du trafic internet en continu

[André 46]

Bonjour Thanos,

 

Me voilà revenu !

Je suis allé sur le site de "Virus Total" et j'ai exécuté les manipulations que tu m'avais indiquées.

Résultats :

 

Pas moyen d'ouvrir le fichier "c:\windows\pchealth\errorrep\userdumps\winlogon.exe", le nom n'est pas correct.

Cela dit, dans le répertoire "c:\windows\pchealth\errorrep\userdumps", il existe plusieurs fichiers "winlogon.exe" qui portent respectivement une extension supplémentaire "20100916-85226-00.hdmp","20100916-85226-00.mdmp", "20100916-140250-00.hdmp" et "20100916-140250-00.mdmp". Voici les rapports d'analyse de ces divers fichiers :

 

File name:

winlogon.exe.20100916-085226-00.hdmp

Submission date:

2010-10-04 10:49:28 (UTC)

Current status:

queued queued analysing finished

Result:

0/ 43 (0.0%)

 

File name:

winlogon.exe.20100916-085226-00.mdmp

Submission date:

2010-10-04 10:52:37 (UTC)

Current status:

queued (#7) queued analysing finished

Result:

0/ 43 (0.0%)

 

winlogon.exe.20100916-140250-00.hdmp

Submission date:

2010-10-04 10:57:30 (UTC)

Current status:

queued (#9) queued (#9) analysing finished

Result:

0/ 43 (0.0%)

 

File name:

winlogon.exe.20100916-140250-00.mdmp

Submission date:

2010-10-04 11:56:29 (UTC)

Current status:

queued (#9) queued (#9) analysing finished

Result:

0/ 43 (0.0%)

 

En ce qui concerne le fichier "c:\documents and settings\All Users\Application Data\xml111.tmp", je ne reçois pas de réponse après l'envoi du fichier. Ce fichier ne contient d'ailleurs aucun byte

Par contre, dans le même répertoire, il existe plusieurs fichiers "xml*" dont "xml10f.tmp" (le seul qui contienne des bytes) et dont voici le rapport :

 

File name:

xml10F.tmp

Submission date:

2010-10-04 09:30:01 (UTC)

Current status:

queued (#9) queued (#1) analysing finished

Result:

0/ 43 (0.0%)

 

Le seul fichier indiqué pour lequel j'ai obtenu un résultat (après avoir fait "reanalyse") c'est le fichier "c:\windows\system32\drivers\_003646_.tmp.dll" dont le rapport suit

 

 

File name:

_003646_.tmp.dll

Submission date:

2010-10-04 08:51:14 (UTC)

Current status:

queued queued (#3) analysing finished

Result:

0/ 43 (0.0%)

 

Apparemment, les analyses ne révèlent rien d'inquiétant. Mais peut être ne m'y suis-je pas pris correctement.

Ces rapports sont-ils suffisants ?

 

bien cordialement

 

André46

[Thanos]

salut

 

Oui, excuse moi pour le nom du fichier: il s'agissait bien de winlogon.exe.20100916-085226-00.hdmp

Bon, il n'y a aucune trace d'infection dans les fichiers détectés comme tu peux le constater.

Je reviens la dessus =>

D'autre part, j'ai fait une mise à jour de Bitdefender 2010 vers 2011. Lors de l'installation, on me demandait si je souhaitait un échange d'information avec d'autres utilisateurs. J'ai choisi l'option "non". Ce peut-il que cet échange ait quand même lieu ? Je vais essayer de m'informer auprès du helpdesk.

as tu pu te renseigner ?

Je ne vois pas de responsable malheureusement. Etant donné que le dernier scan RSIT date, refais en un stp pour voir si il y a eu une évolution

[André 46]

Bonjour Thanos,

 

Je n'ai pas de nouvelle de Bitdefender. Par contre sur leur forum, je constate que plusieurs utilisateurs rencontrent des problèmes similaires, mais Bitdefender incrimine toujours des applications comme les "scan en ligne" de différents développeurs d'antivirus. Ce que je n'ai pas fait(ou pas pu faire).

Ci-dessous, les deux fichiers d'un dernier Rsit.

 

Merci pour ta patience

 

André46

 

 

Logfile of random's system information tool 1.08 (written by random/random)

Run by andre schroeven at 2010-10-06 14:56:47

Microsoft Windows XP Professional Service Pack 3

System drive C: has 66 GB (81%) free of 82 GB

Total RAM: 1022 MB (44% free)

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 14:56:55, on 06/10/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\BitDefender\BitDefender 2011\vsserv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\WINDOWS\system32\CmUCReye.exe

C:\Program Files\BitDefender\BitDefender 2011\bdagent.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\LSI SoftModem\agrsmsvc.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe

C:\Program Files\BitDefender\BitDefender 2011\pchooklaunch32.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Documents and Settings\andre schroeven\Desktop\RSIT.exe

C:\Program Files\trend micro\andre schroeven.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN : Hotmail, Messenger, Bing, Actualité et Sport

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4F90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2011\IEToolbar.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [CmUCRRun] C:\WINDOWS\system32\CmUCReye.exe

O4 - HKLM\..\Run: [bitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2011\ieshow.exe"

O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\BitDefender\BitDefender 2011\bdagent.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/Dcode/ActiveX/MSDcode.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1283427919218

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1283428267890

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agrsmsvc.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Ma-Config Service (maconfservice) - Unknown owner - C:\Program Files\ma-config.com\maconfservice.exe

O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010.SP2\RpcAgentSrv.exe

O23 - Service: BitDefender Update Server v2 (Update Server) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe

O23 - Service: BitDefender Desktop Update Service (Updatesrv) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe

O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2011\vsserv.exe

 

--

End of file - 6924 bytes

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{68F9551E-0411-48E4-9AAF-4BC42A6A46BE}]

EWPBrowseObject Class - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll [2006-06-09 34304]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-09-12 41760]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-09-12 79648]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006-06-09 552960]

{381FFDE8-2394-4F90-B10D-FC6124A40F8C} - BitDefender Toolbar - C:\Program Files\BitDefender\BitDefender 2011\IEToolbar.dll [2010-08-10 160320]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2005-09-23 7282688]

"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]

"CmUCRRun"=C:\WINDOWS\system32\CmUCReye.exe [2006-07-12 237568]

"BitDefender Antiphishing Helper"=C:\Program Files\BitDefender\BitDefender 2011\ieshow.exe [2010-08-10 71216]

"BDAgent"=C:\Program Files\BitDefender\BitDefender 2011\bdagent.exe [2010-10-03 1405072]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 35760]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

NvMCTray.dll,NvTaskbarInit []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

nwiz.exe /install []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]

C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe [2006-10-11 75304]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

C:\WINDOWS\RTHDCPL.EXE [2005-08-18 14820864]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]

