Fabi41

ok très bien dernière petite chose, comment désactivé la restauration vérolée et en créer une autre saine. comment faire pour indiquer mon post comme résolu ?

Voilà toutes les opérations sont réalisées. J'ai pu réinstaller internet explorer 8 et cela fonctionne. Je ne reçois plus de messages d'alertes virus. Puis-je considérer que mon pc est sain ? Existe t'il une dernière vérification à faire ? Sinon je te remercie de ta patience et de ton aide bien précieuse. Bien à toi Fabian

sous ma session perso, j'ai google chrome et ma connexion internet fonctionne. Pour certaines applications professionnelles j'ai besoin d'internet explorer. sous la session administrateur, je n'ai pas google Chrome et internet explorer ne fonctionne pas

J'ai bien suivi à la lettre ta commande. Bonne nouvelle le login fonctionne de nouveau. Mauvaise nouvelle : internet explorer ne fonctionne pas Bonne nouvelle : aucune alerte jusqu'à présent

Cijoint.fr - Service gratuit de dépôt de fichiers voici le rapport

voici le rqpport voici le rqpport

revoici le rapport . OTL logfile created on: 11/22/2010 1:56:03 PM - Run OTLPE by OldTimer - Version 3.1.43.0 Folder = X:\Programs\OTLPE Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM Internet Explorer (Version = 8.0.6001.18702) Locale: 00000813 | Country: Belgium | Language: NLB | Date Format: d/MM/yyyy 2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 81.00% Memory free 2.00 Gb Paging File | 2.00 Gb Available in Paging File | 93.00% Paging File free Paging file location(s): C:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 36.00 Gb Total Space | 21.29 Gb Free Space | 59.14% Space Free | Partition Type: NTFS Drive D: | 298.09 Gb Total Space | 172.83 Gb Free Space | 57.98% Space Free | Partition Type: NTFS Drive E: | 38.41 Gb Total Space | 23.16 Gb Free Space | 60.30% Space Free | Partition Type: NTFS Drive X: | 434.99 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: REATOGO | User Name: SYSTEM Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days Using ControlSet: ControlSet002 ========== Win32 Services (SafeList) ========== SRV - File not found [Auto] -- C:\Program Files\FarStone Total Recovery Pro\Client\DCNTranProc.exe -- (Tran_Process_Proc) SRV - File not found [On_Demand] -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr) SRV - File not found [Auto] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service) SRV - File not found [Auto] -- C:\Program Files\OCS Inventory Agent\ocsservice.exe -- (OCS INVENTORY) SRV - File not found [Auto] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService) SRV - File not found [On_Demand] -- C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT) SRV - File not found [Auto] -- C:\Program Files\FarStone Total Recovery Pro\Client\Efb\FBPAgent.exe -- (FBAgent) SRV - [2010/11/11 04:57:11 | 003,019,352 | ---- | M] () [Auto] -- C:\Program Files\Common Files\Akamai\netsession_win_4176eef.dll -- (Akamai) SRV - [2010/09/29 10:00:56 | 001,145,304 | ---- | M] (PC Tools) [On_Demand] -- C:\Program Files\PC Tools Security\pctsSvc.exe -- (sdCoreService) SRV - [2010/08/05 04:03:32 | 000,104,976 | ---- | M] () [Auto] -- C:\Program Files\FarStone Total Recovery Pro\Client\CBP\DCSchdlerSRVC.exe -- (DCScheduler) SRV - [2010/03/25 13:07:00 | 000,147,472 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe -- (McShield) SRV - [2010/03/25 13:07:00 | 000,070,728 | ---- | M] (McAfee, Inc.) [Auto] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp) SRV - [2010/03/25 13:07:00 | 000,066,880 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager) SRV - [2010/03/25 13:07:00 | 000,022,816 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe -- (McAfeeEngineService) SRV - [2010/03/15 08:02:36 | 000,366,840 | ---- | M] (PC Tools) [On_Demand] -- C:\Program Files\PC Tools Security\pctsAuxs.exe -- (sdAuxService) SRV - [2009/08/25 09:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework) SRV - [2007/05/10 03:23:50 | 000,094,208 | R--- | M] (SigmaTel, Inc.) [Auto] -- C:\WINDOWS\system32\stacsv.exe -- (STacSV) SRV - [2005/04/27 16:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\UPHClean\uphclean.exe -- (UPHClean) SRV - [2004/09/29 05:14:36 | 000,069,632 | ---- | M] (HP) [Auto] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand] -- -- (WDICA) DRV - File not found [Adapter | Unavailable] -- -- (PnSson) DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP) DRV - File not found [Kernel | System] -- -- (PCIDump) DRV - File not found [Kernel | System] -- -- (lbrtfdc) DRV - File not found [Kernel | System] -- -- (i2omgmt) DRV - File not found [Kernel | System] -- -- (efbDisk) DRV - File not found [Kernel | System] -- -- (DCDisk) DRV - File not found [Kernel | System] -- -- (Changer) DRV - File not found [Kernel | Boot] -- -- (cerc6) DRV - [2010/11/20 03:47:45 | 000,024,168 | ---- | M] (Norman ASA) [Kernel | On_Demand] -- C:\Documents and Settings\AdmTmp\Local Settings\temp\0000077d.nmc\nse\bin\ndiskio.sys -- (NDISKIO) DRV - [2010/11/16 05:45:39 | 000,024,416 | ---- | M] (Greatis Software) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\regguard.sys -- (RegGuard) DRV - [2010/11/16 02:41:30 | 000,035,816 | ---- | M] (Greatis Software) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Partizan.sys -- (Partizan) DRV - [2010/08/18 07:51:26 | 000,237,632 | ---- | M] (PC Tools) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore) DRV - [2010/08/05 04:05:16 | 000,020,824 | R--- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\FarMntIo.sys -- (FARMNTIO) DRV - [2010/08/05 04:04:18 | 000,086,056 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\System32\drivers\dcsnap.sys -- (dcsnap) DRV - [2010/07/16 08:59:54 | 000,338,880 | ---- | M] (PC Tools) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\pctDS.sys -- (pctDS) DRV - [2010/07/04 14:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5) DRV - [2010/03/25 13:07:00 | 000,343,920 | ---- | M] (McAfee, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk) DRV - [2010/03/25 13:07:00 | 000,091,832 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk) DRV - [2010/03/25 13:07:00 | 000,075,704 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk) DRV - [2010/03/25 13:07:00 | 000,066,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet) DRV - [2010/03/25 13:07:00 | 000,064,208 | ---- | M] (McAfee, Inc.) [Kernel | System] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik) DRV - [2010/03/25 13:07:00 | 000,043,288 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk) DRV - [2009/10/26 00:47:30 | 004,221,952 | R--- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel® DRV - [2009/06/12 12:52:48 | 006,278,272 | R--- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm) DRV - [2008/04/14 07:00:00 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus) DRV - [2008/04/13 17:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM) DRV - [2007/12/23 10:18:48 | 000,068,696 | R--- | M] (O2Micro) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\oz776.sys -- (guardian2) DRV - [2007/08/02 10:35:12 | 000,989,952 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV) DRV - [2007/08/02 10:34:30 | 000,211,200 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL) DRV - [2007/08/02 10:34:26 | 000,731,136 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf) DRV - [2007/06/25 11:53:10 | 000,155,136 | R--- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2007/05/10 03:24:34 | 001,222,840 | R--- | M] (SigmaTel, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) DRV - [2007/03/13 07:26:06 | 000,160,256 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k) DRV - [2007/02/09 05:34:16 | 000,051,768 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM) DRV - [2007/02/08 13:05:30 | 000,028,120 | ---- | M] (Roxio) [File_System | System] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M) DRV - [2007/02/08 13:05:30 | 000,012,856 | ---- | M] (Roxio) [File_System | System] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM) DRV - [2006/10/26 09:22:22 | 000,009,432 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM) DRV - [2006/10/26 09:21:34 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM) DRV - [2006/10/26 09:21:34 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM) DRV - [2006/10/26 09:21:32 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M) DRV - [2006/10/26 09:21:30 | 000,026,296 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM) DRV - [2006/10/26 09:21:28 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM) DRV - [2006/10/26 09:21:26 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM) DRV - [2006/10/26 09:21:24 | 000,104,536 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M) DRV - [2006/07/21 04:21:26 | 000,099,176 | ---- | M] (Sonic Solutions) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\DRVMCDB.SYS -- (DRVMCDB) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\2ddh_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\9DomTempInst_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\9LocTempInst_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = Xella XenApp Login IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN | Hotmail | Messenger | Nieuws, sport, entertainment, video, lifestyle, auto en nog veel meer, dat is MSN ! IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = nl-be IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 60 92 8A 2D 80 17 CB 01 [binary data] IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\AdmTmp_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2542115 IE - HKU\AdmTmp_ON_C\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found IE - HKU\AdmTmp_ON_C\..