View original (French)

Disinfection Impossible

PaulWeller -  
 Anonymous user -
Hello,
a problem occurred after a scan using Nod32.
Indeed, disinfecting my laptop from: C:\Windows.old\Users\Fifi\Downloads\eMulePlus12c.exe "NSIS" eMule.exe - probably a variant of Win32/Genetik Trojan horse, is impossible.

Could you help me? 
Configuration: Windows Vista Firefox 3.0.11

6 answers

Answer 1 / 6
Anonymous user
 
Hello

Is it your antivirus or an online scan?
--
We have all been beginners at something at some point.
But knowledge is the reward for diligence.
0
Answer 2 / 6
PaulWeller
 
This is my antivirus, installed on my PC.
0
Anonymous user
 
Re

Can you send me the complete report of your antivirus?
Thank you
--
We have all been beginners at something at some point.
But knowledge is the reward of diligence.
0
Answer 3 / 6
PaulWeller
 
Analysis performed on: 29/06/2009 02:41:45
Analysis report
NOD32 version 4194 (20090628) NT
Memory - is OK

Date: 29.6.2009 Time: 02:41:52
Anti-theft technology is activated.
Drives, directories, and files scanned: C:; D:
C:\hiberfil.sys - error on opening (the file is locked) [4]
C:\pagefile.sys - error on opening (the file is locked) [4]
C:\boot\bcd - error on opening (the file is locked) [4]
C:\boot\BCD.LOG - error on opening (the file is locked) [4]
C:\Program Files\WinRAR\Default.SFX »RAR - next archive volume not found
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log - error on opening (the file is locked) [4]
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log - error on opening (the file is locked) [4]
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb - error on opening (the file is locked) [4]
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb - error on opening (the file is locked) [4]
C:\SwSetup\HPGames\games\fr\bejeweled2deluxe-oem.exe »NSIS »134726E5-0682-43C5-8AA2-DD4D6A866DD4-extr.exe - an error occurred while reading the archive
C:\System Volume Information\MountPointManagerRemoteDatabase - error on opening (access denied) [4]
C:\System Volume Information\{11eb5972-61b6-11de-993e-001eec20a8aa}{3808876b-c176-4e48-b7ae-04046e6cc752} - error on opening (access denied) [4]
C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752} - error on opening (access denied) [4]
C:\System Volume Information\{44a4acae-61d0-11de-8758-001eec20a8aa}{3808876b-c176-4e48-b7ae-04046e6cc752} - error on opening (access denied) [4]
C:\System Volume Information\{44a4acb4-61d0-11de-8758-001eec20a8aa}{3808876b-c176-4e48-b7ae-04046e6cc752} - error on opening (access denied) [4]
C:\System Volume Information\{44a4acba-61d0-11de-8758-001eec20a8aa}{3808876b-c176-4e48-b7ae-04046e6cc752} - error on opening (access denied) [4]
C:\System Volume Information\{44a4acc0-61d0-11de-8758-001eec20a8aa}{3808876b-c176-4e48-b7ae-04046e6cc752} - error on opening (access denied) [4]
C:\System Volume Information\{44a4acc6-61d0-11de-8758-001eec20a8aa}{3808876b-c176-4e48-b7ae-04046e6cc752} - error on opening (access denied) [4]
C:\System Volume Information\{44a4accc-61d0-11de-8758-001eec20a8aa}{3808876b-c176-4e48-b7ae-04046e6cc752} - error on opening (access denied) [4]
C:\System Volume Information\{44a4acd2-61d0-11de-8758-001eec20a8aa}{3808876b-c176-4e48-b7ae-04046e6cc752} - error on opening (access denied) [4]
C:\System Volume Information\{44a4acd8-61d0-11de-8758-001eec20a8aa}{3808876b-c176-4e48-b7ae-04046e6cc752} - error on opening (access denied) [4]
C:\System Volume Information\{4bafa458-61a6-11de-8862-001eec20a8aa}{3808876b-c176-4e48-b7ae-04046e6cc752} - error on opening (access denied) [4]
C:\System Volume Information\{6c8d7707-61be-11de-8393-001eec20a8aa}{3808876b-c176-4e48-b7ae-04046e6cc752} - error on opening (access denied) [4]
C:\System Volume Information\{736c5420-61cb-11de-8574-001eec20a8aa}{3808876b-c176-4e48-b7ae-04046e6cc752} - error on opening (access denied) [4]
C:\System Volume Information\{736c5434-61cb-11de-8574-001eec20a8aa}{3808876b-c176-4e48-b7ae-04046e6cc752} - error on opening (access denied) [4]
C:\System Volume Information\{736c543a-61cb-11de-8574-001eec20a8aa}{3808876b-c176-4e48-b7ae-04046e6cc752} - error on opening (access denied) [4]
C:\System Volume Information\{736c544b-61cb-11de-8574-001eec20a8aa}{3808876b-c176-4e48-b7ae-04046e6cc752} - error on opening (access denied) [4]
C:\System Volume Information\{736c5451-61cb-11de-8574-001eec20a8aa}{3808876b-c176-4e48-b7ae-04046e6cc752} - error on opening (access denied) [4]
C:\System Volume Information\{736c5457-61cb-11de-8574-001eec20a8aa}{3808876b-c176-4e48-b7ae-04046e6cc752} - error on opening (access denied) [4]
C:\System Volume Information\{736c5463-61cb-11de-8574-001eec20a8aa}{3808876b-c176-4e48-b7ae-04046e6cc752} - error on opening (access denied) [4]
C:\System Volume Information\{905855a7-61d2-11de-a061-001eec20a8aa}{3808876b-c176-4e48-b7ae-04046e6cc752} - error on opening (access denied) [4]
C:\System Volume Information\{905855b4-61d2-11de-a061-001eec20a8aa}{3808876b-c176-4e48-b7ae-04046e6cc752} - error on opening (access denied) [4]
C:\System Volume Information\{905855ba-61d2-11de-a061-001eec20a8aa}{3808876b-c176-4e48-b7ae-04046e6cc752} - error on opening (access denied) [4]
C:\System Volume Information\{a1774ecf-63e6-11de-911b-001eec20a8aa}{3808876b-c176-4e48-b7ae-04046e6cc752} - error on opening (access denied) [4]
C:\System Volume Information\{c2195110-61c5-11de-8524-001eec20a8aa}{3808876b-c176-4e48-b7ae-04046e6cc752} - error on opening (access denied) [4]
C:\System Volume Information\{c2195116-61c5-11de-8524-001eec20a8aa}{3808876b-c176-4e48-b7ae-04046e6cc752} - error on opening (access denied) [4]
C:\System Volume Information\{c5f04537-61b8-11de-854d-001eec20a8aa}{3808876b-c176-4e48-b7ae-04046e6cc752} - error on opening (access denied) [4]
C:\System Volume Information\{c5f0453d-61b8-11de-854d-001eec20a8aa}{3808876b-c176-4e48-b7ae-04046e6cc752} - error on opening (access denied) [4]
C:\System Volume Information\{c5f04561-61b8-11de-854d-001eec20a8aa}{3808876b-c176-4e48-b7ae-04046e6cc752} - error on opening (access denied) [4]
C:\System Volume Information\{c5f04567-61b8-11de-854d-001eec20a8aa}{3808876b-c176-4e48-b7ae-04046e6cc752} - error on opening (access denied) [4]
C:\System Volume Information\{c7e9620f-62ab-11de-8b6d-001eec20a8aa}{3808876b-c176-4e48-b7ae-04046e6cc752} - error on opening (access denied) [4]
C:\System Volume Information\{c7e9621a-62ab-11de-8b6d-001eec20a8aa}{3808876b-c176-4e48-b7ae-04046e6cc752} - error on opening (access denied) [4]
C:\System Volume Information\{cd206118-643c-11de-beaf-001eec20a8aa}{3808876b-c176-4e48-b7ae-04046e6cc752} - error on opening (access denied) [4]
C:\System Volume Information\{f98ee0ee-627a-11de-91ac-001eec20a8aa}{3808876b-c176-4e48-b7ae-04046e6cc752} - error on opening (access denied) [4]
C:\System Volume Information\{f98ee132-627a-11de-91ac-001eec20a8aa}{3808876b-c176-4e48-b7ae-04046e6cc752} - error on opening (access denied) [4]
