\qioacddw.dll
C:\WINDOWS\system32\tbnttvab.tmp2
C:\WINDOWS\system32akttzn.exe
C:\WINDOWS\system32anticipator.dll
C:\WINDOWS\system32awtoolb.dll
C:\WINDOWS\system32bdn.com
C:\WINDOWS\system32bsva-egihsg52.exe
C:\WINDOWS\system32dpcproxy.exe
C:\WINDOWS\system32emesx.dll
C:\WINDOWS\system32h@tkeysh@@k.dll
C:\WINDOWS\system32hoproxy.dll
C:\WINDOWS\system32hxiwlgpm.dat
C:\WINDOWS\system32hxiwlgpm.exe
C:\WINDOWS\system32medup012.dll
C:\WINDOWS\system32medup020.dll
C:\WINDOWS\system32msgp.exe
C:\WINDOWS\system32msnbho.dll
C:\WINDOWS\system32mssecu.exe
C:\WINDOWS\system32msvchost.exe
C:\WINDOWS\system32mtr2.exe
C:\WINDOWS\system32mwin32.exe
C:\WINDOWS\system32netode.exe
C:\WINDOWS\system32newsd32.exe
C:\WINDOWS\system32ps1.exe
C:\WINDOWS\system32psof1.exe
C:\WINDOWS\system32psoft1.exe
C:\WINDOWS\system32regc64.dll
C:\WINDOWS\system32regm64.dll
C:\WINDOWS\system32Rundl1.exe
C:\WINDOWS\system32sncntr.exe
C:\WINDOWS\system32ssurf022.dll
C:\WINDOWS\system32ssvchost.com
C:\WINDOWS\system32ssvchost.exe
C:\WINDOWS\system32sysreq.exe
C:\WINDOWS\system32taack.dat
C:\WINDOWS\system32taack.exe
C:\WINDOWS\system32temp#01.exe
C:\WINDOWS\system32thun.dll
C:\WINDOWS\system32thun32.dll
C:\WINDOWS\system32VBIEWER.OCX
C:\WINDOWS\system32vbsys2.dll
C:\WINDOWS\system32vcatchpi.dll
C:\WINDOWS\system32winlogonpc.exe
C:\WINDOWS\system32winsystem.exe
C:\WINDOWS\system32WINWGPX.EXE
C:\WINDOWS\userconfig9x.dll
C:\WINDOWS\Web\def.htm
C:\WINDOWS\winsystem.exe
C:\WINDOWS\zip1.tmp
C:\WINDOWS\zip2.tmp
C:\WINDOWS\zip3.tmp
C:\WINDOWS\zipped.tmp

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NTLOAD


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-06 to 2008-04-06 ))))))))))))))))))))))))))))))))))))
.

2008-04-02 23:33 . 2008-04-02 23:33 <REP> d-------- C:\VundoFix Backups
2008-04-02 00:53 . 2008-04-02 00:53 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-01 22:59 . 2008-04-01 22:59 <REP> d-------- C:\Documents and Settings\Ols\Application Data\Malwarebytes
2008-04-01 22:58 . 2008-04-01 22:58 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-01 22:58 . 2008-04-01 22:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-01 11:35 . 2008-04-01 11:35 4,096 --a------ C:\Documents and Settings\Ols\BureauTrojan.Win32.BlackBird.exe
2008-04-01 11:35 . 2008-04-01 11:35 4,096 --a------ C:\Documents and Settings\Ols\BureauFWebdEditor.exe
2008-04-01 11:35 . 2008-04-01 11:35 4,096 --a------ C:\Documents and Settings\Ols\Bureaufwebd.exe
2008-04-01 11:35 . 2008-04-01 11:35 4,096 --a------ C:\Documents and Settings\Ols\Bureaufkwp2.0.exe
2008-04-01 11:35 . 2008-04-01 11:35 4,096 --a------ C:\Documents and Settings\Ols\Bureaufkwp1.5.exe
2008-04-01 11:35 . 2008-04-01 11:35 4,096 --a------ C:\Documents and Settings\Ols\Bureaufilemanagerclient.exe
2008-04-01 11:35 . 2008-04-01 11:35 4,096 --a------ C:\Documents and Settings\Ols\BureauEditorFKWP2.0.exe
2008-04-01 11:35 . 2008-04-01 11:35 4,096 --a------ C:\Documents and Settings\Ols\BureauEditorFKWP1.5.exe
2008-03-30 22:54 . 2008-03-30 22:54 110,592 --a------ C:\WINDOWS\system32\vvxuvjqc.dll
2008-03-30 22:54 . 2008-03-30 22:54 110,592 --a------ C:\Documents and Settings\All Users\Application Data\zgpmpejc.dll
2008-03-30 22:54 . 2008-03-30 22:54 98,304 --a------ C:\WINDOWS\system32\nrnrptxf.exe
2008-03-30 16:23 . 2008-04-01 15:30 116 --a------ C:\tempdel.bat

