View original (French)

Attrib.exe infected with win32/Heur?

zemob -  
 zemob -
Hello,

A few weeks ago, I suffered a pretty massive infection, the first one in years!! AVG detected Getprimo.exe, pridl.exe, b2e.dll, etc... It prevented me, among other things, from accessing avg.com and many other disinfection-related sites. Without hesitation, my PC needed it, I reformatted, I reinstalled XP.
It's been less than a month since I reinstalled and it's started again!! Same symptoms: porn site icons on my desktop like youporn, pornotube, all that, ad pop-ups, inaccessible sites, AVG updates impossible.
A run with Hijackthis allowed me to remove a lot of things, a little tour in the registry helped me remove some others. But a few annoying symptoms persist:

- I still can't access certain sites (avg.com, grisoft.com, malwarebytes' site, etc.)
- AVG consequently cannot update
- AVG reports that attrib.exe is infected by win32/Heur but cannot fix the infection.

If someone can help me, I would be eternally grateful!!
Thanks in advance!
Configuration: Windows XP Firefox 3.5.1

7 réponses

Réponse 1 / 7
Trying2 Posted messages 7751 Registration date   Status Contributeur sécurité Last intervention   236
 
Hello,

*Download and install UsbFix from C_XX & Chiquitine29.

*Connect your external data sources to your PC (USB stick, external hard drive, etc...) that may have been infected without opening them.

*Double click on the UsbFix shortcut on your desktop.

*Choose option 1 (Scan)

*Let the tool work.

*Then post the UsbFix.txt report that will appear in your next message.

Note: The UsbFix.txt report is saved in the root of the disk. (C:\UsbFix.txt)
"Process.exe", a component of the tool, is detected by some antivirus software (AntiVir, Dr.Web, Kaspersky Anti-Virus) as a RiskTool. It is not a virus, but a utility designed to terminate processes. In the wrong hands, this utility could stop security software (Antivirus, Firewall...) hence the alert issued by these antivirus programs.
0
Réponse 2 / 7
zemob
 
Hello and thank you for taking care of my case :)

Here is the UsbFix report: (E: and F: are 2 USB drives)

############################## | UsbFix V6.012 |

User: Mob (Administrators) # MAISON-3FCF8D95
Update on 01/08/09 by Chiquitine29 & C_XX
Start at: 17:04:50 | 02/08/2009
Website: http://pagesperso-orange.fr/NosTools/index.html

AMD Athlon(tm) 64 X2 Dual Core Processor 5000+
Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status: Disabled
AV: AVG Anti-Virus Free 8.5 [ Enabled | Updated ]
FW: ZoneAlarm Firewall [ Enabled ] 7.0.483.000

C:\ -> Local fixed disk # 465.75 Go (221.32 Go free) # NTFS
D:\ -> CD-ROM drive
E:\ -> Local fixed disk # 149.05 Go (10.31 Go free) [photos] # NTFS
F:\ -> Local fixed disk # 465.65 Go (39.34 Go free) [My Passport] # FAT32

############################## | Active processes |

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\NETGEAR\WN111\wn111.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SABnzbd\SABnzbd.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\SABnzbd\win\par2\par2.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## | Infectious files # Folders |

################## | Other |

Suspect! E:\totalcmd\TOTALCMD.EXE
Suspect! F:\Mame\mame.exe
Suspect! F:\Mame\mame0132b.exe
Suspect! F:\Mame\MameUI32.exe
Suspect! F:\Mala\MaLa.exe
Suspect! F:\Mala\MalaAttractMode.exe
Suspect! F:\Mala\MalaGamelist.exe
Suspect! F:\Mala\MalaLayout.exe
Suspect! F:\Mala\MaLaLayoutConverter.exe
Suspect! F:\Mala\MalaTree.exe

################## | Registry # Infectious Run Keys |

################## | Registry # Mountpoints2 |

################## | Cracks / Keygens / Serials |

################## | ! End of report # UsbFix V6.012 ! |
0
Trying2 Posted messages 7751 Registration date   Status Contributeur sécurité Last intervention   236
 
1/ Do you have the MBAM report?

