Here I am again
I did all what you said but had to improvize a little bit
First, in the second step I replaced the file hyszpj by another name that I don't remember (sorry) and the other one (vdzrzv.exe) too because I know it is a polymorphic spyware and I couldn't find the one you told me
second, in step 8 you told me to check and fix a few things in hjt and I couldn't find this line : O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
Otherwise, everything went marvelous right and here are my logs:
---------------------------------------------------------
ewido security suite - Rapport de scan
---------------------------------------------------------
+ Créé le: 18:45:38, 2005-07-08
+ Somme de contrôle: C0A7B955
+ Date des signatures: 2005-06-09
+ Version du moteur de recherche: v3.0
+ Temps: 82 min
+ Fichiers scannés: 111644
+ Vitesse: 22.63 Fichiers/Secondes
+ Fichers infectés: 66
+ Fichiers supprimés: 66
+ Fichiers mis en quarantaine: 66
+ Fichiers ne pouvant pas être ouverts: 0
+ Fichiers ne pouvant pas être nettoyés: 0
+ Liés: Oui
+ Cryptés: Oui
+ Archives: Non
+ Elements scannés:
C:\
D:\
+ Résultats du scan:
C:\Documents and Settings\beg\Cookies\beg@70062990[2].txt -> Spyware.Tracking-Cookie -> Nettoyer et sauvegarder
C:\Documents and Settings\beg\Cookies\
[email protected][1].txt -> Spyware.Tracking-Cookie -> Nettoyer et sauvegarder
C:\Documents and Settings\beg\Cookies\beg@advertising[1].txt -> Spyware.Tracking-Cookie -> Nettoyer et sauvegarder
C:\Documents and Settings\beg\Cookies\beg@atdmt[2].txt -> Spyware.Tracking-Cookie -> Nettoyer et sauvegarder
C:\Documents and Settings\beg\Cookies\
[email protected][1].txt -> Spyware.Tracking-Cookie -> Nettoyer et sauvegarder
C:\Documents and Settings\beg\Cookies\beg@doubleclick[1].txt -> Spyware.Tracking-Cookie -> Nettoyer et sauvegarder
C:\Documents and Settings\beg\Cookies\
[email protected][2].txt -> Spyware.Tracking-Cookie -> Nettoyer et sauvegarder
C:\Documents and Settings\beg\Cookies\
[email protected][1].txt -> Spyware.Tracking-Cookie -> Nettoyer et sauvegarder
C:\Documents and Settings\beg\Cookies\beg@sextracker[1].txt -> Spyware.Tracking-Cookie -> Nettoyer et sauvegarder
C:\Documents and Settings\beg\Cookies\beg@spylog[1].txt -> Spyware.Tracking-Cookie -> Nettoyer et sauvegarder
C:\Documents and Settings\beg\Cookies\beg@targetnet[2].txt -> Spyware.Tracking-Cookie -> Nettoyer et sauvegarder
C:\Documents and Settings\beg\Cookies\beg@tribalfusion[1].txt -> Spyware.Tracking-Cookie -> Nettoyer et sauvegarder
C:\Documents and Settings\beg\Cookies\
[email protected][2].txt -> Spyware.Tracking-Cookie -> Nettoyer et sauvegarder
C:\Documents and Settings\beg\Cookies\
[email protected][1].txt -> Spyware.Tracking-Cookie -> Nettoyer et sauvegarder
C:\System Volume Information\_restore{C592EEE8-8362-4445-98F0-1FDC60FA539D}\RP162\A0031828.exe -> Trojan.Nail -> Nettoyer et sauvegarder
C:\System Volume Information\_restore{C592EEE8-8362-4445-98F0-1FDC60FA539D}\RP162\A0031844.exe -> Trojan.Stervis.c -> Nettoyer et sauvegarder
C:\System Volume Information\_restore{C592EEE8-8362-4445-98F0-1FDC60FA539D}\RP162\A0031854.dll -> Trojan.Agent.db -> Nettoyer et sauvegarder
C:\System Volume Information\_restore{C592EEE8-8362-4445-98F0-1FDC60FA539D}\RP162\A0031860.exe -> Spyware.BetterInternet -> Nettoyer et sauvegarder
C:\System Volume Information\_restore{C592EEE8-8362-4445-98F0-1FDC60FA539D}\RP162\A0031867.exe -> Trojan.Nail -> Nettoyer et sauvegarder
C:\System Volume Information\_restore{C592EEE8-8362-4445-98F0-1FDC60FA539D}\RP162\A0031877.exe -> Spyware.BetterInternet -> Nettoyer et sauvegarder
C:\System Volume Information\_restore{C592EEE8-8362-4445-98F0-1FDC60FA539D}\RP162\A0031889.exe -> Spyware.BetterInternet -> Nettoyer et sauvegarder
C:\System Volume Information\_restore{C592EEE8-8362-4445-98F0-1FDC60FA539D}\RP162\A0031890.exe -> Spyware.BetterInternet -> Nettoyer et sauvegarder
