Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help Needed For Serious Problem


  • This topic is locked This topic is locked
34 replies to this topic

#1 dawn4eleven

dawn4eleven

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:04:48 AM

Posted 19 October 2007 - 09:28 PM

Hey guys I followed everything you guys told me to de, I followed the instruction and made a Hijackthis log.file
The problem which I have is problably a presencre of Trojans or as Avast refers to as Malicious content:
I'll try to explain what I see everytime I start up my PC, Here goes:

1) when I don't connect my internet box to my pc, no Avast alerts remind me that there is a Virus on my PC
But when I connect to the internet, then Avast reminds me every now and then That there are Viruses or Malicious programs on my pc.

2) I get pop-ups from ErrorSafe, WiAntivirus2007, Freeinstall always asking me to download the program to remove the viruses I have, then some sorts of windows open up and some scans come up and say you have for example 91 viruses. You should install this program

3) Programs I have at the moment but couldn't delete or remove the Viruses:
Avast doesn't remove them
Spybot doesn't remove the trojans that may exist on my pc
Ad-aware 6.0 doesn't remove trojans, it just removes the infected files and other viruses
Spyware Doctor get's stuck when it has to delete the trojans, It does delete some viruses though

4) Some of the pop-ups I get:
http://fr.winantispyware.com/download/2006...e8c7e5&ex=1

http://publishers.clickbooth.com/geo_track...program_id=4192

http://www.vistaprint.com/vp/freeprembcrs....10%3A03%3A34+PM

http://www.brandarama.com/HPer461dd8622?sud=


5) Some things put in quarantine by Avast: wsock32.dll , winsock.dll , nhyasuch.exe and lots more placed in C:\DOCUME~1\(NAME)\LOCALS~1\Temp Win32:Tiny-IF [Trj]


6) It happened a week ago that when my pc started up & Avast would remind me about the Viruses, I would go & do a scan with Spybot or Spyware Doctor, but then the pc would shut down automatically & restart again.
Now it doesn't do that anymore. But all the things above still occur (1,2,4).

7) Now the log.file I made with Hijackthis


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:57:02, on 20/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\igohwxfx.dll",sitypnow
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?c81fcde3efd34d25b08c8e6e31f4cfb4
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?c81fcde3efd34d25b08c8e6e31f4cfb4
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe (file missing)
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe

--
End of file - 5237 bytes








So I hope Anyone will help me! Thanx in advance dawney!

BC AdBot (Login to Remove)

 


#2 Shaba

Shaba

    Koutsi


  • Members
  • 7,872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:11:48 AM

Posted 21 October 2007 - 04:42 AM

Hi dawn4eleven

Rename HijackThis.exe to dawn4eleven.exe and post back a fresh HijackThis log, please :thumbsup:
Microsoft MVP Consumer Security
Posted Image

Posted Image

#3 dawn4eleven

dawn4eleven
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:04:48 AM

Posted 21 October 2007 - 10:21 AM

Thanx for replying shaba.
But where do I rename the HijackThis.exe to dawn4eleven.exe ?
The file that's in C:\ ?

#4 Shaba

Shaba

    Koutsi


  • Members
  • 7,872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:11:48 AM

Posted 21 October 2007 - 11:37 AM

Hi

Rename HijackThis.exe to dawn4eleven.exe by doing the following;
  • Navigate here using Windows Explorer (windows button + E) or My Computer -> Local Disk C: -> C:\Program Files\Trend Micro\HijackThis
  • Right-click on the HijackThis.exe
  • Choose from the pull-down menu; "Rename"
  • And now Rename HijackThis.exe to dawn4eleven.exe
  • When you've renamed HijackThis, open HijackThis again.
  • Take a fresh HijackThis log (click Do a system scan and save a log file)
  • Post the fresh HijackThis log here.

Microsoft MVP Consumer Security
Posted Image

Posted Image

#5 dawn4eleven

dawn4eleven
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:04:48 AM

Posted 21 October 2007 - 12:44 PM

I renamed it as you said and did a new scan :thumbsup: :


C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\dawn4eleven.exe.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {3F95DAEC-B236-42C4-91BD-BE1000CBADB3} - C:\WINDOWS\system32\vtstq.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {89AD4D75-2429-462e-BD4E-443F233F6033} - C:\WINDOWS\system32\nalibnlk.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\ghtkantj.dll",sitypnow
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?c81fcde3efd34d25b08c8e6e31f4cfb4
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?c81fcde3efd34d25b08c8e6e31f4cfb4
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab
O20 - Winlogon Notify: efcabcc - C:\WINDOWS\SYSTEM32\efcabcc.dll
O20 - Winlogon Notify: gebxwts - C:\WINDOWS\SYSTEM32\gebxwts.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe (file missing)

--
End of file - 5591 bytes

#6 Shaba

Shaba

    Koutsi


  • Members
  • 7,872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:11:48 AM

Posted 21 October 2007 - 12:46 PM

Hi

Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

1. Download combofix from one of these links and save it to Desktop:
Link1
Link2
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Post:

- a fresh HijackThis log
- combofix report
- vundofix report
Microsoft MVP Consumer Security
Posted Image

Posted Image

#7 dawn4eleven

dawn4eleven
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:04:48 AM

Posted 21 October 2007 - 01:08 PM

1) Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:04:05, on 22/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\dawn4eleven.exe.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {D899299E-BFB6-4A0A-AA55-96E11E27BFD1} - C:\WINDOWS\system32\vtstq.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\jleswbop.dll",sitypnow
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?c81fcde3efd34d25b08c8e6e31f4cfb4
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?c81fcde3efd34d25b08c8e6e31f4cfb4
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab
O20 - Winlogon Notify: gebxwts - C:\WINDOWS\SYSTEM32\gebxwts.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe (file missing)

--
End of file - 5385 bytes



2) I did a vundofix scan & it deleted all the things that it found except 2 things, then it rebooted & scanned again & deleted the other 2.

3) I downloaded the combofix but something doesn't let me run it:
REG.EXE pops up & says error, you need priveleges adminastrators to run this program.

#8 Shaba

Shaba

    Koutsi


  • Members
  • 7,872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:11:48 AM

Posted 22 October 2007 - 01:06 AM

Hi

Are you logged in as an admin?
Microsoft MVP Consumer Security
Posted Image

Posted Image

#9 dawn4eleven

dawn4eleven
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:04:48 AM

Posted 22 October 2007 - 11:00 AM

huh? :s Naah I'm logged in normally!
My name is written in black, special members have different colours I guess.

#10 Shaba

Shaba

    Koutsi


  • Members
  • 7,872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:11:48 AM

Posted 22 October 2007 - 11:32 AM

Hi

I mean do you have administrator rights on your user account?
Microsoft MVP Consumer Security
Posted Image

Posted Image

#11 dawn4eleven

dawn4eleven
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:04:48 AM

Posted 22 October 2007 - 11:37 AM

aaizz No I don't think so :s
I'm here to seek help so I guess not!