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-06 15:31 --------- d-----w C:\Program Files\Wanadoo
2008-04-06 15:29 --------- d-----w C:\Program Files\StarOffice7
2008-04-04 13:35 --------- d-----w C:\Program Files\Trend Micro
2008-04-01 23:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-18 22:06 --------- d-----w C:\Program Files\eMule
2008-02-29 11:45 --------- d-----w C:\Program Files\Windows Live
2008-02-29 11:44 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-02-29 11:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-27 16:38 --------- d-----w C:\Program Files\Microsoft.NET
2008-02-21 13:44 --------- d-----w C:\Program Files\iTunes
2008-02-21 13:40 --------- d-----w C:\Program Files\iPod
2008-02-21 13:29 --------- d-----w C:\Program Files\QuickTime
2008-02-16 15:48 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-02-16 15:47 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-01-08 16:54 45,896 ----a-w C:\Documents and Settings\Ols\Application Data\GDIPFONTCACHEV1.DAT
2006-09-23 17:17 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{542B0DDA-728E-1484-5BF6-09D79576B3F0}]
2008-03-30 22:54 110592 --a------ C:\WINDOWS\system32\vvxuvjqc.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 21:00 15360]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 15:44 196608]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"WOOKIT"="C:\Program Files\Wanadoo\Shell.exe" [2004-08-23 14:50 122880]
"OE"="C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe" [2006-09-27 23:29 315392]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-05 15:23 68856]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [ ]
"Octoshape Streaming Services"="C:\Program Files\Octoshape Streaming Services\Ols\OctoshapeClient.exe" [ ]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-01-30 14:11 3497984]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-08-02 16:35 7110656]
"nwiz"="nwiz.exe" [2005-08-02 16:35 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-08-02 16:35 86016]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-13 14:42 212992]
"SoundMan"="SOUNDMAN.EXE" [2004-11-15 12:20 77824 C:\WINDOWS\soundman.exe]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 16:49 49152]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 18:32 221184]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 16:24 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 16:14 217088]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05 81920]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-04-20 21:45 180269]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 14:49 20480]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 16:55 32768]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe" [2006-09-29 07:24 3121152]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-02-06 01:52 849280]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 00:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-04 15:18 267048]
"nrnrptxf"="C:\WINDOWS\system32\nrnrptxf.exe" [2008-03-30 22:54 98304]
"30388e3c"="C:\WINDOWS\system32\euhejiim.dll" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 21:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"h4ReHu0JcX"= C:\WINDOWS\TEMP\win65C.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= lvcodec2.dll
"vidc.asv2"= asusasv2.dll
"vidc.LEAD"= LCODCCMP.DLL
"MSVideo8"= VfWWDM32.dll
"MSVideo"= vfwwdm32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\Jeux\\Enemy Territory\\ET.exe"=
"D:\\Jeux\\Enemy Territory\\ETDED.exe"=
"K:\\Blobby Volley\\volley.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"%windir%\\system32\\winav.exe"=

R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D.sys [2004-07-06 20:56]
S3 AMDMSRIO;AMDMSRIO;C:\DOCUME~1\Ols\LOCALS~1\Temp\{55638DD9-D5A9-11D3-B74B-204C4F4F5020}\AMDMSRIO.sys []

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-02-21 11:39:06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-06 14:00:00 C:\WINDOWS\Tasks\HPpromotions journeysoftware.job"
- C:\Program Files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-06 17:30:15
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\StarOffice7\program\soffice.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-04-06 17:43:57 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-06 15:43:12
Pre-Run: 3,497,660,416 octets libres
Post-Run: 3,717,275,648 octets libres
.
2008-04-01 17:56:49 --- E O F ---

Edited by Ols, 06 April 2008 - 10:49 AM.


#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:12:08 AM

Posted 07 April 2008 - 06:31 AM

I don't know French, but I think I got it figured out. :thumbsup:

Copy and paste ALL the following text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: CFScript to your desktop.

Folder::
C:\VundoFix Backups

File::
C:\Documents and Settings\Ols\BureauTrojan.Win32.BlackBird.exe
C:\Documents and Settings\Ols\BureauFWebdEditor.exe
C:\Documents and Settings\Ols\Bureaufwebd.exe
C:\Documents and Settings\Ols\Bureaufkwp2.0.exe
C:\Documents and Settings\Ols\Bureaufkwp1.5.exe
C:\Documents and Settings\Ols\Bureaufilemanagerclient.exe
C:\Documents and Settings\Ols\BureauEditorFKWP2.0.exe
C:\Documents and Settings\Ols\BureauEditorFKWP1.5.exe
C:\WINDOWS\system32\vvxuvjqc.dll
C:\Documents and Settings\All Users\Application Data\zgpmpejc.dll
C:\WINDOWS\system32\nrnrptxf.exe

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{542B0DDA-728E-1484-5BF6-09D79576B3F0}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nrnrptxf"=-
"30388e3c"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"h4ReHu0JcX"=-
Prior to running Combofix.exe you should disable your antivirus program and disconnect from the internet.

Now drag then drop the CFScript file onto ComboFix.exe as seen in the image below.

Posted Image

This will start ComboFix again.
After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.


