Gladiator Security Forum > probably a new challenge for you doc !

Nagaraja

Jul 27 2004, 01:47 PM

Hello, I've been lurking on this site to gain knowledge on spywares and to clean a laptop, and I have to say you all do a fantastic job, helping us to understand and to protect us from hostile softs.

But I have a problem I can't solve myself.

My main PC is sick.

I can't connect to any secured url (https for instance), and can't connect to update/upgrade servers. I still can connect to emule and by direct IP/IP with another PC.

In addition to that, I'm spied to death and can't remove spywares by the usual methods. I use spybot search and destroy, CWShredder, Adaware, spyware blaster and spyware guard. But as I can't upgrade em...

My antivirus is Bit Defender free edition v7.2, and is not updated too. I installed PAnda and Norton long time ago, and guess that something went wrong when I tried to uninstall them (especially with Panda)

So here is my Hijackthis log, sincerely hoping someone will be able to help me.

Logfile of HijackThis v1.98.0
Scan saved at 15:34:42, on 27/07/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINDOWS\System32\NMSSvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
C:\Program Files\Norton Internet Security\SymProxySvc.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Norton Internet Security\NISSERV.EXE
C:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\DeltTray.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Softwin\BitDefender Free Edition\bdmcon.exe
C:\Program Files\Softwin\BitDefender Free Edition\bdnagent.exe
C:\windows\system32\winexplor.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F0 - system.ini: Shell=Explorer.exe C:\windows\system32\msiexec16.exe
F1 - win.ini: run=C:\windows\system32\msiexec16.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: DgnWebIE - {2843DAC1-05EF-11D2-95BA-0060083493D6} - C:\Program Files\Dragon Systems\NaturallySpeaking\Program\web_ie.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DeltTray] DeltTray.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BDMCon] C:\Program Files\Softwin\BitDefender Free Edition\\bdmcon.exe
O4 - HKLM\..\Run: [BDNewsAgent] C:\Program Files\Softwin\BitDefender Free Edition\\bdnagent.exe
O4 - HKLM\..\Run: [mysoft] C:\windows\system32\winexplor.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Tout télécharger en utilisant FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Télécharger en utilisant FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O13 - DefaultPrefix: http://www.microsoit.com/direct.php?url=
O13 - WWW Prefix: http://www.microsoit.com/direct.php?url=
O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure...teleir_cert.cab
O16 - DPF: {2ABE804B-4D3A-41BF-A172-304627874B45} - http://akamai.downloadv3.com/binaries/Dial.../EGDHTML_XP.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/056f4317b970e9...RdxIE601_fr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8D133563-EBCD-4CA8-A3FD-F81AC0617F1D}: NameServer = 194.117.200.10 194.117.200.15

Many thanks in advance for taking the time to help me :)

Hunter

Jul 27 2004, 03:52 PM

The best track for you to take is first do this...

How do I recover from Hosts file hijacking?

http://www.dslreports.com/faq/10131

Then use some free web based anti-virus scanners. They detect existing infections and identify the virus (malware) involved. let them clean your PC.

Turn off any of your AV products on your PC when you do the scans. Pick two from below.

http://www.ravantivirus.com/scan/

http://housecall.trendmicro.com/

http://www.pandasoftware.com/activescan/

http://us.mcafee.com/root/mfs/default.asp

Then you should be alble to update you Adware and set it like this..

*************************************
Try this using your Adaware

2. Go to Start > Programs > Lavasoft and click on AdAware 6 to open the program

3. Look at the icons on the top right of the page and click on the ‘world’ and let AdAware update the spyware reference list

4. Once the update is finished click on the ‘Gear’ icon (second from the left) to access the preferences/settings window

1. In the ‘General’ window make sure the following are selected:
· Automatically save log-file
· Automatically quarantine objects prior to removal
· Safe Mode (always request confirmation)

2. Click on the ‘Scanning’ button on the left and select :
· Scan Within Archives
· Scan Active Processes
· Scan Registry
· Deep Scan Registry
· Scan my IE favorites for banned URL’s
· Scan my Hosts file
· Under ‘Click here to select drives + folders’, choose:
· All of your hard drives

3. Click on the ‘Advanced’ button on the left and select:
· Include additional process information
· Include additional file information
· Include environment information
· Include additional object details

4. Click the ‘Tweak’ button and select:
· Under the ‘Scanning Engine’:
· Unload recognized processes during scanning
· Include basic Ad-aware settings in logfile
· Include additional Ad-aware settings in logfile
· Under the ‘Cleaning Engine’:
· Let Windows remove files in use at next reboot

5. Click on ‘Proceed’ to save the settings.

6. Click ‘Start’ and on the next screen choose ‘Activate in-depth Scan’ at the bottom of the page and then choose:
· Use Custom Scanning Options

7. Click ‘Next’ and AdAware will scan your hard drive(s) with the options you have selected.

8. Save the log file when it asks and then click ‘finish’

9. REBOOT
*******************************

Then post another hijack this log.

