Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - vguitoune

Pages: [1]
1
Tech Clinic / COLLECTED.5.L. trojan
« on: May 22, 2005, 12:23:50 PM »
here is the hijack log after i turned the boot back to normal.
I wont be there this week neither (iam at home only week ends) http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/sad.gif\' class=\'bbc_emoticon\' alt=\':(\' />
But i will come back friday in the afternoon.  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/biggrin.gif\' class=\'bbc_emoticon\' alt=\':D\' />
See you soon.

Logfile of HijackThis v1.99.1
Scan saved at 19:20:33, on 22/05/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\msnappau.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Softwin\BitDefender8\bdoesrv.exe
C:\progra~1\softwin\bitdef~1\bdnagent.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\SuperCopier\SuperCopier.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Logitech\ImageStudio\LowLight.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender8\vsserv.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Documents and Settings\guitoune\Bureau\telechargements\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.free.fr/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.free.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.free.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\msnappau.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [BDOESRV] C:\Program Files\Softwin\BitDefender8\\bdoesrv.exe
O4 - HKLM\..\Run: [BDNewsAgent] C:\progra~1\softwin\bitdef~1\bdnagent.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [Windows Logon Application] C:\WINDOWS\System32\winIogon.exe
O4 - HKLM\..\Run: [Winamp Agent] C:\WINDOWS\System32\winamp.exe
O4 - HKLM\..\Run: [SYSTRAY] C:\UNMT.EXE
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [SP2 Firewall/Internet Updater] crssrs.exe
O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\guitoune\LOCALS~1\Temp\se.dll,DllInstall
O4 - HKLM\..\Run: [Services] C:\WINDOWS\System32\vxjx.exe
O4 - HKLM\..\Run: [MotherBoard Sounds] sounds.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [SuperCopier.exe] C:\Program Files\SuperCopier\SuperCopier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - Startup: Azureus.lnk = C:\Program Files\Azureus\Azureus.exe
O4 - Startup: BCDCPlusPlus.exe.lnk = C:\Documents and Settings\guitoune\BCDC++\DCPlusPlus.exe
O4 - Startup: DC++.lnk = C:\Program Files\DC++\DCPlusPlus.exe
O4 - Startup: Anti-Pub.lnk = C:\Program Files\Antipub\antipub.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: GStartup.lnk = C:\Program Files\Fichiers communs\GMT\GMT.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/
O16 - DPF: {45E83043-1F6F-4D22-A5E7-0138EA171B49} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppD...sharingctrl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Smart Card Client (SCardClnt) - Unknown owner - C:\WINDOWS\system32\macupdate.exe (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender8\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe

2
Tech Clinic / COLLECTED.5.L. trojan
« on: May 16, 2005, 09:20:38 AM »
of course i will do what you asked me it as soon as i am back http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/wink.gif\' class=\'bbc_emoticon\' alt=\';)\' />

3
Tech Clinic / COLLECTED.5.L. trojan
« on: May 16, 2005, 09:17:51 AM »
i cant do that for now because iam not at home anymore. i wont be back on my own computer before friday or saturday. http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/sad.gif\' class=\'bbc_emoticon\' alt=\':(\' />
c u soon http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />

4
Tech Clinic / COLLECTED.5.L. trojan
« on: May 15, 2005, 09:39:44 PM »
and now the mwav virus log information


File System Found infected by "Alexa Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "Gator Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "gator Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "Claria Spyware/Adware" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\guitoune\Mes documents\Downloads\NoKeyPatch.exe infected by "Trojan-Dropper.Win32.VB.fq" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\Ludo\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-6699b1e6-770e497d.zip infected by "Trojan-Downloader.Java.OpenConnection.aa" Virus. Action Taken: No Action Taken.
File C:\Program Files\Utilities\DivX_502Bundle.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Program Files\AIDA32\aida32.exe tagged as not-a-virus:RiskWare.Tool.AIDA.3862. No Action Taken.
File C:\Program Files\AIDA32\aida32.bin tagged as not-a-virus:RiskWare.Tool.AIDA.3862. No Action Taken.
File C:\Program Files\AIDA32\aida_directx.dll tagged as not-a-virus:RiskWare.Tool.AIDA.3862. No Action Taken.
File C:\Program Files\Softwin\BitDefender8\Quarantine\crssrs.exe infected by "Backdoor.Win32.Rbot.gen" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{629BFA34-31AA-452C-B484-AA5E64422690}\RP84\A0042859.dll infected by "not-a-virus:AdWare.Gator.3124" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{629BFA34-31AA-452C-B484-AA5E64422690}\RP84\A0042861.dll infected by "not-a-virus:AdWare.Gator.3124" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{629BFA34-31AA-452C-B484-AA5E64422690}\RP84\A0042863.dll infected by "not-a-virus:AdWare.Gator.5017" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{629BFA34-31AA-452C-B484-AA5E64422690}\RP84\A0042868.dll infected by "not-a-virus:AdWare.Gator.3124" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{629BFA34-31AA-452C-B484-AA5E64422690}\RP84\A0042870.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{629BFA34-31AA-452C-B484-AA5E64422690}\RP84\A0042875.dll infected by "not-a-virus:AdWare.Gator.3124" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{629BFA34-31AA-452C-B484-AA5E64422690}\RP84\A0042876.dll infected by "not-a-virus:AdWare.Gator.3124" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{629BFA34-31AA-452C-B484-AA5E64422690}\RP87\A0047014.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{629BFA34-31AA-452C-B484-AA5E64422690}\RP87\A0047017.dll infected by "not-a-virus:AdWare.Gator.3124" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{629BFA34-31AA-452C-B484-AA5E64422690}\RP87\A0047023.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{629BFA34-31AA-452C-B484-AA5E64422690}\RP87\A0047024.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{629BFA34-31AA-452C-B484-AA5E64422690}\RP87\A0047025.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{629BFA34-31AA-452C-B484-AA5E64422690}\RP87\A0047026.exe infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{629BFA34-31AA-452C-B484-AA5E64422690}\RP91\A0047798.dll infected by "Trojan.Win32.StartPage.uz" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{629BFA34-31AA-452C-B484-AA5E64422690}\RP91\A0047799.dll infected by "Trojan.Win32.StartPage.uz" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{629BFA34-31AA-452C-B484-AA5E64422690}\RP91\A0047800.dll infected by "Trojan.Win32.StartPage.uz" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{629BFA34-31AA-452C-B484-AA5E64422690}\RP91\A0047801.DLL infected by "Trojan.Win32.StartPage.uz" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{629BFA34-31AA-452C-B484-AA5E64422690}\RP91\A0047802.dll infected by "Trojan.Win32.StartPage.uz" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{629BFA34-31AA-452C-B484-AA5E64422690}\RP91\A0047803.dll infected by "Trojan.Win32.StartPage.uz" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{629BFA34-31AA-452C-B484-AA5E64422690}\RP91\A0047804.dll infected by "Trojan.Win32.StartPage.uz" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{629BFA34-31AA-452C-B484-AA5E64422690}\RP91\A0047805.dll infected by "Trojan.Win32.StartPage.uz" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{629BFA34-31AA-452C-B484-AA5E64422690}\RP91\A0047806.dll infected by "Trojan.Win32.StartPage.uz" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{629BFA34-31AA-452C-B484-AA5E64422690}\RP91\A0047807.dll infected by "Trojan.Win32.StartPage.uz" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{629BFA34-31AA-452C-B484-AA5E64422690}\RP109\A0050237.dll infected by "not-a-virus:AdWare.Gator.5017" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{629BFA34-31AA-452C-B484-AA5E64422690}\RP109\A0050239.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{629BFA34-31AA-452C-B484-AA5E64422690}\RP109\A0050240.exe infected by "not-a-virus:AdWare.Gator.5112" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{629BFA34-31AA-452C-B484-AA5E64422690}\RP109\A0050242.dll infected by "not-a-virus:AdWare.Gator.3124" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{629BFA34-31AA-452C-B484-AA5E64422690}\RP109\A0050243.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{629BFA34-31AA-452C-B484-AA5E64422690}\RP109\A0050244.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{629BFA34-31AA-452C-B484-AA5E64422690}\RP109\A0050246.dll infected by "not-a-virus:AdWare.Gator.6051" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{629BFA34-31AA-452C-B484-AA5E64422690}\RP109\A0050248.dll infected by "not-a-virus:AdWare.Gator.6051" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{629BFA34-31AA-452C-B484-AA5E64422690}\RP109\A0050249.dll infected by "not-a-virus:AdWare.Gator.6051" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{629BFA34-31AA-452C-B484-AA5E64422690}\RP121\A0090974.dll infected by "Trojan.Win32.StartPage.uz" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{629BFA34-31AA-452C-B484-AA5E64422690}\RP121\A0090975.dll infected by "Trojan.Win32.StartPage.uz" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{629BFA34-31AA-452C-B484-AA5E64422690}\RP121\A0090976.exe infected by "not-a-virus:Porn-Dialer.Win32.ALifeDialer" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{629BFA34-31AA-452C-B484-AA5E64422690}\RP121\A0090979.dll infected by "Trojan.Win32.StartPage.uz" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{629BFA34-31AA-452C-B484-AA5E64422690}\RP121\A0090980.dll infected by "Trojan.Win32.StartPage.uz" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{629BFA34-31AA-452C-B484-AA5E64422690}\RP121\A0090981.dll infected by "Trojan.Win32.StartPage.uz" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{629BFA34-31AA-452C-B484-AA5E64422690}\RP121\A0090982.exe infected by "Backdoor.Win32.DSNX.05.a" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{629BFA34-31AA-452C-B484-AA5E64422690}\RP122\A0094398.exe infected by "Trojan-Downloader.Win32.Small.apv" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{629BFA34-31AA-452C-B484-AA5E64422690}\RP138\A0113633.exe infected by "not-a-virus:AdWare.Gator.3124" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{629BFA34-31AA-452C-B484-AA5E64422690}\RP138\A0113634.dll infected by "not-a-virus:AdWare.Gator.5115" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{629BFA34-31AA-452C-B484-AA5E64422690}\RP138\A0113635.exe infected by "not-a-virus:AdWare.Gator.6034" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{629BFA34-31AA-452C-B484-AA5E64422690}\RP138\A0113636.dll infected by "not-a-virus:AdWare.Gator.6051" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{629BFA34-31AA-452C-B484-AA5E64422690}\RP138\A0113643.exe infected by "Trojan.Win32.KillAV.es" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{629BFA34-31AA-452C-B484-AA5E64422690}\RP138\A0113644.exe infected by "not-a-virus:AdWare.Gator.7035" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{629BFA34-31AA-452C-B484-AA5E64422690}\RP140\A0114063.exe infected by "Trojan-Dropper.Win32.VB.fq" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{629BFA34-31AA-452C-B484-AA5E64422690}\RP140\A0114135.exe infected by "Backdoor.Win32.Wootbot.gen" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{629BFA34-31AA-452C-B484-AA5E64422690}\RP140\A0114136.exe infected by "Backdoor.Win32.Rbot.gen" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{629BFA34-31AA-452C-B484-AA5E64422690}\RP140\A0114137.exe infected by "Trojan-Downloader.Win32.Agent.mg" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{629BFA34-31AA-452C-B484-AA5E64422690}\RP140\A0114138.exe infected by "Trojan-Downloader.Win32.Small.apv" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{629BFA34-31AA-452C-B484-AA5E64422690}\RP140\A0114139.bat infected by "Trojan.BAT.Zapchast" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{629BFA34-31AA-452C-B484-AA5E64422690}\RP140\A0114140.exe infected by "Backdoor.Win32.PoeBot.b" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{629BFA34-31AA-452C-B484-AA5E64422690}\RP140\A0114141.exe infected by "Backdoor.Win32.PoeBot.b" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{629BFA34-31AA-452C-B484-AA5E64422690}\RP140\A0114142.exe infected by "Backdoor.Win32.PoeBot.b" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{629BFA34-31AA-452C-B484-AA5E64422690}\RP140\A0114143.exe infected by "Backdoor.Win32.PoeBot.b" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{629BFA34-31AA-452C-B484-AA5E64422690}\RP140\A0114144.exe infected by "Backdoor.Win32.PoeBot.b" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{629BFA34-31AA-452C-B484-AA5E64422690}\RP140\A0114145.exe infected by "Backdoor.Win32.PoeBot.b" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{629BFA34-31AA-452C-B484-AA5E64422690}\RP140\A0114146.exe infected by "Backdoor.Win32.PoeBot.b" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{629BFA34-31AA-452C-B484-AA5E64422690}\RP140\A0114147.exe infected by "Trojan-Downloader.Win32.Small.apv" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{629BFA34-31AA-452C-B484-AA5E64422690}\RP140\A0114149.dll infected by "not-a-virus:AdWare.Gator.5017" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{629BFA34-31AA-452C-B484-AA5E64422690}\RP140\A0114150.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{629BFA34-31AA-452C-B484-AA5E64422690}\RP140\A0114151.exe infected by "not-a-virus:AdWare.Gator.5112" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{629BFA34-31AA-452C-B484-AA5E64422690}\RP140\A0114152.dll infected by "not-a-virus:AdWare.Gator.3124" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{629BFA34-31AA-452C-B484-AA5E64422690}\RP140\A0114153.dll infected by "not-a-virus:AdWare.Gator.3124" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{629BFA34-31AA-452C-B484-AA5E64422690}\RP140\A0114154.dll infected by "not-a-virus:AdWare.Gator.3124" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{629BFA34-31AA-452C-B484-AA5E64422690}\RP140\A0114155.dll infected by "not-a-virus:AdWare.Gator.3124" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{629BFA34-31AA-452C-B484-AA5E64422690}\RP140\A0114156.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{629BFA34-31AA-452C-B484-AA5E64422690}\RP140\A0114157.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{629BFA34-31AA-452C-B484-AA5E64422690}\RP140\A0114158.dll infected by "not-a-virus:AdWare.Gator.6051" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{629BFA34-31AA-452C-B484-AA5E64422690}\RP140\A0114159.dll infected by "not-a-virus:AdWare.Gator.6051" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{629BFA34-31AA-452C-B484-AA5E64422690}\RP140\A0114160.dll infected by "not-a-virus:AdWare.Gator.6051" Virus. Action Taken: No Action Taken.