===================



Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 Ols

Ols
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:08 AM

Posted 07 April 2008 - 11:04 AM

here is th log done with combo:

ComboFix 08-04-04.1 - Ols 2008-04-07 17:53:28.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.359 [GMT 2:00]
Endroit: C:\Documents and Settings\Ols\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Ols\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

FILE ::
C:\Documents and Settings\All Users\Application Data\zgpmpejc.dll
C:\Documents and Settings\Ols\BureauEditorFKWP1.5.exe
C:\Documents and Settings\Ols\BureauEditorFKWP2.0.exe
C:\Documents and Settings\Ols\Bureaufilemanagerclient.exe
C:\Documents and Settings\Ols\Bureaufkwp1.5.exe
C:\Documents and Settings\Ols\Bureaufkwp2.0.exe
C:\Documents and Settings\Ols\Bureaufwebd.exe
C:\Documents and Settings\Ols\BureauFWebdEditor.exe
C:\Documents and Settings\Ols\BureauTrojan.Win32.BlackBird.exe
C:\WINDOWS\system32\nrnrptxf.exe
C:\WINDOWS\system32\vvxuvjqc.dll
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\zgpmpejc.dll
C:\Documents and Settings\Ols\Bureaublackbird.jpg
C:\Documents and Settings\Ols\BureauEditorFKWP1.5.exe
C:\Documents and Settings\Ols\BureauEditorFKWP2.0.exe
C:\Documents and Settings\Ols\Bureaufilemanagerclient.exe
C:\Documents and Settings\Ols\Bureaufkwp1.5.exe
C:\Documents and Settings\Ols\Bureaufkwp2.0.exe
C:\Documents and Settings\Ols\Bureaufwebd.exe
C:\Documents and Settings\Ols\BureauFWebdEditor.exe
C:\Documents and Settings\Ols\BureauTrojan.Win32.BlackBird.exe
C:\VundoFix Backups
C:\WINDOWS\system32\nrnrptxf.exe
C:\WINDOWS\system32\vvxuvjqc.dll

.
((((((((((((((((((((((((((((( Fichiers créés 2008-03-07 to 2008-04-07 ))))))))))))))))))))))))))))))))))))
.

2008-04-02 00:53 . 2008-04-02 00:53 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-01 22:59 . 2008-04-01 22:59 <REP> d-------- C:\Documents and Settings\Ols\Application Data\Malwarebytes
2008-04-01 22:58 . 2008-04-01 22:58 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-01 22:58 . 2008-04-01 22:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-03-30 16:23 . 2008-04-01 15:30 116 --a------ C:\tempdel.bat

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-07 15:06 --------- d-----w C:\Program Files\Wanadoo
2008-04-07 15:04 --------- d-----w C:\Program Files\StarOffice7
2008-04-04 13:35 --------- d-----w C:\Program Files\Trend Micro
2008-04-01 23:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-18 22:06 --------- d-----w C:\Program Files\eMule
2008-02-29 11:45 --------- d-----w C:\Program Files\Windows Live
2008-02-29 11:44 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-02-29 11:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-27 16:38 --------- d-----w C:\Program Files\Microsoft.NET
2008-02-21 13:44 --------- d-----w C:\Program Files\iTunes
2008-02-21 13:40 --------- d-----w C:\Program Files\iPod
2008-02-21 13:29 --------- d-----w C:\Program Files\QuickTime
2008-02-16 15:48 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-02-16 15:47 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-01-08 16:54 45,896 ----a-w C:\Documents and Settings\Ols\Application Data\GDIPFONTCACHEV1.DAT
2006-09-23 17:17 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
.

((((((((((((((((((((((((((((( snapshot@2008-04-06_17.42.30.98 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-07 15:04:51 1,134,592 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Printing\f94fbbe7d7c6e76d02cd9fb94ee8d910\System.Printing.ni.dll
+ 2008-04-07 15:06:36 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_5dc.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 21:00 15360]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 15:44 196608]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"WOOKIT"="C:\Program Files\Wanadoo\Shell.exe" [2004-08-23 14:50 122880]
"OE"="C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe" [2006-09-27 23:29 315392]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-05 15:23 68856]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [ ]
"Octoshape Streaming Services"="C:\Program Files\Octoshape Streaming Services\Ols\OctoshapeClient.exe" [ ]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-01-30 14:11 3497984]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-08-02 16:35 7110656]
"nwiz"="nwiz.exe" [2005-08-02 16:35 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-08-02 16:35 86016]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-13 14:42 212992]
"SoundMan"="SOUNDMAN.EXE" [2004-11-15 12:20 77824 C:\WINDOWS\soundman.exe]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 16:49 49152]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 18:32 221184]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 16:24 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 16:14 217088]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05 81920]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-04-20 21:45 180269]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 14:49 20480]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 16:55 32768]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe" [2006-09-29 07:24 3121152]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-02-06 01:52 849280]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 00:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-04 15:18 267048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 21:00 15360]

C:\Documents and Settings\Default User\Menu D‚marrer\Programmes\D‚marrage\
StarOffice 7.lnk - C:\Program Files\StarOffice7\program\quickstart.exe [2003-11-01 08:01:00 122880]

C:\Documents and Settings\ans\Menu D‚marrer\Programmes\D‚marrage\
StarOffice 7.lnk - C:\Program Files\StarOffice7\program\quickstart.exe [2003-11-01 08:01:00 122880]

C:\Documents and Settings\parents\Menu D‚marrer\Programmes\D‚marrage\
StarOffice 7.lnk - C:\Program Files\StarOffice7\program\quickstart.exe [2003-11-01 08:01:00 122880]

C:\Documents and Settings\Default User\Menu D‚marrer\Programmes\D‚marrage\
StarOffice 7.lnk - C:\Program Files\StarOffice7\program\quickstart.exe [2003-11-01 08:01:00 122880]

