Jump to content
IObit Forum
Top Free Driver Updater Tools Best 25 PC Optimization Software Best 22 Antimalware Best 22 Uninstaller Software IObit Coupons & Discount Offers PC Optimizer Mac Boost Advice IObit Coupons A Good Utility Program From IObit IObit Promo Codes IObit Coupon Codes IObit Coupons and Deals FAQs Driver Booster Pro Review

trojan


jjf

Recommended Posts

Posted

imf detect : trojan.backdoor on conf.exe (netmeeting) but does not remove it permanently. It keeps coming back after trying to repaired. Any solutions?

Posted

Hello and welcome to IOBit Forums. My name is Dave. I will be helping you out with your particular problem on your computer.

 

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.

2. The fixes are specific to your problem and should only be used for this issue on this machine.

3. If you don't know or understand something, please don't hesitate to ask.

4. Please DO NOT run any other tools or scans while I am helping you.

5. It is important that you reply to this thread. Do not start a new topic.

6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

7. Absence of symptoms does not mean that everything is clear.

 

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.

***********************************************************

SUPERAntiSpyware

 

If you already have SUPERAntiSpyware be sure to check for updates before scanning!

 

Download SuperAntispyware Free Edition (SAS)

* Double-click the icon on your desktop to run the installer.

* When asked to Update the program definitions, click Yes

* If you encounter any problems while downloading the updates, manually download and unzip them from here

* Next click the Preferences button.

 

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts

* Click the Scanning Control tab.

* Under Scanner Options make sure only the following are checked:

 

•Close browsers before scanning

•Scan for tracking cookies

•Terminate memory threats before quarantining

Please leave the others unchecked

 

•Click the Close button to leave the control center screen.

 

* On the main screen click Scan your computer

* On the left check the box for the drive you are scanning.

* On the right choose Perform Complete Scan

* Click Next to start the scan. Please be patient while it scans your computer.

* After the scan is complete a summary box will appear. Click OK

* Make sure everything in the white box has a check next to it, then click Next

* It will quarantine what it found and if it asks if you want to reboot, click Yes

 

•To retrieve the removal information please do the following:

•After reboot, double-click the SUPERAntiSpyware icon on your desktop.

•Click Preferences. Click the Statistics/Logs tab.

 

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

 

•It will open in your default text editor (preferably Notepad).

•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

 

* Save the log somewhere you can easily find it. (normally the desktop)

* Click close and close again to exit the program.

*Copy and Paste the log in your post.

*********************************************

 

 

Please download Malwarebytes Anti-Malware from here.

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

 

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

***************************************************

Download DDS from HERE or HERE and save it to your desktop.

 

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

 

* XP users Double click on dds to run it.

* If your antivirus or firewall try to block DDS then please allow it to run.

* When finished DDS will open two (2) logs.

 

1) DDS.txt

2) Attach.txt

 

* Save both logs to your desktop.

* Please copy and paste the entire contents of both logs in your next reply.

 

Note: DDS will instruct you to post the Attach.txt log as an attachment.

Please just post it as you would any other log by copying and pasting it into the reply.

Posted

thanks superdave for your help.

Super anti spyware did not ask for reboot so I did a restart and this made me lose the statistics/logs.

 

Then I ran mbam here is the log: (I hope you understand french)

 

Malwarebytes' Anti-Malware 1.50.1.1100

http://www.malwarebytes.org

 

Version de la base de données: 7207

 

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

 

2011-07-19 21:55:04

mbam-log-2011-07-19 (21-55-04).txt

 

Type d'examen: Examen complet (C:\|)

Elément(s) analysé(s): 191302

Temps écoulé: 27 minute(s), 33 seconde(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 0

Valeur(s) du Registre infectée(s): 0

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 0

Fichier(s) infecté(s): 0

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Valeur(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

 

Dossier(s) infecté(s):

(Aucun élément nuisible détecté)

 

Fichier(s) infecté(s):

(Aucun élément nuisible détecté)

Posted

I will do super anti spyware again tomorrow. What is DDS? Shall I run this one also tomorrow?

 

Thank you again for your care, it seems that I got a though trojan.

Posted

log of super anti spyware

 

Bonjour super Dave,

 

here is the log of SAS this morning:

 

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

 

Generated 07/20/2011 at 07:57 AM

 

Application Version : 4.55.1000

 

Core Rules Database Version : 7431

Trace Rules Database Version: 5243

 

Scan type : Complete Scan

Total Scan Time : 01:01:53

 

Memory items scanned : 474

Memory threats detected : 0

Registry items scanned : 7734

Registry threats detected : 0

File items scanned : 42714

File threats detected : 9

 

Adware.Tracking Cookie

C:\Documents and Settings\Jack\Cookies\jack@networldmedia[2].txt

C:\Documents and Settings\Jack\Cookies\jack@atdmt[2].txt

C:\Documents and Settings\Jack\Cookies\jack@invitemedia[2].txt

C:\Documents and Settings\Jack\Cookies\jack@adinterax[1].txt

C:\Documents and Settings\Jack\Cookies\jack@atdmt.combing[2].txt

C:\Documents and Settings\Jack\Cookies\jack@vitamine.networldmedia[1].txt

C:\Documents and Settings\Jack\Cookies\jack@bellcan.adbureau[1].txt

C:\Documents and Settings\Jack\Cookies\jack@ads.networldmedia[2].txt

vitamine.networldmedia.net [ C:\Documents and Settings\Jack\Application Data\Macromedia\Flash Player\#SharedObjects\PRMGGNQY ]

Posted

dds.txt

 

.

DDS (Ver_11-05-19.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by Jack at 8:19:28 on 2011-07-20

Microsoft Windows XP Professionnel 5.1.2600.3.1252.2.1036.18.991.382 [GMT -4:00]

.

AV: AntiVir Desktop *Enabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe

C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Program Files\IObit\Advanced SystemCare 4\PMonitor.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\IObit\IObit Malware Fighter\IMF.exe

C:\WINDOWS\System32\wbem\wmiapsrv.exe

C:\Documents and Settings\Jack\Application Data\mjusbsp\magicJack.exe

C:\WINDOWS\system32\WISPTIS.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Jack\Bureau\dds.scr

C:\WINDOWS\system32\WSCRIPT.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://cf.yahoo.com/

mDefault_Page_URL = hxxp://cf.yahoo.com

mStart Page = hxxp://cf.yahoo.com

uInternet Settings,ProxyOverride = dynhost.inetcam.com;register.inetcam.com;

uURLSearchHooks: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - c:\program files\iobit toolbar\ie\4.4\iobitToolbarIE.dll

uURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\progra~1\yahoo!\companion\installs\cpn0\YTNavAssist.dll

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll

BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll

BHO: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - c:\program files\iobit toolbar\ie\4.4\iobitToolbarIE.dll

BHO: {69d72956-317c-44bd-b369-8e44d4ef9801} - SafeOnline BHO

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL

BHO: Programme d'aide de l'Assistant de connexion Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\fichiers communs\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn0\YTSingleInstance.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll

TB: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - c:\program files\iobit toolbar\ie\4.4\iobitToolbarIE.dll

TB: Yahoo! Barre d'outils: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [cdloader] "c:\documents and settings\jack\application data\mjusbsp\cdloader2.exe" MAGICJACK

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

mRun: [iObit Malware Fighter] "c:\program files\iobit\iobit malware fighter\IMF.exe" /autostart

dRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe

uPolicies-explorer: NoInstrumentation = 1 (0x1)

IE: &Envoyer à OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105

IE: E&xporter vers Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\fichiers communs\microsoft shared\office14\MSOXMLMF.DLL

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\fichie~1\skype\SKYPE4~1.DLL

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

Hosts: 66.98.148.65 auto.search.msn.com

Hosts: 66.98.148.65 auto.search.msn.es

.

============= SERVICES / DRIVERS ===============

.

R0 SiSRaid1;SiSRaid1;c:\windows\system32\drivers\SiSRaid1.sys [2011-1-1 46464]

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-1-2 11608]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]

R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\iobit\advanced systemcare 4\ASCService.exe [2011-4-19 353168]

R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\avira\antivir desktop\sched.exe [2011-1-2 136360]

R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-1-2 269480]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-1-2 61960]

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2011-4-10 54760]

R2 IMFservice;IMF Service;c:\program files\iobit\iobit malware fighter\IMFsrv.exe [2011-5-11 820568]

R3 FileMonitor;FileMonitor;c:\program files\iobit\iobit malware fighter\drivers\wxp_x86\FileMonitor.sys [2011-7-15 239600]

R3 RegFilter;RegFilter;c:\program files\iobit\iobit malware fighter\drivers\wxp_x86\RegFilter.sys [2011-7-15 30368]

R3 UrlFilter;UrlFilter;c:\program files\iobit\iobit malware fighter\drivers\wxp_x86\UrlFilter.sys [2011-7-15 16080]

S2 Application Updater;Application Updater; [x]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Service Google Update (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-4-22 136176]

S2 Scutum50;Scutum50 NDIS Protocol Driver;c:\windows\system32\drivers\scutum50.sys --> c:\windows\system32\drivers\Scutum50.sys [?]

S3 fsssvc;Service Windows Live Contrôle parental;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]

S3 gupdatem;Service Google Update (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-4-22 136176]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208]

S3 osppsvc;Office Software Protection Platform;c:\program files\fichiers communs\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys --> c:\windows\system32\drivers\rt2870.sys [?]

S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [2011-3-19 12984]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2001-8-28 14336]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2011-07-20 01:20:31 -------- d-----w- c:\documents and settings\jack\application data\Malwarebytes

2011-07-20 01:20:13 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-20 01:20:11 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2011-07-20 01:20:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-20 01:20:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-07-18 23:00:53 -------- d-----w- c:\documents and settings\jack\local settings\application data\tjnet

2011-07-18 22:44:03 -------- d-----w- c:\documents and settings\jack\local settings\application data\magicJack

2011-07-17 17:23:25 -------- d-----w- C:\jpg

2011-07-16 11:50:58 33599 -c--a-w- c:\windows\system32\dllcache\watv04nt.sys

2011-07-16 11:49:57 32640 -c--a-w- c:\windows\system32\dllcache\symc8xx.sys

2011-07-16 11:48:55 98080 -c--a-w- c:\windows\system32\dllcache\sgiulnt5.sys

2011-07-16 11:47:59 8832 -c--a-w- c:\windows\system32\dllcache\powerfil.sys

2011-07-16 11:46:59 229439 -c--a-w- c:\windows\system32\dllcache\multibox.dll

2011-07-16 11:45:58 70730 -c--a-w- c:\windows\system32\dllcache\lne100tx.sys

2011-07-16 11:45:58 25065 -c--a-w- c:\windows\system32\dllcache\lmndis3.sys

2011-07-16 11:45:58 20573 -c--a-w- c:\windows\system32\dllcache\lne100.sys

2011-07-16 11:45:57 16384 -c--a-w- c:\windows\system32\dllcache\lit220p.sys

2011-07-16 11:45:56 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys

2011-07-16 11:45:55 26922 -c--a-w- c:\windows\system32\dllcache\lanepic5.sys

2011-07-16 11:45:55 19016 -c--a-w- c:\windows\system32\dllcache\ktc111.sys

2011-07-16 11:45:53 37888 -c--a-w- c:\windows\system32\dllcache\kousd.dll

2011-07-16 11:45:51 70656 -c--a-w- c:\windows\system32\dllcache\korwbrkr.dll

2011-07-16 11:43:57 372824 -c--a-w- c:\windows\system32\dllcache\iconf32.dll

2011-07-16 11:42:58 442240 -c--a-w- c:\windows\system32\dllcache\fpnpbase.sys

2011-07-16 11:41:58 14720 -c--a-w- c:\windows\system32\dllcache\dac960nt.sys

2011-07-16 11:40:52 14080 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys

2011-07-16 11:39:59 462848 -c--a-w- c:\windows\system32\dllcache\a3dapi.dll

2011-07-11 17:54:52 -------- d-----w- C:\bmp

2011-07-10 15:39:25 26832 ----a-w- c:\windows\system\CTL3DV2.DLL

2011-07-10 15:39:20 -------- d-----w- C:\EZFM4.0

2011-07-08 15:46:30 -------- d-----w- c:\documents and settings\jack\application data\Moyea

2011-07-03 12:27:33 -------- d-----w- c:\documents and settings\jack\local settings\application data\Yahoo!

2011-07-03 12:27:27 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

.

==================== Find3M ====================

.

2011-06-06 11:35:23 1859072 ----a-w- c:\windows\system32\win32k.sys

2011-05-14 15:49:16 82380 ----a-w- c:\windows\system32\drivers\AFS2K.SYS

2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-04-29 17:25:26 151552 ----a-w- c:\windows\system32\schannel.dll

2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-04-26 11:07:49 33280 ----a-w- c:\windows\system32\csrsrv.dll

2011-04-26 11:07:49 293888 ----a-w- c:\windows\system32\winsrv.dll

2011-04-25 16:06:11 916480 ----a-w- c:\windows\system32\wininet.dll

2011-04-25 16:06:10 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-04-25 16:06:10 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-04-25 12:01:22 385024 ----a-w- c:\windows\system32\html.iec

2011-04-23 17:30:19 76696 ----a-w- c:\windows\system32\drivers\pxrts.sys

2011-04-22 19:19:51 71880 ----a-w- c:\windows\system32\PxSecure.dll-13835625

2011-04-21 13:37:43 105472 ----a-w- c:\windows\system32\drivers\mup.sys

.

============= FINISH: 8:21:42,25 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_11-05-19.01)

.

Microsoft Windows XP Professionnel

Boot Device: \Device\HarddiskVolume1

Install Date: 2010-12-30 15:37:34

System Uptime: 2011-07-20 05:58:25 (3 hours ago)

.