and really thx for all^^

5
Tech Clinic / COLLECTED.5.L. trojan
« on: May 15, 2005, 06:07:03 PM »
here is the mwav hijackthis log

Logfile of HijackThis v1.99.1
Scan saved at 01:06:38, on 17/05/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\msnappau.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Softwin\BitDefender8\bdoesrv.exe
C:\progra~1\softwin\bitdef~1\bdnagent.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\SuperCopier\SuperCopier.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Logitech\ImageStudio\LowLight.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\guitoune\LOCALS~1\Temp\mwavscan.com
C:\DOCUME~1\guitoune\LOCALS~1\Temp\kavss.exe
C:\Documents and Settings\guitoune\Bureau\telechargements\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.free.fr/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.free.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.free.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\msnappau.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [BDOESRV] C:\Program Files\Softwin\BitDefender8\\bdoesrv.exe
O4 - HKLM\..\Run: [BDNewsAgent] C:\progra~1\softwin\bitdef~1\bdnagent.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\msconfig.exe /auto
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [SuperCopier.exe] C:\Program Files\SuperCopier\SuperCopier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - Startup: Azureus.lnk = C:\Program Files\Azureus\Azureus.exe
O4 - Startup: BCDCPlusPlus.exe.lnk = C:\Documents and Settings\guitoune\BCDC++\DCPlusPlus.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/
O16 - DPF: {45E83043-1F6F-4D22-A5E7-0138EA171B49} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppD...sharingctrl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

6
Tech Clinic / COLLECTED.5.L. trojan
« on: May 15, 2005, 05:58:06 PM »
i am back and the collected.5.l trojan has gone thanks to you http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/laugh.gif\' class=\'bbc_emoticon\' alt=\':lol:\' />
you have been really helpful to me http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />
so really thank you
here is the SPSeHjFix.log
the mwav scan is running so it will take smth like one hour before  i can post the its log here http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/sad.gif\' class=\'bbc_emoticon\' alt=\':(\' />





