Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

network problem

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

network problem

Unread postby jimbojet » September 14th, 2007, 5:08 pm

Dear All

You very recently cleared up a RustockB problem for me on a laptop which I run on a home network, alongside my desktop. While you assured me that there should be no problem, my desktop does run slow at times (but maybe that's just age), and I have been the victim of identity theft, so I'd like to make sure this machine is clean, too. I'd be ever so grateful if you could cast your expert eyes over this HJT log

best

Jim

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:04:44, on 14/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Omni\OmniMouse Driver\4.06\MOUSE32A.EXE
C:\Program Files\Omni\Omni keyboard driver\5.0\KbdAp32A.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\TrojanHunter 4.7\THGuard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\IntelliWebSearch\IntelliWebSearch.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Novosoft\Handy Backup\hbagent.exe
C:\PROGRA~1\MOZILL~2\thunderbird.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\Nuance\NaturallySpeaking9\Program\natspeak.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe
C:\Program Files\HiJack this\scanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Omni\OmniMouse Driver\4.06\MOUSE32A.EXE
O4 - HKLM\..\Run: [LWBKEYBOARD] C:\Program Files\Omni\Omni keyboard driver\5.0\KbdAp32A.exe
O4 - HKLM\..\Run: [DNS7reminder] "C:\Program Files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\Nuance\NaturallySpeaking9\Ereg.ini
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.7\THGuard.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\WANADOO\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [IntelliWebSearch] C:\Program Files\IntelliWebSearch\IntelliWebSearch.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Handy Backup 5.4] C:\Program Files\Novosoft\Handy Backup\hbagent.exe -logon
O4 - HKCU\..\RunOnce: [FFTI] C:\Documents and Settings\ACER Propriétaire\Application Data\Mozilla\Firefox\Profiles\h1lxxqyq.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Documents and Settings\ACER Propriétaire\Application Data\Mozilla\Firefox\Profiles/h1lxxqyq.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O8 - Extra context menu item: Add to EverNote - res://C:\Program Files\EverNote\EverNote\enbar.dll/2000
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download web site with Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Program Files\EverNote\EverNote\enbar.dll
O9 - Extra 'Tools' menuitem: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Program Files\EverNote\EverNote\enbar.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://global.acer.com/
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.c ... 040510.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 8595848300
O17 - HKLM\System\CCS\Services\Tcpip\..\{0325D733-8E8F-45DC-A80E-4940F5747442}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{0325D733-8E8F-45DC-A80E-4940F5747442}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{0325D733-8E8F-45DC-A80E-4940F5747442}: NameServer = 192.168.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: hblogon - C:\WINDOWS\SYSTEM32\hblogon.dll
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 11949 bytes
jimbojet
Regular Member
 
Posts: 24
Joined: September 1st, 2007, 1:48 pm
Location: St ALban deRoche
Advertisement
Register to Remove

Unread postby Bob4 » September 14th, 2007, 6:22 pm

Hello again Jim,
One thing I would like to clarify first.
When I said

The infection itself is not a network installed
Rustsock wasn't a problem
I meant: It wasn't network aware.
That meant it wasn't going to go through your network to the other machine.
NOT! That you would have any problems on this machine.
Which you do I'm sorry to say. :(


Let's get on with it shall we ?

_________________________________




Please only use this topic to reply to. Do not start another thread.
If any other issues arise let me know.
The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear. So lets do this to the end!

  • All hijackthis logs I ask for should be done in normal mode ( not safe mode)
  • These logs should be done last after you have followed my instructions in the previous post.

____________________________


Now I see you have installed AVG anti Virus program. Also Nortons anti virus.
Maybe you meant to install AVG anti malware. It can get confusing at times.
We will be installing AVG anti Malware in just a bit.
That means you have 2 anti virus programs installed. This is not a good idea.
They will confilct with each other and provide less protection not to mention use up needed resourses.
I suggest you uninstall one of them now.
It's up to you which to uninstall.


______________________________
HJT
Run hijackthis and choose scan only and place a check by the following lines if present.
Close all other windows and browsers except HJT before clicking on Fix Checked


O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

O20 - Winlogon Notify: hblogon - C:\WINDOWS\SYSTEM32\hblogon.dll

_______________________________________


___________________________________
Search for and remove
Now I want you to search for and delete the following folder and all it's contents if present. If you need help finding them.
Click start /search/ all files and folders/ look for More advanced options. once in there select the first 3 boxes.
Please just remove the files/folders I listed in BOLD

C:\WINDOWS\SYSTEM32\hblogon.dll






______________________________

Download and install CCleaner from here


If you use either the Firefox or Mozilla browsers, the box to uncheck for Cookies is on the Applications tab, under Firefox/Mozilla.

  • Set Cookie Retention.
    Click on the Options block on the left, then choose Cookies.
    Under the Cookies to delete pane, highlight any cookies you would like to retain permanently (those companies or sites with which you regularly visit or do business), and click the right arrow > to move them to the Cookies to keep pane.
  • Reset Temp File Removal for Regular Use.
    Click on the Options block on the left. Select the Advanced button.
    Check "Only delete files in Windows Temp folders older than 48 hours".


    Now run the program and click on Run Cleaner
    ( Do not use the Issues block to clean anything with this program. It is for experts only and it is risky).


AVG Anti-Spyware:
________________________________________
Download the trial version of AVG Anti-Spyware from here and install it. When the program has been installed, and you click the Finish button, AVG Anti-Spyware will open. Do not run a scan yet.

If the program does not automatically update itself during installation, or you are unsure whether it has done so, please do the following:
  • Click the Update icon at the top and under Manual Update click the Start update button.
  • The program will either update or inform you that no update was available.
  • It is essential that you get the update - keep trying until successful. (Note: If you have problems getting the update, you can download an installer for the full database from here (save it on your desktop). Once you have downloaded the installer, make sure that AVG Anti-Spyware is closed and then double-click on avgas-signatures-full-current.exe to install the database).