Motherboard: ECS | | 761GX-M754-964

Processor: Mobile AMD Athlon XP-M Processor 2800+ | CPU 1 | 1600/200mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 466 GiB total, 429,657 GiB free.

D: is Removable

E: is CDROM (UDF)

F: is CDROM ()

H: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP233: 2011-07-19 10:03:42 - Point de vérification système

.

==== Installed Programs ======================

.

Leawo MP4 Converter version 3.1.0.0

360Amigo System Speedup Free

Adobe Flash Player 10 ActiveX

Adobe Reader 7.0 - Français

Adobe Shockwave Player 11.5

Advanced SystemCare 4

Any Video Converter 3.2.1

Assistant de connexion Windows Live

Avira AntiVir Personal - Free Antivirus

CCleaner

CNET TechTracker

Definition update for Microsoft Office 2010 (KB982726)

EasyCleaner

Freemake Video Converter version 2.1.0

FW LiveUpdate

Galerie de photos Windows Live

Garmin USB Drivers

Garmin WebUpdater

Glary Utilities 2.34.0.1190

Google Update Helper

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

HP Photo and Imaging 1.0 - Scanjet 3500c Series

Installation Windows Live

Intel® Create & Share® Software

IObit Malware Fighter

IObit Toolbar v4.4

Junk Mail filter update

K-Lite Codec Pack 6.5.0 (Basic)

Logiciel iTouch de Logitech

magicJack

Malwarebytes' Anti-Malware

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - FRA

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - FRA

Microsoft .NET Framework 3.5 Language Pack SP1 - fra

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Client Profile FRA Language Pack

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft English TTS Engine

Microsoft Office Access MUI (French) 2010

Microsoft Office Excel MUI (French) 2010

Microsoft Office Groove MUI (French) 2010

Microsoft Office InfoPath MUI (French) 2010

Microsoft Office OneNote MUI (French) 2010

Microsoft Office Outlook MUI (French) 2010

Microsoft Office PowerPoint MUI (French) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Professionnel Plus 2010

Microsoft Office Proof (Arabic) 2010

Microsoft Office Proof (Dutch) 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (German) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (French) 2010

Microsoft Office Publisher MUI (French) 2010

Microsoft Office Shared MUI (French) 2010

Microsoft Office Word MUI (French) 2010

Microsoft Search Enhancement Pack

Microsoft Software Update for Web Folders (French) 14

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Sync Framework Runtime Native v1.0 (x86)

Microsoft Sync Framework Services Native v1.0 (x86)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable - KB2467175

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable Package

Microsoft Visual C++ Run Time Lib Setup

Mise à jour de sécurité pour Windows Internet Explorer 8 (KB2360131)

Mise à jour de sécurité pour Windows Internet Explorer 8 (KB2416400)

Mise à jour de sécurité pour Windows Internet Explorer 8 (KB2482017)

Mise à jour de sécurité pour Windows Internet Explorer 8 (KB2497640)

Mise à jour de sécurité pour Windows Internet Explorer 8 (KB2510531)

Mise à jour de sécurité pour Windows Internet Explorer 8 (KB2530548)

Mise à jour de sécurité pour Windows Internet Explorer 8 (KB2544521)

Mise à jour de sécurité pour Windows Internet Explorer 8 (KB971961)

Mise à jour de sécurité pour Windows Internet Explorer 8 (KB981332)

Mise à jour de sécurité pour Windows Internet Explorer 8 (KB982381)

Mise à jour pour Microsoft Outlook Social Connector (KB2441641)

Mise à jour pour Windows Internet Explorer 8 (KB2447568)

Mise à jour pour Windows Internet Explorer 8 (KB976662)

Module linguistique Microsoft .NET Framework 3.5 SP1- fra

Module linguistique Microsoft .NET Framework 4 Client Profile FRA

MSVCRT

Nero 7 Ultra Edition

Outil de téléchargement Windows Live

Platform

Registry Mechanic

SAPI Wrapper

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft Excel 2010 (KB2523021)

Security Update for Microsoft InfoPath 2010 (KB2510065)

Security Update for Microsoft PowerPoint 2010 (KB2519975)

Security Update for Module linguistique Microsoft .NET Framework 4 Client Profile FRA (KB2478663)

Security Update for Module linguistique Microsoft .NET Framework 4 Client Profile FRA (KB2518870)

Segoe UI

ShareIns

SiS 900 PCI Fast Ethernet Adapter Driver

SiS VGA Utilities

SiSAGP driver

SiSRaidPackage

Skype™ 5.3

SoundMAX

SUPERAntiSpyware

TTS Wrapper

Unlocker 1.8.5

Update for Microsoft Office 2010 (KB2523113)

Update for Microsoft Outlook Social Connector (KB2441641)

Veetle TV 0.9.18

VIA Le gestionnaire du dispositif de plate-forme

WebFldrs XP

Windows Live Call

Windows Live Communications Platform

Windows Live Contrôle parental

Windows Live FolderShare

Windows Live Mail

Windows Live Messenger

Windows Live Toolbar

Windows Live Writer

Windows Management Framework Core

Windows Media Format 11 runtime

Windows Registry Repair Pro

WinZip 14.5

Wise Disk Cleaner 5.81

Wise Registry Cleaner 5.8.9

Yahoo! Barre d'outils

Yahoo! BrowserPlus 2.9.8

Yahoo! Messenger

Yahoo! Search Protection

Yahoo! Software Update

.

==== Event Viewer Messages From Past Week ========

.

2011-07-20 08:17:21, information: Windows File Protection [64002] - Tentative de remplacement du fichier système protégé c:\program files\netmeeting\conf.exe. Ce fichier a été restauré en utilisant sa version d'origine afin de maintenir la stabilité du système. La version du fichier système est 5.1.2600.5512.

2011-07-20 06:03:11, information: Windows File Protection [64002] - Tentative de remplacement du fichier système protégé c:\program files\netmeeting\conf.exe. Ce fichier a été restauré en utilisant sa version d'origine afin de maintenir la stabilité du système. La version du fichier système est 5.1.2600.5512.

2011-07-20 05:59:25, error: DCOM [10005] - DCOM a reçu l'erreur "%1058" lors de la mise en route du service EventSystem avec les arguments "" pour démarrer le serveur*: {1BE1F766-5536-11D1-B726-00C04FB926AF}

2011-07-20 05:59:10, error: Service Control Manager [7001] - Le service Notification d'événement système dépend du service Système d'événements de COM+ qui n'a pas pu démarrer en raison de l'erreur*: Le service ne peut pas être démarré parce qu'il est désactivé ou qu'aucun périphérique activé ne lui est associé.

2011-07-20 05:59:10, error: Service Control Manager [7000] - Le service Scutum50 NDIS Protocol Driver n'a pas pu démarrer en raison de l'erreur*: Le fichier spécifié est introuvable.

2011-07-20 05:59:09, error: DCOM [10005] - DCOM a reçu l'erreur "%1058" lors de la mise en route du service EventSystem avec les arguments "" pour démarrer le serveur*: {1BE1F766-5536-11D1-B726-00C04FB926AF}

2011-07-19 22:21:42, error: DCOM [10005] - DCOM a reçu l'erreur "%1058" lors de la mise en route du service EventSystem avec les arguments "" pour démarrer le serveur*: {1BE1F766-5536-11D1-B726-00C04FB926AF}

2011-07-19 21:23:57, error: DCOM [10005] - DCOM a reçu l'erreur "%1058" lors de la mise en route du service EventSystem avec les arguments "" pour démarrer le serveur*: {1BE1F766-5536-11D1-B726-00C04FB926AF}

2011-07-19 21:23:41, error: Service Control Manager [7001] - Le service Notification d'événement système dépend du service Système d'événements de COM+ qui n'a pas pu démarrer en raison de l'erreur*: Le service ne peut pas être démarré parce qu'il est désactivé ou qu'aucun périphérique activé ne lui est associé.

2011-07-19 21:23:41, error: Service Control Manager [7000] - Le service Scutum50 NDIS Protocol Driver n'a pas pu démarrer en raison de l'erreur*: Le fichier spécifié est introuvable.

2011-07-19 21:23:41, error: DCOM [10005] - DCOM a reçu l'erreur "%1058" lors de la mise en route du service EventSystem avec les arguments "" pour démarrer le serveur*: {1BE1F766-5536-11D1-B726-00C04FB926AF}

2011-07-19 21:11:23, error: Service Control Manager [7001] - Le service Notification d'événement système dépend du service Système d'événements de COM+ qui n'a pas pu démarrer en raison de l'erreur*: Le service ne peut pas être démarré parce qu'il est désactivé ou qu'aucun périphérique activé ne lui est associé.

2011-07-19 21:11:23, error: Service Control Manager [7000] - Le service Scutum50 NDIS Protocol Driver n'a pas pu démarrer en raison de l'erreur*: Le fichier spécifié est introuvable.

2011-07-19 21:11:16, error: DCOM [10005] - DCOM a reçu l'erreur "%1058" lors de la mise en route du service EventSystem avec les arguments "" pour démarrer le serveur*: {1BE1F766-5536-11D1-B726-00C04FB926AF}

2011-07-19 21:11:12, error: DCOM [10005] - DCOM a reçu l'erreur "%1058" lors de la mise en route du service EventSystem avec les arguments "" pour démarrer le serveur*: {1BE1F766-5536-11D1-B726-00C04FB926AF}

2011-07-19 21:09:32, error: DCOM [10005] - DCOM a reçu l'erreur "%1058" lors de la mise en route du service EventSystem avec les arguments "" pour démarrer le serveur*: {1BE1F766-5536-11D1-B726-00C04FB926AF}

2011-07-19 06:59:20, error: DCOM [10005] - DCOM a reçu l'erreur "%1058" lors de la mise en route du service EventSystem avec les arguments "" pour démarrer le serveur*: {1BE1F766-5536-11D1-B726-00C04FB926AF}

2011-07-19 06:59:04, error: Service Control Manager [7001] - Le service Notification d'événement système dépend du service Système d'événements de COM+ qui n'a pas pu démarrer en raison de l'erreur*: Le service ne peut pas être démarré parce qu'il est désactivé ou qu'aucun périphérique activé ne lui est associé.

2011-07-19 06:59:03, error: Service Control Manager [7000] - Le service Scutum50 NDIS Protocol Driver n'a pas pu démarrer en raison de l'erreur*: Le fichier spécifié est introuvable.

2011-07-19 06:59:03, error: DCOM [10005] - DCOM a reçu l'erreur "%1058" lors de la mise en route du service EventSystem avec les arguments "" pour démarrer le serveur*: {1BE1F766-5536-11D1-B726-00C04FB926AF}

2011-07-18 21:26:09, error: DCOM [10005] - DCOM a reçu l'erreur "%1058" lors de la mise en route du service EventSystem avec les arguments "" pour démarrer le serveur*: {1BE1F766-5536-11D1-B726-00C04FB926AF}

2011-07-18 19:01:03, error: DCOM [10005] - DCOM a reçu l'erreur "%1058" lors de la mise en route du service EventSystem avec les arguments "" pour démarrer le serveur*: {1BE1F766-5536-11D1-B726-00C04FB926AF}

2011-07-18 19:00:47, error: Service Control Manager [7001] - Le service Notification d'événement système dépend du service Système d'événements de COM+ qui n'a pas pu démarrer en raison de l'erreur*: Le service ne peut pas être démarré parce qu'il est désactivé ou qu'aucun périphérique activé ne lui est associé.

2011-07-18 19:00:47, error: Service Control Manager [7000] - Le service Scutum50 NDIS Protocol Driver n'a pas pu démarrer en raison de l'erreur*: Le fichier spécifié est introuvable.

2011-07-18 19:00:46, error: DCOM [10005] - DCOM a reçu l'erreur "%1058" lors de la mise en route du service EventSystem avec les arguments "" pour démarrer le serveur*: {1BE1F766-5536-11D1-B726-00C04FB926AF}

2011-07-18 18:59:35, error: DCOM [10005] - DCOM a reçu l'erreur "%1058" lors de la mise en route du service EventSystem avec les arguments "" pour démarrer le serveur*: {1BE1F766-5536-11D1-B726-00C04FB926AF}

2011-07-18 16:20:02, error: DCOM [10005] - DCOM a reçu l'erreur "%1058" lors de la mise en route du service EventSystem avec les arguments "" pour démarrer le serveur*: {1BE1F766-5536-11D1-B726-00C04FB926AF}

2011-07-18 16:19:47, error: Service Control Manager [7001] - Le service Notification d'événement système dépend du service Système d'événements de COM+ qui n'a pas pu démarrer en raison de l'erreur*: Le service ne peut pas être démarré parce qu'il est désactivé ou qu'aucun périphérique activé ne lui est associé.

2011-07-18 16:19:47, error: Service Control Manager [7000] - Le service Scutum50 NDIS Protocol Driver n'a pas pu démarrer en raison de l'erreur*: Le fichier spécifié est introuvable.

2011-07-18 16:19:45, error: DCOM [10005] - DCOM a reçu l'erreur "%1058" lors de la mise en route du service EventSystem avec les arguments "" pour démarrer le serveur*: {1BE1F766-5536-11D1-B726-00C04FB926AF}

2011-07-18 16:18:38, error: DCOM [10005] - DCOM a reçu l'erreur "%1058" lors de la mise en route du service EventSystem avec les arguments "" pour démarrer le serveur*: {1BE1F766-5536-11D1-B726-00C04FB926AF}

2011-07-18 07:03:29, error: DCOM [10005] - DCOM a reçu l'erreur "%1058" lors de la mise en route du service EventSystem avec les arguments "" pour démarrer le serveur*: {1BE1F766-5536-11D1-B726-00C04FB926AF}

2011-07-18 07:03:14, error: Service Control Manager [7001] - Le service Notification d'événement système dépend du service Système d'événements de COM+ qui n'a pas pu démarrer en raison de l'erreur*: Le service ne peut pas être démarré parce qu'il est désactivé ou qu'aucun périphérique activé ne lui est associé.

