Probleme de Pop Up (Encore un, desole!)

Question

Bonjour,
J'ai parcouru un peu le forum mais pas trouver la solution a mes tracas. Mon probleme est que hier j'ai ouvert un msg envoyer par un ami sur facebook (a son insu) et qui contenait un bon gros spam. On me demandait de cliquer pour voir une video et ensuite d'installer la mise a jour pour flash player. Et comme un con je l'ai fait. Depuis, chaque 10min j'ai IE qui s'ouvre en pop up (alors que j'utilise Mozilla d'ailleurs) et qui me fait un scan anti virus bidon et puis me demande d'installer un logiciel anti-virus. De +, chaque fois que je fais une recherche sur Google, quand je clique sur l'un des liens dans les reponses, sa m'envoit quasi tjrs sur la meme page de pub... :-/
Jusque la, je n'ai jamais eu de problemes. Mon ordi (c'est au bureau) a ete reformater il y a 3 semaines et information importante, je vis en Suede et j'ai donc Windows en... suedois! :) (et je ne parle pas Suedois bien sur) :) En anti virus, j'ai AVG avec toutes les updates.
Et j'ai donc telecharger Navilog et Hijack, je post les scans ci-dessous au cas ou sa servirait...
Voila en tout cas, j'espere que quelqu'un saura m'aider, parce que mon patron commence a faire la tete, et je promet d'etre plus vigilant la prochaine fois! :)
Merci d'avance!
Dorian

SCAN NAVILOG:

"Search Navipromo version 3.7.6 commencé le 2009-03-24 à 14:25:58,79

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program
avilog1

Mise à jour le 14.03.2009 à 18h00 par IL-MAFIOSO

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : AMD Turion(tm) 64 Mobile Technology ML-30 )
BIOS : Ver 1.00PARTTBL
USER : Dorian ( Administrator )
BOOT : Normal boot

Antivirus : AVG Anti-Virus Free 8.5 (Activated)

C:\ (Local Disk) - NTFS - Total:41 Go (Free:19 Go)
D:\ (Local Disk) - NTFS - Total:14 Go (Free:14 Go)
E:\ (CD or DVD)

Recherche executé en mode normal

*** Recherche dossiers dans "C:\WINDOWS" ***

*** Recherche dossiers dans "C:\Program" ***

*** Recherche dossiers dans "C:\Documents and Settings\All Users\start-~1\program" ***

*** Recherche dossiers dans "C:\Documents and Settings\All Users\start-~1" ***

*** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***

*** Recherche dossiers dans "C:\Documents and Settings\Dorian\applic~1" *** 

*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\applic~1" *** 

*** Recherche dossiers dans "C:\DOCUME~1\CHIRIS~1\applic~1" *** 

*** Recherche dossiers dans "C:\DOCUME~1\Jens\applic~1" *** 

*** Recherche dossiers dans "C:\Documents and Settings\Dorian\lokala~1\applic~1" *** 

*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\lokala~1\applic~1" *** 

*** Recherche dossiers dans "C:\DOCUME~1\CHIRIS~1\lokala~1\applic~1" *** 

*** Recherche dossiers dans "C:\DOCUME~1\Jens\lokala~1\applic~1" *** 

*** Recherche dossiers dans "C:\Documents and Settings\Dorian\start-~1\program" *** 

*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\start-~1\program" *** 

*** Recherche dossiers dans "C:\DOCUME~1\CHIRIS~1\start-~1\program" *** 

*** Recherche dossiers dans "C:\DOCUME~1\Jens\start-~1\program" *** 

*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans "C:\WINDOWS\system32" *
* Recherche dans "C:\Documents and Settings\Dorian\lokala~1\applic~1" * 
* Recherche dans "C:\DOCUME~1\ADMINI~1\lokala~1\applic~1" * 
* Recherche dans "C:\DOCUME~1\CHIRIS~1\lokala~1\applic~1" * 
* Recherche dans "C:\DOCUME~1\Jens\lokala~1\applic~1" * 

*** Recherche fichiers *** 
*** Recherche clés spécifiques dans le Registre ***
!! Les clés trouvées ne sont pas forcément infectées !!

*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :

2)Recherche Heuristique :
* Dans "C:\WINDOWS\system32" :
* Dans "C:\Documents and Settings\Dorian\lokala~1\applic~1" : 
* Dans "C:\DOCUME~1\ADMINI~1\lokala~1\applic~1" : 
* Dans "C:\DOCUME~1\CHIRIS~1\lokala~1\applic~1" : 
* Dans "C:\DOCUME~1\Jens\lokala~1\applic~1" : 

3)Recherche Certificats :
Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat Montorgueil absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche autres dossiers et fichiers connus :

*** Analyse terminée le 2009-03-24 à 14:30:23,81 ***"




SCAN HIJACK:
"Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:26:01, on 2009-03-24
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Java\jre6\bin\jqs.exe
C:\Program\Delade filer\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Delade filer\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program\Delade filer\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe
C:\Program\Roxio\CinePlayer\DMXLauncher.exe
C:\Program\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\System32\WScript.exe
C:\DOCUME~1\Dorian\LOKALA~1\Temp\RtkBtMnt.EXE
C:\Program\Java\jre6\bin\jusched.exe
C:\windows\pp04.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\Skype\Phone\Skype.exe
C:\WINDOWS\system32undll32.exe
C:\Program\Delade filer\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe
C:\Program\Skype\Plugin Manager\skypePM.exe
C:\Program\AVG\AVG8\avgwdsvc.exe
C:\Program\AVG\AVG8\avgrsx.exe
C:\Program\AVG\AVG8\avgcsrvx.exe
C:\Program\AVG\AVG8\avgnsx.exe
C:\Program\Trend Micro\HijackThis\HijackThis.exe
C:\Program\AVG\AVG8\avgcmgr.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = BANTAI USA & EZRAEL [AL - MUKHLIS STUDIO]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program\AVG\AVG8\avgssie.dll
O2 - BHO: E-Zsoft VideoDownloaderToolBar - {4322A444-92F8-4C3E-BD4C-013BA51E2871} - C:\Program\VersalSoft\InternetDownload\VDTB.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: E-Zsoft VideoDownloaderToolBar - {4322A444-92F8-4C3E-BD4C-013BA51E2871} - C:\Program\VersalSoft\InternetDownload\VDTB.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program\Delade filer\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program\Roxio\CinePlayer\DMXLauncher.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [InternetDownload_upgrade] "C:\Program\VersalSoft\InternetDownload\InternetDownload.exe" /upgrade
O4 - HKLM\..\Run: [mcafee] C:\WINDOWS\WIN31.dll.vbs
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [sysldtray] C:\windows\ld02.exe
O4 - HKLM\..\Run: [pp] C:\windows\pp04.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\Program\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ISUSScheduler] "C:\Program\Delade filer\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [dll] rundll32 dll32,sm
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Skicka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Ski&cka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\DELADE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\Program\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program\Delade filer\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program\Delade filer\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program\Delade filer\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: SessionLauncher - Unknown owner - C:\DOCUME~1\ADMINI~1\LOKALA~1\Temp\DX9\SessionLauncher.exe (file missing)

jlpjlp · Answer

slt,


Télécharge ici :

http://images.malwareremoval.com/random/RSIT.exe

random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.

Double-clique sur RSIT.exe afin de lancer RSIT.

Clique Continue à l'écran Disclaimer.

Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).

NB : Les rapports sont sauvegardés dans le dossier C:\rsit

Dorian · Answer

Salut! Merci pour ta reponse quasi instantane! Voici les infos demandes!

LOG.txt:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Dorian at 2009-03-24 15:52:03
Microsoft Windows XP Professional Service Pack 3
System drive C: has 20 GB (48%) free of 42 GB
Total RAM: 1278 MB (46% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:52:08, on 2009-03-24
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Java\jre6\bin\jqs.exe
C:\Program\Delade filer\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Delade filer\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program\Delade filer\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe
C:\Program\Roxio\CinePlayer\DMXLauncher.exe
C:\Program\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\System32\WScript.exe
C:\DOCUME~1\Dorian\LOKALA~1\Temp\RtkBtMnt.EXE
C:\Program\Java\jre6\bin\jusched.exe
C:\windows\pp04.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\Skype\Phone\Skype.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program\Delade filer\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe
C:\Program\Skype\Plugin Manager\skypePM.exe
C:\Program\AVG\AVG8\avgwdsvc.exe
C:\Program\AVG\AVG8\avgrsx.exe
C:\Program\AVG\AVG8\avgcsrvx.exe
C:\Program\AVG\AVG8\avgnsx.exe
C:\Program\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Dorian\Skrivbord\RSIT.exe
C:\Program\Trend Micro\HijackThis\Dorian.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = BANTAI USA & EZRAEL [AL - MUKHLIS STUDIO]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program\AVG\AVG8\avgssie.dll
O2 - BHO: E-Zsoft VideoDownloaderToolBar - {4322A444-92F8-4C3E-BD4C-013BA51E2871} - C:\Program\VersalSoft\InternetDownload\VDTB.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: E-Zsoft VideoDownloaderToolBar - {4322A444-92F8-4C3E-BD4C-013BA51E2871} - C:\Program\VersalSoft\InternetDownload\VDTB.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program\Delade filer\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program\Roxio\CinePlayer\DMXLauncher.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [InternetDownload_upgrade] "C:\Program\VersalSoft\InternetDownload\InternetDownload.exe" /upgrade
O4 - HKLM\..\Run: [mcafee] C:\WINDOWS\WIN31.dll.vbs
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [sysldtray] C:\windows\ld02.exe
O4 - HKLM\..\Run: [pp] C:\windows\pp04.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\Program\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ISUSScheduler] "C:\Program\Delade filer\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [dll] rundll32 dll32,sm
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Skicka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Ski&cka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\DELADE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\Program\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program\Delade filer\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program\Delade filer\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program\Delade filer\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: SessionLauncher - Unknown owner - C:\DOCUME~1\ADMINI~1\LOKALA~1\Temp\DX9\SessionLauncher.exe (file missing)

jlpjlp · Answer

ok il faut brancher les disques externes (clé usb...) car elles sont touchées et vont infectées les autres ordi ___________________ Pour fusionner: http://img.photobucket.com/albums/v666/sUBs/CFScript.gif _______________ telecharge combofix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe Sauvegarde le sur ton bureau et pas ailleurs ! _________________ Ferme tous tes navigateurs (donc copie ou imprime les instructions avant) Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes : File:: C:\windows\pp04.exe C:\WINDOWS\WIN31.dll.vbs C:\windows\ld02.exe C:\WINDOWS\system32\dll32.dll C:\WIN31.dll.vbs Registry:: [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "mcafee"= - "sysldtray"=- "pp"=- [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7e8d9558-0343-11de-8dfc-806d6172696f}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7e8d955a-0343-11de-8dfc-806d6172696f}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b37a78fd-05b4-11de-8ec0-0014a44de4bd}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d3619036-170d-11de-8ee7-0014a44de4bd}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d5897f8e-0724-11de-8ec6-0014a44de4bd}] Enregistre ce fichier sous le nom CFscript Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer. Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide. Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal! Ne touche à rien tant que le scan n'est pas terminé. Une fois le scan achevé, un rapport va s'afficher: poste son contenu. Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt ________________________ Télécharge RavAntivirus d'Evosla : http://ww25.evosla.com/compteur.php?soft=rav_antivirus # Si tu as une clé USB, disque dur externe, etc, branche-les sans les ouvrir avant de lancer ce FIX # Fais un clic droit sur le fichier .ZIP > Extraire sur > le Bureau # Doucle-clique sur >> RAV.exe << afin de lancer l'outil. # Une fois RAV ANTIVIRUS lancé, laisse-le réagir , il scanne automatiquement tout les lecteurs (disques fixes et amovibles) # Si infection > un log s'établira, sinon le soft affichera (très rapide) ==>Votre Ordinateur est sain . # Retire tes disques amovibles et redémarrez votre ordinateur. # Poste le rapport, si infection! 2/ Télécharge sur le bureau Flash Disinfector (de SUBS) à cette adresse : http://www.techsupportforum.com/sectools/sUBs/Flash_Disinfector.exe Double-clique sur l’icône. Les icônes vont disparaître. C’est normal. Si un rapport est généré en cas d'infection, sauvegarde-le sur le bureau, et poste le ensuite Redémarre ensuite le PC. _________________ rq: internet explorer 8 est sorti!

Dorian · Answer

Re, :) Premierement, un grand merci pour ton aide, c'est super sympa! :) Desole, sa m'a prit un peu de temps de faire tout ca (surtout avec Windows en Suedois!) :) Donc, pour Combofix, je te post le log ci-dessous. Les deux autres logiciels n'ont rien detecter d'anormal! Donc pas de logs disponibles. Par contre, je me suis fait une frayeur car quand j'ai copier/coller les lignes que tu m'a donner pour faire un fichier texte, j'ai oublier de mettre la premiere ligne: "File::" Et du coup, sa m'a sortit tout un tas de trucs bizarres la premiere fois que j'ai lancer Combofix avec pleins de demandes de confirmation en suedois et je pense qu'il s'agissait de quelque chose comme reformater Windows. Apres avoir plusieurs fois dit "oui" "oui" "oui", a un moment j'ai annuler, pensant que quelque chose etait bizarre vu que tu m'avais dit que je ne devais voir normalement que l'option 1 pour valider et l'option 2 pour annuler. Finalement, la deusieme fois sa a tres bien marcher tout seul, automatiquement (meme pas eu besoin de faire 1). Mais je viens de remarquer deux choses. La premiere c'est que maintenant quand je demarre l'ordi, il me propose pendant 3 secondes deux types de windows. Windows XP Pro (normal quoi) mais aussi Windows Restore System ou au truc comme ca... Et la 2eme chose, c'est qu'au demarrage sa m'ouvre un message d'erreur sur un fichier dll. Enfin bon, voyons deja cette histoire de virus, je vais pas t'innonder avec 1000 problemes non plus! :) Donc le log de Combofix: "ComboFix 09-03-23.01 - Dorian 2009-03-24 16:36:13.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1053.18.1278.645 [GMT 1:00] Körs från: c:\documents and settings\Dorian\Skrivbord\ComboFix.exe Använda kommandoväxlar :: c:\documents and settings\Dorian\Skrivbord\CFscript.txt AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) * Skapade en ny återställningspunkt FILE :: C:\WIN31.dll.vbs c:\windows\ld02.exe c:\windows\pp04.exe c:\windows\system32\dll32.dll c:\windows\WIN31.dll.vbs . ((((((((((((((((((((((((((((((((((((((( Andra raderingar )))))))))))))))))))))))))))))))))))))))))))))))) . C:\autorun.inf C:\WIN31.dll.vbs c:\windows\ld02.exe c:\windows\pp04.exe c:\windows\system32\dll32.dll c:\windows\system32\pthreadGC2.dll c:\windows\WIN31.dll.vbs D:\Autorun.inf D:\WIN31.dll.vbs G:\autorun.inf G:\WIN31.dll.vbs H:\autorun.inf H:\WIN31.dll.vbs . (((((((((((((((((((((((( Filer Skapade från 2009-02-24 till 2009-03-24 )))))))))))))))))))))))))))))) . 2009-03-24 15:52 . 2009-03-24 15:57 d-------- C: sit 2009-03-24 15:25 . 2009-03-24 15:25 d-------- c:\program\Trend Micro 2009-03-24 14:23 . 2009-03-24 15:21 d-------- c:\program\Navilog1 2009-03-24 13:01 . 2009-03-24 14:26 d--h----- C:\$AVG8.VAULT$ 2009-03-24 12:57 . 2009-03-24 14:07 d-------- c:\windows\system32\drivers\Avg 2009-03-24 12:57 . 2009-03-24 12:57 325,640 --a------ c:\windows\system32\drivers\avgldx86.sys 2009-03-24 12:57 . 2009-03-24 12:57 107,912 --a------ c:\windows\system32\drivers\avgtdix.sys 2009-03-24 12:57 . 2009-03-24 12:57 10,520 --a------ c:\windows\system32\avgrsstx.dll 2009-03-24 12:56 . 2009-03-24 12:56 d-------- c:\program\AVG 2009-03-24 12:56 . 2009-03-24 14:26 d-------- c:\documents and settings\All Users\Application Data\avg8 2009-03-23 16:58 . 2009-03-23 16:59 d-------- c:\documents and settings\Dorian\Application Data\U3 2009-03-23 15:20 . 2009-03-23 15:20 1 --a------ c:\windows\9g234sdfdfgjf23 2009-03-23 15:20 . 2009-03-23 15:20 0 --a------ c:\windows\system32 fr.gpref 2009-03-23 15:20 . 2009-03-23 15:20 0 --a------ c:\windows\system32 fr.assembly 2009-03-23 10:18 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll 2009-03-23 10:18 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll 2009-03-23 10:18 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui 2009-03-15 16:14 . 2009-03-15 16:14 d-------- c:\documents and settings\Dorian\Application Data\dvdcss 2009-03-12 16:22 . 2009-03-12 16:22 d-------- c:\program\IrfanView 2009-03-11 16:56 . 2009-03-24 16:07 d-------- c:\documents and settings\Dorian\Application Data\skypePM 2009-03-11 16:54 . 2009-03-24 16:36 d-------- c:\documents and settings\Dorian\Application Data\Skype 2009-03-11 12:33 . 2009-03-11 12:33 d-------- c:\windows\Sun 2009-03-11 12:31 . 2009-03-11 12:31 d-------- c:\program\Java 2009-03-11 12:31 . 2009-03-11 12:31 410,984 --a------ c:\windows\system32\deploytk.dll 2009-03-11 12:31 . 2009-03-11 12:31 73,728 --a------ c:\windows\system32\javacpl.cpl 2009-03-10 20:16 . 2009-03-11 22:40 d-------- c:\program\SopCast 2009-03-10 20:10 . 2009-03-10 20:10 d-------- c:\program\TVAnts 2009-03-10 13:06 . 2009-03-10 13:06 d-------- c:\documents and settings\LocalService\Application Data\DivX 2009-03-10 13:03 . 2009-03-19 13:06 d-------- c:\documents and settings\Dorian\Application Data\BitTorrent 2009-03-10 10:45 . 2009-03-10 10:45 d-------- c:\program\K-Lite Codec Pack 2009-03-10 10:45 . 2009-03-10 10:45 d-------- c:\program\Gabest 2009-03-10 10:45 . 2008-11-06 17:37 3,596,288 --a------ c:\windows\system32\qt-dx331.dll 2009-03-10 10:45 . 2008-09-24 19:41 839,680 --a------ c:\windows\system32\lameACM.acm 2009-03-10 10:45 . 2008-12-07 19:08 795,648 --a------ c:\windows\system32\xvidcore.dll 2009-03-10 10:45 . 2008-11-06 17:33 684,032 --a------ c:\windows\system32\divx.dll 2009-03-10 10:45 . 2004-01-25 17:18 217,088 --a------ c:\windows\system32\yv12vfw.dll 2009-03-10 10:45 . 2008-12-07 19:08 130,048 --a------ c:\windows\system32\xvidvfw.dll 2009-03-10 10:45 . 2007-09-21 01:52 118,784 --a------ c:\windows\system32\ac3acm.acm 2009-03-10 10:45 . 2008-12-11 01:33 86,016 --a------ c:\windows\system32\dpl100.dll 2009-03-10 10:45 . 2009-02-09 19:56 67,584 --a------ c:\windows\system32\ff_vfw.dll 2009-03-10 10:45 . 2007-07-10 17:10 547 --a------ c:\windows\system32\ff_vfw.dll.manifest 2009-03-10 10:45 . 2008-10-03 13:30 414 --a------ c:\windows\system32\lame_acm.xml 2009-03-10 10:43 . 2009-03-10 10:43 d-------- c:\documents and settings\Dorian\Application Data\Media Player Classic 2009-03-06 16:02 . 2009-03-06 16:02 d-------- c:\documents and settings\Dorian\Application Data\vlc 2009-03-06 15:28 . 2009-03-06 15:28 d-------- c:\program\CONEXANT 2009-03-06 15:28 . 2004-12-15 09:18 1,038,208 --a------ c:\windows\system32\drivers\HSF_DP.sys 2009-03-06 15:28 . 2004-12-15 09:18 703,232 --a------ c:\windows\system32\drivers\HSF_CNXT.sys 2009-03-06 15:28 . 2004-12-15 09:18 200,192 --a------ c:\windows\system32\drivers\HSFHWATI.sys 2009-03-06 15:28 . 2004-12-15 08:52 129,045 --a------ c:\windows\system32\drivers\HSFProf.cty 2009-03-06 15:28 . 2004-10-28 09:29 39,018 --a------ c:\windows\system32\hsfci012.dll 2009-03-06 14:50 . 2009-02-25 15:08 dr------- c:\documents and settings\Jens\Start-meny 2009-03-06 14:50 . 2009-02-25 15:08 d-------- c:\documents and settings\Jens\Skrivbord 2009-03-06 14:50 . 2009-02-25 15:08 d--h----- c:\documents and settings\Jens\Skrivare 2009-03-06 14:50 . 2009-03-06 14:50 d--h----- c:\documents and settings\Jens\Nätverket 2009-03-06 14:50 . 2009-03-06 14:50 dr------- c:\documents and settings\Jens\Mina dokument 2009-03-06 14:50 . 2009-02-25 14:19 d--h----- c:\documents and settings\Jens\Mallar 2009-03-06 14:50 . 2009-03-24 16:38 d--h----- c:\documents and settings\Jens\Lokala inställningar 2009-03-06 14:50 . 2009-03-06 14:50 dr------- c:\documents and settings\Jens\Favoriter 2009-03-06 14:50 . 2009-03-06 14:50 d-------- c:\documents and settings\Jens\Application Data\Roxio 2009-03-06 14:50 . 2009-03-24 12:57 d-------- c:\documents and settings\Jens 2009-03-06 14:42 . 2009-02-25 15:08 dr------- c:\documents and settings\Dorian\Start-meny 2009-03-06 14:42 . 2009-03-24 16:36 d-------- c:\documents and settings\Dorian\Skrivbord 2009-03-06 14:42 . 2009-02-25 15:08 d--h----- c:\documents and settings\Dorian\Skrivare 2009-03-06 14:42 . 2009-03-06 16:00 d--h----- c:\documents and settings\Dorian\Nätverket 2009-03-06 14:42 . 2009-03-10 15:49 dr------- c:\documents and settings\Dorian\Mina dokument 2009-03-06 14:42 . 2009-02-25 14:19 d--h----- c:\documents and settings\Dorian\Mallar 2009-03-06 14:42 . 2009-03-15 16:15 d--h----- c:\documents and settings\Dorian\Lokala inställningar 2009-03-06 14:42 . 2009-03-06 14:42 dr------- c:\documents and settings\Dorian\Favoriter 2009-03-06 14:42 . 2009-03-06 14:42 d-------- c:\documents and settings\Dorian\Application Data\Roxio 2009-03-06 14:42 . 2009-03-06 14:42 d-------- c:\documents and settings\Dorian 2009-03-06 14:37 . 2009-02-25 15:08 dr------- c:\documents and settings\Chiristina\Start-meny 2009-03-06 14:37 . 2009-02-25 15:08 d-------- c:\documents and settings\Chiristina\Skrivbord 2009-03-06 14:37 . 2009-02-25 15:08 d--h----- c:\documents and settings\Chiristina\Skrivare 2009-03-06 14:37 . 2009-03-06 14:41 d--h----- c:\documents and settings\Chiristina\Nätverket 2009-03-06 14:37 . 2009-03-06 14:37 dr------- c:\documents and settings\Chiristina\Mina dokument 2009-03-06 14:37 . 2009-02-25 14:19 d--h----- c:\documents and settings\Chiristina\Mallar 2009-03-06 14:37 . 2009-03-24 16:38 d--h----- c:\documents and settings\Chiristina\Lokala inställningar 2009-03-06 14:37 . 2009-03-06 14:37 dr------- c:\documents and settings\Chiristina\Favoriter 2009-03-06 14:37 . 2009-03-06 14:37 d-------- c:\documents and settings\Chiristina\Application Data\Roxio 2009-03-06 14:37 . 2009-03-24 12:57 d-------- c:\documents and settings\Chiristina 2009-03-06 14:22 . 2009-03-06 14:22 d-------- c:\documents and settings\Julio 2009-02-28 19:14 . 2009-03-06 11:47 d-------- c:\documents and settings\Administratör\Application Data\skypePM 2009-02-28 19:14 . 2009-02-28 19:14 56 --ah----- c:\windows\system32\ezsidmv.dat 2009-02-28 19:12 . 2009-02-28 19:12 dr------- c:\program\Skype 2009-02-28 19:12 . 2009-02-28 19:12 d-------- c:\program\Delade filer\Skype 2009-02-28 19:12 . 2009-02-28 19:12 d-------- c:\documents and settings\All Users\Application Data\Skype 2009-02-28 19:12 . 2009-03-06 13:39 d-------- c:\documents and settings\Administratör\Application Data\Skype 2009-02-27 16:37 . 2009-02-27 16:37 d-------- c:\program\MSXML 4.0 2009-02-27 13:54 . 2009-03-02 13:51 d-------- c:\documents and settings\Administratör\Application Data\dvdcss 2009-02-27 12:11 . 2009-02-27 12:19 23,392 --a------ c:\windows\system32 scompat.tlb 2009-02-27 12:11 . 2009-02-27 12:19 16,832 --a------ c:\windows\system32\amcompat.tlb 2009-02-27 12:00 . 2009-02-27 12:00 d-------- c:\program\Delade filer\Adobe AIR 2009-02-27 11:58 . 2009-03-16 15:18 d-------- c:\program\Delade filer\Adobe 2009-02-27 11:56 . 2009-02-27 12:11 d-------- c:\program\NOS 2009-02-27 11:56 . 2009-02-27 12:11 d-------- c:\documents and settings\All Users\Application Data\NOS 2009-02-27 11:52 . 2009-03-04 16:27 d-------- c:\documents and settings\Administratör\Application Data\BitTorrent 2009-02-27 11:51 . 2009-03-06 12:39 d-------- c:\program\DNA 2009-02-27 11:51 . 2009-02-27 11:51 d-------- c:\program\BitTorrent 2009-02-27 11:51 . 2009-03-06 14:21 d-------- c:\documents and settings\Administratör\Application Data\DNA 2009-02-27 11:45 . 2009-02-27 11:45 d-------- C:\VersalSoft 2009-02-27 11:44 . 2009-02-27 11:44 d-------- c:\program\VersalSoft 2009-02-27 11:44 . 2009-02-27 11:44 d-------- C:\Program Files 2009-02-27 11:42 . 2009-02-27 11:42 d-------- c:\documents and settings\Administratör\Application Data\vlc 2009-02-27 11:41 . 2009-02-27 11:41 d-------- c:\program\VideoLAN 2009-02-27 11:32 . 2009-02-27 11:32 d-------- c:\documents and settings\All Users\Application Data\TVU Networks 2009-02-27 11:31 . 2009-02-27 11:32 d-------- c:\program\TVUPlayer 2009-02-27 11:31 . 2009-02-27 11:31 d-------- c:\documents and settings\Administratör\LocalLow 2009-02-27 11:31 . 2009-02-27 11:31 d-------- c:\documents and settings\Administratör\LocalLow 2009-02-27 11:20 . 2008-04-13 19:45 60,032 --a------ c:\windows\system32\drivers\USBAUDIO.sys 2009-02-27 11:20 . 2008-04-13 19:45 60,032 --a------ c:\windows\system32\dllcache\usbaudio.sys 2009-02-27 11:20 . 2008-04-13 19:45 32,128 --a------ c:\windows\system32\drivers\usbccgp.sys 2009-02-27 11:20 . 2008-04-13 19:45 32,128 --a------ c:\windows\system32\dllcache\usbccgp.sys 2009-02-27 11:20 . 2008-04-14 17:04 21,504 --a------ c:\windows\system32\hidserv.dll 2009-02-27 11:20 . 2008-04-14 17:04 21,504 --a------ c:\windows\system32\dllcache\hidserv.dll 2009-02-27 11:12 . 2009-02-27 11:12 0 --a------ c:\windows sreg.dat 2009-02-26 14:28 . 2009-02-26 14:28 d-------- c:\windows\system32\xircom 2009-02-26 14:28 . 2009-02-26 14:28 d-------- c:\program\microsoft frontpage 2009-02-26 14:19 . 2009-02-26 14:19 d-------- c:\windows\system32\sv 2009-02-26 14:19 . 2009-02-26 14:19 d-------- c:\windows\system32\bits 2009-02-26 14:19 . 2009-02-26 14:19 d-------- c:\windows\l2schemas 2009-02-26 14:15 . 2009-02-26 14:15 d-------- c:\windows\ServicePackFiles 2009-02-26 10:18 . 2006-10-26 19:56 32,592 --a------ c:\windows\system32\msonpmon.dll 2009-02-26 10:17 . 2009-02-26 10:17 d-------- c:\program\MSBuild 2009-02-26 10:17 . 2009-02-26 10:17 d-------- c:\program\Microsoft Works 2009-02-26 10:16 . 2009-02-26 10:16 d-------- c:\program\Microsoft.NET . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-06 15:02 --------- d-----w c:\documents and settings\Dorian\Application Data\vlc 2009-02-27 11:18 --------- d-----w c:\program\Windows Media Connect 2 2009-02-27 10:42 --------- d-----w c:\documents and settings\Administratör\Application Data\vlc 2009-02-26 08:37 --------- d-----w c:\program\Delade filer\InstallShield 2009-02-25 13:50 10,170 ----a-w C:\hwids.dat 2009-02-25 13:22 --------- d-----w c:\program\Onlinetjänster 2009-02-09 14:07 1,846,784 ----a-w c:\windows\system32\win32k.sys 2009-02-09 14:07 1,846,784 ------w c:\windows\system32\dllcache\win32k.sys 2009-01-16 20:31 3,594,752 ------w c:\windows\system32\dllcache\mshtml.dll . (((((((((((((((((((((((((((((((((( Startpunkter i registret ))))))))))))))))))))))))))))))))))))))))))))))) . . *Not* Tomma poster & legitima standardposter visas inte. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "dll"="dll32" [X] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "Skype"="c:\program\Skype\Phone\Skype.exe" [2009-02-04 23975720] "ISUSScheduler"="c:\program\Delade filer\InstallShield\UpdateService\issch.exe" [2006-09-11 86960] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RoxWatchTray"="c:\program\Delade filer\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [2007-08-24 240112] "DMXLauncher"="c:\program\Roxio\CinePlayer\DMXLauncher.exe" [2007-08-14 113136] "GrooveMonitor"="c:\program\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648] "InternetDownload_upgrade"="c:\program\VersalSoft\InternetDownload\InternetDownload.exe" [2009-01-05 361472] "SunJavaUpdateSched"="c:\program\Java\jre6\bin\jusched.exe" [2009-03-11 148888] "Adobe Reader Speed Launcher"="c:\program\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "AVG8_TRAY"="c:\program\AVG\AVG8\avgtray.exe" [2009-03-24 1932568] "SoundMan"="SOUNDMAN.EXE" [2006-08-03 c:\windows\SOUNDMAN.EXE] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_3"="advpack.dll" [2008-12-21 c:\windows\system32\advpack.dll] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon otify\avgrsstarter] 2009-03-24 12:57 10520 c:\windows\system32\avgrsstx.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\Network Diagnostic\xpnetdiag.exe"= "%windir%\system32\sessmgr.exe"= "c:\Program\Microsoft Office\Office12\OUTLOOK.EXE"= "c:\Program\Microsoft Office\Office12\GROOVE.EXE"= "c:\Program\Microsoft Office\Office12\ONENOTE.EXE"= "c:\Program\TVUPlayer\TVUPlayer.exe"= "c:\Program\DNA\btdna.exe"= "c:\Program\BitTorrent\bittorrent.exe"= "c:\Program\TVAnts\Tvants.exe"= "c:\Program\SopCast\SopCast.exe"= "c:\Program\SopCast\adv\SopAdver.exe"= "c:\Program\Skype\Phone\Skype.exe"= "c:\Program\AVG\AVG8\avgupd.exe"= "c:\Program\AVG\AVG8\avgnsx.exe"= "c:\Program\Mozilla Firefox\firefox.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "80:TCP"= 80:TCP:dll32 "7171:TCP"= 7171:TCP:dll32 R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-03-24 325640] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-03-24 107912] R2 avg8wd;AVG Free8 WatchDog;c:\program\AVG\AVG8\avgwdsvc.exe [2009-03-24 298264] R2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program\Delade filer\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2007-08-24 166384] R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2009-03-06 200192] R3 RoxMediaDB10;RoxMediaDB10;c:\program\Delade filer\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2007-08-24 1083888] S2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program\Roxio\Digital Home 10\RoxioUpnpService10.exe [2007-08-24 362992] S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program\Delade filer\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2007-08-24 309744] S2 SessionLauncher;SessionLauncher;c:\docume~1\ADMINI~1\LOKALA~1\Temp\DX9\SessionLauncher.exe --> c:\docume~1\ADMINI~1\LOKALA~1\Temp\DX9\SessionLauncher.exe [?] S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2007-08-24 72176] --- Övriga tjänster/drivrutiner i minnet --- *NewlyCreated* - AVG8WD *NewlyCreated* - AVGLDX86 *NewlyCreated* - AVGMFX86 *NewlyCreated* - AVGTDIX [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F] \Shell\AutoRun\command - F:\LaunchU3.exe -a . . ------- Extra genomsökning ------- . uInternet Settings,ProxyServer = http=localhost:7171 uInternet Settings,ProxyOverride = *.local; IE: E&xportera till Microsoft Excel - c:\program\MICROS~1\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Dorian\Application Data\Mozilla\Firefox\Profiles\74ey4uwe.default\ FF - prefs.js: browser.startup.homepage - google.com FF - prefs.js: network.proxy.http - localhost FF - prefs.js: network.proxy.http_port - 7171 FF - prefs.js: network.proxy.type - 1 FF - component: c:\program\AVG\AVG8\Firefox\components\avgssff.dll FF - component: c:\program\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll FF - plugin: c:\program\Mozilla Firefox\plugins p-mswmp.dll FF - plugin: c:\program\Mozilla Firefox\plugins pbittorrent.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-24 16:38:16 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLer som "laddats" under processer som körs --------------------- - - - - - - - > 'winlogon.exe'(880) c:\windows\system32\Ati2evxx.dll . Sluttid: 2009-03-24 16:39:45 ComboFix-quarantined-files.txt 2009-03-24 15:39:40 Före genomsökningen: 21 078 528 000 byte ledigt Efter genomsökningen: 21,115,666,432 byte ledigt 266 --- E O F --- 2009-03-23 10:14:34" UN GRAND MERCI!

