PC Help Forum - Free Computer Help, Windows, Hardware, Software and more!
   
 
Become a Member Today!
Search PC Help Forum for Answers
 
Go Back   PC Help Forum - Free Computer Help, Windows, Hardware, Software and more! > Security & Safety > Spyware / AdWare > [Fixed] Hijackthis! Logs
Reload this Page Hijack this log : impestive "security center" popups
[Fixed] Hijackthis! Logs - Hijack this log : impestive "security center" popups posted in the Spyware / AdWare forums; Hello, Can anyone help me to decide what to remove from this log to get rid of "system integrity scan" and "security panel" popups?...

REGISTER NOW to remove these Ads

Reply
 
LinkBack Thread Tools Display Modes Language
  #1  
Old 04-01-2008
danielodo's Avatar
Bronze Member
  
Posts: 6
PC Experience: Experienced
danielodo - See this Members User comments on their Profile page
Default Hijack this log : impestive "security center" popups
Hello,

Can anyone help me to decide what to remove from this log to get rid of "system integrity scan" and "security panel" popups?

Attached Files
File Type: log hijackthis.log (11.1 KB, 1 views)
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Spurl this Post!Reddit! Wong this Post!
  #2  
Old 04-02-2008
Pancake's Avatar
Senior Security Analyst
  
Posts: 1,620
PC Experience: Elite PC Guru
Location: Victoria, Australia
Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page
Default Re: Hijack this log : impestive "security center" popups
Please copy and paste your logs rather than attatch them...thanks.


Please download SDFix from here and save it to your desktop
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)
Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.
Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
Please copy and paste that log in your next reply.
=================================

Ok.We need to download ComboFix.exe. This will give a better view to the files running and also hidden on your computer.
Please visit this webpage for download links, and instructions for running the tool

When the tool is finished, it will produce a report for you. Please copy and paste the "C:\ComboFix.txt" along with a new HijackThis log so that we can continue to do any further cleaning that your system may require.
Caution: Never run and remove files with Combofix unless supervised by a security analyst.
NOTE: Combofix prevents autorun of all CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you - please let me know.

__________________
  • An Australian Member of
  • and
My real name is Eddy
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Spurl this Post!Reddit! Wong this Post!
  #3  
Old 04-02-2008
danielodo's Avatar
Bronze Member
  
Posts: 6
PC Experience: Experienced
danielodo - See this Members User comments on their Profile page
Default Re: Hijack this log : impestive "security center" popups
Hello again, and thanks for helping!

Here are the logs that you requested be posted :

SDFix :

SDFix: Version 1.165
Run by dodonnell on 02/04/2008 at 12:59
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
Checking Services :