If it found anything, could you post that report for me please?


2/ Do you know which files were detected as suspicious by UsbFix?
I’m looking for information on them.


3/ I may have gone down the wrong path (the story about AVG not updating...).
Did you have any problems before with it updating?
Is it not a configuration problem with Zone Alarm?
Have you tried updating while disabling ZA?


4/ - Download Random's System Information Tool (RSIT) (by random/random) to your Desktop.

- Double-click on RSIT.exe to launch the program.

- Click on Continue on the Disclaimer screen.

- If the updated HijackThis tool is not present or not detected on the computer, RSIT will download it (allow access in your firewall if prompted) and you will need to accept the license.

- When the scan is complete, two text files will open. Post the contents of log.txt (the one that appears on the screen) as well as info.txt (which you will see in the taskbar) in two different messages.
0
Réponse 3 / 7
zemob
 
1/ MBAM hasn't finished yet, I'll post this when it's done.

2/ Yes, I know the suspicious programs (which doesn't mean they aren't infected, I suppose)

TOTCMD is the executable of Total Commander, a file manager that I use every day.
The Mame are executables of MAME, an arcade game emulator.
MALA is a graphical interface for MAME.

3/ I installed Zone Alarm earlier, after having problems updating AVG. I allowed all AVG components to pass through the firewall. I've just tried to disable ZA anyway. The AVG update still isn't taking place.

4/ I'm doing that and I'll post this later with the result of MBAM

Thanks again for your help!
Fred
0
Trying2 Posted messages 7751 Registration date   Status Contributeur sécurité Last intervention   236
 
Okay, I'm waiting for your 3 reports (2 from Rsit and the one from MBAM).

It might seem a bit strange, but thank you for taking the time to read my questions and for responding so clearly.
It’s becoming rare to be able to communicate and understand each other ^^.
0
Réponse 4 / 7
zemob
 
Well, usually I'm the one who helps my friends and family with their computers, so I try to be as clear as I’d like them to be with me ;). Anyway, it’s really cool of you to take the time to help me!

While waiting to launch RSIT, here is the MBAM report. It’s not great, how did I catch all this s*$£$*§ies!? Should I clean it with MBAM or exit without modifying anything?

Malwarebytes' Anti-Malware 1.39
Database version: 2421
Windows 5.1.2600 Service Pack 3

02/08/2009 19:10:30
mbam-log-2009-08-02 (19-10-22).txt

Scan type: Full scan (C:\|)
Items scanned: 234487
Time elapsed: 2 hour(s), 22 minute(s), 35 second(s)

Infected memory processes: 0
Infected memory modules: 1
Infected Registry key(s): 7
Infected Registry value(s): 0
Infected Registry data item(s): 0
Infected folder(s): 5
Infected file(s): 6

Infected memory processes:
(No harmful items detected)

Infected memory modules:
C:\Program Files\Mozilla Firefox\components\WWShow.dll (Trojan.Agent) -> No action taken.

Infected Registry key(s):
HKEY_CLASSES_ROOT\mjcore.mjcore (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\mjcore.mjcore.1 (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{17e44256-51e0-4d46-a0c8-44e80ab4ba5b} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{e0f01490-dcf3-4357-95aa-169a8c2b2190} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{80ef304a-b1c4-425c-8535-95ab6f1eefb8} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Protection System (Rogue.ProtectionSystem) -> No action taken.
HKEY_CLASSES_ROOT\AppID\MJCore.dll (Trojan.BHO) -> No action taken.

Infected Registry value(s):
(No harmful items detected)

Infected Registry data item(s):
(No harmful items detected)

Infected folder(s):
C:\Documents and Settings\Mob\Application Data\digifast (Trojan.Agent) -> No action taken.
C:\Program Files\WWShow (Trojan.Agent) -> No action taken.
C:\Program Files\Protection System (Rogue.ProtectionSystem) -> No action taken.
C:\Documents and Settings\Mob\Application Data\pridl (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Mob\Application Data\cft (Trojan.Downloader) -> No action taken.