Dorian · Answer

Et pour IE, en fait j'utilise toujours Firefox donc j'ai pas du tout suivit les updates.
Encore un grand merci, et j'espere que tu m'aideras a regler tres vite le probleme! :)

jlpjlp · Answer

Et la 2eme chose, c'est qu'au demarrage sa m'ouvre un message d'erreur sur un fichier dll. 


quel fichier??

____________

analyse ces fichiers sur virus total :  https://www.virustotal.com/gui/

c:\windows\9g234sdfdfgjf23
c:\windows\system32
fr.gpref
c:\windows\system32
fr.assembly 

et colle les rapports

________________

puis remets un rapport RSIT

Dorian · Answer

Il me semble que c'est le fichier "Auto-Run" puisque desormais quand je connecte une cle usb sa ne la lit pas directement, je dois l'ouvrir manuellement depuis poste de travail.

Pour les rapports:
_ c:\windows\9g234sdfdfgjf23: http://www.virustotal.com/fr/analisis/4b236820bfd9551043075062ecd9f334
_ c:\windows\system32
fr.gpref : il me dit que le fichier est vide
_ c:\windows\system32
fr.assembly: idem

Je fais un rapport RSIT asap et je le mettrais la!

jlpjlp · Answer

attends

Dorian · Answer

Log:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Dorian at 2009-03-24 17:47:16
Microsoft Windows XP Professional Service Pack 3
System drive C: has 20 GB (47%) free of 42 GB
Total RAM: 1278 MB (43% free)

HijackThis download failed

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program\AVG\AVG8\avgssie.dll [2009-03-24 1078552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4322A444-92F8-4C3E-BD4C-013BA51E2871}]
E-Zsoft VideoDownloaderToolBar - C:\Program\VersalSoft\InternetDownload\VDTB.dll [2009-01-05 43008]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program\Google\Google Toolbar\GoogleToolbar.dll [2009-03-06 251504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2009-03-06 657904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll [2009-03-06 522224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program\Java\jre6\bin\jp2ssv.dll [2009-03-11 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-11 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{4322A444-92F8-4C3E-BD4C-013BA51E2871} - E-Zsoft VideoDownloaderToolBar - C:\Program\VersalSoft\InternetDownload\VDTB.dll [2009-01-05 43008]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google Toolbar - C:\Program\Google\Google Toolbar\GoogleToolbar.dll [2009-03-06 251504]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2006-08-03 577536]
"RoxWatchTray"=C:\Program\Delade filer\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe [2007-08-24 240112]
"DMXLauncher"=C:\Program\Roxio\CinePlayer\DMXLauncher.exe [2007-08-14 113136]
"GrooveMonitor"=C:\Program\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]
"InternetDownload_upgrade"=C:\Program\VersalSoft\InternetDownload\InternetDownload.exe [2009-01-05 361472]
"SunJavaUpdateSched"=C:\Program\Java\jre6\bin\jusched.exe [2009-03-11 148888]
"Adobe Reader Speed Launcher"=C:\Program\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"AVG8_TRAY"=C:\Program\AVG\AVG8\avgtray.exe [2009-03-24 1932568]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Skype"=C:\Program\Skype\Phone\Skype.exe [2009-02-04 23975720]
"ISUSScheduler"=C:\Program\Delade filer\InstallShield\UpdateService\issch.exe [2006-09-11 86960]
"dll"=rundll32 dll32,sm []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-12-17 110592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-03-24 10520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 267304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=36
"NoDriveAutoRun"=FFFFFFFF
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program\Microsoft Office\Office12\GROOVE.EXE"="C:\Program\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program\TVUPlayer\TVUPlayer.exe"="C:\Program\TVUPlayer\TVUPlayer.exe:*:Enabled:TVUPlayer Component"
"C:\Program\DNA\btdna.exe"="C:\Program\DNA\btdna.exe:*:Enabled:DNA"
"C:\Program\BitTorrent\bittorrent.exe"="C:\Program\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program\TVAnts\Tvants.exe"="C:\Program\TVAnts\Tvants.exe:*:Disabled:TVAnts"
"C:\Program\SopCast\SopCast.exe"="C:\Program\SopCast\SopCast.exe:*:Disabled:SopCast Main Application"
"C:\Program\SopCast\adv\SopAdver.exe"="C:\Program\SopCast\adv\SopAdver.exe:*:Disabled:SopCast Adver"
"C:\Program\Skype\Phone\Skype.exe"="C:\Program\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program\AVG\AVG8\avgupd.exe"="C:\Program\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program\AVG\AVG8\avgnsx.exe"="C:\Program\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program\Mozilla Firefox\firefox.exe"="C:\Program\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{38a5b4ac-188e-11de-8eee-0014a44de4bd}]
shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d5897f8e-0724-11de-8ec6-0014a44de4bd}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe WIN31.dll.vbs