    Reboot your computer in Safe Mode.
    • If the computer is running, shut down Windows, and then turn off the power.
    • Wait 30 seconds, and then turn the computer on.
    • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
    • Ensure that the Safe Mode option is selected.
    • Press Enter. The computer then begins to start in Safe mode.
    • Login on your usual account.
    • Open up AVG anti Malware

Please set up the program as follows:
  • Click the Shield icon at the top and under Resident shield is... click active. This should now change to inactive.
  • Click the Update icon and untick the automatic update option.
  • Click on Scanner on the toolbar.
  • Click on the Settings tab.
    • Under How to act? - make sure that Quarantine is selected.
    • Under How to scan? - All checkboxes should be ticked.
    • Under Possibly unwanted software - All checkboxes should be ticked.
    • Under Reports - Select Do not automatically generate reports.
    • Under What to scan? - Select Scan every file.
Close all open windows.
  • Click on Scanner on the toolbar.
  • Click on Complete System Scan to start the scan process.
  • Let the program scan your computer.
  • When the scan has finished, follow the instructions below:
  • Make sure that Set all elements to: shows Quarantine
  • Important: Click on the Apply all Actions button (*** This must done before saving the report ***)
  • When the program has finished, it will display the message All actions have been applied.
  • Then click the Save Scan Report button.
  • Click the Save Report as button.
  • Save the report to your Desktop.
  • Right-click the AVG Tray Icon and select Exit.
  • Reboot in normal mode.

____________________________


This program. I can find very little info on this program in my languge.
I see that it is a free program so that's reason enough for me to look closer anyway. Good chance it's OK. ;)

O4 - HKCU\..\Run: [IntelliWebSearch] C:\Program Files\IntelliWebSearch\IntelliWebSearch.exe

_____________________________
Submit a file to Jotti
Please go here : http://virusscan.jotti.org/
On top of the page there is a field to add the filepath, copy and paste these filepaths: 1 at a time.


C:\Program Files\IntelliWebSearch\IntelliWebSearch.exe


Then hit Submit
The scan will take a while before the result comes up so please be patient.
Then copy the result and post it here in this thread.

If Jotti's service load is too high, you can use the following scanner instead:
http://www.virustotal.com/xhtml/index_en.html





_____________________________
In your next reply I would like to see:
  • A new HJT log
  • The report from AVG antimalware
  • The report from Jottis/vius total

User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6073
Joined: November 12th, 2005, 11:26 am
Location: Florida

Unread postby jimbojet » September 15th, 2007, 11:45 am

hello again

First the new HJT


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:37:11, on 15/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Omni\OmniMouse Driver\4.06\MOUSE32A.EXE
C:\Program Files\Omni\Omni keyboard driver\5.0\KbdAp32A.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\TrojanHunter 4.7\THGuard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\IntelliWebSearch\IntelliWebSearch.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Novosoft\Handy Backup\hbagent.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\HiJack this\scanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Omni\OmniMouse Driver\4.06\MOUSE32A.EXE
O4 - HKLM\..\Run: [LWBKEYBOARD] C:\Program Files\Omni\Omni keyboard driver\5.0\KbdAp32A.exe
O4 - HKLM\..\Run: [DNS7reminder] "C:\Program Files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\Nuance\NaturallySpeaking9\Ereg.ini
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.7\THGuard.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\WANADOO\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [IntelliWebSearch] C:\Program Files\IntelliWebSearch\IntelliWebSearch.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Handy Backup 5.4] C:\Program Files\Novosoft\Handy Backup\hbagent.exe -logon
O4 - HKCU\..\RunOnce: [FFTI] C:\Documents and Settings\ACER Propriétaire\Application Data\Mozilla\Firefox\Profiles\h1lxxqyq.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Documents and Settings\ACER Propriétaire\Application Data\Mozilla\Firefox\Profiles/h1lxxqyq.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O8 - Extra context menu item: Add to EverNote - res://C:\Program Files\EverNote\EverNote\enbar.dll/2000
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download web site with Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Program Files\EverNote\EverNote\enbar.dll
O9 - Extra 'Tools' menuitem: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Program Files\EverNote\EverNote\enbar.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://global.acer.com/
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.c ... 040510.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 8595848300
O17 - HKLM\System\CCS\Services\Tcpip\..\{0325D733-8E8F-45DC-A80E-4940F5747442}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{0325D733-8E8F-45DC-A80E-4940F5747442}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{0325D733-8E8F-45DC-A80E-4940F5747442}: NameServer = 192.168.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 11789 bytes


Second the AVG report


---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 15:41:15 15/09/2007

+ Scan result:



C:\Program Files\TEXTware\QUICKfind\PlugIns\IEHelp.dll -> Adware.BHO : Cleaned with backup (quarantined).
:mozilla.39:C:\Documents and Settings\Leo\Application Data\Mozilla\Firefox\Profiles\punvgqd4.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Cathy\Cookies\cathy@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.11:C:\Documents and Settings\Leo\Application Data\Mozilla\Firefox\Profiles\punvgqd4.default\cookies.txt -> TrackingCookie.Co : Cleaned.
:mozilla.26:C:\Documents and Settings\Leo\Application Data\Mozilla\Firefox\Profiles\punvgqd4.default\cookies.txt -> TrackingCookie.Co : Cleaned.
:mozilla.27:C:\Documents and Settings\Leo\Application Data\Mozilla\Firefox\Profiles\punvgqd4.default\cookies.txt -> TrackingCookie.Co : Cleaned.
:mozilla.28:C:\Documents and Settings\Leo\Application Data\Mozilla\Firefox\Profiles\punvgqd4.default\cookies.txt -> TrackingCookie.Co : Cleaned.
:mozilla.33:C:\Documents and Settings\Leo\Application Data\Mozilla\Firefox\Profiles\punvgqd4.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.34:C:\Documents and Settings\Leo\Application Data\Mozilla\Firefox\Profiles\punvgqd4.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.35:C:\Documents and Settings\Leo\Application Data\Mozilla\Firefox\Profiles\punvgqd4.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
C:\Documents and Settings\Cathy\Cookies\cathy@connextra[2].txt -> TrackingCookie.Connextra : Cleaned.
C:\Documents and Settings\Cathy\Cookies\cathy@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.38:C:\Documents and Settings\Leo\Application Data\Mozilla\Firefox\Profiles\punvgqd4.default\cookies.txt -> TrackingCookie.Estat : Cleaned.
C:\Documents and Settings\Cathy\Cookies\cathy@search.msn[1].txt -> TrackingCookie.Msn : Cleaned.
C:\Documents and Settings\Cathy\Cookies\cathy@oewabox[1].txt -> TrackingCookie.Oewabox : Cleaned.
C:\Documents and Settings\Cathy\Cookies\cathy@ads.planetactive[1].txt -> TrackingCookie.Planetactive : Cleaned.
:mozilla.16:C:\Documents and Settings\Leo\Application Data\Mozilla\Firefox\Profiles\punvgqd4.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.17:C:\Documents and Settings\Leo\Application Data\Mozilla\Firefox\Profiles\punvgqd4.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.10:C:\Documents and Settings\Leo\Application Data\Mozilla\Firefox\Profiles\punvgqd4.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.6:C:\Documents and Settings\Leo\Application Data\Mozilla\Firefox\Profiles\punvgqd4.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.7:C:\Documents and Settings\Leo\Application Data\Mozilla\Firefox\Profiles\punvgqd4.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.8:C:\Documents and Settings\Leo\Application Data\Mozilla\Firefox\Profiles\punvgqd4.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.9:C:\Documents and Settings\Leo\Application Data\Mozilla\Firefox\Profiles\punvgqd4.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Cathy\Cookies\cathy@m.webtrends[1].txt -> TrackingCookie.Webtrends : Cleaned.
C:\Documents and Settings\Cathy\Cookies\cathy@m.webtrends[2].txt -> TrackingCookie.Webtrends : Cleaned.