2011-07-18 07:03:14, error: Service Control Manager [7000] - Le service Scutum50 NDIS Protocol Driver n'a pas pu démarrer en raison de l'erreur*: Le fichier spécifié est introuvable.

2011-07-18 07:03:13, error: DCOM [10005] - DCOM a reçu l'erreur "%1058" lors de la mise en route du service EventSystem avec les arguments "" pour démarrer le serveur*: {1BE1F766-5536-11D1-B726-00C04FB926AF}

2011-07-17 21:24:30, error: DCOM [10005] - DCOM a reçu l'erreur "%1058" lors de la mise en route du service EventSystem avec les arguments "" pour démarrer le serveur*: {1BE1F766-5536-11D1-B726-00C04FB926AF}

2011-07-17 07:40:09, error: DCOM [10005] - DCOM a reçu l'erreur "%1058" lors de la mise en route du service EventSystem avec les arguments "" pour démarrer le serveur*: {1BE1F766-5536-11D1-B726-00C04FB926AF}

2011-07-17 07:39:53, error: Service Control Manager [7001] - Le service Notification d'événement système dépend du service Système d'événements de COM+ qui n'a pas pu démarrer en raison de l'erreur*: Le service ne peut pas être démarré parce qu'il est désactivé ou qu'aucun périphérique activé ne lui est associé.

2011-07-17 07:39:53, error: Service Control Manager [7000] - Le service Scutum50 NDIS Protocol Driver n'a pas pu démarrer en raison de l'erreur*: Le fichier spécifié est introuvable.

2011-07-17 07:39:52, error: DCOM [10005] - DCOM a reçu l'erreur "%1058" lors de la mise en route du service EventSystem avec les arguments "" pour démarrer le serveur*: {1BE1F766-5536-11D1-B726-00C04FB926AF}

2011-07-16 22:10:46, error: DCOM [10005] - DCOM a reçu l'erreur "%1058" lors de la mise en route du service EventSystem avec les arguments "" pour démarrer le serveur*: {1BE1F766-5536-11D1-B726-00C04FB926AF}

2011-07-16 19:46:31, error: Service Control Manager [7000] - Le service SASDIFSV n'a pas pu démarrer en raison de l'erreur*: Impossible de créer un fichier déjà existant.

2011-07-16 19:37:50, error: DCOM [10005] - DCOM a reçu l'erreur "%1058" lors de la mise en route du service EventSystem avec les arguments "" pour démarrer le serveur*: {1BE1F766-5536-11D1-B726-00C04FB926AF}

2011-07-16 19:37:41, error: Service Control Manager [7001] - Le service Notification d'événement système dépend du service Système d'événements de COM+ qui n'a pas pu démarrer en raison de l'erreur*: Le service ne peut pas être démarré parce qu'il est désactivé ou qu'aucun périphérique activé ne lui est associé.

2011-07-16 19:37:41, error: Service Control Manager [7000] - Le service Scutum50 NDIS Protocol Driver n'a pas pu démarrer en raison de l'erreur*: Le fichier spécifié est introuvable.

2011-07-16 19:37:40, error: DCOM [10005] - DCOM a reçu l'erreur "%1058" lors de la mise en route du service EventSystem avec les arguments "" pour démarrer le serveur*: {1BE1F766-5536-11D1-B726-00C04FB926AF}

2011-07-16 19:36:12, error: DCOM [10005] - DCOM a reçu l'erreur "%1058" lors de la mise en route du service EventSystem avec les arguments "" pour démarrer le serveur*: {1BE1F766-5536-11D1-B726-00C04FB926AF}

2011-07-16 13:50:43, error: Dhcp [1002] - Le bail de l'adresse IP 10.23.69.200 pour la carte réseau dont l'adresse réseau est 0016EC407EB7 a été refusé par le serveur DHCP 192.168.0.1 (celui-ci a envoyé un message DHCPNACK).

2011-07-16 13:49:14, error: DCOM [10005] - DCOM a reçu l'erreur "%1058" lors de la mise en route du service EventSystem avec les arguments "" pour démarrer le serveur*: {1BE1F766-5536-11D1-B726-00C04FB926AF}

2011-07-16 13:48:56, error: Service Control Manager [7001] - Le service Notification d'événement système dépend du service Système d'événements de COM+ qui n'a pas pu démarrer en raison de l'erreur*: Le service ne peut pas être démarré parce qu'il est désactivé ou qu'aucun périphérique activé ne lui est associé.

2011-07-16 13:48:56, error: Service Control Manager [7000] - Le service Scutum50 NDIS Protocol Driver n'a pas pu démarrer en raison de l'erreur*: Le fichier spécifié est introuvable.

2011-07-16 13:48:54, error: DCOM [10005] - DCOM a reçu l'erreur "%1058" lors de la mise en route du service EventSystem avec les arguments "" pour démarrer le serveur*: {1BE1F766-5536-11D1-B726-00C04FB926AF}

2011-07-16 13:46:04, error: DCOM [10005] - DCOM a reçu l'erreur "%1058" lors de la mise en route du service EventSystem avec les arguments "" pour démarrer le serveur*: {1BE1F766-5536-11D1-B726-00C04FB926AF}

2011-07-16 12:41:43, error: DCOM [10005] - DCOM a reçu l'erreur "%1058" lors de la mise en route du service EventSystem avec les arguments "" pour démarrer le serveur*: {1BE1F766-5536-11D1-B726-00C04FB926AF}

2011-07-16 12:41:27, error: Service Control Manager [7001] - Le service Notification d'événement système dépend du service Système d'événements de COM+ qui n'a pas pu démarrer en raison de l'erreur*: Le service ne peut pas être démarré parce qu'il est désactivé ou qu'aucun périphérique activé ne lui est associé.

2011-07-16 12:41:27, error: Service Control Manager [7000] - Le service Scutum50 NDIS Protocol Driver n'a pas pu démarrer en raison de l'erreur*: Le fichier spécifié est introuvable.

2011-07-16 12:41:26, error: DCOM [10005] - DCOM a reçu l'erreur "%1058" lors de la mise en route du service EventSystem avec les arguments "" pour démarrer le serveur*: {1BE1F766-5536-11D1-B726-00C04FB926AF}

2011-07-16 12:41:23, error: Dhcp [1002] - Le bail de l'adresse IP 192.168.0.100 pour la carte réseau dont l'adresse réseau est 0016EC407EB7 a été refusé par le serveur DHCP 10.23.69.1 (celui-ci a envoyé un message DHCPNACK).

2011-07-16 12:38:42, error: DCOM [10005] - DCOM a reçu l'erreur "%1058" lors de la mise en route du service EventSystem avec les arguments "" pour démarrer le serveur*: {1BE1F766-5536-11D1-B726-00C04FB926AF}

2011-07-16 09:44:23, error: SiSRaid1 [9] -

2011-07-16 09:43:24, error: DCOM [10005] - DCOM a reçu l'erreur "%1058" lors de la mise en route du service EventSystem avec les arguments "" pour démarrer le serveur*: {1BE1F766-5536-11D1-B726-00C04FB926AF}

2011-07-16 09:43:21, error: Service Control Manager [7001] - Le service Notification d'événement système dépend du service Système d'événements de COM+ qui n'a pas pu démarrer en raison de l'erreur*: Le service ne peut pas être démarré parce qu'il est désactivé ou qu'aucun périphérique activé ne lui est associé.

2011-07-16 09:43:21, error: Service Control Manager [7000] - Le service Scutum50 NDIS Protocol Driver n'a pas pu démarrer en raison de l'erreur*: Le fichier spécifié est introuvable.

2011-07-16 09:43:16, error: DCOM [10005] - DCOM a reçu l'erreur "%1058" lors de la mise en route du service EventSystem avec les arguments "" pour démarrer le serveur*: {1BE1F766-5536-11D1-B726-00C04FB926AF}

2011-07-16 07:53:14, error: DCOM [10005] - DCOM a reçu l'erreur "%1058" lors de la mise en route du service EventSystem avec les arguments "" pour démarrer le serveur*: {1BE1F766-5536-11D1-B726-00C04FB926AF}

2011-07-16 07:09:03, error: DCOM [10005] - DCOM a reçu l'erreur "%1058" lors de la mise en route du service EventSystem avec les arguments "" pour démarrer le serveur*: {1BE1F766-5536-11D1-B726-00C04FB926AF}

2011-07-16 07:08:53, error: Service Control Manager [7001] - Le service Notification d'événement système dépend du service Système d'événements de COM+ qui n'a pas pu démarrer en raison de l'erreur*: Le service ne peut pas être démarré parce qu'il est désactivé ou qu'aucun périphérique activé ne lui est associé.

2011-07-16 07:08:53, error: Service Control Manager [7000] - Le service Scutum50 NDIS Protocol Driver n'a pas pu démarrer en raison de l'erreur*: Le fichier spécifié est introuvable.

2011-07-16 07:08:52, error: DCOM [10005] - DCOM a reçu l'erreur "%1058" lors de la mise en route du service EventSystem avec les arguments "" pour démarrer le serveur*: {1BE1F766-5536-11D1-B726-00C04FB926AF}

2011-07-15 21:45:03, error: DCOM [10005] - DCOM a reçu l'erreur "%1058" lors de la mise en route du service EventSystem avec les arguments "" pour démarrer le serveur*: {1BE1F766-5536-11D1-B726-00C04FB926AF}

2011-07-15 20:40:14, error: DCOM [10005] - DCOM a reçu l'erreur "%1058" lors de la mise en route du service EventSystem avec les arguments "" pour démarrer le serveur*: {1BE1F766-5536-11D1-B726-00C04FB926AF}

2011-07-15 20:39:58, error: Service Control Manager [7001] - Le service Notification d'événement système dépend du service Système d'événements de COM+ qui n'a pas pu démarrer en raison de l'erreur*: Le service ne peut pas être démarré parce qu'il est désactivé ou qu'aucun périphérique activé ne lui est associé.

2011-07-15 20:39:58, error: Service Control Manager [7000] - Le service Scutum50 NDIS Protocol Driver n'a pas pu démarrer en raison de l'erreur*: Le fichier spécifié est introuvable.

2011-07-15 20:39:57, error: DCOM [10005] - DCOM a reçu l'erreur "%1058" lors de la mise en route du service EventSystem avec les arguments "" pour démarrer le serveur*: {1BE1F766-5536-11D1-B726-00C04FB926AF}

2011-07-15 20:15:04, error: DCOM [10005] - DCOM a reçu l'erreur "%1058" lors de la mise en route du service EventSystem avec les arguments "" pour démarrer le serveur*: {1BE1F766-5536-11D1-B726-00C04FB926AF}

2011-07-15 19:58:55, error: DCOM [10005] - DCOM a reçu l'erreur "%1058" lors de la mise en route du service EventSystem avec les arguments "" pour démarrer le serveur*: {1BE1F766-5536-11D1-B726-00C04FB926AF}

2011-07-15 19:58:44, error: Service Control Manager [7001] - Le service Notification d'événement système dépend du service Système d'événements de COM+ qui n'a pas pu démarrer en raison de l'erreur*: Le service ne peut pas être démarré parce qu'il est désactivé ou qu'aucun périphérique activé ne lui est associé.

2011-07-15 19:58:44, error: Service Control Manager [7000] - Le service Scutum50 NDIS Protocol Driver n'a pas pu démarrer en raison de l'erreur*: Le fichier spécifié est introuvable.

2011-07-15 19:58:44, error: DCOM [10005] - DCOM a reçu l'erreur "%1058" lors de la mise en route du service EventSystem avec les arguments "" pour démarrer le serveur*: {1BE1F766-5536-11D1-B726-00C04FB926AF}

2011-07-15 19:57:28, error: DCOM [10005] - DCOM a reçu l'erreur "%1058" lors de la mise en route du service EventSystem avec les arguments "" pour démarrer le serveur*: {1BE1F766-5536-11D1-B726-00C04FB926AF}

2011-07-15 19:38:59, error: DCOM [10005] - DCOM a reçu l'erreur "%1058" lors de la mise en route du service EventSystem avec les arguments "" pour démarrer le serveur*: {1BE1F766-5536-11D1-B726-00C04FB926AF}

2011-07-15 19:38:43, error: Service Control Manager [7001] - Le service Notification d'événement système dépend du service Système d'événements de COM+ qui n'a pas pu démarrer en raison de l'erreur*: Le service ne peut pas être démarré parce qu'il est désactivé ou qu'aucun périphérique activé ne lui est associé.

2011-07-15 19:38:42, error: DCOM [10005] - DCOM a reçu l'erreur "%1058" lors de la mise en route du service EventSystem avec les arguments "" pour démarrer le serveur*: {1BE1F766-5536-11D1-B726-00C04FB926AF}

2011-07-15 19:15:40, error: Dhcp [1002] - Le bail de l'adresse IP 10.23.69.200 pour la carte réseau dont l'adresse réseau est 0016EC407EB7 a été refusé par le serveur DHCP 192.168.0.1 (celui-ci a envoyé un message DHCPNACK).

2011-07-15 17:04:29, error: DCOM [10005] - DCOM a reçu l'erreur "%1058" lors de la mise en route du service EventSystem avec les arguments "" pour démarrer le serveur*: {1BE1F766-5536-11D1-B726-00C04FB926AF}

2011-07-15 17:04:12, error: Service Control Manager [7001] - Le service Notification d'événement système dépend du service Système d'événements de COM+ qui n'a pas pu démarrer en raison de l'erreur*: Le service ne peut pas être démarré parce qu'il est désactivé ou qu'aucun périphérique activé ne lui est associé.