Your C:\windows\system32\winexplor.exe is a common hijacker

Nagaraja

Jul 28 2004, 08:43 AM

OK. I've followed your advices.
I didn't notice anything wrong in my host files. In fact, there is no host file but 127.0.0....etc. which is the mandatory one (if I did well understand)

I ran all the online AV you posted and allthough they noticed something like 9 virus or suspicious files, they didn't fix anything, saying they couldn't.

I ran an update for Adaware and it seemed to work, but I don't know, the database currently working is 01R98 20.04.2004. It scanned my hard drive (I only have got one, no partition) and here is the log :

CODE

Lavasoft Ad-aware Personal Build 6.181
Logfile created on :mercredi 28 juillet 2004 09:48:35
Created with Ad-aware Personal, free for private use.
Using reference-file :01R298 20.04.2004
______________________________________________________

Ad-aware Settings
=========================
Set : Activate in-depth scan (Recommended)
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-aware Settings
=========================
Set : Unload recognized processes during scanning
Set : Include basic Ad-aware settings in logfile
Set : Include additional Ad-aware settings in logfile
Set : Let windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Always back up reference file, before updating
Set : Play sound if scan produced a result

28-07-2004 09:48:35 - Scan started. (Custom mode)

Listing running processes
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ThreadCreationTime : 28-07-2004 07:17:01
BasePriority : Normal

#:2 [winlogon.exe]
FilePath : \??\C:\WINDOWS\SYSTEM32\
ThreadCreationTime : 28-07-2004 07:17:09
BasePriority : High

#:3 [services.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 28-07-2004 07:17:09
BasePriority : Normal
FileSize : 99 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Applications Services et Contr
InternalName : services.exe
OriginalFilename : services.exe
ProductName : Syst
Created on : 28/08/2001 10:00:00
Last accessed : 27/07/2004 22:00:00
Last modified : 28/08/2001 10:00:00

#:4 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 28-07-2004 07:17:09
BasePriority : Normal
FileSize : 11 KB
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
OriginalFilename : lsass.exe
ProductName : Microsoft
Created on : 29/08/2002 07:45:10
Last accessed : 27/07/2004 22:00:00
Last modified : 29/08/2002 07:45:10

#:5 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 28-07-2004 07:17:10
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 28/08/2001 10:00:00
Last accessed : 27/07/2004 22:00:00
Last modified : 28/08/2001 10:00:00

#:6 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 28-07-2004 07:17:10
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 28/08/2001 10:00:00
Last accessed : 27/07/2004 22:00:00
Last modified : 28/08/2001 10:00:00

#:7 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 28-07-2004 07:17:12
BasePriority : Normal
FileSize : 50 KB
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
OriginalFilename : spoolsv.exe
ProductName : Microsoft
Created on : 28/08/2001 10:00:00
Last accessed : 27/07/2004 22:00:00
Last modified : 28/08/2001 10:00:00

#:8 [nisum.exe]
FilePath : C:\Program Files\Norton Internet Security\
ThreadCreationTime : 28-07-2004 07:17:13
BasePriority : Normal
FileSize : 85 KB
FileVersion : 4.0.3.104
ProductVersion : 4.0
Copyright : Copyright (c) 2001 Symantec Corporation
CompanyName : Symantec Corporation
FileDescription : Norton Internet Security Stats
ProductName : Norton Internet Security
Created on : 03/12/2002 13:07:35
Last accessed : 27/07/2004 22:00:00
Last modified : 18/02/2002 11:03:36

#:9 [nmssvc.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 28-07-2004 07:17:13
BasePriority : Normal
FileSize : 1092 KB
FileVersion : 2.2.9.0
ProductVersion : 2.2.9.0
Copyright : Copyright
CompanyName : Intel Corporation
FileDescription : NMS Module
InternalName : NMS Module
ProductName : NMS
Created on : 03/05/2002 10:36:24
Last accessed : 27/07/2004 22:00:00
Last modified : 03/05/2002 10:36:24

