Author Topic: .../NTUSER.DAT.vir [E] Lecture impossible  (Read 25066 times)

0 Members and 1 Guest are viewing this topic.

crococ

  • Guest
Re: .../NTUSER.DAT.vir [E] Lecture impossible
« Reply #30 on: May 07, 2007, 09:20:01 PM »
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!

\Common\yiesrvc.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1

\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network

Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%

\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) -

http://encyclo.voila.fr/JS/tdserver.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - https://www-

secure.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!

\Common\yinsthelper.dll
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - https://www-

secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) -

https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -

http://207.188.7.150/02bbd81305c12205fd05/netzip/RdxIE601_fr.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -

http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) -

http://212.98.46.120/activex/AxisCamControl.ocx
O18 - Protocol: bw+0 - {7FA2F73C-A33A-41CA-88B5-F633BBB93A86} - C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {7FA2F73C-A33A-41CA-88B5-F633BBB93A86} - C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {7FA2F73C-A33A-41CA-88B5-F633BBB93A86} - C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {7FA2F73C-A33A-41CA-88B5-F633BBB93A86} - C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {7FA2F73C-A33A-41CA-88B5-F633BBB93A86} - C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {7FA2F73C-A33A-41CA-88B5-F633BBB93A86} - C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {7FA2F73C-A33A-41CA-88B5-F633BBB93A86} - C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {7FA2F73C-A33A-41CA-88B5-F633BBB93A86} - C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {7FA2F73C-A33A-41CA-88B5-F633BBB93A86} - C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {7FA2F73C-A33A-41CA-88B5-F633BBB93A86} - C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {7FA2F73C-A33A-41CA-88B5-F633BBB93A86} - C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {7FA2F73C-A33A-41CA-88B5-F633BBB93A86} - C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {7FA2F73C-A33A-41CA-88B5-F633BBB93A86} - C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {7FA2F73C-A33A-41CA-88B5-F633BBB93A86} - C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {7FA2F73C-A33A-41CA-88B5-F633BBB93A86} - C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {7FA2F73C-A33A-41CA-88B5-F633BBB93A86} - C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {7FA2F73C-A33A-41CA-88B5-F633BBB93A86} - C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {7FA2F73C-A33A-41CA-88B5-F633BBB93A86} - C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {7FA2F73C-A33A-41CA-88B5-F633BBB93A86} - C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {7FA2F73C-A33A-41CA-88B5-F633BBB93A86} - C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {7FA2F73C-A33A-41CA-88B5-F633BBB93A86} - C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {7FA2F73C-A33A-41CA-88B5-F633BBB93A86} - C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {7FA2F73C-A33A-41CA-88B5-F633BBB93A86} - C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {7FA2F73C-A33A-41CA-88B5-F633BBB93A86} - C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
(last bw90)

crococ

  • Guest
Re: .../NTUSER.DAT.vir [E] Lecture impossible
« Reply #31 on: May 07, 2007, 09:28:24 PM »
O18 - Protocol: bwa0 - {7FA2F73C-A33A-41CA-88B5-F633BBB93A86} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {7FA2F73C-A33A-41CA-88B5-F633BBB93A86} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {7FA2F73C-A33A-41CA-88B5-F633BBB93A86} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {7FA2F73C-A33A-41CA-88B5-F633BBB93A86} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {7FA2F73C-A33A-41CA-88B5-F633BBB93A86} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {7FA2F73C-A33A-41CA-88B5-F633BBB93A86} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {7FA2F73C-A33A-41CA-88B5-F633BBB93A86} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {7FA2F73C-A33A-41CA-88B5-F633BBB93A86} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {7FA2F73C-A33A-41CA-88B5-F633BBB93A86} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {7FA2F73C-A33A-41CA-88B5-F633BBB93A86} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {7FA2F73C-A33A-41CA-88B5-F633BBB93A86} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {7FA2F73C-A33A-41CA-88B5-F633BBB93A86} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {7FA2F73C-A33A-41CA-88B5-F633BBB93A86} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {7FA2F73C-A33A-41CA-88B5-F633BBB93A86} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {7FA2F73C-A33A-41CA-88B5-F633BBB93A86} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {7FA2F73C-A33A-41CA-88B5-F633BBB93A86} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {7FA2F73C-A33A-41CA-88B5-F633BBB93A86} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {7FA2F73C-A33A-41CA-88B5-F633BBB93A86} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {7FA2F73C-A33A-41CA-88B5-F633BBB93A86} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {7FA2F73C-A33A-41CA-88B5-F633BBB93A86} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {7FA2F73C-A33A-41CA-88B5-F633BBB93A86} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {7FA2F73C-A33A-41CA-88B5-F633BBB93A86} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {7FA2F73C-A33A-41CA-88B5-F633BBB93A86} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {7FA2F73C-A33A-41CA-88B5-F633BBB93A86} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {7FA2F73C-A33A-41CA-88B5-F633BBB93A86} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {7FA2F73C-A33A-41CA-88B5-F633BBB93A86} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {7FA2F73C-A33A-41CA-88B5-F633BBB93A86} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {7FA2F73C-A33A-41CA-88B5-F633BBB93A86} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {7FA2F73C-A33A-41CA-88B5-F633BBB93A86} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {7FA2F73C-A33A-41CA-88B5-F633BBB93A86} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {7FA2F73C-A33A-41CA-88B5-F633BBB93A86} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {7FA2F73C-A33A-41CA-88B5-F633BBB93A86} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {7FA2F73C-A33A-41CA-88B5-F633BBB93A86} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {7FA2F73C-A33A-41CA-88B5-F633BBB93A86} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {7FA2F73C-A33A-41CA-88B5-F633BBB93A86} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {7FA2F73C-A33A-41CA-88B5-F633BBB93A86} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {7FA2F73C-A33A-41CA-88B5-F633BBB93A86} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {7FA2F73C-A33A-41CA-88B5-F633BBB93A86} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {7FA2F73C-A33A-41CA-88B5-F633BBB93A86} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {7FA2F73C-A33A-41CA-88B5-F633BBB93A86} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {7FA2F73C-A33A-41CA-88B5-F633BBB93A86} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {7FA2F73C-A33A-41CA-88B5-F633BBB93A86} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {7FA2F73C-A33A-41CA-88B5-F633BBB93A86} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {7FA2F73C-A33A-41CA-88B5-F633BBB93A86} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {7FA2F73C-A33A-41CA-88B5-F633BBB93A86} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {7FA2F73C-A33A-41CA-88B5-F633BBB93A86} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {7FA2F73C-A33A-41CA-88B5-F633BBB93A86} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {7FA2F73C-A33A-41CA-88B5-F633BBB93A86} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {7FA2F73C-A33A-41CA-88B5-F633BBB93A86} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {7FA2F73C-A33A-41CA-88B5-F633BBB93A86} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {7FA2F73C-A33A-41CA-88B5-F633BBB93A86} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {7FA2F73C-A33A-41CA-88B5-F633BBB93A86} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

crococ

  • Guest
Re: .../NTUSER.DAT.vir [E] Lecture impossible
« Reply #32 on: May 07, 2007, 09:44:24 PM »
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {7FA2F73C-A33A-41CA-88B5-F633BBB93A86} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: Assistant Retrospect (Retrospect Helper) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\rthlpsvc.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
<--

There are a number of lines with "file missing" . Is this harmfull ?

Thanks for your patience.


mauserme

  • Guest
Re: .../NTUSER.DAT.vir [E] Lecture impossible
« Reply #33 on: May 08, 2007, 01:37:30 AM »
The lines with missing files are not necessarily harmful but some are unnecessary.


These lines can definitely be fixed in HijackThis by placing a check next to them and clicking Fix Checked.

O2 - BHO: (no name) - {08E74C67-99A6-45C7-94DA-A397A8FD8082} - (no file)

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)




These lines are a quirk in the way HijackThis interacts with avast!.  The files actually are present as can be seen in the list of running processes.  Leave these alone

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)




I suspect the same with these lines as I don't recall ever seeing the files not missing

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)





And this service can be unregistered in the same way, with Delete an NT Service, as you did earlier

O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)



But the real question is have the alerts on ntuser.dat ended?
« Last Edit: May 08, 2007, 05:10:55 AM by mauserme »

crococ

  • Guest
Re: .../NTUSER.DAT.vir [E] Lecture impossible
« Reply #34 on: May 09, 2007, 03:27:56 PM »
Hello,

I did with Hijackthis what you suggested :

There is no more track of the O2 and O3 offending files:
Also the Symantec footpath looks to have diseappered,
except 2 DPF entries, can I "check" them also ?

(I attached the Hijackthis log, picked directly from the
C:/Program Files/Hijackthis folder, hope it will works).

Also, since the time I have direcly deleted the NTUSER.DAT
file from the Avast4/DATA/moved folder, it doest not seem
to be any drawback after this : my PC runs apparently normally.
 
One thing : in the Avast chest box remain some infected files,
can I delete them direclty ?

The only curious symtoms I can observe quite often is that my IE
generates an error report without visible reason. Also this can come
out when I am entering a command (nslookup for instance) in the
 "demarrer->executer" program : starting to type the first or two chars
of this command produces such a report (even if IE is not running). Wondering if this can related in some way with my infected files that
I ran in the past. Perhaps have you an idea on how this ?

(So is why I using Firefox now, and looking in how I can completely  re-install my IE).

Except this, all looks to work fine. Nevertheless, I will try the VirusTotal
and the Jotti scanners you suggested and ask you if something is not
clear.

Otherwise, I think we can close this thread. Thanks for you help !








Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Re: .../NTUSER.DAT.vir [E] Lecture impossible
« Reply #35 on: May 09, 2007, 05:48:32 PM »
Also, since the time I have direcly deleted the NTUSER.DAT
file from the Avast4/DATA/moved folder, it doest not seem
to be any drawback after this : my PC runs apparently normally.
Good.

