Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Board index Malware Removal ForumsInfected? Virus, malware, adware, ransomware, oh my!

I'm infected but I can see it in my HijackThis.log

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.
Topic locked

I'm infected but I can see it in my HijackThis.log

Unread postby cellardoor » August 7th, 2006, 6:59 am

Logfile of HijackThis v1.99.1
Scan saved at 12:56:02, on 07/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TOSHIBA\EMT3\Tmesbs32.exe
C:\Program Files\TOSHIBA\EMT3\Tmesrv31.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\s3hotkey.exe
C:\WINDOWS\system32\S3Tray2.exe
C:\WINDOWS\System32\00THotkey.exe
C:\WINDOWS\system32\TPWRTRAY.EXE
C:\Program Files\TOSHIBA\EMT3\TMERzCtl.EXE
C:\Program Files\TOSHIBA\EMT3\TMEEJME.EXE
C:\Program Files\TOSHIBA\EMT3\TMESBS32.EXE
C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.microsoft.com/isapi/redir.dl ... cid=0x040c
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [S3Hotkey] s3hotkey.exe
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\EMT3\TMESRV31.EXE /Logon
O4 - HKLM\..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\EMT3\TMERzCtl.EXE /Service
O4 - HKLM\..\Run: [TMEEJME.EXE] C:\Program Files\TOSHIBA\EMT3\TMEEJME.EXE
O4 - HKLM\..\Run: [TMESBS.EXE] C:\Program Files\TOSHIBA\EMT3\TMESBS32.EXE /Client
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 02
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [TosHKCW.exe] C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\ereg.ini"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://pablouci.spaces.msn.com//PhotoUp ... nPUpld.cab
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleAc ... refid=1123
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Tmesbs32 (Tmesbs) - Unknown owner - C:\Program Files\TOSHIBA\EMT3\Tmesbs32.exe" /Service (file missing)
O23 - Service: Tmesrv3 (Tmesrv) - Unknown owner - C:\Program Files\TOSHIBA\EMT3\Tmesrv31.exe" /Service (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZONELABS\vsmon.exe
cellardoor
Active Member
 
Posts: 7
Joined: August 6th, 2006, 9:14 pm
Top
Advertisement
Register to Remove

Unread postby Shaba » August 7th, 2006, 8:50 am

Hi cellardoor

Rename HijackThis.exe to HJT.exe and send a fresh HijackThis log. What are your symptoms?
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland
Top

My new HijackThis.log

Unread postby cellardoor » August 9th, 2006, 2:24 pm

Hi,

Ewido detect a trojan in my system32 at start up but apparently it can erase it. So I tried to erased it manually with HJT and Killbox but I can do it. The file infected is tussq.dll but i can erase it.
Thanks for your help

Here is my nex HJT.log

Logfile of HijackThis v1.99.1
Scan saved at 20:20:26, on 09/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TOSHIBA\EMT3\Tmesbs32.exe
C:\Program Files\TOSHIBA\EMT3\Tmesrv31.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\system32\s3hotkey.exe
C:\WINDOWS\system32\S3Tray2.exe
C:\WINDOWS\System32\00THotkey.exe
C:\WINDOWS\system32\TPWRTRAY.EXE
C:\Program Files\TOSHIBA\EMT3\TMERzCtl.EXE
C:\Program Files\TOSHIBA\EMT3\TMEEJME.EXE
C:\Program Files\TOSHIBA\EMT3\TMESBS32.EXE
C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HJT.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.microsoft.com/isapi/redir.dl ... cid=0x040c
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {26F9D0AC-2B5B-415B-AD9A-2447D6E348C2} - C:\WINDOWS\system32\tussq.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [S3Hotkey] s3hotkey.exe
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\EMT3\TMESRV31.EXE /Logon
O4 - HKLM\..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\EMT3\TMERzCtl.EXE /Service
O4 - HKLM\..\Run: [TMEEJME.EXE] C:\Program Files\TOSHIBA\EMT3\TMEEJME.EXE
O4 - HKLM\..\Run: [TMESBS.EXE] C:\Program Files\TOSHIBA\EMT3\TMESBS32.EXE /Client
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 02
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [TosHKCW.exe] C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\ereg.ini"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://pablouci.spaces.msn.com//PhotoUp ... nPUpld.cab
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleAc ... refid=1123
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O20 - Winlogon Notify: tussq - C:\WINDOWS\system32\tussq.dll
O20 - Winlogon Notify: winykz32 - winykz32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Tmesbs32 (Tmesbs) - Unknown owner - C:\Program Files\TOSHIBA\EMT3\Tmesbs32.exe" /Service (file missing)
O23 - Service: Tmesrv3 (Tmesrv) - Unknown owner - C:\Program Files\TOSHIBA\EMT3\Tmesrv31.exe" /Service (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZONELABS\vsmon.exe
cellardoor
Active Member
 