Infected file(s):
c:\documents and settings\Mob\local settings\temporary internet files\Content.IE5\6D5N1Y5H\152[1].net (Trojan.Dropper) -> No action taken.
c:\documents and settings\Mob\mes documents\téléchargements\backups\backup-20090802-134344-966.dll (Trojan.BHO) -> No action taken.
c:\system volume information\_restore{7c991980-aa56-436b-8c26-37ab56631f5f}\RP21\A0002229.dll (Trojan.BHO) -> No action taken.
c:\documents and settings\Mob\application data\digifast\config.cfg (Trojan.Agent) -> No action taken.
C:\Program Files\Mozilla Firefox\components\WWShow.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\sc.exe (Trojan.FakeAlert) -> No action taken.
0
Trying2 Posted messages 7751 Registration date   Status Contributeur sécurité Last intervention   236
 
You can quarantine and delete.

Post the Rsit reports.
0
Réponse 5 / 7
zemob
 
I had to download RSIT with another machine, since apparently, access to the site in question was also blocked...
Here is the report:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Mob at 2009-08-02 19:35:00
Microsoft Windows XP Professional Service Pack 3
System drive C: has 221 GB (46%) free of 477 GB
Total RAM: 2047 MB (74% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:35:16, on 02/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\NETGEAR\WN111\wn111.exe
C:\WINDOWS\system32\wuauclt.exe
E:\RSIT.exe
C:\Program Files\trend micro\Mob.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Links
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: NETGEAR WN111 Smart Wizard.lnk = C:\Program Files\NETGEAR\WN111\wn111.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 4199 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-07-22 1111320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-22 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-22 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"nwiz"=C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [2009-07-09 1657376]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-07-14 13877248]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-07-14 86016]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-07-22 1948440]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-22 148888]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2008-07-09 919016]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
NETGEAR WN111 Smart Wizard.lnk - C:\Program Files\NETGEAR\WN111\wn111.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-07-22 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-26 190976]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\BitTornado\btdownloadgui.exe"="C:\Program Files\BitTornado\btdownloadgui.exe:*:Enabled:btdownloadgui"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Tools\totalcmd\TOTALCMD.EXE"="C:\Tools\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\Tools\KompoZer 0.7.10\kompozer.exe"="C:\Tools\KompoZer 0.7.10\kompozer.exe:*:Enabled:Composer"
"C:\WINDOWS\Temp\VRT1E4.tmp"="C:\WINDOWS\Temp\VRT1E4.tmp:*:Disabled:installer"
"C:\WINDOWS\Temp\VRT3.tmp"="C:\WINDOWS\Temp\VRT3.tmp:*:Enabled:installer"
"\??\C:\WINDOWS\system32\winlogon.exe"="\??\C:\WINDOWS\system32\winlogon.exe:*:enabled:@shell32.dll,-1"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2009-08-02 19:35:01 ----D---- C:\Program Files\trend micro
2009-08-02 19:35:00 ----D---- C:\rsit
2009-08-02 19:33:18 ----A---- C:\UsbFix.txt
2009-08-02 19:10:30 ----A---- C:\mbam-log-2009-08-02 (19-10-22).txt
2009-08-02 16:58:45 ----D---- C:\UsbFix
2009-08-02 15:13:44 ----D---- C:\Documents and Settings\Mob\Application Data\Safer Networking
2009-08-02 15:12:38 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-08-02 15:12:38 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-02 15:09:25 ----D---- C:\Program Files\Safer Networking