2011-07-15 17:04:12, error: DCOM [10005] - DCOM a reçu l'erreur "%1058" lors de la mise en route du service EventSystem avec les arguments "" pour démarrer le serveur*: {1BE1F766-5536-11D1-B726-00C04FB926AF}

2011-07-15 17:02:39, error: DCOM [10005] - DCOM a reçu l'erreur "%1058" lors de la mise en route du service EventSystem avec les arguments "" pour démarrer le serveur*: {1BE1F766-5536-11D1-B726-00C04FB926AF}

2011-07-15 08:50:28, error: DCOM [10005] - DCOM a reçu l'erreur "%1058" lors de la mise en route du service EventSystem avec les arguments "" pour démarrer le serveur*: {1BE1F766-5536-11D1-B726-00C04FB926AF}

2011-07-15 08:50:12, error: Service Control Manager [7001] - Le service Notification d'événement système dépend du service Système d'événements de COM+ qui n'a pas pu démarrer en raison de l'erreur*: Le service ne peut pas être démarré parce qu'il est désactivé ou qu'aucun périphérique activé ne lui est associé.

2011-07-15 08:50:11, error: DCOM [10005] - DCOM a reçu l'erreur "%1058" lors de la mise en route du service EventSystem avec les arguments "" pour démarrer le serveur*: {1BE1F766-5536-11D1-B726-00C04FB926AF}

2011-07-15 08:18:52, error: DCOM [10005] - DCOM a reçu l'erreur "%1058" lors de la mise en route du service EventSystem avec les arguments "" pour démarrer le serveur*: {1BE1F766-5536-11D1-B726-00C04FB926AF}

2011-07-15 08:10:27, error: DCOM [10005] - DCOM a reçu l'erreur "%1058" lors de la mise en route du service EventSystem avec les arguments "" pour démarrer le serveur*: {1BE1F766-5536-11D1-B726-00C04FB926AF}

2011-07-15 08:10:11, error: Service Control Manager [7001] - Le service Notification d'événement système dépend du service Système d'événements de COM+ qui n'a pas pu démarrer en raison de l'erreur*: Le service ne peut pas être démarré parce qu'il est désactivé ou qu'aucun périphérique activé ne lui est associé.

2011-07-15 08:10:10, error: DCOM [10005] - DCOM a reçu l'erreur "%1058" lors de la mise en route du service EventSystem avec les arguments "" pour démarrer le serveur*: {1BE1F766-5536-11D1-B726-00C04FB926AF}

2011-07-15 06:44:48, error: DCOM [10005] - DCOM a reçu l'erreur "%1058" lors de la mise en route du service EventSystem avec les arguments "" pour démarrer le serveur*: {1BE1F766-5536-11D1-B726-00C04FB926AF}

2011-07-15 06:44:32, error: Service Control Manager [7001] - Le service Notification d'événement système dépend du service Système d'événements de COM+ qui n'a pas pu démarrer en raison de l'erreur*: Le service ne peut pas être démarré parce qu'il est désactivé ou qu'aucun périphérique activé ne lui est associé.

2011-07-15 06:44:31, error: DCOM [10005] - DCOM a reçu l'erreur "%1058" lors de la mise en route du service EventSystem avec les arguments "" pour démarrer le serveur*: {1BE1F766-5536-11D1-B726-00C04FB926AF}

2011-07-14 22:02:37, error: DCOM [10005] - DCOM a reçu l'erreur "%1058" lors de la mise en route du service EventSystem avec les arguments "" pour démarrer le serveur*: {1BE1F766-5536-11D1-B726-00C04FB926AF}

2011-07-14 07:32:51, error: DCOM [10005] - DCOM a reçu l'erreur "%1058" lors de la mise en route du service EventSystem avec les arguments "" pour démarrer le serveur*: {1BE1F766-5536-11D1-B726-00C04FB926AF}

2011-07-14 07:32:28, error: Service Control Manager [7001] - Le service Notification d'événement système dépend du service Système d'événements de COM+ qui n'a pas pu démarrer en raison de l'erreur*: Le service ne peut pas être démarré parce qu'il est désactivé ou qu'aucun périphérique activé ne lui est associé.

2011-07-14 07:32:27, error: DCOM [10005] - DCOM a reçu l'erreur "%1058" lors de la mise en route du service EventSystem avec les arguments "" pour démarrer le serveur*: {1BE1F766-5536-11D1-B726-00C04FB926AF}

2011-07-13 21:30:36, error: DCOM [10005] - DCOM a reçu l'erreur "%1058" lors de la mise en route du service EventSystem avec les arguments "" pour démarrer le serveur*: {1BE1F766-5536-11D1-B726-00C04FB926AF}

2011-07-13 07:47:39, error: DCOM [10005] - DCOM a reçu l'erreur "%1058" lors de la mise en route du service EventSystem avec les arguments "" pour démarrer le serveur*: {1BE1F766-5536-11D1-B726-00C04FB926AF}

2011-07-13 07:47:23, error: Service Control Manager [7001] - Le service Notification d'événement système dépend du service Système d'événements de COM+ qui n'a pas pu démarrer en raison de l'erreur*: Le service ne peut pas être démarré parce qu'il est désactivé ou qu'aucun périphérique activé ne lui est associé.

2011-07-13 07:47:22, error: DCOM [10005] - DCOM a reçu l'erreur "%1058" lors de la mise en route du service EventSystem avec les arguments "" pour démarrer le serveur*: {1BE1F766-5536-11D1-B726-00C04FB926AF}

.

==== End Of File ===========================

Posted

Download OTL to your desktop.

 

* Open OTL

* Copy and Paste the following text in the codebox into the Custom Scans/Fixes window.

 

:OTL
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

:COMMANDS
[resethosts]
[purity]
[emptytemp]
[start explorer]

 

* Click Run Fix

* OTLI2 may ask to reboot the machine. Please do so if asked.

* Click OK

* A report will open. Copy and Paste that report in your next reply.

**************************************************************

 

Registry cleaners are extremely powerful applications and their potential for harming your OS far outweighs any small potential for improving your computer's performance.

Registry Mechanic and Wise Registry Cleaner 5.8.9

There are a number of them available and some are more safe than others. Keep in mind that no two registry cleaners work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad" entry. One cleaner may find entries on your system that will not cause a problem when removed, another may not find the same entries, and still another may want to remove entries required for a program to work. Without research into what the registry entry selected for deletion is, a registry cleaner can end up being an automated method to cause problems with the registry.

 

For routine use by those not familiar with the registry, the benefits to your computer are negligible while the potential risks are great.

 

Further reading: XP Fixes Myth #1: Registry Cleaners

*****************************************************

Please download ComboFix http://img7.imageshack.us/img7/4930/combofix.gif from BleepingComputer.com

 

Alternate link: GeeksToGo.com

 

and save it to your Desktop.

It would be easiest to download using Internet Explorer.

If you insist on using Firefox, make sure that your download settings are as follows:

 

* Tools->Options->Main tab

* Set to "Always ask me where to Save the files".

 

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here

Double click ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

http://i424.photobucket.com/albums/pp322/digistar/Query_RC.gif

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

 

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

http://i424.photobucket.com/albums/pp322/digistar/RC_successful.gif

 

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

 

If you have problems with ComboFix usage, see How to use ComboFix

Posted

otl report

 

All processes killed

========== OTL ==========

========== COMMANDS ==========

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

[EMPTYTEMP]

 

User: All Users

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 32902 bytes

 

User: Jack

->Temp folder emptied: 185517787 bytes

->Temporary Internet Files folder emptied: 4408798 bytes

->Flash cache emptied: 0 bytes

 

User: LocalService

->Temp folder emptied: 66016 bytes

->Temporary Internet Files folder emptied: 351620 bytes

 

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 66263 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 18077818 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 63927 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 199,00 mb

 

 

OTL by OldTimer - Version 3.2.26.1 log created on 07202011_191053

 

Files\Folders moved on Reboot...

C:\Documents and Settings\Jack\Local Settings\Temp\~DF4F07.tmp moved successfully.

C:\Documents and Settings\Jack\Local Settings\Temporary Internet Files\Content.IE5\WCSG0FAF\search[1].htm moved successfully.

C:\Documents and Settings\Jack\Local Settings\Temporary Internet Files\Content.IE5\WCSG0FAF\Sync[1].htm moved successfully.

C:\Documents and Settings\Jack\Local Settings\Temporary Internet Files\Content.IE5\SWY12MFI\defaultf[1].htm moved successfully.

C:\Documents and Settings\Jack\Local Settings\Temporary Internet Files\Content.IE5\SOGP0T3M\Include[1].htm moved successfully.

C:\Documents and Settings\Jack\Local Settings\Temporary Internet Files\Content.IE5\SOGP0T3M\showthread[1].htm moved successfully.

C:\Documents and Settings\Jack\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

 

Registry entries deleted on Reboot...

Posted

combo-fix report

 

ComboFix 11-07-20.05 - Jack 2011-07-20 19:41:01.1.1 - x86

Microsoft Windows XP Professionnel 5.1.2600.3.1252.2.1036.18.991.526 [GMT -4:00]

Lancé depuis: c:\exe\ComboFix.exe

AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}

.

.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Jack\WINDOWS

c:\program files\Downloaded Installers

c:\program files\Downloaded Installers\{4288DCD5-118B-4BBE-AB88-BAE7AE4163D1}\setup.msi

.

.

((((((((((((((((((((((((((((( Fichiers créés du 2011-06-20 au 2011-07-20 ))))))))))))))))))))))))))))))))))))

.

.

2011-07-20 23:10 . 2011-07-20 23:10 -------- d-----w- C:\_OTL

2011-07-20 01:20 . 2011-07-20 01:20 -------- d-----w- c:\documents and settings\Jack\Application Data\Malwarebytes

2011-07-20 01:20 . 2010-12-20 22:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-20 01:20 . 2011-07-20 01:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2011-07-20 01:20 . 2010-12-20 22:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-20 01:20 . 2011-07-20 01:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-07-18 23:00 . 2011-07-18 23:00 -------- d-----w- c:\documents and settings\Jack\Local Settings\Application Data\tjnet

2011-07-18 22:44 . 2011-07-18 22:44 -------- d-----w- c:\documents and settings\Jack\Local Settings\Application Data\magicJack

2011-07-17 17:23 . 2011-07-18 22:50 -------- d-----w- C:\jpg

2011-07-16 11:50 . 2004-08-04 02:29 33599 -c--a-w- c:\windows\system32\dllcache\watv04nt.sys

2011-07-16 11:49 . 2001-08-18 02:07 30688 -c--a-w- c:\windows\system32\dllcache\sym_u3.sys

2011-07-16 11:48 . 2001-08-23 21:21 161664 -c--a-w- c:\windows\system32\dllcache\sgsmusb.sys

2011-07-16 11:47 . 2008-04-13 17:40 8832 -c--a-w- c:\windows\system32\dllcache\powerfil.sys

2011-07-16 11:46 . 2001-08-28 11:00 229439 -c--a-w- c:\windows\system32\dllcache\multibox.dll

2011-07-16 11:45 . 2001-08-18 00:12 70730 -c--a-w- c:\windows\system32\dllcache\lne100tx.sys

2011-07-16 11:45 . 2001-08-18 00:12 20573 -c--a-w- c:\windows\system32\dllcache\lne100.sys

2011-07-16 11:45 . 2001-08-18 00:11 25065 -c--a-w- c:\windows\system32\dllcache\lmndis3.sys

2011-07-16 11:45 . 2001-08-23 21:00 16384 -c--a-w- c:\windows\system32\dllcache\lit220p.sys

2011-07-16 11:45 . 2008-04-13 17:40 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys

2011-07-16 11:45 . 2001-08-23 20:59 26922 -c--a-w- c:\windows\system32\dllcache\lanepic5.sys

2011-07-16 11:45 . 2001-08-18 00:12 19016 -c--a-w- c:\windows\system32\dllcache\ktc111.sys

2011-07-16 11:45 . 2001-08-23 21:47 37888 -c--a-w- c:\windows\system32\dllcache\kousd.dll

2011-07-16 11:45 . 2001-08-28 11:00 70656 -c--a-w- c:\windows\system32\dllcache\korwbrkr.dll

2011-07-16 11:43 . 2001-08-23 21:47 372824 -c--a-w- c:\windows\system32\dllcache\iconf32.dll

2011-07-16 11:42 . 2001-08-18 00:15 442240 -c--a-w- c:\windows\system32\dllcache\fpnpbase.sys

2011-07-16 11:41 . 2001-08-18 01:52 14720 -c--a-w- c:\windows\system32\dllcache\dac960nt.sys

2011-07-16 11:40 . 2001-08-23 21:02 14080 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys

2011-07-16 11:39 . 2001-08-23 21:46 462848 -c--a-w- c:\windows\system32\dllcache\a3dapi.dll

2011-07-11 17:54 . 2011-07-18 22:40 -------- d-----w- C:\bmp

2011-07-10 15:39 . 1996-11-20 18:07 26832 ----a-w- c:\windows\system\CTL3DV2.DLL

2011-07-10 15:39 . 2011-07-10 15:48 -------- d-----w- C:\EZFM4.0

2011-07-08 15:46 . 2011-07-08 15:46 -------- d-----w- c:\documents and settings\Jack\Application Data\Moyea

2011-07-03 12:27 . 2011-07-03 12:27 -------- d-----w- c:\documents and settings\Jack\Local Settings\Application Data\Yahoo!

2011-07-03 12:27 . 2011-07-03 12:27 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

.

.