C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-09-28 185896]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]

C:\WINDOWS\system32\dumprep 0 -u []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Color Calibration.lnk]

C:\PROGRA~1\SEC\MAGICT~1.6_C\GAMMAT~1.EXE [2004-07-03 36864]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MagicTune3.6.lnk]

C:\PROGRA~1\SEC\MAGICT~1.6_C\MAGICT~2.EXE [2004-12-30 45056]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NaturalColorLoad.lnk]

C:\PROGRA~1\SEC\NATURA~1\NATURA~1.EXE [2002-04-12 155715]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^andre schroeven^Start Menu^Programs^Startup^Notification de cadeaux MSN.lnk]

C:\DOCUME~1\ANDRES~1\APPLIC~1\MICROS~1\NOTIFI~1\lsnfier.exe [2010-09-02 135680]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^andre schroeven^Start Menu^Programs^Startup^Philips Media Manager.lnk]

C:\PROGRA~1\Philips\MEDIAM~1\PHILIP~1.EXE [2006-07-14 136704]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=323

"NoDriveAutoRun"=67108863

"NoDrives"=0

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"HonorAutoRunSetting"=1

"NoDriveAutoRun"=67108863

"NoDriveTypeAutoRun"=323

"NoDrives"=0

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010.SP2\RpcAgentSrv.exe"="C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010.SP2\RpcAgentSrv.exe:*:Enabled:SiSoftware Deployment Agent Service"

"C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010.SP2\WNt500x86\RpcSandraSrv.exe"="C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010.SP2\WNt500x86\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service"

"C:\Program Files\ma-config.com\maconfservice.exe"="C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

 

======List of files/folders created in the last 1 months======

 

2010-10-06 12:43:23 ----D---- C:\Documents and Settings\andre schroeven\Application Data\Canneverbe Limited

2010-10-06 12:43:23 ----D---- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited

2010-10-06 12:42:58 ----A---- C:\WINDOWS\system32\drivers\StarOpen.sys

2010-10-06 12:42:56 ----D---- C:\Program Files\CDBurnerXP

2010-10-06 12:23:26 ----D---- C:\WINDOWS\assembly

2010-10-06 12:21:43 ----D---- C:\WINDOWS\Microsoft.NET

2010-10-03 22:00:25 ----HDC---- C:\WINDOWS\$NtUninstallKB2158563$

2010-09-17 14:33:02 ----D---- C:\Documents and Settings\andre schroeven\Application Data\Avanquest

2010-09-17 14:31:17 ----D---- C:\Documents and Settings\All Users\Application Data\Avanquest

2010-09-17 14:31:16 ----D---- C:\Documents and Settings\All Users\Application Data\BVRP Software

2010-09-17 14:29:09 ----D---- C:\Program Files\Avanquest

2010-09-17 14:27:16 ----D---- C:\Documents and Settings\andre schroeven\Application Data\InstallShield

2010-09-17 09:15:07 ----D---- C:\Program Files\CurrPort

2010-09-16 23:11:42 ----A---- C:\RootRepeal report 09-16-10 (23-11-42).txt

2010-09-16 23:04:53 ----D---- C:\RootRepeal

2010-09-15 16:53:23 ----D---- C:\Program Files\TCP view

2010-09-15 15:08:03 ----HDC---- C:\WINDOWS\$NtUninstallKB2259922$

2010-09-15 15:07:34 ----HDC---- C:\WINDOWS\$NtUninstallKB975558_WM8$

2010-09-15 15:07:17 ----HDC---- C:\WINDOWS\$NtUninstallKB2347290$

2010-09-15 15:06:54 ----HDC---- C:\WINDOWS\$NtUninstallKB2121546$

2010-09-15 15:06:29 ----HDC---- C:\WINDOWS\$NtUninstallKB982802$

2010-09-15 15:05:54 ----HDC---- C:\WINDOWS\$NtUninstallKB981322$

2010-09-15 15:00:58 ----HDC---- C:\WINDOWS\$NtUninstallKB2141007$

2010-09-15 12:22:39 ----SHD---- C:\RECYCLER

2010-09-15 11:22:48 ----D---- C:\Program Files\ma-config.com

2010-09-15 11:22:47 ----D---- C:\Documents and Settings\All Users\Application Data\ma-config.com

2010-09-15 11:09:29 ----A---- C:\ComboFix.txt

2010-09-15 10:51:07 ----A---- C:\Boot.bak

2010-09-15 10:51:01 ----RASHD---- C:\cmdcons

2010-09-15 10:48:47 ----A---- C:\WINDOWS\zip.exe

2010-09-15 10:48:47 ----A---- C:\WINDOWS\SWXCACLS.exe

2010-09-15 10:48:47 ----A---- C:\WINDOWS\SWSC.exe

2010-09-15 10:48:47 ----A---- C:\WINDOWS\SWREG.exe

2010-09-15 10:48:47 ----A---- C:\WINDOWS\sed.exe

2010-09-15 10:48:47 ----A---- C:\WINDOWS\PEV.exe

2010-09-15 10:48:47 ----A---- C:\WINDOWS\NIRCMD.exe

2010-09-15 10:48:47 ----A---- C:\WINDOWS\MBR.exe

2010-09-15 10:48:47 ----A---- C:\WINDOWS\grep.exe

2010-09-15 10:48:20 ----D---- C:\WINDOWS\ERDNT

2010-09-15 10:44:44 ----D---- C:\Qoobox

2010-09-14 12:20:08 ----D---- C:\rsit

2010-09-13 23:54:48 ----D---- C:\Program Files\Common Files\Adobe

2010-09-13 23:54:48 ----D---- C:\Program Files\Adobe

2010-09-13 12:14:59 ----A---- C:\Documents and Settings\All Users\Application Data\xml112.tmp

2010-09-13 12:14:59 ----A---- C:\Documents and Settings\All Users\Application Data\xml111.tmp

2010-09-13 12:14:58 ----A---- C:\Documents and Settings\All Users\Application Data\xml110.tmp

2010-09-13 12:14:48 ----A---- C:\Documents and Settings\All Users\Application Data\xml10F.tmp