Restoring Windows Registry Values
Restoring Windows Default Hosts File

Combo fix :
ComboFix 08-04-01.2 - dodonnell 2008-04-02 13:13:13.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.470 [GMT 2:00]
Endroit: C:\Documents and Settings\dodonnell\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32smp
C:\WINDOWS\system32smp\msrc.exe
C:\WINDOWS\Web\def.htm
.
((((((((((((((((((((((((((((( Fichiers créés 2008-03-02 to 2008-04-02 ))))))))))))))))))))))))))))))))))))
.
2008-04-02 12:57 . 2008-04-02 12:57 <REP> d-------- C:\WINDOWS\ERUNT
2008-04-02 12:57 . 2008-04-02 13:02 <REP> d-------- C:\SDFix
2008-04-01 17:53 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-04-01 17:53 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-04-01 17:53 . 2008-03-22 16:49 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-04-01 17:53 . 2008-03-26 09:50 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-04-01 17:53 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-04-01 17:53 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-04-01 17:53 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-03-31 10:38 . 2008-03-31 10:38 114,688 --a------ C:\WINDOWS\system32\mjepirif.exe
2008-03-27 16:07 . 2008-03-27 16:07 <REP> d-------- C:\Program Files\PC-Cleaner
2008-03-27 15:33 . 2008-04-01 17:53 2,744 --a------ C:\WINDOWS\system32\tmp.reg
2008-03-27 15:25 . 2008-03-27 15:25 110,592 --a------ C:\WINDOWS\system32\hqfivwzo.exe
2008-03-27 14:04 . 2008-03-27 14:04 2,855 --a------ C:\WINDOWS\system32temp#01.PIF
2008-03-27 13:42 . 2008-03-27 13:42 <REP> d-------- C:\Documents and Settings\dodonnell\Application Data\Talkback
2008-03-27 13:42 . 2008-03-27 13:42 0 --a------ C:\WINDOWS\nsreg.dat
2008-03-27 10:20 . 2008-03-27 10:20 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-03-27 10:20 . 2008-03-27 11:16 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-26 17:56 . 2008-03-26 17:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\lejatqro
2008-03-26 17:56 . 2008-03-26 17:56 94,208 --a------ C:\WINDOWS\system32\vorsrczi.exe
2008-03-06 11:21 . 2008-03-06 11:21 <REP> d-------- C:\WINDOWS\Sun
2008-03-06 11:20 . 2008-03-06 11:20 <REP> d-------- C:\Program Files\Java
2008-03-06 11:20 . 2008-03-07 12:03 <REP> d-------- C:\Program Files\Google
2008-03-06 11:20 . 2008-02-22 03:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-03-06 11:19 . 2008-03-06 11:19 <REP> d-------- C:\Program Files\Fichiers communs\Java
2008-03-05 17:20 . 2008-03-05 17:20 <REP> d-------- C:\Documents and Settings\dodonnell\Application Data\Uniblue
2008-03-05 16:11 . 2008-03-05 16:11 <REP> d-------- C:\Program Files\Fichiers communs\YDP
2008-03-05 11:15 . 2008-03-05 11:15 <REP> d-------- C:\Program Files\Transparent
2008-03-05 11:15 . 2008-03-05 11:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Transparent
2008-03-05 11:15 . 2008-04-02 11:32 69,896 --a------ C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-02 11:05 --------- d-----w C:\Documents and Settings\dodonnell\Application Data\Skype
2008-04-02 11:04 --------- d-----w C:\Documents and Settings\dodonnell\Application Data\skypePM
2008-04-02 11:02 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-03-31 12:17 --------- d-----w C:\Program Files\MSECache
2008-03-31 11:53 --------- d-----w C:\Program Files\Microsoft Works
2008-03-14 08:19 --------- d-----w C:\Documents and Settings\TEACHER\Application Data\4D
2008-03-05 14:11 --------- d-----w C:\Program Files\Macmillan
2008-03-05 09:15 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-27 09:27 --------- d-----w C:\Documents and Settings\dodonnell\Application Data\Download Manager
2008-02-26 10:54 384 ----a-w C:\Program Files\flvtoavi.ini
2008-02-26 10:54 --------- d-----w C:\Program Files\profiles
2008-02-26 10:43 630 ----a-w C:\Program Files\README.txt
2008-02-26 10:43 39,717 ----a-w C:\Program Files\flvtoavi_fourcc_tags.txt
2008-02-26 10:43 384 ----a-w C:\Program Files\ffmpeg_info.txt
2008-02-26 10:43 377,856 ----a-w C:\Program Files\flvtoavi.exe
2008-02-26 10:43 3,598 ----a-w C:\Program Files\flvtoavi_audio_bitrates.txt
2008-02-26 10:43 274 ----a-w C:\Program Files\flvtoavi_resolutions.txt
2008-02-26 10:43 2,323,968 ----a-w C:\Program Files\ffmpeg.exe
2008-02-26 10:42 --------- d-----w C:\Program Files\Total Video Converter
2008-02-18 09:32 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-02-18 09:30 --------- d-----w C:\Program Files\Skype
2008-02-18 09:30 --------- d-----w C:\Program Files\Fichiers communs\Skype