======List of files/folders created in the last 1 months======

2009-03-24 17:47:16 ----D---- C:sit
2009-03-24 17:08:19 ----SHD---- C:\RECYCLER
2009-03-24 16:56:55 ----RASHD---- C:\autorun.inf
2009-03-24 16:39:49 ----D---- C:\WINDOWS	emp
2009-03-24 16:39:47 ----A---- C:\ComboFix.txt
2009-03-24 16:35:19 ----A---- C:\WINDOWS\NIRCMD.exe
2009-03-24 16:21:07 ----A---- C:\Boot.bak
2009-03-24 16:21:01 ----RASHD---- C:\cmdcons
2009-03-24 16:18:27 ----A---- C:\WINDOWS\zip.exe
2009-03-24 16:18:27 ----A---- C:\WINDOWS\VFIND.exe
2009-03-24 16:18:27 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-03-24 16:18:27 ----A---- C:\WINDOWS\SWSC.exe
2009-03-24 16:18:27 ----A---- C:\WINDOWS\SWREG.exe
2009-03-24 16:18:27 ----A---- C:\WINDOWS\sed.exe
2009-03-24 16:18:27 ----A---- C:\WINDOWS\grep.exe
2009-03-24 16:18:27 ----A---- C:\WINDOWS\fdsv.exe
2009-03-24 16:18:16 ----D---- C:\WINDOWS\ERDNT
2009-03-24 16:17:54 ----AD---- C:\Qoobox
2009-03-24 15:25:47 ----D---- C:\Program\Trend Micro
2009-03-24 14:23:35 ----D---- C:\Program\Navilog1
2009-03-24 13:01:07 ----HD---- C:\$AVG8.VAULT$
2009-03-24 12:57:27 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2009-03-24 12:56:55 ----D---- C:\Program\AVG
2009-03-24 12:56:54 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2009-03-23 16:58:48 ----D---- C:\Documents and Settings\Dorian\Application Data\U3
2009-03-23 10:18:23 ----A---- C:\WINDOWS\system32\muweb.dll
2009-03-23 10:18:23 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2009-03-23 10:18:22 ----A---- C:\WINDOWS\system32\mucltui.dll
2009-03-15 16:14:07 ----D---- C:\Documents and Settings\Dorian\Application Data\dvdcss
2009-03-12 16:22:04 ----D---- C:\Program\IrfanView
2009-03-11 16:56:16 ----D---- C:\Documents and Settings\Dorian\Application Data\skypePM
2009-03-11 16:54:41 ----D---- C:\Documents and Settings\Dorian\Application Data\Skype
2009-03-11 12:33:28 ----D---- C:\WINDOWS\Sun
2009-03-11 12:31:55 ----A---- C:\WINDOWS\system32\javaws.exe
2009-03-11 12:31:55 ----A---- C:\WINDOWS\system32\javaw.exe
2009-03-11 12:31:55 ----A---- C:\WINDOWS\system32\java.exe
2009-03-11 12:31:55 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-03-11 12:31:35 ----D---- C:\Program\Java
2009-03-11 12:30:53 ----D---- C:\Documents and Settings\Dorian\Application Data\Sun
2009-03-11 12:00:53 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-03-11 12:00:48 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-03-11 12:00:42 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2009-03-11 12:00:15 ----HDC---- C:\WINDOWS\$NtUninstallKB959772_WM11$
2009-03-10 20:16:06 ----D---- C:\Program\SopCast
2009-03-10 20:10:52 ----D---- C:\Program\TVAnts
2009-03-10 13:03:33 ----D---- C:\Documents and Settings\Dorian\Application Data\BitTorrent
2009-03-10 10:45:55 ----D---- C:\Program\Gabest
2009-03-10 10:45:13 ----A---- C:\WINDOWS\system32\yv12vfw.dll
2009-03-10 10:45:12 ----A---- C:\WINDOWS\system32\xvidvfw.dll
2009-03-10 10:45:12 ----A---- C:\WINDOWS\system32\xvidcore.dll
2009-03-10 10:45:12 ----A---- C:\WINDOWS\system32\qt-dx331.dll
2009-03-10 10:45:12 ----A---- C:\WINDOWS\system32\dpl100.dll
2009-03-10 10:45:06 ----A---- C:\WINDOWS\system32\divx.dll
2009-03-10 10:45:05 ----A---- C:\WINDOWS\system32\ff_vfw.dll.manifest
2009-03-10 10:45:05 ----A---- C:\WINDOWS\system32\ff_vfw.dll
2009-03-10 10:45:02 ----D---- C:\Program\K-Lite Codec Pack
2009-03-10 10:43:51 ----D---- C:\Documents and Settings\Dorian\Application Data\Media Player Classic
2009-03-10 10:43:50 ----A---- C:\WINDOWS\system32egsvr32.exe.log
2009-03-06 16:05:08 ----D---- C:\Documents and Settings\Dorian\Application Data\Macromedia
2009-03-06 16:05:07 ----D---- C:\Documents and Settings\Dorian\Application Data\Adobe
2009-03-06 16:04:36 ----D---- C:\Documents and Settings\Dorian\Application Data\Mozilla
2009-03-06 16:02:50 ----D---- C:\Documents and Settings\Dorian\Application Data\vlc
2009-03-06 15:28:32 ----D---- C:\Program\CONEXANT
2009-03-06 15:28:22 ----A---- C:\WINDOWS\system32\hsfci012.dll
2009-03-06 15:27:39 ----D---- C:\Documents and Settings\Dorian\Application Data\WinRAR
2009-03-06 14:42:57 ----D---- C:\Documents and Settings\Dorian\Application Data\Google
2009-03-06 14:42:40 ----D---- C:\Documents and Settings\Dorian\Application Data\Roxio
2009-03-06 14:42:30 ----D---- C:\Documents and Settings\Dorian\Application Data\Identities
2009-03-06 14:42:24 ----SD---- C:\Documents and Settings\Dorian\Application Data\Microsoft
2009-03-06 14:42:24 ----ASH---- C:\Documents and Settings\Dorian\Application Data\desktop.ini
2009-02-28 19:12:40 ----D---- C:\Program\Delade filer\Skype
2009-02-28 19:12:36 ----RD---- C:\Program\Skype
2009-02-28 19:12:27 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2009-02-27 16:38:07 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2009-02-27 16:37:32 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2009-02-27 16:37:19 ----D---- C:\Program\MSXML 4.0
2009-02-27 12:19:19 ----N---- C:\WINDOWS\system32\spmsg.dll
2009-02-27 12:18:47 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2009-02-27 12:17:47 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2009-02-27 12:00:12 ----D---- C:\Program\Delade filer\Adobe AIR
2009-02-27 11:59:06 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-02-27 11:58:56 ----D---- C:\Program\Delade filer\Adobe
2009-02-27 11:58:56 ----D---- C:\Program\Adobe
2009-02-27 11:56:20 ----D---- C:\Program\NOS
2009-02-27 11:56:20 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2009-02-27 11:51:34 ----D---- C:\Program\DNA
2009-02-27 11:51:29 ----D---- C:\Program\BitTorrent
2009-02-27 11:45:09 ----D---- C:\VersalSoft
2009-02-27 11:44:58 ----D---- C:\Program\VersalSoft
2009-02-27 11:44:52 ----D---- C:\Program Files
2009-02-27 11:41:25 ----D---- C:\Program\VideoLAN
2009-02-27 11:32:03 ----D---- C:\Documents and Settings\All Users\Application Data\TVU Networks
2009-02-27 11:31:52 ----D---- C:\Program\TVUPlayer
2009-02-27 11:20:40 ----A---- C:\WINDOWS\system32\hidserv.dll
2009-02-27 11:11:28 ----D---- C:\Program\Mozilla Firefox
2009-02-26 14:28:05 ----D---- C:\WINDOWS\system32\xircom
2009-02-26 14:28:05 ----D---- C:\Program\xerox
2009-02-26 14:28:04 ----D---- C:\Program\microsoft frontpage
2009-02-26 14:27:58 ----D---- C:\WINDOWS\Prefetch
2009-02-26 14:25:46 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-02-26 14:25:34 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-02-26 14:25:26 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-02-26 14:25:18 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-02-26 14:25:08 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2009-02-26 14:24:59 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-02-26 14:24:51 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-02-26 14:24:40 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-02-26 14:24:31 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-02-26 14:24:24 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2009-02-26 14:24:16 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-02-26 14:24:07 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-02-26 14:23:57 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-02-26 14:23:50 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2009-02-26 14:23:42 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-02-26 14:23:33 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-02-26 14:23:25 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-02-26 14:23:17 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-02-26 14:23:06 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-02-26 14:22:58 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2009-02-26 14:19:13 ----D---- C:\WINDOWS\system32\sv
2009-02-26 14:19:13 ----D---- C:\WINDOWS\l2schemas
2009-02-26 14:19:12 ----D---- C:\WINDOWS\system32\bits
2009-02-26 14:15:47 ----D---- C:\WINDOWS\ServicePackFiles
2009-02-26 14:12:12 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-02-26 14:09:30 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-02-26 14:01:17 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2009-02-26 10:26:45 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2009-02-26 10:26:28 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2009-02-26 10:26:11 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2009-02-26 10:25:48 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP11$
2009-02-26 10:18:39 ----A---- C:\WINDOWS\system32\msonpmon.dll
2009-02-26 10:17:37 ----D---- C:\Program\Microsoft Works
2009-02-26 10:17:25 ----D---- C:\Program\MSBuild
2009-02-26 10:17:00 ----D---- C:\Program\Microsoft Visual Studio
2009-02-26 10:17:00 ----D---- C:\Program\Delade filer\DESIGNER
2009-02-26 10:16:10 ----D---- C:\Program\Microsoft.NET
2009-02-26 10:13:11 ----D---- C:\Program\Microsoft Visual Studio 8
2009-02-26 10:12:17 ----D---- C:\WINDOWS\SHELLNEW
2009-02-26 10:12:01 ----D---- C:\Program\Microsoft Office
2009-02-26 10:12:00 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-02-26 10:11:35 ----RHD---- C:\MSOCache
2009-02-26 10:02:44 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-02-26 10:02:40 ----D---- C:\Program\Your Uninstaller 2008
2009-02-26 09:53:44 ----D---- C:\Program\InterActual
2009-02-26 09:41:46 ----D---- C:\Documents and Settings\All Users\Application Data\Sonic
2009-02-26 09:39:52 ----D---- C:\Documents and Settings\All Users\Application Data\Roxio
2009-02-26 09:38:50 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2009-02-26 09:38:37 ----D---- C:\Program\Google
2009-02-26 09:38:19 ----D---- C:\Program\Delade filer\Sonic Shared
2009-02-26 09:38:06 ----D---- C:\Program\Delade filer\Roxio Shared
2009-02-26 09:37:59 ----D---- C:\Program\InstallShield Installation Information
2009-02-26 09:37:55 ----D---- C:\Program\SmartSound Software
2009-02-26 09:37:55 ----D---- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
2009-02-26 09:37:44 ----D---- C:\Documents and Settings\All Users\Application Data\InstallShield
2009-02-26 09:37:43 ----D---- C:\Program\Roxio
2009-02-26 09:36:38 ----A---- C:\WINDOWS\system32\d3dx10_33.dll
2009-02-26 09:36:38 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll
2009-02-26 09:36:34 ----A---- C:\WINDOWS\system32\d3dx9_33.dll
2009-02-26 09:27:57 ----D---- C:\Documents and Settings\All Users\Application Data\ESET
2009-02-26 09:25:35 ----D---- C:\Program\Total Video Converter
2009-02-26 09:24:54 ----D---- C:\Program\WinRAR
2009-02-26 09:17:27 ----D---- C:\programas para trabajar
2009-02-25 15:17:15 ----A---- C:\WINDOWS\system32\h323log.txt
2009-02-25 15:13:48 ----A---- C:\WINDOWS\system32\wshirda.dll
2009-02-25 15:13:48 ----A---- C:\WINDOWS\system32\irmon.dll
2009-02-25 15:13:48 ----A---- C:\WINDOWS\system32\irftp.exe
2009-02-25 15:13:24 ----A---- C:\WINDOWS\system32\ksuser.dll
2009-02-25 15:13:14 ----A---- C:\WINDOWS\system32\usbui.dll
2009-02-25 15:09:27 ----A---- C:\WINDOWS\imsins.BAK
2009-02-25 15:09:24 ----SHD---- C:\WINDOWS\Installer
2009-02-25 15:09:24 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-02-25 15:09:22 ----D---- C:\Program\Delade filer\ODBC
2009-02-25 15:09:22 ----A---- C:\WINDOWS\ODBCINST.INI
2009-02-25 15:09:17 ----RD---- C:\Program
2009-02-25 15:09:17 ----D---- C:\Program\Delade filer\SpeechEngines
2009-02-25 15:09:17 ----D---- C:\Program\Delade filer\Microsoft Shared
2009-02-25 15:09:17 ----D---- C:\Program\Delade filer
2009-02-25 15:09:09 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2009-02-25 15:09:09 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2009-02-25 15:09:09 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2009-02-25 15:09:07 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2009-02-25 15:09:07 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2009-02-25 15:09:07 ----RA---- C:\WINDOWS\system32\kbdur.dll
2009-02-25 15:09:07 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2009-02-25 15:09:07 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2009-02-25 15:09:07 ----RA---- C:\WINDOWS\system32\kbdru.dll
2009-02-25 15:09:07 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2009-02-25 15:09:07 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2009-02-25 15:09:07 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2009-02-25 15:09:07 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2009-02-25 15:09:07 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2009-02-25 15:09:07 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2009-02-25 15:09:06 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2009-02-25 15:09:06 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2009-02-25 15:09:06 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2009-02-25 15:09:06 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2009-02-25 15:09:06 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2009-02-25 15:09:06 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2009-02-25 15:09:06 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2009-02-25 15:09:05 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2009-02-25 15:09:05 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2009-02-25 15:09:05 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2009-02-25 15:09:05 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2009-02-25 15:09:04 ----RA---- C:\WINDOWS\system32\kbdest.dll
2009-02-25 15:09:01 ----RA---- C:\WINDOWS\system32\kbdycl.dll
2009-02-25 15:09:01 ----RA---- C:\WINDOWS\system32\kbdsl1.dll
2009-02-25 15:09:01 ----RA---- C:\WINDOWS\system32\kbdsl.dll
2009-02-25 15:09:01 ----RA---- C:\WINDOWS\system32\kbdro.dll
2009-02-25 15:09:01 ----RA---- C:\WINDOWS\system32\kbdpl1.dll
2009-02-25 15:09:01 ----RA---- C:\WINDOWS\system32\kbdpl.dll
2009-02-25 15:09:01 ----RA---- C:\WINDOWS\system32\kbdhu1.dll
2009-02-25 15:09:01 ----RA---- C:\WINDOWS\system32\kbdhu.dll
2009-02-25 15:09:01 ----RA---- C:\WINDOWS\system32\kbdcz2.dll
2009-02-25 15:09:01 ----RA---- C:\WINDOWS\system32\kbdcz1.dll
2009-02-25 15:09:01 ----RA---- C:\WINDOWS\system32\kbdcz.dll
2009-02-25 15:09:01 ----RA---- C:\WINDOWS\system32\kbdcr.dll
2009-02-25 15:09:01 ----RA---- C:\WINDOWS\system32\KBDAL.DLL
2009-02-25 15:08:56 ----A---- C:\WINDOWS\system32\irclass.dll
2009-02-25 15:08:56 ----A---- C:\WINDOWS\system32\dgsetup.dll
2009-02-25 15:08:56 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2009-02-25 15:08:55 ----A---- C:\WINDOWS\system32\spxcoins.dll
2009-02-25 15:08:55 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2009-02-25 15:08:53 ----N---- C:\WINDOWS\system32\CONFIG.TMP
2009-02-25 15:08:53 ----A---- C:\WINDOWS\TASKMAN.EXE
2009-02-25 15:08:53 ----A---- C:\WINDOWS\system32\batt.dll
2009-02-25 15:08:53 ----A---- C:\WINDOWS
otepad.exe
2009-02-25 15:08:52 ----A---- C:\WINDOWS\system32\storprop.dll
2009-02-25 15:08:41 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2009-02-25 15:08:24 ----D---- C:\WINDOWS\system32\CatRoot2
2009-02-25 15:08:24 ----D---- C:\WINDOWS\system32\CatRoot
2009-02-25 15:08:18 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-02-25 15:07:46 ----A---- C:\WINDOWS\setuplog.txt
2009-02-25 15:07:43 ----A---- C:\pmtimer.exe
2009-02-25 15:07:43 ----A---- C:\makePNF.exe
2009-02-25 15:07:43 ----A---- C:\DSPdsblr.exe
2009-02-25 15:07:43 ----A---- C:\DPSFNSHR.INI
2009-02-25 15:07:43 ----A---- C:\DPsFnshr.exe
2009-02-25 15:07:42 ----A---- C:\devcon.exe
2009-02-25 15:05:26 ----A---- C:\WINDOWS\system32\RTLCPL.EXE
2009-02-25 15:05:26 ----A---- C:\WINDOWS\SOUNDMAN.EXE
2009-02-25 15:05:12 ----A---- C:\WINDOWS\system32\RTLCPAPI.dll
2009-02-25 15:05:12 ----A---- C:\WINDOWS\Alcrmv.exe
2009-02-25 15:04:12 ----A---- C:\DP_MassStorage_wnt5_x86-32.ini
2009-02-25 15:01:12 ----A---- C:\WINDOWS\system32\Oemdspif.dll
2009-02-25 15:00:49 ----A---- C:\WINDOWS\system32\ativvaxx.dll
2009-02-25 15:00:49 ----A---- C:\WINDOWS\system32\atitvo32.dll
2009-02-25 15:00:49 ----A---- C:\WINDOWS\system32\atipdlxx.dll
2009-02-25 15:00:48 ----A---- C:\WINDOWS\system32\atioglxx.dll
2009-02-25 15:00:48 ----A---- C:\WINDOWS\system32\Atioglgl.dll
2009-02-25 15:00:48 ----A---- C:\WINDOWS\system32\atikvmag.dll
2009-02-25 15:00:48 ----A---- C:\WINDOWS\system32\atiiiexx.dll
2009-02-25 15:00:48 ----A---- C:\WINDOWS\system32\ATIDEMGR.dll
2009-02-25 15:00:48 ----A---- C:\WINDOWS\system32\ATIDDC.DLL
2009-02-25 15:00:48 ----A---- C:\WINDOWS\system32\ati3duag.dll
2009-02-25 15:00:48 ----A---- C:\WINDOWS\system32\ati2evxx.dll
2009-02-25 15:00:48 ----A---- C:\WINDOWS\system32\ati2edxx.dll
2009-02-25 15:00:48 ----A---- C:\WINDOWS\system32\ati2dvag.dll
2009-02-25 15:00:48 ----A---- C:\WINDOWS\system32\ati2cqag.dll
2009-02-25 15:00:45 ----A---- C:\WINDOWS\system32\Ati2mdxx.exe
2009-02-25 15:00:45 ----A---- C:\WINDOWS\system32\ati2evxx.exe
2009-02-25 14:59:10 ----D---- C:\D
2009-02-25 14:58:54 ----SHD---- C:\System Volume Information
2009-02-25 14:58:54 ----D---- C:\Documents and Settings
2009-02-25 14:58:22 ----RASH---- C:\boot.ini
2009-02-25 14:57:55 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2_0$
2009-02-25 14:57:51 ----HDC---- C:\WINDOWS\$NtUninstallKB952954_0$
2009-02-25 14:57:45 ----HDC---- C:\WINDOWS\$NtUninstallKB946648_0$
2009-02-25 14:57:41 ----HDC---- C:\WINDOWS\$NtUninstallKB956803_0$
2009-02-25 14:57:36 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2009-02-25 14:57:31 ----HDC---- C:\WINDOWS\$NtUninstallKB950974_0$
2009-02-25 14:57:26 ----HDC---- C:\WINDOWS\$NtUninstallKB951698_0$
2009-02-25 14:57:21 ----HDC---- C:\WINDOWS\$NtUninstallKB954211_0$
2009-02-25 14:57:07 ----HDC---- C:\WINDOWS\$NtUninstallKB956841_0$
2009-02-25 14:57:01 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2009-02-25 14:56:56 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2009-02-25 14:56:40 ----HDC---- C:\WINDOWS\$NtUninstallKB950762_0$
2009-02-25 14:56:36 ----HDC---- C:\WINDOWS\$NtUninstallKB957097_0$
2009-02-25 14:56:31 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$
2009-02-25 14:56:26 ----HDC---- C:\WINDOWS\$NtUninstallKB958687_0$
2009-02-25 14:56:21 ----HDC---- C:\WINDOWS\$NtUninstallKB952287_0$
2009-02-25 14:56:11 ----HDC---- C:\WINDOWS\$NtUninstallKB967715_0$
2009-02-25 14:56:06 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$
2009-02-25 14:56:01 ----HDC---- C:\WINDOWS\$NtUninstallKB951066_0$
2009-02-25 14:55:54 ----HDC---- C:\WINDOWS\$NtUninstallKB951748_0$
2009-02-25 14:55:44 ----HDC---- C:\WINDOWS\$NtUninstallKB938464_0$
2009-02-25 14:55:25 ----D---- C:\WINDOWS\ie7updates
2009-02-25 14:55:18 ----HDC---- C:\WINDOWS\$NtUninstallKB954600_0$
2009-02-25 14:55:13 ----HDC---- C:\WINDOWS\$NtUninstallKB958644_0$
2009-02-25 14:55:08 ----HDC---- C:\WINDOWS\$NtUninstallKB955069_0$
2009-02-25 14:54:59 ----HDC---- C:\WINDOWS\$NtUninstallKB956802_0$
2009-02-25 14:54:16 ----N---- C:\WINDOWS\system32\wmphoto.dll
2009-02-25 14:54:14 ----N---- C:\WINDOWS\system32\wlanapi.dll
2009-02-25 14:54:12 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2009-02-25 14:54:12 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2009-02-25 14:53:56 ----N---- C:\WINDOWS\system32	spkg.dll
2009-02-25 14:53:56 ----N---- C:\WINDOWS\system32	sgqec.dll
2009-02-25 14:53:15 ----N---- C:\WINDOWS\system32\spupdwxp.exe
2009-02-25 14:53:08 ----A---- C:\WINDOWS\system32\spdwnwxp.exe
2009-02-25 14:52:59 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-02-25 14:52:59 ----RSD---- C:\WINDOWS\Fonts
2009-02-25 14:52:59 ----RD---- C:\WINDOWS\Web
2009-02-25 14:52:59 ----N---- C:\WINDOWS\system32\slserv.exe
2009-02-25 14:52:59 ----N---- C:\WINDOWS\system32\slrundll.exe
2009-02-25 14:52:59 ----N---- C:\WINDOWS\slrundll.exe
2009-02-25 14:52:59 ----HD---- C:\WINDOWS\inf
2009-02-25 14:52:59 ----D---- C:\WINDOWS\WinSxS
2009-02-25 14:52:59 ----D---- C:\WINDOWS\WBEM
2009-02-25 14:52:59 ----D---- C:\WINDOWS	wain_32
2009-02-25 14:52:59 ----D---- C:\WINDOWS\system32\wins
2009-02-25 14:52:59 ----D---- C:\WINDOWS\system32\wbem
2009-02-25 14:52:59 ----D---- C:\WINDOWS\system32\usmt
2009-02-25 14:52:59 ----D---- C:\WINDOWS\system32\sv-se
2009-02-25 14:52:59 ----D---- C:\WINDOWS\system32\spool
2009-02-25 14:52:59 ----D---- C:\WINDOWS\system32\ShellExt
2009-02-25 14:52:59 ----D---- C:\WINDOWS\system32\Setup
2009-02-25 14:52:59 ----D---- C:\WINDOWS\system32as
2009-02-25 14:52:59 ----D---- C:\WINDOWS\system32\PreInstall
2009-02-25 14:52:59 ----D---- C:\WINDOWS\system32\oobe
2009-02-25 14:52:59 ----D---- C:\WINDOWS\system32
pp
2009-02-25 14:52:59 ----D---- C:\WINDOWS\system32\mui
2009-02-25 14:52:59 ----D---- C:\WINDOWS\system32\inetsrv
2009-02-25 14:52:59 ----D---- C:\WINDOWS\system32\IME
2009-02-25 14:52:59 ----D---- C:\WINDOWS\system32\icsxml
2009-02-25 14:52:59 ----D---- C:\WINDOWS\system32\ias
2009-02-25 14:52:59 ----D---- C:\WINDOWS\system32\export
2009-02-25 14:52:59 ----D---- C:\WINDOWS\system32\drivers
2009-02-25 14:52:59 ----D---- C:\WINDOWS\system32\dhcp
2009-02-25 14:52:59 ----D---- C:\WINDOWS\system32\config
2009-02-25 14:52:59 ----D---- C:\WINDOWS\system32\3com_dmi
2009-02-25 14:52:59 ----D---- C:\WINDOWS\system32\3076
2009-02-25 14:52:59 ----D---- C:\WINDOWS\system32\2052
2009-02-25 14:52:59 ----D---- C:\WINDOWS\system32\1054
2009-02-25 14:52:59 ----D---- C:\WINDOWS\system32\1053
2009-02-25 14:52:59 ----D---- C:\WINDOWS\system32\1042
2009-02-25 14:52:59 ----D---- C:\WINDOWS\system32\1041
2009-02-25 14:52:59 ----D---- C:\WINDOWS\system32\1037
2009-02-25 14:52:59 ----D---- C:\WINDOWS\system32\1033
2009-02-25 14:52:59 ----D---- C:\WINDOWS\system32\1031
2009-02-25 14:52:59 ----D---- C:\WINDOWS\system32\1028
2009-02-25 14:52:59 ----D---- C:\WINDOWS\system32\1025
2009-02-25 14:52:59 ----D---- C:\WINDOWS\system32
2009-02-25 14:52:59 ----D---- C:\WINDOWS\system
2009-02-25 14:52:59 ----D---- C:\WINDOWS\security
2009-02-25 14:52:59 ----D---- C:\WINDOWS\Resources
2009-02-25 14:52:59 ----D---- C:\WINDOWSepair
2009-02-25 14:52:59 ----D---- C:\WINDOWS\Provisioning
2009-02-25 14:52:59 ----D---- C:\WINDOWS\PeerNet
2009-02-25 14:52:59 ----D---- C:\WINDOWS\pchealth
2009-02-25 14:52:59 ----D---- C:\WINDOWS\Offline Web Pages
2009-02-25 14:52:59 ----D---- C:\WINDOWS\Network Diagnostic
2009-02-25 14:52:59 ----D---- C:\WINDOWS\mui
2009-02-25 14:52:59 ----D---- C:\WINDOWS\msapps
2009-02-25 14:52:59 ----D---- C:\WINDOWS\msagent
2009-02-25 14:52:59 ----D---- C:\WINDOWS\Media
2009-02-25 14:52:59 ----D---- C:\WINDOWS\java
2009-02-25 14:52:59 ----D---- C:\WINDOWS\ime
2009-02-25 14:52:59 ----D---- C:\WINDOWS\Help
2009-02-25 14:52:59 ----D---- C:\WINDOWS\ehome
2009-02-25 14:52:59 ----D---- C:\WINDOWS\Driver Cache
2009-02-25 14:52:59 ----D---- C:\WINDOWS\Debug
2009-02-25 14:52:59 ----D---- C:\WINDOWS\Cursors
2009-02-25 14:52:59 ----D---- C:\WINDOWS\Connection Wizard
2009-02-25 14:52:59 ----D---- C:\WINDOWS\Config
2009-02-25 14:52:59 ----D---- C:\WINDOWS\AppPatch
2009-02-25 14:52:59 ----D---- C:\WINDOWS\addins
2009-02-25 14:52:59 ----D---- C:\WINDOWS
2009-02-25 14:52:57 ----N---- C:\WINDOWS\system32\slgen.dll
2009-02-25 14:52:57 ----N---- C:\WINDOWS\system32\slextspk.dll
2009-02-25 14:52:57 ----N---- C:\WINDOWS\system32\slcoinst.dll
2009-02-25 14:52:52 ----N---- C:\WINDOWS\system32\setupn.exe
2009-02-25 14:52:48 ----N---- C:\WINDOWS\system32\s3gnb.dll
2009-02-25 14:52:46 ----N---- C:\WINDOWS\system32httpaa.dll
2009-02-25 14:52:43 ----N---- C:\WINDOWS\system32asqec.dll
2009-02-25 14:52:42 ----N---- C:\WINDOWS\system32\qutil.dll
2009-02-25 14:52:41 ----N---- C:\WINDOWS\system32\qcliprov.dll
2009-02-25 14:52:41 ----N---- C:\WINDOWS\system32\qagentrt.dll
2009-02-25 14:52:41 ----N---- C:\WINDOWS\system32\qagent.dll
2009-02-25 14:52:38 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2009-02-25 14:52:33 ----N---- C:\WINDOWS\system32\onex.dll
2009-02-25 14:52:24 ----N---- C:\WINDOWS\system32
v4_disp.dll
2009-02-25 14:52:16 ----N---- C:\WINDOWS\system32
apstat.exe
2009-02-25 14:52:16 ----N---- C:\WINDOWS\system32
apmontr.dll
2009-02-25 14:52:16 ----N---- C:\WINDOWS\system32
apipsec.dll
2009-02-25 14:52:15 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2009-02-25 14:52:14 ----N---- C:\WINDOWS\system32\msxml6r.dll
2009-02-25 14:52:14 ----N---- C:\WINDOWS\system32\msxml6.dll
2009-02-25 14:52:11 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2009-02-25 14:52:11 ----N---- C:\WINDOWS\system32\mssha.dll
2009-02-25 14:52:05 ----N---- C:\WINDOWS\system32\mmcperf.exe
2009-02-25 14:52:05 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2009-02-25 14:52:05 ----N---- C:\WINDOWS\system32\mmcex.dll
2009-02-25 14:52:05 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2009-02-25 14:52:03 ----A---- C:\WINDOWS\system32\mdmxsdk.dll
2009-02-25 14:51:51 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2009-02-25 14:51:51 ----N---- C:\WINDOWS\system32\kmsvc.dll
2009-02-25 14:51:51 ----N---- C:\WINDOWS\system32\kbdpash.dll
2009-02-25 14:51:51 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2009-02-25 14:51:51 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2009-02-25 14:51:51 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2009-02-25 14:51:48 ----N---- C:\WINDOWS\system32\smtpapi.dll
2009-02-25 14:51:48 ----N---- C:\WINDOWS\system32wnh.dll
2009-02-25 14:51:46 ----N---- C:\WINDOWS\system32\comsdupd.exe
2009-02-25 14:51:44 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2009-02-25 14:51:42 ----N---- C:\WINDOWS\system32\faxpatch.exe
2009-02-25 14:51:42 ----A---- C:\WINDOWS\002487_.tmp
2009-02-25 14:51:41 ----N---- C:\WINDOWS\system32\eapsvc.dll
2009-02-25 14:51:41 ----N---- C:\WINDOWS\system32\eapqec.dll
2009-02-25 14:51:41 ----N---- C:\WINDOWS\system32\eappprxy.dll
2009-02-25 14:51:41 ----N---- C:\WINDOWS\system32\eapphost.dll
2009-02-25 14:51:41 ----N---- C:\WINDOWS\system32\eappgnui.dll
2009-02-25 14:51:41 ----N---- C:\WINDOWS\system32\eappcfg.dll
2009-02-25 14:51:41 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2009-02-25 14:51:41 ----N---- C:\WINDOWS\system32\eapolqec.dll
2009-02-25 14:51:39 ----N---- C:\WINDOWS\system32\dot3ui.dll
2009-02-25 14:51:39 ----N---- C:\WINDOWS\system32\dot3svc.dll
2009-02-25 14:51:39 ----N---- C:\WINDOWS\system32\dot3msm.dll
2009-02-25 14:51:39 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2009-02-25 14:51:39 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2009-02-25 14:51:39 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2009-02-25 14:51:39 ----N---- C:\WINDOWS\system32\dot3api.dll
2009-02-25 14:51:39 ----N---- C:\WINDOWS\system32\dimsroam.dll
2009-02-25 14:51:39 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2009-02-25 14:51:39 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2009-02-25 14:51:38 ----N---- C:\WINDOWS\system32\credssp.dll
2009-02-25 14:51:35 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2009-02-25 14:51:35 ----N---- C:\WINDOWS\system32\azroles.dll
2009-02-25 14:51:35 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2009-02-25 14:51:34 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2009-02-25 14:51:34 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2009-02-25 14:51:32 ----N---- C:\WINDOWS\system32\aaclient.dll
2009-02-25 14:51:31 ----D---- C:\Program\Delade filer\InstallShield
2009-02-25 14:51:04 ----D---- C:	mp
2009-02-25 14:50:47 ----D---- C:\WINDOWS\system32\DRM
2009-02-25 14:50:16 ----HDC---- C:\WINDOWS\$NtUninstallKB887472$
2009-02-25 14:33:27 ----RSD---- C:\WINDOWS\assembly
2009-02-25 14:33:27 ----D---- C:\WINDOWS\Microsoft.NET
2009-02-25 14:33:24 ----D---- C:\WINDOWS\system32\URTTemp
2009-02-25 14:32:44 ----A---- C:\WINDOWS\system32\MRT.exe
2009-02-25 14:32:21 ----HDC---- C:\WINDOWS\$NtUninstallKB926239$
2009-02-25 14:32:16 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2009-02-25 14:30:31 ----D---- C:\WINDOWS\system32\LogFiles
2009-02-25 14:30:26 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$
2009-02-25 14:29:17 ----D---- C:\Program\Windows Media Connect 2
2009-02-25 14:29:17 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2009-02-25 14:29:16 ----HDC---- C:\WINDOWS\$NtUninstallWMCSetup$
2009-02-25 14:29:03 ----D---- C:\WINDOWS\RegisteredPackages
2009-02-25 14:28:20 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2009-02-25 14:26:46 ----D---- C:\WINDOWS\SoftwareDistribution
2009-02-25 14:26:34 ----SD---- C:\WINDOWS\system32\Microsoft
2009-02-25 14:26:34 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-02-25 14:24:49 ----HD---- C:\WINDOWS\$hf_mig$
2009-02-25 14:24:47 ----N---- C:\WINDOWS\system32	zchange.exe
2009-02-25 14:24:29 ----A---- C:\WINDOWS\control.ini
2009-02-25 14:24:29 ----A---- C:\AUTOEXEC.BAT
2009-02-25 14:24:22 ----A---- C:\WINDOWS\OEWABLog.txt
2009-02-25 14:24:16 ----A---- C:\WINDOWS\system32\mapi32.dll
2009-02-25 14:24:14 ----D---- C:\WINDOWS\system32\dllcache
2009-02-25 14:23:01 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2009-02-25 14:22:55 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2009-02-25 14:22:49 ----HD---- C:\Program\WindowsUpdate
2009-02-25 14:22:44 ----D---- C:\Program\Onlinetjänster
2009-02-25 14:22:24 ----D---- C:\WINDOWS\system32\DirectX
2009-02-25 14:22:07 ----A---- C:\WINDOWS\system32\atrace.dll
2009-02-25 14:22:06 ----A---- C:\WINDOWS\system32\desktop.ini
2009-02-25 14:22:06 ----A---- C:\WINDOWS\desktop.ini
2009-02-25 14:22:01 ----A---- C:\WINDOWS\system32
mevtmsg.dll
2009-02-25 14:21:59 ----D---- C:\Program\Delade filer\Services
2009-02-25 14:21:59 ----A---- C:\WINDOWS\system32\acctres.dll
2009-02-25 14:21:57 ----SD---- C:\WINDOWS\Tasks
2009-02-25 14:21:57 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2009-02-25 14:21:56 ----D---- C:\Program\Delade filer\MSSoap
2009-02-25 14:21:51 ----D---- C:\WINDOWS\srchasst
2009-02-25 14:21:50 ----D---- C:\WINDOWS\system32\Macromed
2009-02-25 14:21:50 ----A---- C:\WINDOWS\system32\wuweb.dll
2009-02-25 14:21:50 ----A---- C:\WINDOWS\system32\wucltui.dll
2009-02-25 14:21:50 ----A---- C:\WINDOWS\system32\wuauserv.dll
2009-02-25 14:21:50 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2009-02-25 14:21:49 ----A---- C:\WINDOWS\system32\wups.dll
2009-02-25 14:21:49 ----A---- C:\WINDOWS\system32\wuaueng.dll
2009-02-25 14:21:49 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2009-02-25 14:21:49 ----A---- C:\WINDOWS\system32\wuauclt.exe
2009-02-25 14:21:49 ----A---- C:\WINDOWS\system32\wuapi.dll
2009-02-25 14:21:49 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2009-02-25 14:21:49 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2009-02-25 14:21:49 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2009-02-25 14:21:48 ----A---- C:\WINDOWS\system32\qmgr.dll
2009-02-25 14:21:44 ----D---- C:\Program\Movie Maker
2009-02-25 14:21:40 ----A---- C:\WINDOWS\system32\safrslv.dll
2009-02-25 14:21:40 ----A---- C:\WINDOWS\system32\safrdm.dll
2009-02-25 14:21:40 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2009-02-25 14:21:40 ----A---- C:\WINDOWS\system32acpldlg.dll
2009-02-25 14:21:35 ----A---- C:\WINDOWS\system32\fltlib.dll
2009-02-25 14:21:34 ----D---- C:\WINDOWS\system32\Restore
2009-02-25 14:21:34 ----A---- C:\WINDOWS\system32\srsvc.dll
2009-02-25 14:21:34 ----A---- C:\WINDOWS\system32\srrstr.dll
2009-02-25 14:21:34 ----A---- C:\WINDOWS\system32\srclient.dll
2009-02-25 14:21:34 ----A---- C:\WINDOWS\system32\fltmc.exe
2009-02-25 14:21:33 ----D---- C:\Program\Windows Media Player
2009-02-25 14:21:33 ----A---- C:\WINDOWS\system32
mmkcert.dll
2009-02-25 14:21:33 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2009-02-25 14:21:33 ----A---- C:\WINDOWS\system32\mnmdd.dll
2009-02-25 14:21:33 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2009-02-25 14:21:33 ----A---- C:\WINDOWS\system32\ils.dll
2009-02-25 14:21:32 ----A---- C:\WINDOWS\system32\msconf.dll
2009-02-25 14:21:30 ----D---- C:\Program\NetMeeting
2009-02-25 14:21:30 ----A---- C:\WINDOWS\system32\msoert2.dll
2009-02-25 14:21:30 ----A---- C:\WINDOWS\system32\msoeacct.dll
2009-02-25 14:21:28 ----A---- C:\WINDOWS\system32\inetres.dll
2009-02-25 14:21:28 ----A---- C:\WINDOWS\system32\inetcomm.dll
2009-02-25 14:21:26 ----D---- C:\Program\Outlook Express
2009-02-25 14:21:26 ----A---- C:\WINDOWS\system32\schedsvc.dll
2009-02-25 14:21:26 ----A---- C:\WINDOWS\system32\mstinit.exe
2009-02-25 14:21:25 ----A---- C:\WINDOWS\system32\mstask.dll
2009-02-25 14:21:25 ----A---- C:\WINDOWS\system32\isign32.dll
2009-02-25 14:21:25 ----A---- C:\WINDOWS\system32\inetcfg.dll
2009-02-25 14:21:25 ----A---- C:\WINDOWS\system32\icwphbk.dll
2009-02-25 14:21:25 ----A---- C:\WINDOWS\system32\icwdial.dll
2009-02-25 14:21:19 ----D---- C:\Program\Delade filer\System
2009-02-25 14:21:10 ----D---- C:\Program\Internet Explorer
2009-02-25 14:20:42 ----HD---- C:\Program\Uninstall Information
2009-02-25 14:20:26 ----D---- C:\Program\ComPlus Applications
2009-02-25 14:20:23 ----A---- C:\WINDOWS\vbaddin.ini
2009-02-25 14:20:23 ----A---- C:\WINDOWS\vb.ini
2009-02-25 14:20:15 ----D---- C:\WINDOWS\Registration
2009-02-25 14:19:55 ----D---- C:\Program\Messenger
2009-02-25 14:19:51 ----D---- C:\Program\MSN Gaming Zone
2009-02-25 14:19:51 ----A---- C:\WINDOWS\system32\write.exe
2009-02-25 14:19:43 ----A---- C:\WINDOWS\system32\winchat.exe
2009-02-25 14:19:43 ----A---- C:\WINDOWS\system32\sndvol32.exe
2009-02-25 14:19:43 ----A---- C:\WINDOWS\system32\hticons.dll
2009-02-25 14:19:43 ----A---- C:\WINDOWS\system32\avwav.dll
2009-02-25 14:19:43 ----A---- C:\WINDOWS\system32\avtapi.dll
2009-02-25 14:19:43 ----A---- C:\WINDOWS\system32\avmeter.dll
2009-02-25 14:19:38 ----A---- C:\WINDOWS\system32\getuname.dll
2009-02-25 14:19:37 ----A---- C:\WINDOWS\system32\winmine.exe
2009-02-25 14:19:37 ----A---- C:\WINDOWS\system32\sol.exe
2009-02-25 14:19:37 ----A---- C:\WINDOWS\system32\mshearts.exe
2009-02-25 14:19:37 ----A---- C:\WINDOWS\system32\charmap.exe
2009-02-25 14:19:37 ----A---- C:\WINDOWS\system32\calc.exe
2009-02-25 14:19:36 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2009-02-25 14:19:36 ----A---- C:\WINDOWS\system32	sshutdn.exe
2009-02-25 14:19:36 ----A---- C:\WINDOWS\system32	slabels.ini
2009-02-25 14:19:36 ----A---- C:\WINDOWS\system32	skill.exe
2009-02-25 14:19:36 ----A---- C:\WINDOWS\system32	sdiscon.exe
2009-02-25 14:19:36 ----A---- C:\WINDOWS\system32	scon.exe
2009-02-25 14:19:36 ----A---- C:\WINDOWS\system32\shadow.exe
2009-02-25 14:19:36 ----A---- C:\WINDOWS\system32winsta.exe
2009-02-25 14:19:36 ----A---- C:\WINDOWS\system32eset.exe
2009-02-25 14:19:36 ----A---- C:\WINDOWS\system32egini.exe
2009-02-25 14:19:36 ----A---- C:\WINDOWS\system32dpcfgex.dll
2009-02-25 14:19:36 ----A---- C:\WINDOWS\system32\qwinsta.exe
2009-02-25 14:19:36 ----A---- C:\WINDOWS\system32\freecell.exe
2009-02-25 14:19:35 ----A---- C:\WINDOWS\system32\qappsrv.exe
2009-02-25 14:19:35 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2009-02-25 14:19:35 ----A---- C:\WINDOWS\system32\mtxex.dll
2009-02-25 14:19:35 ----A---- C:\WINDOWS\system32\mtxdm.dll
2009-02-25 14:19:35 ----A---- C:\WINDOWS\system32\msg.exe
2009-02-25 14:19:35 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2009-02-25 14:19:35 ----A---- C:\WINDOWS\system32\logoff.exe
2009-02-25 14:19:35 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2009-02-25 14:19:35 ----A---- C:\WINDOWS\system32\cdmodem.dll
2009-02-25 14:19:34 ----A---- C:\WINDOWS\system32\stclient.dll
2009-02-25 14:19:34 ----A---- C:\WINDOWS\system32\comsnap.dll
2009-02-25 14:19:34 ----A---- C:\WINDOWS\system32\comrepl.dll
2009-02-25 14:19:34 ----A---- C:\WINDOWS\system32\comaddin.dll
2009-02-25 14:19:30 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2009-02-25 14:19:29 ----A---- C:\WINDOWS\system32\sndrec32.exe
2009-02-25 14:19:29 ----A---- C:\WINDOWS\system32\accwiz.exe
2009-02-25 14:19:28 ----D---- C:\Program\Windows NT
2009-02-25 14:19:28 ----A---- C:\WINDOWS\system32\mspaint.exe
2009-02-25 14:19:28 ----A---- C:\WINDOWS\system32\mplay32.exe
2009-02-25 14:19:28 ----A---- C:\WINDOWS\system32\hypertrm.dll
2009-02-25 14:19:27 ----A---- C:\WINDOWS\system32\spider.exe
2009-02-25 14:19:27 ----A---- C:\WINDOWS\system32\clipbrd.exe
2009-02-25 14:19:26 ----A---- C:\WINDOWS\system32	scfgwmi.dll
2009-02-25 14:19:26 ----A---- C:\WINDOWS\system32\sessmgr.exe
2009-02-25 14:19:26 ----A---- C:\WINDOWS\system32emotepg.dll
2009-02-25 14:19:26 ----A---- C:\WINDOWS\system32dshost.exe
2009-02-25 14:19:26 ----A---- C:\WINDOWS\system32dsaddin.exe
2009-02-25 14:19:26 ----A---- C:\WINDOWS\system32\mstscax.dll
2009-02-25 14:19:26 ----A---- C:\WINDOWS\system32\mstsc.exe
2009-02-25 14:19:25 ----D---- C:\WINDOWS\system32\MsDtc
2009-02-25 14:19:25 ----A---- C:\WINDOWS\system32	scupgrd.exe
2009-02-25 14:19:25 ----A---- C:\WINDOWS\system32	ermsrv.dll
2009-02-25 14:19:25 ----A---- C:\WINDOWS\system32dpwsx.dll
2009-02-25 14:19:25 ----A---- C:\WINDOWS\system32dpsnd.dll
2009-02-25 14:19:25 ----A---- C:\WINDOWS\system32dpclip.exe
2009-02-25 14:19:25 ----A---- C:\WINDOWS\system32dchost.dll
2009-02-25 14:19:25 ----A---- C:\WINDOWS\system32\qprocess.exe
2009-02-25 14:19:25 ----A---- C:\WINDOWS\system32\icaapi.dll
2009-02-25 14:19:25 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2009-02-25 14:19:24 ----A---- C:\WINDOWS\system32\mtxoci.dll
2009-02-25 14:19:24 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2009-02-25 14:19:24 ----A---- C:\WINDOWS\system32\msdtctm.dll
2009-02-25 14:19:24 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2009-02-25 14:19:23 ----A---- C:\WINDOWS\system32\xolehlp.dll
2009-02-25 14:19:23 ----A---- C:\WINDOWS\system32\msdtclog.dll
2009-02-25 14:19:23 ----A---- C:\WINDOWS\system32\msdtc.exe
2009-02-25 14:19:22 ----D---- C:\WINDOWS\system32\Com
2009-02-25 14:19:22 ----A---- C:\WINDOWS\system32\colbact.dll
2009-02-25 14:19:22 ----A---- C:\WINDOWS\system32\clbcatex.dll
2009-02-25 14:19:22 ----A---- C:\WINDOWS\system32\catsrvut.dll
2009-02-25 14:19:22 ----A---- C:\WINDOWS\system32\catsrvps.dll
2009-02-25 14:19:21 ----A---- C:\WINDOWS\system32\comsvcs.dll
2009-02-25 14:19:21 ----A---- C:\WINDOWS\system32\catsrv.dll
2009-02-25 14:19:20 ----A---- C:\WINDOWS\system32\comuid.dll
2009-02-25 14:19:20 ----A---- C:\WINDOWS\system32\clbcatq.dll
2009-02-25 14:19:14 ----A---- C:\WINDOWS\system32\servdeps.dll
2009-02-25 14:19:13 ----A---- C:\WINDOWS\system32\mmfutil.dll
2009-02-25 14:19:13 ----A---- C:\WINDOWS\system32\licwmi.dll
2009-02-25 14:19:13 ----A---- C:\WINDOWS\system32\cmprops.dll