\URLSearchHook: {4daac69c-cba7-45e2-9bc8-1044483d3352} - Reg Error: Key error. File not found IE - HKU\AdmTmp_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\Chupinf_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\Chupinf_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN | Hotmail | Messenger | Nieuws, sport, entertainment, video, lifestyle, auto en nog veel meer, dat is MSN ! IE - HKU\Chupinf_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = nl-be IE - HKU\Chupinf_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DC 4A C9 76 FE 63 CB 01 [binary data] IE - HKU\Chupinf_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\software\mozilla\Firefox\Extensions\\crazyloader@spointer.com: C:\Program Files\CrazyLoader\spointer\extensions\crazyloader@spointer.com [2010/09/10 09:48:13 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff O1 HOSTS File: ([2010/11/19 05:30:21 | 000,425,140 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 14672 more lines... O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O2 - BHO: (no name) - {4daac69c-cba7-45e2-9bc8-1044483d3352} - No CLSID value found. O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll File not found O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (no name) - {4daac69c-cba7-45e2-9bc8-1044483d3352} - No CLSID value found. O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe File not found O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.) O4 - HKLM..\Run: [PrintDisp] C:\WINDOWS\system32\PrintDisp.exe (ActMask Co.,Ltd - http://www.all2pdf.com) O4 - HKLM..\Run: [shStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.) O4 - HKLM..\Run: [sNM] C:\Program Files\SpyNoMore\SNM.exe File not found O4 - HKLM..\Run: [unlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\2ddh_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\9DomTempInst_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\9LocTempInst_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\AdmTmp_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\AdmTmp_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\Chupinf_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} http://activex.camfrogweb.com/advanced/2.0.1.14/cfweb_activex.camfrogweb.com-advanced-2.0.1.14_instmodule.exe (CamfrogWEB Advanced Unicode Control) O16 - DPF: {32305793-C19A-48E7-AD2F-D87FF7B264A4} http://download.tenebril.com/pub/bin/scanner2008/TenebrilSpywareScanner.ocx (TenebrilSpywareScanner Control) O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (BDSCANONLINE Control) O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab (Windows Live Safety Center Base Module) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1277811945671 (MUWebControl Class) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = we.ad-root.biz O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - ( ) - (Registry value not found) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010/04/14 16:55:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (Partizan) - C:\WINDOWS\System32\Partizan.exe (Greatis Software) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: McAfeeEngineService - C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe (McAfee, Inc.) SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906) ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447) ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8 ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789) ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} - ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE ActiveX: Microsoft Base Smart Card Crypto Provider Package - Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) ========== Files/Folders - Created Within 30 Days ========== [2010/11/20 03:36:39 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\NetworkService\Cookies [2010/11/19 07:48:09 | 000,000,000 | ---D | C] -- C:\!KillBox [2010/11/19 06:33:40 | 000,656,320 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctEFA.sys [2010/11/19 06:33:40 | 000,338,880 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctDS.sys [2010/11/19 06:33:40 | 000,249,616 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys [2010/11/19 06:33:34 | 000,237,632 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys [2010/11/19 06:33:34 | 000,159,936 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys [2010/11/19 06:33:29 | 000,123,712 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplfw.sys [2010/11/19 06:33:29 | 000,087,400 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctNdis-PacketFilter.sys [2010/11/19 06:33:29 | 000,031,960 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctNdis-DNS.sys [2010/11/19 06:33:27 | 000,070,536 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys [2010/11/19 06:33:19 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security [2010/11/19 06:33:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools [2010/11/19 06:33:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Application Data\PC Tools [2010/11/19 05:45:40 | 000,061,952 | ---- | C] (Macromedia, Inc.) -- C:\WINDOWS\Explorermgr.exe [2010/11/19 04:28:40 | 000,000,000 | ---D | C] -- C:\Program Files\ConduitEngine [2010/11/19 04:28:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Local Settings\Application Data\ConduitEngine [2010/11/19 04:28:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Local Settings\Application Data\temp [2010/11/19 04:28:38 | 000,000,000 | ---D | C] -- C:\Program Files\Softonic_France [2010/11/19 04:28:29 | 000,000,000 | ---D | C] -- C:\Program Files\Bing Bar Installer [2010/11/19 02:37:54 | 000,061,952 | ---- | C] (Macromedia, Inc.) -- C:\WINDOWS\System32\userinitmgr.exe [2010/11/19 01:50:49 | 000,000,000 | ---D | C] -- C:\Program Files\windows media player [2010/11/18 17:05:52 | 000,000,000 | ---D | C] -- C:\Program Files\Unlocker [2010/11/18 16:41:37 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\AdmTmp\Recent [2010/11/18 15:51:16 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\LocalService\Cookies [2010/11/18 15:47:48 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2010/11/18 15:32:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp [2010/11/18 14:23:53 | 000,000,000 | ---D | C] -- C:\Kill'em [2010/11/18 14:20:08 | 000,000,000 | ---D | C] -- C:\Program Files\List_Kill'em [2010/11/18 14:19:46 | 003,285,305 | ---- | C] (g3n-h@ckm@n ) -- C:\Documents and Settings\AdmTmp\Desktop\List_Killem_Install.exe [2010/11/18 13:48:39 | 000,000,000 | ---D | C] -- C:\_OTL [2010/11/18 05:23:08 | 000,000,000 | RHSD | C] -- C:\cmdcons [2010/11/18 05:20:21 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2010/11/18 05:20:19 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2010/11/18 05:20:19 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2010/11/18 05:20:19 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2010/11/18 05:20:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2010/11/18 05:18:03 | 000,000,000 | ---D | C] -- C:\Qoobox [2010/11/16 16:07:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Local Settings\Application Data\AVERT [2010/11/16 15:18:57 | 000,000,000 | ---D | C] -- C:\Program Files\Exterminate It! [2010/11/16 15:18:32 | 004,784,376 | ---- | C] (Curio Lab) -- C:\Documents and Settings\Chupinf\Desktop\ExterminateItSetup.exe [2010/11/16 13:16:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chupinf\Application Data\Malwarebytes [2010/11/16 08:27:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Application Data\Malwarebytes [2010/11/16 08:27:03 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010/11/16 08:27:01 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010/11/16 08:27:01 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010/11/16 08:19:49 | 000,000,000 | ---D | C] -- C:\ToolBar SD [2010/11/16 07:13:42 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy [2010/11/16 05:39:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Local Settings\Application Data\Help [2010/11/16 05:39:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Application Data\Help [2010/11/16 02:54:15 | 000,024,416 | ---- | C] (Greatis Software) -- C:\WINDOWS\System32\drivers\regguard.sys [2010/11/16 02:41:30 | 000,037,600 | ---- | C] (Greatis Software) -- C:\WINDOWS\System32\Partizan.exe [2010/11/16 02:41:30 | 000,035,816 | ---- | C] (Greatis Software) -- C:\WINDOWS\System32\drivers\Partizan.sys [2010/11/16 02:40:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\My Documents\RegRun2 [2010/11/16 02:40:44 | 000,000,000 | ---D | C] -- C:\Program Files\Greatis [2010/11/16 02:10:26 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Chupinf\Recent [2010/11/16 02:10:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chupinf\Local Settings\Application Data\AVERT [2010/11/16 01:59:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chupinf\Application Data\PCFix [2010/11/12 08:48:32 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2010/11/12 08:34:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Application Data\PCFix [2010/11/12 06:24:52 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center [2010/11/12 04:18:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\BDOSCAN8 [2010/11/11 15:42:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft [2010/11/08 15:17:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ActPrint [2010/11/08 14:59:40 | 017,873,152 | ---- | C] (pdfforge GbR) -- C:\Documents and Settings\Chupinf\My Documents\PDFCreator-1_0_2_setup.exe [2010/11/08 14:55:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chupinf\Local Settings\Application Data\Iceni [2010/11/08 14:54:52 | 000,249,856 | ---- | C] (TODO: <Company name>) -- C:\WINDOWS\System32\pdfmona.dll [2010/11/08 14:54:51 | 000,000,000 | ---D | C] -- C:\Program Files\pdf995 [2010/11/08 10:35:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chupinf\My Documents\Pazera_Free_MP4_to_AVI_Converter [2010/11/08 09:26:10 | 000,000,000 | ---D | C] -- C:\Program Files\IVCsoft [2010/11/07 14:22:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\My Documents\Downloads [2010/11/07 14:22:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Application Data\DMCache [2010/11/07 14:11:36 | 004,680,289 | ---- | C] (SVSoftware LTD (www.savevideoplugin.com) ) -- C:\Documents and Settings\Chupinf\My Documents\SaveVideoPluginForIE_setup.exe [2010/11/03 12:15:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Local Settings\Application Data\Iceni [2010/11/03 12:15:43 | 002,519,040 | ---- | C] (DynaForms GmbH) -- C:\WINDOWS\System32\CPDF.dll [2010/11/03 12:15:15 | 000,878,080 | ---- | C] (ActMask Co.,Ltd - http://www.all2pdf.com) -- C:\WINDOWS\System32\PrintDisp.exe [2010/11/03 12:15:15 | 000,077,824 | ---- | C] (ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM) -- C:\WINDOWS\System32\PrintCtrl.exe [2010/11/03 12:15:08 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\gdiplus.dll [2010/11/03 12:15:08 | 001,165,824 | ---- | C] (ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM) -- C:\WINDOWS\System32\PrtClient.exe [2010/11/03 12:15:08 | 000,822,784 | ---- | C] (ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM) -- C:\WINDOWS\System32\SetupDrv.exe [2010/11/03 12:15:08 | 000,702,976 | ---- | C] (ActMask - http://www.all2pdf.com) -- C:\WINDOWS\System32\PrtTools.exe [2010/11/03 12:15:08 | 000,375,296 | ---- | C] (ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM) -- C:\WINDOWS\System32\SetPrinter.exe [2010/11/03 12:15:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\Infix PDF [2010/11/03 12:15:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Application Data\Iceni [2010/11/03 12:14:59 | 000,000,000 | ---D | C] -- C:\Program Files\Iceni [2010/11/03 12:14:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Application Data\Aspell [2010/11/02 12:50:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DirectX [2010/11/02 11:57:29 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbser.sys [2010/11/02 04:54:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chupinf\Application Data\Apple Computer [2010/11/02 04:51:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chupinf\Local Settings\Application Data\Apple Computer [2010/10/29 05:41:37 | 000,334,336 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\bcdedit.exe [2010/10/29 05:41:37 | 000,000,000 | ---D | C] -- C:\boot [2010/10/29 05:41:34 | 000,000,000 | ---D | C] -- C:\Sources [2010/10/29 05:41:24 | 000,000,000 | ---D | C] -- C:\RITSoftwareProvider [2010/10/29 05:40:45 | 000,000,000 | ---D | C] -- C:\Program Files\FarStone Total Recovery Pro [2010/10/27 07:34:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2010/10/27 07:32:06 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2010/10/27 07:32:06 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2010/10/27 07:32:06 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2010/10/27 07:31:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Application Data\U3 [2010/10/27 06:52:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Application Data\vlc [2010/10/27 06:32:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Application Data\HP [2010/10/27 06:27:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Programs [2010/10/27 06:03:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Local Settings\Application Data\Adobe [2010/10/27 04:31:12 | 000,000,000 | ---D | C] -- C:\PDFZilla [2010/10/27 03:51:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Application Data\Macromedia [2010/10/27 03:51:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Application Data\Adobe [2010/10/27 03:51:13 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\AdmTmp\PrivacIE [2010/10/27 03:51:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Local Settings\Application Data\crazyloader Air [2010/10/27 03:40:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Local Settings\Application Data\Sony [2010/10/27 03:39:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\My Documents\My Podcasts [2010/10/27 03:39:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\My Documents\Media Go [2010/10/27 03:38:37 | 000,000,000 | R--D | C] -- C:\Documents and Settings\AdmTmp\My Documents\My Videos [2010/10/27 03:37:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Sony Shared [2010/10/27 03:37:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Local Settings\Application Data\Downloaded Installations [2010/10/27 03:37:25 | 000,000,000 | ---D | C] -- C:\Program Files\Sony [2010/10/27 03:36:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Application Data\Sun [2010/10/27 03:36:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple [2010/10/27 03:36:32 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime [2010/10/27 03:36:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Local Settings\Application Data\Apple [2010/10/27 03:36:22 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update [2010/10/27 03:36:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Local Settings\Application Data\Apple Computer [2010/10/27 03:34:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Application Data\Sony [2010/10/27 03:33:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Local Settings\Application Data\Sony Ericsson [2010/10/27 03:31:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Local Settings\Application Data\Roxio [2010/10/27 03:31:39 | 000,000,000 | --SD | C] -- C:\Documents and Settings\AdmTmp\IETldCache [2010/10/27 02:20:28 | 000,000,000 | ---D | C] -- C:\Program Files\Sony Ericsson ========== Files - Modified Within 30 Days ========== [2010/11/22 13:51:19 | 001,048,576 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT [2010/11/22 08:51:57 | 003,145,728 | -H-- | M] () -- C:\Documents and Settings\Chupinf\NTUSER.DAT [2010/11/21 16:14:05 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{29DA29CD-CCA3-43F3-9D2E-A0A518FF80F6}.job [2010/11/21 16:13:58 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\AdmTmp\ntuser.ini [2010/11/21 16:13:56 | 007,077,888 | -H-- | M] () -- C:\Documents and Settings\AdmTmp\NTUSER.DAT [2010/11/21 16:12:26 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010/11/21 16:12:25 | 000,262,144 | -H-- | M] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT [2010/11/21 16:12:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010/11/21 14:45:00 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{F478C670-EB69-4F80-AD10-1F866C9C882A}.job [2010/11/21 14:40:40 | 000,262,144 | -H-- | M] () -- C:\Documents and Settings\LocalService\NTUSER.DAT [2010/11/20 14:01:07 | 000,001,142 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-299502267-1425521274-725345543-10999UA.job [2010/11/20 12:28:14 | 000,551,164 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010/11/20 12:28:14 | 000,462,502 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010/11/20 12:28:14 | 000,078,448 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010/11/20 08:11:00 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Chupinf\ntuser.ini [2010/11/20 06:29:08 | 000,000,016 | ---- | M] () -- C:\WINDOWS\System32\dmlconf.dat [2010/11/20 06:24:50 | 000,000,435 | ---- | M] () -- C:\WINDOWS\system.ini [2010/11/20 03:38:10 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010/11/19 08:59:37 | 003,712,744 | -H-- | M] () -- C:\Documents and Settings\AdmTmp\Local Settings\Application Data\IconCache.db [2010/11/19 07:54:02 | 000,061,952 | ---- | M] (Macromedia, Inc.) -- C:\WINDOWS\Explorermgr.exe [2010/11/19 06:29:23 | 000,507,360 | ---- | M] () -- C:\Documents and Settings\AdmTmp\Desktop\sdsetup[1].exe [2010/11/19 06:18:13 | 000,001,124 | ---- | M] () -- C:\Documents and Settings\AdmTmp\Desktop\eBay.lnk [2010/11/19 06:18:13 | 000,001,124 | ---- | M] () -- C:\Documents and Settings\AdmTmp\Application Data\Microsoft\Internet Explorer\Quick Launch\eBay.lnk [2010/11/19 05:30:21 | 000,425,140 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2010/11/19 04:28:18 | 001,015,869 | ---- | M] () -- C:\Documents and Settings\AdmTmp\Desktop\unlocker1.9.0.exe [2010/11/19 03:09:56 | 000,006,497 | ---- | M] () -- C:\WINDOWS\wininit.ini [2010/11/19 02:37:54 | 000,061,952 | ---- | M] (Macromedia, Inc.) -- C:\WINDOWS\System32\userinitmgr.exe [2010/11/18 16:09:53 | 000,001,152 | ---- | M] () -- C:\WINDOWS\System32\windrv.sys [2010/11/18 15:31:14 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20101119-113021.backup [2010/11/18 14:23:52 | 000,001,623 | ---- | M] () -- C:\Documents and Settings\AdmTmp\Desktop\List_Kill'em.lnk [2010/11/18 14:19:57 | 003,285,305 | ---- | M] (g3n-h@ckm@n ) -- C:\Documents and Settings\AdmTmp\Desktop\List_Killem_Install.exe [2010/11/18 13:42:48 | 003,911,434 | R--- | M] () -- C:\Documents and Settings\AdmTmp\Desktop\ComboFix.exe [2010/11/18 05:23:15 | 000,000,327 | RHS- | M] () -- C:\boot.ini [2010/11/16 16:06:51 | 000,068,640 | ---- | M] () -- C:\Documents and Settings\AdmTmp\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [2010/11/16 15:18:53 | 004,784,376 | ---- | M] (Curio Lab) -- C:\Documents and Settings\Chupinf\Desktop\ExterminateItSetup.exe [2010/11/16 15:01:19 | 000,817,050 | ---- | M] () -- C:\Documents and Settings\Chupinf\My Documents\cc_20101116_210039.reg [2010/11/16 15:01:00 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-299502267-1425521274-725345543-10999Core.job [2010/11/16 07:50:22 | 000,343,020 | ---- | M] () -- C:\Documents and Settings\AdmTmp\Desktop\ToolBarSD.exe [2010/11/16 07:13:49 | 000,000,954 | ---- | M] () -- C:\Documents and Settings\AdmTmp\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk [2010/11/16 07:13:49 | 000,000,936 | ---- | M] () -- C:\Documents and Settings\AdmTmp\Desktop\Spybot - Search & Destroy.lnk [2010/11/16 06:13:03 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\AdmTmp\Local Settings\Application Data\housecall.guid.cache [2010/11/16 05:45:39 | 000,024,416 | ---- | M] (Greatis Software) -- C:\WINDOWS\System32\drivers\regguard.sys [2010/11/16 03:32:19 | 000,000,737 | ---- | M] () -- C:\Documents and Settings\AdmTmp\Desktop\Reanimator.lnk [2010/11/16 02:41:30 | 000,037,600 | ---- | M] (Greatis Software) -- C:\WINDOWS\System32\Partizan.exe [2010/11/16 02:41:30 | 000,035,816 | ---- | M] (Greatis Software) -- C:\WINDOWS\System32\drivers\Partizan.sys [2010/11/16 02:40:53 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2010/11/16 02:40:53 | 000,001,688 | ---- | M] () -- C:\WINDOWS\System32\AUTOEXEC.NT [2010/11/16 02:35:31 | 005,336,210 | -H-- | M] () -- C:\Documents and Settings\Chupinf\Local Settings\Application Data\IconCache.db [2010/11/12 08:12:40 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Chupinf\Local Settings\Application Data\housecall.guid.cache [2010/11/11 15:42:22 | 000,000,012 | ---- | M] () -- C:\Documents and Settings\Chupinf\Application Data\abpzlw.dat [2010/11/11 15:20:09 | 000,111,104 | ---- | M] () -- C:\Documents and Settings\Chupinf\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/11/08 15:17:49 | 000,000,692 | ---- | M] () -- C:\Documents and Settings\AdmTmp\Application Data\Microsoft\Internet Explorer\Quick Launch\Infix PDF Editor.lnk [2010/11/08 15:13:41 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\AdmTmp\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/11/08 15:01:55 | 000,002,303 | ---- | M] () -- C:\Documents and Settings\Chupinf\Desktop\Google Chrome.lnk [2010/11/08 15:01:55 | 000,002,281 | ---- | M] () -- C:\Documents and Settings\Chupinf\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2010/11/08 