2008-02-18 09:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-02-18 09:08 --------- d-----w C:\Documents and Settings\dodonnell\Application Data\4D
2008-02-08 11:31 --------- d-----w C:\Documents and Settings\Florence\Application Data\Recordpad
2008-02-08 11:31 --------- d-----w C:\Documents and Settings\Florence\Application Data\NCH Swift Sound
2008-02-07 08:51 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-02-05 16:07 --------- d-----w C:\Program Files\WebEx
2008-02-05 14:00 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-02-04 15:09 --------- d-----w C:\Program Files\Real
2008-02-04 15:09 --------- d-----w C:\Program Files\Fichiers communs\xing shared
2008-02-04 15:09 --------- d-----w C:\Program Files\Fichiers communs\Real
2008-01-10 10:31 26,758 ----a-w C:\Program Files\Adobe Premiere Pro CS3 ???????.html
2008-01-08 11:42 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-01-02 14:44 356,352 ----a-w C:\WINDOWS\eSellerateEngine.dll
2007-05-24 23:41 23,558 ----a-w C:\Program Files\Léame de Adobe Premiere Pro CS3.html
2007-05-24 23:39 22,875 ----a-w C:\Program Files\Leggimi di Adobe Premiere Pro CS3.html
2007-05-24 23:34 23,354 ----a-w C:\Program Files\Adobe Premiere Pro CS3 - Bitte lesen.html
2007-05-24 23:33 26,797 ----a-w C:\Program Files\Adobe Premiere Pro CS3 - Lisez-Moi.html
2007-05-24 23:20 20,727 ----a-w C:\Program Files\Adobe Premiere Pro CS3 Read Me.html
2007-04-23 12:21 269,824 ----a-w C:\WINDOWS\inf\WG111v3\Vista64\wg111v3.sys
2007-04-23 12:11 224,896 ----a-w C:\WINDOWS\inf\WG111v3\wg111v3.sys
2006-12-15 09:30 98,304 ----a-w C:\WINDOWS\inf\WG111v3\UScanM.exe
2006-12-15 09:30 66,048 ----a-w C:\WINDOWS\inf\WG111v3\EAPPkt.sys
2006-12-15 09:30 315,392 ----a-w C:\WINDOWS\inf\WG111v3\InstallDriver.exe
2006-12-15 09:30 28,672 ----a-w C:\WINDOWS\inf\WG111v3\SetDrv.exe
2006-12-15 09:30 212,992 ----a-w C:\WINDOWS\inf\WG111v3\CopyWHQLDriver.exe
2006-12-15 09:30 20,480 ----a-w C:\WINDOWS\inf\WG111v3\RTWUPath.exe
2006-12-15 09:30 19,968 ----a-w C:\WINDOWS\inf\WG111v3\RTWREFU.EXE
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 12:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-06 19:37 21898024]
"bcqorfay"="C:\WINDOWS\system32\vorsrczi.exe" [2008-03-26 17:56 94208]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2006-03-07 13:02 53408]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-03-31 18:03 125072]
"DNHelper32"="C:\WINDOWS\system32\DNHlp32.exe" [ ]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 18:20 339968 C:\WINDOWS\stsystra.exe]
"Recordpad"="C:\Program Files\NCH Swift Sound\Recordpad\recordpad.exe" [2008-01-10 11:02 577540]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-28 16:16 385024]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-14 15:49 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-14 15:46 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-10-14 15:50 114688]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-02-04 17:08 185896]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"SDFix"="C:\SDFix\RunThis.bat /second" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 12:00 15360]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 10:15:56 65588]
NETGEAR WG111v3 Smart Wizard.lnk - C:\Program Files\NETGEAR\WG111v3\WG111v3.exe [2006-05-29 20:24:42 1527808]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"FLEXnet Licensing Service"=3 (0x3)
"Bonjour Service"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
R2 orishttp;ORIS Web Server;C:\Program Files\Openfind\OES\bin\orishttp.exe [2007-11-30 11:49]
R2 orisserv;ORIS Index Server;C:\Program Files\Openfind\OES\bin\orisserv.exe [2007-11-30 11:47]
S3 CAROUSB;Covadis Caroline Smart Card Reader;C:\WINDOWS\system32\Drivers\Carousb.sys [2006-09-29 15:30]
S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;C:\WINDOWS\system32\DRIVERS\wg111v3.sys [2007-04-23 14:11]
S3 SIWIO;SIWIO;C:\WINDOWS\TEMP\SiwIo.sys []
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-03-07 11:40:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
************************************************** ************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-02 13:15:48
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
************************************************** ************************
.
Temps d'accomplissement: 2008-04-02 13:16:16
ComboFix-quarantined-files.txt 2008-04-02 11:16:13
Pre-Run: 134,046,363,648 octets libres
Post-Run: 134,035,853,312 octets libres
.
2008-04-02 10:46:53 --- E O F ---