2010-09-13 12:09:59 ----A---- C:\WINDOWS\system32\XAudio2_7.dll

2010-09-13 12:09:59 ----A---- C:\WINDOWS\system32\XAPOFX1_5.dll

2010-09-13 12:09:58 ----A---- C:\WINDOWS\system32\xactengine3_7.dll

2010-09-13 12:09:58 ----A---- C:\WINDOWS\system32\D3DCompiler_43.dll

2010-09-13 12:09:57 ----A---- C:\WINDOWS\system32\d3dx11_43.dll

2010-09-13 12:09:57 ----A---- C:\WINDOWS\system32\d3dcsx_43.dll

2010-09-13 12:09:56 ----A---- C:\WINDOWS\system32\D3DX9_43.dll

2010-09-13 12:09:56 ----A---- C:\WINDOWS\system32\d3dx10_43.dll

2010-09-13 12:09:55 ----A---- C:\WINDOWS\system32\XAudio2_6.dll

2010-09-13 12:09:55 ----A---- C:\WINDOWS\system32\XAPOFX1_4.dll

2010-09-13 12:09:55 ----A---- C:\WINDOWS\system32\xactengine3_6.dll

2010-09-13 12:09:54 ----A---- C:\WINDOWS\system32\X3DAudio1_7.dll

2010-09-13 12:09:53 ----A---- C:\WINDOWS\system32\XAudio2_5.dll

2010-09-13 12:09:52 ----A---- C:\WINDOWS\system32\xactengine3_5.dll

2010-09-13 12:09:52 ----A---- C:\WINDOWS\system32\D3DCompiler_42.dll

2010-09-13 12:09:51 ----A---- C:\WINDOWS\system32\d3dcsx_42.dll

2010-09-13 12:09:50 ----A---- C:\WINDOWS\system32\d3dx11_42.dll

2010-09-13 12:09:50 ----A---- C:\WINDOWS\system32\d3dx10_42.dll

2010-09-13 12:09:49 ----A---- C:\WINDOWS\system32\D3DX9_42.dll

2010-09-13 12:09:48 ----A---- C:\WINDOWS\system32\D3DX9_41.dll

2010-09-13 12:09:48 ----A---- C:\WINDOWS\system32\d3dx10_41.dll

2010-09-13 12:09:48 ----A---- C:\WINDOWS\system32\D3DCompiler_41.dll

2010-09-13 12:09:47 ----A---- C:\WINDOWS\system32\XAudio2_4.dll

2010-09-13 12:09:47 ----A---- C:\WINDOWS\system32\XAPOFX1_3.dll

2010-09-13 12:09:46 ----A---- C:\WINDOWS\system32\xactengine3_4.dll

2010-09-13 12:09:46 ----A---- C:\WINDOWS\system32\X3DAudio1_6.dll

2010-09-13 12:09:45 ----A---- C:\WINDOWS\system32\d3dx10_40.dll

2010-09-13 12:09:45 ----A---- C:\WINDOWS\system32\D3DCompiler_40.dll

2010-09-13 12:09:44 ----A---- C:\WINDOWS\system32\XAudio2_3.dll

2010-09-13 12:09:44 ----A---- C:\WINDOWS\system32\XAPOFX1_2.dll

2010-09-13 12:09:44 ----A---- C:\WINDOWS\system32\D3DX9_40.dll

2010-09-13 12:09:43 ----A---- C:\WINDOWS\system32\xactengine3_3.dll

2010-09-13 12:09:43 ----A---- C:\WINDOWS\system32\X3DAudio1_5.dll

2010-09-13 12:09:42 ----A---- C:\WINDOWS\system32\XAudio2_2.dll

2010-09-13 12:09:42 ----A---- C:\WINDOWS\system32\XAPOFX1_1.dll

2010-09-13 12:09:42 ----A---- C:\WINDOWS\system32\xactengine3_2.dll

2010-09-13 12:09:41 ----A---- C:\WINDOWS\system32\d3dx10_39.dll

2010-09-13 12:09:41 ----A---- C:\WINDOWS\system32\D3DCompiler_39.dll

2010-09-13 12:09:40 ----A---- C:\WINDOWS\system32\D3DX9_39.dll

2010-09-13 12:09:39 ----A---- C:\WINDOWS\system32\XAudio2_1.dll

2010-09-13 12:09:39 ----A---- C:\WINDOWS\system32\XAPOFX1_0.dll

2010-09-13 12:09:39 ----A---- C:\WINDOWS\system32\xactengine3_1.dll

2010-09-13 12:09:38 ----A---- C:\WINDOWS\system32\X3DAudio1_4.dll

2010-09-13 12:09:38 ----A---- C:\WINDOWS\system32\d3dx10_38.dll

2010-09-13 12:09:38 ----A---- C:\WINDOWS\system32\D3DCompiler_38.dll

2010-09-13 12:09:37 ----A---- C:\WINDOWS\system32\D3DX9_38.dll

2010-09-13 12:09:36 ----A---- C:\WINDOWS\system32\XAudio2_0.dll

2010-09-13 12:09:36 ----A---- C:\WINDOWS\system32\xactengine3_0.dll

2010-09-13 12:09:36 ----A---- C:\WINDOWS\system32\X3DAudio1_3.dll

2010-09-13 12:09:35 ----A---- C:\WINDOWS\system32\d3dx10_37.dll

2010-09-13 12:09:35 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll

2010-09-13 12:09:34 ----A---- C:\WINDOWS\system32\xactengine2_10.dll

2010-09-13 12:09:34 ----A---- C:\WINDOWS\system32\D3DX9_37.dll

2010-09-13 12:09:33 ----A---- C:\WINDOWS\system32\d3dx10_36.dll

