tintin30
2010-09-13, 19:39
Hi,
I have recently observed an abnormal behavior of my PC and, after performing SpyBot scan I found that Win32.Autorun.tmp is on it. As probably usual in my situation, I have run SpyBot several times in attempt to eliminate it, but without results. I have tried to follow the procedure described on this forum, but have not found the file 5kstzaw.exe.
As a last tentative (before formatting the OS partition), I put my DDS log below. Thanks in advance for any of you who will find time to take a look on this problem. :thanks:
P.S. I have a French version of Windows, but have not found an equivalent forum in French. It should not be a problem while reading DSS file, but if you find I should go to a more appropriate forum, please indicate me one.
P.S.S. As advised on certain forums, I have tried to perform a scan with GMER, but the virus was either completely slowing down the system or generating the error with following exit from OS (blue screen during a second, followed by shutdown)
Thanks again
-------------------------------------------------------------------------
DDS (Ver_10-03-17.01) - NTFSx86
Run by Artem at 15:38:04,06 on lun. 13/09/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.2047.1372 [GMT 2:00]
AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\mfevtps.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\TOSHIBA\TOSHIBA e-STUDIO Client\GLDocMon.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Documents and Settings\Artem\Bureau\dds.scr
============== Pseudo HJT Report ===============
uWindow Title =
mWinlogon: Taskman=c:\documents and settings\artem\application data\sjlp.exe
uWinlogon: Shell=explorer.exe,c:\documents and settings\artem\application data\sjlp.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\fichiers communs\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptsn.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [ToshibaGLDocMon] "c:\program files\toshiba\toshiba e-studio client\GLDocMon.exe"
mRun: [SunJavaUpdateSched] "c:\program files\fichiers communs\java\java update\jusched.exe"
mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
mRun: [SkyTel] SkyTel.EXE
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NeroFilterCheck] c:\program files\fichiers communs\ahead\lib\NeroCheck.exe
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [HControl] c:\windows\atk0100\HControl.exe
mRun: [Alcmtr] ALCMTR.EXE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\fichiers communs\adobe\arm\1.0\AdobeARM.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\artem\menudm~1\progra~1\dmarra~1\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\artem\menudm~1\progra~1\dmarra~1\skype.lnk - c:\windows\installer\{d103c4ba-f905-437a-8049-db24763bbe36}\SkypeIcon.exe
StartupFolder: c:\docume~1\alluse~1.win\menudm~1\progra~1\dmarra~1\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng1.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1222447142812
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: {DC6EA748-82AF-4331-A1EE-0B19E2A69E1A} = 164.15.59.200
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\artem\applic~1\mozilla\firefox\profiles\mniywwju.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://wwwdev.ulb.ac.be/webmail2/webmail2.php
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=971163&p=
FF - component: c:\program files\mozilla firefox\components\Scriptff.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
============= SERVICES / DRIVERS ===============
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-1-4 343920]
R2 McAfeeEngineService;McAfee Engine Service;c:\program files\mcafee\virusscan enterprise\EngineServer.exe [2010-1-6 22816]
R2 McAfeeFramework;Service McAfee Framework;c:\program files\mcafee\common framework\FrameworkService.exe [2009-9-22 103744]
R2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2010-1-6 147472]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2010-1-6 66896]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-4-19 70728]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-1-4 91832]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-1-4 43288]
R3 SynMini;Syntek USB2.0 2M WebCam;c:\windows\system32\drivers\SynMini.sys [2008-9-26 1208064]
R3 SynScan;Syntek USB2.0 2M WebCam Still Image;c:\windows\system32\drivers\SynScan.sys [2008-9-26 8064]
S1 mferkdk;VSCore mferkdk;\??\c:\program files\mcafee\virusscan enterprise\mferkdk.sys --> c:\program files\mcafee\virusscan enterprise\mferkdk.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-9-11 38224]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-4-19 66600]
=============== Created Last 30 ================
2010-09-12 21:18:31 0 d-----w- c:\windows\pss
2010-09-11 19:37:39 0 d-sha-r- C:\Autorun.inf
2010-09-11 18:49:16 0 d-----w- c:\docume~1\artem\applic~1\Malwarebytes
2010-09-11 18:49:08 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-11 18:49:06 0 d-----w- c:\docume~1\alluse~1.win\applic~1\Malwarebytes
2010-09-11 18:49:02 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-11 18:49:01 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-11 17:35:22 744 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2010-09-11 17:11:34 2941 ----a-w- C:\UsbFix_Upload_Me_ULB-614A9323631.zip
2010-09-11 15:59:05 32768 ---ha-w- C:\SZKGFS.dat
2010-09-11 15:54:15 0 d-----w- C:\UsbFix
2010-09-11 15:53:54 0 d-----w- c:\docume~1\alluse~1.win\applic~1\SITEguard
2010-09-11 15:52:47 0 d-----w- c:\program files\fichiers communs\iS3
2010-09-11 15:52:46 0 d-----w- c:\docume~1\alluse~1.win\applic~1\STOPzilla!