Hijack this log :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:21, on 2008-04-02
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Openfind\OES\bin\orishttp.exe
C:\Program Files\Openfind\OES\bin\orisserv.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\vorsrczi.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\dodonnell\Bureau\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {19188BC4-4E06-48E6-9C54-8E94425AEF02} - (no file)
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [DNHelper32] C:\WINDOWS\system32\DNHlp32.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Recordpad] "C:\Program Files\NCH Swift Sound\Recordpad\recordpad.exe" -logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SDFix] C:\SDFix\RunThis.bat /second
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [bcqorfay] C:\WINDOWS\system32\vorsrczi.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1199267923792
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/f...n_2_0_4_12.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6...ws-i586-jc.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (Contrôleur de DownloadManager) - http://dlm.tools.akamai.com/dlmanage...ex-2.2.1.6.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = btl.local
O17 - HKLM\Software\..\Telephony: DomainName = btl.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = btl.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = btl.local
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: ORIS Web Server (orishttp) - Unknown owner - C:\Program Files\Openfind\OES\bin\orishttp.exe
O23 - Service: ORIS Index Server (orisserv) - Unknown owner - C:\Program Files\Openfind\OES\bin\orisserv.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
--
End of file - 9624 bytes

Thanks again for the help!
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Spurl this Post!Reddit! Wong this Post!
  #4  
Old 04-02-2008
Pancake's Avatar
Senior Security Analyst
  
Posts: 1,620
PC Experience: Elite PC Guru
Location: Victoria, Australia
Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page
Default Re: Hijack this log : impestive "security center" popups
We need to install your Recovery Console first.
Go to Microsoft's website => How to obtain Windows XP Setup boot disks
Select the download that's appropriate for your Operating System



Download the file & save it as its originally named, next to ComboFix.exe.



Now close all open windows and programs, then drag the setup package onto ComboFix.exe and drop it. Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console. When complete, a log named CF_RC.txt will open. Please post the contents of that log.

__________________
  • An Australian Member of
  • and
My real name is Eddy
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Spurl this Post!Reddit! Wong this Post!
  #5  
Old 04-03-2008
danielodo's Avatar
Bronze Member
  
Posts: 6
PC Experience: Experienced
danielodo - See this Members User comments on their Profile page
Default Re: Hijack this log : impestive "security center" popups
Hello again Pancake,

Here is the log from the recovery panel installation.

WinXP_FR_PRO_BF.EXE
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOW S
[operating systems]
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Micro soft Windows XP Professionnel" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

Thanks for your help.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Spurl this Post!Reddit! Wong this Post!
  #6  
Old 04-03-2008
Pancake's Avatar
Senior Security Analyst
  
Posts: 1,620
PC Experience: Elite PC Guru
Location: Victoria, Australia
Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page
Default Re: Hijack this log : impestive "security center" popups
Ok.Nearly done...
Have "Hijack This" fix all the following items in the list below by placing a check in the appropriate boxes.Confirm that you have only the listed ones checked, then press <Fix checked> and Close HJT.

O3 - Toolbar: (no name) - {19188BC4-4E06-48E6-9C54-8E94425AEF02} - (no file)
O4 - HKCU\..\Run: [bcqorfay] C:\WINDOWS\system32\vorsrczi.exe

Reboot...
============================
Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.
It's IMPORTANT to carry out the instructions in the sequence listed below.
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open *notepad* and copy/paste the text in the quotebox below into it:
Killall::
File::
C:\WINDOWS\system32\tmp.reg
C:\WINDOWS\system32\vorsrczi.exe
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"bcqorfay"=-
Save this as CFScript.txt, in the same location as ComboFix.exe which is on the Desktop.


Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt
Please copy and paste the ComboFix.txt along with a fresh HijackThis log in your next reply please.

*Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall*

__________________
  • An Australian Member of
  • and
My real name is Eddy
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Spurl this Post!Reddit! Wong this Post!
  #7  
Old 04-03-2008
danielodo's Avatar
Bronze Member
  