(5/17/05 00:45:16) SPSeHjFix started v1.1.2
(5/17/05 00:45:16) OS: WinXP Service Pack 1 (5.1.2600)
(5/17/05 00:45:16) Language: français
(5/17/05 00:45:16) Win-Path: C:\WINDOWS
(5/17/05 00:45:16) System-Path: C:\WINDOWS\System32
(5/17/05 00:45:16) Temp-Path: C:\DOCUME~1\guitoune\LOCALS~1\Temp\
(5/17/05 00:45:35) Disinfection started
(5/17/05 00:45:35) Bad-Dll(IEP): c:\docume~1\ludo\locals~1\temp\se.dll
(5/17/05 00:45:35) Searchassistant Uninstaller found: regsvr32 /s /u C:\WINDOWS\System32\diop.dll
(5/17/05 00:45:35) Searchassistant Uninstaller - Keys Deleted
(5/17/05 00:45:35) UBF: 7 - UBB: 2 - UBR: 20
(5/17/05 00:45:35) UBF: 7 - UBB: 2 - UBR: 20
(5/17/05 00:45:35) Bad IE-pages:
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Search Page: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Bar: res://c:\docume~1\ludo\locals~1\temp\se.dll/sp.html
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Start Page: about:blank
(5/17/05 00:45:35) Stealth-String not found
(5/17/05 00:45:35) File added to delete: c:\windows\system32\diop.dll
(5/17/05 00:45:35) Reboot


(5/17/05 00:48:42) SPSeHjFix started v1.1.2
(5/17/05 00:48:42) OS: WinXP Service Pack 1 (5.1.2600)
(5/17/05 00:48:42) Language: français
(5/17/05 00:48:42) Win-Path: C:\WINDOWS
(5/17/05 00:48:42) System-Path: C:\WINDOWS\System32
(5/17/05 00:48:42) Temp-Path: C:\DOCUME~1\guitoune\LOCALS~1\Temp\

7
Tech Clinic / COLLECTED.5.L. trojan
« on: May 15, 2005, 05:17:16 PM »
quote: "Access your Control panel, Open the Java Icon, Under the general tab
Delete Files"
 i cant see what you are qpeaking about there ^^

8
Tech Clinic / COLLECTED.5.L. trojan
« on: May 15, 2005, 05:09:43 PM »
i am going to sleep now, but my lil brother will post the virus log information from the second scan when it is finished, i think in smth like half an hour or less. but he wont do much because he cant speak english well and he doesnt know many things about computers. so c u on next friday and thank you very much for everything you have done http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />

9
Tech Clinic / COLLECTED.5.L. trojan
« on: May 15, 2005, 04:48:04 PM »
the msdirectx.sys file infecetd that avg detected is in my documents and settings folder:)

10
Tech Clinic / COLLECTED.5.L. trojan
« on: May 15, 2005, 04:42:14 PM »
but there is a FILESpy thing there, is it something bad?

11
Tech Clinic / COLLECTED.5.L. trojan
« on: May 15, 2005, 04:40:48 PM »
and i cant find msdirectx in non plug and play drivers

12
Tech Clinic / COLLECTED.5.L. trojan
« on: May 15, 2005, 04:38:05 PM »
no find.txt file has been created o0

13
Tech Clinic / COLLECTED.5.L. trojan
« on: May 15, 2005, 04:22:58 PM »
http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/huh.gif\' class=\'bbc_emoticon\' alt=\':huh:\' /> should i make a second scan if i havent the entire log anymore?

14
Tech Clinic / COLLECTED.5.L. trojan
« on: May 15, 2005, 03:38:19 PM »
the export2.bat didnt create any *.txt file anywhere on my pc. i made a search but couldnt find. http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/blink.gif\' class=\'bbc_emoticon\' alt=\':blink:\' />

15
Tech Clinic / COLLECTED.5.L. trojan
« on: May 15, 2005, 03:36:16 PM »
here is the rkfiles log http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/cool.gif\' class=\'bbc_emoticon\' alt=\'B)\' />
(i want to mention that at one moment it was written that the he couldnt find the path for something, but dont remember what,sry http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/huh.gif\' class=\'bbc_emoticon\' alt=\':huh:\' /> )



C:\Documents and Settings\guitoune\Bureau\telechargements
 
PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, THERE MIGHT BE LEGIT FILES LISTED AND PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
Files Found in system Folder............
------------------------
C:\WINDOWS\system32\dfrg.msc: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAwGpEc213
C:\WINDOWS\system32\dfrg.msc: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAwGpEc213
C:\WINDOWS\MEMORY.DMP: XMDbegin            pec2.xmd
C:\WINDOWS\MEMORY.DMP: XMDend              pec2.xmd
 
Files Found in all users startup Folder............
------------------------
Files Found in all users windows Folder............
------------------------
C:\WINDOWS\MEMORY.DMP: UPX!
C:\WINDOWS\MEMORY.DMP: UPX!
C:\WINDOWS\vsapi32.dll: UPX!t4
C:\WINDOWS\tsc.exe: UPX!
Finished
bye



 http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />

16
Tech Clinic / COLLECTED.5.L. trojan
« on: May 15, 2005, 03:25:50 PM »
the check from rkfiles is runnig for now http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />
and what is the export2.bat for? http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/huh.gif\' class=\'bbc_emoticon\' alt=\':huh:\' />

17
Tech Clinic / COLLECTED.5.L. trojan
« on: May 15, 2005, 03:21:49 PM »
hi again and thank you for being so fast to answer http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' /> .
here is the log from mwav scan. i think i forgot to menyion that avg detected the collected.5.L trojan in a file called msdirectx.sys, and of course, deleting this file doesnt change anything http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/dry.gif\' class=\'bbc_emoticon\' alt=\'<_<\' /> .