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-06-06 11:35 . 2002-08-29 09:32 1859072 ----a-w- c:\windows\system32\win32k.sys

2011-05-17 18:12 . 2011-05-17 18:12 110080 ----a-r- c:\documents and settings\Jack\Application Data\Microsoft\Installer\{CF33A0CE-702A-4E66-B91B-F995F9DDFD5B}\IconF7A21AF7.exe

2011-05-17 18:12 . 2011-05-17 18:12 110080 ----a-r- c:\documents and settings\Jack\Application Data\Microsoft\Installer\{CF33A0CE-702A-4E66-B91B-F995F9DDFD5B}\IconD7F16134.exe

2011-05-14 15:49 . 2011-04-12 21:41 82380 ----a-w- c:\windows\system32\drivers\AFS2K.SYS

2011-05-02 15:31 . 2010-12-30 20:32 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-04-29 17:25 . 2002-08-29 09:44 151552 ----a-w- c:\windows\system32\schannel.dll

2011-04-29 16:19 . 2002-08-28 23:59 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-04-26 11:07 . 2002-08-29 09:45 293888 ----a-w- c:\windows\system32\winsrv.dll

2011-04-26 11:07 . 2002-08-29 09:44 33280 ----a-w- c:\windows\system32\csrsrv.dll

2011-04-25 16:06 . 2002-08-29 09:45 916480 ----a-w- c:\windows\system32\wininet.dll

2011-04-25 16:06 . 2002-08-29 09:45 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-04-25 16:06 . 2002-08-29 09:44 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-04-25 12:01 . 2010-12-30 21:25 385024 ----a-w- c:\windows\system32\html.iec

2011-04-23 17:30 . 2011-04-23 17:30 76696 ----a-w- c:\windows\system32\drivers\pxrts.sys

2011-04-22 19:19 . 2011-04-22 19:19 71880 ----a-w- c:\windows\system32\PxSecure.dll-13835625

.

.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\progra~1\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll" [2011-03-16 214840]

.

[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]

[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin.1]

[HKEY_CLASSES_ROOT\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}]

[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-17 281768]

"IObit Malware Fighter"="c:\program files\IObit\IObit Malware Fighter\IMF.exe" [2011-07-14 4393816]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]

@="Service"

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]

backup=c:\windows\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^McAfee Security Scan Plus.lnk]

backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Ralink Wireless Utility.lnk]

backup=c:\windows\pss\Ralink Wireless Utility.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Utility Tray.lnk]

backup=c:\windows\pss\Utility Tray.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^WinZip Quick Pick.lnk]

backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^Jack^Menu Démarrer^Programmes^Démarrage^CNET TechTracker.lnk]

path=c:\documents and settings\Jack\Menu Démarrer\Programmes\CNET TechTracker\CNET TechTracker.lnk

backup=c:\windows\pss\CNET TechTracker.lnkStartup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cdloader

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstallIQUpdater

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IObit Security 360

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Speed Maximizer

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Registry Helper

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SPMTray

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Startw3i

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Registry Repair Pro

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WlanUI

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\360Amigo]

2011-07-16 20:49 5126728 ----a-w- c:\program files\360Amigo\360Amigo.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]

2010-03-13 18:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

2006-06-01 17:32 94208 ----a-w- c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IObit Malware Fighter]

2011-07-14 18:30 4393816 ----a-w- c:\program files\IObit\IObit Malware Fighter\IMF.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]

2011-06-16 11:55 6276408 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2010-04-17 02:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2006-01-12 20:40 155648 ----a-w- c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OfficeSyncProcess]

2010-03-16 06:58 718208 ----a-w- c:\program files\Microsoft Office\Office14\MSOSYNC.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]

2002-04-11 08:19 69632 ----a-w- c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSRaid]

2005-05-18 19:44 905216 -c----w- c:\program files\Silicon Integrated Systems\SiSRaidPackage\Sraid.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2011-06-15 19:02 15141768 ----a-r- c:\program files\Skype\Phone\Skype.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]

2004-09-23 16:41 860160 ----a-w- c:\program files\Analog Devices\SoundMAX\SMax4.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]

2004-10-14 13:11 1388544 ----a-w- c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]

2011-07-16 23:46 2424192 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]

2006-09-07 17:19 15872 -c--a-w- c:\program files\Unlocker\UnlockerAssistant.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher]

2004-03-18 14:33 892928 -c--a-w- c:\program files\Logitech\iTouch\iTouch.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"avast! Web Scanner"=3 (0x3)

"avast! Mail Scanner"=3 (0x3)

"avast! Antivirus"=2 (0x2)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]

"SoundMAXPnP"=c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe

"SoundMAX"="c:\program files\Analog Devices\SoundMAX\Smax4.exe" /tray

"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe"

"IObit Malware Fighter"="c:\program files\IObit\IObit Malware Fighter\IMF.exe" /autostart

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\Documents and Settings\\Jack\\Application Data\\mjusbsp\\magicJack.exe"=

.

R0 SiSRaid1;SiSRaid1;c:\windows\system32\drivers\SiSRaid1.sys [2011-01-01 46464]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2010-02-17 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]

R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [2011-04-19 353168]

R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-01-02 136360]

R2 IMFservice;IMF Service;c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe [2011-05-11 820568]

R3 RegFilter;RegFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\RegFilter.sys [2011-07-15 30368]

R3 UrlFilter;UrlFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\UrlFilter.sys [2011-07-15 16080]

S2 Application Updater;Application Updater; [x]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-04-22 136176]

S2 Scutum50;Scutum50 NDIS Protocol Driver;c:\windows\system32\Drivers\Scutum50.sys --> c:\windows\system32\Drivers\Scutum50.sys [?]

S3 gupdatem;Service Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-04-22 136176]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]

S3 osppsvc;Office Software Protection Platform;c:\program files\Fichiers communs\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]

S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [2011-03-19 12984]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2001-08-28 14336]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

S4 FileMonitor;FileMonitor;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys [2011-07-15 239600]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

WINRM REG_MULTI_SZ WINRM

.

Contenu du dossier 'Tâches planifiées'

.

2011-07-20 c:\windows\Tasks\ASC4_AutoSweep.job

- c:\program files\IObit\Advanced SystemCare 4\AutoSweep.exe [2011-04-19 18:46]

.

2011-07-20 c:\windows\Tasks\ASC4_PerformanceMonitor.job

- c:\program files\IObit\Advanced SystemCare 4\PMonitor.exe [2011-04-19 18:46]

.

2011-07-20 c:\windows\Tasks\GlaryInitialize.job

- c:\program files\Glary Utilities\initialize.exe [2011-04-18 12:25]

.

2011-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-22 18:25]

.

2011-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-22 18:25]

.

.

------- Examen supplémentaire -------

.

uStart Page = hxxp://cf.yahoo.com/

mStart Page = hxxp://cf.yahoo.com

uInternet Settings,ProxyOverride = dynhost.inetcam.com;register.inetcam.com;

IE: &Envoyer à OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105

IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.0.1

.

- - - - ORPHELINS SUPPRIMES - - - -

.

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-07-20 19:45

Windows 5.1.2600 Service Pack 3 NTFS

.

Recherche de processus cachés ...

.

Recherche d'éléments en démarrage automatique cachés ...

.

Recherche de fichiers cachés ...

.

Scan terminé avec succès

Fichiers cachés: 0

.

**************************************************************************

.

--------------------- CLES DE REGISTRE BLOQUEES ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,38,52,36,e7,c3,89,ec,4f,98,5b,2e,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,38,52,36,e7,c3,89,ec,4f,98,5b,2e,\

.

--------------------- DLLs chargées dans les processus actifs ---------------------

.

- - - - - - - > 'winlogon.exe'(608)

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

Heure de fin: 2011-07-20 19:48:14

ComboFix-quarantined-files.txt 2011-07-20 23:48

.

Avant-CF: 461*122*228*224 octets libres

Après-CF: 461*054*939*136 octets libres

.

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /fastdetect /NoExecute=OptIn

.

- - End Of File - - FC552199424D5EA6D58E62EC06027AF0

Posted

Re-running ComboFix to remove infections:

 

  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open notepad and copy/paste the text in the quotebox below into it:

    KillAll::
     
    DirLook::
    C:\jpg
    C:\jpg
    C:\EZFM4.0
     
  • Save this as CFScript.txt, in the same location as ComboFix.exe
     
    http://i424.photobucket.com/albums/pp322/digistar/cfscriptb4.gif
     
  • Referring to the picture above, drag CFScript into ComboFix.exe
  • When finished, it shall produce a log for you at C:\ComboFix.txt
  • Please post the contents of the log in your next reply.

Posted

combofix.txt(halft-1)

 

ComboFix 11-07-21.02 - Jack 2011-07-21 8:01:57.3.1 - x86

Microsoft Windows XP Professionnel 5.1.2600.3.1252.2.1036.18.991.474 [GMT -4:00]

Lancé depuis: C:\exe\ComboFix.exe

Commutateurs utilisés :: C:\Documents and Settings\Jack\Bureau\cfscript.txt

AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}

 

 

((((((((((((((((((((((((((((( Fichiers créés du 2011-06-21 au 2011-07-21 ))))))))))))))))))))))))))))))))))))

 

 

2011-07-20 23:10:53 . 2011-07-20 23:10:53 -------- d-----w- C:\_OTL

2011-07-20 01:20:31 . 2011-07-20 01:20:31 -------- d-----w- C:\Documents and Settings\Jack\Application Data\Malwarebytes

2011-07-20 01:20:13 . 2010-12-20 22:09:00 38224 ----a-w- C:\WINDOWS\system32\drivers\mbamswissarmy.sys

2011-07-20 01:20:11 . 2011-07-20 01:20:11 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2011-07-20 01:20:08 . 2010-12-20 22:08:40 20952 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys

2011-07-20 01:20:07 . 2011-07-20 01:25:59 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware

2011-07-18 23:00:53 . 2011-07-18 23:00:53 -------- d-----w- C:\Documents and Settings\Jack\Local Settings\Application Data\tjnet

2011-07-18 22:44:03 . 2011-07-18 22:44:03 -------- d-----w- C:\Documents and Settings\Jack\Local Settings\Application Data\magicJack

2011-07-17 17:23:25 . 2011-07-21 11:27:10 -------- d-----w- C:\jpg

2011-07-16 11:49:29 . 2001-08-23 21:47:18 7168 -c--a-w- C:\WINDOWS\system32\dllcache\EXCH_snprfdll.dll

2011-07-16 11:49:24 . 2001-08-23 21:47:18 12800 -c--a-w- C:\WINDOWS\system32\dllcache\EXCH_smtpctrs.dll

2011-07-16 11:48:52 . 2001-08-23 21:47:18 26112 -c--a-w- C:\WINDOWS\system32\dllcache\EXCH_seos.dll

2011-07-16 11:48:47 . 2001-08-23 21:47:16 57856 -c--a-w- C:\WINDOWS\system32\dllcache\EXCH_scripto.dll

2011-07-16 11:48:23 . 2001-08-23 21:47:44 23040 -c--a-w- C:\WINDOWS\system32\dllcache\EXCH_regtrace.exe

2011-07-16 11:47:19 . 2001-08-23 21:47:16 38912 -c--a-w- C:\WINDOWS\system32\dllcache\EXCH_ntfsdrv.dll

2011-07-16 11:46:09 . 2001-08-23 21:47:06 65536 -c--a-w- C:\WINDOWS\system32\dllcache\EXCH_mailmsg.dll

2011-07-16 11:42:58 . 2001-08-18 00:15:02 442240 -c--a-w- C:\WINDOWS\system32\dllcache\fpnpbase.sys

2011-07-16 11:41:58 . 2001-08-18 01:52:16 14720 -c--a-w- C:\WINDOWS\system32\dllcache\dac960nt.sys

2011-07-16 11:40:52 . 2001-08-23 21:02:02 14080 -c--a-w- C:\WINDOWS\system32\dllcache\bulltlp3.sys

2011-07-16 11:39:59 . 2001-08-23 21:46:58 462848 -c--a-w- C:\WINDOWS\system32\dllcache\a3dapi.dll

2011-07-16 11:39:59 . 2001-08-18 01:52:00 23552 -c--a-w- C:\WINDOWS\system32\dllcache\abp480n5.sys

2011-07-16 11:39:58 . 2008-04-13 17:46:20 48128 -c--a-w- C:\WINDOWS\system32\dllcache\61883.sys

2011-07-16 11:39:58 . 2008-04-13 17:40:50 12288 -c--a-w- C:\WINDOWS\system32\dllcache\4mmdat.sys

2011-07-16 11:39:58 . 2001-08-23 21:46:44 38400 -c--a-w- C:\WINDOWS\system32\dllcache\8514a.dll

2011-07-16 11:39:57 . 2001-08-23 21:46:44 689216 -c--a-w- C:\WINDOWS\system32\dllcache\3dfxvs.dll

2011-07-16 11:39:57 . 2001-08-18 00:48:32 148352 -c--a-w- C:\WINDOWS\system32\dllcache\3dfxvsm.sys

2011-07-16 11:39:56 . 2008-04-13 17:46:18 53376 -c--a-w- C:\WINDOWS\system32\dllcache\1394bus.sys

2011-07-16 11:39:56 . 2001-08-18 02:06:48 11264 -c--a-w- C:\WINDOWS\system32\dllcache\1394vdbg.sys

2011-07-16 11:39:56 . 2001-08-18 01:28:00 762780 -c--a-w- C:\WINDOWS\system32\dllcache\3cwmcru.sys

2011-07-16 11:39:25 . 2001-08-28 11:00:00 6144 -c--a-w- C:\WINDOWS\system32\dllcache\ftpsapi2.dll

2011-07-11 17:54:52 . 2011-07-21 11:31:42 -------- d-----w- C:\bmp

2011-07-10 15:39:25 . 1996-11-20 18:07:40 26832 ----a-w- C:\WINDOWS\system\CTL3DV2.DLL

2011-07-10 15:39:20 . 2011-07-10 15:48:52 -------- d-----w- C:\EZFM4.0

2011-07-08 15:46:30 . 2011-07-08 15:46:30 -------- d-----w- C:\Documents and Settings\Jack\Application Data\Moyea

2011-07-03 12:27:33 . 2011-07-03 12:27:33 -------- d-----w- C:\Documents and Settings\Jack\Local Settings\Application Data\Yahoo!