Posts: 6
PC Experience: Experienced
danielodo - See this Members User comments on their Profile page
Default Re: Hijack this log : impestive "security center" popups
Ok, done. Here's the ComboFix Log :
ComboFix 08-04-01.2 - dodonnell 2008-04-03 11:16:38.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.568 [GMT 2:00]
Endroit: C:\Documents and Settings\dodonnell\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\dodonnell\Bureau\CFScript.txt
* Création d'un nouveau point de restauration
FILE ::
C:\WINDOWS\system32\tmp.reg
C:\WINDOWS\system32\vorsrczi.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\tmp.reg
C:\WINDOWS\system32\vorsrczi.exe
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-03 to 2008-04-03 ))))))))))))))))))))))))))))))))))))
.
2008-04-02 16:02 . 2008-04-03 11:00 <REP> d-------- C:\Documents and Settings\dodonnell\Application Data\SiteHound
2008-04-02 16:01 . 2008-04-02 16:01 <REP> d-------- C:\Program Files\FireTrust
2008-04-02 12:57 . 2008-04-02 12:57 <REP> d-------- C:\WINDOWS\ERUNT
2008-04-02 12:57 . 2008-04-02 13:02 <REP> d-------- C:\SDFix
2008-04-01 17:53 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-04-01 17:53 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-04-01 17:53 . 2008-03-22 16:49 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-04-01 17:53 . 2008-03-26 09:50 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-04-01 17:53 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-04-01 17:53 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-04-01 17:53 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-03-31 10:38 . 2008-03-31 10:38 114,688 --a------ C:\WINDOWS\system32\mjepirif.exe
2008-03-27 16:07 . 2008-03-27 16:07 <REP> d-------- C:\Program Files\PC-Cleaner
2008-03-27 15:25 . 2008-03-27 15:25 110,592 --a------ C:\WINDOWS\system32\hqfivwzo.exe
2008-03-27 14:04 . 2008-03-27 14:04 2,855 --a------ C:\WINDOWS\system32temp#01.PIF
2008-03-27 13:42 . 2008-03-27 13:42 <REP> d-------- C:\Documents and Settings\dodonnell\Application Data\Talkback
2008-03-27 13:42 . 2008-03-27 13:42 0 --a------ C:\WINDOWS\nsreg.dat
2008-03-27 10:20 . 2008-03-27 10:20 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-03-27 10:20 . 2008-03-27 11:16 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-26 17:56 . 2008-03-26 17:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\lejatqro
2008-03-06 11:21 . 2008-03-06 11:21 <REP> d-------- C:\WINDOWS\Sun
2008-03-06 11:20 . 2008-03-06 11:20 <REP> d-------- C:\Program Files\Java
2008-03-06 11:20 . 2008-03-07 12:03 <REP> d-------- C:\Program Files\Google
2008-03-06 11:20 . 2008-02-22 03:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-03-06 11:19 . 2008-03-06 11:19 <REP> d-------- C:\Program Files\Fichiers communs\Java
2008-03-05 17:20 . 2008-03-05 17:20 <REP> d-------- C:\Documents and Settings\dodonnell\Application Data\Uniblue
2008-03-05 16:11 . 2008-03-05 16:11 <REP> d-------- C:\Program Files\Fichiers communs\YDP
2008-03-05 11:15 . 2008-03-05 11:15 <REP> d-------- C:\Program Files\Transparent
2008-03-05 11:15 . 2008-03-05 11:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Transparent
2008-03-05 11:15 . 2008-04-02 11:32 69,896 --a------ C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-03 09:20 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-04-03 08:55 --------- d-----w C:\Documents and Settings\dodonnell\Application Data\Skype
2008-04-03 08:50 --------- d-----w C:\Documents and Settings\dodonnell\Application Data\skypePM
2008-04-03 08:49 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-03-31 12:17 --------- d-----w C:\Program Files\MSECache
2008-03-31 11:53 --------- d-----w C:\Program Files\Microsoft Works
2008-03-14 08:19 --------- d-----w C:\Documents and Settings\TEACHER\Application Data\4D
2008-03-05 14:11 --------- d-----w C:\Program Files\Macmillan
2008-03-05 09:15 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-27 09:27 --------- d-----w C:\Documents and Settings\dodonnell\Application Data\Download Manager
2008-02-26 10:54 384 ----a-w C:\Program Files\flvtoavi.ini
2008-02-26 10:54 --------- d-----w C:\Program Files\profiles
2008-02-26 10:43 630 ----a-w C:\Program Files\README.txt
2008-02-26 10:43 39,717 ----a-w C:\Program Files\flvtoavi_fourcc_tags.txt
2008-02-26 10:43 384 ----a-w C:\Program Files\ffmpeg_info.txt
2008-02-26 10:43 377,856 ----a-w C:\Program Files\flvtoavi.exe
2008-02-26 10:43 3,598 ----a-w C:\Program Files\flvtoavi_audio_bitrates.txt
2008-02-26 10:43 274 ----a-w C:\Program Files\flvtoavi_resolutions.txt
2008-02-26 10:43 2,323,968 ----a-w C:\Program Files\ffmpeg.exe
2008-02-26 10:42 --------- d-----w C:\Program Files\Total Video Converter
2008-02-18 09:32 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-02-18 09:30 --------- d-----w C:\Program Files\Skype
2008-02-18 09:30 --------- d-----w C:\Program Files\Fichiers communs\Skype
2008-02-18 09:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-02-18 09:08 --------- d-----w C:\Documents and Settings\dodonnell\Application Data\4D