2010-09-10 01:47:23 0 d-----w- c:\program files\GnuChess
2010-09-01 13:00:45 91136 --sh--r- c:\docume~1\artem\applic~1\sjlp.exe
==================== Find3M ====================
2010-09-10 01:34:19 49898 ----a-w- c:\windows\system32\perfc00C.dat
2010-09-10 01:34:19 371218 ----a-w- c:\windows\system32\perfh00C.dat
2010-07-17 03:00:04 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-30 12:32:14 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:25:24 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 09:02:32 1852032 ----a-w- c:\windows\system32\win32k.sys
2010-06-17 14:03:10 80384 ----a-w- c:\windows\system32\iccvid.dll
2006-06-23 06:48:54 32768 ----a-r- c:\windows\inf\UpdateUSB.exe
2009-09-04 07:30:47 16384 --sha-w- c:\windows\temp\cookies\index.dat
2009-09-04 07:30:47 32768 --sha-w- c:\windows\temp\fichiers internet temporaires\content.ie5\index.dat
2009-09-04 07:30:47 16384 --sha-w- c:\windows\temp\history\history.ie5\index.dat
============= FINISH: 15:39:24,78 ===============
I have recently observed an abnormal behavior of my PC and, after performing SpyBot scan I found that Win32.Autorun.tmp is on it. As probably usual in my situation, I have run SpyBot several times in attempt to eliminate it, but without results. I have tried to follow the procedure described on this forum, but have not found the file 5kstzaw.exe.
As a last tentative (before formatting the OS partition), I put my DDS log below. Thanks in advance for any of you who will find time to take a look on this problem. :thanks:
P.S. I have a French version of Windows, but have not found an equivalent forum in French. It should not be a problem while reading DSS file, but if you find I should go to a more appropriate forum, please indicate me one.
P.S.S. As advised on certain forums, I have tried to perform a scan with GMER, but the virus was either completely slowing down the system or generating the error with following exit from OS (blue screen during a second, followed by shutdown)
Thanks again
-------------------------------------------------------------------------
DDS (Ver_10-03-17.01) - NTFSx86
Run by Artem at 15:38:04,06 on lun. 13/09/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.2047.1372 [GMT 2:00]
AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\mfevtps.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\TOSHIBA\TOSHIBA e-STUDIO Client\GLDocMon.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Documents and Settings\Artem\Bureau\dds.scr
============== Pseudo HJT Report ===============
uWindow Title =
mWinlogon: Taskman=c:\documents and settings\artem\application data\sjlp.exe
uWinlogon: Shell=explorer.exe,c:\documents and settings\artem\application data\sjlp.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\fichiers communs\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptsn.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [ToshibaGLDocMon] "c:\program files\toshiba\toshiba e-studio client\GLDocMon.exe"
mRun: [SunJavaUpdateSched] "c:\program files\fichiers communs\java\java update\jusched.exe"
mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
mRun: [SkyTel] SkyTel.EXE
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NeroFilterCheck] c:\program files\fichiers communs\ahead\lib\NeroCheck.exe
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [HControl] c:\windows\atk0100\HControl.exe
mRun: [Alcmtr] ALCMTR.EXE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\fichiers communs\adobe\arm\1.0\AdobeARM.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\artem\menudm~1\progra~1\dmarra~1\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\artem\menudm~1\progra~1\dmarra~1\skype.lnk - c:\windows\installer\{d103c4ba-f905-437a-8049-db24763bbe36}\SkypeIcon.exe
