kouye

Hi,
I am running XP Home SP2 and for the past few days, I have been having a message poping up very regularly on the notification area of the system tray (bottom right) that says :
"System Alert !
System has detected a number of active spyware applications that may impact the performance of your computer"
The message is located on a flashing red shield icon. When I click on the message, Internet Explorer starts up on the Virus Protect Pro web site (www.virusprotectpro.com/?aff=1003) and suggests I acquire and download the product.
The online Symantec vulnerability/virus detection reveals no spyware/adware/virus. Neither does BitDefender Online. Windows Defender, A Squared, Spyware S&D, AdAware SE are equally unsuccessful in detecting anything unusual.
I have run the 5 steps and here are the results.
Thanks for your kind help,
Edward

Panda ActiveScan report :


Incident Status Location

Virus:Trj/Lowzones.TQ Disinfected Operating system
Virus:W32/Moonlight.K.worm Disinfected Operating system
Adware:Adware/Spylocked Not disinfected C:\WINDOWS\system32\zpeolvh.dll
Virus:Trj/Lowzones.TQ Disinfected Operating system
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\gaby\Cookies\gaby@888[2].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\gaby\Cookies\gaby@xiti[1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Michele\Cookies\michele@advertising[1].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Michele\Cookies\michele@bluestreak[2].txt
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Michele\Cookies\michele@clickbank[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Michele\Cookies\michele@doubleclick[1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Michele\Cookies\michele@overture[2].txt
Spyware:Cookie/Weborama Not disinfected C:\Documents and Settings\Michele\Cookies\michele@weborama[2].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Michele\Cookies\michele@xiti[1].txt
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\rafio\Cookies\rafio@ccbill[2].txt
Spyware:Cookie/Malwarewipe Not disinfected C:\Documents and Settings\rafio\Cookies\rafio@malwarewiped[2].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\rafio\Cookies\rafio@xiti[1].txt
Adware:Adware/2Search Not disinfected C:\Documents and Settings\rafio\Local Settings\Temp\a.exe
Virus:W32/Moonlight.K.worm Disinfected C:\Documents and Settings\rafio\Local Settings\Temp\juan.dll
Adware:Adware/WebSearch Not disinfected C:\Documents and Settings\rafio\Local Settings\Temp\laf38.tmp
Adware:Adware/2Search Not disinfected C:\Program Files\PopsMedia Site Adviser\vm5_killer.exe
Potentially unwanted tool:Application/SpyCrush Not disinfected C:\Program Files\VirusProtectPro 3.3\VirusProtectPro 3.3.exe
Virus:Trj/Lowzones.TQ Disinfected C:\WINDOWS\system32\ughavil.dll



HijackThis log :

Deckard's System Scanner v20070611.50
Run by Michele on 2007-07-05 at 00:02:23
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
58: 2007-07-04 22:02:27 UTC - RP58 - Deckard's System Scanner Restore Point
57: 2007-07-04 21:47:24 UTC - RP57 - Software Distribution Service 3.0
56: 2007-07-04 16:51:40 UTC - RP56 - Software Distribution Service 3.0
55: 2007-07-04 16:49:00 UTC - RP55 - Installed Windows Defender
54: 2007-07-04 13:24:18 UTC - RP54 - Removed Windows Live Sign-in Assistant


-- First Restore Point --
1: 2007-05-25 08:11:21 UTC - RP1 - Point de vérification système


Backed up registry hives.

Performed disk cleanup.


-- HijackThis (run as Michele.exe) ---------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 00:03:59, on 05/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\a-squared free\a2service.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\PROGRA~1\FICHIE~1\LIBRES~1\gescw.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\fond-ecran-wallpaper\few-oneclick.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\Z6W4D3XZ\dss[1].exe
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\PROGRA~1\HIJACK~1\Michele.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {184746EC-9E9D-4C7D-B9E7-9039EBD801A9} - C:\Program Files\Video ActiveX Access\iesplg.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {E12BFF69-38A7-406e-A8EF-2738107A7831} - C:\DOCUME~1\rafio\LOCALS~1\Temp\juan.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Protection Bar - {29C5A3B6-9A8D-4FA0-B5AD-3E20F4AA5C00} - C:\Program Files\Video ActiveX Access\iesbpl.dll (file missing)
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [gescw] "C:\PROGRA~1\FICHIE~1\LIBRES~1\gescw.exe" -start
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SecurityUpdate] rundll32.exe C:\WINDOWS\system32\ughavil.dll,TurnOn2
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Fond Ecran OneClick.lnk = C:\Program Files\fond-ecran-wallpaper\few-oneclick.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O4 - Global Startup: officejet 6100.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?917e05e77b6848b6b69ae8fca894030c
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?917e05e77b6848b6b69ae8fca894030c
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1180081533796
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/s...nerADP-1.0.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a-squared free\a2service.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h cltCommon (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe


-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 AFS2K - c:\windows\system32\drivers\afs2k.sys <Not Verified; Oak Technology Inc.; AFS>

S3 CO_Mon - c:\windows\system32\drivers\co_mon.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.


-- Scheduled Tasks -------------------------------------------------------------

2007-07-05 00:00:22 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2007-07-04 23:57:47 436 --a------ C:\WINDOWS\Tasks\XoftSpySE 2.job
2007-07-04 23:41:01 252 --a------ C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
2007-07-04 18:38:39 366 --a------ C:\WINDOWS\Tasks\XoftSpySE.job
2007-07-04 09:31:00 394 --a------ C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2100 series#1180510256.job
2007-07-02 20:00:00 596 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Analyse système complète - Donnard.job


-- Files created between 2007-06-05 and 2007-07-05 -----------------------------

2007-07-04 23:52:37 0 d-------- C:\WINDOWS\system32\fr-fr
2007-07-04 23:49:24 0 d-------- C:\WINDOWS\network diagnostic
2007-07-04 23:25:56 0 d-------- C:\Program Files\SpywareBlaster
2007-07-04 22:05:10 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-07-04 18:49:02 0 d-------- C:\Program Files\Windows Defender
2007-07-04 18:38:36 0 d-------- C:\Program Files\XoftSpySE
2007-07-04 17:50:21 0 d-------- C:\WINDOWS\BDOSCAN8
2007-07-04 17:22:02 28672 --a------ C:\WINDOWS\system32\drivers\CO_Mon.sys
2007-07-04 15:56:53 0 d-------- C:\Program Files\a-squared Free
2007-07-04 15:28:29 0 d-------- C:\Documents and Settings\Michele\Application Data\Lavasoft
2007-07-04 15:28:20 0 d-------- C:\Program Files\Lavasoft
2007-07-04 15:23:53 0 d-------- C:\WINDOWS\system32\appmgmt
2007-07-04 11:24:12 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-07-04 11:15:52 88527 --a------ C:\Documents and Settings\Michele\scan.dat
2007-07-03 21:35:41 0 d-------- C:\Documents and Settings\Donnard\Application Data\libresystem
2007-07-03 14:42:18 0 d-------- C:\Documents and Settings\rafio\Application Data\libresystem
2007-07-03 07:17:07 0 d-------- C:\Documents and Settings\Michele\Application Data\libresystem
2007-07-03 07:12:02 0 d-------- C:\Program Files\Fichiers communs\LibreSystem
2007-07-03 07:05:08 0 dr------- C:\Documents and Settings\All Users\Application Data\libresystem
2007-07-03 07:05:03 0 d-------- C:\Program Files\LibreSystem
2007-07-02 13:42:51 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-07-02 13:42:49 0 d-------- C:\Program Files\VirusProtectPro 3.3
2007-07-02 13:42:25 0 d-------- C:\Program Files\PopsMedia Site Adviser
2007-06-30 21:19:00 0 d---s---- C:\Documents and Settings\rafio\UserData
2007-06-29 14:54:58 0 d-------- C:\Documents and Settings\rafio\Application Data\AdobeUM
2007-06-29 14:54:31 0 d-------- C:\Documents and Settings\rafio\Application Data\Adobe
2007-06-27 21:47:42 0 d-------- C:\Program Files\Windows Media Connect 2
2007-06-27 21:45:00 0 d-------- C:\WINDOWS\system32\LogFiles
2007-06-27 21:45:00 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2007-06-25 21:33:33 0 d-------- C:\Documents and Settings\Donnard\Application Data\Dossier de téléchargement Share-to-Web
2007-06-25 21:33:33 0 d-------- C:\Documents and Settings\Donnard\Application Data\Dossier de téléchargement Share-to-Web
2007-06-24 11:11:08 0 d-------- C:\Documents and Settings\Michele\Contacts
2007-06-12 00:03:10 0 d-------- C:\Documents and Settings\Donnard\Application Data\Help
2007-06-11 00:01:03 0 d-------- C:\Documents and Settings\Donnard\Application Data\Macromedia
2007-06-10 23:59:01 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2007-06-10 16:43:06 0 d-------- C:\Documents and Settings\Donnard\Application Data\AdobeUM
2007-06-10 16:42:42 0 d-------- C:\Documents and Settings\Donnard\Application Data\Adobe
2007-06-10 16:39:08 0 d-------- C:\Documents and Settings\Donnard\Application Data\Google
2007-06-05 20:12:44 0 d-------- C:\Program Files\fond-ecran-wallpaper
2007-06-05 20:12:39 75541 --a------ C:\WINDOWS\system32\un_coucherdesoleil_ev.exe
2007-06-05 20:12:39 885318 --a------ C:\WINDOWS\system32\sunset.scr <Not Verified; ecran-de-veille.org; >


