Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

MULTIPLE LOGS - KNOWING IS HALF THE BATTLE


  • This topic is locked This topic is locked
11 replies to this topic

#1 jonasll

jonasll

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:03 AM

Posted 28 January 2009 - 08:20 AM

HI!
READ FULL POSTS, IT CONTAINS MULTIPLE DIFFERENT LOGS, WHICH ARE LISTED AT THE END OF THIS FIRST POST :thumbup2:
here's the deal,

I caught that huge thing where my browser got hijacked (google redirects, etc) and had only the Vimax pills Ad.... Ive been through multiple forums to finally get rid of the Vimax part and the browser hijacking,
!!! BUT I always get the NOD32 message that tells me that a variant of Kryptic.FB as been quarantined and deleted... THAT ONLY ONLY APPEARS AS SOON AS I PLUG IN A MASS STORAGE DEVICE .
Here's how it works.... I plug in a device that's clean... some registry key or process creates a folder called RESYCLED on the USB key for example... esetNOD32 notices it, deletes it.... 30 seconds later, the same folder is created again, Eset deletes it..... I guess thats the way of infecting other computers.... anyways, i don't get any annoying downsides directly on my computer, but I'm afraid of doing banking for example... Oh, and sorry, it also blocks all the connections to update servers of ad-aware, nod32, or any help and support for any company with anti-viruses softwares...

Alright, i'll put a few more details....
-Resycled is also found sometimes on C: drive;
-It contains only one file : ntldr.com
-Everytime I run ComboFix, it deletes these folders, but somehow, the process starts back a little later...
-Finally, this trojan stops all connections with update servers for anti-viruses, teh ni run ComboFix, the updates are available, reboot my computer, and cannot update….

I AM POSTING IN ORDER :
1. Malwarebytes’ anti-malware scan report
2. RSIT log.txt
3. RSIT info.txt
4. ATTACHED GMER results
5. ComboFix Log
6. A fresh HiJack This! log

Thanks alot, hope you have enough information....

BC AdBot (Login to Remove)

 


#2 jonasll

jonasll
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:03 AM

Posted 28 January 2009 - 08:21 AM

Malwarebytes' Anti-Malware 1.33
Version de la base de donnÈes: 1666
Windows 5.1.2600 Service Pack 2

2009-01-28 07:45:19
mbam-log-2009-01-28 (07-45-15).txt

Type de recherche: Examen complet (C:\|G:\|)
ElÈments examinÈs: 98206
Temps ÈcoulÈ: 34 minute(s), 4 second(s)

Processus mÈmoire infectÈ(s): 0
Module(s) mÈmoire infectÈ(s): 0
ClÈ(s) du Registre infectÈe(s): 0
Valeur(s) du Registre infectÈe(s): 0
ElÈment(s) de donnÈes du Registre infectÈ(s): 0
Dossier(s) infectÈ(s): 1
Fichier(s) infectÈ(s): 0

Processus mÈmoire infectÈ(s):
(Aucun ÈlÈment nuisible dÈtectÈ)

Module(s) mÈmoire infectÈ(s):
(Aucun ÈlÈment nuisible dÈtectÈ)

ClÈ(s) du Registre infectÈe(s):
(Aucun ÈlÈment nuisible dÈtectÈ)

Valeur(s) du Registre infectÈe(s):
(Aucun ÈlÈment nuisible dÈtectÈ)

ElÈment(s) de donnÈes du Registre infectÈ(s):
(Aucun ÈlÈment nuisible dÈtectÈ)

Dossier(s) infectÈ(s):
C:\resycled (Trojan.DNSChanger) -> No action taken.

Fichier(s) infectÈ(s):
(Aucun ÈlÈment nuisible dÈtectÈ)

#3 jonasll

jonasll
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:03 AM

Posted 28 January 2009 - 08:23 AM

RSIT log.txt



Logfile of random's system information tool 1.05 (written by random/random)
Run by jonas at 2009-01-28 07:50:05
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 78 GB (86%) free of 91 GB
Total RAM: 3070 MB (82% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:50:07, on 2009-01-28
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\jonas\Bureau\RSIT.exe
C:\Program Files\trend micro\jonas.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Service de líiPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 6406 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-01-19 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2008-11-18 408952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-01-19 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-01-19 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IntelZeroConfig"=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2007-10-08 995328]
"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2007-10-08 1101824]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-03-08 761947]
"AdobeCS4ServiceManager"=C:\Program Files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-01-19 136600]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2008-02-20 1443072]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-05 15360]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2008-12-02 3882312]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2006-01-02 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe [2007-05-10 405504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-05-23 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Autodesk\Backburner\monitor.exe"="C:\Program Files\Autodesk\Backburner\monitor.exe:*:Enabled:backburner 2.3 monitor"
"C:\Program Files\Autodesk\Backburner\manager.exe"="C:\Program Files\Autodesk\Backburner\manager.exe:*:Enabled:backburner 2.3 manager"
"C:\Program Files\Autodesk\Backburner\server.exe"="C:\Program Files\Autodesk\Backburner\server.exe:*:Enabled:backburner 2.3 server"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe"="C:\Program Files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{50420c36-dad7-11dd-805c-0015c519a269}]
shell\AutoRun\command - F:\wd_windows_tools\setup.exe


======File associations======

.scr - open - "C:\WINDOWS\system32\notepad.exe" "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 3 months======