C:\System Volume Information\_restore{C592EEE8-8362-4445-98F0-1FDC60FA539D}\RP162\A0031901.exe -> Spyware.BetterInternet -> Nettoyer et sauvegarder
C:\System Volume Information\_restore{C592EEE8-8362-4445-98F0-1FDC60FA539D}\RP162\A0031935.exe -> Spyware.BetterInternet -> Nettoyer et sauvegarder
C:\System Volume Information\_restore{C592EEE8-8362-4445-98F0-1FDC60FA539D}\RP163\A0032060.exe -> Spyware.BetterInternet -> Nettoyer et sauvegarder
C:\System Volume Information\_restore{C592EEE8-8362-4445-98F0-1FDC60FA539D}\RP163\A0032075.exe -> Spyware.BetterInternet -> Nettoyer et sauvegarder
C:\System Volume Information\_restore{C592EEE8-8362-4445-98F0-1FDC60FA539D}\RP163\A0032086.exe -> Spyware.BetterInternet -> Nettoyer et sauvegarder
C:\System Volume Information\_restore{C592EEE8-8362-4445-98F0-1FDC60FA539D}\RP163\A0032105.exe -> Spyware.BetterInternet -> Nettoyer et sauvegarder
C:\System Volume Information\_restore{C592EEE8-8362-4445-98F0-1FDC60FA539D}\RP163\A0032118.exe -> Spyware.BetterInternet -> Nettoyer et sauvegarder
C:\System Volume Information\_restore{C592EEE8-8362-4445-98F0-1FDC60FA539D}\RP163\A0032128.exe -> Spyware.BetterInternet -> Nettoyer et sauvegarder
C:\System Volume Information\_restore{C592EEE8-8362-4445-98F0-1FDC60FA539D}\RP163\A0032139.exe -> Spyware.BetterInternet -> Nettoyer et sauvegarder
C:\System Volume Information\_restore{C592EEE8-8362-4445-98F0-1FDC60FA539D}\RP165\A0032160.exe -> Spyware.BetterInternet -> Nettoyer et sauvegarder
C:\System Volume Information\_restore{C592EEE8-8362-4445-98F0-1FDC60FA539D}\RP166\A0032176.exe -> Spyware.BetterInternet -> Nettoyer et sauvegarder
C:\System Volume Information\_restore{C592EEE8-8362-4445-98F0-1FDC60FA539D}\RP166\A0032186.exe -> Spyware.BetterInternet -> Nettoyer et sauvegarder
C:\System Volume Information\_restore{C592EEE8-8362-4445-98F0-1FDC60FA539D}\RP169\A0032302.exe -> Spyware.BetterInternet -> Nettoyer et sauvegarder
C:\System Volume Information\_restore{C592EEE8-8362-4445-98F0-1FDC60FA539D}\RP169\A0032322.exe -> Spyware.BetterInternet -> Nettoyer et sauvegarder
C:\System Volume Information\_restore{C592EEE8-8362-4445-98F0-1FDC60FA539D}\RP169\A0032334.exe -> Spyware.BetterInternet -> Nettoyer et sauvegarder
C:\System Volume Information\_restore{C592EEE8-8362-4445-98F0-1FDC60FA539D}\RP169\A0032354.exe -> Spyware.BetterInternet -> Nettoyer et sauvegarder
C:\System Volume Information\_restore{C592EEE8-8362-4445-98F0-1FDC60FA539D}\RP169\A0032364.exe -> Spyware.BetterInternet -> Nettoyer et sauvegarder
C:\System Volume Information\_restore{C592EEE8-8362-4445-98F0-1FDC60FA539D}\RP169\A0032374.exe -> Spyware.BetterInternet -> Nettoyer et sauvegarder
C:\System Volume Information\_restore{C592EEE8-8362-4445-98F0-1FDC60FA539D}\RP169\A0032393.exe -> Spyware.BetterInternet -> Nettoyer et sauvegarder
C:\System Volume Information\_restore{C592EEE8-8362-4445-98F0-1FDC60FA539D}\RP170\A0032410.exe -> Spyware.BetterInternet -> Nettoyer et sauvegarder
C:\System Volume Information\_restore{C592EEE8-8362-4445-98F0-1FDC60FA539D}\RP170\A0032422.exe -> Spyware.BetterInternet -> Nettoyer et sauvegarder
C:\System Volume Information\_restore{C592EEE8-8362-4445-98F0-1FDC60FA539D}\RP173\A0032449.exe -> Spyware.BetterInternet -> Nettoyer et sauvegarder
C:\System Volume Information\_restore{C592EEE8-8362-4445-98F0-1FDC60FA539D}\RP175\A0032554.exe -> Spyware.BetterInternet -> Nettoyer et sauvegarder
C:\System Volume Information\_restore{C592EEE8-8362-4445-98F0-1FDC60FA539D}\RP179\A0032635.exe -> Spyware.BetterInternet -> Nettoyer et sauvegarder
C:\System Volume Information\_restore{C592EEE8-8362-4445-98F0-1FDC60FA539D}\RP179\A0032652.exe -> Spyware.BetterInternet -> Nettoyer et sauvegarder
C:\System Volume Information\_restore{C592EEE8-8362-4445-98F0-1FDC60FA539D}\RP180\A0032747.exe -> Spyware.BetterInternet -> Nettoyer et sauvegarder