C:\Documents and Settings\Ols\Menu D‚marrer\Programmes\D‚marrage\
StarOffice 7.lnk - C:\Program Files\StarOffice7\program\quickstart.exe [2003-11-01 08:01:00 122880]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
D‚marrage rapide du logiciel HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 20:50:52 53248]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 20:28:24 258048]
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= lvcodec2.dll
"vidc.asv2"= asusasv2.dll
"vidc.LEAD"= LCODCCMP.DLL
"MSVideo8"= VfWWDM32.dll
"MSVideo"= vfwwdm32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\Jeux\\Enemy Territory\\ET.exe"=
"D:\\Jeux\\Enemy Territory\\ETDED.exe"=
"K:\\Blobby Volley\\volley.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"%windir%\\system32\\winav.exe"=

R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D.sys [2004-07-06 20:56]
S3 AMDMSRIO;AMDMSRIO;C:\DOCUME~1\Ols\LOCALS~1\Temp\{55638DD9-D5A9-11D3-B74B-204C4F4F5020}\AMDMSRIO.sys []

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-02-21 11:39:06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-06 22:00:05 C:\WINDOWS\Tasks\HPpromotions journeysoftware.job"
- C:\Program Files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-07 18:00:15
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-04-07 18:02:26
ComboFix-quarantined-files.txt 2008-04-07 16:02:18
ComboFix2.txt 2008-04-06 15:44:02
Pre-Run: 5,541,322,752 octets libres
Post-Run: 5,526,937,600 octets libres
.
2008-04-01 17:56:49 --- E O F ---

And here is the one with superantispyware:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/07/2008 at 07:27 PM

Application Version : 4.0.1154

Core Rules Database Version : 3432
Trace Rules Database Version: 1424

Scan type : Complete Scan
Total Scan Time : 01:15:32

Memory items scanned : 696
Memory threats detected : 0
Registry items scanned : 6068
Registry threats detected : 0
File items scanned : 113597
File threats detected : 221