2009-01-28 07:16:00 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-01-28 07:15:50 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-01-28 07:15:38 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-01-28 07:15:26 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-01-28 07:15:16 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2009-01-28 07:15:03 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2009-01-28 07:14:25 ----HDC---- C:\WINDOWS\$NtUninstallKB958215$
2009-01-28 07:13:59 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-01-28 07:13:45 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2009-01-28 07:13:34 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2009-01-28 07:13:10 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2009-01-28 07:12:44 ----HDC---- C:\WINDOWS\$NtUninstallKB960714$
2009-01-28 07:12:31 ----D---- C:\Program Files\MSXML 6.0
2009-01-28 07:12:19 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2009-01-28 07:12:10 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2009-01-28 07:11:42 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-01-28 07:11:30 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-01-28 07:11:16 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-01-28 07:11:05 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-01-28 07:10:57 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2009-01-28 07:10:24 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-01-28 07:10:02 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-01-28 07:09:54 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2009-01-28 07:09:46 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-01-28 07:09:39 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-01-28 07:09:30 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-01-28 07:09:17 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-01-28 07:09:15 ----D---- C:\WINDOWS\LastGood
2009-01-24 18:53:28 ----A---- C:\ComboFix.txt
2009-01-24 18:49:57 ----D---- C:\ComboFix
2009-01-24 17:19:26 ----D---- C:\Documents and Settings\jonas\Application Data\Lucis
2009-01-24 17:10:02 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2009-01-23 15:17:06 ----A---- C:\WINDOWS\system32\wmpns.dll
2009-01-23 15:16:52 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP11$
2009-01-23 15:16:26 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
2009-01-23 09:51:08 ----D---- C:\WINDOWS\system32\CatRoot_bak
2009-01-23 09:41:43 ----A---- C:\WINDOWS\system32\SETA8.tmp
2009-01-23 09:41:42 ----A---- C:\WINDOWS\system32\SETB7.tmp
2009-01-23 09:41:42 ----A---- C:\WINDOWS\system32\SETAA.tmp
2009-01-23 09:41:40 ----A---- C:\WINDOWS\system32\SETAB.tmp
2009-01-23 09:41:40 ----A---- C:\WINDOWS\system32\SETA9.tmp
2009-01-23 09:39:06 ----A---- C:\WINDOWS\system32\SET79.tmp
2009-01-23 09:31:01 ----A---- C:\WINDOWS\system32\SET45.tmp
2009-01-23 09:30:53 ----A---- C:\WINDOWS\system32\SET10.tmp
2009-01-23 09:30:51 ----A---- C:\WINDOWS\system32\SETA.tmp
2009-01-23 09:28:24 ----D---- C:\WINDOWS\system32\PreInstall
2009-01-23 09:28:21 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2009-01-23 09:28:20 ----HD---- C:\WINDOWS\$hf_mig$
2009-01-21 11:46:27 ----A---- C:\WINDOWS\system32\muweb.dll
2009-01-21 11:46:27 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2009-01-21 11:46:27 ----A---- C:\WINDOWS\system32\mucltui.dll
2009-01-19 10:11:22 ----A---- C:\Boot.bak
2009-01-19 10:11:14 ----RASHD---- C:\cmdcons
2009-01-19 10:09:57 ----A---- C:\WINDOWS\zip.exe
2009-01-19 10:09:57 ----A---- C:\WINDOWS\VFIND.exe
2009-01-19 10:09:57 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-01-19 10:09:57 ----A---- C:\WINDOWS\SWSC.exe
2009-01-19 10:09:57 ----A---- C:\WINDOWS\SWREG.exe
2009-01-19 10:09:57 ----A---- C:\WINDOWS\sed.exe
2009-01-19 10:09:57 ----A---- C:\WINDOWS\NIRCMD.exe
2009-01-19 10:09:57 ----A---- C:\WINDOWS\grep.exe
2009-01-19 10:09:57 ----A---- C:\WINDOWS\fdsv.exe
2009-01-19 10:09:54 ----D---- C:\WINDOWS\ERDNT
2009-01-19 10:09:54 ----AD---- C:\Qoobox
2009-01-19 10:05:21 ----A---- C:\WINDOWS\gmer.ini
2009-01-19 10:05:20 ----A---- C:\WINDOWS\gmer_uninstall.cmd
2009-01-19 10:05:20 ----A---- C:\WINDOWS\gmer.exe
2009-01-19 10:05:20 ----A---- C:\WINDOWS\gmer.dll
2009-01-19 10:02:47 ----D---- C:\rsit
2009-01-19 10:02:47 ----D---- C:\Program Files\trend micro
2009-01-19 09:14:34 ----D---- C:\WINDOWS\Sun
2009-01-19 09:12:18 ----A---- C:\WINDOWS\system32\javaws.exe
2009-01-19 09:12:18 ----A---- C:\WINDOWS\system32\javaw.exe
2009-01-19 09:12:18 ----A---- C:\WINDOWS\system32\java.exe
2009-01-19 09:12:18 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-01-19 09:11:53 ----D---- C:\Program Files\Java
2009-01-19 09:11:19 ----D---- C:\Documents and Settings\jonas\Application Data\Sun
2009-01-19 08:51:07 ----D---- C:\Documents and Settings\jonas\Application Data\Malwarebytes
2009-01-19 08:51:02 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-01-19 08:51:02 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-01-18 20:22:46 ----D---- C:\Program Files\HijackThis
2009-01-18 20:05:05 ----D---- C:\Program Files\Lavasoft
2009-01-18 20:05:05 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-01-18 20:02:42 ----D---- C:\Program Files\Fichiers communs\Wise Installation Wizard
2009-01-18 15:55:50 ----D---- C:\Program Files\Microsoft Silverlight
2009-01-18 15:54:59 ----D---- C:\Program Files\Microsoft
2009-01-18 15:54:40 ----D---- C:\Program Files\Windows Live SkyDrive
2009-01-18 15:54:13 ----D---- C:\Program Files\Windows Live
2009-01-18 15:49:20 ----D---- C:\Program Files\Fichiers communs\Windows Live
2009-01-18 15:46:56 ----HDC---- C:\WINDOWS\$NtUninstallKB926239$
2009-01-18 15:46:45 ----N---- C:\WINDOWS\system32\spmsg.dll
2009-01-18 15:46:14 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2009-01-18 15:45:53 ----D---- C:\Program Files\Windows Media Connect 2
2009-01-18 15:45:29 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2009-01-18 15:44:43 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2009-01-18 15:44:18 ----D---- C:\WINDOWS\system32\LogFiles
2009-01-18 15:44:10 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2009-01-18 15:44:08 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$
2009-01-18 15:42:19 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2009-01-18 15:33:39 ----D---- C:\Documents and Settings\jonas\Application Data\Apple Computer
2009-01-18 15:33:33 ----A---- C:\WINDOWS\system32\GEARAspi.dll
2009-01-18 15:33:08 ----D---- C:\Program Files\iPod
2009-01-18 15:33:05 ----D---- C:\Program Files\iTunes
2009-01-18 15:33:05 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-18 15:32:50 ----D---- C:\Program Files\Bonjour
2009-01-18 15:32:11 ----D---- C:\Program Files\QuickTime
2009-01-18 15:32:09 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2009-01-18 15:31:55 ----D---- C:\Program Files\Apple Software Update
2009-01-18 15:31:23 ----D---- C:\Program Files\Fichiers communs\Apple
2009-01-18 15:31:23 ----D---- C:\Documents and Settings\All Users\Application Data\Apple
2009-01-17 10:57:07 ----D---- C:\WINDOWS\system32\appmgmt
2009-01-07 10:18:17 ----D---- C:\Program Files\NOS
2009-01-07 10:18:17 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2009-01-06 22:29:16 ----A---- C:\WINDOWS\system32\InstallSettings.ini
2009-01-06 22:29:16 ----A---- C:\WINDOWS\system32\3dsmax.ini
2009-01-06 22:27:48 ----A---- C:\WINDOWS\system32\d3dx10_34.dll
2009-01-06 22:27:48 ----A---- C:\WINDOWS\system32\D3DCompiler_34.dll
2009-01-06 22:27:43 ----A---- C:\WINDOWS\system32\d3dx9_34.dll
2009-01-06 22:27:43 ----A---- C:\WINDOWS\system32\d3dx9_32.dll
2009-01-06 22:27:40 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
2009-01-06 22:13:30 ----D---- C:\Program Files\AutoCAD 2008
2009-01-06 22:13:30 ----D---- C:\Documents and Settings\jonas\Application Data\Autodesk
2009-01-06 22:13:30 ----D---- C:\Documents and Settings\All Users\Application Data\Autodesk
2009-01-06 22:12:28 ----D---- C:\Program Files\Fichiers communs\Autodesk Shared
2009-01-06 22:12:28 ----D---- C:\Program Files\Autodesk
2009-01-06 22:12:14 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2009-01-06 22:12:04 ----D---- C:\Program Files\Fichiers communs\Designer
2009-01-06 22:12:02 ----D---- C:\Program Files\Microsoft Office
2009-01-06 22:10:13 ----RSD---- C:\WINDOWS\assembly
2009-01-06 22:09:47 ----D---- C:\WINDOWS\Microsoft.NET
2009-01-05 01:23:13 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2009-01-05 00:03:02 ----D---- C:\Documents and Settings\All Users\Application Data\FLEXnet
2009-01-04 23:59:06 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-01-04 23:56:21 ----D---- C:\Program Files\Adobe
2009-01-04 23:52:36 ----D---- C:\Program Files\Fichiers communs\Macrovision Shared
2009-01-04 23:49:15 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2009-01-04 23:48:40 ----D---- C:\Program Files\Fichiers communs\Adobe
2009-01-04 21:41:29 ----D---- C:\Documents and Settings\jonas\Application Data\Mozilla
2009-01-04 21:41:23 ----D---- C:\Program Files\Mozilla Firefox
2009-01-04 21:33:35 ----D---- C:\Program Files\ESET
2009-01-04 21:33:35 ----D---- C:\Documents and Settings\All Users\Application Data\ESET
2009-01-04 21:32:01 ----D---- C:\Documents and Settings\jonas\Application Data\WinRAR
2009-01-04 21:31:21 ----D---- C:\WINDOWS\WinRAR
2009-01-04 21:31:21 ----D---- C:\Program Files\WinRAR
2009-01-04 21:29:46 ----D---- C:\Program Files\7-Zip
2009-01-04 21:25:40 ----D---- C:\Documents and Settings\jonas\Application Data\Macromedia
2009-01-04 21:25:40 ----D---- C:\Documents and Settings\jonas\Application Data\Adobe
2009-01-04 21:25:16 ----D---- C:\Program Files\uTorrent
2009-01-04 21:25:10 ----D---- C:\Documents and Settings\jonas\Application Data\uTorrent
2009-01-04 21:20:03 ----D---- C:\WINDOWS\pss
2009-01-04 21:15:49 ----A---- C:\WINDOWS\system32\stlang.dll
2009-01-04 21:15:49 ----A---- C:\WINDOWS\stsystra.exe
2009-01-04 21:15:48 ----A---- C:\WINDOWS\system32\ksuser.dll
2009-01-04 21:15:39 ----HDC---- C:\WINDOWS\$NtUninstallKB835221WXP$
2009-01-04 21:15:24 ----A---- C:\WINDOWS\system32\stacapi.dll
2009-01-04 21:15:24 ----A---- C:\WINDOWS\system32\st325602.dll
2009-01-04 21:15:23 ----D---- C:\Program Files\SigmaTel
2009-01-04 21:14:48 ----D---- C:\WINDOWS\Downloaded Installations
2009-01-04 21:14:22 ----D---- C:\Program Files\Broadcom
2009-01-04 21:13:48 ----D---- C:\Program Files\DIFX
2009-01-04 21:13:40 ----A---- C:\WINDOWS\system32\rixdicon.dll
2009-01-04 21:13:39 ----A---- C:\WINDOWS\system32\snymsico.dll
2009-01-04 21:13:11 ----D---- C:\Program Files\Synaptics
2009-01-04 21:13:11 ----A---- C:\WINDOWS\system32\SynTPFcs.dll
2009-01-04 21:13:11 ----A---- C:\WINDOWS\system32\SynTPCo2.dll
2009-01-04 21:13:11 ----A---- C:\WINDOWS\system32\SynTPAPI.dll
2009-01-04 21:13:11 ----A---- C:\WINDOWS\system32\SynCtrl.dll
2009-01-04 21:13:11 ----A---- C:\WINDOWS\system32\SynCOM.dll
2009-01-04 21:11:18 ----A---- C:\WINDOWS\system32\wpa.bak
2009-01-04 21:10:42 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-01-04 21:05:09 ----D---- C:\Documents and Settings\jonas\Application Data\Intel
2009-01-04 21:05:08 ----A---- C:\WINDOWS\system32\results.txt
2009-01-04 21:05:03 ----A---- C:\WINDOWS\system32\AegisI5Installer.exe
2009-01-04 21:04:39 ----D---- C:\Documents and Settings\All Users\Application Data\Intel
2009-01-04 21:04:15 ----A---- C:\WINDOWS\system32\NETw4r32.dll
2009-01-04 21:04:15 ----A---- C:\WINDOWS\system32\NETw4c32.dll
2009-01-04 21:04:14 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-01-04 21:04:11 ----D---- C:\Program Files\Intel
2009-01-04 20:51:57 ----A---- C:\WINDOWS\system32\hidserv.dll
2009-01-04 20:43:49 ----A---- C:\WINDOWS\system32\Oemdspif.dll
2009-01-04 20:43:49 ----A---- C:\WINDOWS\system32\ativvaxx.dll
2009-01-04 20:43:49 ----A---- C:\WINDOWS\system32\ativcoxx.dll
2009-01-04 20:43:49 ----A---- C:\WINDOWS\system32\atitvo32.dll
2009-01-04 20:43:49 ----A---- C:\WINDOWS\system32\atipdlxx.dll
2009-01-04 20:43:49 ----A---- C:\WINDOWS\system32\atioglxx.dll
2009-01-04 20:43:49 ----A---- C:\WINDOWS\system32\atioglx1.dll
2009-01-04 20:43:49 ----A---- C:\WINDOWS\system32\atikvmag.dll
2009-01-04 20:43:49 ----A---- C:\WINDOWS\system32\atiiiexx.dll
2009-01-04 20:43:49 ----A---- C:\WINDOWS\system32\ATIDEMGR.dll
2009-01-04 20:43:49 ----A---- C:\WINDOWS\system32\ATIDDC.DLL
2009-01-04 20:43:49 ----A---- C:\WINDOWS\system32\ati3duag.dll
2009-01-04 20:43:49 ----A---- C:\WINDOWS\system32\Ati2mdxx.exe
2009-01-04 20:43:49 ----A---- C:\WINDOWS\system32\ati2evxx.exe
2009-01-04 20:43:49 ----A---- C:\WINDOWS\system32\ati2evxx.dll
2009-01-04 20:43:49 ----A---- C:\WINDOWS\system32\ati2edxx.dll
2009-01-04 20:43:49 ----A---- C:\WINDOWS\system32\ati2dvag.dll
2009-01-04 20:43:49 ----A---- C:\WINDOWS\system32\ati2cqag.dll
2009-01-04 20:39:05 ----D---- C:\Dell
2009-01-04 20:29:01 ----HD---- C:\Program Files\InstallShield Installation Information
2009-01-04 20:29:01 ----D---- C:\Program Files\ATI Technologies
2009-01-04 20:28:33 ----D---- C:\Program Files\Fichiers communs\InstallShield
2009-01-04 20:28:19 ----D---- C:\ATI
2009-01-04 20:18:26 ----D---- C:\Drivers
2009-01-04 20:00:32 ----D---- C:\WINDOWS\SoftwareDistribution
2009-01-04 20:00:30 ----D---- C:\WINDOWS\Prefetch
2009-01-04 20:00:29 ----SD---- C:\WINDOWS\system32\Microsoft
2009-01-04 19:55:36 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2009-01-04 19:55:06 ----A---- C:\WINDOWS\system32\wuweb.dll
2009-01-04 19:55:06 ----A---- C:\WINDOWS\system32\wucltui.dll
2009-01-04 19:55:06 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2009-01-04 19:55:05 ----A---- C:\WINDOWS\system32\wups.dll
2009-01-04 19:55:05 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2009-01-04 19:55:05 ----A---- C:\WINDOWS\system32\wuapi.dll
2009-01-04 19:55:05 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2009-01-04 19:55:05 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2009-01-04 19:54:49 ----A---- C:\WINDOWS\system32\fltMc.exe
2009-01-04 19:54:49 ----A---- C:\WINDOWS\system32\fltlib.dll
2009-01-04 19:48:49 ----A---- C:\WINDOWS\system32\irclass.dll
2009-01-04 19:48:48 ----A---- C:\WINDOWS\system32\spxcoins.dll
2009-01-04 19:48:31 ----RA---- C:\WINDOWS\SET22.tmp
2009-01-04 19:48:26 ----RA---- C:\WINDOWS\SET16.tmp
2009-01-04 19:48:24 ----RA---- C:\WINDOWS\SET15.tmp
2009-01-04 19:36:08 ----A---- C:\WINDOWS\UPGRADE.TXT
2009-01-04 19:36:02 ----D---- C:\WINDOWS\setup.pss
2009-01-04 19:31:04 ----SHD---- C:\WINDOWS\Installer
2009-01-04 19:31:02 ----D---- C:\Documents and Settings\jonas\Application Data\Identities