Posts: 7
Joined: August 6th, 2006, 9:14 pm
Top

Unread postby Shaba » August 10th, 2006, 2:07 am

Hi

Yes, you have Vundo infection. KillBox can't delete it, that's true.

Let's get rid of it :)

Please download VundoFix.exe to your desktop.
    * Double-click VundoFix.exe to run it.
    * Put a check next to Run VundoFix as a task.
    * You will receive a message saying vundofix will close and re-open in a minute or less. Click OK
    * When VundoFix re-opens,Click Scan for Vundo button.
    * Once the scan is complete, Right Click inside the listbox (white box) and click add more files
    * Copy&Paste the 2 entries below into the top 2 boxes

    o C:\WINDOWS\system32\tussq.dll
    o C:\WINDOWS\system32\qssut.*

    * Click Add Files and Click Close Window
    * Click the Remove Vundo button.
    * You will receive a prompt asking if you want to remove the files, click YES
    * Once you click yes, your desktop will go blank as it starts removing Vundo.
    * When completed, it will prompt that it will shutdown your computer, click OK.
    * Turn your computer back on.
    * Please post the contents of C:\vundofix.txt and a new HiJackThis log.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland
Top

Unread postby cellardoor » August 10th, 2006, 4:52 pm

Thanks it seems clear for me, I really appreciate everything.


VundoFix V5.1.7

Running as SYSTEM
from c:\windows\system32\VundoFix.exe

Checking Java version...

Java version is 1.5.0.6

Scan started at 15:33:07 10/08/2006

Listing files found while scanning....

C:\windows\system32\tussq.dll
C:\windows\system32\qssut.ini
C:\windows\system32\qssut.bak2

Beginning removal...

The process smss.exe was successfully stopped

The process winlogon.exe was successfully stopped

The process explorer.exe was successfully stopped

The process iexplore.exe was successfully stopped

The process rundll32.exe was successfully stopped

Attempting to delete C:\windows\system32\tussq.dll
C:\windows\system32\tussq.dll Has been deleted!

Attempting to delete C:\windows\system32\qssut.ini
C:\windows\system32\qssut.ini Has been deleted!

Attempting to delete C:\windows\system32\qssut.bak2
C:\windows\system32\qssut.bak2 Has been deleted!

Performing Repairs to the registry.
Done!