C:\System Volume Information\{f98ee138-627a-11de-91ac-001eec20a8aa}{3808876b-c176-4e48-b7ae-04046e6cc752} - error on opening (access denied) [4]
C:\Users\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSS.log - error on opening (the file is locked) [4]
C:\Users\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSStmp.log - error on opening (the file is locked) [4]
C:\Users\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\tmp.edb - error on opening (the file is locked) [4]
C:\Users\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Windows.edb - error on opening (the file is locked) [4]
C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\MSS.log - error on opening (the file is locked) [4]
C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\MSStmp.log - error on opening (the file is locked) [4]
C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\tmp.edb - error on opening (the file is locked) [4]
C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\Windows.edb - error on opening (the file is locked) [4]
C:\Users\TheSoul\NTUSER.DAT - error on opening (the file is locked) [4]
C:\Users\TheSoul\ntuser.dat.LOG1 - error on opening (the file is locked) [4]
C:\Users\TheSoul\ntuser.dat.LOG2 - error on opening (the file is locked) [4]
C:\Users\TheSoul\AppData\Local\Microsoft\Windows\UsrClass.dat - error on opening (the file is locked) [4]
C:\Users\TheSoul\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 - error on opening (the file is locked) [4]
C:\Users\TheSoul\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 - error on opening (the file is locked) [4]
C:\Users\TheSoul\AppData\Local\Microsoft\Windows Defender\FileTracker\{6C14593A-6D47-46E4-9EE3-0A47251BA764} - error on opening (the file is locked) [4]
C:\Users\TheSoul\AppData\Local\Temp\etilqs_a2yK7JctiekkiiIIsA90 - error on opening (the file is locked) [4]
C:\Users\TheSoul\AppData\Roaming\Mozilla\Firefox\Profiles\xfcxrs6b.default\parent.lock - error on opening (the file is locked) [4]
C:\Users\TheSoul\AppData\Roaming\Mozilla\Firefox\Profiles\xfcxrs6b.default\places.sqlite-journal - error on opening (the file is locked) [4]
C:\Users\TheSoul\Downloads\klcodec495f.exe »INNO - unsupported option
C:\Users\TheSoul\Downloads\Off2007EE_micipsa59_wawa.part1.rar »RAR »Office.2007.Enterprise.USB.Edition\MSACCESS.EXE - next archive volume not found
C:\Users\TheSoul\Downloads\winrar_winrar_3.80_final_francais_9632.exe »RAR »Default.SFX »RAR - next archive volume not found
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT - error on opening (the file is locked) [4]
C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 - error on opening (the file is locked) [4]
C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG2 - error on opening (the file is locked) [4]
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - error on opening (the file is locked) [4]
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - error on opening (the file is locked) [4]
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT - error on opening (the file is locked) [4]
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 - error on opening (the file is locked) [4]
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG2 - error on opening (the file is locked) [4]
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 - error on opening (the file is locked) [4]
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 - error on opening (the file is locked) [4]
C:\Windows\System32\catroot2\edb.log - error on opening (the file is locked) [4]
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb - error on opening (the file is locked) [4]
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb - error on opening (the file is locked) [4]
C:\Windows\System32\config\COMPONENTS - error on opening (the file is locked) [4]
C:\Windows\System32\config\COMPONENTS.LOG1 - error on opening (the file is locked) [4]
C:\Windows\System32\config\COMPONENTS.LOG2 - error on opening (the file is locked) [4]
C:\Windows\System32\config\DEFAULT - error on opening (the file is locked) [4]
C:\Windows\System32\config\DEFAULT.LOG1 - error on opening (the file is locked) [4]
C:\Windows\System32\config\DEFAULT.LOG2 - error on opening (the file is locked) [4]
C:\Windows\System32\config\SAM - error on opening (the file is locked) [4]
C:\Windows\System32\config\SAM.LOG1 - error on opening (the file is locked) [4]
C:\Windows\System32\config\SAM.LOG2 - error on opening (the file is locked) [4]
C:\Windows\System32\config\SECURITY - error on opening (the file is locked) [4]
C:\Windows\System32\config\SECURITY.LOG1 - error on opening (the file is locked) [4]
C:\Windows\System32\config\SECURITY.LOG2 - error on opening (the file is locked) [4]
C:\Windows\System32\config\SOFTWARE - error on opening (the file is locked) [4]
C:\Windows\System32\config\SOFTWARE.LOG1 - error on opening (the file is locked) [4]
C:\Windows\System32\config\SOFTWARE.LOG2 - error on opening (the file is locked) [4]
C:\Windows\System32\config\SYSTEM - error on opening (the file is locked) [4]
C:\Windows\System32\config\SYSTEM.LOG1 - error on opening (the file is locked) [4]
C:\Windows\System32\config\SYSTEM.LOG2 - error on opening (the file is locked) [4]
C:\Windows\System32\config\RegBack\COMPONENTS - error on opening (the file is locked) [4]
C:\Windows\System32\config\RegBack\DEFAULT - error on opening (the file is locked) [4]
C:\Windows\System32\config\RegBack\SAM - error on opening (the file is locked) [4]
C:\Windows\System32\config\RegBack\SECURITY - error on opening (the file is locked) [4]
C:\Windows\System32\config\RegBack\SOFTWARE - error on opening (the file is locked) [4]
C:\Windows\System32\config\RegBack\SYSTEM - error on opening (the file is locked) [4]
C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl - error on opening (access denied) [4]
C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl - error on opening (access denied) [4]
C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl - error on opening (access denied) [4]
C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl - error on opening (access denied) [4]
C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession.etl - error on opening (access denied) [4]
C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT - error on opening (the file is locked) [4]
C:\Windows\System32\SMI\Store\Machine\schema.dat.LOG1 - error on opening (the file is locked) [4]
C:\Windows\System32\SMI\Store\Machine\schema.dat.LOG2 - error on opening (the file is locked) [4]
C:\Windows.old\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSS.log - error on opening (the file is locked) [4]
C:\Windows.old\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSStmp.log - error on opening (the file is locked) [4]
C:\Windows.old\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\tmp.edb - error on opening (the file is locked) [4]