C:\System Volume Information\_restore{C592EEE8-8362-4445-98F0-1FDC60FA539D}\RP180\A0032762.exe -> Spyware.BetterInternet -> Nettoyer et sauvegarder
C:\System Volume Information\_restore{C592EEE8-8362-4445-98F0-1FDC60FA539D}\RP181\A0032779.exe -> Spyware.BetterInternet -> Nettoyer et sauvegarder
C:\System Volume Information\_restore{C592EEE8-8362-4445-98F0-1FDC60FA539D}\RP181\A0032790.exe -> Spyware.BetterInternet -> Nettoyer et sauvegarder
C:\System Volume Information\_restore{C592EEE8-8362-4445-98F0-1FDC60FA539D}\RP181\A0033799.exe -> Spyware.BetterInternet -> Nettoyer et sauvegarder
C:\System Volume Information\_restore{C592EEE8-8362-4445-98F0-1FDC60FA539D}\RP181\A0033831.exe -> Spyware.BetterInternet -> Nettoyer et sauvegarder
C:\System Volume Information\_restore{C592EEE8-8362-4445-98F0-1FDC60FA539D}\RP182\A0033846.exe -> Spyware.BetterInternet -> Nettoyer et sauvegarder
C:\System Volume Information\_restore{C592EEE8-8362-4445-98F0-1FDC60FA539D}\RP182\A0034829.exe -> Spyware.BetterInternet -> Nettoyer et sauvegarder
C:\System Volume Information\_restore{C592EEE8-8362-4445-98F0-1FDC60FA539D}\RP182\A0034866.exe -> Spyware.BetterInternet -> Nettoyer et sauvegarder
C:\System Volume Information\_restore{C592EEE8-8362-4445-98F0-1FDC60FA539D}\RP185\A0034900.exe -> Spyware.BetterInternet -> Nettoyer et sauvegarder
C:\System Volume Information\_restore{C592EEE8-8362-4445-98F0-1FDC60FA539D}\RP185\A0034905.exe -> Spyware.BetterInternet -> Nettoyer et sauvegarder
C:\System Volume Information\_restore{C592EEE8-8362-4445-98F0-1FDC60FA539D}\RP188\A0034962.exe -> Spyware.BetterInternet -> Nettoyer et sauvegarder
C:\System Volume Information\_restore{C592EEE8-8362-4445-98F0-1FDC60FA539D}\RP188\A0034973.exe -> Spyware.BetterInternet -> Nettoyer et sauvegarder
C:\System Volume Information\_restore{C592EEE8-8362-4445-98F0-1FDC60FA539D}\RP188\A0034974.exe -> Spyware.BetterInternet -> Nettoyer et sauvegarder
C:\System Volume Information\_restore{C592EEE8-8362-4445-98F0-1FDC60FA539D}\RP188\A0035000.exe -> Spyware.BetterInternet -> Nettoyer et sauvegarder
C:\System Volume Information\_restore{C592EEE8-8362-4445-98F0-1FDC60FA539D}\RP188\A0035021.exe -> Trojan.Nail -> Nettoyer et sauvegarder
C:\System Volume Information\_restore{C592EEE8-8362-4445-98F0-1FDC60FA539D}\RP188\A0035022.exe -> Trojan.Stervis.c -> Nettoyer et sauvegarder
C:\System Volume Information\_restore{C592EEE8-8362-4445-98F0-1FDC60FA539D}\RP188\A0035023.dll -> Trojan.Agent.db -> Nettoyer et sauvegarder
C:\WINDOWS\qnrjbdyen.exe -> Spyware.BetterInternet -> Nettoyer et sauvegarder
::Fin du rapport
Logfile of HijackThis v1.99.1
Scan saved at 19:00:20, on 2005-07-08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Command Software\dvpapi.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Browser Mouse\mouse32a.exe
C:\Program Files\Muiltmedia keyboard utility\1.1\KbdAp32A.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MétéoMédia\MétéoIMédia\WeatherEye.exe
C:\Documents and Settings\beg\Mes documents\Syl20\Appz\GhostIt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office\1036\OLFSNT40.EXE
C:\Program Files\NetAssistant\bin\mpbtn.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://sympatico.msn.ca/R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Zero Knowledge\Freedom\pkR.dll
O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Zero Knowledge\Freedom\FreeBHOR.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - (no file)
O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [FLMK08KB] C:\Program Files\Muiltmedia keyboard utility\1.1\MMKEYBD.EXE
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser Mouse\mouse32a.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [USRpdA] C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MétéoIMédia] C:\Program Files\MétéoMédia\MétéoIMédia\WeatherEye.exe
O4 - Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Assistant Internet.lnk = C:\Program Files\NetAssistant\bin\matcli.exe