Adware.Tracking Cookie
C:\Documents and Settings\Ols\Cookies\ols@bnpparibasnet.solution.weborama[2].txt
C:\Documents and Settings\Ols\Cookies\ols@ad.zanox[1].txt
C:\Documents and Settings\Ols\Cookies\ols@adultfriendfinder[2].txt
C:\Documents and Settings\Ols\Cookies\ols@yourmedia[3].txt
C:\Documents and Settings\Ols\Cookies\ols@247realmedia[2].txt
C:\Documents and Settings\Ols\Cookies\ols@zbox.zanox[1].txt
C:\Documents and Settings\Ols\Cookies\ols@lecoqsportif.solution.weborama[2].txt
C:\Documents and Settings\Ols\Cookies\ols@smartadserver[4].txt
C:\Documents and Settings\Ols\Cookies\ols@fastclick[2].txt
C:\Documents and Settings\Ols\Cookies\ols@tracking.publicidees[3].txt
C:\Documents and Settings\Ols\Cookies\ols@banner.cotedazurpalace[3].txt
C:\Documents and Settings\Ols\Cookies\ols@tradedoubler[2].txt
C:\Documents and Settings\Ols\Cookies\ols@track.effiliation[1].txt
C:\Documents and Settings\Ols\Cookies\ols@atdmt[2].txt
C:\Documents and Settings\Ols\Cookies\ols@xiti[2].txt
C:\Documents and Settings\Ols\Cookies\ols@cetelem.solution.weborama[2].txt
C:\Documents and Settings\Ols\Cookies\ols@adtech[1].txt
C:\Documents and Settings\Ols\Cookies\ols@ads.adbrite[2].txt
C:\Documents and Settings\Ols\Cookies\ols@banner.eurogrand[3].txt
C:\Documents and Settings\Ols\Cookies\ols@clickintext[2].txt
C:\Documents and Settings\Ols\Cookies\ols@weborama[2].txt
C:\Documents and Settings\Ols\Cookies\ols@ads.revsci[2].txt
C:\Documents and Settings\Ols\Cookies\ols@statse.webtrendslive[4].txt
C:\Documents and Settings\Ols\Cookies\ols@adopt.euroclick[4].txt
C:\Documents and Settings\Ols\Cookies\ols@advertising[2].txt
C:\Documents and Settings\Ols\Cookies\ols@apmebf[1].txt
C:\Documents and Settings\Ols\Cookies\ols@adecn[2].txt
C:\Documents and Settings\Ols\Cookies\ols@ad.yieldmanager[2].txt
C:\Documents and Settings\Ols\Cookies\ols@bs.serving-sys[4].txt
C:\Documents and Settings\Ols\Cookies\ols@adbrite[1].txt
C:\Documents and Settings\Ols\Cookies\ols@statcounter[2].txt
C:\Documents and Settings\Ols\Cookies\ols@clicksor[1].txt
C:\Documents and Settings\Ols\Cookies\ols@estat[1].txt
C:\Documents and Settings\Ols\Cookies\ols@tracker.affistats[2].txt
C:\Documents and Settings\Ols\Cookies\ols@hitbox[2].txt
C:\Documents and Settings\Ols\Cookies\ols@adnetserver[3].txt
C:\Documents and Settings\Ols\Cookies\ols@statsgod[1].txt
C:\Documents and Settings\Ols\Cookies\ols@overture[2].txt
C:\Documents and Settings\Ols\Cookies\ols@serving-sys[1].txt
C:\Documents and Settings\Ols\Cookies\ols@ehg-foxsports.hitbox[2].txt
C:\Documents and Settings\ans\Cookies\ans@ads.wanadooregie[1].txt
C:\Documents and Settings\Ols\Cookies\ols@1254.stats.stats[1].txt
C:\Documents and Settings\Ols\Cookies\ols@2412.stats.misstrends[1].txt
C:\Documents and Settings\Ols\Cookies\ols@3.adbrite[1].txt
C:\Documents and Settings\Ols\Cookies\ols@3.adbrite[3].txt
C:\Documents and Settings\Ols\Cookies\ols@4.adbrite[1].txt
C:\Documents and Settings\Ols\Cookies\ols@612.stats.stats[2].txt
C:\Documents and Settings\Ols\Cookies\ols@ad.adocean[2].txt
C:\Documents and Settings\Ols\Cookies\ols@ad.cibleclick[2].txt
C:\Documents and Settings\Ols\Cookies\ols@ad.pixicast[2].txt
C:\Documents and Settings\Ols\Cookies\ols@adbrite[2].txt
C:\Documents and Settings\Ols\Cookies\ols@adinterax[1].txt
C:\Documents and Settings\Ols\Cookies\ols@adnetserver[1].txt
C:\Documents and Settings\Ols\Cookies\ols@adopt.euroclick[1].txt
C:\Documents and Settings\Ols\Cookies\ols@adopt.euroclick[3].txt
C:\Documents and Settings\Ols\Cookies\ols@ads.adbrite[1].txt
C:\Documents and Settings\Ols\Cookies\ols@ads.allotraffic[2].txt
C:\Documents and Settings\Ols\Cookies\ols@ads.aol.co[2].txt
C:\Documents and Settings\Ols\Cookies\ols@ads.contactmusic[1].txt
C:\Documents and Settings\Ols\Cookies\ols@ads.highmetrics[2].txt
C:\Documents and Settings\Ols\Cookies\ols@ads.pixicast[2].txt
C:\Documents and Settings\Ols\Cookies\ols@ads.planetactive[1].txt
C:\Documents and Settings\Ols\Cookies\ols@ads.pubmatic[2].txt
C:\Documents and Settings\Ols\Cookies\ols@ads.revsci[1].txt
C:\Documents and Settings\Ols\Cookies\ols@ads.stardoll[1].txt
C:\Documents and Settings\Ols\Cookies\ols@ads.tetesacl.streamtheworld[3].txt
C:\Documents and Settings\Ols\Cookies\ols@ads.wanadooregie[1].txt
C:\Documents and Settings\Ols\Cookies\ols@adserver.adreactor[1].txt
C:\Documents and Settings\Ols\Cookies\ols@adserver.aol[2].txt
C:\Documents and Settings\Ols\Cookies\ols@adserver.easyad[2].txt
C:\Documents and Settings\Ols\Cookies\ols@adv.alice[1].txt
C:\Documents and Settings\Ols\Cookies\ols@adv.surinter[1].txt
C:\Documents and Settings\Ols\Cookies\ols@advertstream[1].txt
C:\Documents and Settings\Ols\Cookies\ols@advertstream[3].txt
C:\Documents and Settings\Ols\Cookies\ols@advert[2].txt