C:\Windows.old\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Windows.edb - error on opening (the file is locked) [4]
C:\Windows.old\Documents and Settings\All Users\Microsoft\Search\Data\Applications\Windows\MSS.log - error on opening (the file is locked) [4]
C:\Windows.old\Documents and Settings\All Users\Microsoft\Search\Data\Applications\Windows\MSStmp.log - error on opening (the file is locked) [4]
C:\Windows.old\Documents and Settings\All Users\Microsoft\Search\Data\Applications\Windows\tmp.edb - error on opening (the file is locked) [4]
C:\Windows.old\Documents and Settings\All Users\Microsoft\Search\Data\Applications\Windows\Windows.edb - error on opening (the file is locked) [4]
C:\Windows.old\Documents and Settings\TheSoul\NTUSER.DAT - error on opening (the file is locked) [4]
C:\Windows.old\Documents and Settings\TheSoul\ntuser.dat.LOG1 - error on opening (the file is locked) [4]
C:\Windows.old\Documents and Settings\TheSoul\ntuser.dat.LOG2 - error on opening (the file is locked) [4]
C:\Windows.old\Documents and Settings\TheSoul\AppData\Local\Application Data\Microsoft\Windows\UsrClass.dat - error on opening (the file is locked) [4]
C:\Windows.old\Documents and Settings\TheSoul\AppData\Local\Application Data\Microsoft\Windows\UsrClass.dat.LOG1 - error on opening (the file is locked) [4]
C:\Windows.old\Documents and Settings\TheSoul\AppData\Local\Application Data\Microsoft\Windows\UsrClass.dat.LOG2 - error on opening (the file is locked) [4]
C:\Windows.old\Documents and Settings\TheSoul\AppData\Local\Application Data\Microsoft\Windows Defender\FileTracker\{6C8BD02D-A1E8-4E05-A9FD-8A10C031C8C8} - error on opening (the file is locked) [4]
C:\Windows.old\Documents and Settings\TheSoul\AppData\Local\Application Data\Temp\etilqs_JAyzjeyu0vd3CZaAZCDL - error on opening (the file is locked) [4]
C:\Windows.old\Documents and Settings\TheSoul\AppData\Local\Microsoft\Windows\UsrClass.dat - error on opening (the file is locked) [4]
C:\Windows.old\Documents and Settings\TheSoul\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 - error on opening (the file is locked) [4]
C:\Windows.old\Documents and Settings\TheSoul\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 - error on opening (the file is locked) [4]
C:\Windows.old\Documents and Settings\TheSoul\AppData\Local\Microsoft\Windows Defender\FileTracker\{6C8BD02D-A1E8-4E05-A9FD-8A10C031C8C8} - error on opening (the file is locked) [4]
C:\Windows.old\Documents and Settings\TheSoul\AppData\Local\Temp\etilqs_JAyzjeyu0vd3CZaAZCDL - error on opening (the file is locked) [4]
C:\Windows.old\Documents and Settings\TheSoul\Downloads\klcodec495f.exe »INNO - unsupported option
C:\Windows.old\Documents and Settings\TheSoul\Downloads\Off2007EE_micipsa59_wawa.part1.rar »RAR »Office.2007.Enterprise.USB.Edition\MSACCESS.EXE - next archive volume not found
C:\Windows.old\Documents and Settings\TheSoul\Downloads\winrar_winrar_3.80_final_francais_9632.exe »RAR »Default.SFX »RAR - next archive volume not found
C:\Windows.old\Documents and Settings\TheSoul\Local Settings\Microsoft\Windows\UsrClass.dat - error on opening (the file is locked) [4]
C:\Windows.old\Documents and Settings\TheSoul\Local Settings\Microsoft\Windows\UsrClass.dat.LOG1 - error on opening (the file is locked) [4]
C:\Windows.old\Documents and Settings\TheSoul\Local Settings\Microsoft\Windows\UsrClass.dat.LOG2 - error on opening (the file is locked) [4]
C:\Windows.old\Documents and Settings\TheSoul\Local Settings\Microsoft\Windows Defender\FileTracker\{6C8BD02D-A1E8-4E05-A9FD-8A10C031C8C8} - error on opening (the file is locked) [4]
C:\Windows.old\Documents and Settings\TheSoul\Local Settings\Temp\etilqs_lUSPh0969Fw6m4T5rPLJ - error on opening (the file is locked) [4]
C:\Windows.old\Program Files\Everest Poker\cstart.exe - a variant of Win32/Adware.Casino application
C:\Windows.old\Program Files\Everest Poker\Everest Poker.exe - a variant of Win32/Adware.Casino application
C:\Windows.old\ProgramData\Application Data\Microsoft\Search\Data\Applications\Windows\MSS.log - error on opening (the file is locked) [4]
C:\Windows.old\ProgramData\Application Data\Microsoft\Search\Data\Applications\Windows\MSStmp.log - error on opening (the file is locked) [4]
C:\Windows.old\ProgramData\Application Data\Microsoft\Search\Data\Applications\Windows\tmp.edb - error on opening (the file is locked) [4]
C:\Windows.old\ProgramData\Application Data\Microsoft\Search\Data\Applications\Windows\Windows.edb - error on opening (the file is locked) [4]
C:\Windows.old\Users\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSS.log - error on opening (the file is locked) [4]
C:\Windows.old\Users\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSStmp.log - error on opening (the file is locked) [4]
C:\Windows.old\Users\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\tmp.edb - error on opening (the file is locked) [4]
C:\Windows.old\Users\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Windows.edb - error on opening (the file is locked) [4]
C:\Windows.old\Users\All Users\Microsoft\Search\Data\Applications\Windows\MSS.log - error on opening (the file is locked) [4]
C:\Windows.old\Users\All Users\Microsoft\Search\Data\Applications\Windows\MSStmp.log - error on opening (the file is locked) [4]
C:\Windows.old\Users\All Users\Microsoft\Search\Data\Applications\Windows\tmp.edb - error on opening (the file is locked) [4]
C:\Windows.old\Users\All Users\Microsoft\Search\Data\Applications\Windows\Windows.edb - error on opening (the file is locked) [4]
C:\Windows.old\Users\Fifi\AppData\Local\Microsoft\Messenger\danseusewinx@hotmail.fr\SharingMetadata\by.cissoue@hotmail.fr\DFSR\Staging\CS{2D9BA555-8809-0F81-77A6-719AA01A06BF}\01\19-{2D9BA555-8809-0F81-77A6-719AA01A06BF}-v1-{4DE48013-27C0-43A5-B60A-8D689CC - error on opening [4]
C:\Windows.old\Users\Fifi\AppData\Local\Microsoft\Messenger\danseusewinx@hotmail.fr\SharingMetadata\by.cissoue@hotmail.fr\DFSR\Staging\CS{2D9BA555-8809-0F81-77A6-719AA01A06BF}\03\40-{51D2A146-28B3-4A47-BDB4-3E7355225CB8}-v103-{FA6CC7E7-DD8A-4DDC-B31C-A19F3 - error on opening [4]
C:\Windows.old\Users\Fifi\AppData\Local\Microsoft\Messenger\danseusewinx@hotmail.fr\SharingMetadata\by.cissoue@hotmail.fr\DFSR\Staging\CS{2D9BA555-8809-0F81-77A6-719AA01A06BF}\35\35-{51D2A146-28B3-4A47-BDB4-3E7355225CB8}-v35-{FA6CC7E7-DD8A-4DDC-B31C-A19F3A - error on opening [4]
C:\Windows.old\Users\Fifi\AppData\Local\Microsoft\Messenger\danseusewinx@hotmail.fr\SharingMetadata\by.cissoue@hotmail.fr\DFSR\Staging\CS{2D9BA555-8809-0F81-77A6-719AA01A06BF}\85\37-{51D2A146-28B3-4A47-BDB4-3E7355225CB8}-v85-{FA6CC7E7-DD8A-4DDC-B31C-A19F3A - error on opening [4]
C:\Windows.old\Users\Fifi\AppData\Local\Microsoft\Messenger\danseusewinx@hotmail.fr\SharingMetadata\by.cissoue@hotmail.fr\DFSR\Staging\CS{2D9BA555-8809-0F81-77A6-719AA01A06BF}\91\38-{51D2A146-28B3-4A47-BDB4-3E7355225CB8}-v91-{FA6CC7E7-DD8A-4DDC-B31C-A19F3A - error on opening
0
Answer 4 / 6
PaulWeller
 