2011-07-03 12:27:27 . 2011-07-03 12:27:27 404640 ----a-w- C:\WINDOWS\system32\FlashPlayerCPLApp.cpl

.

 

 

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

 

2011-06-06 11:35:23 . 2002-08-29 09:32:50 1859072 ----a-w- C:\WINDOWS\system32\win32k.sys

2011-05-17 18:12:55 . 2011-05-17 18:12:55 110080 ----a-r- C:\Documents and Settings\Jack\Application Data\Microsoft\Installer\{CF33A0CE-702A-4E66-B91B-F995F9DDFD5B}\IconF7A21AF7.exe

2011-05-17 18:12:55 . 2011-05-17 18:12:55 110080 ----a-r- C:\Documents and Settings\Jack\Application Data\Microsoft\Installer\{CF33A0CE-702A-4E66-B91B-F995F9DDFD5B}\IconD7F16134.exe

2011-05-14 15:49:16 . 2011-04-12 21:41:52 82380 ----a-w- C:\WINDOWS\system32\drivers\AFS2K.SYS

2011-05-02 15:31:52 . 2010-12-30 20:32:26 692736 ----a-w- C:\WINDOWS\system32\inetcomm.dll

2011-04-29 17:25:26 . 2002-08-29 09:44:58 151552 ----a-w- C:\WINDOWS\system32\schannel.dll

2011-04-29 16:19:43 . 2002-08-28 23:59:54 456320 ----a-w- C:\WINDOWS\system32\drivers\mrxsmb.sys

2011-04-26 11:07:49 . 2002-08-29 09:45:06 293888 ----a-w- C:\WINDOWS\system32\winsrv.dll

2011-04-26 11:07:49 . 2002-08-29 09:44:50 33280 ----a-w- C:\WINDOWS\system32\csrsrv.dll

2011-04-25 16:06:11 . 2002-08-29 09:45:06 916480 ----a-w- C:\WINDOWS\system32\wininet.dll

2011-04-25 16:06:10 . 2002-08-29 09:45:16 1469440 ------w- C:\WINDOWS\system32\inetcpl.cpl

2011-04-25 16:06:10 . 2002-08-29 09:44:52 43520 ----a-w- C:\WINDOWS\system32\licmgr10.dll

2011-04-25 12:01:22 . 2010-12-30 21:25:32 385024 ----a-w- C:\WINDOWS\system32\html.iec

2011-04-23 17:30:19 . 2011-04-23 17:30:19 76696 ----a-w- C:\WINDOWS\system32\drivers\pxrts.sys

2011-04-22 19:19:51 . 2011-04-22 19:19:51 71880 ----a-w- C:\WINDOWS\system32\PxSecure.dll-13835625

 

 

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))

 

---- Directory of C:\EZFM4.0 ----

 

2011-07-10 15:49:10 . 2011-07-10 15:49:10 54368 ----a-w- C:\EZFM4.0\DATABASE\object.idx

2011-07-10 15:49:10 . 2011-07-10 15:49:10 588 ----a-w- C:\EZFM4.0\DATABASE\version.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 511 ----a-w- C:\EZFM4.0\DATABASE\GRAPHIT1.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 706 ----a-w- C:\EZFM4.0\DATABASE\GRAPHITE.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 706 ----a-w- C:\EZFM4.0\DATABASE\TITANIU1.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 511 ----a-w- C:\EZFM4.0\DATABASE\TITANIU2.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 702 ----a-w- C:\EZFM4.0\DATABASE\TITANIUM.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 533 ----a-w- C:\EZFM4.0\DATABASE\TOOL_146.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 530 ----a-w- C:\EZFM4.0\DATABASE\TOOL_147.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 533 ----a-w- C:\EZFM4.0\DATABASE\TOOL_148.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 533 ----a-w- C:\EZFM4.0\DATABASE\TOOL_149.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 528 ----a-w- C:\EZFM4.0\DATABASE\TOOL_137.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 531 ----a-w- C:\EZFM4.0\DATABASE\TOOL_138.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 536 ----a-w- C:\EZFM4.0\DATABASE\TOOL_139.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 536 ----a-w- C:\EZFM4.0\DATABASE\TOOL_140.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 536 ----a-w- C:\EZFM4.0\DATABASE\TOOL_141.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 536 ----a-w- C:\EZFM4.0\DATABASE\TOOL_142.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 536 ----a-w- C:\EZFM4.0\DATABASE\TOOL_143.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 713 ----a-w- C:\EZFM4.0\DATABASE\TOOL_144.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 717 ----a-w- C:\EZFM4.0\DATABASE\TOOL_145.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 528 ----a-w- C:\EZFM4.0\DATABASE\TOOL_135.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 531 ----a-w- C:\EZFM4.0\DATABASE\TOOL_136.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 712 ----a-w- C:\EZFM4.0\DATABASE\TOOL_126.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 716 ----a-w- C:\EZFM4.0\DATABASE\TOOL_127.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 531 ----a-w- C:\EZFM4.0\DATABASE\TOOL_128.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 528 ----a-w- C:\EZFM4.0\DATABASE\TOOL_129.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 531 ----a-w- C:\EZFM4.0\DATABASE\TOOL_130.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 528 ----a-w- C:\EZFM4.0\DATABASE\TOOL_131.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 531 ----a-w- C:\EZFM4.0\DATABASE\TOOL_132.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 528 ----a-w- C:\EZFM4.0\DATABASE\TOOL_133.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 531 ----a-w- C:\EZFM4.0\DATABASE\TOOL_134.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 523 ----a-w- C:\EZFM4.0\DATABASE\TOOL_117.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 528 ----a-w- C:\EZFM4.0\DATABASE\TOOL_118.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 528 ----a-w- C:\EZFM4.0\DATABASE\TOOL_119.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 528 ----a-w- C:\EZFM4.0\DATABASE\TOOL_120.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 528 ----a-w- C:\EZFM4.0\DATABASE\TOOL_121.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 528 ----a-w- C:\EZFM4.0\DATABASE\TOOL_122.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 528 ----a-w- C:\EZFM4.0\DATABASE\TOOL_123.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 528 ----a-w- C:\EZFM4.0\DATABASE\TOOL_124.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 528 ----a-w- C:\EZFM4.0\DATABASE\TOOL_125.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 520 ----a-w- C:\EZFM4.0\DATABASE\TOOL_108.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 523 ----a-w- C:\EZFM4.0\DATABASE\TOOL_109.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 520 ----a-w- C:\EZFM4.0\DATABASE\TOOL_110.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 523 ----a-w- C:\EZFM4.0\DATABASE\TOOL_111.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 520 ----a-w- C:\EZFM4.0\DATABASE\TOOL_112.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 523 ----a-w- C:\EZFM4.0\DATABASE\TOOL_113.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 520 ----a-w- C:\EZFM4.0\DATABASE\TOOL_114.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 523 ----a-w- C:\EZFM4.0\DATABASE\TOOL_115.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 520 ----a-w- C:\EZFM4.0\DATABASE\TOOL_116.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 523 ----a-w- C:\EZFM4.0\DATABASE\TOOL_101.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 520 ----a-w- C:\EZFM4.0\DATABASE\TOOL_102.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 523 ----a-w- C:\EZFM4.0\DATABASE\TOOL_103.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 520 ----a-w- C:\EZFM4.0\DATABASE\TOOL_104.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 523 ----a-w- C:\EZFM4.0\DATABASE\TOOL_105.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 520 ----a-w- C:\EZFM4.0\DATABASE\TOOL_106.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 523 ----a-w- C:\EZFM4.0\DATABASE\TOOL_107.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 712 ----a-w- C:\EZFM4.0\DATABASE\TOOL_100.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 520 ----a-w- C:\EZFM4.0\DATABASE\TOOL_S91.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 523 ----a-w- C:\EZFM4.0\DATABASE\TOOL_S92.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 528 ----a-w- C:\EZFM4.0\DATABASE\TOOL_S93.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 528 ----a-w- C:\EZFM4.0\DATABASE\TOOL_S94.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 528 ----a-w- C:\EZFM4.0\DATABASE\TOOL_S95.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 528 ----a-w- C:\EZFM4.0\DATABASE\TOOL_S96.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 528 ----a-w- C:\EZFM4.0\DATABASE\TOOL_S97.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 528 ----a-w- C:\EZFM4.0\DATABASE\TOOL_S98.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 708 ----a-w- C:\EZFM4.0\DATABASE\TOOL_S99.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 523 ----a-w- C:\EZFM4.0\DATABASE\TOOL_S82.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 520 ----a-w- C:\EZFM4.0\DATABASE\TOOL_S83.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 523 ----a-w- C:\EZFM4.0\DATABASE\TOOL_S84.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 520 ----a-w- C:\EZFM4.0\DATABASE\TOOL_S85.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 523 ----a-w- C:\EZFM4.0\DATABASE\TOOL_S86.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 520 ----a-w- C:\EZFM4.0\DATABASE\TOOL_S87.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 523 ----a-w- C:\EZFM4.0\DATABASE\TOOL_S88.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 520 ----a-w- C:\EZFM4.0\DATABASE\TOOL_S89.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 523 ----a-w- C:\EZFM4.0\DATABASE\TOOL_S90.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 527 ----a-w- C:\EZFM4.0\DATABASE\TOOL_S73.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 526 ----a-w- C:\EZFM4.0\DATABASE\TOOL_S74.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 526 ----a-w- C:\EZFM4.0\DATABASE\TOOL_S75.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 526 ----a-w- C:\EZFM4.0\DATABASE\TOOL_S76.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 526 ----a-w- C:\EZFM4.0\DATABASE\TOOL_S77.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 708 ----a-w- C:\EZFM4.0\DATABASE\TOOL_S78.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 712 ----a-w- C:\EZFM4.0\DATABASE\TOOL_S79.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 523 ----a-w- C:\EZFM4.0\DATABASE\TOOL_S80.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 520 ----a-w- C:\EZFM4.0\DATABASE\TOOL_S81.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 526 ----a-w- C:\EZFM4.0\DATABASE\TOOL_S69.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 526 ----a-w- C:\EZFM4.0\DATABASE\TOOL_S70.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 526 ----a-w- C:\EZFM4.0\DATABASE\TOOL_S71.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 526 ----a-w- C:\EZFM4.0\DATABASE\TOOL_S72.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 526 ----a-w- C:\EZFM4.0\DATABASE\TOOL_S68.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 518 ----a-w- C:\EZFM4.0\DATABASE\TOOL_S59.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 521 ----a-w- C:\EZFM4.0\DATABASE\TOOL_S60.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 518 ----a-w- C:\EZFM4.0\DATABASE\TOOL_S61.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 521 ----a-w- C:\EZFM4.0\DATABASE\TOOL_S62.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 518 ----a-w- C:\EZFM4.0\DATABASE\TOOL_S63.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 521 ----a-w- C:\EZFM4.0\DATABASE\TOOL_S64.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 518 ----a-w- C:\EZFM4.0\DATABASE\TOOL_S65.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 521 ----a-w- C:\EZFM4.0\DATABASE\TOOL_S66.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 526 ----a-w- C:\EZFM4.0\DATABASE\TOOL_S67.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 518 ----a-w- C:\EZFM4.0\DATABASE\TOOL_S49.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 521 ----a-w- C:\EZFM4.0\DATABASE\TOOL_S50.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 518 ----a-w- C:\EZFM4.0\DATABASE\TOOL_S51.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 521 ----a-w- C:\EZFM4.0\DATABASE\TOOL_S52.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 518 ----a-w- C:\EZFM4.0\DATABASE\TOOL_S53.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 521 ----a-w- C:\EZFM4.0\DATABASE\TOOL_S54.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 518 ----a-w- C:\EZFM4.0\DATABASE\TOOL_S55.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 521 ----a-w- C:\EZFM4.0\DATABASE\TOOL_S56.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 519 ----a-w- C:\EZFM4.0\DATABASE\TOOL_S57.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 522 ----a-w- C:\EZFM4.0\DATABASE\TOOL_S58.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 526 ----a-w- C:\EZFM4.0\DATABASE\TOOL_S40.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 526 ----a-w- C:\EZFM4.0\DATABASE\TOOL_S41.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 707 ----a-w- C:\EZFM4.0\DATABASE\TOOL_S42.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 711 ----a-w- C:\EZFM4.0\DATABASE\TOOL_S43.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 521 ----a-w- C:\EZFM4.0\DATABASE\TOOL_S44.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 518 ----a-w- C:\EZFM4.0\DATABASE\TOOL_S45.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 521 ----a-w- C:\EZFM4.0\DATABASE\TOOL_S46.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 518 ----a-w- C:\EZFM4.0\DATABASE\TOOL_S47.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 521 ----a-w- C:\EZFM4.0\DATABASE\TOOL_S48.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 518 ----a-w- C:\EZFM4.0\DATABASE\TOOL_S30.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 521 ----a-w- C:\EZFM4.0\DATABASE\TOOL_S31.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 518 ----a-w- C:\EZFM4.0\DATABASE\TOOL_S32.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 521 ----a-w- C:\EZFM4.0\DATABASE\TOOL_S33.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 518 ----a-w- C:\EZFM4.0\DATABASE\TOOL_S34.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 521 ----a-w- C:\EZFM4.0\DATABASE\TOOL_S35.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 526 ----a-w- C:\EZFM4.0\DATABASE\TOOL_S36.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 526 ----a-w- C:\EZFM4.0\DATABASE\TOOL_S37.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 526 ----a-w- C:\EZFM4.0\DATABASE\TOOL_S38.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 526 ----a-w- C:\EZFM4.0\DATABASE\TOOL_S39.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 707 ----a-w- C:\EZFM4.0\DATABASE\TOOL_S21.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 711 ----a-w- C:\EZFM4.0\DATABASE\TOOL_S22.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 521 ----a-w- C:\EZFM4.0\DATABASE\TOOL_S23.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 518 ----a-w- C:\EZFM4.0\DATABASE\TOOL_S24.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 521 ----a-w- C:\EZFM4.0\DATABASE\TOOL_S25.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 518 ----a-w- C:\EZFM4.0\DATABASE\TOOL_S26.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 521 ----a-w- C:\EZFM4.0\DATABASE\TOOL_S27.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 518 ----a-w- C:\EZFM4.0\DATABASE\TOOL_S28.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 521 ----a-w- C:\EZFM4.0\DATABASE\TOOL_S29.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 521 ----a-w- C:\EZFM4.0\DATABASE\TOOL_S11.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 518 ----a-w- C:\EZFM4.0\DATABASE\TOOL_S12.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 521 ----a-w- C:\EZFM4.0\DATABASE\TOOL_S13.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 518 ----a-w- C:\EZFM4.0\DATABASE\TOOL_S14.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 521 ----a-w- C:\EZFM4.0\DATABASE\TOOL_S15.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 526 ----a-w- C:\EZFM4.0\DATABASE\TOOL_S16.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 526 ----a-w- C:\EZFM4.0\DATABASE\TOOL_S17.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 526 ----a-w- C:\EZFM4.0\DATABASE\TOOL_S18.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 526 ----a-w- C:\EZFM4.0\DATABASE\TOOL_S19.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 526 ----a-w- C:\EZFM4.0\DATABASE\TOOL_S20.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 518 ----a-w- C:\EZFM4.0\DATABASE\TOOL_S10.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 714 ----a-w- C:\EZFM4.0\DATABASE\TOOL_ST1.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 527 ----a-w- C:\EZFM4.0\DATABASE\TOOL_ST2.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 707 ----a-w- C:\EZFM4.0\DATABASE\TOOL_ST3.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 711 ----a-w- C:\EZFM4.0\DATABASE\TOOL_ST4.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 521 ----a-w- C:\EZFM4.0\DATABASE\TOOL_ST5.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 518 ----a-w- C:\EZFM4.0\DATABASE\TOOL_ST6.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 521 ----a-w- C:\EZFM4.0\DATABASE\TOOL_ST7.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 518 ----a-w- C:\EZFM4.0\DATABASE\TOOL_ST8.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 521 ----a-w- C:\EZFM4.0\DATABASE\TOOL_ST9.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 708 ----a-w- C:\EZFM4.0\DATABASE\CAST_ST1.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 515 ----a-w- C:\EZFM4.0\DATABASE\CAST_ST2.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 704 ----a-w- C:\EZFM4.0\DATABASE\CAST_STE.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 712 ----a-w- C:\EZFM4.0\DATABASE\GREY_CA1.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 523 ----a-w- C:\EZFM4.0\DATABASE\GREY_CA2.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 708 ----a-w- C:\EZFM4.0\DATABASE\GREY_CAS.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 705 ----a-w- C:\EZFM4.0\DATABASE\PLASTIC1.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 509 ----a-w- C:\EZFM4.0\DATABASE\PLASTIC2.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 710 ----a-w- C:\EZFM4.0\DATABASE\TOOL_STE.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 716 ----a-w- C:\EZFM4.0\DATABASE\ALUMINU4.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 531 ----a-w- C:\EZFM4.0\DATABASE\ALUMINU5.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 712 ----a-w- C:\EZFM4.0\DATABASE\ALUMINU6.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 716 ----a-w- C:\EZFM4.0\DATABASE\ALUMINU7.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 531 ----a-w- C:\EZFM4.0\DATABASE\ALUMINU8.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 707 ----a-w- C:\EZFM4.0\DATABASE\MAGNESI1.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 513 ----a-w- C:\EZFM4.0\DATABASE\MAGNESI2.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 703 ----a-w- C:\EZFM4.0\DATABASE\MAGNESIU.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 701 ----a-w- C:\EZFM4.0\DATABASE\PLASTIC.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 706 ----a-w- C:\EZFM4.0\DATABASE\ALUMINU1.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 511 ----a-w- C:\EZFM4.0\DATABASE\ALUMINU2.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 712 ----a-w- C:\EZFM4.0\DATABASE\ALUMINU3.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 702 ----a-w- C:\EZFM4.0\DATABASE\ALUMINUM.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 700 ----a-w- C:\EZFM4.0\DATABASE\BRONZE.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 704 ----a-w- C:\EZFM4.0\DATABASE\BRONZE1.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 507 ----a-w- C:\EZFM4.0\DATABASE\BRONZE2.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 504 ----a-w- C:\EZFM4.0\DATABASE\COPPER.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 507 ----a-w- C:\EZFM4.0\DATABASE\COPPER1.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 512 ----a-w- C:\EZFM4.0\DATABASE\COPPER2.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 699 ----a-w- C:\EZFM4.0\DATABASE\BRASS.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 703 ----a-w- C:\EZFM4.0\DATABASE\BRASS1.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 505 ----a-w- C:\EZFM4.0\DATABASE\BRASS2.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 716 ----a-w- C:\EZFM4.0\DATABASE\FREE_CU1.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 531 ----a-w- C:\EZFM4.0\DATABASE\FREE_CU2.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 712 ----a-w- C:\EZFM4.0\DATABASE\FREE_CUT.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 537 ----a-w- C:\EZFM4.0\DATABASE\STAIN180.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 537 ----a-w- C:\EZFM4.0\DATABASE\STAIN181.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 538 ----a-w- C:\EZFM4.0\DATABASE\STAIN182.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 532 ----a-w- C:\EZFM4.0\DATABASE\STAIN171.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 530 ----a-w- C:\EZFM4.0\DATABASE\STAIN172.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 533 ----a-w- C:\EZFM4.0\DATABASE\STAIN173.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 715 ----a-w- C:\EZFM4.0\DATABASE\STAIN174.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 534 ----a-w- C:\EZFM4.0\DATABASE\STAIN175.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 534 ----a-w- C:\EZFM4.0\DATABASE\STAIN176.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 534 ----a-w- C:\EZFM4.0\DATABASE\STAIN177.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 538 ----a-w- C:\EZFM4.0\DATABASE\STAIN178.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 537 ----a-w- C:\EZFM4.0\DATABASE\STAIN179.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 529 ----a-w- C:\EZFM4.0\DATABASE\STAIN161.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 526 ----a-w- C:\EZFM4.0\DATABASE\STAIN162.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 529 ----a-w- C:\EZFM4.0\DATABASE\STAIN163.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 530 ----a-w- C:\EZFM4.0\DATABASE\STAIN164.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 533 ----a-w- C:\EZFM4.0\DATABASE\STAIN165.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 529 ----a-w- C:\EZFM4.0\DATABASE\STAIN166.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 532 ----a-w- C:\EZFM4.0\DATABASE\STAIN167.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 529 ----a-w- C:\EZFM4.0\DATABASE\STAIN168.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 532 ----a-w- C:\EZFM4.0\DATABASE\STAIN169.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 529 ----a-w- C:\EZFM4.0\DATABASE\STAIN170.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 530 ----a-w- C:\EZFM4.0\DATABASE\STAIN151.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 527 ----a-w- C:\EZFM4.0\DATABASE\STAIN152.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 530 ----a-w- C:\EZFM4.0\DATABASE\STAIN153.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 712 ----a-w- C:\EZFM4.0\DATABASE\STAIN154.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 528 ----a-w- C:\EZFM4.0\DATABASE\STAIN155.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 711 ----a-w- C:\EZFM4.0\DATABASE\STAIN156.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 529 ----a-w- C:\EZFM4.0\DATABASE\STAIN157.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 526 ----a-w- C:\EZFM4.0\DATABASE\STAIN158.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 529 ----a-w- C:\EZFM4.0\DATABASE\STAIN159.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 526 ----a-w- C:\EZFM4.0\DATABASE\STAIN160.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 526 ----a-w- C:\EZFM4.0\DATABASE\STAIN141.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 526 ----a-w- C:\EZFM4.0\DATABASE\STAIN142.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 526 ----a-w- C:\EZFM4.0\DATABASE\STAIN143.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 526 ----a-w- C:\EZFM4.0\DATABASE\STAIN144.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 526 ----a-w- C:\EZFM4.0\DATABASE\STAIN145.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 526 ----a-w- C:\EZFM4.0\DATABASE\STAIN146.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 526 ----a-w- C:\EZFM4.0\DATABASE\STAIN147.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 711 ----a-w- C:\EZFM4.0\DATABASE\STAIN148.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 529 ----a-w- C:\EZFM4.0\DATABASE\STAIN149.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 527 ----a-w- C:\EZFM4.0\DATABASE\STAIN150.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 523 ----a-w- C:\EZFM4.0\DATABASE\STAIN139.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 711 ----a-w- C:\EZFM4.0\DATABASE\STAIN140.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 522 ----a-w- C:\EZFM4.0\DATABASE\STAIN129.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 522 ----a-w- C:\EZFM4.0\DATABASE\STAIN130.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 525 ----a-w- C:\EZFM4.0\DATABASE\STAIN131.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 519 ----a-w- C:\EZFM4.0\DATABASE\STAIN132.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 522 ----a-w- C:\EZFM4.0\DATABASE\STAIN133.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 522 ----a-w- C:\EZFM4.0\DATABASE\STAIN134.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 525 ----a-w- C:\EZFM4.0\DATABASE\STAIN135.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 708 ----a-w- C:\EZFM4.0\DATABASE\STAIN136.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 523 ----a-w- C:\EZFM4.0\DATABASE\STAIN137.a1