2009-01-04 19:30:59 ----HD---- C:\Program Files\Uninstall Information
2009-01-04 19:30:56 ----SD---- C:\Documents and Settings\jonas\Application Data\Microsoft
2009-01-04 19:30:56 ----ASH---- C:\Documents and Settings\jonas\Application Data\desktop.ini
2009-01-04 19:26:21 ----SHD---- C:\System Volume Information
2009-01-04 19:26:15 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-04 19:23:37 ----D---- C:\WINDOWS\system32\xircom
2009-01-04 19:23:37 ----D---- C:\Program Files\xerox
2009-01-04 19:23:37 ----D---- C:\Program Files\microsoft frontpage
2009-01-04 19:23:30 ----A---- C:\WINDOWS\control.ini
2009-01-04 19:23:30 ----A---- C:\AUTOEXEC.BAT
2009-01-04 19:23:22 ----A---- C:\WINDOWS\OEWABLog.txt
2009-01-04 19:23:18 ----A---- C:\WINDOWS\system32\mapi32.dll
2009-01-04 19:22:37 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-01-04 19:22:37 ----RD---- C:\WINDOWS\Offline Web Pages
2009-01-04 19:22:31 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2009-01-04 19:22:13 ----D---- C:\WINDOWS\srchasst
2009-01-04 19:22:06 ----D---- C:\WINDOWS\system32\Macromed
2009-01-04 19:22:06 ----D---- C:\WINDOWS\system32\DirectX
2009-01-04 19:21:52 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2009-01-04 19:21:52 ----A---- C:\WINDOWS\system32\qmgr.dll
2009-01-04 19:21:50 ----D---- C:\Program Files\Movie Maker
2009-01-04 19:21:35 ----A---- C:\WINDOWS\system32\safrslv.dll
2009-01-04 19:21:35 ----A---- C:\WINDOWS\system32\safrdm.dll
2009-01-04 19:21:35 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2009-01-04 19:21:35 ----A---- C:\WINDOWS\system32\racpldlg.dll
2009-01-04 19:21:35 ----A---- C:\WINDOWS\system32\atrace.dll
2009-01-04 19:21:29 ----A---- C:\WINDOWS\system32\desktop.ini
2009-01-04 19:21:29 ----A---- C:\WINDOWS\desktop.ini
2009-01-04 19:21:23 ----D---- C:\WINDOWS\system32\Restore
2009-01-04 19:21:23 ----A---- C:\WINDOWS\system32\srsvc.dll
2009-01-04 19:21:23 ----A---- C:\WINDOWS\system32\srrstr.dll
2009-01-04 19:21:22 ----D---- C:\Program Files\Windows Media Player
2009-01-04 19:21:22 ----A---- C:\WINDOWS\system32\srclient.dll
2009-01-04 19:21:21 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2009-01-04 19:21:21 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2009-01-04 19:21:21 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2009-01-04 19:21:21 ----A---- C:\WINDOWS\system32\mnmdd.dll
2009-01-04 19:21:21 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2009-01-04 19:21:21 ----A---- C:\WINDOWS\system32\ils.dll
2009-01-04 19:21:20 ----A---- C:\WINDOWS\system32\msconf.dll
2009-01-04 19:21:17 ----D---- C:\WINDOWS\PCHEALTH
2009-01-04 19:21:17 ----D---- C:\Program Files\NetMeeting
2009-01-04 19:21:17 ----A---- C:\WINDOWS\system32\msoert2.dll
2009-01-04 19:21:17 ----A---- C:\WINDOWS\system32\acctres.dll
2009-01-04 19:21:16 ----D---- C:\Program Files\Fichiers communs\Services
2009-01-04 19:21:16 ----A---- C:\WINDOWS\system32\msoeacct.dll
2009-01-04 19:21:15 ----A---- C:\WINDOWS\system32\inetres.dll
2009-01-04 19:21:14 ----N---- C:\WINDOWS\system32\inetcomm.dll
2009-01-04 19:21:11 ----D---- C:\Program Files\Outlook Express
2009-01-04 19:21:10 ----SD---- C:\WINDOWS\Tasks
2009-01-04 19:21:10 ----A---- C:\WINDOWS\system32\schedsvc.dll
2009-01-04 19:21:10 ----A---- C:\WINDOWS\system32\mstinit.exe
2009-01-04 19:21:10 ----A---- C:\WINDOWS\system32\mstask.dll
2009-01-04 19:21:10 ----A---- C:\WINDOWS\system32\isign32.dll
2009-01-04 19:21:10 ----A---- C:\WINDOWS\system32\icwphbk.dll
2009-01-04 19:21:10 ----A---- C:\WINDOWS\system32\icwdial.dll
2009-01-04 19:21:09 ----A---- C:\WINDOWS\system32\inetcfg.dll
2009-01-04 19:21:09 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2009-01-04 19:21:07 ----D---- C:\Program Files\Fichiers communs\MSSoap
2009-01-04 19:21:03 ----D---- C:\Program Files\Fichiers communs\System
2009-01-04 19:20:55 ----D---- C:\Program Files\Internet Explorer
2009-01-04 19:20:40 ----D---- C:\Program Files\ComPlus Applications
2009-01-04 19:20:38 ----A---- C:\WINDOWS\vbaddin.ini
2009-01-04 19:20:38 ----A---- C:\WINDOWS\vb.ini
2009-01-04 19:20:33 ----D---- C:\WINDOWS\Registration
2009-01-04 19:20:07 ----HD---- C:\Program Files\WindowsUpdate
2009-01-04 19:20:07 ----D---- C:\Program Files\Services en ligne
2009-01-04 19:20:00 ----D---- C:\Program Files\Messenger
2009-01-04 19:19:53 ----D---- C:\Program Files\MSN
2009-01-04 19:19:49 ----D---- C:\Program Files\MSN Gaming Zone
2009-01-04 19:19:49 ----A---- C:\WINDOWS\system32\write.exe
2009-01-04 19:19:42 ----A---- C:\WINDOWS\system32\sndvol32.exe
2009-01-04 19:19:42 ----A---- C:\WINDOWS\system32\sndrec32.exe
2009-01-04 19:19:42 ----A---- C:\WINDOWS\system32\mplay32.exe
2009-01-04 19:19:42 ----A---- C:\WINDOWS\system32\accwiz.exe
2009-01-04 19:19:41 ----A---- C:\WINDOWS\system32\hypertrm.dll
2009-01-04 19:19:41 ----A---- C:\WINDOWS\system32\hticons.dll
2009-01-04 19:19:41 ----A---- C:\WINDOWS\system32\avwav.dll
2009-01-04 19:19:41 ----A---- C:\WINDOWS\system32\avtapi.dll
2009-01-04 19:19:41 ----A---- C:\WINDOWS\system32\avmeter.dll
2009-01-04 19:19:40 ----D---- C:\Program Files\Windows NT
2009-01-04 19:19:40 ----A---- C:\WINDOWS\system32\winchat.exe
2009-01-04 19:19:39 ----A---- C:\WINDOWS\system32\mspaint.exe
2009-01-04 19:19:36 ----A---- C:\WINDOWS\system32\clipbrd.exe
2009-01-04 19:19:35 ----A---- C:\WINDOWS\system32\getuname.dll
2009-01-04 19:19:35 ----A---- C:\WINDOWS\system32\charmap.exe
2009-01-04 19:19:34 ----A---- C:\WINDOWS\system32\winmine.exe
2009-01-04 19:19:34 ----A---- C:\WINDOWS\system32\spider.exe
2009-01-04 19:19:34 ----A---- C:\WINDOWS\system32\sol.exe
2009-01-04 19:19:34 ----A---- C:\WINDOWS\system32\calc.exe
2009-01-04 19:19:33 ----A---- C:\WINDOWS\system32\wuauserv.dll
2009-01-04 19:19:33 ----A---- C:\WINDOWS\system32\wuaueng.dll
2009-01-04 19:19:33 ----A---- C:\WINDOWS\system32\wuauclt.exe
2009-01-04 19:19:33 ----A---- C:\WINDOWS\system32\mshearts.exe
2009-01-04 19:19:33 ----A---- C:\WINDOWS\system32\freecell.exe
2009-01-04 19:19:32 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2009-01-04 19:19:32 ----A---- C:\WINDOWS\system32\reset.exe
2009-01-04 19:19:32 ----A---- C:\WINDOWS\system32\remotepg.dll
2009-01-04 19:19:32 ----A---- C:\WINDOWS\system32\rdshost.exe
2009-01-04 19:19:32 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2009-01-04 19:19:32 ----A---- C:\WINDOWS\system32\mstscax.dll
2009-01-04 19:19:32 ----A---- C:\WINDOWS\system32\mstsc.exe
2009-01-04 19:19:31 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2009-01-04 19:19:31 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2009-01-04 19:19:31 ----A---- C:\WINDOWS\system32\tslabels.ini
2009-01-04 19:19:31 ----A---- C:\WINDOWS\system32\tskill.exe
2009-01-04 19:19:31 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2009-01-04 19:19:31 ----A---- C:\WINDOWS\system32\tscupgrd.exe
2009-01-04 19:19:31 ----A---- C:\WINDOWS\system32\tscon.exe
2009-01-04 19:19:31 ----A---- C:\WINDOWS\system32\termsrv.dll
2009-01-04 19:19:31 ----A---- C:\WINDOWS\system32\shadow.exe
2009-01-04 19:19:31 ----A---- C:\WINDOWS\system32\sessmgr.exe
2009-01-04 19:19:31 ----A---- C:\WINDOWS\system32\rwinsta.exe
2009-01-04 19:19:31 ----A---- C:\WINDOWS\system32\regini.exe
2009-01-04 19:19:31 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2009-01-04 19:19:31 ----A---- C:\WINDOWS\system32\rdchost.dll
2009-01-04 19:19:30 ----D---- C:\WINDOWS\system32\MsDtc
2009-01-04 19:19:30 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2009-01-04 19:19:30 ----A---- C:\WINDOWS\system32\rdpclip.exe
2009-01-04 19:19:30 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2009-01-04 19:19:30 ----A---- C:\WINDOWS\system32\qwinsta.exe
2009-01-04 19:19:30 ----A---- C:\WINDOWS\system32\qprocess.exe
2009-01-04 19:19:30 ----A---- C:\WINDOWS\system32\qappsrv.exe
2009-01-04 19:19:30 ----A---- C:\WINDOWS\system32\msg.exe
2009-01-04 19:19:30 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2009-01-04 19:19:30 ----A---- C:\WINDOWS\system32\logoff.exe
2009-01-04 19:19:30 ----A---- C:\WINDOWS\system32\icaapi.dll
2009-01-04 19:19:30 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2009-01-04 19:19:30 ----A---- C:\WINDOWS\system32\cdmodem.dll
2009-01-04 19:19:29 ----A---- C:\WINDOWS\system32\xolehlp.dll
2009-01-04 19:19:29 ----A---- C:\WINDOWS\system32\mtxoci.dll
2009-01-04 19:19:29 ----A---- C:\WINDOWS\system32\msdtctm.dll
2009-01-04 19:19:29 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2009-01-04 19:19:29 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2009-01-04 19:19:29 ----A---- C:\WINDOWS\system32\msdtclog.dll
2009-01-04 19:19:29 ----A---- C:\WINDOWS\system32\msdtc.exe
2009-01-04 19:19:28 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2009-01-04 19:19:27 ----D---- C:\WINDOWS\system32\Com
2009-01-04 19:19:27 ----A---- C:\WINDOWS\system32\stclient.dll
2009-01-04 19:19:27 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2009-01-04 19:19:27 ----A---- C:\WINDOWS\system32\mtxex.dll
2009-01-04 19:19:27 ----A---- C:\WINDOWS\system32\mtxdm.dll
2009-01-04 19:19:27 ----A---- C:\WINDOWS\system32\comrepl.dll
2009-01-04 19:19:27 ----A---- C:\WINDOWS\system32\comaddin.dll
2009-01-04 19:19:27 ----A---- C:\WINDOWS\system32\colbact.dll
2009-01-04 19:19:27 ----A---- C:\WINDOWS\system32\clbcatex.dll
2009-01-04 19:19:27 ----A---- C:\WINDOWS\system32\catsrvps.dll
2009-01-04 19:19:26 ----A---- C:\WINDOWS\system32\comsvcs.dll
2009-01-04 19:19:26 ----A---- C:\WINDOWS\system32\catsrvut.dll
2009-01-04 19:19:26 ----A---- C:\WINDOWS\system32\catsrv.dll
2009-01-04 19:19:25 ----A---- C:\WINDOWS\system32\comuid.dll
2009-01-04 19:19:25 ----A---- C:\WINDOWS\system32\comsnap.dll
2009-01-04 19:19:25 ----A---- C:\WINDOWS\system32\clbcatq.dll
2009-01-04 19:19:16 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2009-01-04 19:19:16 ----A---- C:\WINDOWS\system32\servdeps.dll
2009-01-04 19:19:16 ----A---- C:\WINDOWS\system32\mmfutil.dll
2009-01-04 19:19:16 ----A---- C:\WINDOWS\system32\licwmi.dll
2009-01-04 19:19:16 ----A---- C:\WINDOWS\system32\cmprops.dll
2009-01-04 14:37:32 ----D---- C:\WINDOWS\Provisioning
2009-01-04 14:37:32 ----D---- C:\WINDOWS\PeerNet
2009-01-04 14:37:32 ----D---- C:\WINDOWS\ehome
2009-01-04 14:11:17 ----RASH---- C:\boot.ini
2009-01-04 14:06:44 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-01-04 14:06:44 ----RSD---- C:\WINDOWS\Fonts
2009-01-04 14:06:44 ----RD---- C:\WINDOWS\Web
2009-01-04 14:06:44 ----HD---- C:\WINDOWS\inf
2009-01-04 14:06:44 ----D---- C:\WINDOWS\WinSxS
2009-01-04 14:06:44 ----D---- C:\WINDOWS\twain_32
2009-01-04 14:06:44 ----D---- C:\WINDOWS\Temp
2009-01-04 14:06:44 ----D---- C:\WINDOWS\system32\wins
2009-01-04 14:06:44 ----D---- C:\WINDOWS\system32\wbem
2009-01-04 14:06:44 ----D---- C:\WINDOWS\system32\usmt
2009-01-04 14:06:44 ----D---- C:\WINDOWS\system32\spool
2009-01-04 14:06:44 ----D---- C:\WINDOWS\system32\ShellExt
2009-01-04 14:06:44 ----D---- C:\WINDOWS\system32\Setup
2009-01-04 14:06:44 ----D---- C:\WINDOWS\system32\ras
2009-01-04 14:06:44 ----D---- C:\WINDOWS\system32\oobe
2009-01-04 14:06:44 ----D---- C:\WINDOWS\system32\npp
2009-01-04 14:06:44 ----D---- C:\WINDOWS\system32\mui
2009-01-04 14:06:44 ----D---- C:\WINDOWS\system32\inetsrv
2009-01-04 14:06:44 ----D---- C:\WINDOWS\system32\IME
2009-01-04 14:06:44 ----D---- C:\WINDOWS\system32\icsxml
2009-01-04 14:06:44 ----D---- C:\WINDOWS\system32\ias
2009-01-04 14:06:44 ----D---- C:\WINDOWS\system32\export
2009-01-04 14:06:44 ----D---- C:\WINDOWS\system32\drivers
2009-01-04 14:06:44 ----D---- C:\WINDOWS\system32\dhcp
2009-01-04 14:06:44 ----D---- C:\WINDOWS\system32\config
2009-01-04 14:06:44 ----D---- C:\WINDOWS\system32\3com_dmi
2009-01-04 14:06:44 ----D---- C:\WINDOWS\system32\3076
2009-01-04 14:06:44 ----D---- C:\WINDOWS\system32\2052
2009-01-04 14:06:44 ----D---- C:\WINDOWS\system32\1054
2009-01-04 14:06:44 ----D---- C:\WINDOWS\system32\1042
2009-01-04 14:06:44 ----D---- C:\WINDOWS\system32\1041
2009-01-04 14:06:44 ----D---- C:\WINDOWS\system32\1037
2009-01-04 14:06:44 ----D---- C:\WINDOWS\system32\1036
2009-01-04 14:06:44 ----D---- C:\WINDOWS\system32\1033
2009-01-04 14:06:44 ----D---- C:\WINDOWS\system32\1031
2009-01-04 14:06:44 ----D---- C:\WINDOWS\system32\1028
2009-01-04 14:06:44 ----D---- C:\WINDOWS\system32\1025
2009-01-04 14:06:44 ----D---- C:\WINDOWS\system32
2009-01-04 14:06:44 ----D---- C:\WINDOWS\system
2009-01-04 14:06:44 ----D---- C:\WINDOWS\security
2009-01-04 14:06:44 ----D---- C:\WINDOWS\Resources
2009-01-04 14:06:44 ----D---- C:\WINDOWS\repair
2009-01-04 14:06:44 ----D---- C:\WINDOWS\mui
2009-01-04 14:06:44 ----D---- C:\WINDOWS\msapps
2009-01-04 14:06:44 ----D---- C:\WINDOWS\msagent
2009-01-04 14:06:44 ----D---- C:\WINDOWS\Media
2009-01-04 14:06:44 ----D---- C:\WINDOWS\java
2009-01-04 14:06:44 ----D---- C:\WINDOWS\ime
2009-01-04 14:06:44 ----D---- C:\WINDOWS\Help
2009-01-04 14:06:44 ----D---- C:\WINDOWS\Driver Cache
2009-01-04 14:06:44 ----D---- C:\WINDOWS\Debug
2009-01-04 14:06:44 ----D---- C:\WINDOWS\Cursors
2009-01-04 14:06:44 ----D---- C:\WINDOWS\Connection Wizard
2009-01-04 14:06:44 ----D---- C:\WINDOWS\Config
2009-01-04 14:06:44 ----D---- C:\WINDOWS\AppPatch
2009-01-04 14:06:44 ----D---- C:\WINDOWS\addins
2009-01-04 14:06:44 ----D---- C:\WINDOWS
2009-01-04 13:17:57 ----A---- C:\WINDOWS\system32\h323log.txt
2009-01-04 13:13:08 ----A---- C:\WINDOWS\imsins.BAK
2009-01-04 13:13:05 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-01-04 13:13:04 ----D---- C:\Program Files\Fichiers communs\ODBC
2009-01-04 13:13:04 ----A---- C:\WINDOWS\ODBCINST.INI
2009-01-04 13:13:00 ----RD---- C:\Program Files
2009-01-04 13:13:00 ----D---- C:\Program Files\Fichiers communs\SpeechEngines
2009-01-04 13:13:00 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared
2009-01-04 13:13:00 ----D---- C:\Program Files\Fichiers communs
2009-01-04 13:12:49 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2009-01-04 13:12:48 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2009-01-04 13:12:46 ----A---- C:\WINDOWS\system32\storprop.dll
2009-01-04 13:12:46 ----A---- C:\WINDOWS\system32\CONFIG.TMP
2009-01-04 13:12:37 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2009-01-04 13:12:36 ----RA---- C:\WINDOWS\SET7.tmp
2009-01-04 13:12:33 ----RA---- C:\WINDOWS\SET3.tmp
2009-01-04 13:12:27 ----D---- C:\WINDOWS\system32\CatRoot2
2009-01-04 13:12:27 ----D---- C:\WINDOWS\system32\CatRoot
2009-01-04 13:12:21 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-01-04 13:12:06 ----A---- C:\WINDOWS\setuplog.txt
2009-01-04 13:12:03 ----D---- C:\Documents and Settings
2008-12-02 22:37:20 ----A---- C:\WINDOWS\system32\sirenacm.dll