Sorry for the delay...

Can someone give me some information?
0
Anonymous user
 
Hello

1- Download and install the HijackThis software:

http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis
or here http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe
or here https://www.clubic.com/telecharger-fiche17891-hijackthis.html

--> Click on the setup to start the installation: follow the instructions and do not change the installation settings.
At the end of the installation, the program will launch automatically: close it by clicking on the red cross.
In the end, you should have a shortcut on your desktop and also a path like:
"C:\ program files\Trend Micro\HijackThis\HijackThis.exe " .

(Do not run this program for now and proceed with the next steps ...)


2- Download Random's System Information Tool (RSIT) from random/random and save the executable on your Desktop.

-> http://images.malwareremoval.com/random/RSIT.exe

! Disconnect and close all your ongoing applications!

Double-click on " RSIT.exe " to launch it.

-> A first window will open with the title: " Disclaimer of warranty " .

* In front of the option "List files/folders created ...", you choose: 2 months

* then click on " Continue " to start the scan ...


-> let the scan run and do not touch the PC ...


When the scan is complete, two text files will open (probably with Notepad).

Post the content of " log.txt " (the one that appears on the screen), as well as " info.txt " (which you will see in the taskbar), for analysis and wait for further instructions ...

Important: post one report, then the other in the next reply ...
If you try to post both at the same time, it might be too lengthy for the forum ...
( And if "log.txt" alone doesn't go through either, do it in two parts ... thanks ... )

( Note: the reports will also be saved in this folder -> C:\rsit )

Thank you


--
We have all been a beginner in something at some point.
But knowledge is the reward of diligence.
0
Answer 5 / 6
PaulWeller
 
Thank you for your help!

info.txt logfile of random's system information tool 1.06 2009-07-01 13:58:28

======Uninstall list======

-->C:\Program Files\Conexant\SmartAudio\SETUP.EXE -U -ISmartAudio -SM=SMAUDIO.EXE,1801
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.1 - French-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A91000000001}
WinRAR Archive-->C:\Program Files\WinRAR\uninstall.exe
Windows Live Connection Assistant-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
Atheros Client Installation Program-->C:\Program Files\InstallShield Installation Information\{28006915-2739-4EBE-B5E8-49B25D32EB33}\setup.exe -runfromtemp -l0x040c -removeonly
Broadcom 802.11 Wireless LAN Card-->"C:\Program Files\Broadcom\Broadcom 802.11\Driver\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Broadcom\Broadcom 802.11\Driver"
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Cisco EAP-FAST Module-->MsiExec.exe /I{9BFD5911-93E3-42BB-BFCD-50E4BA5B8D67}
Cisco LEAP Module-->MsiExec.exe /I{99A4344A-C723-4661-A507-D9D939480358}
Cisco PEAP Module-->MsiExec.exe /I{CD344FA5-6657-47CD-940F-8727EED35595}
Conexant HD Audio-->C:\Program Files\CONEXANT\CNXT_AUDIO_HDA\UIU32a.exe -U -ILEOHERza.INF
CpuIdle (remove only)-->"C:\Program Files\CpuIdle\uninstall.exe"
EVEREST Ultimate Edition v4.50-->"C:\Program Files\Lavalys\EVEREST Ultimate Edition\unins000.exe"
Guitar Pro 4-->MsiExec.exe /X{54A2CFDE-DC70-46E0-92AC-DC88F6303D39}
HDAUDIO Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_HERMOSA_HSF\UIU32m.exe -U -IHPQHERzm.inf
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
HP Quick Launch Buttons 6.40 B2-->C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\Setup.exe -runfromtemp -l0x040c -removeonly uninst
Windows Live Installer-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Installer-->MsiExec.exe /I{7370DF47-B4F9-4279-BFC3-3F09919F720D}
Intel(R) Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall
K-Lite Codec Pack 4.9.5 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Microsoft .NET Framework 3.5 Language Pack SP1 - fra-->MsiExec.exe /I{3E31821C-7917-367E-938E-E65FC413EA31}
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft .NET Framework 3.5 SP1 Language Pack - fra-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\setup.exe
Mozilla Firefox (3.0.11)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
NOD32 Antivirus System-->C:\Program Files\Eset\Setup\setup.exe /UNINSTALL
NOD32 FiX v2.1-->"C:\Program Files\Eset\unins000.exe"
Windows Live Download Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista-->C:\Program Files\InstallShield Installation Information\{AE46ABD3-D625-467F-B5A7-8D3FFF077F0D}\setup.exe -runfromtemp -l0x040c -removeonly
REALTEK GbE & FE Ethernet PCI NIC Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}\setup.exe" -l0x40c -removeonly
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
VLC media player 0.9.9-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C}

======Security center information======

AV: ESET NOD32 antivirus system 2.70
AS: Windows Defender

======System event log======

Computer Name: TheSoulPlace
Event Code: 15016
Message: Failed to initialize the Kerberos security package for server-side authentication. The data field contains the error number.
Record Number: 475
Source Name: Microsoft-Windows-HttpEvent
Time Written: 20090625160147.217932-000
Event Type: Error
User:

Computer Name: 26L2233B1-13
Event Code: 134
Message: NtpClient failed to set a manual peer to use as a time source due to a DNS resolution error on " time.windows.com,0x9 ". NtpClient will retry in 15 minutes, and again once double the retry interval has elapsed. The error was: Unknown host. (0x80072AF9)
Record Number: 13
Source Name: Microsoft-Windows-Time-Service
Time Written: 20090625154456.000000-000
Event Type: Warning
User:

Computer Name: 26L2233B1-13
Event Code: 134
Message: NtpClient failed to set a manual peer to use as a time source due to a DNS resolution error on " time.windows.com,0x9 ". NtpClient will retry in 15 minutes, and again once double the retry interval has elapsed. The error was: Unknown host. (0x80072AF9)
Record Number: 12
Source Name: Microsoft-Windows-Time-Service
Time Written: 20090625154456.000000-000
Event Type: Warning
User:

Computer Name: 26L2233B1-13
Event Code: 15016
Message: Failed to initialize the Kerberos security package for server-side authentication. The data field contains the error number.
Record Number: 11
Source Name: Microsoft-Windows-HttpEvent
Time Written: 20090625154450.629808-000
Event Type: Error
User:

Computer Name: 26L2233B1-13
Event Code: 263
Message: The 'ShellHWDetection' service may not have canceled its registration for device event notifications before it stopped.
Record Number: 10
Source Name: PlugPlayManager
Time Written: 20090625154450.000000-000
Event Type: Warning
User:

=====Application event log=====

Computer Name: TheSoulPlace
Event Code: 1534
Message: Failed to notify the event Delete profile for component {DE3F3560-3032-41B4-B6CF-F703B1B95640}. The error code is -2147024875.

Record Number: 35
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20090625160226.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: TheSoulPlace
Event Code: 2
Message: Failed to remove the data indexed by the Windows Search service for user 'TheSoulPlace\Administrator' after the user profile was deleted. Error code 0x80070015.

The device is not ready.
.
Record Number: 34
Source Name: Microsoft-Windows-Search-ProfileNotify
Time Written: 20090625160226.000000-000
Event Type: Error
User:

Computer Name: TheSoulPlace
Event Code: 10
Message: The event filter with the query “ SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99 ” could not be reactivated in the namespace “ //./root/CIMV2 ” due to error 0x80041003. Events cannot be delivered through this filter until the problem is resolved.
Record Number: 25
Source Name: Microsoft-Windows-WMI
Time Written: 20090625160205.000000-000
Event Type: Error
User:

Computer Name: TheSoulPlace
Event Code: 1008
Message: Windows Search service is attempting to delete the old catalog.

Record Number: 22
Source Name: Microsoft-Windows-Search
Time Written: 20090625160156.000000-000
Event Type: Warning
User:

Computer Name: 26L2233B1-13
Event Code: 1036
Message: Failed to InitializePrintProvider for provider inetpp.dll. This can occur as a result of system instability or insufficient system resources.
Record Number: 13
Source Name: Microsoft-Windows-SpoolerSpoolss
Time Written: 20090625154630.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

=====Security event log=====

Computer Name: 26L2233B1-13
Event Code: 4648
Message: Attempted logon using explicit credentials.

Subject:
Security ID: S-1-5-18
Account Name: 26L2233B1-13$
Account Domain: WORKGROUP
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Account whose credentials were used:
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon GUID: {00000000-0000-0000-0000-000000000000}

Target Server:
Target Server Name: localhost
Additional Information: localhost

Process Information:
Process ID: 0x230
Process Name: C:\Windows\System32\services.exe

Network Information:
Network Address: -
Port: -

This event is generated when a process attempts to log on for an account by explicitly specifying the credentials for that account. This occurs most often in batch configurations such as scheduled tasks or with the use of the RUNAS command.
Record Number: 5
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090625154416.169187-000
Event Type: Audit Success
User:

Computer Name: 26L2233B1-13
Event Code: 4902
Message: The user audit policy table has been created.

Number of items: 0
ID of the policy: 0xf172a
Record Number: 4
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090625154405.046316-000
Event Type: Audit Success
User:

Computer Name: 26L2233B1-13
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-0-0
Account Name: -
Account Domain: -
Logon ID: 0x0

Logon Type: 0

New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x4
Process Name:

Network Information:
Workstation Name: -
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: -
Authentication Package: -
Transport Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon is created. It is generated on the computer on which the logon was performed.

The Object field indicates the account on the local system that requested the logon. This is most often a service, such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The Logon Type field indicates the type of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon field indicates the account for which the new logon was created, such as the account that logged on.

The Network fields indicate where a remote logon request originated. The workstation name may not always be available and could be left blank in some cases.

The Authentication Information fields provide details about this specific logon request.
- The Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- The Transport Services indicate the intermediary services that were involved in this logon request.
- The Package Name indicates which sub-protocol was used among the NTLM protocols.
- The Key Length indicates the length of the generated session key. It has a value of 0 if no session key was requested.
Record Number: 3
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090625154401.723495-000
Event Type: Audit Success
User:

Computer Name: 26L2233B1-13
Event Code: 4608
Message: Windows is starting.

This event is logged when LSASS.EXE starts and the audit subsystem is initialized.
Record Number: 2
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090625154401.692294-000
Event Type: Audit Success
User:

Computer Name: 26L2233B1-13
Event Code: 4634
Message: An account session has been closed.

Subject:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Account ID: 0x1f2f0

Logon Type: 3

This event is generated when an open session is deleted. It can be associated with a...
0
Answer 6 / 6
PaulWeller
 
And here is the log:

Logfile of random's system information tool 1.06 (written by random/random)
Run by TheSoul at 2009-07-01 13:58:20
Microsoft® Windows Vista™ Home Premium Edition Service Pack 2
System drive C: has 11 GB (8%) free of 141 GB
Total RAM: 2037 MB (66% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:58:26, on 01/07/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\TheSoul\Downloads\RSIT(2).exe
C:\Program Files\Trend Micro\HijackThis\TheSoul.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Assistant Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 3855 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Assistant Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-02-11 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-02-11 166424]
"Persistence"=C:\Windows\system32\igfxpers.exe [2008-02-11 133656]
"nod32kui"=C:\Program Files\Eset\nod32kui.exe [2009-06-25 949376]
"QlbCtrl"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2007-12-06 202032]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2008-02-11 204800]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 2 months======