2009-08-02 12:50:54 ----D---- C:\Documents and Settings\All Users\Application Data\MailFrontier
2009-08-02 12:50:32 ----A---- C:\WINDOWS\zllsputility_loc040c.dll
2009-08-02 12:50:32 ----A---- C:\WINDOWS\system32\imslsp_install_loc040c.dll
2009-08-02 12:50:32 ----A---- C:\WINDOWS\system32\imsinstall_loc040c.dll
2009-08-02 12:50:31 ----A---- C:\WINDOWS\system32\vsutil_loc040c.dll
2009-08-02 12:50:18 ----A---- C:\WINDOWS\zllsputility.exe
2009-08-02 12:50:17 ----A---- C:\WINDOWS\system32\SpOrder.dll
2009-08-02 12:49:37 ----A---- C:\WINDOWS\system32\libeay32_0.9.6l.dll
2009-08-02 12:49:35 ----A---- C:\WINDOWS\system32\vsregexp.dll
2009-08-02 12:49:08 ----A---- C:\WINDOWS\system32\zlcommdb.dll
2009-08-02 12:49:07 ----A---- C:\WINDOWS\system32\zlcomm.dll
2009-08-02 12:48:52 ----A---- C:\WINDOWS\system32\vswmi.dll
2009-08-02 12:48:42 ----A---- C:\WINDOWS\system32\zpeng24.dll
2009-08-02 12:48:40 ----A---- C:\WINDOWS\system32\vsxml.dll
2009-08-02 12:48:30 ----D---- C:\WINDOWS\system32\ZoneLabs
2009-08-02 12:48:30 ----D---- C:\Program Files\Zone Labs
2009-08-02 12:48:28 ----A---- C:\WINDOWS\system32\vspubapi.dll
2009-08-02 12:48:25 ----A---- C:\WINDOWS\system32\vsmonapi.dll
2009-08-02 12:47:47 ----D---- C:\WINDOWS\Internet Logs
2009-08-02 12:47:47 ----A---- C:\WINDOWS\system32\vsutil.dll
2009-08-02 12:47:47 ----A---- C:\WINDOWS\system32\vsinit.dll
2009-08-02 12:47:47 ----A---- C:\WINDOWS\system32\vsdata.dll
2009-08-01 00:31:59 ----D---- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2009-08-01 00:31:58 ----D---- C:\Program Files\DVD Shrink
2009-07-31 10:05:39 ----D---- C:\Documents and Settings\Mob\Application Data\vlc
2009-07-31 10:04:41 ----D---- C:\Program Files\VideoLAN
2009-07-30 10:58:50 ----A---- C:\WINDOWS\system32\CNMVS3g.DLL
2009-07-30 10:58:50 ----A---- C:\WINDOWS\system32\CNMLM3g.DLL
2009-07-30 10:58:42 ----A---- C:\WINDOWS\system32\CNMCP3G.EXE
2009-07-30 10:58:41 ----HD---- C:\BJPrinter
2009-07-29 22:29:59 ----D---- C:\Program Files\Alesis
2009-07-28 13:46:44 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-07-28 12:09:29 ----D---- C:\Documents and Settings\Mob\Application Data\REAPER
2009-07-28 01:17:57 ----HD---- C:\WINDOWS\PIF
2009-07-28 01:17:29 ----D---- C:\Documents and Settings\Mob\Application Data\KompoZer
2009-07-27 21:18:25 ----A---- C:\WINDOWS\system32\REX Shared Library.dll
2009-07-27 21:18:25 ----A---- C:\WINDOWS\system32\bconvert.dll
2009-07-27 21:18:05 ----A---- C:\WINDOWS\system32\NI_IRC_1_2.dll
2009-07-27 21:18:05 ----A---- C:\WINDOWS\system32\NI_DFD_1_5.dll
2009-07-27 21:17:19 ----D---- C:\Program Files\Common Files\Native Instruments
2009-07-27 21:17:08 ----D---- C:\Program Files\Native Instruments
2009-07-27 21:16:54 ----D---- C:\Audio
2009-07-27 20:57:02 ----D---- C:\WINDOWS\Downloaded Installations
2009-07-27 01:08:16 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2009-07-27 01:08:14 ----D---- C:\Program Files\QuickTime Alternative
2009-07-25 21:06:32 ----D---- C:\WINDOWS\CSC
2009-07-25 21:00:23 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2009-07-25 20:41:42 ----A---- C:\WINDOWS\system32\wgalogon.dll.old
2009-07-25 20:41:42 ----A---- C:\WINDOWS\system32\WgaLogon.dll
2009-07-25 20:41:41 ----A---- C:\WINDOWS\system32\wgatray.exe.old
2009-07-25 20:41:41 ----A---- C:\WINDOWS\system32\WgaTray.exe
2009-07-25 20:39:19 ----A---- C:\WINDOWS\ntbtlog.txt
2009-07-25 19:29:31 ----D---- C:\Documents and Settings\Mob\Application Data\Malwarebytes
2009-07-25 19:29:26 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-07-25 19:29:26 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-07-25 18:36:27 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-07-25 18:31:04 ----D---- C:\Program Files\Lavasoft
2009-07-25 18:31:04 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-07-24 21:53:30 ----D---- C:\temp