StartupFolder: c:\docume~1\alluse~1.win\menudm~1\progra~1\dmarra~1\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng1.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1222447142812
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: {DC6EA748-82AF-4331-A1EE-0B19E2A69E1A} = 164.15.59.200
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\artem\applic~1\mozilla\firefox\profiles\mniywwju.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://wwwdev.ulb.ac.be/webmail2/webmail2.php
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=971163&p=
FF - component: c:\program files\mozilla firefox\components\Scriptff.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
============= SERVICES / DRIVERS ===============
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-1-4 343920]
R2 McAfeeEngineService;McAfee Engine Service;c:\program files\mcafee\virusscan enterprise\EngineServer.exe [2010-1-6 22816]
R2 McAfeeFramework;Service McAfee Framework;c:\program files\mcafee\common framework\FrameworkService.exe [2009-9-22 103744]
R2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2010-1-6 147472]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2010-1-6 66896]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-4-19 70728]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-1-4 91832]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-1-4 43288]
R3 SynMini;Syntek USB2.0 2M WebCam;c:\windows\system32\drivers\SynMini.sys [2008-9-26 1208064]
R3 SynScan;Syntek USB2.0 2M WebCam Still Image;c:\windows\system32\drivers\SynScan.sys [2008-9-26 8064]
S1 mferkdk;VSCore mferkdk;\??\c:\program files\mcafee\virusscan enterprise\mferkdk.sys --> c:\program files\mcafee\virusscan enterprise\mferkdk.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-9-11 38224]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-4-19 66600]
=============== Created Last 30 ================
2010-09-12 21:18:31 0 d-----w- c:\windows\pss
2010-09-11 19:37:39 0 d-sha-r- C:\Autorun.inf
2010-09-11 18:49:16 0 d-----w- c:\docume~1\artem\applic~1\Malwarebytes
2010-09-11 18:49:08 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-11 18:49:06 0 d-----w- c:\docume~1\alluse~1.win\applic~1\Malwarebytes
2010-09-11 18:49:02 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-11 18:49:01 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-11 17:35:22 744 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2010-09-11 17:11:34 2941 ----a-w- C:\UsbFix_Upload_Me_ULB-614A9323631.zip
2010-09-11 15:59:05 32768 ---ha-w- C:\SZKGFS.dat
2010-09-11 15:54:15 0 d-----w- C:\UsbFix
2010-09-11 15:53:54 0 d-----w- c:\docume~1\alluse~1.win\applic~1\SITEguard
2010-09-11 15:52:47 0 d-----w- c:\program files\fichiers communs\iS3
2010-09-11 15:52:46 0 d-----w- c:\docume~1\alluse~1.win\applic~1\STOPzilla!
2010-09-10 01:47:23 0 d-----w- c:\program files\GnuChess
2010-09-01 13:00:45 91136 --sh--r- c:\docume~1\artem\applic~1\sjlp.exe
==================== Find3M ====================
2010-09-10 01:34:19 49898 ----a-w- c:\windows\system32\perfc00C.dat
2010-09-10 01:34:19 371218 ----a-w- c:\windows\system32\perfh00C.dat
2010-07-17 03:00:04 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-30 12:32:14 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:25:24 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 09:02:32 1852032 ----a-w- c:\windows\system32\win32k.sys
2010-06-17 14:03:10 80384 ----a-w- c:\windows\system32\iccvid.dll
2006-06-23 06:48:54 32768 ----a-r- c:\windows\inf\UpdateUSB.exe
2009-09-04 07:30:47 16384 --sha-w- c:\windows\temp\cookies\index.dat
2009-09-04 07:30:47 32768 --sha-w- c:\windows\temp\fichiers internet temporaires\content.ie5\index.dat
2009-09-04 07:30:47 16384 --sha-w- c:\windows\temp\history\history.ie5\index.dat
============= FINISH: 15:39:24,78 ===============