2008-02-08 11:31 --------- d-----w C:\Documents and Settings\Florence\Application Data\Recordpad
2008-02-08 11:31 --------- d-----w C:\Documents and Settings\Florence\Application Data\NCH Swift Sound
2008-02-07 08:51 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-02-05 16:07 --------- d-----w C:\Program Files\WebEx
2008-02-05 14:00 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-02-04 15:09 --------- d-----w C:\Program Files\Real
2008-02-04 15:09 --------- d-----w C:\Program Files\Fichiers communs\xing shared
2008-02-04 15:09 --------- d-----w C:\Program Files\Fichiers communs\Real
2008-01-10 10:31 26,758 ----a-w C:\Program Files\Adobe Premiere Pro CS3 ???????.html
2008-01-08 11:42 737,280 ----a-w C:\WINDOWS\iun6002.exe
2007-05-24 23:41 23,558 ----a-w C:\Program Files\Léame de Adobe Premiere Pro CS3.html
2007-05-24 23:39 22,875 ----a-w C:\Program Files\Leggimi di Adobe Premiere Pro CS3.html
2007-05-24 23:34 23,354 ----a-w C:\Program Files\Adobe Premiere Pro CS3 - Bitte lesen.html
2007-05-24 23:33 26,797 ----a-w C:\Program Files\Adobe Premiere Pro CS3 - Lisez-Moi.html
2007-05-24 23:20 20,727 ----a-w C:\Program Files\Adobe Premiere Pro CS3 Read Me.html
.
((((((((((((((((((((((((((((( snapshot@2008-04-02_13.16.04,54 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-03 09:20:29 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_8a8.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 12:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-06 19:37 21898024]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2006-03-07 13:02 53408]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-03-31 18:03 125072]
"DNHelper32"="C:\WINDOWS\system32\DNHlp32.exe" [ ]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 18:20 339968 C:\WINDOWS\stsystra.exe]
"Recordpad"="C:\Program Files\NCH Swift Sound\Recordpad\recordpad.exe" [2008-01-10 11:02 577540]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-28 16:16 385024]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-14 15:49 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-14 15:46 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-10-14 15:50 114688]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-02-04 17:08 185896]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"SDFix"="C:\SDFix\RunThis.bat /second" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 12:00 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"FLEXnet Licensing Service"=3 (0x3)
"Bonjour Service"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
R2 orishttp;ORIS Web Server;C:\Program Files\Openfind\OES\bin\orishttp.exe [2007-11-30 11:49]
R2 orisserv;ORIS Index Server;C:\Program Files\Openfind\OES\bin\orisserv.exe [2007-11-30 11:47]
S3 CAROUSB;Covadis Caroline Smart Card Reader;C:\WINDOWS\system32\Drivers\Carousb.sys [2006-09-29 15:30]
S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;C:\WINDOWS\system32\DRIVERS\wg111v3.sys [2007-04-23 14:11]
S3 SIWIO;SIWIO;C:\WINDOWS\TEMP\SiwIo.sys []
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-03-07 11:40:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
************************************************** ************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-03 11:21:00
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
************************************************** ************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\verclsid.exe
.
************************************************** ************************
.
Temps d'accomplissement: 2008-04-03 11:25:13 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-03 09:25:08
ComboFix2.txt 2008-04-02 11:16:17
Pre-Run: 135,763,755,008 octets libres
Post-Run: 135,760,322,560 octets libres
.
2008-04-02 10:46:53 --- E O F ---

AND here's the hijack this log :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:28, on 2008-04-03
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Openfind\OES\bin\orishttp.exe
C:\Program Files\Openfind\OES\bin\orisserv.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\dodonnell\Bureau\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Fire-Trust SiteHound - {C86AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - C:\Program Files\FireTrust\SiteHound\SiteHound.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: SiteHound - {73F7F495-A325-4C52-BE48-5F97FA511E89} - C:\Program Files\FireTrust\SiteHound\SiteHound.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [DNHelper32] C:\WINDOWS\system32\DNHlp32.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Recordpad] "C:\Program Files\NCH Swift Sound\Recordpad\recordpad.exe" -logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SDFix] C:\SDFix\RunThis.bat /second
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {11316B13-33F0-4C9F-BD55-09994CCFA8EB} - C:\Program Files\FireTrust\SiteHound\SiteHound.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra bu