2009-07-24 21:52:13 ----A---- C:\WINDOWS\wcx_ftp.ini
2009-07-24 09:41:18 ----D---- C:\WINDOWS\ie8updates
2009-07-24 09:39:39 ----D---- C:\WINDOWS\WBEM
2009-07-24 09:37:48 ----HDC---- C:\WINDOWS\ie8
2009-07-24 09:34:23 ----A---- C:\WINDOWS\system32\MRT.exe
2009-07-24 03:03:05 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-07-24 03:03:01 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-07-24 03:02:57 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-07-24 03:02:53 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-07-24 03:02:50 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-07-24 03:02:46 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2009-07-24 03:02:36 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2009-07-24 03:02:31 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-07-24 03:02:28 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-07-24 03:02:24 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-07-24 03:02:14 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-07-24 03:02:07 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-07-24 03:02:01 ----HDC---- C:\WINDOWS\$NtUninstallKB969897$
2009-07-24 03:01:57 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-07-24 03:01:53 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-07-24 03:01:48 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-07-24 03:01:44 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-07-24 03:01:40 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-07-24 03:01:37 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-07-24 03:01:34 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-07-24 03:01:29 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-07-24 03:01:25 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-07-24 03:01:21 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2009-07-24 03:01:16 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2009-07-24 03:01:11 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-07-24 03:01:06 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-07-24 03:01:02 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-07-24 03:00:59 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-07-24 03:00:55 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-07-24 03:00:51 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-07-24 03:00:46 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$
2009-07-24 03:00:42 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-07-24 03:00:38 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-07-24 03:00:25 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-07-23 22:27:33 ----D---- C:\Documents and Settings\Mob\Application Data\ImgBurn
2009-07-23 22:07:06 ----D---- C:\Program Files\ImgBurn
2009-07-23 03:00:23 ----D---- C:\WINDOWS\system32\PreInstall
2009-07-23 03:00:22 ----N---- C:\WINDOWS\system32\spmsg.dll
2009-07-23 03:00:22 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2009-07-23 03:00:21 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2009-07-23 03:00:21 ----HD---- C:\WINDOWS\$hf_mig$
2009-07-23 00:12:50 ----A---- C:\WINDOWS\NeroDigital.ini
2009-07-23 00:12:48 ----D---- C:\Documents and Settings\Mob\Application Data\CyberLink
2009-07-23 00:12:44 ----D---- C:\Documents and Settings\All Users\Application Data\CyberLink
2009-07-23 00:11:40 ----D---- C:\Documents and Settings\Mob\Application Data\Thinstall
2009-07-22 22:47:16 ----D---- C:\Soundbank
2009-07-22 22:20:08 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2009-07-22 22:07:40 ----D---- C:\Games
2009-07-22 22:02:07 ----D---- C:\Documents and Settings\Mob\Application Data\Media Player Classic
2009-07-22 22:01:44 ----D---- C:\Documents and Settings\Mob\Application Data\WinRAR
2009-07-22 22:01:19 ----SHD---- C:\RECYCLER
2009-07-22 21:56:08 ----D---- C:\Program Files\Haali