O4 - Startup: GhostIt.lnk = C:\Documents and Settings\beg\Mes documents\Syl20\Appz\GhostIt.exe
O4 - Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1036\OLFSNT40.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .aiff: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky.../kavwebscan.cabO16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) -
http://messenger.zon...er.cab31267.cabO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://spaces.msn.co...ad/MsnPUpld.cabO16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -
http://messenger.zon...nt.cab31267.cabO16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -
http://messenger.msn...pDownloader.cabO16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) -
http://www.popcap.co...aploader_v6.cabO16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) -
http://messenger.zon...wn.cab31267.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{F827D1C4-8C0C-48D8-9CBE-29A144A97291}: NameServer = 206.47.244.137 206.47.244.102
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Fichiers communs\Command Software\dvpapi.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
and for hijack this :
Logfile of HijackThis v1.99.1
Scan saved at 19:00:20, on 2005-07-08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Command Software\dvpapi.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Browser Mouse\mouse32a.exe
C:\Program Files\Muiltmedia keyboard utility\1.1\KbdAp32A.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MétéoMédia\MétéoIMédia\WeatherEye.exe
C:\Documents and Settings\beg\Mes documents\Syl20\Appz\GhostIt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office\1036\OLFSNT40.EXE
C:\Program Files\NetAssistant\bin\mpbtn.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://sympatico.msn.ca/R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Zero Knowledge\Freedom\pkR.dll
O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Zero Knowledge\Freedom\FreeBHOR.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - (no file)
O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [FLMK08KB] C:\Program Files\Muiltmedia keyboard utility\1.1\MMKEYBD.EXE
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser Mouse\mouse32a.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [USRpdA] C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MétéoIMédia] C:\Program Files\MétéoMédia\MétéoIMédia\WeatherEye.exe
O4 - Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Assistant Internet.lnk = C:\Program Files\NetAssistant\bin\matcli.exe
O4 - Startup: GhostIt.lnk = C:\Documents and Settings\beg\Mes documents\Syl20\Appz\GhostIt.exe
O4 - Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1036\OLFSNT40.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .aiff: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky.../kavwebscan.cabO16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) -
http://messenger.zon...er.cab31267.cabO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://spaces.msn.co...ad/MsnPUpld.cabO16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -
http://messenger.zon...nt.cab31267.cabO16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -
http://messenger.msn...pDownloader.cabO16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) -
http://www.popcap.co...aploader_v6.cabO16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) -
http://messenger.zon...wn.cab31267.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{F827D1C4-8C0C-48D8-9CBE-29A144A97291}: NameServer = 206.47.244.137 206.47.244.102
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Fichiers communs\Command Software\dvpapi.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
so I think everything went right and I guess I am right because I had no more alerts from my Norton
Thank you so much you saved me from losing everything I collected up to now
tog81