2009-07-01 13:58:20 ----D---- C:\rsit
2009-07-01 13:54:14 ----D---- C:\Program Files\Trend Micro
2009-06-30 06:28:57 ----D---- C:\ProgramData\Adobe
2009-06-30 06:28:14 ----D---- C:\Program Files\Common Files\Adobe
2009-06-30 06:28:14 ----D---- C:\Program Files\Adobe
2009-06-29 16:21:36 ----D---- C:\Windows\system32\eu-ES
2009-06-29 16:21:36 ----D---- C:\Windows\system32\ca-ES
2009-06-29 16:21:30 ----D---- C:\Windows\system32\vi-VN
2009-06-29 04:57:34 ----D---- C:\Windows\system32\EventProviders
2009-06-29 04:46:00 ----A---- C:\Windows\system32\NlsLexicons0007.dll
2009-06-29 04:45:50 ----A---- C:\Windows\system32\SLCExt.dll
2009-06-29 04:45:48 ----A---- C:\Windows\system32\SLsvc.exe
2009-06-29 04:45:42 ----A---- C:\Windows\system32\FunctionDiscoveryFolder.dll
2009-06-29 04:45:42 ----A---- C:\Windows\system32\DevicePairingWizard.exe
2009-06-29 04:45:37 ----A---- C:\Windows\system32\NlsLexicons0009.dll
2009-06-29 04:45:30 ----A---- C:\Windows\system32\mssrch.dll
2009-06-29 04:45:26 ----A---- C:\Windows\system32\tquery.dll
2009-06-29 04:45:24 ----A---- C:\Windows\system32\PresentationNative_v0300.dll
2009-06-29 04:45:23 ----A---- C:\Windows\system32\lsasrv.dll
2009-06-29 04:45:22 ----A---- C:\Windows\system32\RMActivate_isv.exe
2009-06-29 04:45:21 ----A---- C:\Windows\system32\scavenge.dll
2009-06-29 04:45:21 ----A---- C:\Windows\system32\RMActivate.exe
2009-06-29 04:45:18 ----A---- C:\Windows\system32\msi.dll
2009-06-29 04:45:17 ----A---- C:\Windows\system32\imapi2fs.dll
2009-06-29 04:45:15 ----A---- C:\Windows\system32\WscEapPr.dll
2009-06-29 04:45:15 ----A---- C:\Windows\system32\secproc_isv.dll
2009-06-29 04:45:14 ----A---- C:\Windows\system32\wcnwiz2.dll
2009-06-29 04:45:14 ----A---- C:\Windows\system32\sysmain.dll
2009-06-29 04:45:10 ----A---- C:\Windows\system32\icardagt.exe
2009-06-29 04:45:09 ----A---- C:\Windows\system32\mf.dll
2009-06-29 04:45:08 ----A---- C:\Windows\system32\EhStorShell.dll
2009-06-29 04:45:08 ----A---- C:\Windows\system32\AuxiliaryDisplayCpl.dll
2009-06-29 04:45:06 ----A---- C:\Windows\system32\spreview.exe
2009-06-29 04:45:06 ----A---- C:\Windows\system32\spinstall.exe
2009-06-29 04:45:05 ----A---- C:\Windows\system32\drmv2clt.dll
2009-06-29 04:45:02 ----A---- C:\Windows\system32\spwizui.dll
2009-06-29 04:45:02 ----A---- C:\Windows\system32\mcupdate_GenuineIntel.dll
2009-06-29 04:45:01 ----A---- C:\Windows\system32\shell32.dll
2009-06-29 04:45:01 ----A---- C:\Windows\system32\secproc.dll
2009-06-29 04:44:59 ----A---- C:\Windows\system32\SearchIndexer.exe
2009-06-29 04:44:59 ----A---- C:\Windows\system32\p2psvc.dll
2009-06-29 04:44:58 ----A---- C:\Windows\system32\mssvp.dll
2009-06-29 04:44:57 ----A---- C:\Windows\system32\mscoree.dll
2009-06-29 04:44:56 ----A---- C:\Windows\system32\mssphtb.dll
2009-06-29 04:44:56 ----A---- C:\Windows\system32\mssph.dll
2009-06-29 04:44:56 ----A---- C:\Windows\system32\MSMPEG2VDEC.DLL
2009-06-29 04:44:55 ----A---- C:\Windows\system32\imapi2.dll
2009-06-29 04:44:54 ----A---- C:\Windows\system32\sdohlp.dll
2009-06-29 04:44:51 ----A---- C:\Windows\system32\ntkrnlpa.exe
2009-06-29 04:44:50 ----A---- C:\Windows\system32\esent.dll
2009-06-29 04:44:49 ----A---- C:\Windows\system32\IMJP10K.DLL
2009-06-29 04:44:48 ----A---- C:\Windows\system32\DevicePairing.dll
2009-06-29 04:44:46 ----A---- C:\Windows\system32\sperror.dll
2009-06-29 04:44:45 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2009-06-29 04:44:45 ----A---- C:\Windows\system32\korwbrkr.dll
2009-06-29 04:44:44 ----A---- C:\Windows\system32\wevtsvc.dll
2009-06-29 04:44:44 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2009-06-29 04:44:43 ----A---- C:\Windows\system32\IasMigReader.exe
2009-06-29 04:44:42 ----A---- C:\Windows\system32\SLC.dll
2009-06-29 04:44:42 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2009-06-29 04:44:41 ----A---- C:\Windows\system32\wmp.dll
2009-06-29 04:44:41 ----A---- C:\Windows\system32\msshsq.dll
2009-06-29 04:44:38 ----A---- C:\Windows\system32\WMVCORE.DLL
2009-06-29 04:44:37 ----A---- C:\Windows\system32\msjet40.dll
2009-06-29 04:44:36 ----A---- C:\Windows\system32\MPSSVC.dll
2009-06-29 04:44:33 ----A---- C:\Windows\system32\ntoskrnl.exe
2009-06-29 04:44:32 ----A---- C:\Windows\system32\msxml6.dll
2009-06-29 04:44:30 ----A---- C:\Windows\system32\Query.dll
2009-06-29 04:44:29 ----A---- C:\Windows\system32\qmgr.dll
2009-06-29 04:44:27 ----A---- C:\Windows\system32\msexch40.dll
2009-06-29 04:44:27 ----A---- C:\Windows\system32\diagperf.dll
2009-06-29 04:44:26 ----A---- C:\Windows\system32\P2PGraph.dll
2009-06-29 04:44:25 ----A---- C:\Windows\system32\ole32.dll
2009-06-29 04:44:25 ----A---- C:\Windows\system32\ntdll.dll
2009-06-29 04:44:23 ----A---- C:\Windows\system32\srchadmin.dll
2009-06-29 04:44:23 ----A---- C:\Windows\system32\msxml3.dll
2009-06-29 04:44:22 ----A---- C:\Windows\system32\winload.exe
2009-06-29 04:44:20 ----A---- C:\Windows\system32\mblctr.exe
2009-06-29 04:44:19 ----A---- C:\Windows\system32\EncDec.dll
2009-06-29 04:44:17 ----A---- C:\Windows\system32\uDWM.dll
2009-06-29 04:44:16 ----A---- C:\Windows\system32\mmc.exe