======List of files/folders modified in the last 1 months======

2009-03-24 16:38:28 ----A---- C:\WINDOWS\system.ini
2009-03-23 11:07:24 ----A---- C:\WINDOWS\win.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-06-19 36864]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-03-24 325640]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-03-24 27656]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-03-24 107912]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 irda;IrDA Protocol; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2006-11-06 4024832]
R3 Arp1394;1394 ARP-klientprotokoll; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-12-17 1918464]
R3 BCM43XX;Drivrutin för Broadcom 802.11 nätverksadapter; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2006-08-15 369024]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2004-12-15 1038208]
R3 HSFHWATI;HSFHWATI; C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2004-12-15 200192]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS
ic1394.sys [2008-04-13 61824]
R3 NSCIRDA;Drivrutin för NSC-IR-enhet; C:\WINDOWS\system32\DRIVERS
scirda.sys [2008-04-13 28672]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERSasirda.sys [2001-08-17 19584]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2006-06-16 83968]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2-aktiverat nav; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2004-12-15 703232]
S3 catchme;catchme; \??\C:\DOCUME~1\Dorian\LOKALA~1\Temp\catchme.sys []
S3 hidusb;Microsoft HID-klassdrivrutin; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mouhid;HID-drivrutin för mus; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-01-01 12160]
S3 usbaudio;USB-ljuddrivrutiner (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 USBSTOR;Drivrutin för USB-masslagringsenheter; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 RxFilter;RxFilter; C:\WINDOWS\system32\DRIVERS\RxFilter.sys [2007-08-18 57328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-12-17 434176]
R2 avg8wd;AVG Free8 WatchDog; C:\Program\AVG\AVG8\avgwdsvc.exe [2009-03-24 298264]
R2 Irmon;Infrared Monitor; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program\Java\jre6\bin\jqs.exe [2009-03-11 152984]
R2 RoxWatch10;Roxio Hard Drive Watcher 10; C:\Program\Delade filer\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2007-08-24 166384]
R2 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
R3 RoxMediaDB10;RoxMediaDB10; C:\Program\Delade filer\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2007-08-24 1083888]
S2 Roxio Upnp Server 10;Roxio Upnp Server 10; C:\Program\Roxio\Digital Home 10\RoxioUpnpService10.exe [2007-08-24 362992]
S2 RoxLiveShare10;LiveShare P2P Server 10; C:\Program\Delade filer\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2007-08-24 309744]
S2 SessionLauncher;SessionLauncher; C:\DOCUME~1\ADMINI~1\LOKALA~1\Temp\DX9\SessionLauncher.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 gusvc;Google Updater Service; C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-06 137200]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program\Delade filer\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program\Delade filer\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10; C:\Program\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2007-08-24 72176]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------

INFO

info.txt logfile of random's system information tool 1.06 2009-03-24 17:47:22

======Uninstall list======

-->C:\WINDOWS\system32\MSIEXEC.EXE /x {4F3FCD41-AD1C-4EE8-9D5C-35DBA58BA060}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-041D-0000-0000000FF1CE} /uninstall {E6B1E9D4-FBDC-44B2-B825-246D1B466C5B}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-041D-0000-0000000FF1CE} /uninstall {E6B1E9D4-FBDC-44B2-B825-246D1B466C5B}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-041D-0000-0000000FF1CE} /uninstall {E6B1E9D4-FBDC-44B2-B825-246D1B466C5B}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-041D-0000-0000000FF1CE} /uninstall {E6B1E9D4-FBDC-44B2-B825-246D1B466C5B}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-041D-0000-0000000FF1CE} /uninstall {E6B1E9D4-FBDC-44B2-B825-246D1B466C5B}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-041D-0000-0000000FF1CE} /uninstall {E6B1E9D4-FBDC-44B2-B825-246D1B466C5B}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040B-0000-0000000FF1CE} /uninstall {F14C929B-E0E6-4EB5-8BFD-FC71AAC7D39C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-041D-0000-0000000FF1CE} /uninstall {A8626CEF-CB0A-4BC2-8F51-210A43B6158D}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-041D-0000-0000000FF1CE} /uninstall {E6B1E9D4-FBDC-44B2-B825-246D1B466C5B}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-041D-0000-0000000FF1CE} /uninstall {C41B2E34-C30E-4989-8A9D-6B0805B33EC1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-041D-0000-0000000FF1CE} /uninstall {E6B1E9D4-FBDC-44B2-B825-246D1B466C5B}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-041D-0000-0000000FF1CE} /uninstall {E6B1E9D4-FBDC-44B2-B825-246D1B466C5B}
Acrobat.com-->C:\Program\Delade filer\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Adobe AIR-->C:\Program\Delade filer\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001}
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AVG 8.5-->C:\Program\AVG\AVG8\setup.exe /UNINSTALL
DirectXInstallService-->MsiExec.exe /X{098122AB-C605-4853-B441-C0A4EB359B75}
EMC 10 Content-->MsiExec.exe /X{FDB46DE7-9045-47BB-970A-3E4ED5369E03}
Google Toolbar for Internet Explorer-->"C:\Program\Google\Google Toolbar\Component\GoogleToolbarManager_0531C63A913CC9D1.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
IrfanView (remove only)-->C:\Program\IrfanView\iv_uninstall.exe
Java(TM) 6 Update 12-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216012FF}
K-Lite Codec Pack 4.7.0 (Full)-->"C:\Program\K-Lite Codec Pack\unins000.exe"
Lecteur Windows Media 11-->"C:\Program\Windows Media Player\Setup_wm.exe" /Uninstall
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1 Swedish Language Pack-->MsiExec.exe /X{992A2DB1-4ABC-4738-BD71-045C5FFE00D1}
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Language Pack - SVE-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - SVE\install.exe
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Access MUI (Swedish) 2007-->MsiExec.exe /X{90120000-0015-041D-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program\Delade filer\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (Swedish) 2007-->MsiExec.exe /X{90120000-0016-041D-0000-0000000FF1CE}
Microsoft Office Groove MUI (Swedish) 2007-->MsiExec.exe /X{90120000-00BA-041D-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Swedish) 2007-->MsiExec.exe /X{90120000-0044-041D-0000-0000000FF1CE}
Microsoft Office OneNote MUI (Swedish) 2007-->MsiExec.exe /X{90120000-00A1-041D-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Swedish) 2007-->MsiExec.exe /X{90120000-001A-041D-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Swedish) 2007-->MsiExec.exe /X{90120000-0018-041D-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (Finnish) 2007-->MsiExec.exe /X{90120000-001F-040B-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Swedish) 2007-->MsiExec.exe /X{90120000-001F-041D-0000-0000000FF1CE}
Microsoft Office Proofing (Swedish) 2007-->MsiExec.exe /X{90120000-002C-041D-0000-0000000FF1CE}
Microsoft Office Publisher MUI (Swedish) 2007-->MsiExec.exe /X{90120000-0019-041D-0000-0000000FF1CE}
Microsoft Office Shared MUI (Swedish) 2007-->MsiExec.exe /X{90120000-006E-041D-0000-0000000FF1CE}
Microsoft Office Word MUI (Swedish) 2007-->MsiExec.exe /X{90120000-001B-041D-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.0.7)-->C:\Program\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Realtek AC'97 Audio-->Alcrmv.exe -r -m
Roxio Activation Module-->MsiExec.exe /I{EC877639-07AB-495C-BFD1-D63AF9140810}
Roxio BackOnTrack-->MsiExec.exe /I{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}
Roxio Central Audio-->MsiExec.exe /I{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}
Roxio Central Copy-->MsiExec.exe /I{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}
Roxio Central Core-->MsiExec.exe /I{ED439A64-F018-4DD4-8BA5-328D85AB09AB}
Roxio Central Data--&g

jlpjlp · Answer

ok il en reste , tu avais bien branché toutes les clés usb ?

_________________

Ferme tous tes navigateurs (donc copie ou imprime les instructions avant)

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :





File::
C:\RECYCLER
C:\autorun.inf
c:\windows\9g234sdfdfgjf23
c:\windows\system32
fr.gpref
c:\windows\system32
fr.assembly 
Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d5897f8e-0724-11de-8ec6-0014a44de4bd}]




Enregistre ce fichier sous le nom CFscript


Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.


Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt


________________________


scan avec malwarebyte , fais un scan rapide et colle le rapport obtenu et vire ce qui est trouvé:


https://www.malekal.com/tutoriel-malwarebyte-anti-malware/­


_________________________

encore des soucis?

remets un rapport RSIT

Dorian · Answer

OtMoveIt

========== FILES ==========
c:\windows\9g234sdfdfgjf23 moved successfully.
c:\windows\system32
fr.gpref moved successfully.
c:\windows\system32
fr.assembly moved successfully.
 