#:10 [nvsvc32.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 28-07-2004 07:17:13
BasePriority : Normal
FileSize : 112 KB
FileVersion : 6.14.10.6176
ProductVersion : 6.14.10.6176
Copyright : (C) NVIDIA Corporation. All rights reserved.
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 61.76
InternalName : NVSVC
OriginalFilename : nvsvc32.exe
ProductName : NVIDIA Driver Helper Service, Version 61.76
Created on : 12/07/2004 14:50:00
Last accessed : 27/07/2004 22:00:00
Last modified : 12/07/2004 14:50:00

#:11 [pavsrv51.exe]
FilePath : C:\Program Files\Panda Software\Panda Antivirus Platinum\
ThreadCreationTime : 28-07-2004 07:17:13
BasePriority : High
FileSize : 264 KB
FileVersion : 6, 3, 0, 530
ProductVersion : 6.3
Copyright : Copyright
CompanyName : Panda Software
FileDescription : Panda Antivirus Service for Windows NT/2000
InternalName : pavsrv
OriginalFilename : pavsrv.exe
ProductName : Panda Antivirus
Created on : 10/03/2004 14:39:10
Last accessed : 27/07/2004 22:00:00
Last modified : 02/04/2003 13:38:18

#:12 [symproxysvc.exe]
FilePath : C:\Program Files\Norton Internet Security\
ThreadCreationTime : 28-07-2004 07:17:13
BasePriority : Normal
FileSize : 53 KB
FileVersion : 4.0.3.104
ProductVersion : 4.0
Copyright : Copyright (c) 2001 Symantec Corporation
CompanyName : Symantec Corporation
FileDescription : Transparent Proxy Server
ProductName : Norton Internet Security
Created on : 03/12/2002 13:07:35
Last accessed : 27/07/2004 22:00:00
Last modified : 18/02/2002 11:02:46

#:13 [xcommsvr.exe]
FilePath : C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\
ThreadCreationTime : 28-07-2004 07:17:13
BasePriority : Normal
FileSize : 68 KB
FileVersion : 1, 7, 0, 4
ProductVersion : 1, 7, 0, 4
Copyright : Copyright
CompanyName : Softwin
FileDescription : BitDefender Communicator Server
InternalName : XCOMMSVR
OriginalFilename : xcommsvr.exe
ProductName : Softwin BitDefender Communicator Server
Created on : 02/10/2003 09:15:38
Last accessed : 27/07/2004 22:00:00
Last modified : 02/10/2003 09:15:38

#:14 [nisserv.exe]
FilePath : C:\Program Files\Norton Internet Security\
ThreadCreationTime : 28-07-2004 07:17:13
BasePriority : Normal
FileSize : 61 KB
FileVersion : 4.0.3.104
ProductVersion : 4.0
Copyright : Copyright (c) 2001 Symantec Corporation
CompanyName : Symantec Corporation
FileDescription : IAMSERV.EXE
ProductName : Norton Internet Security
Created on : 03/12/2002 13:07:35
Last accessed : 27/07/2004 22:00:00
Last modified : 18/02/2002 11:03:30

#:15 [bdss.exe]
FilePath : C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\
ThreadCreationTime : 28-07-2004 07:17:13
BasePriority : Normal
FileSize : 56 KB
Created on : 11/11/2003 12:25:58
Last accessed : 27/07/2004 22:00:00
Last modified : 11/11/2003 12:25:58

#:16 [avengine.exe]
FilePath : C:\Program Files\Panda Software\Panda Antivirus Platinum\
ThreadCreationTime : 28-07-2004 07:17:13
BasePriority : Normal
FileSize : 100 KB
FileVersion : 6, 3, 0, 492
ProductVersion : 6.3
Copyright : Copyright
CompanyName : Panda Software
FileDescription : Proceso an
InternalName : avengine
OriginalFilename : avengine.exe
ProductName : Panda Antivirus Windows NT/2000
Created on : 10/03/2004 14:39:10
Last accessed : 27/07/2004 22:00:00
Last modified : 08/04/2003 15:51:34