14:59:43 | 017,873,152 | ---- | M] (pdfforge GbR) -- C:\Documents and Settings\Chupinf\My Documents\PDFCreator-1_0_2_setup.exe [2010/11/08 14:54:52 | 000,249,856 | ---- | M] (TODO: <Company name>) -- C:\WINDOWS\System32\pdfmona.dll [2010/11/08 14:54:52 | 000,051,716 | ---- | M] () -- C:\WINDOWS\System32\pdf995mon.dll [2010/11/08 14:54:48 | 002,684,312 | ---- | M] () -- C:\Documents and Settings\Chupinf\My Documents\pdf995s.exe [2010/11/08 10:35:37 | 003,014,282 | ---- | M] () -- C:\Documents and Settings\Chupinf\My Documents\Pazera_Free_MP4_to_AVI_Converter.zip [2010/11/07 19:20:24 | 000,089,088 | ---- | M] () -- C:\WINDOWS\MBR.exe [2010/11/07 14:27:41 | 000,589,480 | ---- | M] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat [2010/11/07 14:11:41 | 004,680,289 | ---- | M] (SVSoftware LTD (www.savevideoplugin.com) ) -- C:\Documents and Settings\Chupinf\My Documents\SaveVideoPluginForIE_setup.exe [2010/11/02 04:52:10 | 000,068,640 | ---- | M] () -- C:\Documents and Settings\Chupinf\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [2010/10/29 06:08:27 | 000,000,529 | RHS- | M] () -- C:\WINDOWS\System32\VFsRegister [2010/10/29 05:53:04 | 000,014,848 | -H-- | M] () -- C:\logicinf.bin [2010/10/29 05:53:04 | 000,001,024 | -H-- | M] () -- C:\diskfile1 [2010/10/29 05:52:44 | 000,000,157 | ---- | M] () -- C:\win32log.ini [2010/10/29 05:43:49 | 000,261,432 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010/10/29 05:41:19 | 004,194,304 | RH-- | M] () -- C:\spc_kern [2010/10/29 05:41:19 | 000,000,000 | RH-- | M] () -- C:\tasks.ini [2010/10/27 07:16:37 | 000,089,716 | ---- | M] () -- C:\WINDOWS\hpoins06.dat [2010/10/27 04:04:16 | 037,065,048 | ---- | M] () -- C:\Documents and Settings\AdmTmp\My Documents\Update_Service_Setup-2.10.11.10.exe [2010/10/27 03:37:00 | 000,001,802 | ---- | M] () -- C:\Documents and Settings\AdmTmp\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk [2010/10/27 03:36:25 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2010/10/27 03:31:44 | 000,000,818 | ---- | M] () -- C:\Documents and Settings\AdmTmp\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2010/10/27 02:33:59 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf [2010/10/27 02:21:00 | 000,000,901 | ---- | M] () -- C:\Documents and Settings\Chupinf\Desktop\Update Service.lnk [2010/10/27 02:20:05 | 037,065,048 | ---- | M] () -- C:\Documents and Settings\Chupinf\My Documents\Update_Service_Setup-2.10.11.10.exe ========== Files Created - No Company Name ========== [2010/11/19 06:29:23 | 000,507,360 | ---- | C] () -- C:\Documents and Settings\AdmTmp\Desktop\sdsetup[1].exe [2010/11/19 04:28:30 | 000,001,124 | ---- | C] () -- C:\Documents and Settings\AdmTmp\Desktop\eBay.lnk [2010/11/19 04:28:30 | 000,001,124 | ---- | C] () -- C:\Documents and Settings\AdmTmp\Application Data\Microsoft\Internet Explorer\Quick Launch\eBay.lnk [2010/11/19 04:28:14 | 001,015,869 | ---- | C] () -- C:\Documents and Settings\AdmTmp\Desktop\unlocker1.9.0.exe [2010/11/19 02:18:15 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\dmlconf.dat [2010/11/18 16:09:53 | 000,001,152 | ---- | C] () -- C:\WINDOWS\System32\windrv.sys [2010/11/18 14:23:52 | 000,001,623 | ---- | C] () -- C:\Documents and Settings\AdmTmp\Desktop\List_Kill'em.lnk [2010/11/18 13:38:48 | 003,911,434 | R--- | C] () -- C:\Documents and Settings\AdmTmp\Desktop\ComboFix.exe [2010/11/18 05:23:15 | 000,000,210 | ---- | C] () -- C:\Boot.bak [2010/11/18 05:23:11 | 000,261,936 | RHS- | C] () -- C:\cmldr [2010/11/18 05:20:22 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe [2010/11/18 05:20:19 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe [2010/11/18 05:20:19 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2010/11/18 05:20:19 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2010/11/18 05:20:19 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2010/11/16 15:00:43 | 000,817,050 | ---- | C] () -- C:\Documents and Settings\Chupinf\My Documents\cc_20101116_210039.reg [2010/11/16 08:19:47 | 000,343,020 | ---- | C] () -- C:\Documents and Settings\AdmTmp\Desktop\ToolBarSD.exe [2010/11/16 07:13:49 | 000,000,954 | ---- | C] () -- C:\Documents and Settings\AdmTmp\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk [2010/11/16 07:13:49 | 000,000,936 | ---- | C] () -- C:\Documents and Settings\AdmTmp\Desktop\Spybot - Search & Destroy.lnk [2010/11/16 06:13:03 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\AdmTmp\Local Settings\Application Data\housecall.guid.cache [2010/11/16 02:40:48 | 000,000,737 | ---- | C] () -- C:\Documents and Settings\AdmTmp\Desktop\Reanimator.lnk [2010/11/12 08:12:40 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Chupinf\Local Settings\Application Data\housecall.guid.cache [2010/11/11 15:42:22 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\Chupinf\Application Data\abpzlw.dat [2010/11/08 14:54:52 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll [2010/11/08 14:54:35 | 002,684,312 | ---- | C] () -- C:\Documents and Settings\Chupinf\My Documents\pdf995s.exe [2010/11/08 10:35:31 | 003,014,282 | ---- | C] () -- C:\Documents and Settings\Chupinf\My Documents\Pazera_Free_MP4_to_AVI_Converter.zip [2010/11/03 12:15:43 | 001,391,616 | ---- | C] () -- C:\WINDOWS\System32\ActPDF.dll [2010/11/03 12:15:09 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\PrtPass.exe [2010/11/03 12:15:08 | 000,691,200 | ---- | C] () -- C:\WINDOWS\System32\PrintLog.exe [2010/11/03 12:15:08 | 000,097,016 | ---- | C] () -- C:\WINDOWS\System32\Cancel.wav [2010/11/03 12:15:08 | 000,010,398 | ---- | C] () -- C:\WINDOWS\System32\START.WAV [2010/11/03 12:15:08 | 000,004,486 | ---- | C] () -- C:\WINDOWS\System32\FINISH.WAV [2010/11/03 12:15:06 | 000,000,692 | ---- | C] () -- C:\Documents and Settings\AdmTmp\Application Data\Microsoft\Internet Explorer\Quick Launch\Infix PDF Editor.lnk [2010/10/29 05:53:04 | 000,001,024 | -H-- | C] () -- C:\diskfile1 [2010/10/29 05:52:44 | 000,000,157 | ---- | C] () -- C:\win32log.ini [2010/10/29 05:41:37 | 000,438,840 | R--- | C] () -- C:\PEMGR [2010/10/29 05:41:19 | 000,014,848 | -H-- | C] () -- C:\logicinf.bin [2010/10/29 05:41:19 | 000,000,000 | RH-- | C] () -- C:\tasks.ini [2010/10/29 05:41:16 | 000,086,056 | ---- | C] () -- C:\WINDOWS\System32\drivers\dcsnap.sys [2010/10/29 05:41:15 | 004,194,304 | RH-- | C] () -- C:\spc_kern [2010/10/29 05:41:15 | 003,145,728 | RH-- | C] () -- C:\spc_init [2010/10/29 05:41:15 | 000,030,972 | ---- | C] () -- C:\FARSBOOT.BIO [2010/10/29 05:41:15 | 000,000,512 | ---- | C] () -- C:\FARSBOOT.BIN [2010/10/29 05:41:15 | 000,000,388 | ---- | C] () -- C:\DCMBRBIN [2010/10/29 05:40:28 | 000,000,529 | RHS- | C] () -- C:\WINDOWS\System32\VFsRegister [2010/10/29 05:39:58 | 000,020,824 | R--- | C] () -- C:\WINDOWS\System32\drivers\FarMntIo.sys [2010/10/27 07:16:16 | 000,089,716 | ---- | C] () -- C:\WINDOWS\hpoins06.dat [2010/10/27 07:16:15 | 000,005,389 | ---- | C] () -- C:\WINDOWS\hpomdl06.dat [2010/10/27 06:51:12 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\AdmTmp\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/10/27 04:03:48 | 037,065,048 | ---- | C] () -- C:\Documents and Settings\AdmTmp\My Documents\Update_Service_Setup-2.10.11.10.exe [2010/10/27 03:59:36 | 000,068,640 | ---- | C] () -- C:\Documents and Settings\AdmTmp\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [2010/10/27 03:37:00 | 000,001,802 | ---- | C] () -- C:\Documents and Settings\AdmTmp\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk [2010/10/27 03:36:25 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2010/10/27 02:21:00 | 000,000,901 | ---- | C] () -- C:\Documents and Settings\Chupinf\Desktop\Update Service.lnk [2010/10/27 02:19:45 | 037,065,048 | ---- | C] () -- C:\Documents and Settings\Chupinf\My Documents\Update_Service_Setup-2.10.11.10.exe [2010/09/20 07:30:13 | 000,000,067 | ---- | C] () -- C:\WINDOWS\SpotAuditor.INI [2010/09/01 09:32:20 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll [2010/08/31 10:27:25 | 000,008,106 | ---- | C] () -- C:\Documents and Settings\Chupinf\Application Data\config [2010/08/26 11:40:22 | 005,336,210 | -H-- | C] () -- C:\Documents and Settings\Chupinf\Local Settings\Application Data\IconCache.db [2010/08/26 11:34:13 | 000,068,640 | ---- | C] () -- C:\Documents and Settings\Chupinf\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [2010/08/26 06:58:41 | 000,111,104 | ---- | C] () -- C:\Documents and Settings\Chupinf\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/08/26 06:46:36 | 000,004,724 | RHS- | C] () -- C:\Documents and Settings\Chupinf\ntuser.pol [2010/08/26 06:46:36 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Chupinf\ntuser.ini [2010/08/26 06:46:34 | 003,145,728 | -H-- | C] () -- C:\Documents and Settings\Chupinf\NTUSER.DAT [2010/08/26 06:46:34 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\Chupinf\NTUSER.DAT.LOG [2010/08/26 06:46:34 | 000,000,062 | -HS- | C] () -- C:\Documents and Settings\Chupinf\Application Data\desktop.ini [2010/08/26 05:53:13 | 003,217,838 | -H-- | C] () -- C:\Documents and Settings\2ddh\Local Settings\Application Data\IconCache.db [2010/08/26 05:47:00 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\2ddh\ntuser.ini [2010/08/26 05:46:59 | 000,786,432 | -H-- | C] () -- C:\Documents and Settings\2ddh\NTUSER.DAT [2010/08/26 05:46:59 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\2ddh\ntuser.dat.LOG [2010/08/26 05:46:59 | 000,000,062 | -HS- | C] () -- C:\Documents and Settings\2ddh\Application Data\desktop.ini [2010/08/26 04:48:39 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/06/29 07:25:22 | 000,589,480 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat [2010/06/29 05:06:43 | 000,068,104 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [2010/06/11 07:22:28 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\DWFPORTMON3.DLL.del [2010/06/11 06:47:46 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL [2010/06/11 06:47:45 | 000,006,497 | ---- | C] () -- C:\WINDOWS\wininit.ini [2010/06/11 06:36:17 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\custmon32.dll [2010/05/12 05:54:49 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2010/05/12 05:35:56 | 004,815,212 | -H-- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db [2010/05/12 05:30:14 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Administrator\ntuser.ini [2010/05/12 05:30:13 | 001,048,576 | -H-- | C] () -- C:\Documents and Settings\Administrator\NTUSER.DAT [2010/05/12 05:30:13 | 000,028,672 | -H-- | C] () -- C:\Documents and Settings\Administrator\ntuser.dat.LOG [2010/05/12 05:30:13 | 000,000,062 | -HS- | C] () -- C:\Documents and Settings\Administrator\Application Data\desktop.ini [2010/04/22 15:36:03 | 002,679,032 | -H-- | C] () -- C:\Documents and Settings\9LocTempInst\Local Settings\Application Data\IconCache.db [2010/04/22 15:35:11 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\9LocTempInst\ntuser.dat.LOG [2010/04/22 15:35:11 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\9LocTempInst\ntuser.ini [2010/04/22 15:35:11 | 000,000,062 | -HS- | C] () -- C:\Documents and Settings\9LocTempInst\Application Data\desktop.ini [2010/04/22 15:35:10 | 000,786,432 | -H-- | C] () -- C:\Documents and Settings\9LocTempInst\NTUSER.DAT [2010/04/22 14:33:56 | 000,262,144 | ---- | C] () -- C:\WINDOWS\system32\config\systemprofile\ntuser.dat [2010/04/22 14:33:56 | 000,008,192 | -H-- | C] () -- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG [2010/04/22 14:31:18 | 000,000,391 | ---- | C] () -- C:\Documents and Settings\AdmTmp\WebAccess.cmd [2010/04/22 03:26:03 | 002,148,138 | -H-- | C] () -- C:\Documents and Settings\9DomTempInst\Local Settings\Application Data\IconCache.db [2010/04/22 03:17:53 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\9DomTempInst\ntuser.dat.LOG [2010/04/22 03:17:53 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\9DomTempInst\ntuser.ini [2010/04/22 03:17:53 | 000,000,062 | -HS- | C] () -- C:\Documents and Settings\9DomTempInst\Application Data\desktop.ini [2010/04/22 03:17:52 | 000,786,432 | -H-- | C] () -- C:\Documents and Settings\9DomTempInst\NTUSER.DAT [2010/04/14 17:09:27 | 003,712,744 | -H-- | C] () -- C:\Documents and Settings\AdmTmp\Local Settings\Application Data\IconCache.db [2010/04/14 17:00:03 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\AdmTmp\ntuser.ini [2010/04/14 17:00:02 | 007,077,888 | -H-- | C] () -- C:\Documents and Settings\AdmTmp\NTUSER.DAT [2010/04/14 17:00:02 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\AdmTmp\ntuser.dat.LOG [2010/04/14 17:00:02 | 000,000,062 | -HS- | C] () -- C:\Documents and Settings\AdmTmp\Application Data\desktop.ini [2010/04/14 16:59:14 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\LocalService\ntuser.ini [2010/04/14 16:59:13 | 000,262,144 | -H-- | C] () -- C:\Documents and Settings\LocalService\NTUSER.DAT [2010/04/14 16:59:13 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\LocalService\ntuser.dat.LOG [2010/04/14 16:58:20 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\NetworkService\ntuser.ini [2010/04/14 16:58:19 | 000,262,144 | -H-- | C] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT [2010/04/14 16:58:19 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\NetworkService\ntuser.dat.LOG [2010/04/14 16:57:32 | 000,000,062 | -HS- | C] () -- C:\WINDOWS\system32\config\systemprofile\Application Data\desktop.ini [2010/04/14 16:55:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\control.ini [2010/04/14 16:51:36 | 000,000,037 | ---- | C] () -- C:\WINDOWS\vbaddin.ini [2010/04/14 16:51:36 | 000,000,036 | ---- | C] () -- C:\WINDOWS\vb.ini [2010/04/14 16:50:50 | 000,013,223 | ---- | C] () -- C:\WINDOWS\System32\tslabels.ini [2010/04/14 16:50:49 | 000,001,931 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.ini [2010/04/14 09:45:23 | 000,551,164 | ---- | C] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010/04/14 09:45:22 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2009/08/03 08:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll [2009/01/05 09:44:10 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini [2008/04/14 07:00:00 | 001,291,776 | ---- | C] () -- C:\WINDOWS\System32\quartz.dll [2008/04/14 07:00:00 | 001,015,477 | ---- | C] () -- C:\WINDOWS\System32\esentprf.ini [2008/04/14 07:00:00 | 000,733,696 | ---- | C] () -- C:\WINDOWS\System32\qedwipes.dll [2008/04/14 07:00:00 | 000,562,176 | ---- | C] () -- C:\WINDOWS\System32\qedit.dll [2008/04/14 07:00:00 | 000,498,742 | ---- | C] () -- C:\WINDOWS\System32\dxmasf.dll [2008/04/14 07:00:00 | 000,386,048 | ---- | C] () -- C:\WINDOWS\System32\qdvd.dll [2008/04/14 07:00:00 | 000,355,112 | ---- | C] () -- C:\WINDOWS\System32\msjetoledb40.dll [2008/04/14 07:00:00 | 000,279,040 | ---- | C] () -- C:\WINDOWS\System32\qdv.dll [2008/04/14 07:00:00 | 000,270,848 | ---- | C] () -- C:\WINDOWS\System32\sbe.dll [2008/04/14 07:00:00 | 000,252,928 | ---- | C] () -- C:\WINDOWS\System32\compatUI.dll [2008/04/14 07:00:00 | 000,199,168 | ---- | C] () -- C:\WINDOWS\System32\ir32_32.dll [2008/04/14 07:00:00 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\qcap.dll [2008/04/14 07:00:00 | 000,186,880 | ---- | C] () -- C:\WINDOWS\System32\encdec.dll [2008/04/14 07:00:00 | 000,094,282 | ---- | C] () -- C:\WINDOWS\System32\msencode.dll [2008/04/14 07:00:00 | 000,070,656 | ---- | C] () -- C:\WINDOWS\System32\amstream.dll [2008/04/14 07:00:00 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\devenum.dll [2008/04/14 07:00:00 | 000,053,478 | ---- | C] () -- C:\WINDOWS\System32\tcpmon.ini [2008/04/14 07:00:00 | 000,042,809 | ---- | C] () -- C:\WINDOWS\System32\key01.sys [2008/04/14 07:00:00 | 000,042,537 | ---- | C] () -- C:\WINDOWS\System32\keyboard.sys [2008/04/14 07:00:00 | 000,035,648 | ---- | C] () -- C:\WINDOWS\System32\ntio411.sys [2008/04/14 07:00:00 | 000,035,424 | ---- | C] () -- C:\WINDOWS\System32\ntio412.sys [2008/04/14 07:00:00 | 000,035,328 | ---- | C] () -- C:\WINDOWS\System32\mciqtz32.dll [2008/04/14 07:00:00 | 000,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio804.sys [2008/04/14 07:00:00 | 000,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio404.sys [2008/04/14 07:00:00 | 000,033,840 | ---- | C] () -- C:\WINDOWS\System32\ntio.sys [2008/04/14 07:00:00 | 000,029,370 | ---- | C] () -- C:\WINDOWS\System32\ntdos411.sys [2008/04/14 07:00:00 | 000,029,274 | ---- | C] () -- C:\WINDOWS\System32\ntdos412.sys [2008/04/14 07:00:00 | 000,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos804.sys [2008/04/14 07:00:00 | 000,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos404.sys [2008/04/14 07:00:00 | 000,027,866 | ---- | C] () -- C:\WINDOWS\System32\ntdos.sys [2008/04/14 07:00:00 | 000,027,097 | ---- | C] () -- C:\WINDOWS\System32\country.sys [2008/04/14 07:00:00 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\tsd32.dll [2008/04/14 07:00:00 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo.dll [2008/04/14 07:00:00 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\win87em.dll [2008/04/14 07:00:00 | 000,012,082 | ---- | C] () -- C:\WINDOWS\System32\rsvp.ini [2008/04/14 07:00:00 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\scriptpw.dll [2008/04/14 07:00:00 | 000,010,110 | ---- | C] () -- C:\WINDOWS\System32\mqperf.ini [2008/04/14 07:00:00 | 000,009,029 | ---- | C] () -- C:\WINDOWS\System32\ansi.sys [2008/04/14 07:00:00 | 000,006,877 | ---- | C] () -- C:\WINDOWS\System32\pschdprf.ini [2008/04/14 07:00:00 | 000,004,768 | ---- | C] () -- C:\WINDOWS\System32\himem.sys [2008/04/14 07:00:00 | 000,004,126 | ---- | C] () -- C:\WINDOWS\System32\msdxmlc.dll [2008/04/14 07:00:00 | 000,003,458 | ---- | C] () -- C:\WINDOWS\System32\rasctrs.ini [2008/04/14 07:00:00 | 000,002,891 | ---- | C] () -- C:\WINDOWS\System32\perfci.ini [2008/04/14 07:00:00 | 000,002,732 | ---- | C] () -- C:\WINDOWS\System32\perfwci.ini [2008/04/14 07:00:00 | 000,002,656 | ---- | C] () -- C:\WINDOWS\System32\netware.drv [2008/04/14 07:00:00 | 000,001,405 | ---- | C] () -- C:\WINDOWS\msdfmap.ini [2008/04/14 07:00:00 | 000,001,350 | ---- | C] () -- C:\WINDOWS\win.ini [2008/04/14 07:00:00 | 000,001,152 | ---- | C] () -- C:\WINDOWS\System32\perffilt.ini [2008/04/14 07:00:00 | 000,000,435 | ---- | C] () -- C:\WINDOWS\system.ini [2008/04/14 07:00:00 | 000,000,343 | ---- | C] () -- C:\WINDOWS\System32\prodspec.ini [2007/09/27 12:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini [2007/09/27 12:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini [2007/09/27 12:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini [2007/07/03 14:22:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini [2006/09/24 16:02:34 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll [2006/09/24 16:02:34 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll [2006/06/29 16:58:52 | 000,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont [2006/06/29 16:53:56 | 000,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont [2006/04/18 17:39:28 | 000,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont [2006/04/18 17:39:28 | 000,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont [2001/08/17 17:36:28 | 000,157,696 | ---- | C] () -- C:\WINDOWS\System32\paqsp.dll [2001/07/06 08:30:00 | 000,003,425 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini [2000/01/06 19:00:00 | 000,022,224 | ---- | C] () -- C:\WINDOWS\System32\proclsvr.drv ========== LOP Check ========== [2010/08/26 05:51:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\2ddh\Application Data\ICAClient [2010/04/22 03:20:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\9DomTempInst\Application Data\ICAClient [2010/06/29 07:08:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Autodesk [2010/06/29 07:29:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ICAClient [2010/11/16 16:01:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\AdmTmp\Application Data\DMCache [2010/11/03 12:15:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\AdmTmp\Application Data\Iceni [2010/11/12 08:35:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\AdmTmp\Application Data\PCFix [2010/10/27 03:39:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\AdmTmp\Application Data\Sony [2010/09/24 10:37:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chupinf\Application Data\Autodesk [2010/09/02 03:55:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chupinf\Application Data\CamfrogWEB [2010/09/10 09:48:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chupinf\Application Data\CrazyLoader [2010/09/13 07:08:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chupinf\Application Data\FDRLab [2010/09/10 02:00:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chupinf\Application Data\ICAClient [2010/09/01 09:35:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chupinf\Application Data\Netviewer [2010/11/16 02:01:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chupinf\Application Data\PCFix [2010/09/24 08:12:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chupinf\Application Data\Thinstall [2010/10/14 07:32:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chupinf\Application Data\Utherverse [2010/09/08 06:38:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chupinf\Application Data\Windows Search [2010/11/21 16:14:05 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{29DA29CD-CCA3-43F3-9D2E-A0A518FF80F6}.job [2010/11/21 14:45:00 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{F478C670-EB69-4F80-AD10-1F866C9C882A}.job ========== Purity Check ========== ========== Custom Scans ========== Invalid Environment Variable: %ALLUSERSPROFILE%\Application Data\*. Invalid Environment Variable: %ALLUSERSPROFILE%\Application Data\*.exe Invalid Environment Variable: %APPDATA%\*. Invalid Environment Variable: %APPDATA%\*.