C:\Documents and Settings\Ols\Cookies\ols@anad.tacoda[2].txt
C:\Documents and Settings\Ols\Cookies\ols@anad.tacoda[3].txt
C:\Documents and Settings\Ols\Cookies\ols@aolfr.122.2o7[1].txt
C:\Documents and Settings\Ols\Cookies\ols@aoluk.122.2o7[1].txt
C:\Documents and Settings\Ols\Cookies\ols@audit.median[1].txt
C:\Documents and Settings\Ols\Cookies\ols@banner.cotedazurpalace[2].txt
C:\Documents and Settings\Ols\Cookies\ols@banner.eurogrand[2].txt
C:\Documents and Settings\Ols\Cookies\ols@bizrate[1].txt
C:\Documents and Settings\Ols\Cookies\ols@brightcove.112.2o7[1].txt
C:\Documents and Settings\Ols\Cookies\ols@brightcove.112.2o7[3].txt
C:\Documents and Settings\Ols\Cookies\ols@bs.serving-sys[1].txt
C:\Documents and Settings\Ols\Cookies\ols@bs.serving-sys[3].txt
C:\Documents and Settings\Ols\Cookies\ols@campaign.indieclick[2].txt
C:\Documents and Settings\Ols\Cookies\ols@cdiscount[2].txt
C:\Documents and Settings\Ols\Cookies\ols@click-fr[2].txt
C:\Documents and Settings\Ols\Cookies\ols@clickaider[1].txt
C:\Documents and Settings\Ols\Cookies\ols@clickintext[1].txt
C:\Documents and Settings\Ols\Cookies\ols@clickintext[3].txt
C:\Documents and Settings\Ols\Cookies\ols@clicksor[2].txt
C:\Documents and Settings\Ols\Cookies\ols@cpvfeed[2].txt
C:\Documents and Settings\Ols\Cookies\ols@crackle[2].txt
C:\Documents and Settings\Ols\Cookies\ols@cs.sexcounter[2].txt
C:\Documents and Settings\Ols\Cookies\ols@d2.advertserve[1].txt
C:\Documents and Settings\Ols\Cookies\ols@dictionnaire.mediadico[1].txt
C:\Documents and Settings\Ols\Cookies\ols@divx.112.2o7[1].txt
C:\Documents and Settings\Ols\Cookies\ols@divx.adbureau[1].txt
C:\Documents and Settings\Ols\Cookies\ols@divx.adbureau[2].txt
C:\Documents and Settings\Ols\Cookies\ols@eas.apm.emediate[1].txt
C:\Documents and Settings\Ols\Cookies\ols@eas.apm.emediate[2].txt
C:\Documents and Settings\Ols\Cookies\ols@ehg-dig.hitbox[1].txt
C:\Documents and Settings\Ols\Cookies\ols@ehg-foxmovies.hitbox[1].txt
C:\Documents and Settings\Ols\Cookies\ols@ehg-foxsports.hitbox[1].txt
C:\Documents and Settings\Ols\Cookies\ols@ehg-groupernetworks.hitbox[2].txt
C:\Documents and Settings\Ols\Cookies\ols@ehg-myspaceinc.hitbox[2].txt
C:\Documents and Settings\Ols\Cookies\ols@ehg-telecomitalia.hitbox[2].txt
C:\Documents and Settings\Ols\Cookies\ols@ehg-veohnetworksinc.hitbox[2].txt
C:\Documents and Settings\Ols\Cookies\ols@ehg-youtube.hitbox[2].txt
C:\Documents and Settings\Ols\Cookies\ols@euros4click[1].txt
C:\Documents and Settings\Ols\Cookies\ols@eyewonder[1].txt
C:\Documents and Settings\Ols\Cookies\ols@fl01.ct2.comclick[2].txt
C:\Documents and Settings\Ols\Cookies\ols@fliptrack[1].txt
C:\Documents and Settings\Ols\Cookies\ols@fnac.112.2o7[1].txt
C:\Documents and Settings\Ols\Cookies\ols@fnac.112.2o7[2].txt
C:\Documents and Settings\Ols\Cookies\ols@fr.13.clickintext[1].txt
C:\Documents and Settings\Ols\Cookies\ols@fr.13.slidein.clickintext[1].txt
C:\Documents and Settings\Ols\Cookies\ols@fr.13.slidein.clickintext[2].txt
C:\Documents and Settings\Ols\Cookies\ols@fr.14.slidein.clickintext[1].txt
C:\Documents and Settings\Ols\Cookies\ols@fr.14.slidein.clickintext[2].txt
C:\Documents and Settings\Ols\Cookies\ols@fr.16.slidein.clickintext[1].txt
C:\Documents and Settings\Ols\Cookies\ols@fr.17.slidein.clickintext[2].txt
C:\Documents and Settings\Ols\Cookies\ols@fr.20.slidein.clickintext[2].txt
C:\Documents and Settings\Ols\Cookies\ols@fr.26.slidein.clickintext[1].txt
C:\Documents and Settings\Ols\Cookies\ols@fr.27.slidein.clickintext[1].txt
C:\Documents and Settings\Ols\Cookies\ols@fr.29.slidein.clickintext[1].txt
C:\Documents and Settings\Ols\Cookies\ols@fr.31.slidein.clickintext[2].txt
C:\Documents and Settings\Ols\Cookies\ols@fr.36.slidein.clickintext[1].txt
C:\Documents and Settings\Ols\Cookies\ols@fr.clickintext[1].txt
C:\Documents and Settings\Ols\Cookies\ols@karavel.112.2o7[1].txt
C:\Documents and Settings\Ols\Cookies\ols@kontera[2].txt
C:\Documents and Settings\Ols\Cookies\ols@linkto.mediafire[1].txt
C:\Documents and Settings\Ols\Cookies\ols@livenation.122.2o7[2].txt
C:\Documents and Settings\Ols\Cookies\ols@m1.webstats.motigo[1].txt
C:\Documents and Settings\Ols\Cookies\ols@m1.webstats.motigo[2].txt
C:\Documents and Settings\Ols\Cookies\ols@media.fimnetwork[1].txt
C:\Documents and Settings\Ols\Cookies\ols@media.webstore-internet[1].txt
C:\Documents and Settings\Ols\Cookies\ols@mediadico[2].txt
C:\Documents and Settings\Ols\Cookies\ols@mediafire[2].txt
C:\Documents and Settings\Ols\Cookies\ols@msnaccountservices.112.2o7[2].txt
C:\Documents and Settings\Ols\Cookies\ols@music.mediagong[1].txt
C:\Documents and Settings\Ols\Cookies\ols@nuitsexy[1].txt