#:17 [explorer.exe]
FilePath : C:\WINDOWS\
ThreadCreationTime : 28-07-2004 07:21:42
BasePriority : Normal
FileSize : 984 KB
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
CompanyName : Microsoft Corporation
FileDescription : Explorateur Windows
InternalName : explorer
OriginalFilename : EXPLORER.EXE
ProductName : Syst
Created on : 29/08/2002 07:45:10
Last accessed : 27/07/2004 22:00:00
Last modified : 29/08/2002 07:45:10

#:18 [qttask.exe]
FilePath : C:\Program Files\QuickTime\
ThreadCreationTime : 28-07-2004 07:21:45
BasePriority : Normal
FileSize : 76 KB
FileVersion : 6.0.2
ProductVersion : QuickTime 6.0.2
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
OriginalFilename : QTTask.exe
ProductName : QuickTime
Created on : 23/03/2003 15:53:14
Last accessed : 27/07/2004 22:00:00
Last modified : 23/03/2003 15:53:16

#:19 [delttray.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 28-07-2004 07:21:45
BasePriority : Normal
FileSize : 55 KB
FileVersion : 5.1.0.01
ProductVersion : 5.1.0.01
Copyright : Copyright
CompanyName : Doug Fetter Software Wizardry
FileDescription : M Audio Delta Control Panel Interface System Tray Applet
InternalName : Delta Panel System Tray Applet
OriginalFilename : DeltTray.EXE
ProductName : M Audio Delta Control Panel Interface System Tray Applet
Created on : 06/12/2002 14:19:34
Last accessed : 27/07/2004 22:00:00
Last modified : 06/12/2002 14:19:34

#:20 [daemon.exe]
FilePath : C:\Program Files\D-Tools\
ThreadCreationTime : 28-07-2004 07:21:45
BasePriority : Normal
FileSize : 80 KB
FileVersion : 3.46.0.0
ProductVersion : 3.46.0.0
Copyright : Copyright (C) 2000-2004
CompanyName : DAEMON'S HOME
FileDescription : Virtual DAEMON Manager
InternalName : DAEMON.EXE
OriginalFilename : daemon.exe
ProductName : DAEMON Tools
Created on : 12/03/2004 20:43:18
Last accessed : 27/07/2004 22:00:00
Last modified : 12/03/2004 20:43:18

#:21 [realsched.exe]
FilePath : C:\Program Files\Fichiers communs\Real\Update_OB\
ThreadCreationTime : 28-07-2004 07:21:46
BasePriority : Normal
FileSize : 176 KB
FileVersion : 0.1.0.3018
ProductVersion : 0.1.0.3018
Copyright : Copyright
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
OriginalFilename : realsched.exe
ProductName : RealPlayer (32-bit)
Created on : 05/07/2004 12:07:28
Last accessed : 27/07/2004 22:00:00
Last modified : 05/07/2004 12:07:30

#:22 [rundll32.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 28-07-2004 07:21:47
BasePriority : Normal
FileSize : 31 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Ex
InternalName : rundll
OriginalFilename : RUNDLL.EXE
ProductName : Syst
Created on : 28/08/2001 10:00:00
Last accessed : 27/07/2004 22:00:00
Last modified : 28/08/2001 10:00:00

#:23 [bdmcon.exe]
FilePath : C:\Program Files\Softwin\BitDefender Free Edition\
ThreadCreationTime : 28-07-2004 07:21:48
BasePriority : Normal
FileSize : 224 KB
FileVersion : 7.0
ProductVersion : 7.0
Copyright : Copyright (C) 2002 SOFTWIN S.R.L.
CompanyName : SOFTWIN S.R.L.
FileDescription : BitDefender Management Console
InternalName : Management Console
OriginalFilename : bdmcon.exe
ProductName : BitDefender Desktop 7
Created on : 12/02/2004 10:06:30
Last accessed : 27/07/2004 22:00:00
Last modified : 12/02/2004 10:06:30

#:24 [bdnagent.exe]
FilePath : C:\Program Files\Softwin\BitDefender Free Edition\
ThreadCreationTime : 28-07-2004 07:21:48
BasePriority : Normal
FileSize : 6 KB
Created on : 16/12/2003 11:06:20
Last accessed : 27/07/2004 22:00:00
Last modified : 16/12/2003 11:06:20

#:25 [winexplor.exe]
FilePath : C:\windows\system32\
ThreadCreationTime : 28-07-2004 07:21:48
BasePriority : Normal
FileSize : 24 KB
Created on : 26/07/2004 08:12:36
Last accessed : 27/07/2004 22:00:00
Last modified : 26/07/2004 08:12:38