#12 Shaba

Shaba

    Koutsi


  • Members
  • 7,872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:11:48 AM

Posted 22 October 2007 - 11:40 AM

Hi

Ok, easier question:

Does anyone else use that computer than you?
Microsoft MVP Consumer Security
Posted Image

Posted Image

#13 dawn4eleven

dawn4eleven
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:04:48 AM

Posted 22 October 2007 - 11:43 AM

Sorry dude if I don't answer correctly :thumbsup:
Frenchy in the house you know,
Only Me! No one else uses it.

#14 Shaba

Shaba

    Koutsi


  • Members
  • 7,872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:11:48 AM

Posted 22 October 2007 - 11:46 AM

Hi

Then we continue this way:
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once the scan is complete, Right Click inside the listbox (white box) and click add more files
  • Copy&Paste the 3 entries below into the top 3 boxes

    C:\WINDOWS\system32\vtstq.dll
    C:\WINDOWS\system32\jleswbop.dll
    C:\WINDOWS\SYSTEM32\gebxwts.dll

  • Click Add Files and Click Close Window
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.[/list]
Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.
  • Close all applications and windows.
  • Double-click on dss.exe to run it, and follow the prompts.
  • When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
  • Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt to your post. in your reply
Post:

- dss log
- vundofix report

Edited by Shaba, 22 October 2007 - 11:47 AM.

Microsoft MVP Consumer Security
Posted Image

Posted Image

#15 dawn4eleven

dawn4eleven
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:04:48 AM

Posted 22 October 2007 - 12:08 PM

dds log) Main:

Deckard's System Scanner v20071014.68
Run by KASMO on 2007-10-23 14:01:28
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
37: 2007-10-23 17:01:33 UTC - RP37 - Deckard's System Scanner Restore Point
36: 2007-10-22 17:06:25 UTC - RP36 - Point de vérification système
35: 2007-10-21 02:46:07 UTC - RP35 - Software Distribution Service 3.0
34: 2007-10-20 17:04:54 UTC - RP34 - Point de vérification système
33: 2007-10-19 16:54:11 UTC - RP33 - Software Distribution Service 3.0


-- First Restore Point --
1: 2007-09-30 23:00:37 UTC - RP1 - Point de vérification système


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 448 MiB (512 MiB recommended).


-- HijackThis (run as KASMO.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:02:43, on 23/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\KASMO\Bureau\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\KASMO.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C8A618A-407D-41D3-84DB-DBCF9FB99140} - C:\WINDOWS\system32\vtstq.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?c81fcde3efd34d25b08c8e6e31f4cfb4
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?c81fcde3efd34d25b08c8e6e31f4cfb4
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe (file missing)

--
End of file - 5254 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20071021-203323-941 O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe (file missing)
backup-20071021-203334-692 O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe (file missing)

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 viagfx - c:\windows\system32\drivers\vtmini.sys <Not Verified; Copyright © VIA/S3 Graphics Co, Ltd.; UniChrome(Pro) IGP Driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>

S2 ioloDMV (iolo DMV Service) - c:\program files\iolo\common\lib\iolodmvsvc.exe (file missing)
S3 AresChatServer (Ares Chatroom server) - c:\program files\ares\chatserver.exe <Not Verified; Ares Development Group; Ares Chat Server>
S3 FLEXnet Licensing Service - "c:\program files\fichiers communs\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2007-10-23 13:54:00 254 --a------ C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job