::Report end




Third, the Virus Total report

Fichier IntelliWebSearch.exe reçu le 2007.09.15 16:02:47 (CET)
Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE
Résultat: 1/32 (3.13%)
en train de charger les informations du serveur...
Votre fichier est dans la file d'attente, en position: 1.
L'heure estimée de démarrage est entre 39 et 56 secondes.
Ne fermez pas la fenêtre avant la fin de l'analyse.
L'analyseur qui traitait votre fichier est actuellement stoppé, nous allons attendre quelques secondes pour tenter de récupérer vos résultats.
Si vous attendez depuis plus de cinq minutes, vous devez renvoyer votre fichier.
Votre fichier est, en ce moment, en cours d'analyse par VirusTotal,
les résultats seront affichés au fur et à mesure de leur génération.
Formaté Formaté
Impression des résultats Impression des résultats
Votre fichier a expiré ou n'existe pas.
Le service est en ce moment, stoppé, votre fichier attend d'être analysé (position : ) depuis une durée indéfinie.

Vous pouvez attendre une réponse du Web (re-chargement automatique) ou taper votre e-mail dans le formulaire ci-dessous et cliquer "Demande" pour que le système vous envoie une notification quand l'analyse sera terminée.
Email:

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2007.9.14.0 2007.09.14 -
AntiVir 7.6.0.10 2007.09.14 -
Authentium 4.93.8 2007.09.15 -
Avast 4.7.1043.0 2007.09.14 -
AVG 7.5.0.485 2007.09.14 -
BitDefender 7.2 2007.09.15 -
CAT-QuickHeal 9.00 2007.09.15 -
ClamAV 0.91.2 2007.09.15 -
DrWeb 4.33 2007.09.15 -
eSafe 7.0.15.0 2007.09.13 suspicious Trojan/Worm
eTrust-Vet 31.1.5136 2007.09.14 -
Ewido 4.0 2007.09.15 -
FileAdvisor 1 2007.09.15 -
Fortinet 3.11.0.0 2007.09.15 -
F-Prot 4.3.2.48 2007.09.15 -
F-Secure 6.70.13030.0 2007.09.15 -
Ikarus T3.1.1.12 2007.09.15 -
Kaspersky 4.0.2.24 2007.09.15 -
McAfee 5120 2007.09.14 -
Microsoft 1.2803 2007.09.15 -
NOD32v2 2531 2007.09.15 -
Norman 5.80.02 2007.09.14 -
Panda 9.0.0.4 2007.09.14 -
Prevx1 V2 2007.09.15 -
Rising 19.40.52.00 2007.09.15 -
Sophos 4.21.0 2007.09.15 -
Sunbelt 2.2.907.0 2007.09.15 -
Symantec 10 2007.09.15 -
TheHacker 6.2.5.060 2007.09.14 -
VBA32 3.12.2.4 2007.09.15 -
VirusBuster 4.3.26:9 2007.09.14 -
Webwasher-Gateway 6.0.1 2007.09.14 -
Information additionnelle
File size: 212961 bytes
MD5: ff93d95e32b5dcbd5453204ee341c51e
SHA1: e4a8986dbf4a2fdfd104e3b5b6bfcd4b11417474
packers: UPX
packers: UPX
packers: UPX


Best

Jim
jimbojet
Regular Member
 
Posts: 24
Joined: September 1st, 2007, 1:48 pm
Location: St ALban deRoche

Unread postby Bob4 » September 16th, 2007, 7:05 am

Looks as if Virus total found at least something suspicious in that file.
I would consider uninstalling IntelliWebSearch from add/remove programs.

If you do uninstall it have HJT fix this line.

O4 - HKCU\..\Run: [IntelliWebSearch] C:\Program Files\IntelliWebSearch\IntelliWebSearch.exe


_______________________________________


1. Download Combo fix from one of these locations.
http://www.techsupportforum.com/sectool ... mboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply . (c:\comboFix.txt)

Note:
Do not mouse click combofix's window whilst it's running. That may cause it to stall



_____________________________
In your next reply I would like to see:
  • A new HJT log
  • The report from ComboFix
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6073
Joined: November 12th, 2005, 11:26 am
Location: Florida

Unread postby jimbojet » September 16th, 2007, 2:23 pm

Hi

The IntelliWebSearch doesn't actually appear in add/remove programs, so I haven't removed it. From the readme file that comes with the download:

IntelliWebSearch is an AutoHotkey (http://www.autohotkey.com) script compiled with Ahk2Exe (http://www.autohotkey.com/download/Exe2Ahk.exe).

It's a little tool that enables meta-queries on a number of glossary search engines simultaneously (I'm a translator), but I only use it occasionally. I could live without it if it needs to go, but might need instructions on how to get reid of it.