-- Find3M Report ---------------------------------------------------------------

2007-07-04 23:57:19 0 d-------- C:\Program Files\Fichiers communs\Symantec Shared
2007-07-04 22:40:32 0 d-------- C:\Program Files\Windows Live Toolbar
2007-07-04 22:40:14 0 d-------- C:\Program Files\Norton AntiVirus
2007-07-04 22:38:03 0 d-------- C:\Program Files\Google
2007-07-04 18:49:04 0 d-------- C:\Program Files\Fichiers communs\Microsoft Shared
2007-07-03 07:12:02 0 d-------- C:\Program Files\Fichiers communs
2007-06-28 08:34:01 8704 --a-s---- C:\WINDOWS\system32\zpeolvh.dll
2007-06-14 01:12:46 0 d-------- C:\Program Files\Fichiers communs\System
2007-06-09 16:37:24 0 d-------- C:\Documents and Settings\Michele\Application Data\Google
2007-06-04 10:07:46 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-06-03 17:57:57 0 d-------- C:\Program Files\Windows Live Favorites
2007-06-01 22:42:59 0 d-------- C:\Documents and Settings\Michele\Application Data\AdobeUM
2007-06-01 18:37:05 0 d-------- C:\Documents and Settings\Michele\Application Data\Adobe
2007-06-01 18:35:20 0 d-------- C:\Program Files\Fichiers communs\Adobe
2007-06-01 18:08:07 0 d-------- C:\Documents and Settings\Michele\Application Data\Macromedia
2007-05-30 17:38:24 0 d-------- C:\Program Files\MSXML 4.0
2007-05-30 10:07:09 0 d-------- C:\Documents and Settings\Michele\Application Data\ArcSoft
2007-05-30 09:37:08 0 d-------- C:\Documents and Settings\Michele\Application Data\Dossier de téléchargement Share-to-Web
2007-05-30 09:37:08 0 d-------- C:\Documents and Settings\Michele\Application Data\Dossier de téléchargement Share-to-Web
2007-05-30 09:34:38 0 d-------- C:\Program Files\Fichiers communs\Nikon
2007-05-30 09:34:21 0 d-------- C:\Program Files\Nikon
2007-05-30 09:34:21 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-05-30 09:34:06 0 d-------- C:\Program Files\QuickTime
2007-05-30 09:33:56 28672 --a------ C:\WINDOWS\system32\qttask.exe
2007-05-30 09:33:26 0 d-------- C:\Program Files\ArcSoft
2007-05-30 09:30:47 0 d-------- C:\Program Files\ReadIris
2007-05-30 09:26:52 0 d-------- C:\Program Files\Fichiers communs\Hewlett-Packard
2007-05-30 09:25:14 0 d-------- C:\Program Files\Hewlett-Packard
2007-05-30 09:19:11 0 d-------- C:\Program Files\Logitech
2007-05-30 09:19:11 0 d-------- C:\Program Files\Fichiers communs\FotoWire
2007-05-30 09:17:10 0 d-------- C:\Program Files\Fichiers communs\Logitech
2007-05-30 07:01:22 367658 --a------ C:\WINDOWS\system32\perfh00C.dat
2007-05-30 07:01:22 48616 --a------ C:\WINDOWS\system32\perfc00C.dat
2007-05-25 13:42:02 0 d-------- C:\Program Files\Messenger
2007-05-25 11:51:50 0 d-------- C:\Program Files\Fichiers communs\ODBC
2007-05-25 11:51:46 0 d-------- C:\Program Files\Fichiers communs\SpeechEngines
2007-05-25 11:51:19 62 --ahs---- C:\Documents and Settings\Michele\Application Data\desktop.ini
2007-05-25 11:44:42 0 d-------- C:\Documents and Settings\Michele\Application Data\Identities
2007-05-25 11:21:51 0 d-------- C:\Program Files\Fichiers communs\Designer
2007-05-25 11:20:30 0 d-------- C:\Program Files\microsoft frontpage
2007-05-25 10:42:26 0 d-------- C:\Program Files\Symantec
2007-05-25 10:20:31 0 d-------- C:\Program Files\Fichiers communs\InstallShield
2007-05-25 10:05:35 0 -rahs---- C:\MSDOS.SYS
2007-05-25 10:05:35 0 -rahs---- C:\IO.SYS
2007-05-25 10:05:35 0 --a------ C:\CONFIG.SYS
2007-05-25 10:05:35 0 --a------ C:\AUTOEXEC.BAT
2007-05-25 10:04:02 0 d--h----- C:\Program Files\WindowsUpdate
2007-05-25 10:03:58 0 d-------- C:\Program Files\Services en ligne
2007-05-25 10:03:11 0 d-------- C:\Program Files\Fichiers communs\Services
2007-05-25 10:03:07 0 d-------- C:\Program Files\Fichiers communs\MSSoap
2007-05-25 10:02:57 0 d-------- C:\Program Files\Movie Maker
2007-05-25 10:02:00 21892 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-05-25 10:01:36 0 d-------- C:\Program Files\Online Services
2007-05-25 10:01:26 0 d-------- C:\Program Files\MSN Gaming Zone
2007-05-25 10:01:17 0 d-------- C:\Program Files\Windows NT