======List of files/folders modified in the last 3 months======

2009-01-24 18:52:27 ----A---- C:\WINDOWS\system.ini
2009-01-21 15:30:47 ----A---- C:\WINDOWS\win.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2008-02-20 29704]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-02-20 33800]
R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-05 40320]
R1 WmiAcpi;Interface de gestion Microsoft Windows pour ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2004-08-03 8832]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.7.5.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2009-01-04 21361]
R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2008-02-20 39944]
R2 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2006-11-15 32256]
R2 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2006-11-14 43520]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2006-11-14 37376]
R2 s24trans;Transport RLAN; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2007-08-27 12288]
R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-05 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-05-23 1578496]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2006-11-21 45568]
R3 CmBatt;Pilote pour Batterie ‡ mÈthode de contrÙle ACPI Microsoft; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [2004-08-05 14080]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2004-08-12 137728]
R3 NETw4x32;Pilote de carte Intel® Wireless WiFi Link pour Windows XP 32 bits; C:\WINDOWS\system32\DRIVERS\NETw4x32.sys [2007-09-26 2236032]
R3 NIC1394;Pilote rÈseau 1394; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-05 61824]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2004-08-05 67584]
R3 sffdisk;Pilote de classe de stockage SFF; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2004-08-05 11136]
R3 sffp_sd;Pilote de protocole de stockage SFF pour SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2004-08-05 10240]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2007-05-10 1222840]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-03-08 191872]
R3 usbehci;Pilote miniport de contrÙleur d'hÙte amÈliorÈ Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Pilote miniport de contrÙleur hÙte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
S3 usbccgp;Pilote parent gÈnÈrique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-10 611664]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-05-23 409600]
R2 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe [2009-01-06 85096]
R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-02-20 472320]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2007-10-08 794624]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-01-19 152984]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2007-10-08 483328]
R2 S24EventMonitor;Intel® PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2007-10-08 1183744]
R2 WLANKEEPER;Intel® PROSet/Wireless SSO Service; C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe [2007-10-08 356352]
R3 iPod Service;Service de líiPod; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S2 NOD32FiXTemDono;Eset Nod32 Boot; C:\WINDOWS\system32\regedt32.exe [2004-08-05 3584]
S2 spupdsvc;Windows Service Pack Installer update service; C:\WINDOWS\system32\spupdsvc.exe [2006-09-25 23856]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2008-02-20 19200]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-01-04 655624]
S3 WMPNetworkSvc;Service Partage rÈseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-05 14336]

-----------------EOF-----------------


RSIT info.txt

info.txt logfile of random's system information tool 1.05 2009-01-19 10:02:58

======Uninstall list======

-->MsiExec.exe /I{9A346205-EA92-4406-B1AB-50379DA3F057}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.64-->"C:\Program Files\7-Zip\Uninstall.exe"
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Anchor Service CS4-->MsiExec.exe /I{1618734A-3957-4ADD-8199-F973763109A8}
Adobe Bridge CS4-->MsiExec.exe /I{83877DB1-8B77-45BC-AB43-2BAC22E093E0}
Adobe CMaps CS4-->MsiExec.exe /I{94D398EB-D2FD-4FD1-B8C4-592635E8A191}
Adobe Color - Photoshop Specific CS4-->MsiExec.exe /I{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}
Adobe Color EU Extra Settings CS4-->MsiExec.exe /I{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}
Adobe Color JA Extra Settings CS4-->MsiExec.exe /I{0D6013AB-A0C7-41DC-973C-E93129C9A29F}
Adobe Color NA Recommended Settings CS4-->MsiExec.exe /I{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}
Adobe Color Video Profiles CS CS4-->MsiExec.exe /I{63C24A08-70F3-4C8E-B9FB-9F21A903801D}
Adobe CSI CS4-->MsiExec.exe /I{0F723FC1-7606-4867-866C-CE80AD292DAF}
Adobe Default Language CS4-->MsiExec.exe /I{C52E3EC1-048C-45E1-8D53-10B0C6509683}
Adobe ExtendScript Toolkit CS4-->MsiExec.exe /I{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player 9 ActiveX-->MsiExec.exe /X{BB65C393-C76E-4F06-9B0C-2124AA8AF97B}
Adobe Fonts All-->MsiExec.exe /I{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}
Adobe Linguistics CS4-->MsiExec.exe /I{931AB7EA-3656-4BB7-864D-022B09E3DD67}
Adobe Output Module-->MsiExec.exe /I{BB4E33EC-8181-4685-96F7-8554293DEC6A}
Adobe PDF Library Files CS4-->MsiExec.exe /I{F93C84A6-0DC6-42AF-89FA-776F7C377353}
Adobe Photoshop CS4 Support-->MsiExec.exe /I{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}
Adobe Photoshop CS4-->C:\Program Files\Fichiers communs\Adobe\Installers\faf656ef605427ee2f42989c3ad31b8\Setup.exe --uninstall=1
Adobe Photoshop CS4-->MsiExec.exe /I{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}
Adobe Photoshop CS4-->MsiExec.exe /I{E4848436-0345-47E2-B648-8B522FCDA623}
Adobe Reader 9 - FranÁais-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A90000000001}
Adobe Search for Help-->MsiExec.exe /I{F0E64E2E-3A60-40D8-A55D-92F6831875DA}
Adobe Service Manager Extension-->MsiExec.exe /I{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}
Adobe Setup-->MsiExec.exe /I{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}
Adobe Type Support CS4-->MsiExec.exe /I{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}
Adobe Update Manager CS4-->MsiExec.exe /I{05308C4E-7285-4066-BAE3-6B50DA6ED755}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}
Adobe XMP Panels CS4-->MsiExec.exe /I{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}
AdobeColorCommonSetCMYK-->MsiExec.exe /I{68243FF8-83CA-466B-B2B8-9F99DA5479C4}
AdobeColorCommonSetRGB-->MsiExec.exe /I{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Assistant de connexion Windows Live-->MsiExec.exe /I{D6E592B3-67DA-4BBB-9783-E1838FB253A2}
ATI - Utilitaire de dÈsinstallation du logiciel-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center-->MsiExec.exe /I{A02ED372-22FA-448B-AB6A-1B0FC23B7D08}
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AutoCAD 2008 - English-->C:\Program Files\AutoCAD 2008\Setup\Setup.exe /P {5783F2D7-6001-0409-0002-0060B0CE6BBA} /M ACAD
Autodesk DWF Viewer 7-->MsiExec.exe /I{9A346205-EA92-4406-B1AB-50379DA3F057}
Backburner-->MsiExec.exe /I{3D347E6D-5A03-4342-B5BA-6A771885F379}
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Broadcom 440x 10/100 Integrated Controller-->MsiExec.exe /X{612B9183-67A9-4B44-9877-2F059E35B86A}
Broadcom Management Programs-->MsiExec.exe /I{C99C0593-3B48-41D9-B42F-6E035B320449}
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Connect-->MsiExec.exe /I{B29AD377-CC12-490A-A480-1452337C618D}
ESET NOD32 Antivirus-->MsiExec.exe /I{7D974ACA-4EE5-412C-8E6A-A5B57B305727}
FBX Plugin 2006.11.1 for Max 2008-->C:\Program Files\Autodesk\FBX\FbxPlugins\2006.11.1\Max2008\Uninstall.exe
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Hotfix pour Microsoft .NET Framework 2.0 (KB918842)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {5FD48194-AD97-46A1-ABDB-12FC85916742} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{3CCB732A-E472-4CF9-B1EE-F18365341FE0}
Intel® PROSet/Wireless Software-->C:\WINDOWS\Installer\iProInst.exe
iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
Java™ 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Junk Mail filter update-->MsiExec.exe /I{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}
kuler-->MsiExec.exe /I{098727E1-775A-4450-B573-3F441F1CA243}
Lecteur Windows Media†11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
mCore-->MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
mDriver-->MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}
mDrWiFi-->MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
mHlpDell-->MsiExec.exe /I{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
mIWA-->MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mLogView-->MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz-->MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
mSCfg-->MsiExec.exe /I{829CD169-E692-48E8-9BDE-A3E8D8B65538}
mSSO-->MsiExec.exe /I{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 6.0 Parser-->MsiExec.exe /I{AEB9948B-4FF2-47C9-990E-47014492A0FE}
mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mWMI-->MsiExec.exe /I{63DB9CCD-2B56-4217-9A3D-507AC78320CA}
mZConfig-->MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
NOD32 v3.0.642 FiX1.2 by TemDono (31 days remaining forever up -->"C:\Program Files\ESET\ESET NOD32 Antivirus\unins000.exe"
Outil de tÈlÈchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Package de pilotes Windows - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\dpinst.exe /us C:\PROGRA~1\DIFX\UninstallScripts\4569969E1360D2854474C661EF9B4D54F143EB16
PDF Settings CS4-->MsiExec.exe /I{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}
Photoshop Camera Raw-->MsiExec.exe /I{CC75AB5C-2110-4A7F-AF52-708680D22FE8}
QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
SigmaTel Audio-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x40c -remove -removeonly
Suite Shared Configuration CS4-->MsiExec.exe /I{842B4B72-9E8F-4962-B3C1-1C422A5C4434}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{01523985-2098-43AF-9C97-12B07BE02A9B}
Windows Live Communications Platform-->MsiExec.exe /I{F69E83CF-B440-43F8-89E6-6EA80712109B}
Windows Live Mail-->MsiExec.exe /I{63DC2DA0-2A6C-4C38-9249-B75395458657}
Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
WinRAR-->"C:\WINDOWS\WinRAR\uninstall.exe" "/U:C:\Program Files\WinRAR\Uninstall\uninstall.xml"

======Hosts File======

127.0.0.1 activate.adobe.com

======Security center information======

AV: ESET NOD32 Antivirus 3.0

System event log

Computer Name: JONASLAPTOP
Event Code: 6009
Message: Microsoft ® Windows ® 5.01. 2600 Multiprocessor Free.

Record Number: 5
Source Name: EventLog
Time Written: 20090104192614.000000-300
Event Type: information
User:

Computer Name: JONASLAPTOP
Event Code: 60054
Message: Le programme d'installation a correctement installÈ Windows version 2600.
Record Number: 4
Source Name: Setup
Time Written: 20090104192513.000000-300
Event Type: information
User:

Computer Name: JONASLAPTOP
Event Code: 6011
Message: Le nom NetBIOS et le nom de l'hÙte DNS de cet ordinateur ont ÈtÈ modifiÈs de MACHINENAME vers JONASLAPTOP.

Record Number: 3
Source Name: EventLog
Time Written: 20090104191814.000000-300
Event Type: information
User:

Computer Name: MACHINENAME
Event Code: 6005
Message: Le service d'Enregistrement d'ÈvÈnement a dÈmarrÈ.

Record Number: 2
Source Name: EventLog
Time Written: 20090104131211.000000-300
Event Type: information
User:

Computer Name: MACHINENAME
Event Code: 6009
Message: Microsoft ® Windows ® 5.01. 2600 Multiprocessor Free.

Record Number: 1
Source Name: EventLog
Time Written: 20090104131211.000000-300
Event Type: information
User:

Application event log

Computer Name: JONASLAPTOP
Event Code: 1000
Message: Les compteurs de performances pour le service ContentIndex (ContentIndex) ont ÈtÈ chargÈs.
Les donnÈes d'enregistrement contiennent les nouvelles valeurs d'index
assignÈes ‡ ce service.

Record Number: 5
Source Name: LoadPerf
Time Written: 20090104192009.000000-300
Event Type: information
User:

Computer Name: JONASLAPTOP
Event Code: 1000
Message: Les compteurs de performances pour le service TermService (Services Terminal Server) ont ÈtÈ chargÈs.
Les donnÈes d'enregistrement contiennent les nouvelles valeurs d'index
assignÈes ‡ ce service.

Record Number: 4
Source Name: LoadPerf
Time Written: 20090104192005.000000-300
Event Type: information
User:

Computer Name: JONASLAPTOP
Event Code: 1000
Message: Les compteurs de performances pour le service RemoteAccess (Routage et accËs distant) ont ÈtÈ chargÈs.
Les donnÈes d'enregistrement contiennent les nouvelles valeurs d'index
assignÈes ‡ ce service.

Record Number: 3
Source Name: LoadPerf
Time Written: 20090104191858.000000-300
Event Type: information
User:

Computer Name: JONASLAPTOP
Event Code: 1000
Message: Les compteurs de performances pour le service PSched (PSched) ont ÈtÈ chargÈs.
Les donnÈes d'enregistrement contiennent les nouvelles valeurs d'index
assignÈes ‡ ce service.

Record Number: 2
Source Name: LoadPerf
Time Written: 20090104191828.000000-300
Event Type: information
User:

Computer Name: JONASLAPTOP
Event Code: 1000
Message: Les compteurs de performances pour le service RSVP (QoS RSVP) ont ÈtÈ chargÈs.
Les donnÈes d'enregistrement contiennent les nouvelles valeurs d'index
assignÈes ‡ ce service.

Record Number: 1
Source Name: LoadPerf
Time Written: 20090104191827.000000-300
Event Type: information
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM;C:\Program Files\Autodesk\Backburner\;C:\Program Files\Fichiers communs\Autodesk Shared\;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 14 Stepping 8, GenuineIntel
"PROCESSOR_REVISION"=0e08
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip

-----------------EOF-----------------

#4 jonasll

jonasll
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:03 AM

Posted 28 January 2009 - 08:27 AM

GMER results ATTACHED!



COMBOFIX log


ComboFix 09-01-21.04 - jonas 2009-01-28 8:08:18.4 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.3070.2502 [GMT -5:00]
LancÈ depuis: c:\documents and settings\jonas\Bureau\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated)
* Un nouveau point de restauration a ÈtÈ crÈÈ
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
c:\windows\system32\_000006_.tmp.dll
G:\autorun.inf

.
((((((((((((((((((((((((((((( Fichiers crÈÈs du 2008-12-28 au 2009-01-28 ))))))))))))))))))))))))))))))))))))
.