OTMoveIt3 by OldTimer - Version 1.0.9.0 log created on 03242009_175039

jlpjlp · Answer

j'avais modifié
mais pas grave

Dorian · Answer

J'ai bien connecter toutes les cles usb qui ont eu contact avec ce PC. Manque seulement mon disque dur mais sa fait 3 jours qu'il n'etait pas connecter et je n'ai ce probleme que depuis hier donc j'en deduis qu'il est passer au travers. Par contre, je pense que mon DD a bien un virus: le win31.dll ou quelque chose comme ca mais sa fait un bail et sa n'a jamais vraiment affecter quoi que ce soit. (si ce n'est le double clic inactif dans poste de travail pour ouvrir le disque dur, obliger de passer par clique droit).
Je me rend compte maintenant qu'il y a un nouveau probleme aussi, c'est que quand je clique sur ma page internet dans la barre des taches, ca ne la minimise plus comme avant. Enfin c'est pas tres grave! :)
Je fais le rapport combofix maintenant.

jlpjlp · Answer

ok fais la suite je vais m'absenter 

je regarde demain

Dorian · Answer

Merci pour tout! Rapport ComboFix: ComboFix 09-03-23.01 - Dorian 2009-03-24 18:11:37.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1053.18.1278.735 [GMT 1:00] Körs från: c:\documents and settings\Dorian\Skrivbord\ComboFix.exe Använda kommandoväxlar :: c:\documents and settings\Dorian\Skrivbord\CFscript.txt AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) * Skapade en ny återställningspunkt FILE :: C:\autorun.inf C:\RECYCLER c:\windows\9g234sdfdfgjf23 c:\windows\system32 fr.assembly c:\windows\system32 fr.gpref . (((((((((((((((((((((((( Filer Skapade från 2009-02-24 till 2009-03-24 )))))))))))))))))))))))))))))) . 2009-03-24 17:50 . 2009-03-24 17:50 d-------- C:\_OTMoveIt 2009-03-24 15:25 . 2009-03-24 15:25 d-------- c:\program\Trend Micro 2009-03-24 14:23 . 2009-03-24 17:19 d-------- c:\program\Navilog1 2009-03-24 13:01 . 2009-03-24 14:26 d--h----- C:\$AVG8.VAULT$ 2009-03-24 12:57 . 2009-03-24 14:07 d-------- c:\windows\system32\drivers\Avg 2009-03-24 12:57 . 2009-03-24 12:57 325,640 --a------ c:\windows\system32\drivers\avgldx86.sys 2009-03-24 12:57 . 2009-03-24 12:57 107,912 --a------ c:\windows\system32\drivers\avgtdix.sys 2009-03-24 12:57 . 2009-03-24 12:57 10,520 --a------ c:\windows\system32\avgrsstx.dll 2009-03-24 12:56 . 2009-03-24 12:56 d-------- c:\program\AVG 2009-03-24 12:56 . 2009-03-24 16:45 d-------- c:\documents and settings\All Users\Application Data\avg8 2009-03-23 16:58 . 2009-03-23 16:59 d-------- c:\documents and settings\Dorian\Application Data\U3 2009-03-23 10:18 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll 2009-03-23 10:18 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll 2009-03-23 10:18 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui 2009-03-15 16:14 . 2009-03-15 16:14 d-------- c:\documents and settings\Dorian\Application Data\dvdcss 2009-03-12 16:22 . 2009-03-12 16:22 d-------- c:\program\IrfanView 2009-03-11 16:56 . 2009-03-24 16:07 d-------- c:\documents and settings\Dorian\Application Data\skypePM 2009-03-11 16:54 . 2009-03-24 17:55 d-------- c:\documents and settings\Dorian\Application Data\Skype 2009-03-11 12:33 . 2009-03-11 12:33 d-------- c:\windows\Sun 2009-03-11 12:31 . 2009-03-11 12:31 d-------- c:\program\Java 2009-03-11 12:31 . 2009-03-11 12:31 410,984 --a------ c:\windows\system32\deploytk.dll 2009-03-11 12:31 . 2009-03-11 12:31 73,728 --a------ c:\windows\system32\javacpl.cpl 2009-03-10 20:16 . 2009-03-11 22:40 d-------- c:\program\SopCast 2009-03-10 20:10 . 2009-03-10 20:10 d-------- c:\program\TVAnts 2009-03-10 13:06 . 2009-03-10 13:06 d-------- c:\documents and settings\LocalService\Application Data\DivX 2009-03-10 13:03 . 2009-03-19 13:06 d-------- c:\documents and settings\Dorian\Application Data\BitTorrent 2009-03-10 10:45 . 2009-03-10 10:45 d-------- c:\program\K-Lite Codec Pack 2009-03-10 10:45 . 2009-03-10 10:45 d-------- c:\program\Gabest 2009-03-10 10:45 . 2008-11-06 17:37 3,596,288 --a------ c:\windows\system32\qt-dx331.dll 2009-03-10 10:45 . 2008-09-24 19:41 839,680 --a------ c:\windows\system32\lameACM.acm 2009-03-10 10:45 . 2008-12-07 19:08 795,648 --a------ c:\windows\system32\xvidcore.dll 2009-03-10 10:45 . 2008-11-06 17:33 684,032 --a------ c:\windows\system32\divx.dll 2009-03-10 10:45 . 2004-01-25 17:18 217,088 --a------ c:\windows\system32\yv12vfw.dll 2009-03-10 10:45 . 2008-12-07 19:08 130,048 --a------ c:\windows\system32\xvidvfw.dll 2009-03-10 10:45 . 2007-09-21 01:52 118,784 --a------ c:\windows\system32\ac3acm.acm 2009-03-10 10:45 . 2008-12-11 01:33 86,016 --a------ c:\windows\system32\dpl100.dll 2009-03-10 10:45 . 2009-02-09 19:56 67,584 --a------ c:\windows\system32\ff_vfw.dll 2009-03-10 10:45 . 2007-07-10 17:10 547 --a------ c:\windows\system32\ff_vfw.dll.manifest 2009-03-10 10:45 . 2008-10-03 13:30 414 --a------ c:\windows\system32\lame_acm.xml 2009-03-10 10:43 . 2009-03-10 10:43 d-------- c:\documents and settings\Dorian\Application Data\Media Player Classic 2009-03-06 16:02 . 2009-03-06 16:02 d-------- c:\documents and settings\Dorian\Application Data\vlc 2009-03-06 15:28 . 2009-03-06 15:28 d-------- c:\program\CONEXANT 2009-03-06 15:28 . 2004-12-15 09:18 1,038,208 --a------ c:\windows\system32\drivers\HSF_DP.sys 2009-03-06 15:28 . 2004-12-15 09:18 703,232 --a------ c:\windows\system32\drivers\HSF_CNXT.sys 2009-03-06 15:28 . 2004-12-15 09:18 200,192 --a------ c:\windows\system32\drivers\HSFHWATI.sys 2009-03-06 15:28 . 2004-12-15 08:52 129,045 --a------ c:\windows\system32\drivers\HSFProf.cty 2009-03-06 15:28 . 2004-10-28 09:29 39,018 --a------ c:\windows\system32\hsfci012.dll 2009-03-06 14:50 . 2009-02-25 15:08 dr------- c:\documents and settings\Jens\Start-meny 2009-03-06 14:50 . 2009-02-25 15:08 d-------- c:\documents and settings\Jens\Skrivbord 2009-03-06 14:50 . 2009-02-25 15:08 d--h----- c:\documents and settings\Jens\Skrivare 2009-03-06 14:50 . 2009-03-06 14:50 d--h----- c:\documents and settings\Jens\Nätverket 2009-03-06 14:50 . 2009-03-06 14:50 dr------- c:\documents and settings\Jens\Mina dokument 2009-03-06 14:50 . 2009-02-25 14:19 d--h----- c:\documents and settings\Jens\Mallar 2009-03-06 14:50 . 2009-03-24 18:14 d--h----- c:\documents and settings\Jens\Lokala inställningar 2009-03-06 14:50 . 2009-03-06 14:50 dr------- c:\documents and settings\Jens\Favoriter 2009-03-06 14:50 . 2009-03-06 14:50 d-------- c:\documents and settings\Jens\Application Data\Roxio 2009-03-06 14:50 . 2009-03-24 12:57 d-------- c:\documents and settings\Jens 2009-03-06 14:42 . 2009-02-25 15:08 dr------- c:\documents and settings\Dorian\Start-meny 2009-03-06 14:42 . 2009-03-24 18:11 d-------- c:\documents and settings\Dorian\Skrivbord 2009-03-06 14:42 . 2009-02-25 15:08 d--h----- c:\documents and settings\Dorian\Skrivare 2009-03-06 14:42 . 2009-03-06 16:00 d--h----- c:\documents and settings\Dorian\Nätverket 2009-03-06 14:42 . 2009-03-10 15:49 dr------- c:\documents and settings\Dorian\Mina dokument 2009-03-06 14:42 . 2009-02-25 14:19 d--h----- c:\documents and settings\Dorian\Mallar 2009-03-06 14:42 . 2009-03-15 16:15 d--h----- c:\documents and settings\Dorian\Lokala inställningar 2009-03-06 14:42 . 2009-03-06 14:42 dr------- c:\documents and settings\Dorian\Favoriter 2009-03-06 14:42 . 2009-03-06 14:42 d-------- c:\documents and settings\Dorian\Application Data\Roxio 2009-03-06 14:42 . 2009-03-06 14:42 d-------- c:\documents and settings\Dorian 2009-03-06 14:37 . 2009-02-25 15:08 dr------- c:\documents and settings\Chiristina\Start-meny 2009-03-06 14:37 . 2009-02-25 15:08 d-------- c:\documents and settings\Chiristina\Skrivbord 2009-03-06 14:37 . 2009-02-25 15:08 d--h----- c:\documents and settings\Chiristina\Skrivare 2009-03-06 14:37 . 2009-03-06 14:41 d--h----- c:\documents and settings\Chiristina\Nätverket 2009-03-06 14:37 . 2009-03-06 14:37 dr------- c:\documents and settings\Chiristina\Mina dokument 2009-03-06 14:37 . 2009-02-25 14:19 d--h----- c:\documents and settings\Chiristina\Mallar 2009-03-06 14:37 . 2009-03-24 18:14 d--h----- c:\documents and settings\Chiristina\Lokala inställningar 2009-03-06 14:37 . 2009-03-06 14:37 dr------- c:\documents and settings\Chiristina\Favoriter 2009-03-06 14:37 . 2009-03-06 14:37 d-------- c:\documents and settings\Chiristina\Application Data\Roxio 2009-03-06 14:37 . 2009-03-24 12:57 d-------- c:\documents and settings\Chiristina 2009-03-06 14:22 . 2009-03-06 14:22 d-------- c:\documents and settings\Julio 2009-02-28 19:14 . 2009-03-06 11:47 d-------- c:\documents and settings\Administratör\Application Data\skypePM 2009-02-28 19:14 . 2009-02-28 19:14 56 --ah----- c:\windows\system32\ezsidmv.dat 2009-02-28 19:12 . 2009-02-28 19:12 dr------- c:\program\Skype 2009-02-28 19:12 . 2009-02-28 19:12 d-------- c:\program\Delade filer\Skype 2009-02-28 19:12 . 2009-02-28 19:12 d-------- c:\documents and settings\All Users\Application Data\Skype 2009-02-28 19:12 . 2009-03-06 13:39 d-------- c:\documents and settings\Administratör\Application Data\Skype 2009-02-27 16:37 . 2009-02-27 16:37 d-------- c:\program\MSXML 4.0 2009-02-27 13:54 . 2009-03-02 13:51 d-------- c:\documents and settings\Administratör\Application Data\dvdcss 2009-02-27 12:11 . 2009-02-27 12:19 23,392 --a------ c:\windows\system32 scompat.tlb 2009-02-27 12:11 . 2009-02-27 12:19 16,832 --a------ c:\windows\system32\amcompat.tlb 2009-02-27 12:00 . 2009-02-27 12:00 d-------- c:\program\Delade filer\Adobe AIR 2009-02-27 11:58 . 2009-03-16 15:18 d-------- c:\program\Delade filer\Adobe 2009-02-27 11:56 . 2009-02-27 12:11 d-------- c:\program\NOS 2009-02-27 11:56 . 2009-02-27 12:11 d-------- c:\documents and settings\All Users\Application Data\NOS 2009-02-27 11:52 . 2009-03-04 16:27 d-------- c:\documents and settings\Administratör\Application Data\BitTorrent 2009-02-27 11:51 . 2009-03-06 12:39 d-------- c:\program\DNA 2009-02-27 11:51 . 2009-02-27 11:51 d-------- c:\program\BitTorrent 2009-02-27 11:51 . 2009-03-06 14:21 d-------- c:\documents and settings\Administratör\Application Data\DNA 2009-02-27 11:45 . 2009-02-27 11:45 d-------- C:\VersalSoft 2009-02-27 11:44 . 2009-02-27 11:44 d-------- c:\program\VersalSoft 2009-02-27 11:44 . 2009-02-27 11:44 d-------- C:\Program Files 2009-02-27 11:42 . 2009-02-27 11:42 d-------- c:\documents and settings\Administratör\Application Data\vlc 2009-02-27 11:41 . 2009-02-27 11:41 d-------- c:\program\VideoLAN 2009-02-27 11:32 . 2009-02-27 11:32 d-------- c:\documents and settings\All Users\Application Data\TVU Networks 2009-02-27 11:31 . 2009-02-27 11:32 d-------- c:\program\TVUPlayer 2009-02-27 11:31 . 2009-02-27 11:31 d-------- c:\documents and settings\Administratör\LocalLow 2009-02-27 11:31 . 2009-02-27 11:31 d-------- c:\documents and settings\Administratör\LocalLow 2009-02-27 11:20 . 2008-04-13 19:45 60,032 --a------ c:\windows\system32\drivers\USBAUDIO.sys 2009-02-27 11:20 . 2008-04-13 19:45 60,032 --a------ c:\windows\system32\dllcache\usbaudio.sys 2009-02-27 11:20 . 2008-04-13 19:45 32,128 --a------ c:\windows\system32\drivers\usbccgp.sys 2009-02-27 11:20 . 2008-04-13 19:45 32,128 --a------ c:\windows\system32\dllcache\usbccgp.sys 2009-02-27 11:20 . 2008-04-14 17:04 21,504 --a------ c:\windows\system32\hidserv.dll 2009-02-27 11:20 . 2008-04-14 17:04 21,504 --a------ c:\windows\system32\dllcache\hidserv.dll 2009-02-27 11:12 . 2009-02-27 11:12 0 --a------ c:\windows sreg.dat 2009-02-26 14:28 . 2009-02-26 14:28 d-------- c:\windows\system32\xircom 2009-02-26 14:28 . 2009-02-26 14:28 d-------- c:\program\microsoft frontpage 2009-02-26 14:19 . 2009-02-26 14:19 d-------- c:\windows\system32\sv 2009-02-26 14:19 . 2009-02-26 14:19 d-------- c:\windows\system32\bits 2009-02-26 14:19 . 2009-02-26 14:19 d-------- c:\windows\l2schemas 2009-02-26 14:15 . 2009-02-26 14:15 d-------- c:\windows\ServicePackFiles 2009-02-26 10:18 . 2006-10-26 19:56 32,592 --a------ c:\windows\system32\msonpmon.dll 2009-02-26 10:17 . 2009-02-26 10:17 d-------- c:\program\MSBuild 2009-02-26 10:17 . 2009-02-26 10:17 d-------- c:\program\Microsoft Works 2009-02-26 10:16 . 2009-02-26 10:16 d-------- c:\program\Microsoft.NET 2009-02-26 10:13 . 2009-02-26 10:13 d-------- c:\program\Microsoft Visual Studio 8 2009-02-26 10:12 . 2009-02-26 10:16 d-------- c:\windows\SHELLNEW 2009-02-26 10:12 . 2009-03-23 11:14 d-------- c:\documents and settings\All Users\Application Data\Microsoft Help . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-06 15:02 --------- d-----w c:\documents and settings\Dorian\Application Data\vlc 2009-02-27 11:18 --------- d-----w c:\program\Windows Media Connect 2 2009-02-27 10:42 --------- d-----w c:\documents and settings\Administratör\Application Data\vlc 2009-02-26 08:37 --------- d-----w c:\program\Delade filer\InstallShield 2009-02-25 13:50 10,170 ----a-w C:\hwids.dat 2009-02-25 13:22 --------- d-----w c:\program\Onlinetjänster 2009-02-09 14:07 1,846,784 ----a-w c:\windows\system32\win32k.sys 2009-02-09 14:07 1,846,784 ------w c:\windows\system32\dllcache\win32k.sys 2009-01-16 20:31 3,594,752 ------w c:\windows\system32\dllcache\mshtml.dll . ((((((((((((((((((((((((((((( SnapShot@2009-03-24_16.38.50,48 ))))))))))))))))))))))))))))))))))))))))) . + 2009-03-24 15:53:26 16,384 ----atw c:\windows\system32\config\systemprofile\Lokala inställningar\Temp\Perflib_Perfdata_5f8.dat - 2009-03-24 11:39:37 62,678 ----a-w c:\windows\system32\perfc009.dat + 2009-03-24 16:40:11 63,522 ----a-w c:\windows\system32\perfc009.dat - 2009-03-24 11:39:37 74,130 ----a-w c:\windows\system32\perfc01D.dat + 2009-03-24 16:40:11 75,250 ----a-w c:\windows\system32\perfc01D.dat - 2009-03-24 11:39:37 401,398 ----a-w c:\windows\system32\perfh009.dat + 2009-03-24 16:40:11 404,302 ----a-w c:\windows\system32\perfh009.dat - 2009-03-24 11:39:37 404,572 ----a-w c:\windows\system32\perfh01D.dat + 2009-03-24 16:40:11 407,392 ----a-w c:\windows\system32\perfh01D.dat . (((((((((((((((((((((((((((((((((( Startpunkter i registret ))))))))))))))))))))))))))))))))))))))))))))))) . . *Not* Tomma poster & legitima standardposter visas inte. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "dll"="dll32" [X] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "Skype"="c:\program\Skype\Phone\Skype.exe" [2009-02-04 23975720] "ISUSScheduler"="c:\program\Delade filer\InstallShield\UpdateService\issch.exe" [2006-09-11 86960] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RoxWatchTray"="c:\program\Delade filer\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [2007-08-24 240112] "DMXLauncher"="c:\program\Roxio\CinePlayer\DMXLauncher.exe" [2007-08-14 113136] "GrooveMonitor"="c:\program\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648] "InternetDownload_upgrade"="c:\program\VersalSoft\InternetDownload\InternetDownload.exe" [2009-01-05 361472] "SunJavaUpdateSched"="c:\program\Java\jre6\bin\jusched.exe" [2009-03-11 148888] "Adobe Reader Speed Launcher"="c:\program\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "AVG8_TRAY"="c:\program\AVG\AVG8\avgtray.exe" [2009-03-24 1932568] "SoundMan"="SOUNDMAN.EXE" [2006-08-03 c:\windows\SOUNDMAN.EXE] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_3"="advpack.dll" [2008-12-21 c:\windows\system32\advpack.dll] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon otify\avgrsstarter] 2009-03-24 12:57 10520 c:\windows\system32\avgrsstx.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\Network Diagnostic\xpnetdiag.exe"= "%windir%\system32\sessmgr.exe"= "c:\Program\Microsoft Office\Office12\OUTLOOK.EXE"= "c:\Program\Microsoft Office\Office12\GROOVE.EXE"= "c:\Program\Microsoft Office\Office12\ONENOTE.EXE"= "c:\Program\TVUPlayer\TVUPlayer.exe"= "c:\Program\DNA\btdna.exe"= "c:\Program\BitTorrent\bittorrent.exe"= "c:\Program\TVAnts\Tvants.exe"= "c:\Program\SopCast\SopCast.exe"= "c:\Program\SopCast\adv\SopAdver.exe"= "c:\Program\Skype\Phone\Skype.exe"= "c:\Program\AVG\AVG8\avgupd.exe"= "c:\Program\AVG\AVG8\avgnsx.exe"= "c:\Program\Mozilla Firefox\firefox.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "80:TCP"= 80:TCP:dll32 "7171:TCP"= 7171:TCP:dll32 R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-03-24 325640] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-03-24 107912] R2 avg8wd;AVG Free8 WatchDog;c:\program\AVG\AVG8\avgwdsvc.exe [2009-03-24 298264] R2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program\Delade filer\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2007-08-24 166384] R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2009-03-06 200192] R3 RoxMediaDB10;RoxMediaDB10;c:\program\Delade filer\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2007-08-24 1083888] S2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program\Roxio\Digital Home 10\RoxioUpnpService10.exe [2007-08-24 362992] S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program\Delade filer\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2007-08-24 309744] S2 SessionLauncher;SessionLauncher;c:\docume~1\ADMINI~1\LOKALA~1\Temp\DX9\SessionLauncher.exe --> c:\docume~1\ADMINI~1\LOKALA~1\Temp\DX9\SessionLauncher.exe [?] S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2007-08-24 72176] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F] \Shell\AutoRun\command - F:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{38a5b4ac-188e-11de-8eee-0014a44de4bd}] \Shell\AutoRun\command - F:\LaunchU3.exe -a . . ------- Extra genomsökning ------- . uInternet Settings,ProxyServer = http=localhost:7171 uInternet Settings,ProxyOverride = *.local; IE: E&xportera till Microsoft Excel - c:\program\MICROS~1\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Dorian\Application Data\Mozilla\Firefox\Profiles\74ey4uwe.default\ FF - prefs.js: browser.startup.homepage - google.com FF - prefs.js: network.proxy.http - localhost FF - prefs.js: network.proxy.http_port - 7171 FF - prefs.js: network.proxy.type - 4 FF - component: c:\program\AVG\AVG8\Firefox\components\avgssff.dll FF - component: c:\program\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll FF - plugin: c:\program\Mozilla Firefox\plugins p-mswmp.dll FF - plugin: c:\program\Mozilla Firefox\plugins pbittorrent.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-24 18:14:38 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLer som "laddats" under processer som körs --------------------- - - - - - - - > 'winlogon.exe'(900) c:\windows\system32\Ati2evxx.dll . Sluttid: 2009-03-24 18:16:04 ComboFix-quarantined-files.txt 2009-03-24 17:16:00 ComboFix2.txt 2009-03-24 15:39:47 Före genomsökningen: 21 014 773 760 byte ledigt Efter genomsökningen: 21,004,517,376 byte ledigt 260 --- E O F --- 2009-03-23 10:14:34

Dorian · Answer

RSIT

Log

Logfile of random's system information tool 1.06 (written by random/random)
Run by Dorian at 2009-03-24 19:47:05
Microsoft Windows XP Professional Service Pack 3
System drive C: has 20 GB (47%) free of 42 GB
Total RAM: 1278 MB (51% free)