-- Files created between 2007-09-23 and 2007-10-23 -----------------------------

2007-10-23 09:16:23 0 --a------ C:\WINDOWS\system32\twbbhayc.dll
2007-10-23 08:45:35 83008 --a------ C:\WINDOWS\system32\qvjlmvrf.dll
2007-10-22 15:39:02 83008 --a------ C:\WINDOWS\system32\pqtyulni.dll
2007-10-22 14:50:44 0 d-------- C:\VundoFix Backups
2007-10-21 20:22:15 83008 --a------ C:\WINDOWS\system32\ewwwtffs.dll
2007-10-21 15:28:06 0 --a------ C:\WINDOWS\system32\xdpxjlwh.exe
2007-10-21 11:52:25 83008 --a------ C:\WINDOWS\system32\aithnaib.dll
2007-10-21 11:41:54 83008 --a------ C:\WINDOWS\system32\hgyyixap.dll
2007-10-21 09:57:12 83008 --a------ C:\WINDOWS\system32\yiumhwyb.dll
2007-10-20 22:53:59 0 d-------- C:\Program Files\Trend Micro
2007-10-20 19:32:46 83008 --a------ C:\WINDOWS\system32\igohwxfx.dll
2007-10-20 19:12:15 83008 --a------ C:\WINDOWS\system32\nslqpkug.dll
2007-10-20 17:43:28 83008 --a------ C:\WINDOWS\system32\aydmgirl.dll
2007-10-20 13:05:50 83008 --a------ C:\WINDOWS\system32\onnkvngw.dll
2007-10-20 12:30:24 83008 --a------ C:\WINDOWS\system32\xhjqsrek.dll
2007-10-19 19:29:15 83008 --a------ C:\WINDOWS\system32\mqxrgciv.dll
2007-10-19 16:43:58 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2007-10-19 14:45:24 83008 --a------ C:\WINDOWS\system32\ahquwagd.dll
2007-10-19 14:10:00 83008 --a------ C:\WINDOWS\system32\lgehrrdj.dll
2007-10-19 13:58:00 0 d-------- C:\Program Files\Windows Media Connect 2
2007-10-19 13:55:09 0 d-------- C:\WINDOWS\system32\LogFiles
2007-10-19 12:48:56 83008 --a------ C:\WINDOWS\system32\oubkyxxc.dll
2007-10-18 23:56:50 83008 -----n--- C:\WINDOWS\system32\hmtbnkvb.dll
2007-10-14 20:08:46 84544 --a------ C:\WINDOWS\system32\qqsxhbcg.dll
2007-10-14 16:51:35 0 d-------- C:\WINDOWS\AU_Temp
2007-10-14 16:46:36 84544 --a------ C:\WINDOWS\system32\xxtepkko.dll
2007-10-14 16:36:34 84544 --a------ C:\WINDOWS\system32\oxbswoqi.dll
2007-10-14 09:40:43 84544 --a------ C:\WINDOWS\system32\fenohiqm.dll
2007-10-14 08:22:56 84544 --a------ C:\WINDOWS\system32\cewtuekf.dll
2007-10-13 12:18:28 84032 --a------ C:\WINDOWS\system32\unvgwblp.dll
2007-10-12 22:47:29 0 d-------- C:\WINDOWS\report
2007-10-12 22:45:56 1163344 --a------ C:\WINDOWS\vsapi32.dll <Not Verified; Trend Micro Inc.; VSAPI>
2007-10-12 22:45:56 267845 --a------ C:\WINDOWS\tsc.exe <Not Verified; Trend Micro Inc.; TrendSystemCleaner>
2007-10-12 22:45:56 71749 --a------ C:\WINDOWS\hcextoutput.dll
2007-10-12 22:45:56 0 d-------- C:\WINDOWS\AU_Backup
2007-10-12 22:45:55 86094 --a------ C:\WINDOWS\BPMNT.dll <Not Verified; Trend Micro Inc.; VSAPI>
2007-10-12 21:06:30 84032 --a------ C:\WINDOWS\system32\uilpvyai.dll
2007-10-12 18:27:23 84032 --a------ C:\WINDOWS\system32\xhvjwlpb.dll
2007-10-12 17:05:45 84032 --a------ C:\WINDOWS\system32\bjuesksh.dll
2007-10-12 11:22:12 84032 --a------ C:\WINDOWS\system32\lbhbfiau.dll
2007-10-12 08:45:49 0 d-------- C:\WINDOWS\AU_Log
2007-10-12 08:45:45 507904 --a------ C:\WINDOWS\TMUPDATE.DLL <Not Verified; Trend Micro Inc.; ActiveUpdate Module>
2007-10-12 08:45:44 69689 --a------ C:\WINDOWS\UNZIP.DLL <Not Verified; Trend Micro Inc.; Trend Active Update 1.32>
2007-10-12 08:45:43 286720 --a------ C:\WINDOWS\PATCH.EXE <Not Verified; Trend Micro Inc.; ActiveUpdate Module>
2007-10-11 21:42:35 84544 --a------ C:\WINDOWS\system32\uutjcccs.dll
2007-10-10 23:37:20 83008 --a------ C:\WINDOWS\system32\eaoencvw.dll
2007-10-10 23:29:38 83008 --a------ C:\WINDOWS\system32\urskybkf.dll
2007-10-10 21:23:54 83008 --a------ C:\WINDOWS\system32\dwlpirkb.dll
2007-10-10 21:13:02 83008 --a------ C:\WINDOWS\system32\uofububs.dll
2007-10-10 20:54:17 83008 --a------ C:\WINDOWS\system32\hydpamkv.dll
2007-10-10 19:23:11 83008 --a------ C:\WINDOWS\system32\xcvqysns.dll
2007-10-10 18:41:32 83008 --a------ C:\WINDOWS\system32\qowqiqjw.dll
2007-10-10 18:33:14 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-10-10 18:16:46 83008 --a------ C:\WINDOWS\system32\onawrslt.dll
2007-10-10 13:20:38 83008 --a------ C:\WINDOWS\system32\ijmsnvua.dll
2007-10-10 12:53:58 83008 --a------ C:\WINDOWS\system32\llhktnry.dll
2007-10-10 11:14:37 82496 --a------ C:\WINDOWS\system32\auqsumoj.dll
2007-10-10 11:02:35 441925 ---hs---- C:\WINDOWS\system32\qtstv.ini2
2007-10-09 19:46:47 0 d-------- C:\Program Files\Lavasoft
2007-10-09 19:46:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-10-08 18:40:09 0 d-------- C:\Program Files\Bonjour
2007-10-08 18:22:21 0 d-------- C:\Program Files\Fichiers communs\Macrovision Shared
2007-10-07 15:07:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-05 20:49:39 87104 --a------ C:\WINDOWS\system32\ifpvfjfx.dll
2007-10-05 20:45:39 87104 --a------ C:\WINDOWS\system32\orfcbopp.dll
2007-10-03 20:36:32 86080 --a------ C:\WINDOWS\system32\mbmnfxbn.dll
2007-10-03 19:20:28 0 d--hs---- C:\INCINERATE
2007-10-01 22:27:59 126976 --a------ C:\WINDOWS\system32\iavlsp.dll
2007-10-01 22:27:28 0 d-------- C:\Documents and Settings\LocalService\Application Data\iolo
2007-10-01 22:23:26 74703 --a------ C:\WINDOWS\system32\mfc45.dll
2007-10-01 22:11:55 0 d-------- C:\Documents and Settings\KASMO\Application Data\iolo
2007-10-01 20:41:09 87104 --a------ C:\WINDOWS\system32\jgranrau.dll
2007-10-01 18:59:10 0 d-------- C:\Program Files\Fichiers communs\Nero
2007-10-01 18:55:50 106496 --a------ C:\WINDOWS\system32\TwnLib20.dll <Not Verified; Pegasus Software; TWNLIB20>
2007-10-01 18:55:33 471040 -----n--- C:\WINDOWS\system32\ImagXRA7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2007-10-01 18:55:32 262144 -----n--- C:\WINDOWS\system32\ImagXR7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2007-10-01 18:55:31 1568768 -----n--- C:\WINDOWS\system32\ImagX7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2007-10-01 18:55:27 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe <Not Verified; Ahead Software Gmbh; Ahead Software Gmbh NeroCheck>
2007-10-01 18:55:09 0 d-------- C:\Program Files\Fichiers communs\Ahead
2007-10-01 18:55:05 0 d-------- C:\Program Files\Ahead
2007-09-30 20:40:49 33792 --a------ C:\WINDOWS\system32\efccdbc.dll
2007-09-30 20:40:37 33792 --a------ C:\WINDOWS\system32\fccyvww.dll
2007-09-30 20:31:54 484319 ---hs---- C:\WINDOWS\system32\qtstv.bak2
2007-09-30 20:01:27 717386 ---hs---- C:\WINDOWS\system32\qtstv.bak1
2007-09-29 14:54:31 0 d-------- C:\Program Files\Fichiers communs\xing shared