2009-06-29 04:44:14 ----A---- C:\Windows\system32\IasMigPlugin.dll
2009-06-29 04:44:14 ----A---- C:\Windows\system32\dfsr.exe
2009-06-29 04:44:13 ----A---- C:\Windows\system32\riched20.dll
2009-06-29 04:44:12 ----A---- C:\Windows\system32\RacEngn.dll
2009-06-29 04:44:12 ----A---- C:\Windows\system32\fdBth.dll
2009-06-29 04:44:09 ----A---- C:\Windows\system32\kernel32.dll
2009-06-29 04:44:08 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2009-06-29 04:44:08 ----A---- C:\Windows\system32\SearchFilterHost.exe
2009-06-29 04:44:07 ----A---- C:\Windows\system32\milcore.dll
2009-06-29 04:44:07 ----A---- C:\Windows\system32\EhStorAPI.dll
2009-06-29 04:44:07 ----A---- C:\Windows\system32\CertEnroll.dll
2009-06-29 04:44:06 ----A---- C:\Windows\system32\spoolss.dll
2009-06-29 04:44:06 ----A---- C:\Windows\system32\schedsvc.dll
2009-06-29 04:44:05 ----A---- C:\Windows\system32\NaturalLanguage6.dll
2009-06-29 04:44:03 ----A---- C:\Windows\system32\msjtes40.dll
2009-06-29 04:44:03 ----A---- C:\Windows\system32\AuxiliaryDisplayDriverLib.dll
2009-06-29 04:44:02 ----A---- C:\Windows\system32\msvcp60.dll
2009-06-29 04:44:02 ----A---- C:\Windows\system32\infocardapi.dll
2009-06-29 04:44:02 ----A---- C:\Windows\system32\gpedit.dll
2009-06-29 04:43:54 ----A---- C:\Windows\system32\WinSAT.exe
2009-06-29 04:43:53 ----A---- C:\Windows\system32\es.dll
2009-06-29 04:43:52 ----A---- C:\Windows\system32\PresentationSettings.exe
2009-06-29 04:43:52 ----A---- C:\Windows\system32\Magnify.exe
2009-06-29 04:43:51 ----A---- C:\Windows\system32\mstext40.dll
2009-06-29 04:43:51 ----A---- C:\Windows\system32\AuxiliaryDisplayServices.dll
2009-06-29 04:43:51 ----A---- C:\Windows\system32\advapi32.dll
2009-06-29 04:43:46 ----A---- C:\Windows\system32\WMPhoto.dll
2009-06-29 04:43:46 ----A---- C:\Windows\system32\WebClnt.dll
2009-06-29 04:43:46 ----A---- C:\Windows\system32\slwmi.dll
2009-06-29 04:43:46 ----A---- C:\Windows\system32\msexcl40.dll
2009-06-29 04:43:45 ----A---- C:\Windows\system32\WindowsAnytimeUpgradeCPL.dll
2009-06-29 04:43:45 ----A---- C:\Windows\system32\msxbde40.dll
2009-06-29 04:43:45 ----A---- C:\Windows\system32\comsvcs.dll
2009-06-29 04:43:44 ----A---- C:\Windows\system32\vssapi.dll
2009-06-29 04:43:43 ----A---- C:\Windows\system32\authui.dll
2009-06-29 04:43:42 ----A---- C:\Windows\system32\mstscax.dll
2009-06-29 04:43:41 ----A---- C:\Windows\system32\NetProjW.dll
2009-06-29 04:43:40 ----A---- C:\Windows\system32\PresentationHost.exe
2009-06-29 04:43:40 ----A---- C:\Windows\system32\msrepl40.dll
2009-06-29 04:43:39 ----A---- C:\Windows\system32\newdev.dll
2009-06-29 04:43:38 ----A---- C:\Windows\system32\propsys.dll
2009-06-29 04:43:38 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-06-29 04:43:37 ----A---- C:\Windows\system32\iasrecst.dll
2009-06-29 04:43:37 ----A---- C:\Windows\system32\gpsvc.dll
2009-06-29 04:43:36 ----A---- C:\Windows\system32\eudcedit.exe
2009-06-29 04:43:36 ----A---- C:\Windows\system32\crypt32.dll
2009-06-29 04:43:34 ----A---- C:\Windows\explorer.exe
2009-06-29 04:43:32 ----A---- C:\Windows\system32\setupapi.dll
2009-06-29 04:43:32 ----A---- C:\Windows\system32\rpcss.dll
2009-06-29 04:43:31 ----A---- C:\Windows\system32\mspbde40.dll
2009-06-29 04:43:30 ----A---- C:\Windows\system32\d3d9.dll
2009-06-29 04:43:29 ----A---- C:\Windows\system32\davclnt.dll
2009-06-29 04:43:28 ----A---- C:\Windows\system32\msltus40.dll
2009-06-29 04:43:28 ----A---- C:\Windows\system32\mfc42.dll
2009-06-29 04:43:27 ----A---- C:\Windows\system32\shlwapi.dll
2009-06-29 04:43:27 ----A---- C:\Windows\system32\msrd3x40.dll
2009-06-29 04:43:27 ----A---- C:\Windows\system32\EhStorPwdMgr.dll
2009-06-29 04:43:27 ----A---- C:\Windows\system32\EhStorAuthn.dll
2009-06-29 04:43:26 ----A---- C:\Windows\system32\msdtctm.dll
2009-06-29 04:43:26 ----A---- C:\Windows\system32\browseui.dll
2009-06-29 04:43:25 ----A---- C:\Windows\system32\wevtapi.dll
2009-06-29 04:43:24 ----A---- C:\Windows\system32\photowiz.dll
2009-06-29 04:43:24 ----A---- C:\Windows\system32\nlhtml.dll
2009-06-29 04:43:21 ----A---- C:\Windows\system32\user32.dll
2009-06-29 04:43:20 ----A---- C:\Windows\system32\samsrv.dll
2009-06-29 04:43:20 ----A---- C:\Windows\system32\ci.dll
2009-06-29 04:43:19 ----A---- C:\Windows\system32\quartz.dll
2009-06-29 04:43:18 ----A---- C:\Windows\system32\win32spl.dll
2009-06-29 04:43:18 ----A---- C:\Windows\system32\WcnNetsh.dll
2009-06-29 04:43:18 ----A---- C:\Windows\system32\SLCommDlg.dll
2009-06-29 04:43:17 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2009-06-29 04:43:17 ----A---- C:\Windows\system32\oleaut32.dll
2009-06-29 04:43:17 ----A---- C:\Windows\system32\kerberos.dll
2009-06-29 04:43:16 ----A---- C:\Windows\system32\msv1_0.dll
2009-06-29 04:43:16 ----A---- C:\Windows\system32\IKEEXT.DLL
2009-06-29 04:43:15 ----A---- C:\Windows\system32\netshell.dll
2009-06-29 04:43:15 ----A---- C:\Windows\system32\compcln.exe
2009-06-29 04:43:14 ----A---- C:\Windows\system32\apds.dll
2009-06-29 04:43:13 ----A---- C:\Windows\system32\winhttp.dll
2009-06-29 04:43:13 ----A---- C:\Windows\system32\mswstr10.dll