HijackThis download failed

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program\AVG\AVG8\avgssie.dll [2009-03-24 1078552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4322A444-92F8-4C3E-BD4C-013BA51E2871}]
E-Zsoft VideoDownloaderToolBar - C:\Program\VersalSoft\InternetDownload\VDTB.dll [2009-01-05 43008]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program\Google\Google Toolbar\GoogleToolbar.dll [2009-03-06 251504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2009-03-06 657904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll [2009-03-06 522224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program\Java\jre6\bin\jp2ssv.dll [2009-03-11 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-11 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{4322A444-92F8-4C3E-BD4C-013BA51E2871} - E-Zsoft VideoDownloaderToolBar - C:\Program\VersalSoft\InternetDownload\VDTB.dll [2009-01-05 43008]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google Toolbar - C:\Program\Google\Google Toolbar\GoogleToolbar.dll [2009-03-06 251504]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2006-08-03 577536]
"RoxWatchTray"=C:\Program\Delade filer\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe [2007-08-24 240112]
"DMXLauncher"=C:\Program\Roxio\CinePlayer\DMXLauncher.exe [2007-08-14 113136]
"GrooveMonitor"=C:\Program\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]
"InternetDownload_upgrade"=C:\Program\VersalSoft\InternetDownload\InternetDownload.exe [2009-01-05 361472]
"SunJavaUpdateSched"=C:\Program\Java\jre6\bin\jusched.exe [2009-03-11 148888]
"Adobe Reader Speed Launcher"=C:\Program\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"AVG8_TRAY"=C:\Program\AVG\AVG8\avgtray.exe [2009-03-24 1932568]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Skype"=C:\Program\Skype\Phone\Skype.exe [2009-02-04 23975720]
"ISUSScheduler"=C:\Program\Delade filer\InstallShield\UpdateService\issch.exe [2006-09-11 86960]
"dll"=rundll32 dll32,sm []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-12-17 110592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-03-24 10520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 267304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program\Microsoft Office\Office12\GROOVE.EXE"="C:\Program\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program\TVUPlayer\TVUPlayer.exe"="C:\Program\TVUPlayer\TVUPlayer.exe:*:Enabled:TVUPlayer Component"
"C:\Program\DNA\btdna.exe"="C:\Program\DNA\btdna.exe:*:Enabled:DNA"
"C:\Program\BitTorrent\bittorrent.exe"="C:\Program\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program\TVAnts\Tvants.exe"="C:\Program\TVAnts\Tvants.exe:*:Disabled:TVAnts"
"C:\Program\SopCast\SopCast.exe"="C:\Program\SopCast\SopCast.exe:*:Disabled:SopCast Main Application"
"C:\Program\SopCast\adv\SopAdver.exe"="C:\Program\SopCast\adv\SopAdver.exe:*:Disabled:SopCast Adver"
"C:\Program\Skype\Phone\Skype.exe"="C:\Program\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program\AVG\AVG8\avgupd.exe"="C:\Program\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program\AVG\AVG8\avgnsx.exe"="C:\Program\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program\Mozilla Firefox\firefox.exe"="C:\Program\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{38a5b4ac-188e-11de-8eee-0014a44de4bd}]
shell\AutoRun\command - F:\LaunchU3.exe -a