-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{184746EC-9E9D-4C7D-B9E7-9039EBD801A9} C:\Program Files\Video ActiveX Access\iesplg.dll [x]
{53707962-6F74-2D53-2644-206D7942484F} C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} c:\program files\google\googletoolbar1.dll
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} C:\Program Files\Windows Live Toolbar\msntb.dll
{E12BFF69-38A7-406e-A8EF-2738107A7831} C:\DOCUME~1\rafio\LOCALS~1\Temp\juan.dll [x]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"AlcxMonitor"="ALCXMNTR.EXE"
"ccApp"="\"C:\\Program Files\\Fichiers communs\\Symantec Shared\\ccApp.exe\""
"osCheck"="\"C:\\Program Files\\Norton AntiVirus\\osCheck.exe\""
"Symantec PIF AlertEng"="\"C:\\Program Files\\Fichiers communs\\Symantec Shared\\PIF\\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\\PIFSvc.exe\" /a /m \"C:\\Program Files\\Fichiers communs\\Symantec Shared\\PIF\\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\\AlertEng.dll\""
"LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"
"LogitechVideoRepair"="C:\\Program Files\\Logitech\\Video\\ISStart.exe"
"LogitechVideoTray"="C:\\Program Files\\Logitech\\Video\\LogiTray.exe"
"Share-to-Web Namespace Daemon"="C:\\Program Files\\Hewlett-Packard\\HP Share-to-Web\\hpgs2wnd.exe"
"gescw"="\"C:\\PROGRA~1\\FICHIE~1\\LIBRES~1\\gescw.exe\" -start"
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"SecurityUpdate"="rundll32.exe C:\\WINDOWS\\system32\\ughavil.dll,TurnOn2"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"LogitechSoftwareUpdate"="\"C:\\Program Files\\Logitech\\Video\\ManifestEngine.exe\" boot"
"updateMgr"="C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe AcRdB7_0_9"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{4688f900-0d0c-4788-b297-59cc10e70ccc}"="amberoids"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0



-- End of Deckard's System Scanner: finished at 2007-07-05 at 00:04:44 ---------

Attached Files

extra.txt (18.9 KB, 2 views)