File C:\WINDOWS\system32\rundlI32.exe infected by "Backdoor.Win32.Wootbot.gen" Virus. Action Taken: No Action

Taken.
File C:\WINDOWS\system32\icqjdhs.exe infected by "Backdoor.Win32.Rbot.gen" Virus. Action Taken: No Action

Taken.
File C:\WINDOWS\system32\winDLL32.exe infected by "Trojan-Downloader.Win32.Agent.mg" Virus. Action Taken: No

Action Taken.
File System Found infected by "Alexa Spyware/Adware" Virus. Action Taken: No Action Taken.
File System

Found infected by "Gator Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by

"cws.blank Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "gator

Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "CoolWebSearch Spyware/Adware"

Virus. Action Taken: No Action Taken.
File System Found infected by "CoolWebSearch Spyware/Adware" Virus. Action

Taken: No Action Taken.
File System Found infected by "Claria Spyware/Adware" Virus. Action Taken: No Action

Taken.
File C:\WINDOWS\dl-614.exe infected by "Trojan-Downloader.Win32.Small.apv" Virus. Action Taken: No Action

Taken.
File C:\WINDOWS\System32\a.bat infected by "Trojan.BAT.Zapchast" Virus. Action Taken: No Action Taken.
File

C:\WINDOWS\System32\qthumt.exe infected by "Backdoor.Win32.PoeBot.b" Virus. Action Taken: No Action Taken.
File

C:\WINDOWS\System32\zyzgru.exe infected by "Backdoor.Win32.PoeBot.b" Virus. Action Taken: No Action Taken.
File

C:\WINDOWS\System32\xckpisz.exe infected by "Backdoor.Win32.PoeBot.b" Virus. Action Taken: No Action Taken.
File

C:\WINDOWS\System32\msnmsgr.exe infected by "Backdoor.Win32.PoeBot.b" Virus. Action Taken: No Action Taken.
File

C:\WINDOWS\System32\iexplore.exe infected by "Backdoor.Win32.PoeBot.b" Virus. Action Taken: No Action Taken.
File

C:\WINDOWS\System32\TFTP516 infected by "Backdoor.Win32.Rbot.gen" Virus. Action Taken: No Action Taken.
File

C:\WINDOWS\System32\winIogon.exe infected by "Backdoor.Win32.PoeBot.b" Virus. Action Taken: No Action Taken.
File

C:\WINDOWS\System32\csrs.exe infected by "Backdoor.Win32.PoeBot.b" Virus. Action Taken: No Action Taken.
File

C:\13.exe infected by "Trojan-Downloader.Win32.Small.apv" Virus. Action Taken: No Action Taken.
File

C:\WINDOWS\system32\a.bat infected by "Trojan.BAT.Zapchast" Virus. Action Taken: No Action Taken.
File

C:\WINDOWS\system32\qthumt.exe infected by "Backdoor.Win32.PoeBot.b" Virus. Action Taken: No Action Taken.
File

C:\WINDOWS\system32\zyzgru.exe infected by "Backdoor.Win32.PoeBot.b" Virus. Action Taken: No Action Taken.
File

C:\WINDOWS\system32\xckpisz.exe infected by "Backdoor.Win32.PoeBot.b" Virus. Action Taken: No Action Taken.
File

C:\WINDOWS\system32\msnmsgr.exe infected by "Backdoor.Win32.PoeBot.b" Virus. Action Taken: No Action Taken.
File

C:\WINDOWS\system32\iexplore.exe infected by "Backdoor.Win32.PoeBot.b" Virus. Action Taken: No Action Taken.
File

C:\WINDOWS\system32\TFTP516 infected by "Backdoor.Win32.Rbot.gen" Virus. Action Taken: No Action Taken.
File

C:\WINDOWS\system32\winIogon.exe infected by "Backdoor.Win32.PoeBot.b" Virus. Action Taken: No Action Taken.
File

C:\WINDOWS\system32\csrs.exe infected by "Backdoor.Win32.PoeBot.b" Virus. Action Taken: No Action Taken.
File

C:\WINDOWS\dl-614.exe infected by "Trojan-Downloader.Win32.Small.apv" Virus. Action Taken: No Action Taken.
File
File C:\Documents and Settings\guitoune\msdirectx.sys infected by "Trojan.Win32.Rootkit.h" Virus. Action Taken: No

Action Taken.
File C:\Documents and Settings\Ludo\Application

Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-6699b1e6-770e497d.zip infected by

"Trojan-Downloader.Java.OpenConnection.aa" Virus. Action Taken: No Action Taken.
File C:\Program Files\Fichiers

communs\GMT\EGNSEngine.dll infected by "not-a-virus:AdWare.Gator.5017" Virus. Action Taken: No Action Taken.
File

C:\Program Files\Fichiers communs\GMT\GatorRes.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken:

No Action Taken.
File C:\Program Files\Fichiers communs\GMT\GatorStubSetup.exe infected by

"not-a-virus:AdWare.Gator.5112" Virus. Action Taken: No Action Taken.
File C:\Program Files\Fichiers

communs\CMEII\GFormCTM.dll infected by "not-a-virus:AdWare.Gator.3124" Virus. Action Taken: No Action Taken.
File