======List of files/folders created in the last 1 months======

2009-03-24 19:47:05 ----D---- C:sit
2009-03-24 18:21:32 ----SHD---- C:\RECYCLER
2009-03-24 18:18:22 ----D---- C:\Documents and Settings\Dorian\Application Data\Malwarebytes
2009-03-24 18:18:16 ----D---- C:\Program\Malwarebytes' Anti-Malware
2009-03-24 18:18:16 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-03-24 18:16:07 ----D---- C:\WINDOWS	emp
2009-03-24 18:16:06 ----A---- C:\ComboFix.txt
2009-03-24 17:50:39 ----D---- C:\_OTMoveIt
2009-03-24 16:56:55 ----RASHD---- C:\autorun.inf
2009-03-24 16:35:19 ----A---- C:\WINDOWS\NIRCMD.exe
2009-03-24 16:21:07 ----A---- C:\Boot.bak
2009-03-24 16:21:01 ----RASHD---- C:\cmdcons
2009-03-24 16:18:27 ----A---- C:\WINDOWS\zip.exe
2009-03-24 16:18:27 ----A---- C:\WINDOWS\VFIND.exe
2009-03-24 16:18:27 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-03-24 16:18:27 ----A---- C:\WINDOWS\SWSC.exe
2009-03-24 16:18:27 ----A---- C:\WINDOWS\SWREG.exe
2009-03-24 16:18:27 ----A---- C:\WINDOWS\sed.exe
2009-03-24 16:18:27 ----A---- C:\WINDOWS\grep.exe
2009-03-24 16:18:27 ----A---- C:\WINDOWS\fdsv.exe
2009-03-24 16:18:16 ----D---- C:\WINDOWS\ERDNT
2009-03-24 16:17:54 ----AD---- C:\Qoobox
2009-03-24 15:25:47 ----D---- C:\Program\Trend Micro
2009-03-24 14:23:35 ----D---- C:\Program\Navilog1
2009-03-24 13:01:07 ----HD---- C:\$AVG8.VAULT$
2009-03-24 12:57:27 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2009-03-24 12:56:55 ----D---- C:\Program\AVG
2009-03-24 12:56:54 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2009-03-23 16:58:48 ----D---- C:\Documents and Settings\Dorian\Application Data\U3
2009-03-23 10:18:23 ----A---- C:\WINDOWS\system32\muweb.dll
2009-03-23 10:18:23 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2009-03-23 10:18:22 ----A---- C:\WINDOWS\system32\mucltui.dll
2009-03-15 16:14:07 ----D---- C:\Documents and Settings\Dorian\Application Data\dvdcss
2009-03-12 16:22:04 ----D---- C:\Program\IrfanView
2009-03-11 16:56:16 ----D---- C:\Documents and Settings\Dorian\Application Data\skypePM
2009-03-11 16:54:41 ----D---- C:\Documents and Settings\Dorian\Application Data\Skype
2009-03-11 12:33:28 ----D---- C:\WINDOWS\Sun
2009-03-11 12:31:55 ----A---- C:\WINDOWS\system32\javaws.exe
2009-03-11 12:31:55 ----A---- C:\WINDOWS\system32\javaw.exe
2009-03-11 12:31:55 ----A---- C:\WINDOWS\system32\java.exe
2009-03-11 12:31:55 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-03-11 12:31:35 ----D---- C:\Program\Java
2009-03-11 12:30:53 ----D---- C:\Documents and Settings\Dorian\Application Data\Sun
2009-03-11 12:00:53 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-03-11 12:00:48 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-03-11 12:00:42 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2009-03-11 12:00:15 ----HDC---- C:\WINDOWS\$NtUninstallKB959772_WM11$
2009-03-10 20:16:06 ----D---- C:\Program\SopCast
2009-03-10 20:10:52 ----D---- C:\Program\TVAnts
2009-03-10 13:03:33 ----D---- C:\Documents and Settings\Dorian\Application Data\BitTorrent
2009-03-10 10:45:55 ----D---- C:\Program\Gabest
2009-03-10 10:45:13 ----A---- C:\WINDOWS\system32\yv12vfw.dll
2009-03-10 10:45:12 ----A---- C:\WINDOWS\system32\xvidvfw.dll
2009-03-10 10:45:12 ----A---- C:\WINDOWS\system32\xvidcore.dll
2009-03-10 10:45:12 ----A---- C:\WINDOWS\system32\qt-dx331.dll
2009-03-10 10:45:12 ----A---- C:\WINDOWS\system32\dpl100.dll
2009-03-10 10:45:06 ----A---- C:\WINDOWS\system32\divx.dll
2009-03-10 10:45:05 ----A---- C:\WINDOWS\system32\ff_vfw.dll.manifest
2009-03-10 10:45:05 ----A---- C:\WINDOWS\system32\ff_vfw.dll
2009-03-10 10:45:02 ----D---- C:\Program\K-Lite Codec Pack
2009-03-10 10:43:51 ----D---- C:\Documents and Settings\Dorian\Application Data\Media Player Classic
2009-03-10 10:43:50 ----A---- C:\WINDOWS\system32egsvr32.exe.log
2009-03-06 16:05:08 ----D---- C:\Documents and Settings\Dorian\Application Data\Macromedia
2009-03-06 16:05:07 ----D---- C:\Documents and Settings\Dorian\Application Data\Adobe
2009-03-06 16:04:36 ----D---- C:\Documents and Settings\Dorian\Application Data\Mozilla
2009-03-06 16:02:50 ----D---- C:\Documents and Settings\Dorian\Application Data\vlc
2009-03-06 15:28:32 ----D---- C:\Program\CONEXANT
2009-03-06 15:28:22 ----A---- C:\WINDOWS\system32\hsfci012.dll
2009-03-06 15:27:39 ----D---- C:\Documents and Settings\Dorian\Application Data\WinRAR
2009-03-06 14:42:57 ----D---- C:\Documents and Settings\Dorian\Application Data\Google
2009-03-06 14:42:40 ----D---- C:\Documents and Settings\Dorian\Application Data\Roxio
2009-03-06 14:42:30 ----D---- C:\Documents and Settings\Dorian\Application Data\Identities
2009-03-06 14:42:24 ----SD---- C:\Documents and Settings\Dorian\Application Data\Microsoft
2009-03-06 14:42:24 ----ASH---- C:\Documents and Settings\Dorian\Application Data\desktop.ini
2009-02-28 19:12:40 ----D---- C:\Program\Delade filer\Skype
2009-02-28 19:12:36 ----RD---- C:\Program\Skype
2009-02-28 19:12:27 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2009-02-27 16:38:07 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2009-02-27 16:37:32 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2009-02-27 16:37:19 ----D---- C:\Program\MSXML 4.0
2009-02-27 12:19:19 ----N---- C:\WINDOWS\system32\spmsg.dll
2009-02-27 12:18:47 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2009-02-27 12:17:47 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2009-02-27 12:00:12 ----D---- C:\Program\Delade filer\Adobe AIR
2009-02-27 11:59:06 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-02-27 11:58:56 ----D---- C:\Program\Delade filer\Adobe
2009-02-27 11:58:56 ----D---- C:\Program\Adobe
2009-02-27 11:56:20 ----D---- C:\Program\NOS
2009-02-27 11:56:20 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2009-02-27 11:51:34 ----D---- C:\Program\DNA
2009-02-27 11:51:29 ----D---- C:\Program\BitTorrent
2009-02-27 11:45:09 ----D---- C:\VersalSoft
2009-02-27 11:44:58 ----D---- C:\Program\VersalSoft
2009-02-27 11:44:52 ----D---- C:\Program Files
2009-02-27 11:41:25 ----D---- C:\Program\VideoLAN
2009-02-27 11:32:03 ----D---- C:\Documents and Settings\All Users\Application Data\TVU Networks
2009-02-27 11:31:52 ----D---- C:\Program\TVUPlayer
2009-02-27 11:20:40 ----A---- C:\WINDOWS\system32\hidserv.dll
2009-02-27 11:11:28 ----D---- C:\Program\Mozilla Firefox
2009-02-26 14:28:05 ----D---- C:\WINDOWS\system32\xircom
2009-02-26 14:28:05 ----D---- C:\Program\xerox
2009-02-26 14:28:04 ----D---- C:\Program\microsoft frontpage
2009-02-26 14:27:58 ----D---- C:\WINDOWS\Prefetch
2009-02-26 14:25:46 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-02-26 14:25:34 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-02-26 14:25:26 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-02-26 14:25:18 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-02-26 14:25:08 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2009-02-26 14:24:59 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-02-26 14:24:51 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-02-26 14:24:40 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-02-26 14:24:31 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-02-26 14:24:24 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2009-02-26 14:24:16 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-02-26 14:24:07 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-02-26 14:23:57 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-02-26 14:23:50 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2009-02-26 14:23:42 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-02-26 14:23:33 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-02-26 14:23:25 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-02-26 14:23:17 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-02-26 14:23:06 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-02-26 14:22:58 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2009-02-26 14:19:13 ----D---- C:\WINDOWS\system32\sv
2009-02-26 14:19:13 ----D---- C:\WINDOWS\l2schemas
2009-02-26 14:19:12 ----D---- C:\WINDOWS\system32\bits
2009-02-26 14:15:47 ----D---- C:\WINDOWS\ServicePackFiles
2009-02-26 14:12:12 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-02-26 14:09:30 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-02-26 14:01:17 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2009-02-26 10:26:45 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2009-02-26 10:26:28 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2009-02-26 10:26:11 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2009-02-26 10:25:48 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP11$
2009-02-26 10:18:39 ----A---- C:\WINDOWS\system32\msonpmon.dll
2009-02-26 10:17:37 ----D---- C:\Program\Microsoft Works
2009-02-26 10:17:25 ----D---- C:\Program\MSBuild
2009-02-26 10:17:00 ----D---- C:\Program\Microsoft Visual Studio
2009-02-26 10:17:00 ----D---- C:\Program\Delade filer\DESIGNER
2009-02-26 10:16:10 ----D---- C:\Program\Microsoft.NET
2009-02-26 10:13:11 ----D---- C:\Program\Microsoft Visual Studio 8
2009-02-26 10:12:17 ----D---- C:\WINDOWS\SHELLNEW
2009-02-26 10:12:01 ----D---- C:\Program\Microsoft Office
2009-02-26 10:12:00 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-02-26 10:11:35 ----RHD---- C:\MSOCache
2009-02-26 10:02:44 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-02-26 10:02:40 ----D---- C:\Program\Your Uninstaller 2008
2009-02-26 09:53:44 ----D---- C:\Program\InterActual
2009-02-26 09:41:46 ----D---- C:\Documents and Settings\All Users\Application Data\Sonic
2009-02-26 09:39:52 ----D---- C:\Documents and Settings\All Users\Application Data\Roxio
2009-02-26 09:38:50 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2009-02-26 09:38:37 ----D---- C:\Program\Google
2009-02-26 09:38:19 ----D---- C:\Program\Delade filer\Sonic Shared
2009-02-26 09:38:06 ----D---- C:\Program\Delade filer\Roxio Shared
2009-02-26 09:37:59 ----D---- C:\Program\InstallShield Installation Information
2009-02-26 09:37:55 ----D---- C:\Program\SmartSound Software
2009-02-26 09:37:55 ----D---- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
2009-02-26 09:37:44 ----D---- C:\Documents and Settings\All Users\Application Data\InstallShield
2009-02-26 09:37:43 ----D---- C:\Program\Roxio
2009-02-26 09:36:38 ----A---- C:\WINDOWS\system32\d3dx10_33.dll
2009-02-26 09:36:38 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll
2009-02-26 09:36:34 ----A---- C:\WINDOWS\system32\d3dx9_33.dll
2009-02-26 09:27:57 ----D---- C:\Documents and Settings\All Users\Application Data\ESET
2009-02-26 09:25:35 ----D---- C:\Program\Total Video Converter
2009-02-26 09:24:54 ----D---- C:\Program\WinRAR
2009-02-26 09:17:27 ----D---- C:\programas para trabajar
2009-02-25 15:17:15 ----A---- C:\WINDOWS\system32\h323log.txt
2009-02-25 15:13:48 ----A---- C:\WINDOWS\system32\wshirda.dll
2009-02-25 15:13:48 ----A---- C:\WINDOWS\system32\irmon.dll
2009-02-25 15:13:48 ----A---- C:\WINDOWS\system32\irftp.exe
2009-02-25 15:13:24 ----A---- C:\WINDOWS\system32\ksuser.dll
2009-02-25 15:13:14 ----A---- C:\WINDOWS\system32\usbui.dll
2009-02-25 15:09:27 ----A---- C:\WINDOWS\imsins.BAK
2009-02-25 15:09:24 ----SHD---- C:\WINDOWS\Installer
2009-02-25 15:09:24 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-02-25 15:09:22 ----D---- C:\Program\Delade filer\ODBC
2009-02-25 15:09:22 ----A---- C:\WINDOWS\ODBCINST.INI
2009-02-25 15:09:17 ----RD---- C:\Program
2009-02-25 15:09:17 ----D---- C:\Program\Delade filer\SpeechEngines
2009-02-25 15:09:17 ----D---- C:\Program\Delade filer\Microsoft Shared
2009-02-25 15:09:17 ----D---- C:\Program\Delade filer
2009-02-25 15:09:09 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2009-02-25 15:09:09 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2009-02-25 15:09:09 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2009-02-25 15:09:07 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2009-02-25 15:09:07 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2009-02-25 15:09:07 ----RA---- C:\WINDOWS\system32\kbdur.dll
2009-02-25 15:09:07 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2009-02-25 15:09:07 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2009-02-25 15:09:07 ----RA---- C:\WINDOWS\system32\kbdru.dll
2009-02-25 15:09:07 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2009-02-25 15:09:07 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2009-02-25 15:09:07 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2009-02-25 15:09:07 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2009-02-25 15:09:07 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2009-02-25 15:09:07 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2009-02-25 15:09:06 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2009-02-25 15:09:06 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2009-02-25 15:09:06 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2009-02-25 15:09:06 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2009-02-25 15:09:06 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2009-02-25 15:09:06 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2009-02-25 15:09:06 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2009-02-25 15:09:05 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2009-02-25 15:09:05 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2009-02-25 15:09:05 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2009-02-25 15:09:05 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2009-02-25 15:09:04 ----RA---- C:\WINDOWS\system32\kbdest.dll
2009-02-25 15:09:01 ----RA---- C:\WINDOWS\system32\kbdycl.dll
2009-02-25 15:09:01 ----RA---- C:\WINDOWS\system32\kbdsl1.dll
2009-02-25 15:09:01 ----RA---- C:\WINDOWS\system32\kbdsl.dll
2009-02-25 15:09:01 ----RA---- C:\WINDOWS\system32\kbdro.dll
2009-02-25 15:09:01 ----RA---- C:\WINDOWS\system32\kbdpl1.dll
2009-02-25 15:09:01 ----RA---- C:\WINDOWS\system32\kbdpl.dll
2009-02-25 15:09:01 ----RA---- C:\WINDOWS\system32\kbdhu1.dll
2009-02-25 15:09:01 ----RA---- C:\WINDOWS\system32\kbdhu.dll
2009-02-25 15:09:01 ----RA---- C:\WINDOWS\system32\kbdcz2.dll
2009-02-25 15:09:01 ----RA---- C:\WINDOWS\system32\kbdcz1.dll
2009-02-25 15:09:01 ----RA---- C:\WINDOWS\system32\kbdcz.dll
2009-02-25 15:09:01 ----RA---- C:\WINDOWS\system32\kbdcr.dll
2009-02-25 15:09:01 ----RA---- C:\WINDOWS\system32\KBDAL.DLL
2009-02-25 15:08:56 ----A---- C:\WINDOWS\system32\irclass.dll
2009-02-25 15:08:56 ----A---- C:\WINDOWS\system32\dgsetup.dll
2009-02-25 15:08:56 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2009-02-25 15:08:55 ----A---- C:\WINDOWS\system32\spxcoins.dll
2009-02-25 15:08:55 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2009-02-25 15:08:53 ----N---- C:\WINDOWS\system32\CONFIG.TMP
2009-02-25 15:08:53 ----A---- C:\WINDOWS\TASKMAN.EXE
2009-02-25 15:08:53 ----A---- C:\WINDOWS\system32\batt.dll
2009-02-25 15:08:53 ----A---- C:\WINDOWS
otepad.exe
2009-02-25 15:08:52 ----A---- C:\WINDOWS\system32\storprop.dll
2009-02-25 15:08:41 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2009-02-25 15:08:24 ----D---- C:\WINDOWS\system32\CatRoot2
2009-02-25 15:08:24 ----D---- C:\WINDOWS\system32\CatRoot
2009-02-25 15:08:18 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-02-25 15:07:46 ----A---- C:\WINDOWS\setuplog.txt
2009-02-25 15:07:43 ----A---- C:\pmtimer.exe
2009-02-25 15:07:43 ----A---- C:\makePNF.exe
2009-02-25 15:07:43 ----A---- C:\DSPdsblr.exe
2009-02-25 15:07:43 ----A---- C:\DPSFNSHR.INI
2009-02-25 15:07:43 ----A---- C:\DPsFnshr.exe
2009-02-25 15:07:42 ----A---- C:\devcon.exe
2009-02-25 15:05:26 ----A---- C:\WINDOWS\system32\RTLCPL.EXE
2009-02-25 15:05:26 ----A---- C:\WINDOWS\SOUNDMAN.EXE
2009-02-25 15:05:12 ----A---- C:\WINDOWS\system32\RTLCPAPI.dll
2009-02-25 15:05:12 ----A---- C:\WINDOWS\Alcrmv.exe
2009-02-25 15:04:12 ----A---- C:\DP_MassStorage_wnt5_x86-32.ini
2009-02-25 15:01:12 ----A---- C:\WINDOWS\system32\Oemdspif.dll
2009-02-25 15:00:49 ----A---- C:\WINDOWS\system32\ativvaxx.dll
2009-02-25 15:00:49 ----A---- C:\WINDOWS\system32\atitvo32.dll
2009-02-25 15:00:49 ----A---- C:\WINDOWS\system32\atipdlxx.dll
2009-02-25 15:00:48 ----A---- C:\WINDOWS\system32\atioglxx.dll
2009-02-25 15:00:48 ----A---- C:\WINDOWS\system32\Atioglgl.dll
2009-02-25 15:00:48 ----A---- C:\WINDOWS\system32\atikvmag.dll
2009-02-25 15:00:48 ----A---- C:\WINDOWS\system32\atiiiexx.dll
2009-02-25 15:00:48 ----A---- C:\WINDOWS\system32\ATIDEMGR.dll
2009-02-25 15:00:48 ----A---- C:\WINDOWS\system32\ATIDDC.DLL
2009-02-25 15:00:48 ----A---- C:\WINDOWS\system32\ati3duag.dll
2009-02-25 15:00:48 ----A---- C:\WINDOWS\system32\ati2evxx.dll
2009-02-25 15:00:48 ----A---- C:\WINDOWS\system32\ati2edxx.dll
2009-02-25 15:00:48 ----A---- C:\WINDOWS\system32\ati2dvag.dll
2009-02-25 15:00:48 ----A---- C:\WINDOWS\system32\ati2cqag.dll
2009-02-25 15:00:45 ----A---- C:\WINDOWS\system32\Ati2mdxx.exe
2009-02-25 15:00:45 ----A---- C:\WINDOWS\system32\ati2evxx.exe
2009-02-25 14:59:10 ----D---- C:\D
2009-02-25 14:58:54 ----SHD---- C:\System Volume Information
2009-02-25 14:58:54 ----D---- C:\Documents and Settings
2009-02-25 14:58:22 ----RASH---- C:\boot.ini
2009-02-25 14:57:55 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2_0$
2009-02-25 14:57:51 ----HDC---- C:\WINDOWS\$NtUninstallKB952954_0$
2009-02-25 14:57:45 ----HDC---- C:\WINDOWS\$NtUninstallKB946648_0$
2009-02-25 14:57:41 ----HDC---- C:\WINDOWS\$NtUninstallKB956803_0$
2009-02-25 14:57:36 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2009-02-25 14:57:31 ----HDC---- C:\WINDOWS\$NtUninstallKB950974_0$
2009-02-25 14:57:26 ----HDC---- C:\WINDOWS\$NtUninstallKB951698_0$
2009-02-25 14:57:21 ----HDC---- C:\WINDOWS\$NtUninstallKB954211_0$
2009-02-25 14:57:07 ----HDC---- C:\WINDOWS\$NtUninstallKB956841_0$
2009-02-25 14:57:01 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2009-02-25 14:56:56 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2009-02-25 14:56:40 ----HDC---- C:\WINDOWS\$NtUninstallKB950762_0$
2009-02-25 14:56:36 ----HDC---- C:\WINDOWS\$NtUninstallKB957097_0$
2009-02-25 14:56:31 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$
2009-02-25 14:56:26 ----HDC---- C:\WINDOWS\$NtUninstallKB958687_0$
2009-02-25 14:56:21 ----HDC---- C:\WINDOWS\$NtUninstallKB952287_0$
2009-02-25 14:56:11 ----HDC---- C:\WINDOWS\$NtUninstallKB967715_0$
2009-02-25 14:56:06 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$
2009-02-25 14:56:01 ----HDC---- C:\WINDOWS\$NtUninstallKB951066_0$
2009-02-25 14:55:54 ----HDC---- C:\WINDOWS\$NtUninstallKB951748_0$
2009-02-25 14:55:44 ----HDC---- C:\WINDOWS\$NtUninstallKB938464_0$
2009-02-25 14:55:25 ----D---- C:\WINDOWS\ie7updates
2009-02-25 14:55:18 ----HDC---- C:\WINDOWS\$NtUninstallKB954600_0$
2009-02-25 14:55:13 ----HDC---- C:\WINDOWS\$NtUninstallKB958644_0$
2009-02-25 14:55:08 ----HDC---- C:\WINDOWS\$NtUninstallKB955069_0$
2009-02-25 14:54:59 ----HDC---- C:\WINDOWS\$NtUninstallKB956802_0$
2009-02-25 14:54:16 ----N---- C:\WINDOWS\system32\wmphoto.dll
2009-02-25 14:54:14 ----N---- C:\WINDOWS\system32\wlanapi.dll
2009-02-25 14:54:12 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2009-02-25 14:54:12 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2009-02-25 14:53:56 ----N---- C:\WINDOWS\system32	spkg.dll
2009-02-25 14:53:56 ----N---- C:\WINDOWS\system32	sgqec.dll
2009-02-25 14:53:15 ----N---- C:\WINDOWS\system32\spupdwxp.exe
2009-02-25 14:53:08 ----A---- C:\WINDOWS\system32\spdwnwxp.exe
2009-02-25 14:52:59 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-02-25 14:52:59 ----RSD---- C:\WINDOWS\Fonts
2009-02-25 14:52:59 ----RD---- C:\WINDOWS\Web
2009-02-25 14:52:59 ----N---- C:\WINDOWS\system32\slserv.exe
2009-02-25 14:52:59 ----N---- C:\WINDOWS\system32\slrundll.exe
2009-02-25 14:52:59 ----N---- C:\WINDOWS\slrundll.exe
2009-02-25 14:52:59 ----HD---- C:\WINDOWS\inf
2009-02-25 14:52:59 ----D---- C:\WINDOWS\WinSxS
2009-02-25 14:52:59 ----D---- C:\WINDOWS\WBEM
2009-02-25 14:52:59 ----D---- C:\WINDOWS	wain_32
2009-02-25 14:52:59 ----D---- C:\WINDOWS\system32\wins
2009-02-25 14:52:59 ----D---- C:\WINDOWS\system32\wbem
2009-02-25 14:52:59 ----D---- C:\WINDOWS\system32\usmt
2009-02-25 14:52:59 ----D---- C:\WINDOWS\system32\sv-se
2009-02-25 14:52:59 ----D---- C:\WINDOWS\system32\spool
2009-02-25 14:52:59 ----D---- C:\WINDOWS\system32\ShellExt
2009-02-25 14:52:59 ----D---- C:\WINDOWS\system32\Setup
2009-02-25 14:52:59 ----D---- C:\WINDOWS\system32as
2009-02-25 14:52:59 ----D---- C:\WINDOWS\system32\PreInstall
2009-02-25 14:52:59 ----D---- C:\WINDOWS\system32\oobe
2009-02-25 14:52:59 ----D---- C:\WINDOWS\system32
pp
2009-02-25 14:52:59 ----D---- C:\WINDOWS\system32\mui
2009-02-25 14:52:59 ----D---- C:\WINDOWS\system32\inetsrv
2009-02-25 14:52:59 ----D---- C:\WINDOWS\system32\IME
2009-02-25 14:52:59 ----D---- C:\WINDOWS\system32\icsxml
2009-02-25 14:52:59 ----D---- C:\WINDOWS\system32\ias
2009-02-25 14:52:59 ----D---- C:\WINDOWS\system32\export
2009-02-25 14:52:59 ----D---- C:\WINDOWS\system32\drivers
2009-02-25 14:52:59 ----D---- C:\WINDOWS\system32\dhcp
2009-02-25 14:52:59 ----D---- C:\WINDOWS\system32\config
2009-02-25 14:52:59 ----D---- C:\WINDOWS\system32\3com_dmi
2009-02-25 14:52:59 ----D---- C:\WINDOWS\system32\3076
2009-02-25 14:52:59 ----D---- C:\WINDOWS\system32\2052
2009-02-25 14:52:59 ----D---- C:\WINDOWS\system32\1054
2009-02-25 14:52:59 ----D---- C:\WINDOWS\system32\1053
2009-02-25 14:52:59 ----D---- C:\WINDOWS\system32\1042
2009-02-25 14:52:59 ----D---- C:\WINDOWS\system32\1041
2009-02-25 14:52:59 ----D---- C:\WINDOWS\system32\1037
2009-02-25 14:52:59 ----D---- C:\WINDOWS\system32\1033
2009-02-25 14:52:59 ----D---- C:\WINDOWS\system32\1031
2009-02-25 14:52:59 ----D---- C:\WINDOWS\system32\1028
2009-02-25 14:52:59 ----D---- C:\WINDOWS\system32\1025
2009-02-25 14:52:59 ----D---- C:\WINDOWS\system32
2009-02-25 14:52:59 ----D---- C:\WINDOWS\system
2009-02-25 14:52:59 ----D---- C:\WINDOWS\security
2009-02-25 14:52:59 ----D---- C:\WINDOWS\Resources
2009-02-25 14:52:59 ----D---- C:\WINDOWSepair
2009-02-25 14:52:59 ----D---- C:\WINDOWS\Provisioning
2009-02-25 14:52:59 ----D---- C:\WINDOWS\PeerNet
2009-02-25 14:52:59 ----D---- C:\WINDOWS\pchealth
2009-02-25 14:52:59 ----D---- C:\WINDOWS\Offline Web Pages
2009-02-25 14:52:59 ----D---- C:\WINDOWS\Network Diagnostic
2009-02-25 14:52:59 ----D---- C:\WINDOWS\mui
2009-02-25 14:52:59 ----D---- C:\WINDOWS\msapps
2009-02-25 14:52:59 ----D---- C:\WINDOWS\msagent
2009-02-25 14:52:59 ----D---- C:\WINDOWS\Media
2009-02-25 14:52:59 ----D---- C:\WINDOWS\java
2009-02-25 14:52:59 ----D---- C:\WINDOWS\ime
2009-02-25 14:52:59 ----D---- C:\WINDOWS\Help
2009-02-25 14:52:59 ----D---- C:\WINDOWS\ehome
2009-02-25 14:52:59 ----D---- C:\WINDOWS\Driver Cache
2009-02-25 14:52:59 ----D---- C:\WINDOWS\Debug
2009-02-25 14:52:59 ----D---- C:\WINDOWS\Cursors
2009-02-25 14:52:59 ----D---- C:\WINDOWS\Connection Wizard
2009-02-25 14:52:59 ----D---- C:\WINDOWS\Config
2009-02-25 14:52:59 ----D---- C:\WINDOWS\AppPatch
2009-02-25 14:52:59 ----D---- C:\WINDOWS\addins
2009-02-25 14:52:59 ----D---- C:\WINDOWS
2009-02-25 14:52:57 ----N---- C:\WINDOWS\system32\slgen.dll
2009-02-25 14:52:57 ----N---- C:\WINDOWS\system32\slextspk.dll
2009-02-25 14:52:57 ----N---- C:\WINDOWS\system32\slcoinst.dll
2009-02-25 14:52:52 ----N---- C:\WINDOWS\system32\setupn.exe
2009-02-25 14:52:48 ----N---- C:\WINDOWS\system32\s3gnb.dll
2009-02-25 14:52:46 ----N---- C:\WINDOWS\system32httpaa.dll
2009-02-25 14:52:43 ----N---- C:\WINDOWS\system32asqec.dll
2009-02-25 14:52:42 ----N---- C:\WINDOWS\system32\qutil.dll
2009-02-25 14:52:41 ----N---- C:\WINDOWS\system32\qcliprov.dll
2009-02-25 14:52:41 ----N---- C:\WINDOWS\system32\qagentrt.dll
2009-02-25 14:52:41 ----N---- C:\WINDOWS\system32\qagent.dll
2009-02-25 14:52:38 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2009-02-25 14:52:33 ----N---- C:\WINDOWS\system32\onex.dll
2009-02-25 14:52:24 ----N---- C:\WINDOWS\system32
v4_disp.dll
2009-02-25 14:52:16 ----N---- C:\WINDOWS\system32
apstat.exe
2009-02-25 14:52:16 ----N---- C:\WINDOWS\system32
apmontr.dll
2009-02-25 14:52:16 ----N---- C:\WINDOWS\system32
apipsec.dll
2009-02-25 14:52:15 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2009-02-25 14:52:14 ----N---- C:\WINDOWS\system32\msxml6r.dll
2009-02-25 14:52:14 ----N---- C:\WINDOWS\system32\msxml6.dll
2009-02-25 14:52:11 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2009-02-25 14:52:11 ----N---- C:\WINDOWS\system32\mssha.dll
2009-02-25 14:52:05 ----N---- C:\WINDOWS\system32\mmcperf.exe
2009-02-25 14:52:05 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2009-02-25 14:52:05 ----N---- C:\WINDOWS\system32\mmcex.dll
2009-02-25 14:52:05 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2009-02-25 14:52:03 ----A---- C:\WINDOWS\system32\mdmxsdk.dll
2009-02-25 14:51:51 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2009-02-25 14:51:51 ----N---- C:\WINDOWS\system32\kmsvc.dll
2009-02-25 14:51:51 ----N---- C:\WINDOWS\system32\kbdpash.dll
2009-02-25 14:51:51 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2009-02-25 14:51:51 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2009-02-25 14:51:51 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2009-02-25 14:51:48 ----N---- C:\WINDOWS\system32\smtpapi.dll
2009-02-25 14:51:48 ----N---- C:\WINDOWS\system32wnh.dll
2009-02-25 14:51:46 ----N---- C:\WINDOWS\system32\comsdupd.exe
2009-02-25 14:51:44 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2009-02-25 14:51:42 ----N---- C:\WINDOWS\system32\faxpatch.exe
2009-02-25 14:51:42 ----A---- C:\WINDOWS\002487_.tmp
2009-02-25 14:51:41 ----N---- C:\WINDOWS\system32\eapsvc.dll
2009-02-25 14:51:41 ----N---- C:\WINDOWS\system32\eapqec.dll
2009-02-25 14:51:41 ----N---- C:\WINDOWS\system32\eappprxy.dll
2009-02-25 14:51:41 ----N---- C:\WINDOWS\system32\eapphost.dll
2009-02-25 14:51:41 ----N---- C:\WINDOWS\system32\eappgnui.dll
2009-02-25 14:51:41 ----N---- C:\WINDOWS\system32\eappcfg.dll
2009-02-25 14:51:41 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2009-02-25 14:51:41 ----N---- C:\WINDOWS\system32\eapolqec.dll
2009-02-25 14:51:39 ----N---- C:\WINDOWS\system32\dot3ui.dll
2009-02-25 14:51:39 ----N---- C:\WINDOWS\system32\dot3svc.dll
2009-02-25 14:51:39 ----N---- C:\WINDOWS\system32\dot3msm.dll
2009-02-25 14:51:39 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2009-02-25 14:51:39 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2009-02-25 14:51:39 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2009-02-25 14:51:39 ----N---- C:\WINDOWS\system32\dot3api.dll
2009-02-25 14:51:39 ----N---- C:\WINDOWS\system32\dimsroam.dll
2009-02-25 14:51:39 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2009-02-25 14:51:39 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2009-02-25 14:51:38 ----N---- C:\WINDOWS\system32\credssp.dll
2009-02-25 14:51:35 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2009-02-25 14:51:35 ----N---- C:\WINDOWS\system32\azroles.dll
2009-02-25 14:51:35 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2009-02-25 14:51:34 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2009-02-25 14:51:34 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2009-02-25 14:51:32 ----N---- C:\WINDOWS\system32\aaclient.dll
2009-02-25 14:51:31 ----D---- C:\Program\Delade filer\InstallShield
2009-02-25 14:51:04 ----D---- C:	mp
2009-02-25 14:50:47 ----D---- C:\WINDOWS\system32\DRM
2009-02-25 14:50:16 ----HDC---- C:\WINDOWS\$NtUninstallKB887472$
2009-02-25 14:33:27 ----RSD---- C:\WINDOWS\assembly
2009-02-25 14:33:27 ----D---- C:\WINDOWS\Microsoft.NET
2009-02-25 14:33:24 ----D---- C:\WINDOWS\system32\URTTemp
2009-02-25 14:32:44 ----A---- C:\WINDOWS\system32\MRT.exe
2009-02-25 14:32:21 ----HDC---- C:\WINDOWS\$NtUninstallKB926239$
2009-02-25 14:32:16 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2009-02-25 14:30:31 ----D---- C:\WINDOWS\system32\LogFiles
2009-02-25 14:30:26 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$
2009-02-25 14:29:17 ----D---- C:\Program\Windows Media Connect 2
2009-02-25 14:29:17 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2009-02-25 14:29:16 ----HDC---- C:\WINDOWS\$NtUninstallWMCSetup$
2009-02-25 14:29:03 ----D---- C:\WINDOWS\RegisteredPackages
2009-02-25 14:28:20 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2009-02-25 14:26:46 ----D---- C:\WINDOWS\SoftwareDistribution
2009-02-25 14:26:34 ----SD---- C:\WINDOWS\system32\Microsoft
2009-02-25 14:26:34 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-02-25 14:24:49 ----HD---- C:\WINDOWS\$hf_mig$
2009-02-25 14:24:47 ----N---- C:\WINDOWS\system32	zchange.exe
2009-02-25 14:24:29 ----A---- C:\WINDOWS\control.ini
2009-02-25 14:24:29 ----A---- C:\AUTOEXEC.BAT
2009-02-25 14:24:22 ----A---- C:\WINDOWS\OEWABLog.txt
2009-02-25 14:24:16 ----A---- C:\WINDOWS\system32\mapi32.dll
2009-02-25 14:24:14 ----D---- C:\WINDOWS\system32\dllcache
2009-02-25 14:23:01 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2009-02-25 14:22:55 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2009-02-25 14:22:49 ----HD---- C:\Program\WindowsUpdate
2009-02-25 14:22:44 ----D---- C:\Program\Onlinetjänster
2009-02-25 14:22:24 ----D---- C:\WINDOWS\system32\DirectX
2009-02-25 14:22:07 ----A---- C:\WINDOWS\system32\atrace.dll
2009-02-25 14:22:06 ----A---- C:\WINDOWS\system32\desktop.ini
2009-02-25 14:22:06 ----A---- C:\WINDOWS\desktop.ini
2009-02-25 14:22:01 ----A---- C:\WINDOWS\system32
mevtmsg.dll
2009-02-25 14:21:59 ----D---- C:\Program\Delade filer\Services
2009-02-25 14:21:59 ----A---- C:\WINDOWS\system32\acctres.dll
2009-02-25 14:21:57 ----SD---- C:\WINDOWS\Tasks
2009-02-25 14:21:57 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2009-02-25 14:21:56 ----D---- C:\Program\Delade filer\MSSoap
2009-02-25 14:21:51 ----D---- C:\WINDOWS\srchasst
2009-02-25 14:21:50 ----D---- C:\WINDOWS\system32\Macromed
2009-02-25 14:21:50 ----A---- C:\WINDOWS\system32\wuweb.dll
2009-02-25 14:21:50 ----A---- C:\WINDOWS\system32\wucltui.dll
2009-02-25 14:21:50 ----A---- C:\WINDOWS\system32\wuauserv.dll
2009-02-25 14:21:50 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2009-02-25 14:21:49 ----A---- C:\WINDOWS\system32\wups.dll
2009-02-25 14:21:49 ----A---- C:\WINDOWS\system32\wuaueng.dll
2009-02-25 14:21:49 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2009-02-25 14:21:49 ----A---- C:\WINDOWS\system32\wuauclt.exe
2009-02-25 14:21:49 ----A---- C:\WINDOWS\system32\wuapi.dll
2009-02-25 14:21:49 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2009-02-25 14:21:49 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2009-02-25 14:21:49 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2009-02-25 14:21:48 ----A---- C:\WINDOWS\system32\qmgr.dll
2009-02-25 14:21:44 ----D---- C:\Program\Movie Maker
2009-02-25 14:21:40 ----A---- C:\WINDOWS\system32\safrslv.dll
2009-02-25 14:21:40 ----A---- C:\WINDOWS\system32\safrdm.dll
2009-02-25 14:21:40 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2009-02-25 14:21:40 ----A---- C:\WINDOWS\system32acpldlg.dll
2009-02-25 14:21:35 ----A---- C:\WINDOWS\system32\fltlib.dll
2009-02-25 14:21:34 ----D---- C:\WINDOWS\system32\Restore
2009-02-25 14:21:34 ----A---- C:\WINDOWS\system32\srsvc.dll
2009-02-25 14:21:34 ----A---- C:\WINDOWS\system32\srrstr.dll
2009-02-25 14:21:34 ----A---- C:\WINDOWS\system32\srclient.dll
2009-02-25 14:21:34 ----A---- C:\WINDOWS\system32\fltmc.exe
2009-02-25 14:21:33 ----D---- C:\Program\Windows Media Player
2009-02-25 14:21:33 ----A---- C:\WINDOWS\system32
mmkcert.dll
2009-02-25 14:21:33 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2009-02-25 14:21:33 ----A---- C:\WINDOWS\system32\mnmdd.dll
2009-02-25 14:21:33 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2009-02-25 14:21:33 ----A---- C:\WINDOWS\system32\ils.dll
2009-02-25 14:21:32 ----A---- C:\WINDOWS\system32\msconf.dll
2009-02-25 14:21:30 ----D---- C:\Program\NetMeeting
2009-02-25 14:21:30 ----A---- C:\WINDOWS\system32\msoert2.dll
2009-02-25 14:21:30 ----A---- C:\WINDOWS\system32\msoeacct.dll
2009-02-25 14:21:28 ----A---- C:\WINDOWS\system32\inetres.dll
2009-02-25 14:21:28 ----A---- C:\WINDOWS\system32\inetcomm.dll
2009-02-25 14:21:26 ----D---- C:\Program\Outlook Express
2009-02-25 14:21:26 ----A---- C:\WINDOWS\system32\schedsvc.dll
2009-02-25 14:21:26 ----A---- C:\WINDOWS\system32\mstinit.exe
2009-02-25 14:21:25 ----A---- C:\WINDOWS\system32\mstask.dll
2009-02-25 14:21:25 ----A---- C:\WINDOWS\system32\isign32.dll
2009-02-25 14:21:25 ----A---- C:\WINDOWS\system32\inetcfg.dll
2009-02-25 14:21:25 ----A---- C:\WINDOWS\system32\icwphbk.dll
2009-02-25 14:21:25 ----A---- C:\WINDOWS\system32\icwdial.dll
2009-02-25 14:21:19 ----D---- C:\Program\Delade filer\System
2009-02-25 14:21:10 ----D---- C:\Program\Internet Explorer
2009-02-25 14:20:42 ----HD---- C:\Program\Uninstall Information
2009-02-25 14:20:26 ----D---- C:\Program\ComPlus Applications
2009-02-25 14:20:23 ----A---- C:\WINDOWS\vbaddin.ini
2009-02-25 14:20:23 ----A---- C:\WINDOWS\vb.ini
2009-02-25 14:20:15 ----D---- C:\WINDOWS\Registration
2009-02-25 14:19:55 ----D---- C:\Program\Messenger
2009-02-25 14:19:51 ----D---- C:\Program\MSN Gaming Zone
2009-02-25 14:19:51 ----A---- C:\WINDOWS\system32\write.exe
2009-02-25 14:19:43 ----A---- C:\WINDOWS\system32\winchat.exe
2009-02-25 14:19:43 ----A---- C:\WINDOWS\system32\sndvol32.exe
2009-02-25 14:19:43 ----A---- C:\WINDOWS\system32\hticons.dll
2009-02-25 14:19:43 ----A---- C:\WINDOWS\system32\avwav.dll
2009-02-25 14:19:43 ----A---- C:\WINDOWS\system32\avtapi.dll
2009-02-25 14:19:43 ----A---- C:\WINDOWS\system32\avmeter.dll
2009-02-25 14:19:38 ----A---- C:\WINDOWS\system32\getuname.dll
2009-02-25 14:19:37 ----A---- C:\WINDOWS\system32\winmine.exe
2009-02-25 14:19:37 ----A---- C:\WINDOWS\system32\sol.exe
2009-02-25 14:19:37 ----A---- C:\WINDOWS\system32\mshearts.exe
2009-02-25 14:19:37 ----A---- C:\WINDOWS\system32\charmap.exe
2009-02-25 14:19:37 ----A---- C:\WINDOWS\system32\calc.exe
2009-02-25 14:19:36 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2009-02-25 14:19:36 ----A---- C:\WINDOWS\system32	sshutdn.exe
2009-02-25 14:19:36 ----A---- C:\WINDOWS\system32	slabels.ini
2009-02-25 14:19:36 ----A---- C:\WINDOWS\system32	skill.exe
2009-02-25 14:19:36 ----A---- C:\WINDOWS\system32	sdiscon.exe
2009-02-25 14:19:36 ----A---- C:\WINDOWS\system32	scon.exe
2009-02-25 14:19:36 ----A---- C:\WINDOWS\system32\shadow.exe
2009-02-25 14:19:36 ----A---- C:\WINDOWS\system32winsta.exe
2009-02-25 14:19:36 ----A---- C:\WINDOWS\system32eset.exe
2009-02-25 14:19:36 ----A---- C:\WINDOWS\system32egini.exe
2009-02-25 14:19:36 ----A---- C:\WINDOWS\system32dpcfgex.dll
2009-02-25 14:19:36 ----A---- C:\WINDOWS\system32\qwinsta.exe
2009-02-25 14:19:36 ----A---- C:\WINDOWS\system32\freecell.exe
2009-02-25 14:19:35 ----A---- C:\WINDOWS\system32\qappsrv.exe
2009-02-25 14:19:35 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2009-02-25 14:19:35 ----A---- C:\WINDOWS\system32\mtxex.dll
2009-02-25 14:19:35 ----A---- C:\WINDOWS\system32\mtxdm.dll
2009-02-25 14:19:35 ----A---- C:\WINDOWS\system32\msg.exe
2009-02-25 14:19:35 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2009-02-25 14:19:35 ----A---- C:\WINDOWS\system32\logoff.exe
2009-02-25 14:19:35 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2009-02-25 14:19:35 ----A---- C:\WINDOWS\system32\cdmodem.dll
2009-02-25 14:19:34 ----A---- C:\WINDOWS\system32\stclient.dll
2009-02-25 14:19:34 ----A---- C:\WINDOWS\system32\comsnap.dll
2009-02-25 14:19:34 ----A---- C:\WINDOWS\system32\comrepl.dll
2009-02-25 14:19:34 ----A---- C:\WINDOWS\system32\comaddin.dll
2009-02-25 14:19:30 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2009-02-25 14:19:29 ----A---- C:\WINDOWS\system32\sndrec32.exe
2009-02-25 14:19:29 ----A---- C:\WINDOWS\system32\accwiz.exe
2009-02-25 14:19:28 ----D---- C:\Program\Windows NT
2009-02-25 14:19:28 ----A---- C:\WINDOWS\system32\mspaint.exe
2009-02-25 14:19:28 ----A---- C:\WINDOWS\system32\mplay32.exe
2009-02-25 14:19:28 ----A---- C:\WINDOWS\system32\hypertrm.dll
2009-02-25 14:19:27 ----A---- C:\WINDOWS\system32\spider.exe
2009-02-25 14:19:27 ----A---- C:\WINDOWS\system32\clipbrd.exe
2009-02-25 14:19:26 ----A---- C:\WINDOWS\system32	scfgwmi.dll
2009-02-25 14:19:26 ----A---- C:\WINDOWS\system32\sessmgr.exe
2009-02-25 14:19:26 ----A---- C:\WINDOWS\system32emotepg.dll
2009-02-25 14:19:26 ----A---- C:\WINDOWS\system32dshost.exe
2009-02-25 14:19:26 ----A---- C:\WINDOWS\system32dsaddin.exe
2009-02-25 14:19:26 ----A---- C:\WINDOWS\system32\mstscax.dll
2009-02-25 14:19:26 ----A---- C:\WINDOWS\system32\mstsc.exe
2009-02-25 14:19:25 ----D---- C:\WINDOWS\system32\MsDtc
2009-02-25 14:19:25 ----A---- C:\WINDOWS\system32	scupgrd.exe
2009-02-25 14:19:25 ----A---- C:\WINDOWS\system32	ermsrv.dll
2009-02-25 14:19:25 ----A---- C:\WINDOWS\system32dpwsx.dll
2009-02-25 14:19:25 ----A---- C:\WINDOWS\system32dpsnd.dll
2009-02-25 14:19:25 ----A---- C:\WINDOWS\system32dpclip.exe
2009-02-25 14:19:25 ----A---- C:\WINDOWS\system32dchost.dll
2009-02-25 14:19:25 ----A---- C:\WINDOWS\system32\qprocess.exe
2009-02-25 14:19:25 ----A---- C:\WINDOWS\system32\icaapi.dll
2009-02-25 14:19:25 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2009-02-25 14:19:24 ----A---- C:\WINDOWS\system32\mtxoci.dll
2009-02-25 14:19:24 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2009-02-25 14:19:24 ----A---- C:\WINDOWS\system32\msdtctm.dll
2009-02-25 14:19:24 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2009-02-25 14:19:23 ----A---- C:\WINDOWS\system32\xolehlp.dll
2009-02-25 14:19:23 ----A---- C:\WINDOWS\system32\msdtclog.dll
2009-02-25 14:19:23 ----A---- C:\WINDOWS\system32\msdtc.exe
2009-02-25 14:19:22 ----D---- C:\WINDOWS\system32\Com
2009-02-25 14:19:22 ----A---- C:\WINDOWS\system32\colbact.dll
2009-02-25 14:19:22 ----A---- C:\WINDOWS\system32\clbcatex.dll
2009-02-25 14:19:22 ----A---- C:\WINDOWS\system32\catsrvut.dll
2009-02-25 14:19:22 ----A---- C:\WINDOWS\system32\catsrvps.dll
2009-02-25 14:19:21 ----A---- C:\WINDOWS\system32\comsvcs.dll
2009-02-25 14:19:21 ----A---- C:\WINDOWS\system32\catsrv.dll
2009-02-25 14:19:20 ----A---- C:\WINDOWS\system32\comuid.dll
2009-02-25 14:19:20 ----A---- C:\WINDOWS\system32\clbcatq.dll
2009-02-25 14:19:14 ----A---- C:\WINDOWS\system32\servdeps.dll
2009-02-25 14:19:13 ----A---- C:\WINDOWS\system32\mmfutil.dll
2009-02-25 14:19:13 ----A---- C:\WINDOWS\system32\licwmi.dll
2009-02-25 14:19:13 ----A---- C:\WINDOWS\system32\cmprops.dll