HijackThis.log

Logfile of HijackThis v1.99.1
Scan saved at 22:43:14, on 10/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\s3hotkey.exe
C:\WINDOWS\system32\S3Tray2.exe
C:\WINDOWS\System32\00THotkey.exe
C:\WINDOWS\system32\TPWRTRAY.EXE
C:\Program Files\TOSHIBA\EMT3\TMERzCtl.EXE
C:\Program Files\TOSHIBA\EMT3\TMEEJME.EXE
C:\Program Files\TOSHIBA\EMT3\TMESBS32.EXE
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TOSHIBA\EMT3\Tmesbs32.exe
C:\Program Files\TOSHIBA\EMT3\Tmesrv31.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Program Files\LimeWire\LimeWire 4.2.6 Pro\LimeWire.exe
C:\HJT\HJT.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.microsoft.com/isapi/redir.dl ... cid=0x040c
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {FEE492B9-1FA8-441C-9617-F1D4C6797997} - C:\WINDOWS\system32\tussq.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [S3Hotkey] s3hotkey.exe
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\EMT3\TMESRV31.EXE /Logon
O4 - HKLM\..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\EMT3\TMERzCtl.EXE /Service
O4 - HKLM\..\Run: [TMEEJME.EXE] C:\Program Files\TOSHIBA\EMT3\TMEEJME.EXE
O4 - HKLM\..\Run: [TMESBS.EXE] C:\Program Files\TOSHIBA\EMT3\TMESBS32.EXE /Client
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 02
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [TosHKCW.exe] C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\ereg.ini"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://pablouci.spaces.msn.com//PhotoUp ... nPUpld.cab
O16 - DPF: {712362BF-E411-4F43-99D2-EB15F80AF1DB} (MsneDiag Class) - http://entimg.msn.com/client/msnediag4331.cab
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleAc ... refid=1123
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) - http://entimg.msn.com/client/msnmusax4331.cab
O20 - Winlogon Notify: winykz32 - winykz32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Tmesbs32 (Tmesbs) - Unknown owner - C:\Program Files\TOSHIBA\EMT3\Tmesbs32.exe" /Service (file missing)
O23 - Service: Tmesrv3 (Tmesrv) - Unknown owner - C:\Program Files\TOSHIBA\EMT3\Tmesrv31.exe" /Service (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZONELABS\vsmon.exe
cellardoor
Active Member
 
Posts: 7
Joined: August 6th, 2006, 9:14 pm
Top

Unread postby Shaba » August 11th, 2006, 2:26 am

Hi

Yes, that looks good :)

Open HijackThis, click do a system scan only and checkmark these:

O2 - BHO: (no name) - {FEE492B9-1FA8-441C-9617-F1D4C6797997} - C:\WINDOWS\system32\tussq.dll (file missing)
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleAc ... refid=1123
O20 - Winlogon Notify: winykz32 - winykz32.dll (file missing)

Close all windows including browser and press fix checked.

Reboot

Please do an online scan with Kaspersky Online Scanner. You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then start to download the latest definition files.
  • Once the scanner is installed and the definitions downloaded, click Next.
  • Now click on Scan Settings
  • In the scan settings make sure that the following are selected:

    o Scan using the following Anti-Virus database:

    + Extended (If available otherwise Standard)

    o Scan Options:

    + Scan Archives
    + Scan Mail Bases

  • Click OK
  • Now under select a target to scan select My Computer
  • The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button
  • Save the file to your desktop.
  • Copy and paste that information in your next post.


Send:

- a fresh HijackThis log
- kaspersky report.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland
Top

Unread postby cellardoor » August 11th, 2006, 8:11 am

Hi,
Here is my new log file and virus report

Logfile of HijackThis v1.99.1
Scan saved at 14:08:50, on 11/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\s3hotkey.exe
C:\WINDOWS\system32\S3Tray2.exe
C:\WINDOWS\System32\00THotkey.exe
C:\WINDOWS\system32\TPWRTRAY.EXE
C:\Program Files\TOSHIBA\EMT3\TMERzCtl.EXE
C:\Program Files\TOSHIBA\EMT3\TMEEJME.EXE
C:\Program Files\TOSHIBA\EMT3\TMESBS32.EXE
C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TOSHIBA\EMT3\Tmesbs32.exe
C:\Program Files\TOSHIBA\EMT3\Tmesrv31.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HJT.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.microsoft.com/isapi/redir.dl ... cid=0x040c
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [S3Hotkey] s3hotkey.exe
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\EMT3\TMESRV31.EXE /Logon
O4 - HKLM\..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\EMT3\TMERzCtl.EXE /Service
O4 - HKLM\..\Run: [TMEEJME.EXE] C:\Program Files\TOSHIBA\EMT3\TMEEJME.EXE
O4 - HKLM\..\Run: [TMESBS.EXE] C:\Program Files\TOSHIBA\EMT3\TMESBS32.EXE /Client
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 02
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [TosHKCW.exe] C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/ka ... nicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://pablouci.spaces.msn.com//PhotoUp ... nPUpld.cab
O16 - DPF: {712362BF-E411-4F43-99D2-EB15F80AF1DB} (MsneDiag Class) - http://entimg.msn.com/client/msnediag4331.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) - http://entimg.msn.com/client/msnmusax4331.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Tmesbs32 (Tmesbs) - Unknown owner - C:\Program Files\TOSHIBA\EMT3\Tmesbs32.exe" /Service (file missing)
O23 - Service: Tmesrv3 (Tmesrv) - Unknown owner - C:\Program Files\TOSHIBA\EMT3\Tmesrv31.exe" /Service (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZONELABS\vsmon.exe