2007-09-29 14:53:55 0 d-------- C:\Program Files\Fichiers communs\Real
2007-09-29 14:53:53 0 d-------- C:\Program Files\Real
2007-09-29 14:53:18 0 d-------- C:\Documents and Settings\KASMO\Application Data\Real
2007-09-28 22:46:42 0 d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2007-09-28 22:44:01 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2007-09-28 22:42:37 0 d-------- C:\Documents and Settings\KASMO\Application Data\Adobe
2007-09-28 22:30:07 0 d-------- C:\Program Files\Fichiers communs\Adobe
2007-09-28 13:08:24 0 d-------- C:\Program Files\Ares
2007-09-28 12:25:07 0 d---s---- C:\Documents and Settings\KASMO\UserData
2007-09-27 18:19:29 17144 --a------ C:\Documents and Settings\KASMO\Application Data\GDIPFONTCACHEV1.DAT
2007-09-27 17:34:18 0 d-------- C:\Program Files\Microsoft ActiveSync
2007-09-27 17:33:17 0 d-------- C:\WINDOWS\ShellNew
2007-09-27 16:57:59 0 d-------- C:\WINDOWS\system32\drivers\umdf
2007-09-27 16:57:35 13312 -----n--- C:\WINDOWS\system32\wpdtrace.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-09-27 16:57:30 11264 -----n--- C:\WINDOWS\system32\ehETW.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-09-27 16:40:17 0 d-------- C:\Documents and Settings\KASMO\Application Data\WinRAR
2007-09-26 22:46:24 0 d-------- C:\Documents and Settings\KASMO\Contacts
2007-09-26 22:19:36 0 d-------- C:\Program Files\Windows Live Favorites
2007-09-26 22:16:35 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2007-09-26 22:16:19 0 d-------- C:\Program Files\Windows Live Toolbar
2007-09-26 22:15:29 0 d------c- C:\WINDOWS\system32\DRVSTORE
2007-09-26 22:15:01 0 d-------- C:\Program Files\MSN Messenger
2007-09-26 21:41:21 0 d-------- C:\Program Files\Alwil Software
2007-09-26 19:23:03 0 d-------- C:\WINDOWS\system32\PreInstall
2007-09-26 19:22:46 0 d-------- C:\Documents and Settings\KASMO\Application Data\Macromedia
2007-09-26 17:55:41 0 d--h----- C:\WINDOWS\$hf_mig$
2007-09-26 17:33:18 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-09-26 17:31:37 126976 --a------ C:\WINDOWS\system32\coclassfast.dll
2007-09-26 17:31:37 0 d-------- C:\Program Files\SAGEM
2007-09-26 17:31:35 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-09-26 17:31:29 0 d-------- C:\Program Files\Fichiers communs\InstallShield
2007-09-25 10:27:04 69706 -ra------ C:\WINDOWS\system32\VTuninst.exe <Not Verified; S3 Graphics, Inc.; S3 Graphics S3UNINST>
2007-09-25 10:27:04 53248 -ra------ C:\WINDOWS\system32\VTTimer.exe <Not Verified; S3 Graphics, Inc.; S3 Graphics, Inc. Utilities>
2007-09-25 10:27:04 389120 -ra------ C:\WINDOWS\system32\VTovrlay.dll <Not Verified; S3 Graphics Co., Ltd.; S3ColorPlus/S3Overlay Utility>
2007-09-25 10:27:03 253952 -ra------ C:\WINDOWS\system32\VTInfo2.dll <Not Verified; S3 Graphics Co., Ltd.; Part of S3 Screen Toys>
2007-09-25 10:27:03 360448 -ra------ C:\WINDOWS\system32\VTGamma2.dll <Not Verified; S3 Graphics Co., Ltd.; S3 Screen Toys Utility Suite>
2007-09-25 10:27:02 487424 -ra------ C:\WINDOWS\system32\VTDisply.dll <Not Verified; S3 Graphics Co., Ltd.; Part of S3 Screen Toys>
2007-09-25 10:27:01 1871872 -ra------ C:\WINDOWS\system32\vticd.dll <Not Verified; VIA/S3 Graphics, Inc.; UniChrome(Pro) IGP ICD Driver>
2007-09-25 10:26:59 3452800 -ra------ C:\WINDOWS\system32\vtdisp.dll <Not Verified; VIA/S3 Graphics Co, Ltd.; UniChrome(Pro) IGP Driver>
2007-09-25 10:26:58 172416 -ra------ C:\WINDOWS\system32\drivers\vtmini.sys <Not Verified; Copyright © VIA/S3 Graphics Co, Ltd.; UniChrome(Pro) IGP Driver>
2007-09-25 10:22:38 0 d-------- C:\Documents and Settings\KASMO\Application Data\Identities
2007-09-25 10:22:31 0 d--h----- C:\Documents and Settings\KASMO\Voisinage réseau
2007-09-25 10:22:31 0 d--h----- C:\Documents and Settings\KASMO\Voisinage d'impression
2007-09-25 10:22:31 0 dr-h----- C:\Documents and Settings\KASMO\SendTo
2007-09-25 10:22:31 0 dr-h----- C:\Documents and Settings\KASMO\Recent
2007-09-25 10:22:31 4980736 --ah----- C:\Documents and Settings\KASMO\NTUSER.DAT
2007-09-25 10:22:31 0 d--h----- C:\Documents and Settings\KASMO\Modèles
2007-09-25 10:22:31 0 dr------- C:\Documents and Settings\KASMO\Mes documents
2007-09-25 10:22:31 0 dr------- C:\Documents and Settings\KASMO\Menu Démarrer
2007-09-25 10:22:31 0 d--h----- C:\Documents and Settings\KASMO\Local Settings
2007-09-25 10:22:31 0 dr------- C:\Documents and Settings\KASMO\Favoris
2007-09-25 10:22:31 0 d---s---- C:\Documents and Settings\KASMO\Cookies
2007-09-25 10:22:31 0 d-------- C:\Documents and Settings\KASMO\Bureau
2007-09-25 10:22:31 0 dr-h----- C:\Documents and Settings\KASMO\Application Data
2007-09-25 10:21:43 0 d-------- C:\WINDOWS\SoftwareDistribution
2007-09-25 10:21:42 0 d-------- C:\WINDOWS\Prefetch
2007-09-25 10:21:41 0 d---s---- C:\WINDOWS\system32\Microsoft
2007-09-25 10:21:40 229376 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2007-09-25 10:21:40 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2007-09-25 10:21:40 0 d---s---- C:\Documents and Settings\LocalService\Cookies
2007-09-25 10:21:40 0 d-------- C:\Documents and Settings\LocalService\Application Data
2007-09-25 10:21:40 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2007-09-25 10:17:38 229376 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2007-09-25 10:17:38 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2007-09-25 10:17:38 0 d---s---- C:\Documents and Settings\NetworkService\Cookies
2007-09-25 10:17:38 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2007-09-25 10:17:38 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2007-09-25 10:14:24 0 d-------- C:\WINDOWS\system32\xircom
2007-09-25 10:14:24 0 d-------- C:\Program Files\microsoft frontpage
2007-09-25 10:14:21 229376 ---h----- C:\Documents and Settings\Default User\NTUSER.DAT
2007-09-25 10:14:15 0 -rahs---- C:\MSDOS.SYS
2007-09-25 10:14:15 0 -rahs---- C:\IO.SYS
2007-09-25 10:14:15 0 --a------ C:\CONFIG.SYS
2007-09-25 10:14:15 0 --a------ C:\AUTOEXEC.BAT
2007-09-25 10:13:12 0 d--hs---- C:\Documents and Settings\All Users\DRM
2007-09-25 10:13:01 0 dr------- C:\WINDOWS\Offline Web Pages
2007-09-25 10:13:01 0 d---s---- C:\WINDOWS\Downloaded Program Files
2007-09-25 10:12:50 0 d--h----- C:\Program Files\WindowsUpdate
2007-09-25 10:12:46 0 d-------- C:\Program Files\Services en ligne
2007-09-25 10:12:24 0 d-------- C:\WINDOWS\system32\DirectX