======List of files/folders modified in the last 1 months======

2009-03-24 18:14:43 ----A---- C:\WINDOWS\system.ini
2009-03-23 11:07:24 ----A---- C:\WINDOWS\win.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-06-19 36864]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-03-24 325640]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-03-24 27656]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-03-24 107912]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 irda;IrDA Protocol; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2006-11-06 4024832]
R3 Arp1394;1394 ARP-klientprotokoll; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-12-17 1918464]
R3 BCM43XX;Drivrutin för Broadcom 802.11 nätverksadapter; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2006-08-15 369024]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2004-12-15 1038208]
R3 HSFHWATI;HSFHWATI; C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2004-12-15 200192]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS
ic1394.sys [2008-04-13 61824]
R3 NSCIRDA;Drivrutin för NSC-IR-enhet; C:\WINDOWS\system32\DRIVERS
scirda.sys [2008-04-13 28672]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERSasirda.sys [2001-08-17 19584]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2006-06-16 83968]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2-aktiverat nav; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2004-12-15 703232]
S3 hidusb;Microsoft HID-klassdrivrutin; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mouhid;HID-drivrutin för mus; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-01-01 12160]
S3 usbaudio;USB-ljuddrivrutiner (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 USBSTOR;Drivrutin för USB-masslagringsenheter; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 RxFilter;RxFilter; C:\WINDOWS\system32\DRIVERS\RxFilter.sys [2007-08-18 57328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-12-17 434176]
R2 avg8wd;AVG Free8 WatchDog; C:\Program\AVG\AVG8\avgwdsvc.exe [2009-03-24 298264]
R2 Irmon;Infrared Monitor; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program\Java\jre6\bin\jqs.exe [2009-03-11 152984]
R2 RoxWatch10;Roxio Hard Drive Watcher 10; C:\Program\Delade filer\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2007-08-24 166384]
R2 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
R3 RoxMediaDB10;RoxMediaDB10; C:\Program\Delade filer\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2007-08-24 1083888]
S2 Roxio Upnp Server 10;Roxio Upnp Server 10; C:\Program\Roxio\Digital Home 10\RoxioUpnpService10.exe [2007-08-24 362992]
S2 RoxLiveShare10;LiveShare P2P Server 10; C:\Program\Delade filer\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2007-08-24 309744]
S2 SessionLauncher;SessionLauncher; C:\DOCUME~1\ADMINI~1\LOKALA~1\Temp\DX9\SessionLauncher.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 gusvc;Google Updater Service; C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-06 137200]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program\Delade filer\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program\Delade filer\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10; C:\Program\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2007-08-24 72176]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------

Info

info.txt logfile of random's system information tool 1.06 2009-03-24 19:47:08

======Uninstall list======

-->C:\WINDOWS\system32\MSIEXEC.EXE /x {4F3FCD41-AD1C-4EE8-9D5C-35DBA58BA060}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-041D-0000-0000000FF1CE} /uninstall {E6B1E9D4-FBDC-44B2-B825-246D1B466C5B}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-041D-0000-0000000FF1CE} /uninstall {E6B1E9D4-FBDC-44B2-B825-246D1B466C5B}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-041D-0000-0000000FF1CE} /uninstall {E6B1E9D4-FBDC-44B2-B825-246D1B466C5B}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-041D-0000-0000000FF1CE} /uninstall {E6B1E9D4-FBDC-44B2-B825-246D1B466C5B}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-041D-0000-0000000FF1CE} /uninstall {E6B1E9D4-FBDC-44B2-B825-246D1B466C5B}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-041D-0000-0000000FF1CE} /uninstall {E6B1E9D4-FBDC-44B2-B825-246D1B466C5B}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040B-0000-0000000FF1CE} /uninstall {F14C929B-E0E6-4EB5-8BFD-FC71AAC7D39C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-041D-0000-0000000FF1CE} /uninstall {A8626CEF-CB0A-4BC2-8F51-210A43B6158D}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-041D-0000-0000000FF1CE} /uninstall {E6B1E9D4-FBDC-44B2-B825-246D1B466C5B}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-041D-0000-0000000FF1CE} /uninstall {C41B2E34-C30E-4989-8A9D-6B0805B33EC1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-041D-0000-0000000FF1CE} /uninstall {E6B1E9D4-FBDC-44B2-B825-246D1B466C5B}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-041D-0000-0000000FF1CE} /uninstall {E6B1E9D4-FBDC-44B2-B825-246D1B466C5B}
Acrobat.com-->C:\Program\Delade filer\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Adobe AIR-->C:\Program\Delade filer\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001}
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AVG 8.5-->C:\Program\AVG\AVG8\setup.exe /UNINSTALL
DirectXInstallService-->MsiExec.exe /X{098122AB-C605-4853-B441-C0A4EB359B75}
EMC 10 Content-->MsiExec.exe /X{FDB46DE7-9045-47BB-970A-3E4ED5369E03}
Google Toolbar for Internet Explorer-->"C:\Program\Google\Google Toolbar\Component\GoogleToolbarManager_0531C63A913CC9D1.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
IrfanView (remove only)-->C:\Program\IrfanView\iv_uninstall.exe
Java(TM) 6 Update 12-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216012FF}
K-Lite Codec Pack 4.7.0 (Full)-->"C:\Program\K-Lite Codec Pack\unins000.exe"
Lecteur Windows Media 11-->"C:\Program\Windows Media Player\Setup_wm.exe" /Uninstall
Malwarebytes' Anti-Malware-->"C:\Program\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1 Swedish Language Pack-->MsiExec.exe /X{992A2DB1-4ABC-4738-BD71-045C5FFE00D1}
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Language Pack - SVE-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - SVE\install.exe
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Access MUI (Swedish) 2007-->MsiExec.exe /X{90120000-0015-041D-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program\Delade filer\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (Swedish) 2007-->MsiExec.exe /X{90120000-0016-041D-0000-0000000FF1CE}
Microsoft Office Groove MUI (Swedish) 2007-->MsiExec.exe /X{90120000-00BA-041D-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Swedish) 2007-->MsiExec.exe /X{90120000-0044-041D-0000-0000000FF1CE}
Microsoft Office OneNote MUI (Swedish) 2007-->MsiExec.exe /X{90120000-00A1-041D-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Swedish) 2007-->MsiExec.exe /X{90120000-001A-041D-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Swedish) 2007-->MsiExec.exe /X{90120000-0018-041D-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (Finnish) 2007-->MsiExec.exe /X{90120000-001F-040B-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Swedish) 2007-->MsiExec.exe /X{90120000-001F-041D-0000-0000000FF1CE}
Microsoft Office Proofing (Swedish) 2007-->MsiExec.exe /X{90120000-002C-041D-0000-0000000FF1CE}
Microsoft Office Publisher MUI (Swedish) 2007-->MsiExec.exe /X{90120000-0019-041D-0000-0000000FF1CE}
Microsoft Office Shared MUI (Swedish) 2007-->MsiExec.exe /X{90120000-006E-041D-0000-0000000FF1CE}
Microsoft Office Word MUI (Swedish) 2007-->MsiExec.exe /X{90120000-001B-041D-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.0.7)-->C:\Program\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Realtek AC'97 Audio-->Alcrmv.exe -r -m
Roxio Activation Module-->MsiExec.exe /I{EC877639-07AB-495C-BFD1-D63AF9140810}
Roxio BackOnTrack-->MsiExec.exe /I{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}
Roxio Central Audio-->MsiExec.exe /I{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}
Roxio Central Copy-->MsiExec.exe /I{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}

Dorian · Answer

MalwareBytes: Apparemment pas de "nuisibles"

Malwarebytes' Anti-Malware 1.34
Version de la base de données: 1749
Windows 5.1.2600 Service Pack 3

2009-03-24 20:11:28
mbam-log-2009-03-24 (20-11-28).txt

Type de recherche: Examen rapide
Eléments examinés: 76635
Temps écoulé: 4 minute(s), 36 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

jlpjlp · Answer

lance tool cleaner et colle le rapport

http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner

________________

encore des soucis avec le pc???

Dorian · Answer

[ Rapport ToolsCleaner version 2.3.2 (par A.Rothstein & dj QUIOU) ]

-->- Recherche: 

C:\Combofix.txt: trouvé !
C:\Qoobox: trouvé !
C:\_OtMoveIt: trouvé !
C:\Rsit: trouvé !
C:\Documents and Settings\Dorian\Recent\HijackThis.lnk: trouvé !
C:\Documents and Settings\Dorian\Recent\Navilog1.lnk: trouvé !
C:\Program\Navilog1: trouvé !
C:\Program\Trend Micro\HijackThis: trouvé !
C:\Program\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\Program\Trend Micro\HijackThis\hijackthis.log: trouvé !

Pour l'histoire du fichier dll manquant avec msg d'erreur au demarage, c'est bien run.dll
Sa m'affiche: (en suedois traduit avec google translate)
"il ne peut pas être chargé dll32
elle ne peut pas trouver le module spécifié"

Dorian · Answer

Pardon, je viens de voir la suite de ton msg. Oui oui le PC va bcp mieux, un grand merci! Je n'ai plus de pop-up, juste ce message d'erreur au demarrage. Le reste, c'est tout bon! :)

jlpjlp · Answer

tu as le nom de la   dll32   exact? c'est rundll32 ? ....

sinon 
repare windows comme ceci pour le dll
https://www.pcastuces.com/pratique/windows/xp/default.htm





tool cleaner a tout viré???

rq:
garde malwarebyte en complement d'avg

Dorian · Answer

Je n'ai pas le CD windows avec moi, je le ramene demain au bureau et j'essayerais ce que tu m'as dit!

Pour l'histoire du .dll manquant, voila ce que sa m'affiche:
http://img1.imagilive.com/0309/erreur_dll.jpg

Tool Cleaner n'a rien effacer du tout. Par contre j'ai effacer hier ,au fur et a mesure, les differents logiciels utilises pour m'y retrouver.

jlpjlp · Answer

ok alors si c'est rundll32 fais ceci:

https://support.microsoft.com/fr-fr/help/812340

Dorian · Answer

Salut,
Je n'ai pu me procurer le CD de Windows XP qu'aujourd'hui. Je viens de faire ce qui etait dit sur la page et quand je lance "executer", sa m'ouvre pendant une seconde une fenetre noire puis elle disparait et plus rien ne se passe. Et quand je redemarre, sa ne change rien, toujours le message d'erreur au demarrage.
Je remarque aussi que globalement l'ordinateur est bien plus lent qu'avant... :-/
J'espere que tu auras une autre idee! En tout les cas, un grand merci pour ton aide depuis le debut, t'es bien plus caller que moi en informatique! :)
A+

jlpjlp · Answer

Télécharge ToolsCleaner sur ton bureau. 
-->  http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner
# Clique sur Recherche et laisse le scan agir ... 
# Clique sur Suppression pour finaliser. 
# Tu peux, si tu le souhaites, te servir des Options facultatives. 
# Clique sur Quitter pour obtenir le rapport. 
# Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\). 

_____________


utilise  pour supprimer tes traces 

CCLEANER: (lance un nettoyage et répare 3 fois le registre) sans installer la barre yahoo 
(dans les options puis avancé :désactive la case: effacer les fichiers de plus de 48 heures)
https://www.malekal.com/tutoriel-ccleaner/
https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html

_____________

et


 colle le rapport d'un scan en ligne 
avec un des suivants: 


bitdefender en ligne : 
http://www.bitdefender.fr/scan_fr/scan8/ie.html 

Panda en ligne : 
http://pandasoftware.fr

Kaspersky en ligne
https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr

Dorian · Answer

Tool Cleaner:
[ Rapport ToolsCleaner version 2.3.2 (par A.Rothstein & dj QUIOU) ]

-->- Recherche: 

C:\Combofix.txt: trouvé !
C:\Qoobox: trouvé !
C:\_OtMoveIt: trouvé !
C:\Rsit: trouvé !
C:\Documents and Settings\Dorian\Recent\HijackThis.lnk: trouvé !
C:\Documents and Settings\Dorian\Recent\Navilog1.lnk: trouvé !
C:\Program\Navilog1: trouvé !
C:\Program\Trend Micro\HijackThis: trouvé !
C:\Program\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\Program\Trend Micro\HijackThis\hijackthis.log: trouvé !

---------------------------------
-->- Suppression: 

C:\Documents and Settings\Dorian\Recent\HijackThis.lnk: supprimé !
C:\Documents and Settings\Dorian\Recent\Navilog1.lnk: supprimé !
C:\Program\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\Combofix.txt: supprimé !
C:\Program\Trend Micro\HijackThis\hijackthis.log: supprimé !
C:\Qoobox: supprimé !
C:\_OtMoveIt: supprimé !
C:\Rsit: supprimé !
C:\Program\Navilog1: supprimé !
C:\Program\Trend Micro\HijackThis: supprimé !

Dorian · Answer

Ok s a prit pas mal de temps mais le controle avec ActiveScan est enfin terminer. Voila le rapport:

;***********************************************************************************************************************************************************************************
ANALYSIS: 2009-03-27 23:48:32
PROTECTIONS: 1
MALWARE: 2
SUSPECTS: 2
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description                                  Version                       Active    Updated
;===================================================================================================================================================================================
AVG Anti-Virus Free                          8.5                           Yes       Yes
;===================================================================================================================================================================================
MALWARE
Id        Description                        Type                Active    Severity  Disinfectable  Disinfected Location
;===================================================================================================================================================================================
00168061  Cookie/Apmebf                      TrackingCookie      No        0         Yes            No           C:\Documents and Settings\Administratör\Cookies\administratör@apmebf[1].txt
00366244  Application/NirCmd.A               HackTools           No        0         No             No           C:\System Volume Information\_restore{657211A7-0AD2-4954-87BB-FB65ABF31D16}\RP3\A0000212.exe[C:\System Volume Information\_restore{657211A7-0AD2-4954-87BB-FB65ABF31D16}\RP3\A0000212.exe][nircmd.exe]
00366244  Application/NirCmd.A               HackTools           No        0         No             No           C:\System Volume Information\_restore{657211A7-0AD2-4954-87BB-FB65ABF31D16}\RP3\A0000159.exe[C:\System Volume Information\_restore{657211A7-0AD2-4954-87BB-FB65ABF31D16}\RP3\A0000159.exe][nircmd.exe]
;===================================================================================================================================================================================
SUSPECTS
Sent      Location                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              &
;===================================================================================================================================================================================
No        C:\Program\VersalSoft\InternetDownload\install.dll                                                                                                                                                                                                                                                                                                                                                                                                                                                                    &
No        C:\Program\VersalSoft\InternetDownload\VDTB.dll                                                                                                                                                                                                                                                                                                                                                                                                                                                                       &
;===================================================================================================================================================================================
VULNERABILITIES
Id        Severity   Description                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                &
;===================================================================================================================================================================================
;===================================================================================================================================================================================

jlpjlp · Answer

Désactive ta restauration systeme puis redemarre ton ordi puis réactive là comme ceci:
https://www.informatruc.com


____________

analyse ces fichiers sur virus total et colle les rapports: https://www.virustotal.com/gui/

C:\Program\VersalSoft\InternetDownload\install.dll &
C:\Program\VersalSoft\InternetDownload\VDTB.dll &

jlpjlp · Answer

Ok j'ai fait la restauration du systeme, en suedois c'etait chouette! :) 


il fallait la desactiver et non restaurer ?



pour les fichiers cachés
https://astwinds.pagesperso-orange.fr/astuces/fichiers_caches.html

Dorian · Answer

Pardon, je veux dire que j'ai desactive la rstauration puis redemarrer et re-activer (en sauvegardant comme c'etait demander).

Install.dll:
http://www.virustotal.com/fr/analisis/6acc77a12dc42a79bbb6ee95e574639a
VDTB.dll:
http://www.virustotal.com/fr/analisis/8f92fe2ac544687247ac5de799818fb0

jlpjlp · Answer

ok c'est contradictoire: versalsoft tu connais ? tu l'utilise ?


C:\Program\VersalSoft\InternetDownload\install.dll
C:\Program\VersalSoft\InternetDownload\VDTB.dll



sinon comment se comporte ton pc?

Dorian · Answer

Je connais pas du tout ce programme, jamais utiliser a ma connaissance. C'est peut etre mon collegue qui l'a installer apres avoir reformater. En tout cas, je peux le desinstaller sans soucis.
Le PC fonctionne assez bien, meme s'il est globalement beaucoup plus lent qu'il y a une semaine. Et toujours cette erreur dll au demarrage qui fait chier... Sa vaut la peine de tenter la premiere solution que tu m'a donner pour ce probleme? (avec le cd windows, taper sfc /scannow dans "executer")?

jlpjlp · Answer

Sa vaut la peine de tenter la premiere solution que tu m'a donner pour ce probleme? (avec le cd windows, taper sfc /scannow dans "executer")?


oui

Dorian · Answer

OK j'ai fait, mais tjrs le meme probleme de message d'erreur au demarrage. Mais je me demande si j'ai le bon CD de Windws, car a la base c'etait pas une version achetee, juste un cd qui trainait. (et avec tout en Suedois) :p

jlpjlp · Answer

si ce n'est pas le bon cd pas evident ...

sinon quels sont les soucis actuels?

Sunseeker · Answer

C'est quoi le nom de l'antivirus bidon qui scanne ton PC ?

Dorian · Answer

Impossible de me rappeler le nom de l'anti-virus. Mais la page qui s'ouvrait sans cesse a chaque recherche sur Google ou quand je cliquais sur pas mal de liens, c'etait www.ask.com

jlpjlp · Answer

www.ask.com  est souvent propsé a l'installation de certains logiciels , c'est pourquoi il faut faire attention lors de l'installation de logiciels , car il faut souvent décocher une case pour ne pas avoir ASK, YAHOO,GOOGLE .....


pour voir si il reste du ask :

Télécharge Toolbar-S&D (Team IDN) sur ton Bureau. 
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2 

* Lance l'installation du programme en exécutant le fichier téléchargé. 
* Double-clique maintenant sur le raccourci de Toolbar-S&D. 
* Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée. 
* Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche. 
* Poste le rapport généré. (C:\TB.txt)

Dorian · Answer

-----------\  ToolBar S&D 1.2.8   XP/Vista

   Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
   X86-based PC ( Uniprocessor Free : AMD Turion(tm) 64 Mobile Technology ML-30 )
   BIOS : Ver 1.00PARTTBL
   USER : Dorian ( Administrator )
   BOOT : Normal boot
   Antivirus : AVG Anti-Virus Free 8.5 (Activated)
   C:\ (Local Disk) - NTFS - Total:41 Go (Free:7 Go)
   D:\ (Local Disk) - NTFS - Total:14 Go (Free:14 Go)
   E:\ (CD or DVD)

   "C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
   Option : [1] ( 2009-04-02|10:52 )

   -----------\  Recherche de Fichiers / Dossiers ...

   C:\Program\AskBarDis
   C:\Program\AskBarDis\bar
   C:\Program\AskBarDis\unins000.dat
   C:\Program\AskBarDis\unins000.exe
   C:\Program\AskBarDis\bar\bin
   C:\Program\AskBarDis\bar\Settings
   C:\Program\AskBarDis\bar\bin\askBar.dll
   C:\Program\AskBarDis\bar\bin\askPopStp.dll
   C:\Program\AskBarDis\bar\bin\psvince.dll
   C:\Program\AskBarDis\bar\Settings\AskLogo.ico
   C:\Program\AskBarDis\bar\Settings\config.dat
   C:\Program\AskBarDis\bar\Settings\config.dat.bak
   C:\Program\AskBarDis\bar\Settings\prevCfg2.htm

   -----------\  Extensions

   (Dorian) - {E9A1DEE0-C623-4439-8932-001E7D17607D} => ajtoolbar


   -----------\  [..\Internet Explorer\Main]

   [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
   "Local Page"="C:\WINDOWS\system32\blank.htm"
   "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
   "Start Page"="https://www.msn.com/fr-fr/?ocid=iehp"

   [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
   "Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
   "Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
   "Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
   "Start Page"="https://www.msn.com/fr-fr/?ocid=iehp"


   --------------------\  Recherche d'autres infections


   Aucune autre infection trouvée  !


   1 - "C:\ToolBar SD\TB_1.txt" - 2009-04-02|10:52 - Option : [1]

   -----------\  Fin du rapport a 10:52:58,89

jlpjlp · Answer

Hé oui

alors fais toolbarsd option 2 et mets le rapport


_____________

encore des soucis???

Dorian · Answer

-----------\  ToolBar S&D 1.2.8   XP/Vista

   Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
   X86-based PC ( Uniprocessor Free : AMD Turion(tm) 64 Mobile Technology ML-30 )
   BIOS : Ver 1.00PARTTBL
   USER : Dorian ( Administrator )
   BOOT : Normal boot
   Antivirus : AVG Anti-Virus Free 8.5 (Activated)
   C:\ (Local Disk) - NTFS - Total:41 Go (Free:7 Go)
   D:\ (Local Disk) - NTFS - Total:14 Go (Free:14 Go)
   E:\ (CD or DVD)

   "C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
   Option : [2] ( 2009-04-02|10:59 )

   -----------\ SUPPRESSION

   Supprime! - C:\Program\AskBarDis\bar
   Supprime! - C:\Program\AskBarDis\unins000.dat
   Supprime! - C:\Program\AskBarDis\unins000.exe
   Supprime! - C:\Program\AskBarDis

   -----------\  Recherche de Fichiers / Dossiers ...


   -----------\  Extensions

   (Dorian) - {E9A1DEE0-C623-4439-8932-001E7D17607D} => ajtoolbar


   -----------\  [..\Internet Explorer\Main]

   [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
   "Local Page"="C:\WINDOWS\system32\blank.htm"
   "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
   "Start Page"="https://www.msn.com/fr-fr/?ocid=iehp"

   [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
   "Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
   "Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
   "Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
   "Start Page"="https://www.msn.com/fr-fr/"


   --------------------\  Recherche d'autres infections


   Aucune autre infection trouvée  !


   1 - "C:\ToolBar SD\TB_1.txt" - 2009-04-02|10:52 - Option : [1]
   2 - "C:\ToolBar SD\TB_2.txt" - 2009-04-02|11:00 - Option : [2]

   -----------\  Fin du rapport a 11:00:21,67

Je vais voir si tout va bien et je te dirais! Merci!

jlpjlp · Answer

ok tu diras

vire toolbar sd

a plus

Probleme de Pop Up (Encore un, desole!) - Page 3

Discussions similaires

Newsletters