-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, August 11, 2006 1:41:12 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 11/08/2006
Kaspersky Anti-Virus database records: 214061
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 68605
Number of viruses found: 2
Number of infected objects: 362 / 0
Number of suspicious objects: 0
Duration of the scan process: 01:27:42

Infected Object Name / Virus Name / Last Action
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\Temp\ZLT0364a.TMP Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\$_hpcst$.hpc Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\CELLARDOR.ldb Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\imsDebug.log Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Administrateur\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Administrateur\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Administrateur\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Administrateur\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\1st Evidence Remover v2.2.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\246 Arcade Games FTP!.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\3D MP3 Sound Recorder 3.6.5.3.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\3D Photo Browser v8.5.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\3D War Chess 1.1.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\3GP Video Converter v1.2.25.416.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\ACDSee PowerPack 7.0.43.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\ADSLKeepalive Version v3.1 FULL.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\AJSystems Eazy Backup v3.0.4.500.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\ASCII Art Studio 2.1.1.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\ASPMaker 2.2.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Abbyy Fine Reader 8.0.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Able2Extract Pro 3.0.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Access Lock v2.8.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\AceMoney v3.1.2.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Acoustica Mixcraft v2.01.41.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Acoustica Spin It Again 1.1.18.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Activestate Komodo v2.5.1.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Add Remove Plus 2003 v4.0.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Adobe InDesign 3.0.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Adobe InDesign CS2 4.0.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\AdsEliminator 1.0.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Advanced Emailer v3.1.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Advanced Internet Kiosk v3.1.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Advanced Registry Tracer 2.11.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Advanced Uninstaller PRO 2006 7.52.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Age of Empires Gold Edition ISO.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Amazon DVD Shrinker v2.4.3.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Amust Registry Cleaner v2.0.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Anti Keylogger Elite v1.6.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Anti Tracks 5.98.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\AnyDVD 5.9.6.0.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Ap PDF Split Merge v2.3.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Apbackup 2.7.2047.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Apollo DVD Creator v2.2.0.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Apple QuickTime 5.02.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Arc DVD Copy v1.2.4.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Arovax AntiSpyware 1.0.584.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\AsMask v2.6.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Ashampoo Magic Defrag 1.10.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Audio Editor Gold 2006 v7.6.3.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Audio Recorder Pro v3.12.1.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Audio Recorder Pro v3.13 Build 1.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\AudioVideo To MP3 Maker 3.0.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\AutoPrint 3.05.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\AutoPrint v3.05.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\AutoScreenRecorder Pro 2.1.281.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\AutoTyping Pro v1.3.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Autoftp Premium 4.6.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Avatar Software MSIStudio 3.2.04.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\B2 Spice AD Professional v4.2.13.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Backupawy v1.0.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Batch Video Converter v1.3.6.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\BatchRename 2 v2.62.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Beads v1.0 Retail.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\BearShare Pro v5.2.1.3.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Bet On Soldier.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Black and White 2.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Blindwrite Suite 5.2.2.136.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Blot Digital Photo Album v1.0.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\BoomBox Radio.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Bopup Messenger v4.2.1.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\CD Wave Editor v1.94.8.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Cache View v2.6.01.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Camtasia Studio 2.0.1.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Championship Manager 4.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Cheetah DVD Burner v1.14.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Child Control 2005 v7.210.0.0.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\ChrisTweak 1.40.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\CinemaCraft Encoder SP v2.70.02.04.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\CleanCenter 1.32.104.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Command and Conquer Generals.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\ComputerTime 1.0.1.11.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Conflict Global Storm.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Cool Resizer 2006 v2.0.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Copy DVD Gold 2.01.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\CopyPod Photo 1.10.