C:\Program Files\Fichiers communs\CMEII\GSvcMgr.dll infected by "not-a-virus:AdWare.Gator.3124" Virus. Action Taken:

No Action Taken.
File C:\Program Files\Fichiers communs\CMEII\GSvcSAP.dll infected by

"not-a-virus:AdWare.Gator.3124" Virus. Action Taken: No Action Taken.
File C:\Program Files\Fichiers

communs\CMEII\GDwldEng.dll infected by "not-a-virus:AdWare.Gator.3124" Virus. Action Taken: No Action Taken.
File

C:\Program Files\Fichiers communs\CMEII\GIocl.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken:

No Action Taken.
File C:\Program Files\Fichiers communs\CMEII\GIoclClient.dll infected by

"not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.
File C:\Program Files\Fichiers

communs\CMEII\GMTProxy.dll infected by "not-a-virus:AdWare.Gator.6051" Virus. Action Taken: No Action Taken.
File

C:\Program Files\Fichiers communs\CMEII\GStore.dll infected by "not-a-virus:AdWare.Gator.6051" Virus. Action Taken:

No Action Taken.
File C:\Program Files\Fichiers communs\CMEII\GStoreServer.dll infected by

"not-a-virus:AdWare.Gator.6051" Virus. Action Taken: No Action Taken.
File C:\Program

Files\Utilities\DivX_502Bundle.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Program

Files\AIDA32\aida32.exe tagged as not-a-virus:RiskWare.Tool.AIDA.3862. No Action Taken.
File C:\Program

Files\AIDA32\aida32.bin tagged as not-a-virus:RiskWare.Tool.AIDA.3862. No Action Taken.
File C:\Program

Files\AIDA32\aida_directx.dll tagged as not-a-virus:RiskWare.Tool.AIDA.3862. No Action Taken.
File C:\Program

Files\Softwin\BitDefender8\Quarantine\crssrs.exe infected by "Backdoor.Win32.Rbot.gen" Virus. Action Taken: No

Action Taken.
File C:\System Volume Information\_restore{629BFA34-31AA-452C-B484-AA5E64422690}\RP84\A0042859.dll

infected by "not-a-virus:AdWare.Gator.3124" Virus. Action Taken: No Action Taken.
File C:\System Volume

Information\_restore{629BFA34-31AA-452C-B484-AA5E64422690}\RP84\A0042861.dll infected by

"not-a-virus:AdWare.Gator.3124" Virus. Action Taken: No Action Taken.
File C:\System Volume

Information\_restore{629BFA34-31AA-452C-B484-AA5E64422690}\RP84\A0042863.dll infected by

"not-a-virus:AdWare.Gator.5017" Virus. Action Taken: No Action Taken.
File C:\System Volume

Information\_restore{629BFA34-31AA-452C-B484-AA5E64422690}\RP84\A0042868.dll infected by

"not-a-virus:AdWare.Gator.3124" Virus. Action Taken: No Action Taken.
File C:\System Volume

Information\_restore{629BFA34-31AA-452C-B484-AA5E64422690}\RP84\A0042870.dll infected by

"not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.
File C:\System Volume

Information\_restore{629BFA34-31AA-452C-B484-AA5E64422690}\RP84\A0042875.dll infected by

"not-a-virus:AdWare.Gator.3124" Virus. Action Taken: No Action Taken.
File C:\System Volume

Information\_restore{629BFA34-31AA-452C-B484-AA5E64422690}\RP84\A0042876.dll infected by

"not-a-virus:AdWare.Gator.3124" Virus. Action Taken: No Action Taken.
File C:\System Volume

Information\_restore{629BFA34-31AA-452C-B484-AA5E64422690}\RP87\A0047014.dll infected by

"not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.
File C:\System Volume

Information\_restore{629BFA34-31AA-452C-B484-AA5E64422690}\RP87\A0047017.dll infected by

"not-a-virus:AdWare.Gator.3124" Virus. Action Taken: No Action Taken.
File C:\System Volume

Information\_restore{629BFA34-31AA-452C-B484-AA5E64422690}\RP87\A0047023.dll infected by

"not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.
File C:\System Volume

Information\_restore{629BFA34-31AA-452C-B484-AA5E64422690}\RP87\A0047024.dll infected by

"not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.
File C:\System Volume

Information\_restore{629BFA34-31AA-452C-B484-AA5E64422690}\RP87\A0047025.dll infected by

"not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.
File C:\System Volume

Information\_restore{629BFA34-31AA-452C-B484-AA5E64422690}\RP87\A0047026.exe infected by

"not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.
File C:\System Volume

Information\_restore{629BFA34-31AA-452C-B484-AA5E64422690}\RP91\A0047798.dll infected by "Trojan.Win32.StartPage.uz"

Virus. Action Taken: No Action Taken.
File C:\System Volume

Information\_restore{629BFA34-31AA-452C-B484-AA5E64422690}\RP91\A0047799.dll infected by "Trojan.Win32.StartPage.uz"

Virus. Action Taken: No Action Taken.
File C:\System Volume

Information\_restore{629BFA34-31AA-452C-B484-AA5E64422690}\RP91\A0047800.dll infected by "Trojan.Win32.StartPage.uz"

Virus. Action Taken: No Action Taken.
File C:\System Volume

Information\_restore{629BFA34-31AA-452C-B484-AA5E64422690}\RP91\A0047801.DLL infected by "Trojan.Win32.StartPage.uz"