#:26 [sgmain.exe]
FilePath : C:\Program Files\SpywareGuard\
ThreadCreationTime : 28-07-2004 07:21:49
BasePriority : Normal
FileSize : 352 KB
FileVersion : 2.02.0001
ProductVersion : 2.02.0001
Copyright : Copyright (C) 2002-2003 Javacool Software LLC
FileDescription : SpywareGuard
InternalName : sgmain
OriginalFilename : sgmain.exe
ProductName : SpywareGuard
Created on : 29/08/2003 17:05:35
Last accessed : 27/07/2004 22:00:00
Last modified : 29/08/2003 17:05:36

#:27 [sgbhp.exe]
FilePath : C:\Program Files\SpywareGuard\
ThreadCreationTime : 28-07-2004 07:21:49
BasePriority : Normal
FileSize : 228 KB
FileVersion : 2.02.0001
ProductVersion : 2.02.0001
Copyright : Copyright (C) 2002-2003 Javacool Software LLC.
FileDescription : SG Browser Hijacking Protection
InternalName : sgbhp
OriginalFilename : sgbhp.exe
ProductName : SG Browser Hijacking Protection
Created on : 29/08/2003 09:14:56
Last accessed : 27/07/2004 22:00:00
Last modified : 29/08/2003 09:14:58

#:28 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ThreadCreationTime : 28-07-2004 07:43:01
BasePriority : Normal
FileSize : 89 KB
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
OriginalFilename : IEXPLORE.EXE
ProductName : Syst
Created on : 30/11/2002 20:10:24
Last accessed : 27/07/2004 22:00:00
Last modified : 29/08/2002 08:45:10

#:29 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-aware 6\
ThreadCreationTime : 28-07-2004 07:43:31
BasePriority : Normal
FileSize : 668 KB
FileVersion : 6.0.1.181
ProductVersion : 6.0.0.0
Copyright : Copyright
CompanyName : Lavasoft Sweden
FileDescription : Ad-aware 6 core application
InternalName : Ad-aware.exe
OriginalFilename : Ad-aware.exe
ProductName : Lavasoft Ad-aware Plus
Created on : 25/07/2004 22:31:09
Last accessed : 27/07/2004 22:00:00
Last modified : 12/07/2003 19:00:20

Memory scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0

Started registry scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Registry scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0

Started deep registry scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Deep registry scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0

Deep scanning and examining files (C:)
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Tracking Cookie Object recognized!
Type : File
Data : arpeges@gator[1].txt
Object : C:\Documents and Settings\Arpeges\Cookies\

Created on : 26/07/2004 12:53:48
Last accessed : 27/07/2004 22:00:00
Last modified : 26/07/2004 12:53:50

Tracking Cookie Object recognized!
Type : File
Data : arpeges@tribalfusion[1].txt
Object : C:\Documents and Settings\Arpeges\Cookies\

Created on : 27/07/2004 13:32:48
Last accessed : 27/07/2004 22:00:00
Last modified : 27/07/2004 13:32:50

Tracking Cookie Object recognized!
Type : File
Data : arpeges@www.cibleclick[1].txt
Object : C:\Documents and Settings\Arpeges\Cookies\

Created on : 26/07/2004 11:00:24
Last accessed : 27/07/2004 22:00:00
Last modified : 26/07/2004 11:14:18

Tracking Cookie Object recognized!
Type : File
Data : arpeges@fl01.ct2.comclick[2].txt
Object : C:\Documents and Settings\Arpeges\Cookies\

Created on : 26/07/2004 07:13:03
Last accessed : 27/07/2004 22:00:00
Last modified : 26/07/2004 07:13:04

Tracking Cookie Object recognized!
Type : File
Data : arpeges@bravenet[1].txt
Object : C:\Documents and Settings\Arpeges\Cookies\

Created on : 27/07/2004 13:57:10
Last accessed : 27/07/2004 22:00:00
Last modified : 27/07/2004 13:57:12

Tracking Cookie Object recognized!
Type : File
Data : arpeges@spylog[1].txt
Object : C:\Documents and Settings\Arpeges\Cookies\

Created on : 26/07/2004 08:12:14
Last accessed : 27/07/2004 22:00:00
Last modified : 26/07/2004 08:12:16