2010-09-13 12:09:33 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll

2010-09-13 12:09:32 ----A---- C:\WINDOWS\system32\d3dx9_36.dll

2010-09-13 12:09:31 ----A---- C:\WINDOWS\system32\xactengine2_9.dll

2010-09-13 12:09:30 ----A---- C:\WINDOWS\system32\d3dx9_35.dll

2010-09-13 12:09:30 ----A---- C:\WINDOWS\system32\d3dx10_35.dll

2010-09-13 12:09:30 ----A---- C:\WINDOWS\system32\D3DCompiler_35.dll

2010-09-13 12:09:29 ----A---- C:\WINDOWS\system32\xactengine2_8.dll

2010-09-13 12:09:29 ----A---- C:\WINDOWS\system32\X3DAudio1_2.dll

2010-09-13 12:09:28 ----A---- C:\WINDOWS\system32\d3dx9_34.dll

2010-09-13 12:09:28 ----A---- C:\WINDOWS\system32\d3dx10_34.dll

2010-09-13 12:09:28 ----A---- C:\WINDOWS\system32\D3DCompiler_34.dll

2010-09-13 12:09:27 ----A---- C:\WINDOWS\system32\xinput1_3.dll

2010-09-13 12:09:26 ----A---- C:\WINDOWS\system32\xactengine2_7.dll

2010-09-13 12:09:24 ----A---- C:\WINDOWS\system32\d3dx10_33.dll

2010-09-13 12:09:24 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll

2010-09-13 12:09:22 ----A---- C:\WINDOWS\system32\d3dx9_33.dll

2010-09-13 12:09:21 ----A---- C:\WINDOWS\system32\xactengine2_6.dll

2010-09-13 12:09:21 ----A---- C:\WINDOWS\system32\xactengine2_5.dll

2010-09-13 12:09:20 ----A---- C:\WINDOWS\system32\xactengine2_4.dll

2010-09-13 12:09:20 ----A---- C:\WINDOWS\system32\x3daudio1_1.dll

2010-09-13 12:09:20 ----A---- C:\WINDOWS\system32\d3dx9_32.dll

2010-09-13 12:09:19 ----A---- C:\WINDOWS\system32\xactengine2_3.dll

2010-09-13 12:09:19 ----A---- C:\WINDOWS\system32\d3dx9_31.dll

2010-09-13 12:09:18 ----A---- C:\WINDOWS\system32\xinput1_2.dll

2010-09-13 12:09:18 ----A---- C:\WINDOWS\system32\xactengine2_2.dll

2010-09-13 12:09:17 ----A---- C:\WINDOWS\system32\xinput1_1.dll

2010-09-13 12:09:16 ----A---- C:\WINDOWS\system32\xactengine2_1.dll

2010-09-13 12:09:15 ----A---- C:\WINDOWS\system32\d3dx9_30.dll

2010-09-13 12:08:57 ----A---- C:\WINDOWS\system32\xactengine2_0.dll

2010-09-13 12:08:57 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll

2010-09-13 12:08:57 ----A---- C:\WINDOWS\system32\d3dx9_29.dll

2010-09-13 12:08:56 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll

2010-09-13 12:08:56 ----A---- C:\WINDOWS\system32\d3dx9_28.dll

2010-09-13 12:08:55 ----A---- C:\WINDOWS\system32\d3dx9_27.dll

2010-09-13 12:08:54 ----A---- C:\WINDOWS\system32\d3dx9_26.dll

2010-09-13 12:08:54 ----A---- C:\WINDOWS\system32\d3dx9_25.dll

2010-09-13 12:08:53 ----A---- C:\WINDOWS\system32\d3dx9_24.dll

2010-09-13 12:03:26 ----D---- C:\WINDOWS\Logs

2010-09-13 12:02:45 ----D---- C:\Program Files\SiSoftware

2010-09-13 11:53:42 ----D---- C:\Program Files\LSI SoftModem

2010-09-13 11:06:13 ----D---- C:\WINDOWS\system32\appmgmt

2010-09-12 13:52:00 ----D---- C:\WINDOWS\Sun

2010-09-12 13:51:53 ----D---- C:\Documents and Settings\All Users\Application Data\Sun

2010-09-12 13:51:51 ----D---- C:\Program Files\Common Files\Java

2010-09-12 13:51:29 ----A---- C:\WINDOWS\system32\javaws.exe

2010-09-12 13:51:29 ----A---- C:\WINDOWS\system32\javaw.exe

2010-09-12 13:51:29 ----A---- C:\WINDOWS\system32\java.exe

2010-09-12 13:51:29 ----A---- C:\WINDOWS\system32\deployJava1.dll

2010-09-12 13:51:07 ----D---- C:\Program Files\Java

2010-09-12 13:46:54 ----D---- C:\Documents and Settings\andre schroeven\Application Data\Sun

2010-09-12 13:39:45 ----A---- C:\TDSSKiller.2.4.2.1_12.09.2010_13.39.45_log.txt

2010-09-12 13:16:02 ----D---- C:\Program Files\CCleaner

2010-09-12 12:37:58 ----D---- C:\Documents and Settings\andre schroeven\Application Data\Hulubulu