Here are the HJT, followed by the Combofix logs:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:03:11, on 16/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Omni\OmniMouse Driver\4.06\MOUSE32A.EXE
C:\Program Files\Omni\Omni keyboard driver\5.0\KbdAp32A.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\IntelliWebSearch\IntelliWebSearch.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Novosoft\Handy Backup\hbagent.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HiJack this\scanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Omni\OmniMouse Driver\4.06\MOUSE32A.EXE
O4 - HKLM\..\Run: [LWBKEYBOARD] C:\Program Files\Omni\Omni keyboard driver\5.0\KbdAp32A.exe
O4 - HKLM\..\Run: [DNS7reminder] "C:\Program Files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\Nuance\NaturallySpeaking9\Ereg.ini
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.7\THGuard.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\WANADOO\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [IntelliWebSearch] C:\Program Files\IntelliWebSearch\IntelliWebSearch.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Handy Backup 5.4] C:\Program Files\Novosoft\Handy Backup\hbagent.exe -logon
O4 - HKCU\..\RunOnce: [FFTI] C:\Documents and Settings\ACER Propriétaire\Application Data\Mozilla\Firefox\Profiles\h1lxxqyq.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Documents and Settings\ACER Propriétaire\Application Data\Mozilla\Firefox\Profiles/h1lxxqyq.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O8 - Extra context menu item: Add to EverNote - res://C:\Program Files\EverNote\EverNote\enbar.dll/2000
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download web site with Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Program Files\EverNote\EverNote\enbar.dll
O9 - Extra 'Tools' menuitem: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Program Files\EverNote\EverNote\enbar.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://global.acer.com/
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.c ... 040510.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 8595848300
O17 - HKLM\System\CCS\Services\Tcpip\..\{0325D733-8E8F-45DC-A80E-4940F5747442}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{0325D733-8E8F-45DC-A80E-4940F5747442}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{0325D733-8E8F-45DC-A80E-4940F5747442}: NameServer = 192.168.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 11762 bytes



ComboFix 07-09-14.2 - "ACER Propri‚taire" 2007-09-16 18:46:27.1 - FAT32x86
Microsoft Windows XP Â
jimbojet
Regular Member
 
Posts: 24
Joined: September 1st, 2007, 1:48 pm
Location: St ALban deRoche

Unread postby jimbojet » September 21st, 2007, 5:01 pm

Hi there

If I might, I'm just giving you a little friendly nudge. You mentioned in a previosu exchange that on one occasion you hadn't had the e-mail telling you I'd posted, so I'm hoping the same has happened here again, because I've not heard from you since last Sunday. If you're just too busy and up to your eyeballs in people like me, then I'm sorry, I'll just go back into the queue!

All the best

Jim
jimbojet
Regular Member
 
Posts: 24
Joined: September 1st, 2007, 1:48 pm
Location: St ALban deRoche

Unread postby Bob4 » September 26th, 2007, 6:28 am

Hi Jimbojet,
Thanks for the nudge. One of my friends caught it for me.
I have reset the email notifier. I don't know why I don't get emails from this one post. But I will physically check this post from here on in.

The good news is your logs look better now.

Lets get one last scan to be sure.




_________________________________
Please do an online scan with Kaspersky Online Scanner
Click on Kaspersky Online Scanner
You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
The program will launch and then start to download the latest definition files.
Once the scanner is installed and the definitions downloaded, click Next.
Now click on Scan Settings
In the scan settings make sure that the following are selected:
Scan using the following Anti-Virus database:

Extended (If available otherwise Standard)
Scan Options:
Scan Archives
Scan Mail Bases
Click OK

Now under select a target to scan select My Computer


Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the license, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.



The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.

Now click on the Save as Text button:

Save the file to your desktop.

Copy and paste that information in your next post.

________________________

Next reply please post:
A new HJT log

The report from Kasperskys.
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6073
Joined: November 12th, 2005, 11:26 am
Location: Florida

Unread postby jimbojet » September 29th, 2007, 3:46 am

Hi there

Thanks for getting back to me

Here's the kaspersky report, followed by a new HJT log

Best

Jim

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Saturday, September 29, 2007 9:41:31 AM
Système d'exploitation : Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version : 5.0.83.0
Dernière mise à jour de la base antivirus Kaspersky : 28/09/2007
Enregistrements dans la base antivirus Kaspersky : 398842
-------------------------------------------------------------------------------

Paramètres d'analyse:
Analyser avec la base antivirus suivante: standard
Analyser les archives: vrai
Analyser les bases de messagerie: vrai

Cible de l'analyse - Poste de travail:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
M:\

Statistiques de l'analyse:
Total d'objets analysés: 147742
Nombre de virus trouvés: 1
Nombre d'objets infectés: 4 / 0
Nombre d'objets suspects: 0
Durée de l'analyse: 05:51:42