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AEC.SYS > [2008/04/14 07:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:aec.sys [2008/04/14 00:09:24 | 000,142,592 | ---- | M] (Microsoft Corporation) MD5=8BED39E3C35D6A489438B8141717A557 -- C:\WINDOWS\ERDNT\cache\aec.sys [2008/04/14 00:09:24 | 000,142,592 | ---- | M] (Microsoft Corporation) MD5=8BED39E3C35D6A489438B8141717A557 -- C:\WINDOWS\system32\dllcache\aec.sys [2008/04/14 00:09:24 | 000,142,592 | ---- | M] (Microsoft Corporation) MD5=8BED39E3C35D6A489438B8141717A557 -- C:\WINDOWS\system32\drivers\aec.sys < MD5 for: AGP440.SYS > [2008/04/14 07:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys < MD5 for: ALG.EXE > [2008/04/14 07:00:00 | 000,044,544 | ---- | M] (Microsoft Corporation) MD5=8C515081584A38AA007909CD02020B3D -- C:\WINDOWS\system32\alg.exe [2008/04/14 07:00:00 | 000,044,544 | ---- | M] (Microsoft Corporation) MD5=8C515081584A38AA007909CD02020B3D -- C:\WINDOWS\system32\dllcache\alg.exe < MD5 for: ATAPI.SYS > [2008/04/14 07:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2008/04/14 02:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys [2008/04/14 02:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys [2008/04/14 02:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2008/04/14 07:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys [2008/04/14 02:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys < MD5 for: CDROM.SYS > [2008/04/14 07:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys [2008/04/14 07:00:00 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys < MD5 for: CSRSS.EXE > [2008/04/14 07:00:00 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=44F275C64738EA2056E3D9580C23B60F -- C:\WINDOWS\system32\csrss.exe [2008/04/14 07:00:00 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=44F275C64738EA2056E3D9580C23B60F -- C:\WINDOWS\system32\dllcache\csrss.exe < MD5 for: CTFMON.EXE > [2008/04/14 07:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5F1D5F88303D4A4DBC8E5F97BA967CC3 -- C:\WINDOWS\ERDNT\cache\ctfmon.exe [2008/04/14 07:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5F1D5F88303D4A4DBC8E5F97BA967CC3 -- C:\WINDOWS\system32\ctfmon.exe [2008/04/14 07:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5F1D5F88303D4A4DBC8E5F97BA967CC3 -- C:\WINDOWS\system32\dllcache\ctfmon.exe < MD5 for: DISK.SYS > [2008/04/14 07:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys [2008/04/14 07:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys < MD5 for: EVENTLOG.DLL > [2008/04/14 07:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll [2008/04/14 07:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll [2008/04/14 07:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll < MD5 for: EXPLORER.EXE > [2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe [2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe [2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe < MD5 for: I8042PRT.SYS > [2008/04/14 07:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:i8042prt.sys [2008/04/14 02:48:02 | 000,052,480 | ---- | M] (Microsoft Corporation) MD5=4A0B06AA8943C1E332520F7440C0AA30 -- C:\WINDOWS\system32\dllcache\i8042prt.sys [2008/04/14 02:48:02 | 000,052,480 | ---- | M] (Microsoft Corporation) MD5=4A0B06AA8943C1E332520F7440C0AA30 -- C:\WINDOWS\system32\drivers\i8042prt.sys [2008/04/14 07:00:00 | 000,052,480 | ---- | M] (Microsoft Corporation) MD5=4A0B06AA8943C1E332520F7440C0AA30 -- C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\i386\i8042prt.sys < MD5 for: IASTOR.SYS > [2008/07/21 00:44:44 | 000,324,120 | ---- | M] (Intel Corporation) MD5=707C1692214B1C290271067197F075F6 -- C:\WINDOWS\Dell\Intel\IaStor.sys < MD5 for: IMAPI.SYS > [2008/04/14 07:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:imapi.sys [2008/04/14 07:00:00 | 000,042,112 | ---- | M] (Microsoft Corporation) MD5=083A052659F5310DD8B6A6CB05EDCF8E -- C:\WINDOWS\system32\drivers\imapi.sys < MD5 for: INTELIDE.SYS > [2008/04/14 07:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:intelide.sys < MD5 for: MOUNTMGR.SYS > [2008/04/14 07:00:00 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=A80B9A0BAD1B73637DBCBBA7DF72D3FD -- C:\WINDOWS\system32\dllcache\mountmgr.sys [2008/04/14 07:00:00 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=A80B9A0BAD1B73637DBCBBA7DF72D3FD -- C:\WINDOWS\system32\drivers\mountmgr.sys < MD5 for: MRXSMB.SYS > [2008/04/14 07:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:mrxsmb.sys [2008/10/24 06:41:12 | 000,455,936 | ---- | M] (Microsoft Corporation) MD5=7170AB42B51954DEF2781A4D1CCE65F4 -- C:\WINDOWS\$hf_mig$\KB957097\SP3QFE\mrxsmb.sys [2010/02/24 06:57:57 | 000,457,216 | ---- | M] (Microsoft Corporation) MD5=D09B9F0B9960DD41E73127B7814C115F -- C:\WINDOWS\$hf_mig$\KB980232\SP3QFE\mrxsmb.sys [2010/02/24 08:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=F3AEFB11ABC521122B67095044169E98 -- C:\WINDOWS\Driver Cache\i386\mrxsmb.sys [2010/02/24 08:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=F3AEFB11ABC521122B67095044169E98 -- C:\WINDOWS\system32\dllcache\mrxsmb.sys [2010/02/24 08:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=F3AEFB11ABC521122B67095044169E98 -- C:\WINDOWS\system32\drivers\mrxsmb.sys < MD5 for: NDIS.SYS > [2008/04/14 07:00:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ERDNT\cache\ndis.sys [2008/04/14 07:00:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\dllcache\ndis.sys [2008/04/14 07:00:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys < MD5 for: NETLOGON.DLL > [2008/04/14 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll [2008/04/14 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll [2008/04/14 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll < MD5 for: NVGTS.SYS > [2008/01/21 13:15:22 | 000,102,400 | ---- | M] (NVIDIA Corporation) MD5=A0B3F3A5049931657164F0FFCF0B208E -- C:\WINDOWS\Dell\NVidia\nvgts.sys < MD5 for: NVRD32.SYS > [2008/01/21 13:15:22 | 000,128,000 | ---- | M] (NVIDIA Corporation) MD5=C9128FE14E5C1E55710781B5C276F2ED -- C:\WINDOWS\Dell\NVidia\nvrd32.sys < MD5 for: RASACD.SYS > [2008/04/14 07:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) MD5=FE0D99D6F31E4FAD8159F690D68DED9C -- C:\WINDOWS\system32\dllcache\rasacd.sys [2008/04/14 07:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) MD5=FE0D99D6F31E4FAD8159F690D68DED9C -- C:\WINDOWS\system32\drivers\rasacd.sys < MD5 for: RDPCDD.SYS > [2008/04/14 07:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=4912D5B403614CE99C28420F75353332 -- C:\WINDOWS\system32\dllcache\rdpcdd.sys [2008/04/14 07:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=4912D5B403614CE99C28420F75353332 -- C:\WINDOWS\system32\drivers\rdpcdd.sys < MD5 for: REDBOOK.SYS > [2008/04/14 07:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:redbook.sys [2008/04/13 19:10:28 | 000,057,600 | ---- | M] (Microsoft Corporation) MD5=F828DD7E1419B6653894A8F97A0094C5 -- C:\WINDOWS\system32\drivers\redbook.sys < MD5 for: SCECLI.DLL > [2008/04/14 07:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll [2008/04/14 07:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll [2008/04/14 07:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll < MD5 for: SERVICES.EXE > [2009/02/06 06:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe [2009/02/06 06:11:06 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\ERDNT\cache\services.exe [2009/02/06 06:11:06 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe [2009/02/06 06:11:06 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe < MD5 for: SMSS.EXE > [2008/04/14 07:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=5F816C1F539266D2D4C78694239DA0B5 -- C:\WINDOWS\system32\dllcache\smss.exe [2008/04/14 07:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=5F816C1F539266D2D4C78694239DA0B5 -- C:\WINDOWS\system32\smss.exe [2004/08/03 19:03:38 | 000,176,128 | ---- | M] (Microsoft Corporation) MD5=D231F62EA6BB1E793E05ABDCFF3E2EFF -- C:\cmdcons\SYSTEM32\SMSS.EXE < MD5 for: SPOOLSV.EXE > [2010/08/17 08:19:36 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=258DD5D4283FD9F9A7166BE9AE45CE73 -- C:\WINDOWS\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe [2010/08/17 08:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=60784F891563FB1B767F70117FC2428F -- C:\WINDOWS\ERDNT\cache\spoolsv.exe [2010/08/17 08:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=60784F891563FB1B767F70117FC2428F -- C:\WINDOWS\system32\dllcache\spoolsv.exe [2010/08/17 08:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=60784F891563FB1B767F70117FC2428F -- C:\WINDOWS\system32\spoolsv.exe < MD5 for: SVCHOST.EXE > [2008/04/14 07:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe [2008/04/14 07:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe [2008/04/14 07:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe < MD5 for: TCPIP.SYS > [2008/06/20 06:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\ERDNT\cache\tcpip.sys [2008/06/20 06:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys [2008/06/20 06:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys [2008/06/20 06:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys < MD5 for: TERMDD.SYS > [2008/04/14 07:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:termdd.sys [2008/04/14 07:43:22 | 000,040,840 | ---- | M] (Microsoft Corporation) MD5=88155247177638048422893737429D9E -- C:\WINDOWS\system32\drivers\termdd.sys < MD5 for: USERINIT.EXE > [2008/04/14 07:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe [2008/04/14 07:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe [2008/04/14 07:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe < MD5 for: WIN32K.SYS > [2010/08/31 08:38:48 | 001,861,888 | ---- | M] (Microsoft Corporation) MD5=51420D569A883CC13D656783B2C86D8E -- C:\WINDOWS\$hf_mig$\KB981957\SP3QFE\win32k.sys [2010/05/02 01:34:15 | 001,860,352 | ---- | M] (Microsoft Corporation) MD5=A3D4A7B714D4A74B7CD4296302F1A9FA -- C:\WINDOWS\$hf_mig$\KB979559\SP3QFE\win32k.sys [2010/08/31 08:42:52 | 001,852,800 | ---- | M] (Microsoft Corporation) MD5=A77B5764CD2106D36148CB5E5DDF6BC6 -- C:\WINDOWS\system32\dllcache\win32k.sys [2010/08/31 08:42:52 | 001,852,800 | ---- | M] (Microsoft Corporation) MD5=A77B5764CD2106D36148CB5E5DDF6BC6 -- C:\WINDOWS\system32\win32k.sys [2010/06/23 21:14:38 | 001,861,120 | ---- | M] (Microsoft Corporation) MD5=C0B2DA12C5CB448F9EA3AF16416745CB -- C:\WINDOWS\$hf_mig$\KB2160329\SP3QFE\win32k.sys [2009/08/14 19:49:40 | 001,859,712 | ---- | M] (Microsoft Corporation) MD5=F6B54A56F02D24BF43E72662D44A6B14 -- C:\WINDOWS\$hf_mig$\KB969947\SP3QFE\win32k.sys < MD5 for: WINLOGON.EXE > [2008/04/14 07:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe [2008/04/14 07:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe [2008/04/14 07:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2008/06/20 12:46:58 | 000,147,968 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dnsapi.dll [2010/09/10 00:58:05 | 011,080,192 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ieframe.dll [2010/09/10 00:58:06 | 001,986,560 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iertutil.dll [2008/04/14 07:00:00 | 000,274,944 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\mstask.dll [2008/04/14 07:00:00 | 000,067,072 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ntdsapi.dll [2010/07/27 01:30:35 | 008,462,336 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\shell32.dll < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2010/04/14 09:43:14 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav [2010/04/14 09:43:14 | 001,089,536 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav [2010/04/14 09:43:14 | 000,929,792 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav < CREATERESTOREPOINT > < End of report >

voici le rapport suite au scan otlpe. Si cela peut t'aider je pense avoir malencontreusement effacer un fichier userinit dans la base du registe : merci pour toute cette dépense d'énergie. Cijoint.fr - Service gratuit de dépôt de fichiers

voilà j'ai suivi à la lettre les différentes procédures proposées mais rien ne semblent aller mieux. j'ai toujours un soucis avec watermark.exe porteur du virus. J'ai finalement fait un scan avec le logiciel Norman Malware Cleaner depuis je n'arrive plus à me loguer (c'est à dire que même en mode sans échec je dois introduire mon login et mot de passe et le système fait un login logoff et revient à la fenêtre ctrl+alt+del pour login et mot de passe ?) Que faire ?

je cherche aussi de mon coté. Si cela peut aider le fichier watermark.exe m'inquiète beaucoup de plus il m'est impossible d ele supprimer (même avec unlocker)

Bonjour, je pense qu'il va falloir faire appel à l'équipe. Virusscan détecte toujours ce w32/NGVCK sur les fichiers jqsmgr.exe ; iexplorermgr.exe et AcroRd32mgr.exe tiens tiens que des fichiers *mgr.exe dont certains sont cachés.

voici le nouveau rapport otl en mode normal OTL logfile created on: 11/18/2010 10:24:20 PM - Run 4 OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\AdmTmp\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 54.00% Memory free 4.00 Gb Paging File | 3.00 Gb Available in Paging File | 79.00% Paging File free Paging file location(s): C:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 36.00 Gb Total Space | 21.41 Gb Free Space | 59.47% Space Free | Partition Type: NTFS Drive D: | 38.41 Gb Total Space | 23.65 Gb Free Space | 61.57% Space Free | Partition Type: NTFS Drive E: | 77.03 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: NBUR329 | User Name: AdmTmp | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\AdmTmp\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\SpyNoMore\SNM.exe (Illysoft LLC) PRC - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe (McAfee, Inc.) PRC - C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe (McAfee, Inc.) PRC - C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.) PRC - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.) PRC - C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe (McAfee, Inc.) PRC - C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe (McAfee, Inc.) PRC - C:\Program Files\McAfee\Common Framework\naPrdMgr.exe (McAfee, Inc.) PRC - C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.) PRC - C:\WINDOWS\system32\PrintDisp.exe (ActMask Co.,Ltd - http://www.all2pdf.com) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\WINDOWS\system32\stacsv.exe (SigmaTel, Inc.) PRC - C:\Program Files\UPHClean\uphclean.exe (Microsoft Corporation) PRC - C:\WINDOWS\system32\HPZipm12.exe (HP) ========== Modules (SafeList) ========== MOD - C:\Documents and Settings\AdmTmp\Desktop\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\igfxdo.dll (Intel Corporation) ========== Win32 Services (SafeList) ========== SRV - (WMPNetworkSvc) -- C:\Program Files\Windows Media Player\WMPNetwk.exe File not found SRV - (Tran_Process_Proc) -- C:\Program Files\FarStone Total Recovery Pro\Client\DCNTranProc.exe File not found SRV - (stllssvr) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe File not found SRV - (OMSI download service) -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe File not found SRV - (OCS INVENTORY) -- C:\Program Files\OCS Inventory Agent\ocsservice.exe File not found SRV - (IDriverT) -- C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe File not found SRV - (FBAgent) -- C:\Program Files\FarStone Total Recovery Pro\Client\Efb\FBPAgent.exe File not found SRV - (Akamai) -- c:\Program Files\Common Files\Akamai\netsession_win_4176eef.dll () SRV - (DCScheduler) -- C:\Program Files\FarStone Total Recovery Pro\Client\CBP\DCSchdlerSRVC.exe () SRV - (McShield) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe (McAfee, Inc.) SRV - (mfevtp) -- C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.) SRV - (McTaskManager) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.) SRV - (McAfeeEngineService) -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe (McAfee, Inc.) SRV - (McAfeeFramework) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.) SRV - (STacSV) -- C:\WINDOWS\system32\stacsv.exe (SigmaTel, Inc.) SRV - (UPHClean) -- C:\Program Files\UPHClean\uphclean.exe (Microsoft Corporation) SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP) ========== Driver Services (SafeList) ========== DRV - (SAVOnAccessFilter) -- C:\WINDOWS\System32\DRIVERS\savonaccessfilter.sys File not found DRV - (SAVOnAccessControl) -- C:\WINDOWS\System32\DRIVERS\savonaccesscontrol.sys File not found DRV - (DVDRC) -- C:\WINDOWS\System32\drivers\DVDRC.sys File not found DRV - (catchme) -- C:\DOCUME~1\AdmTmp\LOCALS~1\Temp\catchme.sys File not found DRV - (RegGuard) -- C:\WINDOWS\system32\drivers\regguard.sys (Greatis Software) DRV - (Partizan) -- C:\WINDOWS\system32\drivers\Partizan.sys (Greatis Software) DRV - (FARMNTIO) -- C:\WINDOWS\system32\drivers\FarMntIo.sys () DRV - (dcsnap) -- C:\WINDOWS\System32\drivers\dcsnap.sys () DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.) DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.) DRV - (mfeapfk) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.) DRV - (mferkdet) -- C:\WINDOWS\system32\drivers\mferkdet.sys (McAfee, Inc.) DRV - (mfetdik) -- C:\WINDOWS\system32\drivers\mfetdik.sys (McAfee, Inc.) DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.) DRV - (NETw5x32) Intel® -- C:\WINDOWS\system32\drivers\NETw5x32.sys (Intel Corporation) DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation) DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider) DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (guardian2) -- C:\WINDOWS\system32\drivers\oz776.sys (O2Micro) DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.) DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.) DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.) DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation) DRV - (DRVNDDM) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS (Roxio) DRV - (DLARTL_M) -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS (Roxio) DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Roxio) DRV - (DLADResM) -- C:\WINDOWS\system32\DLA\DLADResM.SYS (Roxio) DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Roxio) DRV - (DLABMFSM) -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS (Roxio) DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Roxio) DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Roxio) DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Roxio) DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Roxio) DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Roxio) DRV - (DRVMCDB) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\software\mozilla\Firefox\Extensions\\crazyloader@spointer.com: C:\Program Files\CrazyLoader\spointer\extensions\crazyloader@spointer.com [2010/09/10 15:48:13 | 000,000,000 | ---D | M] O1 HOSTS File: ([2010/11/18 21:31:14 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (no name) - {F03966D3-8EA0-47b4-BBE0-85BFE6CBC8AC} - No CLSID value found. O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.) O4 - HKLM..\Run: [PrintDisp] C:\WINDOWS\system32\PrintDisp.exe (ActMask Co.,Ltd - http://www.all2pdf.com) O4 - HKLM..\Run: [shStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.) O4 - HKLM..\Run: [sNM] C:\Program Files\SpyNoMore\SNM.exe (Illysoft LLC) O4 - HKLM..