2011-07-10 15:49:10 . 2011-07-10 15:49:10 520 ----a-w- C:\EZFM4.0\DATABASE\STAIN138.a1

 

Seems that text is too long so I had to cut the rest of C:\EZFM

 

---- Directory of C:\jpg ----

 

2011-07-18 22:50:37 . 2011-07-19 18:54:11 28160 --sha-w- C:\jpg\Thumbs.db

 

 

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

 

 

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll" [2011-03-16 02:51:08 214840]

 

[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]

[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin.1]

[HKEY_CLASSES_ROOT\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}]

[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avgnt"="C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-17 18:38:55 281768]

"IObit Malware Fighter"="C:\Program Files\IObit\IObit Malware Fighter\IMF.exe" [2011-07-14 18:30:56 4393816]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 02:33:59 15360]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 17:13:36 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 22:21:41 548352 ----a-w- C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]

@="Service"

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]

backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^McAfee Security Scan Plus.lnk]

backup=C:\WINDOWS\pss\McAfee Security Scan Plus.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Ralink Wireless Utility.lnk]

backup=C:\WINDOWS\pss\Ralink Wireless Utility.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Utility Tray.lnk]

backup=C:\WINDOWS\pss\Utility Tray.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^WinZip Quick Pick.lnk]

backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^Jack^Menu Démarrer^Programmes^Démarrage^CNET TechTracker.lnk]

path=C:\Documents and Settings\Jack\Menu Démarrer\Programmes\CNET TechTracker\CNET TechTracker.lnk

backup=C:\WINDOWS\pss\CNET TechTracker.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\360Amigo]

2011-07-16 20:49:55 5126728 ----a-w- C:\Program Files\360Amigo\360Amigo.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]

2010-03-13 18:54:26 91520 ----a-w- C:\Program Files\Microsoft Office\Office14\BCSSync.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

2006-06-01 17:32:12 94208 ----a-w- C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IObit Malware Fighter]

2011-07-14 18:30:56 4393816 ----a-w- C:\Program Files\IObit\IObit Malware Fighter\IMF.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]

2011-06-16 11:55:12 6276408 ----a-w- C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2010-04-17 02:12:52 3872080 ----a-w- C:\Program Files\Windows Live\Messenger\msnmsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2006-01-12 20:40:44 155648 ----a-w- C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OfficeSyncProcess]

2010-03-16 06:58:36 718208 ----a-w- C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]

2002-04-11 08:19:34 69632 ----a-w- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSRaid]

2005-05-18 19:44:08 905216 -c----w- C:\Program Files\Silicon Integrated Systems\SiSRaidPackage\Sraid.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2011-06-15 19:02:58 15141768 ----a-r- C:\Program Files\Skype\Phone\Skype.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]

2004-09-23 16:41:54 860160 ----a-w- C:\Program Files\Analog Devices\SoundMAX\SMax4.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]

2004-10-14 13:11:10 1388544 ----a-w- C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]

2011-07-16 23:46:26 2424192 ----a-w- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]

2006-09-07 17:19:27 15872 -c--a-w- C:\Program Files\Unlocker\UnlockerAssistant.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher]

2004-03-18 14:33:26 892928 -c--a-w- C:\Program Files\Logitech\iTouch\iTouch.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"avast! Web Scanner"=3 (0x3)

"avast! Mail Scanner"=3 (0x3)

"avast! Antivirus"=2 (0x2)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]

"SoundMAXPnP"=C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray

"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"

"IObit Malware Fighter"="C:\Program Files\IObit\IObit Malware Fighter\IMF.exe" /autostart

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

Posted

Is the computer running any better?

 

SysProt Antirootkit

 

Download

SysProt Antirootkit from the link below (you will find it at the bottom

of the page under attachments, or you can get it from one of the

mirrors).

 

http://sites.google.com/site/sysprotantirootkit/

 

Unzip it into a folder on your desktop.