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Counter-Strike Source (NO STEAM Version).exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Crash Proof Retail.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Crazytalk 4.0.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Crossword Forge v4.5.10.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\CyberGauge 6.5.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\DSL Speed Up.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\DUngeon Siege II.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\DVD Creator v1.25.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\DVD Genie 4.10.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\DVD Ghost 2.20.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\DVD Rebuilder Pro v1.03 SuperSet.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\DVD Region CSS Free v5.972.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\DVD Ripper Platinum v4.0.35.1214.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\DVD X Player 4.0.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\DVD X Utilities 2.1.0.1.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\DVD to PSP Converter v4.0.35.1214.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\DVD-Rebuilder 1.08.1PRO.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Dameware NT Utilities 5.0.1.1.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Database Tour v5.0.5.629.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Datakeeper 5.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Dead To Rights 2.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Deus Ex.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\DiamondCS Port Explorer v2.110.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\DigitByte CD DVD Data Recovery 1.0.654.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\DigitByte WAV Splitter 1.0.305.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Directory Opus v6.2.5.7.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\DiskClerk v3.2.8.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\DiskExplorer for NTFS v3.01.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\DiskRecovery v4.0.1231.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Donnie Darko.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Dr. Regener Private Session 4 IE ver 3.1.0.0 [Multi].exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Driver Genius Professional 2005 5.1.915.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Droppix Recorder 1.74.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Drug Lord 2.1.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\EVEREST Ultimate 2.80.565.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Easy DVD CD Burner v3.0.58.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Easy Desktop Keeper v1.7.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Easy FlashMaker 1.3.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Easy Mail 3.1.34.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Easy Mail Plus 1.7.93.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Easy ScreenSaver Studio v4.0.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Easy Video Converter 4.5.1.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Empire Earth English.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Encryption Workshop 3.0.50623.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\ExamXML v2.23.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\F-Album 1.6.1.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\FIM Speedway Grand Prix.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\FantaMorph v3.1.1.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Far Cry.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Fast Browser Pro v6.03.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Fight Night Round 3 [FULLDVD NTSC - PS2+XBOX].exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Finding Nemo.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Fish Tycoon.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Flash Player Pro v2.6.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\FlashyEffects v1.0.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Framing Studio v1.25.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Freedom Figthers ISO.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Fresh UI 7.42.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\FullShot Enterprise 9.0.1.0.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\GS Scheduler v1.32.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Gallop Racer 2006 PS2.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Game Collector 2.02.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Game Collector v2.21.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\GameBoost v1.5.8.2006.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Gene6 FTP Server Professional v3.6.0.23.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\GigAlarm v1.281.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Glarysoft Registry Repair 1.45.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Global DiVX Player.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Golden FTP Server Pro 2.70.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\HTMLSpeed v1.0.3.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Halo Combat Evolved.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Harry Potter and the Goblet of Fire.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Herbie Fully Loaded.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Hero DVD Player 3.0.8.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\HiDownload Pro 6.8.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Hide IP Platinum 2.7.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Hide IP Platinum v2.1.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Hide IP v1.63.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Home Alone 4.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Hoot Xvid.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\I-Navigation v3.1.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\IBM Websphere Voice Server v5.1.3.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\ICQ Lite.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\IQRSoft CloneSensor v1.1.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Ice Age The Meltdown (2006).exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\IconCool Studio v1.2 Build 624.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Infix PDF Editor 1.300.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\InsidePro SAMInside v2.5.4.0.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Intel C Plus Plus Compiler v9.0.024.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\IntroCreator v2.00.020031.