Tracking Cookie Object recognized!
Type : File
Data : arpeges@2o7[2].txt
Object : C:\Documents and Settings\Arpeges\Cookies\

Created on : 26/07/2004 14:54:13
Last accessed : 27/07/2004 22:00:00
Last modified : 26/07/2004 14:54:14

Tracking Cookie Object recognized!
Type : File
Data : arpeges@iv2.bluestreak[1].txt
Object : C:\Documents and Settings\Arpeges\Cookies\

Created on : 26/07/2004 09:05:08
Last accessed : 27/07/2004 22:00:00
Last modified : 26/07/2004 09:05:10

Tracking Cookie Object recognized!
Type : File
Data : arpeges@hotlog[1].txt
Object : C:\Documents and Settings\Arpeges\Cookies\

Created on : 26/07/2004 10:19:57
Last accessed : 27/07/2004 22:00:00
Last modified : 26/07/2004 10:19:58

Tracking Cookie Object recognized!
Type : File
Data : arpeges@fortunecity[2].txt
Object : C:\Documents and Settings\Arpeges\Cookies\

Created on : 26/07/2004 12:53:47
Last accessed : 27/07/2004 22:00:00
Last modified : 26/07/2004 12:53:48

Tracking Cookie Object recognized!
Type : File
Data : arpeges@adtech[2].txt
Object : C:\Documents and Settings\Arpeges\Cookies\

Created on : 26/07/2004 10:58:07
Last accessed : 27/07/2004 22:00:00
Last modified : 26/07/2004 10:58:08

Tracking Cookie Object recognized!
Type : File
Data : arpeges@www.smartadserver[2].txt
Object : C:\Documents and Settings\Arpeges\Cookies\

Created on : 26/07/2004 11:21:49
Last accessed : 27/07/2004 22:00:00
Last modified : 27/07/2004 12:02:34

Tracking Cookie Object recognized!
Type : File
Data : arpeges@weborama[2].txt
Object : C:\Documents and Settings\Arpeges\Cookies\

Created on : 26/07/2004 11:44:44
Last accessed : 27/07/2004 22:00:00
Last modified : 26/07/2004 11:44:46

Tracking Cookie Object recognized!
Type : File
Data : arpeges@bluestreak[2].txt
Object : C:\Documents and Settings\Arpeges\Cookies\

Created on : 27/07/2004 18:20:31
Last accessed : 27/07/2004 22:00:00
Last modified : 27/07/2004 18:20:32

Tracking Cookie Object recognized!
Type : File
Data : arpeges@qksrv[1].txt
Object : C:\Documents and Settings\Arpeges\Cookies\

Created on : 26/07/2004 12:53:52
Last accessed : 27/07/2004 22:00:00
Last modified : 26/07/2004 12:53:54

Tracking Cookie Object recognized!
Type : File
Data : arpeges@as1.falkag[2].txt
Object : C:\Documents and Settings\Arpeges\Cookies\

Created on : 27/07/2004 16:01:17
Last accessed : 27/07/2004 22:00:00
Last modified : 27/07/2004 16:01:18

Tracking Cookie Object recognized!
Type : File
Data : arpeges@trafficmp[1].txt
Object : C:\Documents and Settings\Arpeges\Cookies\

Created on : 26/07/2004 12:54:07
Last accessed : 27/07/2004 22:00:00
Last modified : 26/07/2004 12:54:08

Tracking Cookie Object recognized!
Type : File
Data : arpeges@a.as-eu.falkag[1].txt
Object : C:\Documents and Settings\Arpeges\Cookies\

Created on : 27/07/2004 17:27:25
Last accessed : 27/07/2004 22:00:00
Last modified : 27/07/2004 17:27:28

Claria Object recognized!
Type : Folder
Object : C:\Documents and Settings\Anne-Sabine\Local Settings\Temp\fsg_tmp

Cydoor Object recognized!
Type : File
Data : cd_install277.exe
Object : C:\Program Files\FlashGet\BACKUP\
FileSize : 279 KB
ProductName : imesh
Created on : 02/12/2002 12:26:37
Last accessed : 27/07/2004 22:00:00
Last modified : 30/01/2002 19:53:38

Cydoor Object recognized!
Type : File
Data : a0159644.dll
Object : C:\System Volume Information\_restore{A3B616AE-53C5-4F7B-97E4-6E8E3AB24360}\RP578\
FileSize : 122 KB
FileVersion : 3, 2, 1, 6
ProductVersion : 3, 2, 1, 6
Copyright : Copyright
FileDescription : cd_clint
InternalName : cd_clint
OriginalFilename : cd_clint.dll
ProductName : cd_clint
Created on : 02/12/2002 12:26:37
Last accessed : 27/07/2004 22:00:00
Last modified : 11/08/2003 07:35:26

SahAgent Object recognized!
Type : File
Data : a0159646.exe
Object : C:\System Volume Information\_restore{A3B616AE-53C5-4F7B-97E4-6E8E3AB24360}\RP578\
FileSize : 56 KB
FileVersion : 1, 1, 1, 17
ProductVersion : 1, 1, 1, 17
Copyright : Copyright
CompanyName : ITForum
FileDescription : SahDownloader
InternalName : SahDownloader
OriginalFilename : SahDownloader.exe
ProductName : ITForum SahDownloader
Created on : 07/10/2003 17:59:22
Last accessed : 27/07/2004 22:00:00
Last modified : 10/07/2003 03:16:38

SahAgent Object recognized!
Type : File
Data : a0159647.exe
Object : C:\System Volume Information\_restore{A3B616AE-53C5-4F7B-97E4-6E8E3AB24360}\RP578\
FileSize : 228 KB
FileVersion : 1, 1, 1, 31
ProductVersion : 1, 1, 1, 31
Copyright : Copyright
CompanyName : ITForum
FileDescription : SahAgent
InternalName : SahAgent
OriginalFilename : SahAgent.exe
ProductName : ITForum SahAgent
Created on : 07/10/2003 17:59:21
Last accessed : 27/07/2004 22:00:00
Last modified : 15/07/2003 05:21:16

Cydoor Object recognized!
Type : File
Data : a0159657.dll
Object : C:\System Volume Information\_restore{A3B616AE-53C5-4F7B-97E4-6E8E3AB24360}\RP580\
FileSize : 122 KB
FileVersion : 3, 2, 1, 6
ProductVersion : 3, 2, 1, 6
Copyright : Copyright
FileDescription : cd_clint
InternalName : cd_clint
OriginalFilename : cd_clint.dll
ProductName : cd_clint
Created on : 02/12/2002 12:26:37
Last accessed : 27/07/2004 22:00:00
Last modified : 11/08/2003 07:35:26

SahAgent Object recognized!
Type : File
Data : a0159659.exe
Object : C:\System Volume Information\_restore{A3B616AE-53C5-4F7B-97E4-6E8E3AB24360}\RP580\
FileSize : 56 KB
FileVersion : 1, 1, 1, 17
ProductVersion : 1, 1, 1, 17
Copyright : Copyright
CompanyName : ITForum
FileDescription : SahDownloader
InternalName : SahDownloader
OriginalFilename : SahDownloader.exe
ProductName : ITForum SahDownloader
Created on : 25/07/2004 22:06:39
Last accessed : 27/07/2004 22:00:00
Last modified : 10/07/2003 03:16:38

SahAgent Object recognized!
Type : File
Data : a0159660.exe
Object : C:\System Volume Information\_restore{A3B616AE-53C5-4F7B-97E4-6E8E3AB24360}\RP580\
FileSize : 228 KB
FileVersion : 1, 1, 1, 31
ProductVersion : 1, 1, 1, 31
Copyright : Copyright
CompanyName : ITForum
FileDescription : SahAgent
InternalName : SahAgent
OriginalFilename : SahAgent.exe
ProductName : ITForum SahAgent
Created on : 25/07/2004 22:06:39
Last accessed : 27/07/2004 22:00:00
Last modified : 15/07/2003 05:21:16

EGroup Dialer Object recognized!
Type : File
Data : a0159676.dll
Object : C:\System Volume Information\_restore{A3B616AE-53C5-4F7B-97E4-6E8E3AB24360}\RP581\
FileSize : 8 KB
Created on : 13/10/2003 15:06:10
Last accessed : 27/07/2004 22:00:00
Last modified : 13/10/2003 15:06:10

Disk scan result for C:\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 27

Scanning Hosts file(C:\WINDOWS\System32\drivers\etc\hosts)
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Hosts file scan result:
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
2 entries scanned.
New objects :0
Objects found so far: 27

Performing conditional scans..
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Conditional scan result:
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 27