2009-01-28 07:12 . 2009-01-28 07:12 <REP> d-------- c:\program files\MSXML 6.0
2009-01-28 07:09 . 2009-01-28 07:09 <REP> d-------- c:\windows\LastGood
2009-01-24 17:19 . 2009-01-24 17:19 <REP> d-------- c:\documents and settings\jonas\Application Data\Lucis
2009-01-24 17:14 . 2009-01-24 17:14 41 --a------ c:\windows\ars-dat0169.conf
2009-01-23 15:17 . 2004-08-05 07:00 221,184 --a------ c:\windows\system32\wmpns.dll
2009-01-23 09:51 . 2009-01-23 09:59 <REP> d-------- c:\windows\system32\CatRoot_bak
2009-01-23 09:50 . 2008-08-14 08:44 2,182,400 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2009-01-23 09:50 . 2008-08-14 08:44 2,138,112 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-01-23 09:50 . 2008-08-14 08:44 2,059,776 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-01-23 09:50 . 2008-08-14 08:44 2,017,792 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2009-01-23 09:49 . 2008-06-14 12:59 272,768 --------- c:\windows\system32\drivers\bthport.sys
2009-01-23 09:49 . 2008-06-14 12:59 272,768 -----c--- c:\windows\system32\dllcache\bthport.sys
2009-01-23 09:41 . 2008-10-16 05:38 1,495,040 --a------ c:\windows\system32\SETAB.tmp
2009-01-23 09:41 . 2008-10-16 05:38 1,024,000 --a------ c:\windows\system32\SETB7.tmp
2009-01-23 09:41 . 2008-10-16 05:38 663,552 --a------ c:\windows\system32\SETA8.tmp
2009-01-23 09:41 . 2008-10-16 05:38 617,984 --a------ c:\windows\system32\SETA9.tmp
2009-01-23 09:41 . 2008-10-16 05:38 474,624 --a------ c:\windows\system32\SETAA.tmp
2009-01-23 09:39 . 2008-12-12 12:35 3,081,216 --a------ c:\windows\system32\SET79.tmp
2009-01-23 09:31 . 2008-04-11 13:51 683,520 --a------ c:\windows\system32\SET45.tmp
2009-01-23 09:31 . 2008-10-24 06:10 453,632 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2009-01-23 09:30 . 2008-09-04 11:45 1,106,944 --a------ c:\windows\system32\SETA.tmp
2009-01-23 09:30 . 2008-10-15 11:59 332,800 --a------ c:\windows\system32\SET10.tmp
2009-01-23 09:28 . 2009-01-28 07:15 <REP> d--h----- c:\windows\$hf_mig$
2009-01-21 11:46 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
2009-01-21 11:46 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll
2009-01-21 11:46 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
2009-01-19 10:05 . 2009-01-28 07:51 250 --a------ c:\windows\gmer.ini
2009-01-19 10:02 . 2009-01-28 07:50 <REP> d-------- C:\rsit
2009-01-19 10:02 . 2009-01-28 07:50 <REP> d-------- c:\program files\trend micro
2009-01-19 09:14 . 2009-01-19 09:14 <REP> d-------- c:\windows\Sun
2009-01-19 09:12 . 2009-01-19 09:11 410,984 --a------ c:\windows\system32\deploytk.dll
2009-01-19 09:12 . 2009-01-19 09:11 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-01-19 09:11 . 2009-01-19 09:11 <REP> d-------- c:\program files\Java
2009-01-19 08:51 . 2009-01-19 09:18 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-19 08:51 . 2009-01-19 08:51 <REP> d-------- c:\documents and settings\jonas\Application Data\Malwarebytes
2009-01-19 08:51 . 2009-01-19 08:51 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-19 08:51 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-19 08:51 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-18 20:05 . 2009-01-18 20:05 <REP> d-------- c:\program files\Lavasoft
2009-01-18 20:05 . 2009-01-18 20:06 <REP> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2009-01-18 20:02 . 2009-01-18 20:02 <REP> d-------- c:\program files\Fichiers communs\Wise Installation Wizard
2009-01-18 16:02 . 2009-01-18 16:02 <REP> d---s---- c:\documents and settings\jonas\UserData
2009-01-18 15:56 . 2009-01-28 07:07 <REP> d-------- c:\documents and settings\jonas\Tracing
2009-01-18 15:55 . 2009-01-18 15:55 <REP> d-------- c:\program files\Microsoft Silverlight
2009-01-18 15:54 . 2009-01-18 15:54 <REP> d-------- c:\program files\Windows Live SkyDrive
2009-01-18 15:54 . 2009-01-18 15:55 <REP> d-------- c:\program files\Windows Live
2009-01-18 15:54 . 2009-01-18 15:54 <REP> d-------- c:\program files\Microsoft
2009-01-18 15:49 . 2009-01-18 15:49 <REP> d-------- c:\program files\Fichiers communs\Windows Live
2009-01-18 15:45 . 2009-01-18 15:45 <REP> d-------- c:\program files\Windows Media Connect 2
2009-01-18 15:44 . 2009-01-18 15:44 <REP> d-------- c:\windows\system32\LogFiles
2009-01-18 15:44 . 2009-01-18 15:44 <REP> d-------- c:\windows\system32\drivers\UMDF
2009-01-18 15:44 . 2006-09-25 17:58 23,856 --a------ c:\windows\system32\spupdsvc.exe
2009-01-18 15:33 . 2009-01-18 15:33 <REP> d-------- c:\program files\iTunes
2009-01-18 15:33 . 2009-01-18 15:33 <REP> d-------- c:\program files\iPod
2009-01-18 15:33 . 2009-01-18 15:33 <REP> d-------- c:\documents and settings\jonas\Application Data\Apple Computer
2009-01-18 15:33 . 2009-01-18 15:33 <REP> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-18 15:33 . 2008-04-17 13:12 107,368 --a------ c:\windows\system32\GEARAspi.dll
2009-01-18 15:33 . 2008-04-17 13:12 15,464 --a------ c:\windows\system32\drivers\GEARAspiWDM.sys
2009-01-18 15:32 . 2009-01-18 15:32 <REP> d-------- c:\program files\QuickTime
2009-01-18 15:32 . 2009-01-18 15:32 <REP> d-------- c:\program files\Bonjour
2009-01-18 15:32 . 2009-01-18 15:33 <REP> d-------- c:\documents and settings\All Users\Application Data\Apple Computer
2009-01-18 15:31 . 2009-01-18 15:33 <REP> d-------- c:\program files\Fichiers communs\Apple
2009-01-18 15:31 . 2009-01-18 15:31 <REP> d-------- c:\program files\Apple Software Update
2009-01-18 15:31 . 2009-01-18 15:31 <REP> d-------- c:\documents and settings\All Users\Application Data\Apple
2009-01-07 10:18 . 2009-01-17 10:49 <REP> d-------- c:\program files\NOS
2009-01-07 10:18 . 2009-01-17 10:49 <REP> d-------- c:\documents and settings\All Users\Application Data\NOS
2009-01-06 22:29 . 2009-01-06 22:29 231 --a------ c:\windows\system32\3dsmax.ini
2009-01-06 22:29 . 2009-01-06 22:29 43 --a------ c:\windows\system32\InstallSettings.ini
2009-01-06 22:27 . 2007-05-16 16:45 3,497,832 --a------ c:\windows\system32\d3dx9_34.dll
2009-01-06 22:27 . 2006-11-29 13:06 3,426,072 --a------ c:\windows\system32\d3dx9_32.dll
2009-01-06 22:27 . 2006-09-28 16:05 2,414,360 --a------ c:\windows\system32\d3dx9_31.dll
2009-01-06 22:27 . 2007-05-16 16:45 1,124,720 --a------ c:\windows\system32\D3DCompiler_34.dll
2009-01-06 22:27 . 2007-05-16 16:45 443,752 --a------ c:\windows\system32\d3dx10_34.dll
2009-01-06 22:13 . 2009-01-06 22:15 <REP> d-------- c:\program files\AutoCAD 2008
2009-01-06 22:13 . 2009-01-06 22:13 <REP> d-------- c:\documents and settings\jonas\Application Data\Autodesk
2009-01-06 22:13 . 2009-01-17 10:56 <REP> d-------- c:\documents and settings\All Users\Application Data\Autodesk
2009-01-06 22:12 . 2009-01-17 10:55 <REP> d-------- c:\program files\Fichiers communs\Autodesk Shared
2009-01-06 22:12 . 2009-01-06 22:29 <REP> d-------- c:\program files\Autodesk
2009-01-05 00:03 . 2009-01-18 16:07 <REP> d-------- c:\documents and settings\All Users\Application Data\FLEXnet
2009-01-04 23:52 . 2009-01-04 23:52 <REP> d-------- c:\program files\Fichiers communs\Macrovision Shared
2009-01-04 23:48 . 2009-01-18 16:27 <REP> d-------- c:\program files\Fichiers communs\Adobe
2009-01-04 21:41 . 2009-01-04 21:41 0 --a------ c:\windows\nsreg.dat
2009-01-04 21:37 . 2008-03-03 14:25 5,702 --ah----- c:\windows\nod32restoretemdono.reg
2009-01-04 21:37 . 2008-03-03 18:21 568 --ah----- c:\windows\nod32fixtemdono.reg
2009-01-04 21:33 . 2009-01-04 21:33 <REP> d-------- c:\program files\ESET
2009-01-04 21:33 . 2009-01-04 21:33 <REP> d-------- c:\documents and settings\All Users\Application Data\ESET
2009-01-04 21:31 . 2009-01-04 21:31 <REP> d-------- c:\windows\WinRAR
2009-01-04 21:29 . 2009-01-04 21:29 <REP> d-------- c:\program files\7-Zip
2009-01-04 21:25 . 2009-01-04 21:25 <REP> d-------- c:\program files\uTorrent
2009-01-04 21:25 . 2009-01-07 10:11 <REP> d-------- c:\documents and settings\jonas\Application Data\uTorrent
2009-01-04 21:16 . 2004-08-03 23:07 52,864 --a------ c:\windows\system32\drivers\DMusic.sys
2009-01-04 21:16 . 2004-08-03 23:07 52,864 --a--c--- c:\windows\system32\dllcache\dmusic.sys
2009-01-04 21:16 . 2004-08-03 22:58 7,552 --a------ c:\windows\system32\drivers\MSKSSRV.sys
2009-01-04 21:16 . 2004-08-03 22:58 7,552 --a--c--- c:\windows\system32\dllcache\mskssrv.sys
2009-01-04 21:16 . 2004-08-03 23:07 6,400 --a------ c:\windows\system32\drivers\splitter.sys
2009-01-04 21:16 . 2004-08-03 23:07 6,400 --a--c--- c:\windows\system32\dllcache\splitter.sys
2009-01-04 21:16 . 2004-08-03 22:58 5,376 --a------ c:\windows\system32\drivers\MSPCLOCK.sys
2009-01-04 21:16 . 2004-08-03 22:58 5,376 --a--c--- c:\windows\system32\dllcache\mspclock.sys
2009-01-04 21:16 . 2004-08-03 22:58 4,992 --a------ c:\windows\system32\drivers\MSPQM.sys
2009-01-04 21:16 . 2004-08-03 22:58 4,992 --a--c--- c:\windows\system32\dllcache\mspqm.sys
2009-01-04 21:15 . 2009-01-04 21:15 <REP> d-------- c:\program files\SigmaTel
2009-01-04 21:15 . 2007-05-10 10:23 4,952,064 --a------ c:\windows\system32\stacgui.cpl
2009-01-04 21:15 . 2007-04-10 17:02 1,601,536 --a------ c:\windows\system32\stlang.dll
2009-01-04 21:15 . 2007-05-10 10:24 1,222,840 --a------ c:\windows\system32\drivers\sthda.sys
2009-01-04 21:15 . 2007-05-10 10:22 405,504 --a------ c:\windows\stsystra.exe
2009-01-04 21:15 . 2007-05-10 10:23 270,336 --a------ c:\windows\system32\stacapi.dll
2009-01-04 21:15 . 2007-08-21 09:58 146,944 --a------ c:\windows\system32\st325602.dll
2009-01-04 21:15 . 2004-08-04 00:55 130,048 --a------ c:\windows\system32\ksproxy.ax
2009-01-04 21:15 . 2004-08-04 00:55 130,048 --a--c--- c:\windows\system32\dllcache\ksproxy.ax
2009-01-04 21:15 . 2004-08-04 00:54 4,096 --a------ c:\windows\system32\ksuser.dll
2009-01-04 21:15 . 2004-08-04 00:54 4,096 --a--c--- c:\windows\system32\dllcache\ksuser.dll
2009-01-04 21:14 . 2009-01-04 21:14 <REP> d-------- c:\windows\Downloaded Installations
2009-01-04 21:14 . 2009-01-04 21:14 <REP> d-------- c:\program files\Broadcom
2009-01-04 21:13 . 2009-01-04 21:13 <REP> d-------- c:\program files\Synaptics
2009-01-04 21:13 . 2009-01-04 21:13 <REP> d-------- c:\program files\DIFX
2009-01-04 21:13 . 2006-03-08 12:35 191,872 --a------ c:\windows\system32\drivers\SynTP.sys
2009-01-04 21:13 . 2006-03-08 12:38 114,688 --a------ c:\windows\system32\SynCtrl.dll
2009-01-04 21:13 . 2006-03-08 12:38 94,299 --a------ c:\windows\system32\SynTPAPI.dll
2009-01-04 21:13 . 2004-09-03 10:00 90,112 --a------ c:\windows\system32\snymsico.dll
2009-01-04 21:13 . 2006-03-08 12:37 82,014 --a------ c:\windows\system32\SynCOM.dll
2009-01-04 21:13 . 2006-03-08 12:51 81,920 --a------ c:\windows\system32\SynTPCo2.dll
2009-01-04 21:13 . 2006-03-08 12:49 69,723 --a------ c:\windows\system32\SynTPFcs.dll
2009-01-04 21:13 . 2006-11-14 19:42 43,520 --a------ c:\windows\system32\drivers\rimsptsk.sys
2009-01-04 21:13 . 2006-11-14 17:35 37,376 --a------ c:\windows\system32\drivers\rixdptsk.sys
2009-01-04 21:13 . 2006-11-15 00:16 32,256 --a------ c:\windows\system32\drivers\rimmptsk.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-05 00:23 --------- d-----w c:\program files\microsoft frontpage
2009-01-05 00:20 --------- d-----w c:\program files\Services en ligne
2008-12-11 11:57 333,184 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-03 03:37 49,480 ----a-w c:\windows\system32\sirenacm.dll
.

