Trojans and KeyLoggers - Please help me ! |
Discover the best free computer help!
Learn more about Geeks to Go by taking the tour. Spyware, virus, trojan, fake security or privacy alerts? Read the malware cleaning guide.
Learn more about Geeks to Go by taking the tour. Spyware, virus, trojan, fake security or privacy alerts? Read the malware cleaning guide.
  |
 Dec 10 2006, 05:58 PM
Post
#1
|
||
|
New Member  Posts: 2 OS: Xp  |
I would need some help... big time. I am using windows XP. I also use multiple antivirus an anti-malware softwares (Spy-Bot, Zone Alarm, Ad-Aware, AVG, SpyDoctor evaluation version). For the past 2 months, I have been detecting multiple trojans and keyloggers and other malwares. Sometimes, I can delete them without a problem. But usualy, It is impossible to remove them, even if I load windows in Safe Mode ! SpyBot is detecting problems with something called CMFibula and PSCastor... and these 2 problems are around for the past 2 months... I was never able to remove them (see picture in attachment). SpyDoctor detects multiple trojans and keyloggers that can be suppress but...they keep coming back.  Here is my HiJackThis log: thanks Logfile of HijackThis v1.99.1 Scan saved at 18:09:16, on 2006-12-10 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe E:\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe E:\MacDisk\lsdiorw\lsdiorw.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\nvsvc32.exe e:\Spyware Doctor\sdhelp.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\System32\wdfmgr.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\svchost.exe E:\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE E:\iTunes\iTunesHelper.exe E:\Acrobat 7.0\Distillr\Acrotray.exe E:\Acrobat 7.0\Distillr\Acrotray.exe E:\Gadwin Systems\PrintScreen\PrintScreen.exe C:\Program Files\iPod\bin\iPodService.exe E:\Spyware Doctor\swdoctor.exe E:\Acrobat 7.0\Acrobat\acrobat_sl.exe C:\WINDOWS\Twain_32\QuickCam\HVideoS.exe C:\Documents and Settings\Patrick\Bureau\HijackThis.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe C:\WINDOWS\system32\NOTEPAD.EXE E:\Spyware Doctor\Update.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://rds.ca/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://proxy.umontreal.ca:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - Default URLSearchHook is missing O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {448EB527-9581-494C-9447-15646428C308} - (no file) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - E:\Spyware Doctor\tools\iesdsg.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - E:\Spyware Doctor\tools\iesdpb.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [Zone Labs Client] "E:\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [LVCOMS] "C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE" O4 - HKLM\..\Run: [iTunesHelper] "E:\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "E:\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck /autofix O4 - HKCU\..\Run: [Gadwin PrintScreen 3.1] E:\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash O4 - HKCU\..\Run: [Spyware Doctor] "E:\Spyware Doctor\swdoctor.exe" /Q O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O8 - Extra context menu item: Convert link target to Adobe PDF - res://E:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://E:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://E:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://E:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://E:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://E:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://E:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://E:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://E:\Microsoft Office\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - E:\Spyware Doctor\tools\iesdpb.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\Microsoft Office\OFFICE11\REFIEBAR.DLL O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - e:\PartyPoker\PartyPoker\RunApp.exe O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - e:\PartyPoker\PartyPoker\RunApp.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSN Messenger\msgrapp.dll" (file missing) O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) O21 - SSODL: HQFfKqlTVotupg - {E4AB277A-4E01-8DD0-D631-5614BBEB968F} - (no file) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - E:\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Lsdiorw - Logiciels & Services Duhem, Paris, France - E:\MacDisk\lsdiorw\lsdiorw.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - e:\Spyware Doctor\sdhelp.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Attached thumbnail(s)
|
|
 |
 
|
|
Dec 12 2006, 12:51 PM
Post
#2
|
|
 Geek U Admin  Posts: 18,562 From: Michigan, USA OS: All Windows Os's 
|
I don't speak French, but it appears to me that you are getting help here already.
Don't waste our time by posting on multiple forums. We have other people that we could be helping. |
|
|
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
Similar Topics
| Topic Title | Replies / Views | Topic Information | |||||
|---|---|---|---|---|---|---|---|
 |
 |
11 / 538 | 16th June 2006 - 02:06 AM Nick_the_man started - last by Jag11 |
||||
 |
187 / 8,464 | 22nd October 2006 - 01:36 PM playsoldier3 started - last by JSntgRvr |
|||||
|
6 / 1,225 | 11th September 2007 - 02:29 PM jrich started - last by miekiemoes |
|||||
|
0 / 77 | 9th October 2008 - 04:00 AM bdghvy started - last by bdghvy |
|||||
|
Time is now: 1st December 2008 - 11:03 AM |
| Advertisements do not imply our endorsement of that product or service. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. |