2010-09-12 12:37:54 ----D---- C:\Program Files\Advanced Renamer

2010-09-12 10:09:33 ----D---- C:\Program Files\Common Files\Borland Shared

2010-09-12 10:09:33 ----A---- C:\WINDOWS\system32\DBCLIENT.DLL

2010-09-12 10:09:11 ----D---- C:\Program Files\ZebHelpProcess

2010-09-12 10:00:04 ----D---- C:\Program Files\ZHPDiag

2010-09-12 09:50:52 ----D---- C:\Program Files\Trend Micro

2010-09-11 13:15:31 ----A---- C:\WINDOWS\ntbtlog.txt

2010-09-11 01:00:35 ----HDC---- C:\WINDOWS\$NtUninstallKB982214$

2010-09-11 01:00:22 ----HDC---- C:\WINDOWS\$NtUninstallKB979402_WM9$

2010-09-11 01:00:14 ----HDC---- C:\WINDOWS\$NtUninstallKB2115168$

2010-09-11 01:00:01 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$

2010-09-11 00:59:42 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$

2010-09-11 00:59:26 ----HDC---- C:\WINDOWS\$NtUninstallKB981852$

2010-09-11 00:59:11 ----HDC---- C:\WINDOWS\$NtUninstallKB2079403$

2010-09-11 00:58:32 ----HDC---- C:\WINDOWS\$NtUninstallKB2160329$

2010-09-11 00:58:21 ----HDC---- C:\WINDOWS\$NtUninstallKB980436$

2010-09-11 00:58:03 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$

2010-09-11 00:57:45 ----HDC---- C:\WINDOWS\$NtUninstallKB2286198$

2010-09-11 00:57:33 ----HDC---- C:\WINDOWS\$NtUninstallKB981997$

2010-09-11 00:57:16 ----HDC---- C:\WINDOWS\$NtUninstallKB982665$

2010-09-11 00:49:11 ----D---- C:\WINDOWS\Prefetch

2010-09-11 00:45:39 ----HDC---- C:\WINDOWS\$NtUninstallKB980232$

2010-09-11 00:45:20 ----HDC---- C:\WINDOWS\$NtUninstallKB980218$

2010-09-11 00:44:57 ----HDC---- C:\WINDOWS\$NtUninstallKB979683$

2010-09-11 00:44:35 ----HDC---- C:\WINDOWS\$NtUninstallKB979559$

2010-09-11 00:44:16 ----HDC---- C:\WINDOWS\$NtUninstallKB979482$

2010-09-11 00:43:56 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$

2010-09-11 00:43:37 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$

2010-09-11 00:43:17 ----HDC---- C:\WINDOWS\$NtUninstallKB978601$

2010-09-11 00:42:56 ----HDC---- C:\WINDOWS\$NtUninstallKB978542$

2010-09-11 00:42:36 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$

2010-09-11 00:42:16 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$

2010-09-11 00:41:55 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$

2010-09-11 00:41:32 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$

2010-09-11 00:41:12 ----HDC---- C:\WINDOWS\$NtUninstallKB975562$

2010-09-11 00:40:52 ----HDC---- C:\WINDOWS\$NtUninstallKB975561$

2010-09-11 00:40:31 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$

2010-09-11 00:40:12 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$

2010-09-11 00:39:52 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$

2010-09-11 00:39:32 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$

2010-09-11 00:39:12 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$

2010-09-11 00:38:51 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$

2010-09-11 00:38:31 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$

2010-09-11 00:38:10 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$

2010-09-11 00:37:50 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$

2010-09-11 00:37:30 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$

2010-09-11 00:37:10 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$

2010-09-11 00:36:50 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$

2010-09-11 00:36:29 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$

2010-09-11 00:36:09 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$

2010-09-11 00:35:49 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$

2010-09-11 00:35:29 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$

2010-09-11 00:35:08 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$

2010-09-11 00:34:48 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$

2010-09-11 00:34:26 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$

2010-09-11 00:34:04 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$

2010-09-11 00:33:44 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$

2010-09-11 00:33:24 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$

2010-09-11 00:33:05 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$

2010-09-11 00:32:45 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$

2010-09-11 00:32:25 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$

2010-09-11 00:32:05 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$

2010-09-11 00:31:46 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$

2010-09-11 00:31:26 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$

2010-09-11 00:31:06 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$

2010-09-11 00:30:41 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$

2010-09-11 00:30:19 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$

2010-09-11 00:29:57 ----HDC---- C:\WINDOWS\$NtUninstallKB973687_1$

2010-09-11 00:29:38 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$

2010-09-11 00:29:12 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$

2010-09-11 00:28:49 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$

2010-09-11 00:28:25 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$

2010-09-11 00:28:01 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$

2010-09-11 00:27:41 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$

2010-09-11 00:27:21 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$

2010-09-11 00:27:02 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$

2010-09-11 00:26:40 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$

2010-09-11 00:26:18 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$

2010-09-11 00:25:56 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593$

2010-09-11 00:10:27 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$

2010-09-09 12:12:42 ----D---- C:\Get-Rapports-2009

2010-09-07 12:54:11 ----D---- C:\Program Files\Common Files\i4j_jres

2010-09-07 12:53:57 ----D---- C:\Program Files\Philips

2010-09-07 10:56:54 ----HD---- C:\WINDOWS\PIF

 

======List of files/folders modified in the last 1 months======

 

2010-10-06 13:56:20 ----D---- C:\WINDOWS\Temp

2010-10-06 13:52:38 ----A---- C:\WINDOWS\bdagent.INI

2010-10-06 13:52:34 ----D---- C:\WINDOWS\system32

2010-10-06 12:42:58 ----D---- C:\WINDOWS\system32\drivers

2010-10-06 12:42:56 ----RD---- C:\Program Files

2010-10-06 12:30:55 ----SHD---- C:\WINDOWS\Installer

2010-10-06 12:30:54 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2010-10-06 12:30:02 ----D---- C:\WINDOWS\WinSxS

2010-10-06 12:23:26 ----D---- C:\WINDOWS

2010-10-06 12:22:51 ----D---- C:\WINDOWS\system32\en-us

2010-10-06 12:21:54 ----D---- C:\Program Files\Microsoft.NET

2010-10-06 12:21:47 ----D---- C:\WINDOWS\system32\mui

2010-10-06 08:52:36 ----D---- C:\WINDOWS\system32\CatRoot2

2010-10-05 22:40:00 ----A---- C:\bdlog.txt

2010-10-05 22:39:59 ----A---- C:\WINDOWS\SchedLgU.Txt

2010-10-03 22:28:24 ----D---- C:\Program Files\Microsoft Silverlight

2010-10-03 22:00:37 ----HD---- C:\WINDOWS\inf

2010-09-18 07:42:06 ----D---- C:\Program Files\Mozilla Firefox

2010-09-17 23:50:02 ----D---- C:\Program Files\Mozilla Thunderbird

2010-09-17 14:29:05 ----HD---- C:\Program Files\InstallShield Installation Information

2010-09-17 08:59:41 ----RASH---- C:\boot.ini

2010-09-17 08:59:41 ----A---- C:\WINDOWS\win.ini

2010-09-17 08:59:41 ----A---- C:\WINDOWS\system.ini

2010-09-15 15:08:19 ----A---- C:\WINDOWS\imsins.BAK

2010-09-15 15:07:57 ----HD---- C:\WINDOWS\$hf_mig$

2010-09-15 15:07:39 ----RSHDC---- C:\WINDOWS\system32\dllcache

2010-09-15 15:02:38 ----A---- C:\WINDOWS\system32\MRT.exe

2010-09-15 11:04:43 ----D---- C:\WINDOWS\system32\drivers\etc

2010-09-15 11:02:54 ----D---- C:\WINDOWS\system32\config

2010-09-15 11:00:58 ----SD---- C:\WINDOWS\Downloaded Program Files

2010-09-15 10:55:23 ----D---- C:\WINDOWS\AppPatch

2010-09-15 10:55:20 ----D---- C:\Program Files\Common Files

2010-09-13 23:55:16 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe

2010-09-13 12:10:02 ----D---- C:\WINDOWS\system32\DirectX

2010-09-13 12:08:36 ----HD---- C:\WINDOWS\msdownld.tmp

2010-09-13 11:45:59 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft

2010-09-12 09:50:52 ----SD---- C:\Documents and Settings\andre schroeven\Application Data\Microsoft