2007-09-25 10:11:27 0 d---s---- C:\WINDOWS\Tasks
2007-09-25 10:11:25 0 d-------- C:\Program Files\Fichiers communs\MSSoap
2007-09-25 10:11:18 0 d-------- C:\WINDOWS\srchasst
2007-09-25 10:11:16 0 d-------- C:\WINDOWS\system32\Macromed
2007-09-25 10:11:03 0 d-------- C:\Program Files\Movie Maker
2007-09-25 10:10:50 0 d-------- C:\WINDOWS\system32\Restore
2007-09-25 10:10:21 21892 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-09-25 10:10:05 0 d-------- C:\WINDOWS\Registration
2007-09-25 10:09:31 0 d-------- C:\Program Files\Online Services
2007-09-25 10:09:26 0 d-------- C:\Program Files\Messenger
2007-09-25 10:09:22 0 d-------- C:\Program Files\MSN Gaming Zone
2007-09-25 10:08:35 0 d-------- C:\Program Files\Windows NT
2007-09-25 10:08:29 0 d-------- C:\WINDOWS\system32\MsDtc
2007-09-25 10:08:26 0 d-------- C:\WINDOWS\system32\Com
2007-09-25 06:52:16 0 d--hs---- C:\WINDOWS\Installer
2007-09-25 06:52:15 0 d-------- C:\Program Files\Fichiers communs\ODBC
2007-09-25 06:52:10 0 d-------- C:\Program Files\Fichiers communs\SpeechEngines
2007-09-25 06:52:09 0 dr------- C:\Program Files
2007-09-25 06:52:09 0 d-------- C:\Program Files\Fichiers communs
2007-09-25 06:51:30 0 d--h----- C:\Documents and Settings\Default User\Voisinage réseau
2007-09-25 06:51:30 0 d--h----- C:\Documents and Settings\Default User\Voisinage d'impression
2007-09-25 06:51:30 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2007-09-25 06:51:30 0 d--h----- C:\Documents and Settings\Default User\Recent
2007-09-25 06:51:30 0 d--h----- C:\Documents and Settings\Default User\Modèles
2007-09-25 06:51:30 0 d-------- C:\Documents and Settings\Default User\Mes documents
2007-09-25 06:51:30 0 dr------- C:\Documents and Settings\Default User\Menu Démarrer
2007-09-25 06:51:30 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2007-09-25 06:51:30 0 d-------- C:\Documents and Settings\Default User\Favoris
2007-09-25 06:51:30 0 d---s---- C:\Documents and Settings\Default User\Cookies
2007-09-25 06:51:30 0 d-------- C:\Documents and Settings\Default User\Bureau
2007-09-25 06:51:30 0 d--h----- C:\Documents and Settings\All Users\Modèles
2007-09-25 06:51:30 0 dr------- C:\Documents and Settings\All Users\Menu Démarrer
2007-09-25 06:51:30 0 d-------- C:\Documents and Settings\All Users\Favoris
2007-09-25 06:51:30 0 dr------- C:\Documents and Settings\All Users\Documents
2007-09-25 06:51:30 0 d-------- C:\Documents and Settings\All Users\Bureau
2007-09-25 06:51:15 0 d-------- C:\WINDOWS\system32\CatRoot2
2007-09-25 06:51:15 0 d-------- C:\WINDOWS\system32\CatRoot
2007-09-25 06:51:09 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2007-09-25 06:51:09 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2007-09-25 06:51:09 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2007-09-25 06:51:09 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2007-09-25 06:50:35 0 d--hs---- C:\System Volume Information
2007-09-25 06:50:35 0 d-------- C:\Documents and Settings
2007-09-25 06:43:28 0 d-------- C:\WINDOWS
2007-09-25 06:43:28 0 d-------- C:\WINDOWS\WinSxS
2007-09-25 06:43:28 0 dr------- C:\WINDOWS\Web
2007-09-25 06:43:28 0 d-------- C:\WINDOWS\twain_32
2007-09-25 06:43:28 0 d-------- C:\WINDOWS\system32
2007-09-25 06:43:28 0 d-------- C:\WINDOWS\system32\wins
2007-09-25 06:43:28 0 d-------- C:\WINDOWS\system32\wbem
2007-09-25 06:43:28 0 d-------- C:\WINDOWS\system32\usmt
2007-09-25 06:43:28 0 d-------- C:\WINDOWS\system32\spool
2007-09-25 06:43:28 0 d-------- C:\WINDOWS\system32\ShellExt
2007-09-25 06:43:28 0 d-------- C:\WINDOWS\system32\Setup
2007-09-25 06:43:28 0 d-------- C:\WINDOWS\system32\ras
2007-09-25 06:43:28 0 d-------- C:\WINDOWS\system32\oobe
2007-09-25 06:43:28 0 d-------- C:\WINDOWS\system32\npp
2007-09-25 06:43:28 0 d-------- C:\WINDOWS\system32\mui
2007-09-25 06:43:28 0 d-------- C:\WINDOWS\system32\inetsrv
2007-09-25 06:43:28 0 d-------- C:\WINDOWS\system32\IME
2007-09-25 06:43:28 0 d-------- C:\WINDOWS\system32\icsxml
2007-09-25 06:43:28 0 d-------- C:\WINDOWS\system32\ias
2007-09-25 06:43:28 0 d-------- C:\WINDOWS\system32\export
2007-09-25 06:43:28 0 d-------- C:\WINDOWS\system32\drivers
2007-09-25 06:43:28 0 d-------- C:\WINDOWS\system32\drivers\etc
2007-09-25 06:43:28 0 d-------- C:\WINDOWS\system32\drivers\disdn
2007-09-25 06:43:28 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2007-09-25 06:43:28 0 d-------- C:\WINDOWS\system32\dhcp
2007-09-25 06:43:28 0 d-------- C:\WINDOWS\system32\config
2007-09-25 06:43:28 0 d-------- C:\WINDOWS\system32\3com_dmi
2007-09-25 06:43:28 0 d-------- C:\WINDOWS\system32\3076
2007-09-25 06:43:28 0 d-------- C:\WINDOWS\system32\2052
2007-09-25 06:43:28 0 d-------- C:\WINDOWS\system32\1054
2007-09-25 06:43:28 0 d-------- C:\WINDOWS\system32\1042
2007-09-25 06:43:28 0 d-------- C:\WINDOWS\system32\1041
2007-09-25 06:43:28 0 d-------- C:\WINDOWS\system32\1037
2007-09-25 06:43:28 0 d-------- C:\WINDOWS\system32\1036
2007-09-25 06:43:28 0 d-------- C:\WINDOWS\system32\1033
2007-09-25 06:43:28 0 d-------- C:\WINDOWS\system32\1031
2007-09-25 06:43:28 0 d-------- C:\WINDOWS\system32\1028
2007-09-25 06:43:28 0 d-------- C:\WINDOWS\system32\1025
2007-09-25 06:43:28 0 d-------- C:\WINDOWS\system
2007-09-25 06:43:28 0 d-------- C:\WINDOWS\security
2007-09-25 06:43:28 0 d-------- C:\WINDOWS\Resources
2007-09-25 06:43:28 0 d-------- C:\WINDOWS\repair
2007-09-25 06:43:28 0 d-------- C:\WINDOWS\Provisioning
2007-09-25 06:43:28 0 d-------- C:\WINDOWS\PeerNet
2007-09-25 06:43:28 0 d-------- C:\WINDOWS\pchealth
2007-09-25 06:43:28 0 d-------- C:\WINDOWS\mui
2007-09-25 06:43:28 0 d-------- C:\WINDOWS\msapps
2007-09-25 06:43:28 0 d-------- C:\WINDOWS\msagent
2007-09-25 06:43:28 0 d-------- C:\WINDOWS\Media
2007-09-25 06:43:28 0 d-------- C:\WINDOWS\java
2007-09-25 06:43:28 0 d--h----- C:\WINDOWS\inf
2007-09-25 06:43:28 0 d-------- C:\WINDOWS\ime
2007-09-25 06:43:28 0 d-------- C:\WINDOWS\Help
2007-09-25 06:43:28 0 dr--s---- C:\WINDOWS\Fonts
2007-09-25 06:43:28 0 d-------- C:\WINDOWS\Driver Cache
2007-09-25 06:43:28 0 d-------- C:\WINDOWS\Debug
2007-09-25 06:43:28 0 d-------- C:\WINDOWS\Cursors
2007-09-25 06:43:28 0 d-------- C:\WINDOWS\Connection Wizard
2007-09-25 06:43:28 0 d-------- C:\WINDOWS\Config
2007-09-25 06:43:28 0 d-------- C:\WINDOWS\AppPatch
2007-09-25 06:43:28 0 d-------- C:\WINDOWS\addins