C:\Documents and Settings\Ols\Cookies\ols@paypal.112.2o7[1].txt
C:\Documents and Settings\Ols\Cookies\ols@phg.hitbox[2].txt
C:\Documents and Settings\Ols\Cookies\ols@pornrapidshare[2].txt
C:\Documents and Settings\Ols\Cookies\ols@precisionclick[2].txt
C:\Documents and Settings\Ols\Cookies\ols@radiotracker[1].txt
C:\Documents and Settings\Ols\Cookies\ols@roiservice[1].txt
C:\Documents and Settings\Ols\Cookies\ols@servedby.adxpower[2].txt
C:\Documents and Settings\Ols\Cookies\ols@sevenloadgmbh.112.2o7[1].txt
C:\Documents and Settings\Ols\Cookies\ols@sevenloadgmbh.112.2o7[2].txt
C:\Documents and Settings\Ols\Cookies\ols@sfr.122.2o7[1].txt
C:\Documents and Settings\Ols\Cookies\ols@sfr.122.2o7[2].txt
C:\Documents and Settings\Ols\Cookies\ols@smartadserver[2].txt
C:\Documents and Settings\Ols\Cookies\ols@smartadserver[3].txt
C:\Documents and Settings\Ols\Cookies\ols@sonymusic.112.2o7[1].txt
C:\Documents and Settings\Ols\Cookies\ols@stat.hi-pi[1].txt
C:\Documents and Settings\Ols\Cookies\ols@stat.hi-pi[2].txt
C:\Documents and Settings\Ols\Cookies\ols@stats.canalblog[2].txt
C:\Documents and Settings\Ols\Cookies\ols@stats.federal-hotel[2].txt
C:\Documents and Settings\Ols\Cookies\ols@stats.federal-hotel[3].txt
C:\Documents and Settings\Ols\Cookies\ols@stats.radioneo[1].txt
C:\Documents and Settings\Ols\Cookies\ols@stats.searchtrack[2].txt
C:\Documents and Settings\Ols\Cookies\ols@stats.sports[1].txt
C:\Documents and Settings\Ols\Cookies\ols@stats.tf1[1].txt
C:\Documents and Settings\Ols\Cookies\ols@statse.webtrendslive[1].txt
C:\Documents and Settings\Ols\Cookies\ols@statse.webtrendslive[2].txt
C:\Documents and Settings\Ols\Cookies\ols@statse.webtrendslive[3].txt
C:\Documents and Settings\Ols\Cookies\ols@statsweb.bnpparibas[2].txt
C:\Documents and Settings\Ols\Cookies\ols@stats[1].txt
C:\Documents and Settings\Ols\Cookies\ols@toplist[1].txt
C:\Documents and Settings\Ols\Cookies\ols@toplist[2].txt
C:\Documents and Settings\Ols\Cookies\ols@tour.splash.sexsearch[1].txt
C:\Documents and Settings\Ols\Cookies\ols@track.searchignite[1].txt
C:\Documents and Settings\Ols\Cookies\ols@track.webgains[1].txt
C:\Documents and Settings\Ols\Cookies\ols@tracker.roitesting[1].txt
C:\Documents and Settings\Ols\Cookies\ols@tracker.roitesting[2].txt
C:\Documents and Settings\Ols\Cookies\ols@tracking.lsfinteractive[1].txt
C:\Documents and Settings\Ols\Cookies\ols@tracking.publicidees[2].txt
C:\Documents and Settings\Ols\Cookies\ols@try.starware[1].txt
C:\Documents and Settings\Ols\Cookies\ols@try.starware[2].txt
C:\Documents and Settings\Ols\Cookies\ols@vhost.oddcast[2].txt
C:\Documents and Settings\Ols\Cookies\ols@web-stats[1].txt
C:\Documents and Settings\Ols\Cookies\ols@weborama[1].txt
C:\Documents and Settings\Ols\Cookies\ols@wt.sexsearch[1].txt
C:\Documents and Settings\Ols\Cookies\ols@www.cibleclick[1].txt
C:\Documents and Settings\Ols\Cookies\ols@www.clickmanage[2].txt
C:\Documents and Settings\Ols\Cookies\ols@www.ditracker[2].txt
C:\Documents and Settings\Ols\Cookies\ols@www.findmyorder[1].txt
C:\Documents and Settings\Ols\Cookies\ols@www.googleadservices[1].txt
C:\Documents and Settings\Ols\Cookies\ols@www.googleadservices[2].txt
C:\Documents and Settings\Ols\Cookies\ols@www.googleadservices[3].txt
C:\Documents and Settings\Ols\Cookies\ols@www.googleadservices[4].txt
C:\Documents and Settings\Ols\Cookies\ols@www.googleadservices[5].txt
C:\Documents and Settings\Ols\Cookies\ols@www.googleadservices[6].txt
C:\Documents and Settings\Ols\Cookies\ols@www.googleadservices[7].txt
C:\Documents and Settings\Ols\Cookies\ols@www.jackpotmadness[1].txt
C:\Documents and Settings\Ols\Cookies\ols@www.mediadis[1].txt
C:\Documents and Settings\Ols\Cookies\ols@www.mediafire[1].txt
C:\Documents and Settings\Ols\Cookies\ols@www.multimediaxis[1].txt
C:\Documents and Settings\Ols\Cookies\ols@www.netmedia[1].txt
C:\Documents and Settings\Ols\Cookies\ols@www.pornrapidshare[1].txt
C:\Documents and Settings\Ols\Cookies\ols@www.sa-sex[2].txt
C:\Documents and Settings\Ols\Cookies\ols@www.westsussex.gov[1].txt
C:\Documents and Settings\Ols\Cookies\ols@www6.addfreestats[1].txt
C:\Documents and Settings\Ols\Cookies\ols@xiti[1].txt
C:\Documents and Settings\Ols\Cookies\ols@yadro[2].txt
C:\Documents and Settings\Ols\Cookies\ols@yourmedia[1].txt
C:\Documents and Settings\Ols\Cookies\ols@yourmedia[2].txt
C:\Documents and Settings\Ols\Cookies\ols@zbox.zanox[2].txt
C:\Documents and Settings\Ols\Cookies\ols@zbox.zanox[3].txt
C:\Documents and Settings\parents\Cookies\parents@directtrack[1].txt
C:\Documents and Settings\parents\Cookies\parents@mediastay.directtrack[2].txt
C:\Documents and Settings\parents\Cookies\parents@stats.federal-hotel[1].txt
C:\Documents and Settings\parents\Cookies\parents@xiti[1].txt