Nom de l'objet infecté / Nom du virus / Dernière action
C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\DEFAULT L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SOFTWARE L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SYSTEM L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\Internet.evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré
C:\WINDOWS\system32\CatRoot2\edb.log L'objet est verrouillé ignoré
C:\WINDOWS\system32\CatRoot2\tmp.edb L'objet est verrouillé ignoré
C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré
C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré
C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré
C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré
C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré
C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré
C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2007-09-28_Log.ALUSchedulerSvc.LiveUpdate L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\SubEng\submissions.idx L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\4C3F3044.TMP L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\7A53B76F.TMP L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtViEvt.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtNvEvt.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtMoEvt.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtScEvt.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtErEvt.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtTxFEvt.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPPolicy.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStart.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStop.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBValid.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBConfig.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBRefr.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBNotify.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg2.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetUsr.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBStHash.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetLoc.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetDev.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDetect.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDebug.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\DRM\drmstore.hds L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Cookies\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\ACER Propriétaire\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\ACER Propriétaire\Local Settings\Temp\~DF1CE4.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\ACER Propriétaire\Local Settings\Temp\~DFBBDD.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\ACER Propriétaire\Local Settings\Temp\~DFCD8B.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\ACER Propriétaire\Local Settings\Temp\~DF47E2.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\ACER Propriétaire\Local Settings\Temp\~WRF2256.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\ACER Propriétaire\Local Settings\Temp\~WRS2564.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\ACER Propriétaire\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\ACER Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\ACER Propriétaire\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat L'objet est verrouillé ignoré
C:\Documents and Settings\ACER Propriétaire\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\ACER Propriétaire\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\ACER Propriétaire\Local Settings\Application Data\Google\Google Desktop Search\dbeam L'objet est verrouillé ignoré
C:\Documents and Settings\ACER Propriétaire\Local Settings\Application Data\Google\Google Desktop Search\dbeao L'objet est verrouillé ignoré
C:\Documents and Settings\ACER Propriétaire\Local Settings\Application Data\Google\Google Desktop Search\dbdam L'objet est verrouillé ignoré
C:\Documents and Settings\ACER Propriétaire\Local Settings\Application Data\Google\Google Desktop Search\dbdao L'objet est verrouillé ignoré
C:\Documents and Settings\ACER Propriétaire\Local Settings\Application Data\Google\Google Desktop Search\dbu2d.ht1 L'objet est verrouillé ignoré
C:\Documents and Settings\ACER Propriétaire\Local Settings\Application Data\Google\Google Desktop Search\dbc2e.ht1 L'objet est verrouillé ignoré
C:\Documents and Settings\ACER Propriétaire\Local Settings\Application Data\Google\Google Desktop Search\dbvmh.ht1 L'objet est verrouillé ignoré
C:\Documents and Settings\ACER Propriétaire\Local Settings\Application Data\Google\Google Desktop Search\dbvm.cf1 L'objet est verrouillé ignoré
C:\Documents and Settings\ACER Propriétaire\Local Settings\Application Data\Google\Google Desktop Search\dbm L'objet est verrouillé ignoré
C:\Documents and Settings\ACER Propriétaire\Local Settings\Application Data\Google\Google Desktop Search\fiih.ht1 L'objet est verrouillé ignoré
C:\Documents and Settings\ACER Propriétaire\Local Settings\Application Data\Google\Google Desktop Search\fii.cf1 L'objet est verrouillé ignoré
C:\Documents and Settings\ACER Propriétaire\Local Settings\Application Data\Google\Google Desktop Search\rpmh.ht1 L'objet est verrouillé ignoré
C:\Documents and Settings\ACER Propriétaire\Local Settings\Application Data\Google\Google Desktop Search\rpm.cf1 L'objet est verrouillé ignoré
C:\Documents and Settings\ACER Propriétaire\Local Settings\Application Data\Google\Google Desktop Search\rpm1mh.ht1 L'objet est verrouillé ignoré
C:\Documents and Settings\ACER Propriétaire\Local Settings\Application Data\Google\Google Desktop Search\rpm1m.cf1 L'objet est verrouillé ignoré
C:\Documents and Settings\ACER Propriétaire\Local Settings\Application Data\Google\Google Desktop Search\hpt2i.ht1 L'objet est verrouillé ignoré
C:\Documents and Settings\ACER Propriétaire\Local Settings\Application Data\Google\Google Desktop Search\hp L'objet est verrouillé ignoré
C:\Documents and Settings\ACER Propriétaire\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-white-domainmh.ht1 L'objet est verrouillé ignoré