2010-09-11 19:26:47 ----SHD---- C:\System Volume Information

2010-09-11 19:26:47 ----D---- C:\WINDOWS\system32\Restore

2010-09-11 13:37:10 ----D---- C:\Documents and Settings

2010-09-11 01:01:03 ----D---- C:\WINDOWS\system32\CatRoot

2010-09-11 00:58:56 ----D---- C:\Program Files\Internet Explorer

2010-09-11 00:58:48 ----D---- C:\WINDOWS\ie8updates

2010-09-11 00:57:35 ----D---- C:\Program Files\Movie Maker

2010-09-11 00:50:16 ----A---- C:\WINDOWS\OEWABLog.txt

2010-09-11 00:49:16 ----A---- C:\WINDOWS\setuplog.txt

2010-09-11 00:48:32 ----D---- C:\WINDOWS\system32\Setup

2010-09-11 00:48:31 ----D---- C:\WINDOWS\system32\wbem

2010-09-11 00:48:30 ----RSD---- C:\WINDOWS\Fonts

2010-09-11 00:42:59 ----D---- C:\Program Files\Outlook Express

2010-09-11 00:31:39 ----D---- C:\WINDOWS\security

2010-09-11 00:26:42 ----D---- C:\Program Files\Messenger

2010-09-11 00:21:12 ----D---- C:\Program Files\Windows Media Player

2010-09-11 00:20:48 ----D---- C:\WINDOWS\system32\inetsrv

2010-09-11 00:20:48 ----D---- C:\WINDOWS\network diagnostic

2010-09-11 00:20:48 ----D---- C:\WINDOWS\ime

2010-09-11 00:20:48 ----D---- C:\WINDOWS\Help

2010-09-11 00:20:35 ----D---- C:\WINDOWS\system32\usmt

2010-09-11 00:20:34 ----D---- C:\WINDOWS\system32\scripting

2010-09-11 00:20:33 ----D---- C:\WINDOWS\l2schemas

2010-09-11 00:20:32 ----D---- C:\WINDOWS\system32\en

2010-09-11 00:20:32 ----D---- C:\WINDOWS\system32\bits

2010-09-11 00:20:32 ----D---- C:\WINDOWS\peernet

2010-09-11 00:17:19 ----D---- C:\WINDOWS\system32\npp

2010-09-11 00:17:17 ----D---- C:\WINDOWS\msagent

2010-09-11 00:17:16 ----D---- C:\WINDOWS\srchasst

2010-09-11 00:17:15 ----D---- C:\Program Files\NetMeeting

2010-09-11 00:17:14 ----D---- C:\WINDOWS\system32\Com

2010-09-11 00:17:10 ----D---- C:\Program Files\Windows NT

2010-09-11 00:17:07 ----D---- C:\Program Files\Common Files\System

2010-09-11 00:16:45 ----D---- C:\WINDOWS\system32\oobe

2010-09-11 00:16:43 ----D---- C:\WINDOWS\system

2010-09-11 00:13:45 ----D---- C:\WINDOWS\system32\ReinstallBackups

2010-09-11 00:04:58 ----D---- C:\WINDOWS\EHome

2010-09-10 15:49:38 ----D---- C:\WINDOWS\pss

2010-09-07 14:23:27 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R0 bdfsfltr;bdfsfltr; C:\WINDOWS\system32\DRIVERS\bdfsfltr.sys [2010-07-09 327368]

R0 ohci1394;VIA OHCI Compliant IEEE 1394 Host Controller; C:\WINDOWS\System32\DRIVERS\ohci1394.sys [2008-04-13 61696]

R1 Bdftdif;bdftdif; \??\C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys []

R1 BdRawPr;BdRawPr; C:\WINDOWS\system32\DRIVERS\bdrawpr.sys [2010-05-13 12960]

R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]

R2 Trufos;Trufos; C:\WINDOWS\system32\DRIVERS\Trufos.sys [2010-09-14 253072]

R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2009-08-13 1163328]

R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]

R3 BDFM;BDFM; C:\WINDOWS\system32\DRIVERS\bdfm.sys [2010-04-22 149520]

R3 Bdfndisf;BitDefender Firewall NDIS Filter Service; \??\C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdfndisf.sys []

R3 bdselfpr;bdselfpr; \??\C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys []

R3 CMISTOR;CMIUCR.SYS CM320/CM220 Card Reader Driver; C:\WINDOWS\system32\DRIVERS\cmiucr.SYS [2007-01-05 93056]

R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-08-19 3856896]

R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]

R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2005-09-23 3524640]

R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-04 20992]

R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]

R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]

R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]

R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]

R3 XUIF;X10 USB Wireless Transceiver; C:\WINDOWS\System32\Drivers\x10ufx2.sys [2005-05-19 17792]

S3 catchme;catchme; \??\C:\andre46\catchme.sys []

S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys []

S3 MagicTune;MagicTune; C:\WINDOWS\system32\drivers\MTiCtwl.sys [2004-10-11 12062]

S3 RT2500USB;RT2500 USB Wireless LAN Driver; C:\WINDOWS\system32\DRIVERS\rt2500usb.sys [2005-01-07 147328]

S3 SANDRA;SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010.SP2\WNt500x86\Sandra.sys []

S3 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2009-11-12 7168]

S4 avc3;avc3; C:\WINDOWS\system32\drivers\avc3.sys [2010-06-28 633424]

S4 avckf;avckf; C:\WINDOWS\system32\drivers\avckf.sys [2010-06-28 970320]

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [2009-03-27 14336]

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-09-12 153376]

R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]

R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2005-09-23 131139]

R2 Updatesrv;BitDefender Desktop Update Service; C:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe [2010-08-10 42400]

R2 VSSERV;BitDefender Virus Shield; C:\Program Files\BitDefender\BitDefender 2011\vsserv.exe [2010-10-03 1886576]

R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 1529728]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

S2 NMSAccess;NMSAccess; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2010-03-04 71096]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]

S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2010-09-12 251248]

S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

S3 SandraAgentSrv;SiSoftware Deployment Agent Service; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010.SP2\RpcAgentSrv.exe [2009-08-10 93848]

S3 Update Server;BitDefender Update Server v2; C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [2010-07-23 307544]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

 

-----------------EOF-----------------

 

info.txt logfile of random's system information tool 1.08 2010-09-14 12:21:57

 

======Uninstall list======

 

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil10i_Plugin.exe -maintain plugin

Adobe Reader 9.3.4 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A93000000001}

Advanced Renamer-->"C:\Program Files\Advanced Renamer\unins000.exe"

ArcSoft PhotoStudio 5.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85309D89-7BE9-4094-BB17-24999C6118FC}\SETUP.EXE" -l0x40c

BitDefender Internet Security 2011-->C:\Program Files\Common Files\BitDefender\SetupInformation\{CFB8BDCE-8814-4B9A-8EA9-31DB74FEF0AE}\setup.exe /repair

BitDefender Internet Security 2011-->MsiExec.exe /I{CFB8BDCE-8814-4B9A-8EA9-31DB74FEF0AE}

Canon Camera Support Core Library-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{5662C158-CA24-4228-BF6C-596FADA08682} /l1036

Canon Camera Window DS for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{7B847C9D-6758-45E6-B598-3BD8F43EAE9E}

Canon Camera Window DVC for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{A70D14C6-FF2C-4B8E-A643-7E74EC607614}

Canon Camera Window for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{E73534D5-CC93-4C63-9072-5A9734255C74}

Canon EOS Kiss_N REBEL_XT 350D Pilote WIA -->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{33CF7CDF-9805-4500-9CC7-D19D52AD63C4}

Canon Internet Library for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{954BF446-BBC9-42CC-87A6-EBF0D55CA19A}

Canon MP Navigator 3.0-->"C:\Program Files\Canon\MP Navigator 3.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator 3.0\uninst.ini

Canon MP600 User Registration-->C:\Program Files\Canon\IJEREG\MP600\UNINST.EXE

Canon MP600-->"C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP600\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP600 /L0x0009

Canon PhotoRecord-->MsiExec.exe /X{862983D7-FA08-493E-A9ED-6B7859E069D3}

Canon RAW Image Task for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{A0F34E4E-25F0-4B68-AE8F-EF0C15CB1FED}

Canon RemoteCapture Task for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{28291BD5-92D2-4685-82DC-CCA925C53CCA}