2009-07-22 21:48:26 ----D---- C:\Program Files\Microsoft Works
2009-07-22 21:48:19 ----D---- C:\Program Files\Microsoft Visual Studio
2009-07-22 21:48:19 ----D---- C:\Program Files\Common Files\DESIGNER
2009-07-22 21:46:38 ----D---- C:\WINDOWS\SHELLNEW
2009-07-22 21:46:29 ----D---- C:\Program Files\Microsoft Office
2009-07-22 21:46:28 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-07-22 21:46:17 ----RHD---- C:\MSOCache
2009-07-22 21:45:14 ----A---- C:\WINDOWS\system32\TwnLib4.dll
2009-07-22 21:45:14 ----A---- C:\WINDOWS\system32\imagXRA7.dll
2009-07-22 21:45:14 ----A---- C:\WINDOWS\system32\imagXR7.dll
2009-07-22 21:45:14 ----A---- C:\WINDOWS\system32\imagXpr7.dll
2009-07-22 21:45:14 ----A---- C:\WINDOWS\system32\imagX7.dll
2009-07-22 21:45:12 ----D---- C:\Program Files\Nero
2009-07-22 21:45:12 ----D---- C:\Documents and Settings\All Users\Application Data\Nero
2009-07-22 21:45:11 ----D---- C:\Program Files\Common Files\Nero
2009-07-22 21:43:10 ----A---- C:\Documents and Settings\Mob\Application Data\inst.exe
2009-07-22 21:43:09 ----D---- C:\Documents and Settings\Mob\Application Data\Vso
2009-07-22 21:43:07 ----A---- C:\WINDOWS\system32\Pncrt.dll
2009-07-22 21:43:07 ----A---- C:\WINDOWS\system32\drv43260.dll
2009-07-22 21:43:07 ----A---- C:\WINDOWS\system32\drv33260.dll
2009-07-22 21:43:06 ----A---- C:\WINDOWS\system32\wvc1dmod.dll
2009-07-22 21:43:06 ----A---- C:\WINDOWS\system32\vp7vfw.dll
2009-07-22 21:43:06 ----A---- C:\WINDOWS\system32\drv23260.dll
2009-07-22 21:43:06 ----A---- C:\WINDOWS\system32\cook3260.dll
2009-07-22 21:43:06 ----A---- C:\WINDOWS\gdiplus.dll
2009-07-22 21:43:05 ----D---- C:\Program Files\VSO
2009-07-22 21:37:42 ----D---- C:\Documents and Settings\Mob\Application Data\.BitTornado
2009-07-22 21:19:33 ----A---- C:\WINDOWS\WINCMD.INI
2009-07-22 21:14:56 ----D---- C:\Program Files\SABnzbd
2009-07-22 21:14:32 ----D---- C:\Program Files\WinRAR
2009-07-22 21:09:09 ----D---- C:\Documents and Settings\Mob\Application Data\Macromedia
2009-07-22 21:05:43 ----D---- C:\PSFONTS
2009-07-22 21:05:42 ----A---- C:\WINDOWS\system32\ATMsrvc.exe
2009-07-22 21:05:41 ----D---- C:\Program Files\Adobe Type Manager
2009-07-22 21:04:32 ----D---- C:\Adobe
2009-07-22 21:04:32 ----A---- C:\WINDOWS\system32\TWAIN_32.DLL
2009-07-22 21:04:03 ----A---- C:\WINDOWS\unin040c.exe
2009-07-22 21:01:46 ----D---- C:\Program Files\Adobe
2009-07-22 21:00:59 ----A---- C:\WINDOWS\IsUn040c.exe
2009-07-22 20:59:05 ----D---- C:\Program Files\Common Files\Adobe
2009-07-22 20:58:59 ----D---- C:\Documents and Settings\Mob\Application Data\Adobe
2009-07-22 20:56:25 ----D---- C:\Tools
2009-07-22 20:51:29 ----D---- C:\Program Files\JRE
2009-07-22 20:51:25 ----D---- C:\Program Files\OpenOffice.org 3
2009-07-22 20:51:15 ----A---- C:\WINDOWS\system32\javaws.exe
2009-07-22 20:51:15 ----A---- C:\WINDOWS\system32\javaw.exe
2009-07-22 20:51:15 ----A---- C:\WINDOWS\system32\java.exe
2009-07-22 20:51:15 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-07-22 20:51:08 ----D---- C:\Program Files\Java
2009-07-22 20:51:03 ----D---- C:\Documents and Settings\Mob\Application Data\Sun
2009-07-22 18:37:54 ----HD---- C:\$AVG8.VAULT$
2009-07-22 18:34:04 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2009-07-22 18:33:59 ----D---- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
2009-07-22 18:33:53 ----D---- C:\Program Files\AVG
2009-07-22 18:33:53 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2009-07-22 18:31:04 ----A---- C:\WINDOWS\system32\h323log.txt
2009-07-22 18:13:47 ----D---- C:\WINDOWS\system32\AGEIA
2009-07-22 18:13:47 ----D---- C:\Program Files\AGEIA Technologies
2009-07-22 18:13:39 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-07-22 18:13:36 ----D---- C:\Program Files\NVIDIA Corporation
2009-07-22 18:13:34 ----D---- C:\Documents
0
Réponse 6 / 7
zemob
 