((((((((((((((((((((((((((((( snapshot@2009-01-19_10.17.47.78 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-07-07 20:18:27 253,952 ----a-w c:\windows\$hf_mig$\KB950974\SP2QFE\es.dll
+ 2008-07-07 20:28:20 253,952 ----a-w c:\windows\$hf_mig$\KB950974\SP3GDR\es.dll
+ 2008-07-07 20:24:11 253,952 ----a-w c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
+ 2007-11-30 12:39:29 18,296 ----a-w c:\windows\$hf_mig$\KB950974\spmsg.dll
+ 2007-11-30 12:39:29 234,872 ----a-w c:\windows\$hf_mig$\KB950974\spuninst.exe
+ 2007-11-30 12:39:29 26,488 ----a-w c:\windows\$hf_mig$\KB950974\update\spcustom.dll
+ 2007-11-30 12:39:26 767,352 ----a-w c:\windows\$hf_mig$\KB950974\update\update.exe
+ 2007-11-30 12:39:29 406,392 ----a-w c:\windows\$hf_mig$\KB950974\update\updspapi.dll
+ 2008-05-07 04:55:47 1,294,336 ----a-w c:\windows\$hf_mig$\KB951698\SP2QFE\quartz.dll
+ 2008-05-07 05:11:24 1,294,336 ----a-w c:\windows\$hf_mig$\KB951698\SP3GDR\quartz.dll
+ 2008-05-07 05:04:59 1,294,336 ----a-w c:\windows\$hf_mig$\KB951698\SP3QFE\quartz.dll
+ 2007-11-30 11:19:06 18,296 ----a-w c:\windows\$hf_mig$\KB951698\spmsg.dll
+ 2007-11-30 11:19:06 234,872 ----a-w c:\windows\$hf_mig$\KB951698\spuninst.exe
+ 2007-11-30 11:19:06 26,488 ----a-w c:\windows\$hf_mig$\KB951698\update\spcustom.dll
+ 2007-11-30 12:39:29 767,352 ----a-w c:\windows\$hf_mig$\KB951698\update\update.exe
+ 2007-11-30 12:39:31 406,392 ----a-w c:\windows\$hf_mig$\KB951698\update\updspapi.dll
+ 2006-08-16 12:13:24 100,352 ----a-w c:\windows\$hf_mig$\KB951748\SP2QFE\6to4svc.dll
+ 2008-06-20 10:44:08 138,368 ----a-w c:\windows\$hf_mig$\KB951748\SP2QFE\afd.sys
+ 2008-06-20 17:37:01 147,968 ----a-w c:\windows\$hf_mig$\KB951748\SP2QFE\dnsapi.dll
+ 2008-06-20 17:37:01 247,808 ----a-w c:\windows\$hf_mig$\KB951748\SP2QFE\mswsock.dll
+ 2008-06-20 10:44:42 360,960 ----a-w c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
+ 2008-06-20 09:32:39 225,920 ----a-w c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip6.sys
+ 2008-06-20 11:40:08 138,496 ----a-w c:\windows\$hf_mig$\KB951748\SP3GDR\afd.sys
+ 2008-06-20 17:47:22 147,968 ----a-w c:\windows\$hf_mig$\KB951748\SP3GDR\dnsapi.dll
+ 2008-06-20 17:47:22 247,808 ----a-w c:\windows\$hf_mig$\KB951748\SP3GDR\mswsock.dll
+ 2008-06-20 11:51:12 361,600 ----a-w c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
+ 2008-06-20 11:08:27 225,856 ----a-w c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip6.sys
+ 2008-06-20 11:48:03 138,496 ----a-w c:\windows\$hf_mig$\KB951748\SP3QFE\afd.sys
+ 2008-06-20 17:44:02 147,968 ----a-w c:\windows\$hf_mig$\KB951748\SP3QFE\dnsapi.dll
+ 2008-06-20 17:44:02 247,808 ----a-w c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll
+ 2008-06-20 11:59:02 361,600 ----a-w c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
+ 2008-06-20 11:16:44 225,856 ----a-w c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip6.sys
+ 2007-11-30 12:39:29 18,296 ----a-w c:\windows\$hf_mig$\KB951748\spmsg.dll
+ 2007-11-30 12:39:29 234,872 ----a-w c:\windows\$hf_mig$\KB951748\spuninst.exe
+ 2007-11-30 12:39:29 26,488 ----a-w c:\windows\$hf_mig$\KB951748\update\spcustom.dll
+ 2007-11-30 12:39:26 767,352 ----a-w c:\windows\$hf_mig$\KB951748\update\update.exe
+ 2007-11-30 12:39:29 406,392 ----a-w c:\windows\$hf_mig$\KB951748\update\updspapi.dll
+ 2008-06-24 16:30:27 74,240 ----a-w c:\windows\$hf_mig$\KB952954\SP2QFE\mscms.dll
+ 2008-06-24 16:44:02 74,240 ----a-w c:\windows\$hf_mig$\KB952954\SP3GDR\mscms.dll
+ 2008-06-24 16:53:52 74,240 ----a-w c:\windows\$hf_mig$\KB952954\SP3QFE\mscms.dll
+ 2007-11-30 11:19:06 18,296 ----a-w c:\windows\$hf_mig$\KB952954\spmsg.dll
+ 2007-11-30 11:19:06 234,872 ----a-w c:\windows\$hf_mig$\KB952954\spuninst.exe
+ 2007-11-30 11:19:06 26,488 ----a-w c:\windows\$hf_mig$\KB952954\update\spcustom.dll
+ 2007-11-30 12:39:29 767,352 ----a-w c:\windows\$hf_mig$\KB952954\update\update.exe
+ 2007-11-30 12:39:31 406,392 ----a-w c:\windows\$hf_mig$\KB952954\update\updspapi.dll
+ 2008-10-22 09:47:25 62,976 ----a-w c:\windows\$hf_mig$\KB955839\SP2QFE\tzchange.exe
+ 2008-10-23 10:06:59 62,976 ----a-w c:\windows\$hf_mig$\KB955839\SP3GDR\tzchange.exe
+ 2008-10-23 10:17:49 62,976 ----a-w c:\windows\$hf_mig$\KB955839\SP3QFE\tzchange.exe
+ 2007-11-30 11:19:06 18,296 ----a-w c:\windows\$hf_mig$\KB955839\spmsg.dll
+ 2007-11-30 11:19:06 234,872 ----a-w c:\windows\$hf_mig$\KB955839\spuninst.exe
+ 2007-11-30 11:19:06 26,488 ----a-w c:\windows\$hf_mig$\KB955839\update\spcustom.dll
+ 2007-11-30 12:39:29 767,352 ----a-w c:\windows\$hf_mig$\KB955839\update\update.exe
+ 2007-11-30 12:39:31 406,392 ----a-w c:\windows\$hf_mig$\KB955839\update\updspapi.dll
+ 2008-10-23 12:51:46 284,160 ----a-w c:\windows\$hf_mig$\KB956802\SP2QFE\gdi32.dll
+ 2008-10-23 12:36:51 286,720 ----a-w c:\windows\$hf_mig$\KB956802\SP3GDR\gdi32.dll
+ 2008-10-23 12:44:51 286,720 ----a-w c:\windows\$hf_mig$\KB956802\SP3QFE\gdi32.dll
+ 2008-07-08 13:03:54 18,296 ----a-w c:\windows\$hf_mig$\KB956802\spmsg.dll
+ 2008-07-08 13:03:55 234,872 ----a-w c:\windows\$hf_mig$\KB956802\spuninst.exe
+ 2008-07-08 13:03:54 26,488 ----a-w c:\windows\$hf_mig$\KB956802\update\spcustom.dll
+ 2008-07-09 07:40:26 767,352 ----a-w c:\windows\$hf_mig$\KB956802\update\update.exe
+ 2008-07-09 07:40:35 406,392 ----a-w c:\windows\$hf_mig$\KB956802\update\updspapi.dll
+ 2008-06-14 17:59:52 272,768 ------w c:\windows\Driver Cache\i386\bthport.sys
+ 2008-10-24 11:10:42 453,632 ------w c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2008-08-14 13:44:35 2,138,112 ------w c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2008-08-14 13:44:39 2,059,776 ------w c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2008-08-14 13:44:33 2,017,792 ------w c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2008-08-14 13:44:37 2,182,400 ------w c:\windows\Driver Cache\i386\ntoskrnl.exe
- 2004-08-05 12:00:00 151,552 ----a-w c:\windows\system32\cdfview.dll
+ 2008-10-16 10:38:27 152,064 ----a-w c:\windows\system32\cdfview.dll
- 2004-08-05 12:00:00 1,056,256 ----a-w c:\windows\system32\danim.dll
+ 2008-10-16 10:38:27 1,056,768 ----a-w c:\windows\system32\danim.dll
- 2004-08-05 12:00:00 138,496 -c--a-w c:\windows\system32\dllcache\afd.sys
+ 2008-08-14 09:51:43 138,368 -c----w c:\windows\system32\dllcache\afd.sys
- 2004-08-05 12:00:00 1,017,344 -c--a-w c:\windows\system32\dllcache\browseui.dll
+ 2008-10-16 10:38:30 1,024,000 -c--a-w c:\windows\system32\dllcache\browseui.dll
- 2004-08-05 12:00:00 151,552 -c--a-w c:\windows\system32\dllcache\cdfview.dll
+ 2008-10-16 10:38:27 152,064 -c--a-w c:\windows\system32\dllcache\cdfview.dll
- 2004-08-05 12:00:00 1,056,256 -c--a-w c:\windows\system32\dllcache\danim.dll
+ 2008-10-16 10:38:27 1,056,768 -c--a-w c:\windows\system32\dllcache\danim.dll
- 2004-08-05 12:00:00 357,888 -c--a-w c:\windows\system32\dllcache\dxtmsft.dll
+ 2008-10-16 10:38:27 357,888 -c--a-w c:\windows\system32\dllcache\dxtmsft.dll
- 2004-08-05 12:00:00 201,728 -c--a-w c:\windows\system32\dllcache\dxtrans.dll
+ 2008-10-16 10:38:28 205,312 -c--a-w c:\windows\system32\dllcache\dxtrans.dll
- 2004-08-05 12:00:00 243,200 -c--a-w c:\windows\system32\dllcache\es.dll
+ 2008-07-07 20:31:48 253,952 -c--a-w c:\windows\system32\dllcache\es.dll
- 2004-08-05 12:00:00 55,808 -c--a-w c:\windows\system32\dllcache\extmgr.dll
+ 2008-10-16 10:38:28 55,808 -c--a-w c:\windows\system32\dllcache\extmgr.dll
- 2004-08-05 12:00:00 278,016 -c--a-w c:\windows\system32\dllcache\gdi32.dll
+ 2008-10-23 13:00:15 283,648 -c--a-w c:\windows\system32\dllcache\gdi32.dll
- 2004-08-05 12:00:00 18,432 -c--a-w c:\windows\system32\dllcache\iedw.exe
+ 2008-10-15 09:45:01 18,432 -c--a-w c:\windows\system32\dllcache\iedw.exe
- 2004-08-05 12:00:00 249,344 -c--a-w c:\windows\system32\dllcache\iepeers.dll
+ 2008-10-16 10:38:28 251,392 -c--a-w c:\windows\system32\dllcache\iepeers.dll
- 2004-08-05 12:00:00 678,400 -c--a-w c:\windows\system32\dllcache\inetcomm.dll
+ 2008-04-11 18:51:06 683,520 -c--a-w c:\windows\system32\dllcache\inetcomm.dll
- 2004-08-05 12:00:00 96,768 -c--a-w c:\windows\system32\dllcache\inseng.dll
+ 2008-10-16 10:38:28 96,768 -c--a-w c:\windows\system32\dllcache\inseng.dll
- 2004-08-05 12:00:00 450,560 -c--a-w c:\windows\system32\dllcache\jscript.dll
+ 2007-12-18 14:41:58 450,560 -c--a-w c:\windows\system32\dllcache\jscript.dll
- 2004-08-05 12:00:00 15,872 -c--a-w c:\windows\system32\dllcache\jsproxy.dll
+ 2008-10-16 10:38:29 16,384 -c--a-w c:\windows\system32\dllcache\jsproxy.dll
- 2006-10-19 01:03:58 100,864 -c--a-w c:\windows\system32\dllcache\logagent.exe
+ 2008-06-18 06:09:22 100,864 -c--a-w c:\windows\system32\dllcache\logagent.exe
- 2004-08-05 12:00:00 331,776 -c--a-w c:\windows\system32\dllcache\msadce.dll
+ 2008-05-01 14:31:48 331,776 -c--a-w c:\windows\system32\dllcache\msadce.dll
- 2004-08-05 12:00:00 73,728 -c--a-w c:\windows\system32\dllcache\mscms.dll
+ 2008-06-24 16:23:56 74,240 -c--a-w c:\windows\system32\dllcache\mscms.dll
- 2004-08-05 12:00:00 3,003,392 -c--a-w c:\windows\system32\dllcache\mshtml.dll
+ 2008-12-12 17:35:12 3,081,216 -c--a-w c:\windows\system32\dllcache\mshtml.dll
- 2004-08-05 12:00:00 448,512 -c--a-w c:\windows\system32\dllcache\mshtmled.dll
+ 2008-10-16 10:38:29 449,024 -c--a-w c:\windows\system32\dllcache\mshtmled.dll
- 2004-08-05 12:00:00 146,432 -c--a-w c:\windows\system32\dllcache\msrating.dll
+ 2008-10-16 10:38:28 146,432 -c--a-w c:\windows\system32\dllcache\msrating.dll
- 2006-10-19 02:47:16 414,208 -c--a-w c:\windows\system32\dllcache\msscp.dll
+ 2006-12-04 21:21:50 414,720 -c--a-w c:\windows\system32\dllcache\msscp.dll
- 2004-08-05 12:00:00 530,432 -c--a-w c:\windows\system32\dllcache\mstime.dll
+ 2008-10-16 10:38:28 532,480 -c--a-w c:\windows\system32\dllcache\mstime.dll
- 2004-08-05 12:00:00 1,236,480 -c--a-w c:\windows\system32\dllcache\msxml3.dll
+ 2008-09-04 16:45:11 1,106,944 -c--a-w c:\windows\system32\dllcache\msxml3.dll
- 2004-08-05 12:00:00 332,288 -c--a-w c:\windows\system32\dllcache\netapi32.dll
+ 2008-10-15 16:59:28 332,800 -c--a-w c:\windows\system32\dllcache\netapi32.dll
- 2004-08-05 12:00:00 39,424 -c--a-w c:\windows\system32\dllcache\pngfilt.dll
+ 2008-10-16 10:38:28 39,424 -c--a-w c:\windows\system32\dllcache\pngfilt.dll
- 2004-08-05 12:00:00 1,293,824 -c--a-w c:\windows\system32\dllcache\quartz.dll
+ 2008-05-07 05:15:36 1,293,824 -c--a-w c:\windows\system32\dllcache\quartz.dll
- 2004-08-05 12:00:00 200,064 -c--a-w c:\windows\system32\dllcache\rmcast.sys
+ 2008-05-08 12:28:49 202,752 -c--a-w c:\windows\system32\dllcache\rmcast.sys
- 2004-08-05 12:00:00 1,483,776 -c--a-w c:\windows\system32\dllcache\shdocvw.dll
+ 2008-10-16 10:38:29 1,495,040 -c--a-w c:\windows\system32\dllcache\shdocvw.dll
- 2004-08-05 12:00:00 474,112 -c--a-w c:\windows\system32\dllcache\shlwapi.dll
+ 2008-10-16 10:38:29 474,624 -c--a-w c:\windows\system32\dllcache\shlwapi.dll
- 2004-08-05 12:00:00 336,256 -c--a-w c:\windows\system32\dllcache\srv.sys
+ 2008-12-11 11:57:21 333,184 -c--a-w c:\windows\system32\dllcache\srv.sys
- 2004-08-05 12:00:00 246,302 -c--a-w c:\windows\system32\dllcache\strmdll.dll
+ 2008-10-03 10:17:02 247,326 -c--a-w c:\windows\system32\dllcache\strmdll.dll
- 2004-08-05 12:00:00 603,136 -c--a-w c:\windows\system32\dllcache\urlmon.dll
+ 2008-10-16 10:38:30 617,984 -c--a-w c:\windows\system32\dllcache\urlmon.dll
- 2004-08-05 12:00:00 417,792 -c--a-w c:\windows\system32\dllcache\vbscript.dll
+ 2007-12-18 14:41:59 417,792 -c--a-w c:\windows\system32\dllcache\vbscript.dll
- 2004-08-05 12:00:00 1,836,032 -c--a-w c:\windows\system32\dllcache\win32k.sys
+ 2008-09-15 15:39:16 1,846,144 -c--a-w c:\windows\system32\dllcache\win32k.sys
- 2004-08-05 12:00:00 660,480 -c--a-w c:\windows\system32\dllcache\wininet.dll
+ 2008-10-16 10:38:29 663,552 -c--a-w c:\windows\system32\dllcache\wininet.dll
- 2006-10-19 02:47:18 222,208 -c--a-w c:\windows\system32\dllcache\WMASF.dll
+ 2007-10-25 14:28:30 222,720 -c--a-w c:\windows\system32\dllcache\wmasf.dll
- 2006-10-19 02:47:20 937,984 -c--a-w c:\windows\system32\dllcache\WMNetMgr.dll
+ 2008-06-18 10:03:08 938,496 -c--a-w c:\windows\system32\dllcache\WMNetmgr.dll
- 2006-10-19 02:47:20 10,834,432 -c--a-w c:\windows\system32\dllcache\wmp.dll
+ 2007-06-12 04:51:12 10,834,944 -c--a-w c:\windows\system32\dllcache\wmp.dll
- 2006-10-19 02:47:22 2,450,944 -c--a-w c:\windows\system32\dllcache\wmvcore.dll
+ 2008-06-18 10:03:14 2,458,112 -c--a-w c:\windows\system32\dllcache\WMVCore.dll
- 2004-08-05 12:00:00 138,496 ----a-w c:\windows\system32\drivers\afd.sys
+ 2008-08-14 09:51:43 138,368 ----a-w c:\windows\system32\drivers\afd.sys
- 2004-08-05 12:00:00 451,456 ----a-w c:\windows\system32\drivers\mrxsmb.sys
+ 2008-10-24 11:10:42 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
- 2004-08-05 12:00:00 200,064 ----a-w c:\windows\system32\drivers\RMCast.sys
+ 2008-05-08 12:28:49 202,752 ----a-w c:\windows\system32\drivers\rmcast.sys
- 2004-08-05 12:00:00 359,040 ----a-w c:\windows\system32\drivers\tcpip.sys
+ 2008-06-20 10:45:13 360,320 ----a-w c:\windows\system32\drivers\tcpip.sys
- 2004-08-05 12:00:00 223,616 ----a-w c:\windows\system32\drivers\tcpip6.sys
+ 2008-06-20 09:52:06 225,920 ----a-w c:\windows\system32\drivers\tcpip6.sys
- 2004-08-05 12:00:00 357,888 ----a-w c:\windows\system32\dxtmsft.dll
+ 2008-10-16 10:38:27 357,888 ----a-w c:\windows\system32\dxtmsft.dll
- 2004-08-05 12:00:00 201,728 ----a-w c:\windows\system32\dxtrans.dll
+ 2008-10-16 10:38:28 205,312 ----a-w c:\windows\system32\dxtrans.dll
- 2004-08-05 12:00:00 55,808 ----a-w c:\windows\system32\extmgr.dll
+ 2008-10-16 10:38:28 55,808 ----a-w c:\windows\system32\extmgr.dll
- 2004-08-05 12:00:00 249,344 ----a-w c:\windows\system32\iepeers.dll
+ 2008-10-16 10:38:28 251,392 ----a-w c:\windows\system32\iepeers.dll
- 2004-08-05 12:00:00 96,768 ----a-w c:\windows\system32\inseng.dll
+ 2008-10-16 10:38:28 96,768 ----a-w c:\windows\system32\inseng.dll
- 2004-08-05 12:00:00 450,560 ----a-w c:\windows\system32\jscript.dll
+ 2007-12-18 14:41:58 450,560 ----a-w c:\windows\system32\jscript.dll
- 2004-08-05 12:00:00 15,872 ----a-w c:\windows\system32\jsproxy.dll
+ 2008-10-16 10:38:29 16,384 ----a-w c:\windows\system32\jsproxy.dll
- 2006-10-19 01:03:58 100,864 ----a-w c:\windows\system32\logagent.exe
+ 2008-06-18 06:09:22 100,864 ----a-w c:\windows\system32\logagent.exe
- 2004-08-05 12:00:00 73,728 ----a-w c:\windows\system32\mscms.dll
+ 2008-06-24 16:23:56 74,240 ----a-w c:\windows\system32\mscms.dll
- 2004-08-05 12:00:00 448,512 ----a-w c:\windows\system32\mshtmled.dll
+ 2008-10-16 10:38:29 449,024 ----a-w c:\windows\system32\mshtmled.dll
- 2004-08-05 12:00:00 146,432 ----a-w c:\windows\system32\msrating.dll
+ 2008-10-16 10:38:28 146,432 ----a-w c:\windows\system32\msrating.dll
- 2006-10-19 02:47:16 414,208 ----a-w c:\windows\system32\msscp.dll
+ 2006-12-04 21:21:50 414,720 ----a-w c:\windows\system32\msscp.dll
- 2004-08-05 12:00:00 530,432 ----a-w c:\windows\system32\mstime.dll
+ 2008-10-16 10:38:28 532,480 ----a-w c:\windows\system32\mstime.dll
- 2005-09-08 06:03:50 1,330,888 ----a-w c:\windows\system32\msxml6.dll
+ 2008-08-30 01:06:44 1,350,664 ----a-w c:\windows\system32\msxml6.dll
- 2004-08-05 12:00:00 2,017,280 ----a-w c:\windows\system32\ntkrnlpa.exe
+ 2008-08-14 13:44:33 2,017,792 ----a-w c:\windows\system32\ntkrnlpa.exe
- 2004-08-05 12:00:00 2,150,400 ----a-w c:\windows\system32\ntoskrnl.exe
+ 2008-08-14 13:44:35 2,138,112 ----a-w c:\windows\system32\ntoskrnl.exe
- 2004-08-05 12:00:00 39,424 ----a-w c:\windows\system32\pngfilt.dll
+ 2008-10-16 10:38:28 39,424 ----a-w c:\windows\system32\pngfilt.dll
- 2006-09-25 22:58:48 14,640 ------w c:\windows\system32\spmsg.dll
+ 2007-11-30 11:19:06 18,296 ------w c:\windows\system32\spmsg.dll
- 2004-08-05 12:00:00 246,302 ----a-w c:\windows\system32\strmdll.dll
+ 2008-10-03 10:17:02 247,326 ----a-w c:\windows\system32\strmdll.dll
+ 2008-07-25 15:12:42 229,376 ----a-w c:\windows\system32\tbb.dll
+ 2008-10-22 09:47:07 62,976 ------w c:\windows\system32\tzchange.exe
- 2004-08-05 12:00:00 417,792 ----a-w c:\windows\system32\vbscript.dll
+ 2007-12-18 14:41:59 417,792 ----a-w c:\windows\system32\vbscript.dll
- 2004-08-05 12:00:00 1,836,032 ----a-w c:\windows\system32\win32k.sys
+ 2008-09-15 15:39:16 1,846,144 ----a-w c:\windows\system32\win32k.sys
- 2006-10-19 02:47:18 222,208 ----a-w c:\windows\system32\wmasf.dll
+ 2007-10-25 14:28:30 222,720 ----a-w c:\windows\system32\wmasf.dll
- 2006-10-19 02:47:20 937,984 ----a-w c:\windows\system32\WMNetMgr.dll
+ 2008-06-18 10:03:08 938,496 ----a-w c:\windows\system32\WMNetmgr.dll
- 2006-10-19 02:47:20 10,834,432 ----a-w c:\windows\system32\wmp.dll
+ 2007-06-12 04:51:12 10,834,944 ----a-w c:\windows\system32\wmp.dll
- 2006-10-19 02:47:20 295,936 ------w c:\windows\system32\wmpeffects.dll
+ 2008-06-24 23:12:58 295,936 ------w c:\windows\system32\wmpeffects.dll
- 2006-10-19 02:47:22 2,450,944 ----a-w c:\windows\system32\wmvcore.dll
+ 2008-06-18 10:03:14 2,458,112 ----a-w c:\windows\system32\WMVCore.dll
+ 2008-10-16 01:05:28 370,176 ------w c:\windows\system32\xpsp3res.dll
+ 2009-01-28 12:07:53 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_250.dat
+ 2008-04-15 17:56:59 1,724,416 ----a-w c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.3352_x-ww_81af8e88\GdiPlus.dll
.
-- InstantanÈ actualisÈ --
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ÈlÈments vides & les ÈlÈments initiaux lÈgitimes ne sont pas listÈs
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-05 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-12-02 3882312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-10-08 995328]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-10-08 1101824]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"AdobeCS4ServiceManager"="c:\program files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-19 136600]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 1443072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-05 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
--a------ 2006-01-02 17:41 45056 c:\program files\ATI Technologies\ATI.ACE\CLI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
--a------ 2007-05-10 10:22 405504 c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Fichiers communs\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-02-20 33800]
R4 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-02-20 472320]
S4 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [2004-08-05 3584]
S4 spupdsvc;Windows Service Pack Installer update service;c:\windows\system32\spupdsvc.exe [2009-01-18 23856]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{50420c36-dad7-11dd-805c-0015c519a269}]
\Shell\AutoRun\command - f:\wd_windows_tools\setup.exe
.
Contenu du dossier 'T‚ches planifiÈes'