-- Find3M Report ---------------------------------------------------------------

2007-10-07 21:11:06 367658 --a------ C:\WINDOWS\system32\perfh00C.dat
2007-10-07 21:11:06 48616 --a------ C:\WINDOWS\system32\perfc00C.dat
2007-09-25 06:51:30 62 --ahs---- C:\Documents and Settings\KASMO\Application Data\desktop.ini


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5C8A618A-407D-41D3-84DB-DBCF9FB99140}]
C:\WINDOWS\system32\vtstq.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AGRSMMSG"="AGRSMMSG.exe" [29/06/2004 09:06 C:\WINDOWS\AGRSMMSG.exe]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [29/09/2007 14:53]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 10:50]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [06/09/2007 07:06]
"VTTimer"="VTTimer.exe" [01/04/2006 02:33 C:\WINDOWS\system32\VTTimer.exe]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [05/08/2004 09:00]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [19/01/2007 12:55]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [13/02/2001 01:01:04]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\\WINDOWS\\system32\\vtstq




-- End of Deckard's System Scanner: finished at 2007-10-23 14:04:22 ------------



dss extra)

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Édition familiale (build 2600) SP 2.0
Architecture: X86; Language: French

CPU 0: AMD Sempron™ 2800+
Percentage of Memory in Use: 54%
Physical Memory (total/avail): 447.48 MiB / 205.48 MiB
Pagefile Memory (total/avail): 1058.34 MiB / 854.74 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1909.36 MiB

C: is Fixed (NTFS) - 126.7 GiB total, 91.05 GiB free.
D: is CDROM (No Media)
E: is Removable (No Media)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)

\\.\PHYSICALDRIVE0 - ST3160021A - 140.77 GiB - 2 partitions
\PARTITION0 (bootable) - Système de fichiers installable - 126.7 GiB - C:
\PARTITION1 - Unknown - 14.07 GiB

\\.\PHYSICALDRIVE1 - USB2.0 CompactFlashCard USB Device

\\.\PHYSICALDRIVE4 - USB2.0 MemoryStick Card USB Device

\\.\PHYSICALDRIVE2 - USB2.0 SmartMedia/xD USB Device

\\.\PHYSICALDRIVE3 - USB2.0 SD/MMC Card USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

FW: iolo Personal Firewall® v1.1 (iolo technologies, LLC) Disabled
AV: avast! antivirus 4.7.1043 [VPS 000783-0] v4.7.1043 (ALWIL Software)
AV: iolo AntiVirus® v1.1 (iolo technologies, LLC)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Ares\\Ares.exe"="C:\\Program Files\\Ares\\Ares.exe:*:Enabled:Ares p2p for windows"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iolo\\System Mechanic Professional 7\\Personal Firewall\\ioloFW.exe"="C:\\Program Files\\iolo\\System Mechanic Professional 7\\Personal Firewall\\ioloFW.exe:*:Enabled:iolo Firewall®"
"C:\\Program Files\\iolo\\System Mechanic Professional 7\\AntiVirus\\ioloAV.exe"="C:\\Program Files\\iolo\\System Mechanic Professional 7\\AntiVirus\\ioloAV.exe:*:Enabled:iolo AntiVirus®"
"C:\\Program Files\\iolo\\System Mechanic Professional 7\\AntiVirus\\iAVEmailScanner.exe"="C:\\Program Files\\iolo\\System Mechanic Professional 7\\AntiVirus\\iAVEmailScanner.exe:*:Enabled:iolo AntiVirus® Email Protection"
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\KASMO\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Fichiers communs
COMPUTERNAME=KASMO
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\KASMO
LOGONSERVER=\\KASMO
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 8 Stepping 1, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0801
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\KASMO\LOCALS~1\Temp
TMP=C:\DOCUME~1\KASMO\LOCALS~1\Temp
USERDOMAIN=KASMO
USERNAME=KASMO
USERPROFILE=C:\Documents and Settings\KASMO
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