C:\Documents and Settings\ACER Propriétaire\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-white-domainm.cf1 L'objet est verrouillé ignoré
C:\Documents and Settings\ACER Propriétaire\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-black-urlmh.ht1 L'objet est verrouillé ignoré
C:\Documents and Settings\ACER Propriétaire\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-black-urlm.cf1 L'objet est verrouillé ignoré
C:\Documents and Settings\ACER Propriétaire\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-malware-domainmh.ht1 L'objet est verrouillé ignoré
C:\Documents and Settings\ACER Propriétaire\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-malware-domainm.cf1 L'objet est verrouillé ignoré
C:\Documents and Settings\ACER Propriétaire\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-black-enchashmh.ht1 L'objet est verrouillé ignoré
C:\Documents and Settings\ACER Propriétaire\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-black-enchashm.cf1 L'objet est verrouillé ignoré
C:\Documents and Settings\ACER Propriétaire\Local Settings\Application Data\Identities\{55C0F367-35E9-4C0D-8081-06D1BAFFC9CF}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From <webmaster@wanadoo.fr>][Date Thu, 20 Oct 2005 08:02:50 +0100]/UNNAMED/email-de.zip/email-details.doc .pif Infecté : Net-Worm.Win32.Mytob.bi ignoré
C:\Documents and Settings\ACER Propriétaire\Local Settings\Application Data\Identities\{55C0F367-35E9-4C0D-8081-06D1BAFFC9CF}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From <webmaster@wanadoo.fr>][Date Thu, 20 Oct 2005 08:02:50 +0100]/UNNAMED/email-de.zip Infecté : Net-Worm.Win32.Mytob.bi ignoré
C:\Documents and Settings\ACER Propriétaire\Local Settings\Application Data\Identities\{55C0F367-35E9-4C0D-8081-06D1BAFFC9CF}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From <webmaster@wanadoo.fr>][Date Thu, 20 Oct 2005 08:02:50 +0100]/UNNAMED Infecté : Net-Worm.Win32.Mytob.bi ignoré
C:\Documents and Settings\ACER Propriétaire\Local Settings\Application Data\Identities\{55C0F367-35E9-4C0D-8081-06D1BAFFC9CF}\Microsoft\Outlook Express\Éléments supprimés.dbx Mail MS Outlook 5: infecté - 3 ignoré
C:\Documents and Settings\ACER Propriétaire\Cookies\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\ACER Propriétaire\Application Data\Microsoft\Modèles\Normal.dot L'objet est verrouillé ignoré
C:\Documents and Settings\ACER Propriétaire\Application Data\Microsoft\Word\DÉMARRAGE\wordfast.dot L'objet est verrouillé ignoré
C:\Documents and Settings\ACER Propriétaire\Application Data\Thunderbird\Profiles\mu6m1f06.default\Mail\Local Folders\Inbox.sbd\Traduction.sbd\CETADIR.msf L'objet est verrouillé ignoré
C:\Documents and Settings\ACER Propriétaire\Application Data\Thunderbird\Profiles\mu6m1f06.default\Mail\Local Folders\Inbox.sbd\Traduction.sbd\KJ International.msf L'objet est verrouillé ignoré
C:\Documents and Settings\ACER Propriétaire\Application Data\Thunderbird\Profiles\mu6m1f06.default\Mail\Local Folders\Inbox.sbd\Traduction.sbd\Technicis.msf L'objet est verrouillé ignoré
C:\Documents and Settings\ACER Propriétaire\Application Data\Thunderbird\Profiles\mu6m1f06.default\Mail\Local Folders\Inbox.sbd\Traduction.sbd\TTC.msf L'objet est verrouillé ignoré
C:\Documents and Settings\ACER Propriétaire\Application Data\Thunderbird\Profiles\mu6m1f06.default\Mail\Local Folders\Inbox.sbd\Traduction.sbd\Handicap.msf L'objet est verrouillé ignoré
C:\Documents and Settings\ACER Propriétaire\Application Data\Thunderbird\Profiles\mu6m1f06.default\Mail\Local Folders\Inbox.sbd\Traduction.sbd\ART.msf L'objet est verrouillé ignoré
C:\Documents and Settings\ACER Propriétaire\Application Data\Thunderbird\Profiles\mu6m1f06.default\Mail\Local Folders\Inbox.sbd\silly stuff to send.msf L'objet est verrouillé ignoré
C:\Documents and Settings\ACER Propriétaire\Application Data\Thunderbird\Profiles\mu6m1f06.default\Mail\Local Folders\Inbox.sbd\Trad admin.msf L'objet est verrouillé ignoré
C:\Documents and Settings\ACER Propriétaire\Application Data\Thunderbird\Profiles\mu6m1f06.default\Mail\Local Folders\Inbox.sbd\Friends.msf L'objet est verrouillé ignoré
C:\Documents and Settings\ACER Propriétaire\Application Data\Thunderbird\Profiles\mu6m1f06.default\Mail\Local Folders\Inbox.sbd\Family.msf L'objet est verrouillé ignoré
C:\Documents and Settings\ACER Propriétaire\Application Data\Thunderbird\Profiles\mu6m1f06.default\Mail\Local Folders\Inbox.sbd\Research stuff.sbd\SEPTET.msf L'objet est verrouillé ignoré
C:\Documents and Settings\ACER Propriétaire\Application Data\Thunderbird\Profiles\mu6m1f06.default\Mail\Local Folders\Inbox.sbd\Research stuff.sbd\Colloques to attend.msf L'objet est verrouillé ignoré
C:\Documents and Settings\ACER Propriétaire\Application Data\Thunderbird\Profiles\mu6m1f06.default\Mail\Local Folders\Inbox.msf L'objet est verrouillé ignoré
C:\Documents and Settings\ACER Propriétaire\Application Data\Thunderbird\Profiles\mu6m1f06.default\Mail\pop.contactoffice-2.net\Inbox.msf L'objet est verrouillé ignoré
C:\Documents and Settings\ACER Propriétaire\Application Data\Thunderbird\Profiles\mu6m1f06.default\Mail\pop.contactoffice-2.net\Trash.msf L'objet est verrouillé ignoré
C:\Documents and Settings\ACER Propriétaire\Application Data\Thunderbird\Profiles\mu6m1f06.default\Mail\pop.contactoffice-2.net\Sent.msf L'objet est verrouillé ignoré
C:\Documents and Settings\ACER Propriétaire\Application Data\Thunderbird\Profiles\mu6m1f06.default\Mail\pop.wanadoo.fr\Inbox.msf L'objet est verrouillé ignoré
C:\Documents and Settings\ACER Propriétaire\Application Data\Thunderbird\Profiles\mu6m1f06.default\Mail\pop.wanadoo.fr\Trash.msf L'objet est verrouillé ignoré
C:\Documents and Settings\ACER Propriétaire\Application Data\Thunderbird\Profiles\mu6m1f06.default\Mail\pop.wanadoo.fr\Sent.msf L'objet est verrouillé ignoré
C:\Documents and Settings\ACER Propriétaire\Application Data\Thunderbird\Profiles\mu6m1f06.default\Mail\pop.wanadoo.fr\filterlog.html L'objet est verrouillé ignoré
C:\Documents and Settings\ACER Propriétaire\Application Data\Thunderbird\Profiles\mu6m1f06.default\cert8.db L'objet est verrouillé ignoré
C:\Documents and Settings\ACER Propriétaire\Application Data\Thunderbird\Profiles\mu6m1f06.default\key3.db L'objet est verrouillé ignoré