2009-01-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
.
------- Examen supplÈmentaire -------
.
uStart Page = hxxp://www.google.ca/
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\documents and settings\jonas\Application Data\Mozilla\Firefox\Profiles\289irgna.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.cab.tv/
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-28 08:09:15
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachÈs ...

Recherche d'ÈlÈments en dÈmarrage automatique cachÈs ...

Recherche de fichiers cachÈs ...

Scan terminÈ avec succËs
Fichiers cachÈs: 0

**************************************************************************
.
--------------------- DLLs chargÈes dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(888)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\netprovcredman.dll
.
Heure de fin: 2009-01-28 8:10:20
ComboFix-quarantined-files.txt 2009-01-28 13:10:18
ComboFix2.txt 2009-01-24 23:53:28
ComboFix3.txt 2009-01-21 20:27:56
ComboFix4.txt 2009-01-19 15:18:20

Avant-CF: 81†716†383†744 octets libres
AprËs-CF: 81,704,210,432 octets libres

450 --- E O F --- 2009-01-28 12:16:05

Attached Files


Edited by jonasll, 28 January 2009 - 08:27 AM.


#5 jonasll

jonasll
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:03 AM

Posted 28 January 2009 - 08:35 AM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:34:40, on 2009-01-28
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\jonas\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Service de líiPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 6268 bytes

#6 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:03 AM

Posted 08 February 2009 - 12:08 PM

Hello. I am PropagandaPanda (Panda or PP for short), and I will be helping you with your log.

In the future, please do not throw 5 logs at us. It is excessive, and doesn't make it any easier. Thanks.

I apologize for the delay in response. We get overwhelmed with logs at times, but we are trying our best to keep up. If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following so I can have a look at the current condition of your machine.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.