KASMO (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
--> VTUninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Timer'
Ad-aware 6 Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~2\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~2\INSTALL.LOG
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings --> MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3 --> C:\Program Files\Fichiers communs\Adobe\Installers\719d6f144d0c086a0dfa7ff76bb9ac1\Setup.exe
Adobe Photoshop CS3 --> MsiExec.exe /I{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}
Adobe Setup --> MsiExec.exe /I{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}
Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3 --> MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Agere Systems PCI Soft Modem --> agrsmdel
Ares 2.0.9 --> "C:\Program Files\Ares\uninstall.exe"
avast! Antivirus --> rundll32 C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup
Barre d'outils Outlook de Windows Live (Windows Live Toolbar) --> MsiExec.exe /X{4002F73D-EBB3-4EA1-A2FF-DBCB4529759E}
Bloqueur de fenêtres pop-up (Windows Live Toolbar) --> MsiExec.exe /X{51F366F4-C2E4-429A-866A-59C885ED42FD}
Correctif pour Lecteur Windows Media 11 (KB939683) --> "C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Correctif Windows XP - KB873339 --> C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Correctif Windows XP - KB885835 --> C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Correctif Windows XP - KB885836 --> C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Correctif Windows XP - KB885884 --> C:\WINDOWS\$NtUninstallKB885884$\spuninst\spuninst.exe
Correctif Windows XP - KB886185 --> C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Correctif Windows XP - KB887472 --> C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Correctif Windows XP - KB888302 --> C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Correctif Windows XP - KB890859 --> "C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Correctif Windows XP - KB891781 --> C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
Détecteur de flux Windows Live Toolbar (Windows Live Toolbar) --> MsiExec.exe /X{175B7C4A-CAF8-437A-B597-73E0D2D970FE}
Extension de Windows Live Toolbar (Windows Live Toolbar) --> MsiExec.exe /X{D518AD32-C710-4616-BA0D-D4B1FA5F82E8}
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Livebox --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17342E3B-0818-4A6F-BFF8-99476605ADD6}\Setup.exe" -l0x40c
Livebox --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB3F9176-E74A-4F28-9A09-4F22349B145E}\setup.exe" -l0x40c
Menus intelligents (Windows Live Toolbar) --> MsiExec.exe /X{3585ED1C-74C5-43B0-A232-831B96A12A2B}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media (KB911564) --> "C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782) --> "C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 6.4 (KB925398) --> "C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB890046) --> "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB893756) --> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB896358) --> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB896423) --> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB896428) --> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB899587) --> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB899591) --> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB900725) --> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB901017) --> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB901214) --> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB902400) --> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB904706) --> "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB905414) --> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB905749) --> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB908519) --> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB911562) --> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB911927) --> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB913580) --> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB914388) --> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB914389) --> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB917344) --> "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB917953) --> "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB918118) --> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB918439) --> "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB919007) --> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB920213) --> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB920670) --> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB920683) --> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB920685) --> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB921503) --> "C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB922819) --> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923191) --> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923414) --> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923689) --> "C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923789) --> C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Mise à jour de sécurité pour Windows XP (KB923980) --> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB924270) --> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB924496) --> "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB924667) --> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB925902) --> "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB926255) --> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB926436) --> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB927779) --> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB927802) --> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB928255) --> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB928843) --> "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB929123) --> "C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB930178) --> "C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB931261) --> "C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB931784) --> "C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB932168) --> "C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB933729) --> "C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB935839) --> "C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB935840) --> "C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB936021) --> "C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB937143) --> "C:\WINDOWS\$NtUninstallKB937143$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB938127) --> "C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB938829) --> "C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB939653) --> "C:\WINDOWS\$NtUninstallKB939653$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941202) --> "C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB894391) --> "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB898461) --> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB900485) --> "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB908531) --> "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB910437) --> "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB911280) --> "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB916595) --> "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB920872) --> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB922582) --> "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB927891) --> "C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB930916) --> "C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB933360) --> "C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB938828) --> "C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
Navigation par onglets (Windows Live Toolbar) --> MsiExec.exe /X{E74559C2-BB47-45AD-83DD-0D66B67E7811}
Nero Suite --> C:\Program Files\Fichiers communs\Nero\Uninstall\Setupx.exe /uninstall ExtraUninstallID=""
OneCare Advisor (Windows Live Toolbar) --> MsiExec.exe /X{6D7F8D4B-D1A4-402A-973E-31E90940E585}
PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
RealPlayer --> C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Rhapsody Player Engine --> MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
S3 S3Display --> vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Display'
S3 S3Gamma2 --> vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Gamma2'
S3 S3Info2 --> vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Info2'
S3 S3Overlay --> vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Overlay'
Spybot - Search & Destroy 1.2 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Windows Live Favorites pour Windows Live Toolbar --> MsiExec.exe /X{DCE65B11-710D-4C54-9DE5-1A6A0BD2186B}
Windows Live Messenger --> MsiExec.exe /I{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}
Windows Live Sign-in Assistant --> MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
Windows Live Toolbar --> "C:\Program Files\Windows Live Toolbar\UnInstall.exe" {05AE605F-3146-46ED-BC52-0A14EBF57962}
Windows Live Toolbar --> MsiExec.exe /X{05AE605F-3146-46ED-BC52-0A14EBF57962}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type97251 / Success
Event Submitted/Written: 10/23/2007 08:41:10 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type97233 / Error
Event Submitted/Written: 10/22/2007 06:53:02 PM
Event ID/Source: 1000 / Application Error
Event Description:
Application défaillante ares.exe, version 2.0.9.3030, module défaillant ares.exe, version 2.0.9.3030, adresse de défaillance 0x00003d3a.
Traitement de l'événement propre au support pour [ares.exe!ws!]

Event Record #/Type97227 / Error
Event Submitted/Written: 10/22/2007 04:54:31 PM
Event ID/Source: 1000 / Application Error
Event Description:
Application défaillante iexplore.exe, version 6.0.2900.2180, module défaillant rpbrowserrecordplugin.dll, version 1.0.0.336, adresse de défaillance 0x00003a9a.
Traitement de l'événement propre au support pour [iexplore.exe!ws!]

Event Record #/Type97215 / Success
Event Submitted/Written: 10/22/2007 03:09:58 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type97214 / Error
Event Submitted/Written: 10/22/2007 03:05:31 PM
Event ID/Source: 1000 / Application Error
Event Description:
Application défaillante swreg.cfexe, version 2.0.1.8, module défaillant swreg.cfexe, version 2.0.1.8, adresse de défaillance 0x00003eca.
Traitement de l'événement propre au support pour [swreg.cfexe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type12715 / Warning
Event Submitted/Written: 10/23/2007 01:57:40 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Votre ordinateur n'a pas pu renouveler son adresse à partir du réseau (à partir
du serveur DHCP) pour la carte réseau dont l'adresse réseau est 00604CABE7F4. Il s'est
produit l'erreur suivante :
%%121.
Votre ordinateur va continuer à essayer d'obtenir sa propre adresse auprès du
serveur d'adresse réseau (DHCP).

Event Record #/Type12686 / Warning
Event Submitted/Written: 10/23/2007 01:56:02 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Votre ordinateur n'a pas pu renouveler son adresse à partir du réseau (à partir
du serveur DHCP) pour la carte réseau dont l'adresse réseau est 00604CABE7F4. Il s'est
produit l'erreur suivante :
%%121.
Votre ordinateur va continuer à essayer d'obtenir sa propre adresse auprès du
serveur d'adresse réseau (DHCP).

Event Record #/Type12636 / Warning
Event Submitted/Written: 10/23/2007 08:39:52 AM
Event ID/Source: 1003 / Dhcp
Event Description:
Votre ordinateur n'a pas pu renouveler son adresse à partir du réseau (à partir
du serveur DHCP) pour la carte réseau dont l'adresse réseau est 00604CABE7F4. Il s'est
produit l'erreur suivante :
%%121.
Votre ordinateur va continuer à essayer d'obtenir sa propre adresse auprès du
serveur d'adresse réseau (DHCP).

Event Record #/Type12625 / Warning
Event Submitted/Written: 10/22/2007 10:53:28 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Votre ordinateur n'a pas pu renouveler son adresse à partir du réseau (à partir
du serveur DHCP) pour la carte réseau dont l'adresse réseau est 00604CABE7F4. Il s'est
produit l'erreur suivante :
%%121.
Votre ordinateur va continuer à essayer d'obtenir sa propre adresse auprès du
serveur d'adresse réseau (DHCP).

Event Record #/Type12624 / Warning
Event Submitted/Written: 10/22/2007 10:21:42 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Votre ordinateur n'a pas pu renouveler son adresse à partir du réseau (à partir
du serveur DHCP) pour la carte réseau dont l'adresse réseau est 00604CABE7F4. Il s'est
produit l'erreur suivante :
%%121.
Votre ordinateur va continuer à essayer d'obtenir sa propre adresse auprès du
serveur d'adresse réseau (DHCP).



-- End of Deckard's System Scanner: finished at 2007-10-23 14:04:22 ------------



vundofix)


VundoFix V6.5.10

Checking Java version...

Sun Java not detected
Scan started at 14:50:44 22/10/2007

Listing files found while scanning....