Trojan.Unclassified/Multi-Dropper
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\NRNRPTXF.EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{66B27AFA-1DD5-482A-8E3B-FFD6BB9D3FC4}\RP609\A0120151.EXE

Adware.Vundo-Variant/Small-A
C:\SYSTEM VOLUME INFORMATION\_RESTORE{66B27AFA-1DD5-482A-8E3B-FFD6BB9D3FC4}\RP608\A0120052.DLL

Edited by Ols, 07 April 2008 - 12:48 PM.


#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:12:08 AM

Posted 07 April 2008 - 05:58 PM

Looking better!
Please post a new hijackthis log.

How is your computer behaving now?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 Ols

Ols
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:08 AM

Posted 09 April 2008 - 03:29 AM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:25:59, on 09/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\Program Files\StarOffice7\program\soffice.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WOOKIT] C:\Program Files\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Program Files\Octoshape Streaming Services\Ols\OctoshapeClient.exe" -inv:bootrun
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: StarOffice 7.lnk = C:\Program Files\StarOffice7\program\quickstart.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: StarOffice 7.lnk = C:\Program Files\StarOffice7\program\quickstart.exe (User 'Default user')
O4 - .DEFAULT User Startup: StarOffice 7.lnk = C:\Program Files\StarOffice7\program\quickstart.exe (User 'Default user')
O4 - Startup: StarOffice 7.lnk = C:\Program Files\StarOffice7\program\quickstart.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O16 - DPF: WebControlDeploy - http://grouper.com/v1/GrouperSetup.cab
O16 - DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} (InstallerObj Class) - http://www.m6video.fr/1click/install/files/installer2.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {46C66BBD-E667-4DAD-9683-58050E7C9FDC} (CDPass Class) - http://www.cdpass.com/cdkey/CDPass.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by134fd.bay134.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/webplayer/stage6/...owserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1193840050781
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {B9907873-6560-4A36-B76B-9DADE84A7F55} (FnacmusicDnl.DnlManager) - https://www.fnacmusic.com/telechargementFna...nacmusicDnl.CAB
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
O23 - Service: Protection Trend Micro contre les programmes espions (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcScnSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe

--
End of file - 12963 bytes

My computer seems to be cool now!!
The messages saying that I was infected with spyware are gone!
But still there are two things:
At the reboot my computer does a simple scan of my O: and i don't know why and
I still have a window which says me that PcScnSrv doesn't work!
I have no idea of what it is!

#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:12:08 AM

Posted 09 April 2008 - 07:05 AM

At the reboot my computer does a simple scan of my O: and i don't know why

A scan of your O: :thumbsup:
I'm not sure what that means. Can you clarify?


I still have a window which says me that PcScnSrv doesn't work!
I have no idea of what it is!

That is related to your antivirus - Trend Micro. You will need to reinstall the program and that should restore full functionality and resolve the error.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 Ols

Ols
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:08 AM

Posted 09 April 2008 - 01:18 PM

O:\ is an another hard disk
And at the reboot, windows is telling me that it has to verify the integrity of the files...
I hope that you'll understand!

#10 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:12:08 AM

Posted 09 April 2008 - 06:40 PM

Aaaahhh...ok. I don't run into many drives labeled with an O. :thumbsup:
Maybe there's some corruption there. Have you run scandisc on that drive?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#11 Ols

Ols
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:08 AM

Posted 11 April 2008 - 04:46 AM

How do you do that? My knowledge in computer are small lol...

#12 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:12:08 AM

Posted 12 April 2008 - 06:33 AM

Go to My Computer and right click on the drive you want and select Properties.
Select the Tools tab and then under Error Checking click on Check Now...
You will probably have to reboot for it to run.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#13 Ols

Ols
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:08 AM

Posted 23 April 2008 - 11:34 AM

Apparently it's okay now!
But I still have two problems:
Sometimes when i play a game like tomb raider or prince of persia, in generally 5 minutes my computer is like frozen I can't do anything and I haveto reboot.
The second one is reliated to internet explorer, Sometimes when i open windows in the same page (i don't know the word in englis for "onglet") the line where you can choose which window to open becombe blank and somme effects appear like the disparition of some texts, like that my computer can't launch some applications.

I don't know if this is due to what I had to face with these spywares... But it's very annoying
Thanks for help

#14 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:12:08 AM

Posted 23 April 2008 - 05:44 PM

Neither of those issues are malware related so you'll be better off posting into the XP forum.

Good luck! :thumbsup:
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users