Virus. Action Taken: No Action Taken.
File C:\System Volume

Information\_restore{629BFA34-31AA-452C-B484-AA5E64422690}\RP91\A0047802.dll infected by "Trojan.Win32.StartPage.uz"

Virus. Action Taken: No Action Taken.
File C:\System Volume

Information\_restore{629BFA34-31AA-452C-B484-AA5E64422690}\RP91\A0047803.dll infected by "Trojan.Win32.StartPage.uz"

Virus. Action Taken: No Action Taken.
File C:\System Volume

Information\_restore{629BFA34-31AA-452C-B484-AA5E64422690}\RP91\A0047804.dll infected by "Trojan.Win32.StartPage.uz"

Virus. Action Taken: No Action Taken.
File C:\System Volume

Information\_restore{629BFA34-31AA-452C-B484-AA5E64422690}\RP91\A0047805.dll infected by "Trojan.Win32.StartPage.uz"

Virus. Action Taken: No Action Taken.
File C:\System Volume

Information\_restore{629BFA34-31AA-452C-B484-AA5E64422690}\RP91\A0047806.dll infected by "Trojan.Win32.StartPage.uz"

Virus. Action Taken: No Action Taken.
File C:\System Volume

Information\_restore{629BFA34-31AA-452C-B484-AA5E64422690}\RP91\A0047807.dll infected by "Trojan.Win32.StartPage.uz"

Virus. Action Taken: No Action Taken.
File C:\System Volume

Information\_restore{629BFA34-31AA-452C-B484-AA5E64422690}\RP109\A0050237.dll infected by

"not-a-virus:AdWare.Gator.5017" Virus. Action Taken: No Action Taken.
File C:\System Volume

Information\_restore{629BFA34-31AA-452C-B484-AA5E64422690}\RP109\A0050239.dll infected by

"not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.
File C:\System Volume

Information\_restore{629BFA34-31AA-452C-B484-AA5E64422690}\RP109\A0050240.exe infected by

"not-a-virus:AdWare.Gator.5112" Virus. Action Taken: No Action Taken.
File C:\System Volume

Information\_restore{629BFA34-31AA-452C-B484-AA5E64422690}\RP109\A0050242.dll infected by

"not-a-virus:AdWare.Gator.3124" Virus. Action Taken: No Action Taken.
File C:\System Volume

Information\_restore{629BFA34-31AA-452C-B484-AA5E64422690}\RP109\A0050243.dll infected by

"not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.
File C:\System Volume

Information\_restore{629BFA34-31AA-452C-B484-AA5E64422690}\RP109\A0050244.dll infected by

"not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.
File C:\System Volume

Information\_restore{629BFA34-31AA-452C-B484-AA5E64422690}\RP109\A0050246.dll infected by

"not-a-virus:AdWare.Gator.6051" Virus. Action Taken: No Action Taken.
File C:\System Volume

Information\_restore{629BFA34-31AA-452C-B484-AA5E64422690}\RP109\A0050248.dll infected by

"not-a-virus:AdWare.Gator.6051" Virus. Action Taken: No Action Taken.
File C:\System Volume

Information\_restore{629BFA34-31AA-452C-B484-AA5E64422690}\RP109\A0050249.dll infected by

"not-a-virus:AdWare.Gator.6051" Virus. Action Taken: No Action Taken.
File C:\System Volume

Information\_restore{629BFA34-31AA-452C-B484-AA5E64422690}\RP121\A0090974.dll infected by

"Trojan.Win32.StartPage.uz" Virus. Action Taken: No Action Taken.
File C:\System Volume

Information\_restore{629BFA34-31AA-452C-B484-AA5E64422690}\RP121\A0090975.dll infected by

"Trojan.Win32.StartPage.uz" Virus. Action Taken: No Action Taken.
File C:\System Volume

Information\_restore{629BFA34-31AA-452C-B484-AA5E64422690}\RP121\A0090976.exe infected by

"not-a-virus:Porn-Dialer.Win32.ALifeDialer" Virus. Action Taken: No Action Taken.
File C:\System Volume

Information\_restore{629BFA34-31AA-452C-B484-AA5E64422690}\RP121\A0090979.dll infected by

"Trojan.Win32.StartPage.uz" Virus. Action Taken: No Action Taken.
File C:\System Volume

Information\_restore{629BFA34-31AA-452C-B484-AA5E64422690}\RP121\A0090980.dll infected by

"Trojan.Win32.StartPage.uz" Virus. Action Taken: No Action Taken.
File C:\System Volume

Information\_restore{629BFA34-31AA-452C-B484-AA5E64422690}\RP121\A0090981.dll infected by

"Trojan.Win32.StartPage.uz" Virus. Action Taken: No Action Taken.
File C:\System Volume

Information\_restore{629BFA34-31AA-452C-B484-AA5E64422690}\RP121\A0090982.exe infected by "Backdoor.Win32.DSNX.05.a"

Virus. Action Taken: No Action Taken.
File C:\System Volume

Information\_restore{629BFA34-31AA-452C-B484-AA5E64422690}\RP122\A0094398.exe infected by

"Trojan-Downloader.Win32.Small.apv" Virus. Action Taken: No Action Taken.
File C:\System Volume

Information\_restore{629BFA34-31AA-452C-B484-AA5E64422690}\RP138\A0113633.exe infected by

"not-a-virus:AdWare.Gator.3124" Virus. Action Taken: No Action Taken.
File C:\System Volume

Information\_restore{629BFA34-31AA-452C-B484-AA5E64422690}\RP138\A0113634.dll infected by