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Iolo Search and Recover v3.0c.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\IphotoDVD 1.67.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Isobuster V1.8.0.4.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Jasob v1.5.1.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\JavaScript Coder v1.0.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Jeroboam ver. 5.08.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Kazaa Lite K 2.1.1 RC 11.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\KoolMoves v5.1.8.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Lavavo CD Ripper v4.14.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Links Organizer 2.0.154.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Logo Design Studio V.2005.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Longtion AutoRun Pro v6.0.1.40.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Lord Of War.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\MP3 Easy v3.1 Beta 1.4.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\MP3Producer v2.49.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Magic Utilities 2.70.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Magic Utilities 2006 4.31.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\MagicISO Maker v5.1.0184.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\MagicMedia v3.27.51213.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Mega Man X8.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Mercenary for Justice - Steven Seagal TS RMVB.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Mission Impossible III 2006 VCD CAM-SaGa.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\MobileDJ Pro v1.3.0.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Motion Studio v.3.0.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Motor City Online.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Movie Label 2006 1.0.5 Build 155.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Mp3 Doctor 5.10.95.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Mr. & Mrs. Smith.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Mr. Boom 3.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Msn Messenger 8 Beta.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\My Password Manager 1.4.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\My Stuff 2.1.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\MySQL Front v3.2.10.6.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\NASA World Wind v1.3.4.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\NeatPhoto v1.10.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\NeoPaint 4.5.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Nero Sepps 20.43.13.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\NeroMix v1.4.0.16.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Net Meter v3.0.0.236.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Nexagon Deathmatch.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Night Mission Pinball.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\No1 Dvd Ripper V1.3.50.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Nolo LLC Maker 1.5.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Office DocumentsRescue Pro 4.0.138.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Offline Explorer 3.9.2104 SR-1.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Offline Explorer Enterprise ver. 4.1.2328.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Oldboy DVDRip Xvid.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Outlook Backup Assistant v1.0.2.28 [German].exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\PC Auto Shutdown 1.6.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\PC Pool Challenge.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\PC Prowler 1.0.5b.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\PCHeal v1.58.2006.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\PCSX2 PS2 Emulator.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\PSP Video Converter v1.2.11.1005.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\PSP Video Converter v2.1.55.1220b.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Paradise Sokal.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\PartyDJ v5.2.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\PhotoWatermark Professional v6.0.5.5.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Photogather Luxury ver. 7.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\PipeFun v2.3.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Pocket Tanks Deluxe.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Power DVD Ripper v1.00.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Power Spy 2006 4.1.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\PowerDVD 6.0.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Premier Manager 2002-2004.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Pretty Icon Maker v.1.5.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Prince of Persia Sands of Time.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\ProShow Producer 2.6.1775.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Pronto Survey v1.1.3.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\ProxyPlus v3.00.256.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Public PC Desktop v3.1.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\QSetup Installation Suite v7.0.4.0.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\RIP Vinyl v3.38.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\RTC Wolfenstein E.T..exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\RTCW Enemy Territory.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Rails Across America.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\RalliSport Challenge.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\ReGet Deluxe 4.2.262.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Recover My Files 3.94.4393.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\RecoverEXE v1.0.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Red Faction 1 v1.2 Retail ISO Download Size is 767MB.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\RegDoctor 1.5.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Registery Washer 1.38.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Registry Clean Expert 3.66.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Remo 3D v1.0.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Risk II - Game.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Rocky Mountain Trophy Hunter 3.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Roxio Easy Media Creator v8.0 Suite.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\SaveFlash 3.0.59.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Setup Factory 7.