C:\windows\system32\afthvrvk.ini
C:\windows\system32\byqmqxyg.dll
C:\windows\system32\ccuneoqn.dll
C:\windows\system32\cveemdcv.ini
C:\windows\system32\cytcecpx.dll
C:\windows\system32\dknksejh.dll
C:\windows\system32\duncipqr.dll
C:\windows\system32\dvlldvgh.ini
C:\WINDOWS\system32\efcabcc.dll
C:\windows\system32\eihdlqnk.ini
C:\windows\system32\foaymlwl.ini
C:\windows\system32\fuptdmfs.ini
C:\windows\system32\gaqlkdan.dll
C:\WINDOWS\system32\ghtkantj.dll
C:\windows\system32\gyxqmqyb.ini
C:\windows\system32\hgvdllvd.dll
C:\windows\system32\hjesknkd.ini
C:\windows\system32\itgdrifm.dll
C:\windows\system32\ivxvouvq.dll
C:\WINDOWS\system32\jtnakthg.ini
C:\windows\system32\kmnokbeq.dll
C:\windows\system32\knqldhie.dll
C:\windows\system32\kvrvhtfa.dll
C:\windows\system32\lwlmyaof.dll
C:\windows\system32\mfirdgti.ini
C:\windows\system32\nadklqag.ini
C:\WINDOWS\system32\nalibnlk.dll
C:\windows\system32\nqoenucc.ini
C:\windows\system32\oidgyecs.ini
C:\windows\system32\oqfqqosv.dll
C:\windows\system32\qvuovxvi.ini
C:\windows\system32\sceygdio.dll
C:\windows\system32\sfmdtpuf.dll
C:\windows\system32\vcdmeevc.dll
C:\windows\system32\vsoqqfqo.ini
C:\windows\system32\xpcectyc.ini

Beginning removal...

Attempting to delete C:\windows\system32\afthvrvk.ini
C:\windows\system32\afthvrvk.ini Has been deleted!

Attempting to delete C:\windows\system32\byqmqxyg.dll
C:\windows\system32\byqmqxyg.dll Has been deleted!

Attempting to delete C:\windows\system32\ccuneoqn.dll
C:\windows\system32\ccuneoqn.dll Has been deleted!

Attempting to delete C:\windows\system32\cveemdcv.ini
C:\windows\system32\cveemdcv.ini Has been deleted!

Attempting to delete C:\windows\system32\cytcecpx.dll
C:\windows\system32\cytcecpx.dll Has been deleted!

Attempting to delete C:\windows\system32\dknksejh.dll
C:\windows\system32\dknksejh.dll Has been deleted!

Attempting to delete C:\windows\system32\duncipqr.dll
C:\windows\system32\duncipqr.dll Has been deleted!

Attempting to delete C:\windows\system32\dvlldvgh.ini
C:\windows\system32\dvlldvgh.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\efcabcc.dll
C:\WINDOWS\system32\efcabcc.dll Could not be deleted.

Attempting to delete C:\windows\system32\eihdlqnk.ini
C:\windows\system32\eihdlqnk.ini Has been deleted!

Attempting to delete C:\windows\system32\foaymlwl.ini
C:\windows\system32\foaymlwl.ini Has been deleted!

Attempting to delete C:\windows\system32\fuptdmfs.ini
C:\windows\system32\fuptdmfs.ini Has been deleted!

Attempting to delete C:\windows\system32\gaqlkdan.dll
C:\windows\system32\gaqlkdan.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ghtkantj.dll
C:\WINDOWS\system32\ghtkantj.dll Could not be deleted.

Attempting to delete C:\windows\system32\gyxqmqyb.ini
C:\windows\system32\gyxqmqyb.ini Has been deleted!

Attempting to delete C:\windows\system32\hgvdllvd.dll
C:\windows\system32\hgvdllvd.dll Has been deleted!

Attempting to delete C:\windows\system32\hjesknkd.ini
C:\windows\system32\hjesknkd.ini Has been deleted!

Attempting to delete C:\windows\system32\itgdrifm.dll
C:\windows\system32\itgdrifm.dll Has been deleted!

Attempting to delete C:\windows\system32\ivxvouvq.dll
C:\windows\system32\ivxvouvq.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jtnakthg.ini
C:\WINDOWS\system32\jtnakthg.ini Has been deleted!

Attempting to delete C:\windows\system32\kmnokbeq.dll
C:\windows\system32\kmnokbeq.dll Has been deleted!

Attempting to delete C:\windows\system32\knqldhie.dll
C:\windows\system32\knqldhie.dll Has been deleted!

Attempting to delete C:\windows\system32\kvrvhtfa.dll
C:\windows\system32\kvrvhtfa.dll Has been deleted!

Attempting to delete C:\windows\system32\lwlmyaof.dll
C:\windows\system32\lwlmyaof.dll Has been deleted!

Attempting to delete C:\windows\system32\mfirdgti.ini
C:\windows\system32\mfirdgti.ini Has been deleted!

Attempting to delete C:\windows\system32\nadklqag.ini
C:\windows\system32\nadklqag.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\nalibnlk.dll
C:\WINDOWS\system32\nalibnlk.dll Has been deleted!

Attempting to delete C:\windows\system32\nqoenucc.ini
C:\windows\system32\nqoenucc.ini Has been deleted!

Attempting to delete C:\windows\system32\oidgyecs.ini
C:\windows\system32\oidgyecs.ini Has been deleted!

Attempting to delete C:\windows\system32\oqfqqosv.dll
C:\windows\system32\oqfqqosv.dll Has been deleted!

Attempting to delete C:\windows\system32\qvuovxvi.ini
C:\windows\system32\qvuovxvi.ini Has been deleted!

Attempting to delete C:\windows\system32\sceygdio.dll
C:\windows\system32\sceygdio.dll Has been deleted!

Attempting to delete C:\windows\system32\sfmdtpuf.dll
C:\windows\system32\sfmdtpuf.dll Has been deleted!

Attempting to delete C:\windows\system32\vcdmeevc.dll
C:\windows\system32\vcdmeevc.dll Has been deleted!

Attempting to delete C:\windows\system32\vsoqqfqo.ini
C:\windows\system32\vsoqqfqo.ini Has been deleted!

Attempting to delete C:\windows\system32\xpcectyc.ini
C:\windows\system32\xpcectyc.ini Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\efcabcc.dll
C:\WINDOWS\system32\efcabcc.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ghtkantj.dll
C:\WINDOWS\system32\ghtkantj.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.10

Checking Java version...

Sun Java not detected
Scan started at 15:00:04 22/10/2007

Listing files found while scanning....

No infected files were found.


VundoFix V6.5.10

Checking Java version...

Sun Java not detected
Scan started at 13:50:15 23/10/2007

Listing files found while scanning....

C:\WINDOWS\system32\dcnptawn.dll
C:\WINDOWS\system32\jmvfahpt.dll
C:\WINDOWS\system32\nwatpncd.ini

Beginning removal...

Attempting to delete C:\WINDOWS\system32\dcnptawn.dll
C:\WINDOWS\system32\dcnptawn.dll Could not be deleted.

Attempting to delete C:\WINDOWS\SYSTEM32\gebxwts.dll
C:\WINDOWS\SYSTEM32\gebxwts.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jleswbop.dll
C:\WINDOWS\system32\jleswbop.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jmvfahpt.dll
C:\WINDOWS\system32\jmvfahpt.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\nwatpncd.ini
C:\WINDOWS\system32\nwatpncd.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\vtstq.dll
C:\WINDOWS\system32\vtstq.dll Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\dcnptawn.dll
C:\WINDOWS\system32\dcnptawn.dll Has been deleted!

Performing Repairs to the registry.
Done!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users