  • Double click Sysprot.exe to start the program.
  • Click on the Log tab.
  • In the Write to log box select the following items.
    • Process << Selected
    • Kernel Modules << Selected
    • SSDT << Selected
    • Kernel Hooks << Selected
    • IRP Hooks << NOT Selected
    • Ports << NOT Selected
    • Hidden Files << Selected

    [*]At the bottom of the page

    • Hidden Objects Only << Selected

    [*]Click on the Create Log button on the bottom right.

    [*]After a few seconds a new window should appear.

    [*]Select Scan Root Drive. Click on the Start button.

    [*]When it is complete a new window will appear to indicate that the scan is finished.

    [*]The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.

Posted

sysprot

 

Bonjour super Dave,

 

I cannot tell really if the computer is running better right now. My internet supplier is having line problem since yesterday. But the trojan is still there.

 

Here is the sysprot report:

 

SysProt AntiRootkit v1.0.1.0

by swatkat

 

******************************************************************************************

******************************************************************************************

 

No Hidden Processes found

 

******************************************************************************************

******************************************************************************************

Kernel Modules:

Module Name: \SystemRoot\System32\Drivers\dump_diskdump.sys

Service Name: ---

Module Base: B379A000

Module End: B379E000

Hidden: Yes

 

Module Name: \SystemRoot\System32\Drivers\dump_SiSRaid1.sys

Service Name: ---

Module Base: B4039000

Module End: B4045000

Hidden: Yes

 

******************************************************************************************

******************************************************************************************

SSDT:

Function Name: ZwCreateKey

Address: F7B947D6

Driver Base: 0

Driver End: 0

Driver Name: _unknown_

 

Function Name: ZwCreateThread

Address: F7B947CC

Driver Base: 0

Driver End: 0

Driver Name: _unknown_

 

Function Name: ZwDeleteKey

Address: F7B947DB

Driver Base: 0

Driver End: 0

Driver Name: _unknown_

 

Function Name: ZwDeleteValueKey

Address: F7B947E5

Driver Base: 0

Driver End: 0

Driver Name: _unknown_

 

Function Name: ZwLoadKey

Address: F7B947EA

Driver Base: 0

Driver End: 0

Driver Name: _unknown_

 

Function Name: ZwOpenProcess

Address: F7B947B8

Driver Base: 0

Driver End: 0

Driver Name: _unknown_

 

Function Name: ZwOpenThread

Address: F7B947BD

Driver Base: 0

Driver End: 0

Driver Name: _unknown_

 

Function Name: ZwReplaceKey

Address: F7B947F4

Driver Base: 0

Driver End: 0

Driver Name: _unknown_

 

Function Name: ZwRestoreKey

Address: F7B947EF

Driver Base: 0

Driver End: 0

Driver Name: _unknown_

 

Function Name: ZwSetValueKey

Address: F7B947E0

Driver Base: 0

Driver End: 0

Driver Name: _unknown_

 

******************************************************************************************

******************************************************************************************

No Kernel Hooks found

 

******************************************************************************************

******************************************************************************************

Hidden files/folders:

Object: C:\Documents and Settings\Jack\Application Data\Dossier de téléchargement Share-to-Web

Status: Hidden

Posted

Imf

 

Hi again!

 

I just ran a new versiom of IMF and wow it corrected everything. Here is the report.

 

IObit Malware Fighter

 

OS : Windows XP

Version : 1.1.1.2

Version définie : 1046

Temps écoulé : 00:26:11

Objets analysés : 62354

Menaces trouvées : 22

Heure de d'enregistrement : 2011-07-22 10:28:05

 

|Nom|Type|Description|ID|

Trojan.Backdoor, FILE, C:\WINDOWS\system32\dllcache\conf.exe, 4046285

Trojan.Backdoor, FILE, C:\WINDOWS\ServicePackFiles\i386\conf.exe, 4046285

Trojan.Backdoor, FILE, C:\System Volume Information\_restore{BE637D8B-A537-438D-B85E-A2A08C9D53CD}\RP235\A0065084.exe, 4046285

Trojan.Backdoor, FILE, C:\System Volume Information\_restore{BE637D8B-A537-438D-B85E-A2A08C9D53CD}\RP235\A0065085.exe, 4046285

Trojan.Backdoor, FILE, C:\System Volume Information\_restore{BE637D8B-A537-438D-B85E-A2A08C9D53CD}\RP235\A0065086.exe, 4046285

Trojan.Backdoor, FILE, C:\System Volume Information\_restore{BE637D8B-A537-438D-B85E-A2A08C9D53CD}\RP235\A0065087.exe, 4046285

Trojan.Backdoor, FILE, C:\System Volume Information\_restore{BE637D8B-A537-438D-B85E-A2A08C9D53CD}\RP235\A0065088.exe, 4046285

Trojan.Backdoor, FILE, C:\System Volume Information\_restore{BE637D8B-A537-438D-B85E-A2A08C9D53CD}\RP235\A0065089.exe, 4046285

Trojan.Backdoor, FILE, C:\System Volume Information\_restore{BE637D8B-A537-438D-B85E-A2A08C9D53CD}\RP235\A0066149.exe, 4046285

Trojan.Backdoor, FILE, C:\System Volume Information\_restore{BE637D8B-A537-438D-B85E-A2A08C9D53CD}\RP235\A0066150.exe, 4046285

Trojan.Backdoor, FILE, C:\System Volume Information\_restore{BE637D8B-A537-438D-B85E-A2A08C9D53CD}\RP235\A0066151.exe, 4046285

Trojan.Backdoor, FILE, C:\System Volume Information\_restore{BE637D8B-A537-438D-B85E-A2A08C9D53CD}\RP235\A0066152.exe, 4046285

Trojan.Backdoor, FILE, C:\System Volume Information\_restore{BE637D8B-A537-438D-B85E-A2A08C9D53CD}\RP235\A0066153.exe, 4046285

Trojan.Backdoor, FILE, C:\System Volume Information\_restore{BE637D8B-A537-438D-B85E-A2A08C9D53CD}\RP235\A0066154.exe, 4046285

Trojan.Backdoor, FILE, C:\System Volume Information\_restore{BE637D8B-A537-438D-B85E-A2A08C9D53CD}\RP235\A0066155.exe, 4046285

Trojan.Backdoor, FILE, C:\System Volume Information\_restore{BE637D8B-A537-438D-B85E-A2A08C9D53CD}\RP235\A0066156.exe, 4046285

Trojan.Backdoor, FILE, C:\System Volume Information\_restore{BE637D8B-A537-438D-B85E-A2A08C9D53CD}\RP235\A0066157.exe, 4046285

Trojan.Backdoor, FILE, C:\Program Files\NetMeeting\conf.exe, 4046285

Trojan.Crypt, FILE, C:\AD1888\W2K_XP\Sys\CleanUp.exe, 4070082

Trojan.Crypt, FILE, C:\AD1888\9x_Me\Sys\CleanUp.exe, 4070082

Trojan.Crypt, FILE, C:\AD1888\64bit\Sys\CleanUp.exe, 4070082

Trojan.Crypt, FILE, C:\AD1888\2003\Sys\CleanUp.exe, 4070082

 

Thank you so much super Dave, I will continue testing my PC and let you know later how he is doing. Thanks again.

Posted
But the trojan is still there.

You should know this about backdoor trojans:

 

One or more of the identified infections is a backdoor trojan.

 

This allows hackers to remotely control your computer, steal critical system information and Download and Execute files

Read this article: Danger: Remote Access Trojans.

 

If your computer was used for online banking, has credit card information or other sensitive data on it, all passwords should be changed immediately to include those used for banking, email, eBay and forums. You should consider them to be compromised. They should be changed by using a different computer and not the infected one! If not, an attacker may get the new passwords and transaction information. Banking and credit card institutions should be notified of the possible security breach.

 

I would counsel you to disconnect this PC from the Internet immediately.

 

Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

 

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

 

When Should I Format, How Should I Reinstall?

 

We can attempt to clean this machine but i can't guarantee that it will be 100% secure afterwards.

 

Should you have any questions, please feel free to ask.

 

*********************************************************

ESET Online Scan

 

Scan your computer with the ESET FREE Online Virus Scan

 

* Click the ESET Online Scanner button.

 

* For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

* Click on the esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop

* Double click on the esetsmartinstaller_enu.exe icon on your desktop.

* Place a check mark next to YES, I accept the Terms of Use.

 

* Click the Start button.

* Accept any security warnings from your browser.

* Leave the check mark next to Remove found threats and place a check next to Scan archives.

* Click the Start button.

* ESET will then download updates, install, and begin scanning your computer. Please be patient as this can take some time.

* When the scan completes, click List of found threats.

* Next click Export to text file and save the file to your desktop using a name such as ESETScan. Include the contents of this report in your next reply.

* Click the Back button then click Finish.

 

In your next reply please include the ESET Online Scan Log

Posted

esetscan

 

Hi super Dave,

 

It is unbeleivable (10 more threats) . I think now the best thing I should do is to format my hard disk.

 

I did not do any banking operation since the 19 of july and I checked evething seems to be ok. I will follow your counsel (offline my desktop) and I will use my portable to do my banking operation until I hear from you.

 

Thanks again.

 

C:\exe\360amigofreesetup.exe probably a variant of Win32/360Amigo application cleaned by deleting - quarantined

C:\exe\mp4tovideo_install.exe Win32/Adware.MarketScore.A application deleted - quarantined

C:\Program Files\360Amigo\Uninstall.exe probably a variant of Win32/360Amigo application cleaned by deleting - quarantined

C:\Program Files\Fichiers communs\Spigot\Search Settings\SearchSettings.exe a variant of Win32/Adware.Toolbar.Dealio application cleaned by deleting - quarantined

C:\Program Files\IObit Toolbar\IE\4.4\iobitToolbarIE.dll a variant of Win32/Adware.Toolbar.Dealio application cleaned by deleting - quarantined

C:\System Volume Information\_restore{BE637D8B-A537-438D-B85E-A2A08C9D53CD}\RP237\A0066321.exe probably a variant of Win32/360Amigo application cleaned by deleting - quarantined

C:\System Volume Information\_restore{BE637D8B-A537-438D-B85E-A2A08C9D53CD}\RP237\A0066322.exe Win32/Adware.MarketScore.A application deleted - quarantined

C:\System Volume Information\_restore{BE637D8B-A537-438D-B85E-A2A08C9D53CD}\RP237\A0066323.exe probably a variant of Win32/360Amigo application cleaned by deleting - quarantined

C:\System Volume Information\_restore{BE637D8B-A537-438D-B85E-A2A08C9D53CD}\RP237\A0066324.exe a variant of Win32/Adware.Toolbar.Dealio application cleaned by deleting - quarantined

C:\System Volume Information\_restore{BE637D8B-A537-438D-B85E-A2A08C9D53CD}\RP237\A0066325.dll a variant of Win32/Adware.Toolbar.Dealio application cleaned by deleting - quarantined

Posted
It is unbeleivable (10 more threats) . I think now the best thing I should do is to format my hard disk.

 

It's not 10 more; that's was what was left. I'm quite confident that your computer is clean but I can't be 100% certain; no one can. It is up to you if you want to re-format and re-install your OS.

We should do some cleanup.

 

To uninstall ComboFix

 

  • Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
  • In the field, type in ComboFix /uninstall

 

http://i424.photobucket.com/albums/pp322/digistar/Combofix_uninstall_image.jpg

 

(Note: Make sure there's a space between the word ComboFix and the forward-slash.)

 

  • Then, press Enter, or click OK.
  • This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.

**************************************************

To remove all of the tools we used and the files and folders they created do the following:

Double click OTL.exe.

  • Click the CleanUp button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

************************************************

Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

 

Double-click TFC.exe to run it.

 

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

 

TFC will close all programs when run, so make sure you have saved all your work before you begin.

 

* Click the Start button to begin the cleaning process.

* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.

* Please let TFC run uninterrupted until it is finished.

 

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.

**************************************************

Looking over your log it seems you don't have any evidence of a third party firewall.

 

Firewalls protect against hackers and malicious intruders. You need to download a free firewall from one of these reliable vendors.

 

Remember only install ONE firewall

 

1) Comodo Personal Firewall (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com options if you choose this one)

2) Online Armor

3) Agnitum Outpost

4) PC Tools Firewall Plus

 

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.

*******************************************************

Use the Secunia Software Inspector to check for out of date software.

 

•Click Start Now

 

•Check the box next to Enable thorough system inspection.

 

•Click Start

 

•Allow the scan to finish and scroll down to see if any updates are needed.

•Update anything listed.

.

----------

 

Go to Microsoft Windows Update and get all critical updates.

 

----------

 

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

 

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.

* Using SpywareBlaster to protect your computer from Spyware and Malware

* If you don't know what ActiveX controls are, see here

 

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

 

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

 

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.

Safe Surfing!

Posted

Hi super Dave,

 

As per Eset program it looks to me that Amigo speedup system was the trouble maker, so I had my daughter and my son removing it also.

 

Is IObits system sufficient enough to give protection for speedup?

 

I still beleive after reading the recommendations about registry and useless files cleaning cannot be bad.

 

So I will keep my membership with IObits.

 

Again thank you so much for your service, you're doing a good job. If I can do anything to recommend you, I will gladly do so.

Posted
Hi super Dave,

 

As per Eset program it looks to me that Amigo speedup system was the trouble maker, so I had my daughter and my son removing it also.

 

Is IObits system sufficient enough to give protection for speedup?

 

I still beleive after reading the recommendations about registry and useless files cleaning cannot be bad.

 

So I will keep my membership with IObits.

 

Again thank you so much for your service, you're doing a good job. If I can do anything to recommend you, I will gladly do so.

 

You're welcome. I like to have about three anti-malware programs running on my computer including ThreatFire.

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...