C:\Documents and Settings\ACER Propriétaire\Application Data\Skype\jim.walker1\index2.dat L'objet est verrouillé ignoré
C:\Documents and Settings\ACER Propriétaire\Application Data\Skype\jim.walker1\contactgroup256.dbb L'objet est verrouillé ignoré
C:\Documents and Settings\ACER Propriétaire\Application Data\Skype\jim.walker1\dyncontent\bundle.dat L'objet est verrouillé ignoré
C:\Documents and Settings\ACER Propriétaire\Application Data\Skype\jim.walker1\user1024.dbb L'objet est verrouillé ignoré
C:\Documents and Settings\ACER Propriétaire\Application Data\Skype\jim.walker1\user16384.dbb L'objet est verrouillé ignoré
C:\Documents and Settings\ACER Propriétaire\Application Data\Skype\jim.walker1\call256.dbb L'objet est verrouillé ignoré
C:\Documents and Settings\ACER Propriétaire\Application Data\Skype\jim.walker1\callmember256.dbb L'objet est verrouillé ignoré
C:\Documents and Settings\ACER Propriétaire\Application Data\Skype\jim.walker1\transfer256.dbb L'objet est verrouillé ignoré
C:\Documents and Settings\ACER Propriétaire\Application Data\Skype\jim.walker1\profile4096.dbb L'objet est verrouillé ignoré
C:\Documents and Settings\ACER Propriétaire\Application Data\Skype\jim.walker1\chatmsg4096.dbb L'objet est verrouillé ignoré
C:\Documents and Settings\ACER Propriétaire\Application Data\Skype\jim.walker1\voicemail256.dbb L'objet est verrouillé ignoré
C:\Documents and Settings\ACER Propriétaire\Application Data\Skype\jim.walker1\user256.dbb L'objet est verrouillé ignoré
C:\Documents and Settings\ACER Propriétaire\Application Data\Skype\jim.walker1\chatmsg2048.dbb L'objet est verrouillé ignoré
C:\Documents and Settings\ACER Propriétaire\Application Data\Skype\jim.walker1\chatmember256.dbb L'objet est verrouillé ignoré
C:\Documents and Settings\ACER Propriétaire\Application Data\Skype\jim.walker1\chatmsg256.dbb L'objet est verrouillé ignoré
C:\Documents and Settings\ACER Propriétaire\Application Data\Skype\jim.walker1\chat512.dbb L'objet est verrouillé ignoré
C:\Documents and Settings\ACER Propriétaire\Application Data\Skype\jim.walker1\chatmsg512.dbb L'objet est verrouillé ignoré
C:\Documents and Settings\ACER Propriétaire\Application Data\Skype\jim.walker1\transfer512.dbb L'objet est verrouillé ignoré
C:\Documents and Settings\ACER Propriétaire\Application Data\Skype\jim.walker1\chatmsg1024.dbb L'objet est verrouillé ignoré
C:\Documents and Settings\ACER Propriétaire\Application Data\Novosoft\Handy Backup\logs\system.log L'objet est verrouillé ignoré
C:\Documents and Settings\ACER Propriétaire\Application Data\Novosoft\Handy Backup\logs\crd.log L'objet est verrouillé ignoré
C:\Documents and Settings\ACER Propriétaire\Application Data\Novosoft\Handy Backup\logs\00000009.log L'objet est verrouillé ignoré
C:\Documents and Settings\ACER Propriétaire\Application Data\Novosoft\Handy Backup\logs\0000000D.log L'objet est verrouillé ignoré
C:\Documents and Settings\ACER Propriétaire\Application Data\Novosoft\Handy Backup\logs\0000000E.log L'objet est verrouillé ignoré
C:\Documents and Settings\ACER Propriétaire\Application Data\Novosoft\Handy Backup\logs\00000011.log L'objet est verrouillé ignoré
C:\Documents and Settings\ACER Propriétaire\Application Data\Novosoft\Handy Backup\logs\00000012.log L'objet est verrouillé ignoré
C:\Documents and Settings\ACER Propriétaire\Application Data\Novosoft\Handy Backup\logs\00000015.log L'objet est verrouillé ignoré
C:\Documents and Settings\ACER Propriétaire\Application Data\Novosoft\Handy Backup\logs\00000016.log L'objet est verrouillé ignoré
C:\Documents and Settings\ACER Propriétaire\Application Data\Novosoft\Handy Backup\logs\00000017.log L'objet est verrouillé ignoré
C:\Documents and Settings\ACER Propriétaire\Application Data\Novosoft\Handy Backup\logs\00000018.log L'objet est verrouillé ignoré
C:\Documents and Settings\ACER Propriétaire\Application Data\Novosoft\Handy Backup\logs\00000019.log L'objet est verrouillé ignoré
C:\Documents and Settings\ACER Propriétaire\Application Data\Novosoft\Handy Backup\logs\0000001A.log L'objet est verrouillé ignoré
C:\Documents and Settings\ACER Propriétaire\Application Data\Novosoft\Handy Backup\logs\0000001B.log L'objet est verrouillé ignoré
C:\Documents and Settings\ACER Propriétaire\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\ACER Propriétaire\.Philips\MediaManager\media\db4\scMediaDB.data L'objet est verrouillé ignoré
C:\Documents and Settings\ACER Propriétaire\.Philips\MediaManager\media\db4\scMediaDB.script L'objet est verrouillé ignoré
C:\Documents and Settings\ACER Propriétaire\.Philips\MediaManager\simplecenter.0.log.lck L'objet est verrouillé ignoré
C:\Documents and Settings\ACER Propriétaire\.Philips\MediaManager\simplecenter.0.log L'objet est verrouillé ignoré
C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\EPERSIST.DAT L'objet est verrouillé ignoré
C:\Program Files\Fichiers communs\Symantec Shared\NFWEVT.LOG L'objet est verrouillé ignoré
C:\Program Files\Fichiers communs\Symantec Shared\SNDSYS.log L'objet est verrouillé ignoré
C:\Program Files\Fichiers communs\Symantec Shared\SNDFW.log L'objet est verrouillé ignoré
C:\Program Files\Fichiers communs\Symantec Shared\SNDCON.log L'objet est verrouillé ignoré
C:\Program Files\Fichiers communs\Symantec Shared\SNDALRT.log L'objet est verrouillé ignoré
C:\Program Files\Fichiers communs\Symantec Shared\SNDIDS.log L'objet est verrouillé ignoré
C:\Program Files\Fichiers communs\Symantec Shared\SNDDBG.log L'objet est verrouillé ignoré
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcrst.dll L'objet est verrouillé ignoré
C:\Program Files\PeerGuardian2\history.db L'objet est verrouillé ignoré
C:\Program Files\Norton AntiVirus\AVVirus.log L'objet est verrouillé ignoré
C:\Program Files\Norton AntiVirus\AVApp.log L'objet est verrouillé ignoré
C:\Program Files\Norton AntiVirus\AVError.log L'objet est verrouillé ignoré
C:\System Volume Information\_restore{77A9F996-524B-4FEE-83E6-3D3135F68E13}\RP709\change.log L'objet est verrouillé ignoré
J:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré
J:\System Volume Information\_restore{77A9F996-524B-4FEE-83E6-3D3135F68E13}\RP709\change.log L'objet est verrouillé ignoré