10:01:00 Scan complete

Summary of this scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Total scanning time :00:12:25:453
Objects scanned :356646
Objects identified :27
Objects ignored :0
New objects :27

So, here is my latest hijackthis log :

CODE

Logfile of HijackThis v1.98.0
Scan saved at 10:13:54, on 28/07/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
C:\Program Files\Norton Internet Security\SymProxySvc.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Norton Internet Security\NISSERV.EXE
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\DeltTray.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Softwin\BitDefender Free Edition\bdmcon.exe
C:\Program Files\Softwin\BitDefender Free Edition\bdnagent.exe
C:\windows\system32\winexplor.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Documents and Settings\Arpeges\Bureau\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F0 - system.ini: Shell=Explorer.exe C:\windows\system32\msiexec16.exe
F1 - win.ini: run=C:\windows\system32\msiexec16.exe
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: DgnWebIE - {2843DAC1-05EF-11D2-95BA-0060083493D6} - C:\Program Files\Dragon Systems\NaturallySpeaking\Program\web_ie.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DeltTray] DeltTray.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BDMCon] C:\Program Files\Softwin\BitDefender Free Edition\\bdmcon.exe
O4 - HKLM\..\Run: [BDNewsAgent] C:\Program Files\Softwin\BitDefender Free Edition\\bdnagent.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Tout télécharger en utilisant FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Télécharger en utilisant FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O13 - DefaultPrefix: http://www.microsoit.com/direct.php?url=
O13 - WWW Prefix: http://www.microsoit.com/direct.php?url=
O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cab
O16 - DPF: {2ABE804B-4D3A-41BF-A172-304627874B45} - http://akamai.downloadv3.com/binaries/DialHTML/EGDHTML_XP.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/056f4317b970e9cb3d05/netzip/RdxIE601_fr.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab

Do you know irider ? it is a fairly cool browser. http://www.irider.com
I can't connect to anything with that browser. I guess it is relevant of the same problem I have with secured adresses...

Hunter

Jul 28 2004, 01:37 PM

Well this is surely the wrong Adware updated to be using..

Using reference-file :01R298 20.04.2004

So you might better Uninstall the one you have..then get a new copy of Adaware and get it updated to the latest and then let it clean your PC. See this info below first.

Attention: 01R334 24.07.2004 Now Available

http://www.lavasoftsupport.com/index.php?showforum=1

You can get the latest update manually..see here

http://www.lavasoftsupport.com/index.php?showtopic=38360

also clean out that system restore folder..

NAME: Disabling System Restore on Windows XP
ALIAS: Disabling Windows XP AutoRestore feature

http://www.europe.f-secure.com/v-descs/sfc_dis1.shtml

Nagaraja

Jul 29 2004, 08:51 AM

I've succesfully updated my ad aware.
I've updated my AV (bit defender)
I've disabled my system restore option

ad aware does'nt find anything now when I scan my HD.
I still can't connect to update options on my various softwares, and still can't connect at all when browsing with irider, and still can't connect to https url.

here is my new hijackthis log.

Logfile of HijackThis v1.98.0
Scan saved at 10:51:18, on 29/07/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
C:\Program Files\Norton Internet Security\SymProxySvc.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Norton Internet Security\NISSERV.EXE
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\DeltTray.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\PROGRA~1\softwin\BITDEF~1\bdmcon.exe
C:\PROGRA~1\softwin\BITDEF~1\bdnagent.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Arpeges\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F0 - system.ini: Shell=Explorer.exe C:\windows\system32\msiexec16.exe
F1 - win.ini: run=C:\windows\system32\msiexec16.exe
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: DgnWebIE - {2843DAC1-05EF-11D2-95BA-0060083493D6} - C:\Program Files\Dragon Systems\NaturallySpeaking\Program\web_ie.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DeltTray] DeltTray.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BDMCon] c:\PROGRA~1\softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDNewsAgent] c:\PROGRA~1\softwin\BITDEF~1\bdnagent.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Tout télécharger en utilisant FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Télécharger en utilisant FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure...teleir_cert.cab
O16 - DPF: {2ABE804B-4D3A-41BF-A172-304627874B45} - http://akamai.downloadv3.com/binaries/Dial.../EGDHTML_XP.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/056f4317b970e9...RdxIE601_fr.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8D133563-EBCD-4CA8-A3FD-F81AC0617F1D}: NameServer = 194.117.200.10 194.117.200.15