Download and Run DDS
If you already have a copy of DDS, there is not need to download a new one.

Download DDS by sUBs from any of the links below:
DDS.com, DDS.scr, DDS.pif

Double click its icon to run it. If you are using Windows Vista, right click it and select "Run as Administrator".
When the scan is finished, two logs will open.
Post DDS.txt directly into your reply. Attach Attach.txt.

Download and Run Scan with GMER
We will use GMER to scan for rootkits.

Please download GMER.zip to your desktop from any of the links below:
LINK1, LINK2
  • Right click on GMER.zip and select "Extract All".
  • Close all other open programs as there is a slight chance your computer will crash.
  • Double click GMER.exe. If you are using Windows Vista, right click the icon and select "Run as Administrator". Your security programs may detect GMER's driver trying to load. Allow it.
  • You may see a warning saying "GMER has detected rootkit activity". If so, select NO.
  • Leaving the settings at default, click Scan.
  • When the scan is complete, click Save and save the log onto your desktop.
Please include the log in your next reply.
Please tell me what changes have been made to the computer since your topic was started. Also give me an update on any symptoms.

With Regards,
The Panda

#7 jonasll

jonasll
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:03 AM

Posted 10 February 2009 - 05:01 PM

Hi Panda,

I understand you are very busy helping out people, so there is no worry about that...

I haven't made any changes to my computer since my last post, but I don't see that resycled folder when I plug a device in.... But since I haven't made any changes, I am afraid it may be a sleeping thing... or whatever... so here are the logs



DDS


DDS (Ver_09-02-01.01) - NTFSx86
Run by jonas at 16:48:19,18 on 2009-02-10
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professionnel 5.1.2600.2.1252.2.1036.18.3070.2420 [GMT -5:00]

AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\UnivLaval\cvpnd.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Documents and Settings\jonas\Bureau\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.ca/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\fichiers communs\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Programme d'aide de l'Assistant de connexion Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\fichiers communs\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [AdobeCS4ServiceManager] "c:\program files\fichiers communs\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\jonas\menudm~1\progra~1\dmarra~1\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\menudm~1\progra~1\dmarra~1\univer~1.lnk - c:\program files\univlaval\vpngui.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\ssv.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\jonas\applic~1\mozilla\firefox\profiles\289irgna.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.cab.tv/
FF - plugin: c:\program files\google\google updater\2.4.1487.6512\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.133.37\npGoogleOneClick7.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll

============= SERVICES / DRIVERS ===============

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-2-20 33800]
R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-9-10 611664]
R2 ekrn;Eset Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2008-2-20 472320]
S2 gupdate1c985f7728d0792;Google Update Service (gupdate1c985f7728d0792);c:\program files\google\update\GoogleUpdate.exe [2009-2-3 133104]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [2004-8-5 3584]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2009-2-1 280344]

=============== Created Last 30 ================

2009-02-10 13:44 <DIR> --d----- c:\program files\Virtual Earth 3D
2009-02-03 00:18 <DIR> --d----- c:\documents and settings\jonas\SaveSets
2009-02-02 11:11 <DIR> --d----- c:\program files\DAMN NFO Viewer
2009-02-02 11:05 <DIR> --d----- c:\program files\MosaicCreator
2009-02-01 20:10 <DIR> --d----- c:\windows\Internet Logs
2009-02-01 20:04 29,752 -------- c:\windows\system32\InstHelper.dll
2009-02-01 20:04 8 a------- c:\windows\system32\success
2009-02-01 20:04 126,864 a------- c:\windows\system32\drivers\dne2000.sys
2009-02-01 20:04 101,904 a------- c:\windows\system32\dneinobj.dll
2009-02-01 20:03 305,788 a------- c:\windows\system32\drivers\CVPNDRVA.sys
2009-02-01 20:03 197,680 a------- c:\windows\system32\vpnapi.dll
2009-02-01 20:03 5,315 a------- c:\windows\system32\drivers\CVirtA.sys
2009-02-01 20:03 193,584 a------- c:\windows\system32\CSGina.dll
2009-02-01 20:03 <DIR> --d----- c:\program files\UnivLaval
2009-02-01 20:03 <DIR> --d----- c:\program files\fichiers communs\Deterministic Networks
2009-02-01 14:45 484 a------- c:\windows\exifmanager.ini
2009-01-29 10:55 <DIR> --d----- c:\docume~1\jonas\applic~1\OpenOffice.org
2009-01-29 10:53 <DIR> --d----- c:\program files\JRE
2009-01-29 10:53 <DIR> --d----- c:\program files\OpenOffice.org 3
2009-01-28 15:19 <DIR> --d----- c:\docume~1\jonas\applic~1\Maxwell for Rhino 4
2009-01-28 15:16 <DIR> --d----- c:\program files\Next Limit
2009-01-28 15:13 <DIR> --d----- c:\program files\T-Splines for Rhino
2009-01-28 15:13 <DIR> --d----- c:\docume~1\alluse~1\applic~1\TSplines
2009-01-28 15:09 <DIR> --d----- c:\program files\fichiers communs\McNeel Shared
2009-01-28 15:09 <DIR> --d----- c:\docume~1\alluse~1\applic~1\McNeel
2009-01-28 15:08 <DIR> --d----- c:\program files\Rhinoceros 4.0
2009-01-28 14:47 <DIR> --d----- c:\docume~1\jonas\applic~1\MAXON
2009-01-28 14:46 <DIR> --d----- c:\program files\MAXON Cinema 4D
2009-01-28 08:07 161,792 a------- c:\windows\SWREG.exe
2009-01-28 08:07 98,816 a------- c:\windows\sed.exe
2009-01-28 08:07 <DIR> --d----- C:\ComboFix
2009-01-28 07:12 <DIR> --d----- c:\program files\MSXML 6.0
2009-01-24 17:19 <DIR> --d----- c:\docume~1\jonas\applic~1\Lucis
2009-01-24 17:14 41 a------- c:\windows\ars-dat0169.conf
2009-01-23 15:17 221,184 a------- c:\windows\system32\wmpns.dll
2009-01-23 09:51 <DIR> --d----- c:\windows\system32\CatRoot_bak
2009-01-23 09:50 2,138,112 -c------ c:\windows\system32\dllcache\ntkrnlmp.exe
2009-01-23 09:50 2,182,400 -c------ c:\windows\system32\dllcache\ntoskrnl.exe
2009-01-23 09:50 2,059,776 -c------ c:\windows\system32\dllcache\ntkrnlpa.exe
2009-01-23 09:50 2,017,792 -c------ c:\windows\system32\dllcache\ntkrpamp.exe
2009-01-23 09:49 272,768 -c------ c:\windows\system32\dllcache\bthport.sys
2009-01-23 09:49 272,768 -------- c:\windows\system32\drivers\bthport.sys
2009-01-23 09:31 453,632 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2009-01-23 09:28 <DIR> --d----- c:\windows\system32\PreInstall
2009-01-23 09:28 <DIR> --d-h--- c:\windows\$hf_mig$
2009-01-21 11:46 268,648 a------- c:\windows\system32\mucltui.dll
2009-01-21 11:46 208,744 a------- c:\windows\system32\muweb.dll
2009-01-21 11:46 27,496 a------- c:\windows\system32\mucltui.dll.mui
2009-01-19 10:11 <DIR> a-dshr-- C:\cmdcons
2009-01-19 10:05 250 a------- c:\windows\gmer.ini
2009-01-19 10:02 <DIR> --d----- c:\program files\trend micro
2009-01-19 09:12 410,984 a------- c:\windows\system32\deploytk.dll
2009-01-19 09:12 73,728 a------- c:\windows\system32\javacpl.cpl
2009-01-19 08:51 <DIR> --d----- c:\docume~1\jonas\applic~1\Malwarebytes
2009-01-19 08:51 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-01-19 08:51 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-19 08:51 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-01-19 08:51 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-01-18 20:05 <DIR> --d----- c:\program files\Lavasoft
2009-01-18 20:02 <DIR> --d----- c:\program files\fichiers communs\Wise Installation Wizard
2009-01-18 16:02 <DIR> --ds---- c:\documents and settings\jonas\UserData
2009-01-18 15:56 <DIR> --d----- c:\documents and settings\jonas\Tracing
2009-01-18 15:54 <DIR> --d----- c:\program files\Microsoft
2009-01-18 15:54 <DIR> --d----- c:\program files\Windows Live SkyDrive
2009-01-18 15:49 <DIR> --d----- c:\program files\fichiers communs\Windows Live
2009-01-18 15:45 <DIR> --d----- c:\program files\Windows Media Connect 2
2009-01-18 15:44 <DIR> --d----- c:\windows\system32\LogFiles
2009-01-18 15:44 23,856 a------- c:\windows\system32\spupdsvc.exe
2009-01-18 15:33 107,368 a------- c:\windows\system32\GEARAspi.dll
2009-01-18 15:33 15,464 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-01-18 15:33 <DIR> --d----- c:\program files\iPod
2009-01-18 15:33 <DIR> --d----- c:\program files\iTunes
2009-01-18 15:33 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-18 15:32 <DIR> --d----- c:\program files\Bonjour
2009-01-18 15:31 <DIR> --d----- c:\program files\fichiers communs\Apple
2009-01-17 10:57 <DIR> --d----- c:\windows\system32\appmgmt

==================== Find3M ====================

2009-01-06 22:27 458,886 a------- c:\windows\system32\perfh00C.dat
2009-01-06 22:27 71,686 a------- c:\windows\system32\perfc00C.dat
2009-01-05 00:21 86,669 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-01-04 21:05 376,832 a------- c:\windows\system32\AegisI5Installer.exe
2009-01-04 21:05 21,361 a------- c:\windows\system32\drivers\AegisP.sys
2009-01-04 21:05 21,361 a------- c:\windows\AegisP.sys
2009-01-04 19:53 23,032 a------- c:\windows\system32\emptyregdb.dat
2008-12-02 22:37 49,480 a------- c:\windows\system32\sirenacm.dll

============= FINISH: 16:48:26,56 ===============




++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+++++++++++++++++++++++++++++++++GMER+++++++++++++++++++++++++++++++++++++++++++++++++++
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-02-10 16:57:00
Windows 5.1.2600 Service Pack 2


---- User code sections - GMER 1.0.14 ----

.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1304] kernel32.dll!SetUnhandledExceptionFilter 7C810386 4 Bytes [ C2, 04, 00, 00 ]

---- Devices - GMER 1.0.14 ----

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys
AttachedDevice \FileSystem\Fastfat \Fat eamon.sys (Amon monitor/ESET)

---- EOF - GMER 1.0.14 ----

Attached Files



#8 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:03 AM

Posted 10 February 2009 - 05:11 PM

Hello jonasll.

It looks clean to me. Are there any issues at the moment?

Let's run an online scan to check for anything missed.

F-Secure Online Scan
Please run F-Secure Online Scanner.
This scan is for Internet Explorer only.
  • It is suggested that you disable security programs and close any other windows during the scan. While your security is disabled, please refrain from surfing on other sites. Refer to this page if you are unsure how.
  • Go to F-Secure Online Scanner
  • Follow the instructions here for installation.
  • Accept the License Agreement.
  • Once the ActiveX installs, click Full System Scan
  • Once the download completes, the scan will begin automatically. The scan will take some time to finish, so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and copy the entire report in your next reply.
  • Be sure to re-enable any security programs.

With Regards,
The Panda

#9 jonasll

jonasll
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:03 AM

Posted 11 February 2009 - 11:58 AM

I havent seen any werid activity on my computer for about a week or so...

heres the f-secure log!

thank you!


Scanning Report
Wednesday, February 11, 2009 11:03:16 - 11:55:25

Computer name: JONASLAPTOP
Scanning type: Scan system for malware, rootkits
Target: C:\
Result: 5 malware found
TrackingCookie.2o7 (spyware)

* System

TrackingCookie.Atdmt (spyware)

* System

TrackingCookie.Mediaplex (spyware)

* System

TrackingCookie.Revsci (spyware)

* System

TrackingCookie.Xiti (spyware)

* System

Statistics
Scanned:

* Files: 43637
* System: 3201
* Not scanned: 8

Actions:

* Disinfected: 0
* Renamed: 0
* Deleted: 0
* None: 6
* Submitted: 1

Files not scanned:

* C:\HIBERFIL.SYS
* C:\PAGEFILE.SYS
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
* C:\WINDOWS\SYSTEM32\CONFIG\SAM
* C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
* C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
* C:\DOCUMENTS AND SETTINGS\JONAS\LOCAL SETTINGS\TEMP\ETILQS_GB2GMJHRV3OMEJNBFKTC

Options
Scanning engines:

* F-Secure USS: 3.0.0
* F-Secure Blacklight: 0.0.0
* F-Secure Hydra: 3.6.8511, 2009-02-11
* F-Secure Pegasus: 1.20.0, 1969-11-31
* F-Secure AVP: 7.0.171, 2009-02-11

Scanning options:

* Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
* Use Advanced heuristics

Copyright © 1998-2007 Product support |Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.

#10 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:03 AM

Posted 11 February 2009 - 03:50 PM

Hello.

Looks good to me. Unless there are any issues at the moment, we can wrap up.

Download and Run OTCleanIt
This program will remove the tools we have used.
  • Download OTCleanIt by OldTimer to your desktop.
  • Double click OTCleanIt.exe to start the program.
  • Click the big CleanUp! button.
  • When asked if you want to proceed with the cleanup process, click Yes. Restart your computer when prompted.
Delete the file after use, if it did not delete itself.

Purging System Restore Points
Now you should Set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then go to Start > Run and type: Cleanmgr
  • Click "OK".
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.

Do you have any questions or concerns?

With Regards,
The Panda

#11 jonasll

jonasll
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:03 AM

Posted 11 February 2009 - 11:57 PM

Thanks a lot Panda... Your help was appreciated.

Giving you props.

Jonathan

#12 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:03 AM

Posted 12 February 2009 - 08:24 AM

Welcome, Jonathan .

Since this issue appears to be resolved, this topic is now closed.
If you are the topic starter and need this topic reopened, send me a message.

Everyone else, please begin a new topic.

With Regards,
The Panda




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users