Analyse terminée.


***********************



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:45:45, on 29/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Omni\OmniMouse Driver\4.06\MOUSE32A.EXE
C:\Program Files\Omni\Omni keyboard driver\5.0\KbdAp32A.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\TrojanHunter 4.7\THGuard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\IntelliWebSearch\IntelliWebSearch.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Novosoft\Handy Backup\hbagent.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\Philips\Media Manager\Philips Media Manager.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\MOZILL~2\thunderbird.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\HiJack this\scanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Omni\OmniMouse Driver\4.06\MOUSE32A.EXE
O4 - HKLM\..\Run: [LWBKEYBOARD] C:\Program Files\Omni\Omni keyboard driver\5.0\KbdAp32A.exe
O4 - HKLM\..\Run: [DNS7reminder] "C:\Program Files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\Nuance\NaturallySpeaking9\Ereg.ini
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.7\THGuard.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\WANADOO\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [IntelliWebSearch] C:\Program Files\IntelliWebSearch\IntelliWebSearch.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Handy Backup 5.4] C:\Program Files\Novosoft\Handy Backup\hbagent.exe -logon
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunOnce: [FFTI] C:\Documents and Settings\ACER Propriétaire\Application Data\Mozilla\Firefox\Profiles\h1lxxqyq.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Documents and Settings\ACER Propriétaire\Application Data\Mozilla\Firefox\Profiles/h1lxxqyq.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Philips Media Manager.lnk = C:\Program Files\Philips\Media Manager\Philips Media Manager.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O8 - Extra context menu item: Add to EverNote - res://C:\Program Files\EverNote\EverNote\enbar.dll/2000
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download web site with Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Program Files\EverNote\EverNote\enbar.dll
O9 - Extra 'Tools' menuitem: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Program Files\EverNote\EverNote\enbar.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://global.acer.com/
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.c ... 040510.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 8595848300
O17 - HKLM\System\CS2\Services\Tcpip\..\{0325D733-8E8F-45DC-A80E-4940F5747442}: NameServer = 192.168.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 12180 bytes
jimbojet
Regular Member
 
Posts: 24
Joined: September 1st, 2007, 1:48 pm
Location: St ALban deRoche

Unread postby Bob4 » September 29th, 2007, 9:47 am

That only found a bad email dated from 2005..
Might be time to clean up your deleted items folder in Outlook express. ;)

Open up Microsoft outlook express..

Go to your deleted items folder.


If there are things your saving. Locate and be sure to delete this one.

From
webmaster@wanadoo.fr

Dated and time:
Thu, 20 Oct 2005 08:02:50

_____________________________
In your next reply I would like to see:
  • Let me know how things seem to be running.

User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6073
Joined: November 12th, 2005, 11:26 am
Location: Florida

Unread postby jimbojet » September 29th, 2007, 11:21 am

OK, I got rid of all that - amazing how similar my computer is to my physical desk, absolutely cluttered with old stuff that should have been thrown out long ago.

Anyway, things have been smooth lately, to answer your question.

best

Jim
jimbojet
Regular Member
 
Posts: 24
Joined: September 1st, 2007, 1:48 pm
Location: St ALban deRoche

Unread postby Bob4 » September 29th, 2007, 11:57 am

Keeping your computer clean of old uneeded things will help performace lots!! ;)


Great news ! Image



Your log now appears to be clean.

Lets do a few things to tidy up.
Please do these in the order I suggest!


Run CCleaner again now. ;)


___________________________________
Please create a 'clean' System Restore Point:
The reason for doing this is in case you need system restore you don't put back all we just took out.
Right click My Computer
Then Propeties then system restore
Place a check mark by turn off system restore
Click APPLY
Windows will give you a warning click yes
REBOOT

Now go right back to the same place and unchecksystem restore
Click APPLYand OK




A few things to help with possible threats

These are optional . But will help protect you further.
___________________________________

SpywareBlaster

Install SpywareBlaster

SpywareBlaster will add a large list of programs and sites to your Internet Explorer settings that will protect you from accidentally running or downloading known malicious programs.
After the installation, click Download Latest Protection Updates. When it finishes, click Enable All Protection.


______________________________
SiteHound

http://www.firetrust.com/firetrustsitehound.html

This tool bar will help protect you from.

Over 4,000 fake bank and credit sites.
Tens of thousands of pornographic
and adult sites.
The never ending fake phishing sites.
Malicious sites, which can infect you
with spyware and adware if you visit
them.
Sites to download software which
may infect your computer with
spyware, a virus or adware


___________________________________
Download and keep this updated and run weekly if you don't already have it.

spybot seach & destroy
Tutorial




___________________________________
Download and Install a HOSTS File
A Hosts file is a plain text file which prevents your computer from connecting to malware and spyware sites by redirecting the connection request to 127.0.0.1, which is your local address. If you use a proxy server, or if you are on AOL, be sure to read the special instructions.
You can download the MVPS Hosts File and see a HOSTS file tutorial here :
This website also contains useful tips, and links to other resources and utilities.


___________________________________
Make your Internet Explorer more secure
1. From within Internet Explorer click on the Tools menu and then click on Options.
2. Click on the Security tab
3. Click the Internet icon so it becomes highlighted.
4. Click on Default Level and click Ok
5. Click on the Custom Level button.

Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialise and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt

When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.

6. Next press the Apply button and then the OK to exit the Internet Properties page.




Here's a site with great advise on how to AVOID malware. Much easier to do than removing it.









Safe and Happy Surfing. :)
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6073
Joined: November 12th, 2005, 11:26 am
Location: Florida

Unread postby jimbojet » September 29th, 2007, 5:29 pm

OK, I've done all that, and done a huge spring clean left, right and centre. Thanks once again for all your help. Keep up the good work. I hope you won't mind if I say I hope our paths won't cross again...

Best regards

Jim
jimbojet
Regular Member
 
Posts: 24
Joined: September 1st, 2007, 1:48 pm
Location: St ALban deRoche

Unread postby markkhunt » September 30th, 2007, 1:48 am

Glad we could be of assistance.

This topic is now closed. If you wish it
reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.


You can help support this site from this link :
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid,
working link to the closed topic is required along with the user name used.
If the user name does not match the one in the thread linked, the email will be deleted.

Please take the time to tell us what you would like to be done about the people who are behind all the problems you have had. We can only get something done about this if the people that we help, like you, are prepared to complain. See Nellie2's blog here or post in our dedicated forum here.
User avatar
markkhunt
Admin/Teacher Emeritus
 
Posts: 7913
Joined: April 15th, 2005, 8:58 pm
Location: Newburgh, IN
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 287 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware