Jump to content

Lecopi

Honorary Members
  • Posts

    74
  • Joined

  • Last visited

Posts posted by Lecopi

  1. Hello

    I will do that next Monday and keep you inform

    here is all that we have previously done

    - de-install, clean, install MBAM several times

    - set properly the exclusion list in NIS

    - uninstall NIS, and any Norton tool (ghost and NSW) - clean the PC

    - uninstall SPYBOT *

    - uninstall Intel Matrix storage *

    - uninstall adaptec Matrix storage *

    - uninstall Acronis *

    and despite this MBAM was always freezing

    * have been re-installed now and ESET is the new AV.

  2. hello Advanced Setup

    1- removing anti-virus software

    all ready done totaly with Norton before installing Eset. PC perfectly clean with no Norton application at all. ( documented initial post).

    Despite this MBAM freeze time to time.

    2- uninstalling, cleaning, installing MBAM - Done at least 5 times according the procedure. still unexpected freeze. ( initial post)

    As this topics in on the HJT log ( malware) it's my understanding what you don't perceive any virus/malware in the combo-fix and HJT log.

    At this point could we run once again a combo-fix or an HJT and I will appreciate your advice about what entries are not useful (exemples: old drivers.....) and could be removed.

  3. Hello AdvancedSetup and thanks for your help.

    I consume significant part of my time yesterday by restoring the image and re-installing various softwares which were requested .

    The good news is : this is not the COMBO FIX which cause the Internet connection problem. This problem has been duplicated again, but is still under investigation. I have a turn-around solution for now.

    As a summary

    - the PC is clean (my opinion, but this is only an opinion)

    - Rootrepeal does't run

    a windows "inialyzing" is on the screen - Never change - they is disk activitie. - I wait 10 ' and kill the process.

    Is this process very long ?

    I have control on the PC.

    What's your advice?

    - The only problem is that MBAM freeze completly the PC ( I have no control at all of the PC - see specific post on this) in most of the situation (let say 50%).

    MBAM run correctly only in safe mode.

  4. 1) ekrn.exe is an Eset program

    2) Internet conection : the problems come from the fact that it is now the computer which assign the IP adress (for sure ) and not the Internet "box" .

    I need to find how to change this.

    3) systray - will see later. Not a big issue.

    4) Rootrepeal : I will run it

    5) STEP 3 - CHKDSK

    Has aready completly and succesfully be performed upon exile 360 instructions some days ago.

  5. I am back on another computer.

    Here is the situation.

    I run the script after adding the requested line.

    When the computer re-start

    - internet connection was not more possible ( in fact the IP adress is not correct and it appears that DHCP from the Netgear DG834G cannot attribute it anymore .

    - very long time after choosing the user until I can use the PC (Was quick before)

    - several missing icon in the Systray, including : keybord, speedfan, eset... but those app's are running

    - ekrn.exe is running I don't know what it is.

    That's all B)

    If no other solution (As I don't use the windows restore point), I will restore my latest Acronis image. B)

  6. HJT LOG

    ____________________________

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 08:29:45, on 28/09/2009

    Platform: Windows XP SP3 (WinNT 5.01.2600)

    MSIE: Internet Explorer v8.00 (8.00.6001.18702)

    Boot mode: Normal

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Program Files\ESET\ESET Smart Security\ekrn.exe

    C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe

    C:\Program Files\ESET\ESET Smart Security\egui.exe

    C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe

    C:\Program Files\Logitech\SetPoint\KEM.exe

    C:\Program Files\Outils PC\SpeedFan\speedfan.exe

    C:\Program Files\Outils PC\Mail Washer Pro\MailWasher.exe

    C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE

    C:\WINDOWS\explorer.exe

    C:\WINDOWS\system32\notepad.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Program Files\Outils PC\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.afp.com/francais/home/

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\OUTILS~1\SPYBOT~1\SPYBOT~1\SDHelper.dll

    O2 - BHO: BHO Barre de Confiance CM-CIC - {988B07F5-7392-455A-8A1F-64935CB8B6ED} - C:\Program Files\BarreConfCMCIC\TAPBar.dll

    O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

    O3 - Toolbar: Barre de confiance CM-CIC - {55BDF3B0-C0A8-481A-B8A6-01CD2BE0F3FD} - C:\Program Files\BarreConfCMCIC\TAPBar.dll

    O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

    O4 - HKLM\..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe

    O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice

    O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Outils PC\Spybot - Search & Destroy\Spybot - Search & Destroy\TeaTimer.exe

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

    O4 - Startup: MailWasherPro.lnk = C:\Program Files\Outils PC\Mail Washer Pro\MailWasher.exe

    O4 - Global Startup: KEM.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe

    O4 - Global Startup: SpeedFan.lnk = C:\Program Files\Outils PC\SpeedFan\speedfan.exe

    O8 - Extra context menu item: Ajouter au tueur de pub - C:\Program Files\Outils PC\Maxthon\config/blacklist.htm

    O8 - Extra context menu item: Download with GetRight - C:\Program Files\Outils PC\GetRight\GRdownload.htm

    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\Outils PC\GetRight\GRbrowse.htm

    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll

    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll

    O9 - Extra 'Tools' menuitem: Cr

  7. here is the latest log

    all Symantec app have been removed properly from the PC

    ______________

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 13:03:58, on 25/09/2009

    Platform: Windows XP SP3 (WinNT 5.01.2600)

    MSIE: Internet Explorer v8.00 (8.00.6001.18702)

    Boot mode: Normal

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Program Files\ESET\ESET Smart Security\ekrn.exe

    C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe

    C:\Program Files\ESET\ESET Smart Security\egui.exe

    C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe

    C:\Program Files\Outils PC\Spybot - Search & Destroy\Spybot - Search & Destroy\TeaTimer.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Program Files\Logitech\SetPoint\KEM.exe

    C:\Program Files\Outils PC\SpeedFan\speedfan.exe

    C:\Program Files\Outils PC\Mail Washer Pro\MailWasher.exe

    C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE

    C:\Program Files\Outils PC\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.afp.com/francais/home/

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\OUTILS~1\SPYBOT~1\SPYBOT~1\SDHelper.dll

    O2 - BHO: BHO Barre de Confiance CM-CIC - {988B07F5-7392-455A-8A1F-64935CB8B6ED} - C:\Program Files\BarreConfCMCIC\TAPBar.dll

    O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

    O3 - Toolbar: Barre de confiance CM-CIC - {55BDF3B0-C0A8-481A-B8A6-01CD2BE0F3FD} - C:\Program Files\BarreConfCMCIC\TAPBar.dll

    O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

    O4 - HKLM\..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe

    O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice

    O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Outils PC\Spybot - Search & Destroy\Spybot - Search & Destroy\TeaTimer.exe

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')

    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE R

  8. hello to all

    I have investigated this situation and it appears that.

    1) video inspector is a well known and valuable tool to analyse video codecs

    2) videoinspector is distributed by KC software which seems to be known to include Relevant Knowledge in some of its package

    3) they is different version of video inspector on the site of KCS

    - videoinspector (which include RK)

    - videoinspector_lite (which is RK free)

    need to be carefull at download time while is not easy to recognize one or the other. (red barred panel for RK free)

    4) I have analysed last version of videoinspector_lite 2.2.2.121 with Eset and this is OK.

    My old version was also detected as a malware by ESET.

    This is my best understanding

    Hope that help.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.