2009-06-29 04:43:12 ----A---- C:\Windows\system32\xmlfilter.dll
2009-06-29 04:43:12 ----A---- C:\Windows\system32\audiosrv.dll
2009-06-29 04:43:11 ----A---- C:\Windows\system32\msctf.dll
2009-06-29 04:43:11 ----A---- C:\Windows\system32\emdmgmt.dll
2009-06-29 04:43:08 ----A---- C:\Windows\system32\QAGENTRT.DLL
2009-06-29 04:43:08 ----A---- C:\Windows\system32\msvcrt.dll
2009-06-29 04:43:08 ----A---- C:\Windows\system32\gdi32.dll
2009-06-29 04:43:06 ----A---- C:\Windows\system32\VSSVC.exe
2009-06-29 04:43:05 ----A---- C:\Windows\system32\mfc42u.dll
2009-06-29 04:43:05 ----A---- C:\Windows\system32\iphlpsvc.dll
2009-06-29 04:43:04 ----A---- C:\Windows\system32\SLUI.exe
2009-06-29 04:43:03 ----A---- C:\Windows\system32\sqlsrv32.dll
2009-06-29 04:43:03 ----A---- C:\Windows\system32\msrd2x40.dll
2009-06-29 04:43:03 ----A---- C:\Windows\system32\eapphost.dll
2009-06-29 04:43:00 ----A---- C:\Windows\system32\propdefs.dll
2009-06-29 04:43:00 ----A---- C:\Windows\system32\odbc32.dll
2009-06-29 04:42:59 ----A---- C:\Windows\system32\winresume.exe
2009-06-29 04:42:57 ----A---- C:\Windows\system32\shdocvw.dll
2009-06-29 04:42:55 ----A---- C:\Windows\system32\dbgeng.dll
2009-06-29 04:42:54 ----A---- C:\Windows\system32\wevtutil.exe
2009-06-29 04:42:53 ----A---- C:\Windows\system32\mssitlb.dll
2009-06-29 04:42:51 ----A---- C:\Windows\system32\WsmSvc.dll
2009-06-29 04:42:50 ----A---- C:\Windows\system32\swprv.dll
2009-06-29 04:42:50 ----A---- C:\Windows\system32\mmcndmgr.dll
2009-06-29 04:42:49 ----A---- C:\Windows\system32\usp10.dll
2009-06-29 04:42:47 ----A---- C:\Windows\system32\vds.exe
2009-06-29 04:42:45 ----A---- C:\Windows\system32\netlogon.dll
2009-06-29 04:42:45 ----A---- C:\Windows\system32\msctfp.dll
2009-06-29 04:42:45 ----A---- C:\Windows\system32\fdBthProxy.dll
2009-06-29 04:42:45 ----A---- C:\Windows\system32\drvinst.exe
2009-06-29 04:42:45 ----A---- C:\Windows\system32\devmgr.dll
2009-06-29 04:42:44 ----A---- C:\Windows\system32\msscb.dll
2009-06-29 04:42:44 ----A---- C:\Windows\system32\DevicePairingProxy.dll
2009-06-29 04:42:44 ----A---- C:\Windows\system32\BFE.DLL
2009-06-29 04:42:44 ----A---- C:\Windows\system32\adsldpc.dll
2009-06-29 04:42:43 ----A---- C:\Windows\system32\schannel.dll
2009-06-29 04:42:42 ----A---- C:\Windows\system32\wcnwiz.dll
2009-06-29 04:42:42 ----A---- C:\Windows\system32\evr.dll
2009-06-29 04:42:41 ----A---- C:\Windows\system32\WSDApi.dll
2009-06-29 04:42:41 ----A---- C:\Windows\system32\WMVSDECD.DLL
2009-06-29 04:42:41 ----A---- C:\Windows\system32\Wldap32.dll
2009-06-29 04:42:41 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2009-06-29 04:42:40 ----A---- C:\Windows\system32\WindowsCodecs.dll
2009-06-29 04:42:39 ----A---- C:\Windows\system32\services.exe
2009-06-29 04:42:38 ----A---- C:\Windows\system32\wercon.exe
2009-06-29 04:42:37 ----A---- C:\Windows\system32\mimefilt.dll
2009-06-29 04:42:37 ----A---- C:\Windows\system32\comdlg32.dll
2009-06-29 04:42:37 ----A---- C:\Windows\system32\adtschema.dll
2009-06-29 04:42:36 ----A---- C:\Windows\system32\wcncsvc.dll
2009-06-29 04:42:35 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2009-06-29 04:42:35 ----A---- C:\Windows\system32\certcli.dll
2009-06-29 04:42:34 ----A---- C:\Windows\system32\msdtcprx.dll
2009-06-29 04:42:34 ----A---- C:\Windows\system32\msdrm.dll
2009-06-29 04:42:33 ----A---- C:\Windows\system32\taskeng.exe
2009-06-29 04:42:33 ----A---- C:\Windows\system32\mswdat10.dll
2009-06-29 04:42:33 ----A---- C:\Windows\system32\msjter40.dll
2009-06-29 04:42:33 ----A---- C:\Windows\system32\ipsmsnap.dll
2009-06-29 04:42:32 ----A---- C:\Windows\system32\umpnpmgr.dll
2009-06-29 04:42:32 ----A---- C:\Windows\system32\rtffilt.dll
2009-06-29 04:42:32 ----A---- C:\Windows\system32\reg.exe
2009-06-29 04:42:32 ----A---- C:\Windows\system32\dnsapi.dll
2009-06-29 04:42:31 ----A---- C:\Windows\system32\certutil.exe
2009-06-29 04:42:30 ----A---- C:\Windows\system32\WMNetMgr.dll
2009-06-29 04:42:29 ----A---- C:\Windows\system32\w32time.dll
2009-06-29 04:42:29 ----A---- C:\Windows\system32\IPSECSVC.DLL
2009-06-29 04:42:27 ----A---- C:\Windows\system32\msshooks.dll
2009-06-29 04:42:27 ----A---- C:\Windows\system32\msscntrs.dll
2009-06-29 04:42:27 ----A---- C:\Windows\system32\bcrypt.dll
2009-06-29 04:42:26 ----A---- C:\Windows\system32\rsaenh.dll
2009-06-29 04:42:26 ----A---- C:\Windows\system32\bthserv.dll
2009-06-29 04:42:25 ----A---- C:\Windows\system32\msihnd.dll
2009-06-29 04:42:24 ----A---- C:\Windows\system32\TsWpfWrp.exe
2009-06-29 04:42:24 ----A---- C:\Windows\system32\msstrc.dll
2009-06-29 04:42:24 ----A---- C:\Windows\system32\MMDevAPI.dll
2009-06-29 04:42:21 ----A---- C:\Windows\system32\inetcomm.dll
2009-06-29 04:42:21 ----A---- C:\Windows\system32\dfshim.dll
2009-06-29 04:42:20 ----A---- C:\Windows\system32\netapi32.dll
2009-06-29 04:42:20 ----A---- C:\Windows\system32\mtxclu.dll
0
Anonymous user
 
Hello

Nothing special.
It's the exe file of Emule.
If you want to disinfect it, you'll have to uninstall Emule.

See you later
--
We've all been beginners at something at one time.
But knowledge is the reward for diligence.
0