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Shrek 2 (dvd Rip).exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Silent hill 4 The room.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Skateboard Park Tycoon 2004.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Skype V 1.4.0.84.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Slide Show to Go v8.3.1.64.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Slideshow Pro 9.84.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Smart Ads Blocker Pro v4.2.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Smart Undelete v2.5.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\SmartWrap for Windows 1.7.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Soldier of Fortune II Double Helix Gold ISO.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Soldier of Fortune.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Something New FS DVDRip XviD-LMG.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Sony Vegas 6.0c.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Sothink SWF Decompiler . 3.0 Build 60330.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Soundmasker Deluxe v5.0.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Speed Video Converter 3.0.11.16.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Spy Emergency 2005 v2.0.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Spy Eye v1.007.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Spy Kill Deluxe Edition V3.1.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Spy Kill Deluxe Edition v2.3.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Spy Sweeper 3.2 147.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\SpyRemover 2.08.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\SpyRemover 2.54.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\SpyRemover v2.50.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Spyware Doctor 2.1.0.254.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\StarCraft + Expansion Brood War.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\State of Emergency.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Steganos Security Suite 2006 8.0.3.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Storage Encryption Tool V1.2.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Street Sports BasketBall.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Style XP 3.17.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Super DVD Copier v5.6.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Super Text Search v2.82.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Super Utilities 6.1.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Super Utilities Pro 6.21.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Super Video Converter v1.9.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\SuperAdBlocker v2.0.0.1400.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Synapticad All Products v10.18f.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Temple Of Bricks.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Terminator 3 War of the Machines.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Text Buttons v4.3c.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\The Cave DVDRip RMVB.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\The Dukes of Hazzard (2005).exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\The Longest Yard 2005.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\The Pink Panther (2006).exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\The Punisher (Rip).exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\The Return DVDRip Xvid.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\The Sims ISO.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\ThinSoft BeTwin v2.0.227.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\ThinSoft WinConnect Server XP 2.0.20.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Tiger Woods PGA Tour 2006.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Tomb Raider 5 Chrononicles.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Top 10 IP Privacy Utilities AiO.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\TopDesk v1.4.1.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Toplang Ad Killer v7.1.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Trellian Bid Tracker v1.03.004.5679.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Trend Micro PC Cillin Internet Security v14.1.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\TuneUp Utilities 2006.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\TurboFTP 4.60 Build 438.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\TwinPlayer v4.06.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Twistpad v1.0.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Ultra DVD Creator v1.1.2.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Ultra MPEG to DVD Burner v1.1.2.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Ultra MPEG to DVD Burner v1.4.0.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\UltraEdit-32 v12.00a.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\UltraISO Media Edition 7.6.6.1308.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\VMWare Workstation 5.5.19175.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\VSO ConvertXToDVD 2.0.12.126.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Vital Desktop Video v1.3.8.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\W32.Sobig.F@mm Removal Tool.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\War On Terror.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\War of the States.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Web Log Suite Pro v3.01.0194.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Web Site Zapper v3.1.0.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Webcam Zone Trigger v1.7.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Will Rock.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\Willing Webcam v3.4.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\WinASO Registry Optimizer 1.5.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\WinASO Registry Optimizer v2.53.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\WinAmp 5.01.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\WinHex v12.5.SR-5.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\WinPatrol v9.7.0.18.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\WinQuota v2.04.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\WinTools Net v2.4.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\WinXP Manager 4.97.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\WiseDesktop 1.2.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\WonderShare PowerPoint2DVD v2.2.4.122.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Administrateur\.housecall\Quarantine\X-Chat 2.4.5b.exe.bac_a03524 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Ad
cellardoor
Active Member
 