et here is the info.txt

info.txt logfile of random's system information tool 1.06 2009-08-02 19:35:19

======Uninstall list======

-->MsiExec /X{B83FC356-B7C0-441F-8A4D-D71E088E7974}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop 7.0-->C:\WINDOWS\ISUN040C.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Reader 9.1.2 - French-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A91000000001}
Adobe Streamline 4.0-->C:\WINDOWS\unin040c.exe -f"C:\Adobe\Streamline 4.0\DeIsL1.isu"
Adobe Type Manager Deluxe 4.1-->C:\WINDOWS\unin040c.exe -f"C:\Program Files\Adobe Type Manager\DeIsL1.isu" -c"C:\Program Files\Adobe Type Manager\UNINST.DLL"
Alesis io|2 ASIO Driver-->MsiExec.exe /I{311EEFFE-8354-42D8-B2A0-A0666689F69F}
AVG Free 8.5-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Canon S900-->C:\WINDOWS\system32\CNMCP3G.EXE -@C:\WINDOWS\IsUn040c.exe -f"C:\BJPrinter\CNMWINDOWS\Canon S900 Installer\Inst\DeIsL1.isu" -pCanon S900-c"C:\BJPrinter\CNMWINDOWS\Canon S900 Installer\Inst\bjinst.dll
ConvertXtoDVD 3.0.0.9-->"C:\Program Files\VSO\ConvertX\3\unins000.exe"
Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe"
FileAlyzer-->"C:\Program Files\Safer Networking\FileAlyzer\unins000.exe"
Haali Media Splitter-->"C:\Program Files\Haali\MatroskaSplitter\uninstall.exe"
HijackThis 2.0.2-->"C:\Documents and Settings\Mob\My Documents\Downloads\HijackThis.exe" /uninstall
ImgBurn-->"C:\Program Files\ImgBurn\uninstall.exe"
Internet Speed Monitor-->C:\Program Files\iPrimo\Uninstall.exe
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Standard 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall STANDARD /dll OSETUP.DLL
Microsoft Office Standard 2007-->MsiExec.exe /X{90120000-0012-0000-0000-0000000FF1CE}
Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Security update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security update for Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Security update for Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Security update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security update for Windows XP (KB969897)-->"C:\WINDOWS\$NtUninstallKB969897$\spuninst\spuninst.exe"
Security update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB972636)-->"C:\WINDOWS\ie8updates\KB972636-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Mozilla Firefox (3.5.1)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Native Instruments Komplete 5-->C:\PROGRA~1\NATIVE~1\KOMPLE~1\UNWISE.EXE C:\PROGRA~1\NATIVE~1\KOMPLE~1\INSTALL.LOG
Nero 8 Micro 8.2.8.0-->"C:\Program Files\Nero\unins000.exe"
NETGEAR WN111 wireless USB 2.0 adapter-->C:\Program Files\InstallShield Installation Information\{AFCE4D19-D385-4232-9B0E-809D85A25A10}\setup.exe -runfromtemp -l0x0409
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
NVIDIA nView Desktop Manager-->C:\Program Files\NVIDIA Corporation\nView\nViewSetup.exe -uninstall
NVIDIA PhysX-->MsiExec.exe /X{B83FC356-B7C0-441F-8A4D-D71E088E7974}
OpenOffice.org 3.1-->MsiExec.exe /I{0FA44E79-CD7D-4E8D-A2EE-26FE05F509B6}
QuickTime Alternative 2.9.0-->"C:\Program Files\QuickTime Alternative\unins000.exe"
REAPER-->"C:\Audio\REAPER\Uninstall.exe"
RegAlyzer-->"C:\Program Files\Safer Networking\RegAlyzer\unins000.exe"
RunAlyzer-->"C:\Program Files\Safer Networking\RunAlyzer\unins000.exe"
SABnzbd (remove only)-->"C:\Program Files\SABnzbd\uninstall.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
UsbFix-->c:\UsbFix\Uninstal.exe
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
VLC media player 1.0.1-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Werkkzeug1-->"C:\Tools\Werkkzeug1\uninstall.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
ZoneAlarm-->C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe

======Hosts File======

127.0.0.1 jL.chura.pl
127.0.0.1 localhost

======Security center information======

AV: AVG Anti-Virus Free
FW: ZoneAlarm Firewall

======System event log======

Computer Name: MAISON-3FCF8D95
Event Code: 15007
Message: The reservation of the namespace identified by the URL prefix http://*:2869/ has been successfully added.

Record Number: 5
Source Name: HTTP
Time Written: 20090722163437.000000+120
Event Type: Information
User:

Computer Name: MAISON-3FCF8D95
Event Code: 6011
Message: The NetBIOS name and DNS hostname of this computer has been changed from MACHINENAME to MAISON-3FCF8D95.

Record Number: 4
Source Name: EventLog
Time Written: 20090722163111.000000+120
Event Type: Information
User:

Computer Name: MACHINENAME
Event Code: 2
Message: During the validation of \Device\Serial0 as a serial port, a FIFO has been detected. The FIFO will be used.

Record Number: 3
Source Name: Serial
Time Written: 20090722180718.000000+120
Event Type: Information
User:

Computer Name: MACHINENAME
Event Code: 6005
Message: The Event Log service has started.

Record Number: 2
Source Name: EventLog
Time Written: 20090722180656.000000+120
Event Type: Information
User:

Computer Name: MACHINENAME
Event Code: 6009
Message: Microsoft (R) Windows (R) 5.01. 2600 Service Pack 3 Multiprocessor Free.

Record Number: 1
Source Name: EventLog
Time Written: 20090722180656.000000+120
Event Type: Information
User:

=====Application event log=====

Computer Name: MAISON-3FCF8D95
Event Code: 1000
Message: The performance counters for the MSDTC service (MSDTC) have been loaded.
Record data contains the new index values assigned to this service.

Record Number: 5
Source Name: LoadPerf
Time Written: 20090722163246.000000+120
Event Type: Information
User:

Computer Name: MAISON-3FCF8D95
Event Code: 1000
Message: The performance counters for the TermService service (Terminal Server Services) have been loaded.
Record data contains the new index values assigned to this service.

Record Number: 4
Source Name: LoadPerf
Time Written: 20090722163243.000000+120
Event Type: Information
User:

Computer Name: MAISON-3FCF8D95
Event Code: 1000
Message: The performance counters for the RemoteAccess service (Routing and Remote Access) have been loaded.
Record data contains the new index values assigned to this service.

Record Number: 3
Source Name: LoadPerf
Time Written: 20090722163144.000000+120
Event Type: Information
User:

Computer Name: MAISON-3FCF8D95
Event Code: 1000
Message: The performance counters for the PSched service (PSched) have been loaded.
Record data contains the new index values assigned to this service.

Record Number: 2
Source Name: LoadPerf
Time Written: 20090722163121.000000+120
Event Type: Information
User:

Computer Name: MAISON-3FCF8D95
Event Code: 1000
Message: The performance counters for the RSVP service (QoS RSVP) have been loaded.
Record data contains the new index values assigned to this service.

Record Number: 1
Source Name: LoadPerf
Time Written: 20090722163120.000000+120
Event Type: Information
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 107 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=6b02
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"tvdumpflags"=8

-----------------EOF-----------------
0
Réponse 7 / 7
zemob
 
Help! I'm still in a jam (see above...)! Thanks :)
0