Canon Utilities Digital Photo Professional 1.6.1-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{789CF5F1-3326-4B7B-9D01-31047E0F5651}

Canon Utilities Easy-PhotoPrint-->C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe uninst.ini

Canon Utilities EOS Capture 1.3-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{16480125-0428-4097-9A2A-74464004D169}

Canon Utilities File Viewer Utility 1.2-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{EF0DD8B7-471C-463B-A298-6066C2FABAF5}

Canon Utilities PhotoStitch 3.1-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{218BBBE3-FE63-4BB2-81A8-7435575A84FA}

Canon Utilities RemoteCapture 2.7-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{BEB03A1A-1EB6-48EB-9985-8B97315EE5C0}

Canon ZoomBrowser EX-->MsiExec.exe /X{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}

CCleaner-->"C:\Program Files\CCleaner\uninst.exe"

CD-LabelPrint-->"C:\Program Files\Canon\CD-LabelPrint\Uninstal.exe" Canon.CDLabelPrint.Application

C-Media Card Reader Driver USB2.0-->C:\WINDOWS\system32\CmUCRRm.exe

DECAdry Express Business Cards 4-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{95398D6D-E2A6-45BC-A9B2-C8C1D9D00E6E} /l1036

Easy-WebPrint-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\Easy-WebPrint\Uninst.isu"

High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"

HiJackThis-->MsiExec.exe /X{45A66726-69BC-466B-A7A4-12FCBA4883D7}

Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB981793)-->"C:\WINDOWS\$NtUninstallKB981793$\spuninst\spuninst.exe"

Java 6 Update 20-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216020FF}

LSI PCI-SV92PP Soft Modem-->C:\WINDOWS\agrsmdel

MagicTune3.6_Client_pivot-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1C04D433-2EDF-4AFB-B31B-C0B13065092F}\setup.exe" -l0x40c

Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"

Microsoft Office Professional Edition 2003-->MsiExec.exe /I{91E3040C-6000-11D3-8CFE-0150048383C9}

Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}

MozBackup 1.4.10-->C:\Program Files\MozBackup\Uninstall.exe

Mozilla Firefox (3.6.9)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe

Mozilla Thunderbird (3.1.3)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe

MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}

Natural Color-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F51D9393-BB14-4566-99BF-D6ED63AEFCD7}\setup.exe"

NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI

Philips Media Manager 3.3.12.0004-->C:\Program Files\Philips\Media Manager\uninstall.exe

Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly

ScanSoft OmniPage SE 4.0-->MsiExec.exe /I{C1E693A4-B1D5-4DCD-B68D-2087835B7184}

Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

Security Update for Windows Internet Explorer 8 (KB2183461)-->"C:\WINDOWS\ie8updates\KB2183461-IE8\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 8 (KB981332)-->"C:\WINDOWS\ie8updates\KB981332-IE8\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 8 (KB982381)-->"C:\WINDOWS\ie8updates\KB982381-IE8\spuninst\spuninst.exe"

Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"

Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"

Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"

Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9L$\spuninst\spuninst.exe"

Security Update for Windows Media Player (KB978695)-->"C:\WINDOWS\$NtUninstallKB978695_WM9$\spuninst\spuninst.exe"

Security Update for Windows Media Player (KB979402)-->"C:\WINDOWS\$NtUninstallKB979402_WM9$\spuninst\spuninst.exe"

Security Update for Windows Media Player (KB979402)-->"C:\WINDOWS\$NtUninstallKB979402_WM9L$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2079403)-->"C:\WINDOWS\$NtUninstallKB2079403$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2115168)-->"C:\WINDOWS\$NtUninstallKB2115168$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2160329)-->"C:\WINDOWS\$NtUninstallKB2160329$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2229593)-->"C:\WINDOWS\$NtUninstallKB2229593$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2286198)-->"C:\WINDOWS\$NtUninstallKB2286198$\spuninst\spuninst.exe"

Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"

Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf

Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"

Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"

Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"

Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"

Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"

Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"

Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"

Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"

Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"

Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"

Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"

Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"

Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"

Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"

Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"

Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"

Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"

Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"

Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"

Security Update for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"

Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"

Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"

Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"

Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"

Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"

Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"

Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"

Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"

Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"

Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"

Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"

Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"

Security Update for Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"

Security Update for Windows XP (KB975562)-->"C:\WINDOWS\$NtUninstallKB975562$\spuninst\spuninst.exe"

Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"

Security Update for Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe"

Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"

Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"

Security Update for Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe"

Security Update for Windows XP (KB978542)-->"C:\WINDOWS\$NtUninstallKB978542$\spuninst\spuninst.exe"

Security Update for Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe"

Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"

Security Update for Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe"

Security Update for Windows XP (KB979482)-->"C:\WINDOWS\$NtUninstallKB979482$\spuninst\spuninst.exe"

Security Update for Windows XP (KB979559)-->"C:\WINDOWS\$NtUninstallKB979559$\spuninst\spuninst.exe"

Security Update for Windows XP (KB979683)-->"C:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe"

Security Update for Windows XP (KB980195)-->"C:\WINDOWS\$NtUninstallKB980195$\spuninst\spuninst.exe"

Security Update for Windows XP (KB980218)-->"C:\WINDOWS\$NtUninstallKB980218$\spuninst\spuninst.exe"

Security Update for Windows XP (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe"

Security Update for Windows XP (KB980436)-->"C:\WINDOWS\$NtUninstallKB980436$\spuninst\spuninst.exe"

Security Update for Windows XP (KB981852)-->"C:\WINDOWS\$NtUninstallKB981852$\spuninst\spuninst.exe"

Security Update for Windows XP (KB981997)-->"C:\WINDOWS\$NtUninstallKB981997$\spuninst\spuninst.exe"

Security Update for Windows XP (KB982214)-->"C:\WINDOWS\$NtUninstallKB982214$\spuninst\spuninst.exe"

Security Update for Windows XP (KB982381)-->"C:\WINDOWS\$NtUninstallKB982381$\spuninst\spuninst.exe"

Security Update for Windows XP (KB982665)-->"C:\WINDOWS\$NtUninstallKB982665$\spuninst\spuninst.exe"

Services Off-line de Home'Bank-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\ING\Off-line\Uninst.isu"

SiSoftware Sandra Lite 2010.SP2-->"C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010.SP2\unins000.exe"

Update for Windows Internet Explorer 8 (KB976662)-->"C:\WINDOWS\ie8updates\KB976662-IE8\spuninst\spuninst.exe"

Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"

Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"

Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"

Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"

Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"

Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"

Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"

Windows Live ID Sign-in Assistant-->MsiExec.exe /X{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}

Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

ZebHelpProcess 2.34-->"C:\Program Files\ZebHelpProcess\unins000.exe"

ZHPDiag 1.25-->"C:\Program Files\ZHPDiag\unins000.exe"

 

======Security center information======

 

AV: BitDefender Antivirus

FW: BitDefender Pare-feu

 

======System event log======

 

Computer Name: LOUSTALOU

Event Code: 20

Message: Installation Failure: Windows failed to install the following update with error 0x80070002: Windows XP Service Pack 3 (KB936929).