One thing : in the Avast chest box remain some infected files,
can I delete them direclty ?
File into Chest (Quarentine) are safe to stay there. There is no rush to delete anything from the Chest, a protected area where it can do no harm. Anything that you send to the Chest you should leave there for a few weeks. If after that time you have suffered no adverse effects from moving these to the Chest, scan them again (right clicking the file inside the Chest) and if they are still detected as viruses, delete them.

This is a precaution because:
a) system files (necessary to boot and use the computer)
b) false positives (clean files that was wrong detected as being infected) could happen from time to time and it's safer not to delete the file, but send them to Chest for further analysis.  ;)

You need to open the avast chest, start as if going to run an on-demand scan, click the menu and select virus chest, Infected Files, here you will find those files you sent to the chest. They can be rescanned from within the chest and deleted, etc.

(So is why I using Firefox now, and looking in how I can completely  re-install my IE).
If you download the setup file from Microsoft site you can 'repair' (overinstall) your installation.
The best things in life are free.

mauserme

  • Guest
Re: .../NTUSER.DAT.vir [E] Lecture impossible
« Reply #36 on: May 09, 2007, 08:47:30 PM »
... looks to have diseappered,
except 2 DPF entries, can I "check" them also ?
Sure - those can be fixed.


Also, since the time I have direcly deleted the NTUSER.DAT
file from the Avast4/DATA/moved folder, it doest not seem
to be any drawback after this : my PC runs apparently normally.
If you have multiple user accounts there might be a user who finds he's lost his settings.


Except this, all looks to work fine.
8)

crococ

  • Guest
Re: .../NTUSER.DAT.vir [E] Lecture impossible
« Reply #37 on: May 09, 2007, 09:34:01 PM »
Hello,

Well, in the meantime, this afternoon, I viewed the Avast journals, and I join
all these logs (info, avertissement, conseil, error) in 4 separate attached files
(I used the  right edit square with the green arrow to export all these logs on
the "bureau", from where I inserted them in this post).

Those concerning the E:/ entry are clear to me : I tried to scan a DVD
peripheral with no disk on it. Can you explain the others ? May they be a
result of the Hijackthis "check" I made today ?

Would Avast be able to scan a memory key that I would plug into a USB2 port ?

I appreciate the possibility to have a note from Avast telling me the mails I
receive and send are safe : but these pop-ups do no confirm me that attached
documents are scanned as well : I suppose they are, right ?

Many thanks for your support.




mauserme

  • Guest
Re: .../NTUSER.DAT.vir [E] Lecture impossible
« Reply #38 on: May 10, 2007, 01:23:14 PM »
Well your first logs shows that you had an adware infection, and the second shows program and definition updates.  The  third logs errors that I'm not familiar with.  Maybe Tech or DavidR could comment on these.

Quote
Would Avast be able to scan a memory key that I would plug into a USB2 port ?
Yes, it can.  And it is being recommended that you turn auto-play off for these drives because of some malware currently making the rounds.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88900
  • No support PMs thanks
Re: .../NTUSER.DAT.vir [E] Lecture impossible
« Reply #39 on: May 10, 2007, 02:41:24 PM »
Well the 00000015 error which I believe is a windows error = "The system cannot find the drive specified. " Since this is drive E: I'm guessing it is a CD/DVD drive and there was no media in the drive, however, it isn't something I would be too concerned about unless it is a regular occurrence 'or' it isn't an optical drive ?

The error 23 is a little more strange I don't know if this is an avast error but more likely a windows one also 23 = "Data error (cyclic redundancy check)," see below Whilst I would usually associate a CRC error with a corrupt file I can't see the relationship with moving a file to the chest. Unfortunately there isn't any means of checking what was being moved to the chest

Quote
Cyclic Redundancy Check or CRC error.

Cause:
    This error message could be generated by any of the below reasons.

       1. During the transmission of the file it became corrupt or bad
       2. The file was sent inappropriately
       3. The device being opened from is bad or contains errors
       4. The file itself is bad or the program attempting to open the file is bad.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

crococ

  • Guest
Re: .../NTUSER.DAT.vir [E] Lecture impossible
« Reply #40 on: May 11, 2007, 04:46:11 PM »
Hello,

OK, many thanks for the answers !

I believe the error 23 has occured at the time I made several attemps to move
the .../moved/NTUSER.DAT.vir file into the chest ... with no success (I had this
CRC message, but I have no effective proof, because I was not looking on the
Avast error log file at that time, and cannot remember that event's exact time.
Next time I do some special ops with Avast, I will have a closer view on these
logs... Perhaps should I have sent this .vir file to you so you could examine it,
rather having removed it definitively.

Effectively, some user's settings were changed, I managed to recreate that
account. Fortunately, apparently, no file were lost !

I suggest we close this thread now, as my PC looks to work correctly since
the time I have Avast installed, and myself more accustomized to it.

Thanks again for your expert support, and sorry for my blunders !




 

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88900
  • No support PMs thanks
Re: .../NTUSER.DAT.vir [E] Lecture impossible
« Reply #41 on: May 11, 2007, 06:15:41 PM »
Your welcome, glad that everything is OK now.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security