Posts: 7
Joined: August 6th, 2006, 9:14 pm
Top

Unread postby Shaba » August 11th, 2006, 11:47 am

Hi

Boot in safe mode -> http://www.pchell.com/support/safemode.shtml

Empty this folder (delete all files, but not the directory itself):

C:\Documents and Settings\Administrateur\.housecall\Quarantine\

Empty Recycle Bin.

Reboot

Re-scan with kaspersky

Send:

- a fresh HijackThis log
- kaspersky report.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland
Top

Hi here is my new log and scan files...

Unread postby cellardoor » August 18th, 2006, 7:16 pm

Hi, sorry for the retard but i was in vacations for a week :P.

Here is my new log HJT file and the new scan file.

Logfile of HijackThis v1.99.1
Scan saved at 01:13:25, on 19/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TOSHIBA\EMT3\Tmesbs32.exe
C:\Program Files\TOSHIBA\EMT3\Tmesrv31.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\s3hotkey.exe
C:\WINDOWS\system32\S3Tray2.exe
C:\WINDOWS\System32\00THotkey.exe
C:\WINDOWS\system32\TPWRTRAY.EXE
C:\Program Files\TOSHIBA\EMT3\TMERzCtl.EXE
C:\Program Files\TOSHIBA\EMT3\TMEEJME.EXE
C:\Program Files\TOSHIBA\EMT3\TMESBS32.EXE
C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HJT.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.microsoft.com/isapi/redir.dl ... cid=0x040c
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [S3Hotkey] s3hotkey.exe
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\EMT3\TMESRV31.EXE /Logon
O4 - HKLM\..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\EMT3\TMERzCtl.EXE /Service
O4 - HKLM\..\Run: [TMEEJME.EXE] C:\Program Files\TOSHIBA\EMT3\TMEEJME.EXE
O4 - HKLM\..\Run: [TMESBS.EXE] C:\Program Files\TOSHIBA\EMT3\TMESBS32.EXE /Client
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 02
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [TosHKCW.exe] C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/ka ... nicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://pablouci.spaces.msn.com//PhotoUp ... nPUpld.cab
O16 - DPF: {712362BF-E411-4F43-99D2-EB15F80AF1DB} (MsneDiag Class) - http://entimg.msn.com/client/msnediag4331.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) - http://entimg.msn.com/client/msnmusax4331.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Tmesbs32 (Tmesbs) - Unknown owner - C:\Program Files\TOSHIBA\EMT3\Tmesbs32.exe" /Service (file missing)
O23 - Service: Tmesrv3 (Tmesrv) - Unknown owner - C:\Program Files\TOSHIBA\EMT3\Tmesrv31.exe" /Service (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZONELABS\vsmon.exe

next the new scan file do with KASPERSKY

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, August 19, 2006 12:57:42 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 18/08/2006
Kaspersky Anti-Virus database records: 216209
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 67320
Number of viruses found: 1
Number of infected objects: 2 / 0
Number of suspicious objects: 0
Duration of the scan process: 01:06:28

Infected Object Name / Virus Name / Last Action
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\Temp\ZLT06bda.TMP Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\$_hpcst$.hpc Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\CELLARDOR.ldb Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\imsDebug.log Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Administrateur\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Administrateur\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrateur\Local Settings\Historique\History.IE5\MSHist012006080720060814\index.dat Object is locked skipped
C:\Documents and Settings\Administrateur\Local Settings\Historique\History.IE5\MSHist012006081820060819\index.dat Object is locked skipped
C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Administrateur\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Administrateur\ntuser.dat.LOG Object is locked skipped
C:\!Submit\tussq.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.cq skipped
C:\VundoFix Backups\tussq.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.cq skipped

Scan process completed.


See you soon..
Bye
cellardoor
Active Member
 
Posts: 7
Joined: August 6th, 2006, 9:14 pm
Top

Unread postby Shaba » August 19th, 2006, 4:35 am

Hi

Logs look good

How are things running now?
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland
Top

It works perfectly, thanks MalWare stuff and Shaba

Unread postby cellardoor » August 19th, 2006, 11:07 am

Hi,

thanks for your answerd and your help my laptop works much better.
Thanks for everything.

Sincerely
JP
Keep in touche
Bye
cellardoor
Active Member
 
Posts: 7
Joined: August 6th, 2006, 9:14 pm
Top

Unread postby Shaba » August 19th, 2006, 11:45 am

Glad to hear :)

You're clean!

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

  • Disable and Enable System Restore. - If you are using Windows XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.

    You can find instructions on how to enable and reenable system restore here:

    Windows XP System Restore Guide

Reenable system restore with instructions from tutorial above

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialize and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • Change the Navigate sub-frames across different domains to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.


See this link for a listing of some online & their stand-alone antivirus programs:

Virus, Spyware, and Malware Protection and Removal Resources


  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.

    A tutorial on installing & using this product can be found here:

    Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

Here are some additional utilities that will enhance your safety

  • IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
  • Google Toolbar <= Get the free google toolbar to help stop pop up windows.
  • Winpatrol <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
    Using Winpatrol to protect your computer from malicious software


Stand Up and Be Counted ---> Malware Complaints <--- where you can make difference!

The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.

Also, please read this great article by Tony Klein So How Did I Get Infected In First Place

Happy surfing and stay clean!
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland
Top

Unread postby NonSuch » August 21st, 2006, 4:00 pm

Glad we could be of assistance.

This topic is now closed. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Please do not contact us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Top
Advertisement
Register to Remove
Topic locked
  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 174 guests

The teamDelete all board cookiesAll times are UTC - 5 hours [ DST ]

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware

Board index