 

Record Number: 479

Source Name: Windows Update Agent

Time Written: 20100902190646.000000+120

Event Type: error

User:

 

Computer Name: LOUSTALOU

Event Code: 4374

Message: Windows XP Service Pack 3 installation failed, leaving Windows XP partially updated.

Service Pack 3 installation did not complete.

 

Record Number: 478

Source Name: NtServicePack

Time Written: 20100902183816.000000+120

Event Type: error

User: LOUSTALOU\andre schroeven

 

Computer Name: LOUSTALOU

Event Code: 4373

Message: Windows XP Service Pack 3 installation failed.

The system cannot find the file specified.

 

 

Record Number: 469

Source Name: NtServicePack

Time Written: 20100902182906.000000+120

Event Type: error

User: LOUSTALOU\andre schroeven

 

Computer Name: LOUSTALOU

Event Code: 20

Message: Installation Failure: Windows failed to install the following update with error 0x80070643: Windows Internet Explorer 7 for Windows XP.

 

Record Number: 447

Source Name: Windows Update Agent

Time Written: 20100902174425.000000+120

Event Type: error

User:

 

Computer Name: LOUSTALOU

Event Code: 20

Message: Installation Failure: Windows failed to install the following update with error 0x80070643: Internet Explorer 8 for Windows XP.

 

Record Number: 382

Source Name: Windows Update Agent

Time Written: 20100902172342.000000+120

Event Type: error

User:

 

=====Application event log=====

 

Computer Name: LOUSTALOU

Event Code: 5603

Message: A provider, Rsop Planning Mode Provider, has been registered in the WMI namespace, root\RSOP, but did not specify the HostingModel property. This provider will be run using the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Ensure that provider has been reviewed for security behavior and update the HostingModel property of the provider registration to an account with the least privileges possible for the required functionality.

 

Record Number: 36

Source Name: WinMgmt

Time Written: 20100902152353.000000+120

Event Type: warning

User: NT AUTHORITY\SYSTEM

 

Computer Name: LOUSTALOU

Event Code: 63

Message: A provider, WMIProv, has been registered in the WMI namespace, Root\WMI, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

 

Record Number: 25

Source Name: WinMgmt

Time Written: 20100902150211.000000+120

Event Type: warning

User: LOUSTALOU\andre schroeven

 

Computer Name: LOUSTALOU

Event Code: 63

Message: A provider, HiPerfCooker_v1, has been registered in the WMI namespace, Root\WMI, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

 

Record Number: 24

Source Name: WinMgmt

Time Written: 20100902150211.000000+120

Event Type: warning

User: LOUSTALOU\andre schroeven

 

Computer Name: LOUSTALOU

Event Code: 4354

Message: The COM+ Event System failed to fire the ConnectionMade method on subscription {745D67FE-6F17-4DD5-BDFF-BF0BE202A767}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}. The subscriber returned HRESULT 80004001.

Record Number: 23

Source Name: EventSystem

Time Written: 20100902134909.000000+120

Event Type: warning

User:

 

Computer Name: LOUSTALOU

Event Code: 4354

Message: The COM+ Event System failed to fire the StartShell method on subscription {A5978620-5B3F-F1D1-8ED2-00FA0035B753}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}. The subscriber returned HRESULT 80004001.

Record Number: 19

Source Name: EventSystem

Time Written: 20100902134125.000000+120

Event Type: warning

User:

 

======Environment variables======

 

"ComSpec"=%SystemRoot%\system32\cmd.exe

"Path"=%CommonProgramFiles%\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem

"windir"=%SystemRoot%

"OS"=Windows_NT

"PROCESSOR_ARCHITECTURE"=x86

"PROCESSOR_LEVEL"=15

"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 4, GenuineIntel

"PROCESSOR_REVISION"=0404

"NUMBER_OF_PROCESSORS"=2

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"FP_NO_HOST_CHECK"=NO

"SAN_DIR"=C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010.SP2

 

-----------------EOF-----------------

[André 46]

Bonjour Thanos,

 

Alors là, c'est à ne rien y comprendre. Ce matin, plus de trafic. internet intempestif

La seule explication possible : hier, Acrobat reader (Adobe), Flash Player (Adobe) et .Net (Microsoft) ont proposé des mises à jour pour ces applications. J'ai fait ces updates car j'avais lu sur internet que plusieurs failles critiques avaient été découvertes dans ces programmes. Et ce matin, oups, plus de problème

Cela dit, ce qui m'étonne, c'est que, compte tenu des infos sur internet, j'avais déjà désinstaller (puis réinstaller), sans résultat, Acrobat Reader pour vérifier si ce trafic internet cessait.

J'en déduit, peut être un peu rapidement, que j'ai été victime d'une de ces failles et que durant un certain temps un hacker a pu se servir de mon ordinateur (zombie) pour envoyer des spam et au pire a pu subtiliser certaines de mes informations.

 

Qu'en penses-tu ?

 

Bien cordialement et encore merci pour ton intervention.

 

André46

Modifié le 8 octobre 2010 par André 46

[Thanos]

salut,

 

Désolé pour la réponse tardive

La seule explication possible : hier, Acrobat reader (Adobe), Flash Player (Adobe) et .Net (Microsoft) ont proposé des mises à jour pour ces applications. J'ai fait ces updates car j'avais lu sur internet que plusieurs failles critiques avaient été découvertes dans ces programmes. Et ce matin, oups, plus de problème

J'ai consulté les dernières failles en date mais je n'ai pas trouvé d'infos concrètes.

Je suis un peu étonné que ton pare-feu n'ait pas réagit par contre.

J'en déduit, peut être un peu rapidement, que j'ai été victime d'une de ces failles et que durant un certain temps un hacker a pu se servir de mon ordinateur (zombie) pour envoyer des spam et au pire a pu subtiliser certaines de mes informations.

Les résultats des différents analyses n'ont rien montré de tel.

Ceci dit, si tu as le moindre doute, n'hésite pas à modifier tes codes (les codes d'accès à ton site bancaire par ex)

 

Est ce que tu as tenté de refaire un scan Kaspersky depuis ?

 

Passe par le Menu Démarrer > Exécuter ( pour cela utilise la combinaison de touches [Touche Windows]+[R]) > et copie/colle ceci >

 

ComboFix /uninstall (il y a un espace entre x et / si tu recopies la commande manuellement)

 

Une fenêtre va s'ouvrir et ComboFix sera désinstallé de ton pc et la restauration système sera purgée.