"not-a-virus:AdWare.Gator.5115" Virus. Action Taken: No Action Taken.
File C:\System Volume

Information\_restore{629BFA34-31AA-452C-B484-AA5E64422690}\RP138\A0113635.exe infected by

"not-a-virus:AdWare.Gator.6034" Virus. Action Taken: No Action Taken.
File C:\System Volume

Information\_restore{629BFA34-31AA-452C-B484-AA5E64422690}\RP138\A0113636.dll infected by

"not-a-virus:AdWare.Gator.6051" Virus. Action Taken: No Action Taken.
File C:\System Volume

Information\_restore{629BFA34-31AA-452C-B484-AA5E64422690}\RP138\A0113643.exe infected by "Trojan.Win32.KillAV.es"

Virus. Action Taken: No Action Taken.
File C:\System Volume

Information\_restore{629BFA34-31AA-452C-B484-AA5E64422690}\RP138\A0113644.exe infected by

"not-a-virus:AdWare.Gator.7035" Virus. Action Taken: No Action Taken.
File C:\System Volume

Information\_restore{629BFA34-31AA-452C-B484-AA5E64422690}\RP139\A0113999.sys infected by "Trojan.Win32.Rootkit.h"

Virus. Action Taken: No Action Taken.
File C:\System Volume

Information\_restore{629BFA34-31AA-452C-B484-AA5E64422690}\RP139\A0114020.sys infected by "Trojan.Win32.Rootkit.h"

Virus. Action Taken: No Action Taken.
File C:\System Volume

Information\_restore{629BFA34-31AA-452C-B484-AA5E64422690}\RP140\A0114057.sys infected by "Trojan.Win32.Rootkit.h"

Virus. Action Taken: No Action Taken.
File C:\System Volume

Information\_restore{629BFA34-31AA-452C-B484-AA5E64422690}\RP140\A0114063.exe infected by

"Trojan-Dropper.Win32.VB.fq" Virus. Action Taken: No Action Taken.
File C:\System Volume

Information\_restore{629BFA34-31AA-452C-B484-AA5E64422690}\RP140\A0114078.sys infected by "Trojan.Win32.Rootkit.h"

Virus. Action Taken: No Action Taken.



i wont be here tomorrow and the week, so i hope we can ha,dle this problem today http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/biggrin.gif\' class=\'bbc_emoticon\' alt=\':D\' />
if it is not possible, i come back next week-end ^^.

18
Tech Clinic / COLLECTED.5.L. trojan
« on: May 15, 2005, 01:15:45 PM »
hi there. i have got a problem with this collected.5.l trojan http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/sad.gif\' class=\'bbc_emoticon\' alt=\':(\' />  that avg can't defeat http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/unsure.gif\' class=\'bbc_emoticon\' alt=\':unsure:\' /> . i hope u could help me getting rid of it http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/biggrin.gif\' class=\'bbc_emoticon\' alt=\':D\' />
here is my hijackthis that i eventually managed to launch from the safe mode(hard to get in this mode to with this trojan running) http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/dry.gif\' class=\'bbc_emoticon\' alt=\'<_<\' />

Logfile of HijackThis v1.99.1
Scan saved at 19:48:37, on 16/05/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\guitoune\Bureau\telechargements\logiciels\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.free.fr/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.free.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.free.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Ludo\LOCALS~1\Temp\se.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=userinit.exe,userinit32.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\msnappau.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Spooler SubSystem App] C:\WINDOWS\System32\spoolsvc.exe
O4 - HKLM\..\Run: [BDOESRV] C:\Program Files\Softwin\BitDefender8\\bdoesrv.exe
O4 - HKLM\..\Run: [BDNewsAgent] C:\progra~1\softwin\bitdef~1\bdnagent.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Windows Network Controller] rundlI32.exe
O4 - HKLM\..\Run: [ICQ Chat Service] icqjdhs.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Windows Dynamic Loading Header] winDLL32.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\msconfig.exe /auto
O4 - HKLM\..\RunServices: [SP2 Firewall/Internet Updater] crssrs.exe
O4 - HKLM\..\RunServices: [Windows Network Controller] rundlI32.exe
O4 - HKLM\..\RunServices: [ICQ Chat Service] icqjdhs.exe
O4 - HKLM\..\RunServices: [Windows Dynamic Loading Header] winDLL32.exe
O4 - HKLM\..\RunOnce: [Windows Network Controller] rundlI32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [SuperCopier.exe] C:\Program Files\SuperCopier\SuperCopier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Windows Network Controller] rundlI32.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Windows Dynamic Loading Header] winDLL32.exe
O4 - HKCU\..\RunServices: [Windows Dynamic Loading Header] winDLL32.exe
O4 - HKCU\..\RunOnce: [Windows Network Controller] rundlI32.exe
O4 - Startup: Azureus.lnk = C:\Program Files\Azureus\Azureus.exe
O4 - Startup: BCDCPlusPlus.exe.lnk = C:\Documents and Settings\guitoune\BCDC++\DCPlusPlus.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: {45E83043-1F6F-4D22-A5E7-0138EA171B49} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppD...sharingctrl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab
O18 - Filter: text/html - {041934EC-7E9B-4CD2-B5F6-1A6B57B997B8} - C:\WINDOWS\System32\diop.dll
O18 - Filter: text/plain - {041934EC-7E9B-4CD2-B5F6-1A6B57B997B8} - C:\WINDOWS\System32\diop.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe


i hope this will be enough for u to find a way to help me.
thank you for reading and answering to me http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />

Pages: [1]