\RunOnce: [WMC_0] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} http://activex.camfrogweb.com/advanced/2.0.1.14/cfweb_activex.camfrogweb.com-advanced-2.0.1.14_instmodule.exe (CamfrogWEB Advanced Unicode Control) O16 - DPF: {32305793-C19A-48E7-AD2F-D87FF7B264A4} http://download.tenebril.com/pub/bin/scanner2008/TenebrilSpywareScanner.ocx (TenebrilSpywareScanner Control) O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (BDSCANONLINE Control) O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab (Windows Live Safety Center Base Module) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1277811945671 (MUWebControl Class) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = we.ad-root.biz O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (c:\program files\microsoft\watermark.exe) - c:\Program Files\Microsoft\WaterMark.exe () O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O24 - Desktop WallPaper: C:\Documents and Settings\AdmTmp\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\AdmTmp\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010/04/14 22:55:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2010/11/17 10:04:14 | 000,000,052 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ] O32 - AutoRun File - [2010/11/17 10:04:13 | 000,000,071 | R--- | M] () - E:\AUTORUN_USB.INF -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (Partizan) - C:\WINDOWS\System32\Partizan.exe (Greatis Software) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010/11/18 22:23:12 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\AdmTmp\Desktop\OTL.exe [2010/11/18 22:09:42 | 000,000,000 | ---D | C] -- C:\Program Files\SpyNoMore [2010/11/18 21:47:48 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2010/11/18 21:33:40 | 000,061,952 | ---- | C] (Macromedia, Inc.) -- C:\WINDOWS\explorermgr.exe [2010/11/18 21:32:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp [2010/11/18 20:47:51 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\AdmTmp\Recent [2010/11/18 20:23:53 | 000,000,000 | ---D | C] -- C:\Kill'em [2010/11/18 20:20:08 | 000,000,000 | ---D | C] -- C:\Program Files\List_Kill'em [2010/11/18 20:19:46 | 003,285,305 | ---- | C] (g3n-h@ckm@n ) -- C:\Documents and Settings\AdmTmp\Desktop\List_Killem_Install.exe [2010/11/18 19:48:39 | 000,000,000 | ---D | C] -- C:\_OTL [2010/11/18 11:23:08 | 000,000,000 | RHSD | C] -- C:\cmdcons [2010/11/18 11:20:21 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2010/11/18 11:20:19 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2010/11/18 11:20:19 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2010/11/18 11:20:19 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2010/11/18 11:20:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2010/11/18 11:18:03 | 000,000,000 | ---D | C] -- C:\Qoobox [2010/11/16 22:07:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Local Settings\Application Data\AVERT [2010/11/16 21:18:57 | 000,000,000 | ---D | C] -- C:\Program Files\Exterminate It! [2010/11/16 14:27:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Application Data\Malwarebytes [2010/11/16 14:27:03 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010/11/16 14:27:01 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010/11/16 14:27:01 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010/11/16 14:27:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2010/11/16 14:19:49 | 000,000,000 | ---D | C] -- C:\ToolBar SD [2010/11/16 13:13:42 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy [2010/11/16 13:13:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy [2010/11/16 11:39:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Local Settings\Application Data\Help [2010/11/16 11:39:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Application Data\Help [2010/11/16 08:54:15 | 000,024,416 | ---- | C] (Greatis Software) -- C:\WINDOWS\System32\drivers\regguard.sys [2010/11/16 08:46:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\RegRunInfo [2010/11/16 08:41:30 | 000,037,600 | ---- | C] (Greatis Software) -- C:\WINDOWS\System32\Partizan.exe [2010/11/16 08:41:30 | 000,035,816 | ---- | C] (Greatis Software) -- C:\WINDOWS\System32\drivers\Partizan.sys [2010/11/16 08:40:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\My Documents\RegRun2 [2010/11/16 08:40:44 | 000,000,000 | ---D | C] -- C:\Program Files\Greatis [2010/11/12 14:48:32 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2010/11/12 14:34:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Application Data\PCFix [2010/11/12 12:24:52 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center [2010/11/12 10:18:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\BDOSCAN8 [2010/11/11 21:42:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft [2010/11/08 21:17:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ActPrint [2010/11/08 20:54:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\pdf995 [2010/11/08 20:54:52 | 000,249,856 | ---- | C] (TODO: <Company name>) -- C:\WINDOWS\System32\pdfmona.dll [2010/11/08 20:54:51 | 000,000,000 | ---D | C] -- C:\Program Files\pdf995 [2010/11/08 15:26:10 | 000,000,000 | ---D | C] -- C:\Program Files\IVCsoft [2010/11/07 20:22:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\My Documents\Downloads [2010/11/07 20:22:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Application Data\DMCache [2010/11/03 18:15:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Local Settings\Application Data\Iceni [2010/11/03 18:15:43 | 002,519,040 | ---- | C] (DynaForms GmbH) -- C:\WINDOWS\System32\CPDF.dll [2010/11/03 18:15:15 | 000,878,080 | ---- | C] (ActMask Co.,Ltd - http://www.all2pdf.com) -- C:\WINDOWS\System32\PrintDisp.exe [2010/11/03 18:15:15 | 000,077,824 | ---- | C] (ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM) -- C:\WINDOWS\System32\PrintCtrl.exe [2010/11/03 18:15:10 | 000,000,000 | RHSD | C] -- C:\Documents and Settings\All Users\Application Data\Temp [2010/11/03 18:15:08 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\gdiplus.dll [2010/11/03 18:15:08 | 001,165,824 | ---- | C] (ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM) -- C:\WINDOWS\System32\PrtClient.exe [2010/11/03 18:15:08 | 000,822,784 | ---- | C] (ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM) -- C:\WINDOWS\System32\SetupDrv.exe [2010/11/03 18:15:08 | 000,702,976 | ---- | C] (ActMask - http://www.all2pdf.com) -- C:\WINDOWS\System32\PrtTools.exe [2010/11/03 18:15:08 | 000,375,296 | ---- | C] (ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM) -- C:\WINDOWS\System32\SetPrinter.exe [2010/11/03 18:15:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\Infix PDF [2010/11/03 18:15:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Aspell [2010/11/03 18:15:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Iceni [2010/11/03 18:15:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Application Data\Iceni [2010/11/03 18:14:59 | 000,000,000 | ---D | C] -- C:\Program Files\Iceni [2010/11/03 18:14:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Application Data\Aspell [2010/11/02 18:50:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DirectX [2010/11/02 17:57:29 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbser.sys [2010/10/29 11:52:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\fscltdcn [2010/10/29 11:41:37 | 000,334,336 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\bcdedit.exe [2010/10/29 11:41:37 | 000,000,000 | ---D | C] -- C:\boot [2010/10/29 11:41:34 | 000,000,000 | ---D | C] -- C:\Sources [2010/10/29 11:41:24 | 000,000,000 | ---D | C] -- C:\RITSoftwareProvider [2010/10/29 11:41:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Farstone [2010/10/29 11:40:45 | 000,000,000 | ---D | C] -- C:\Program Files\FarStone Total Recovery Pro [2010/10/27 13:34:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2010/10/27 13:32:06 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2010/10/27 13:32:06 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2010/10/27 13:32:06 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2010/10/27 13:31:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Application Data\U3 [2010/10/27 12:52:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Application Data\vlc [2010/10/27 12:32:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Application Data\HP [2010/10/27 12:27:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Programs [2010/10/27 12:03:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Local Settings\Application Data\Adobe [2010/10/27 10:31:12 | 000,000,000 | ---D | C] -- C:\PDFZilla [2010/10/27 09:54:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BVRP Software [2010/10/27 09:51:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Application Data\Macromedia [2010/10/27 09:51:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Application Data\Adobe [2010/10/27 09:51:13 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\AdmTmp\PrivacIE [2010/10/27 09:51:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Local Settings\Application Data\crazyloader Air [2010/10/27 09:40:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Local Settings\Application Data\Sony [2010/10/27 09:39:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\My Documents\My Podcasts [2010/10/27 09:39:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\My Documents\Media Go [2010/10/27 09:38:37 | 000,000,000 | R--D | C] -- C:\Documents and Settings\AdmTmp\My Documents\My Videos [2010/10/27 09:37:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Sony Shared [2010/10/27 09:37:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Local Settings\Application Data\Downloaded Installations [2010/10/27 09:37:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sony Corporation [2010/10/27 09:37:25 | 000,000,000 | ---D | C] -- C:\Program Files\Sony [2010/10/27 09:36:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Application Data\Sun [2010/10/27 09:36:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple [2010/10/27 09:36:32 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime [2010/10/27 09:36:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer [2010/10/27 09:36:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Local Settings\Application Data\Apple [2010/10/27 09:36:22 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update [2010/10/27 09:36:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple [2010/10/27 09:36:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Local Settings\Application Data\Apple Computer [2010/10/27 09:34:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Application Data\Sony [2010/10/27 09:33:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Local Settings\Application Data\Sony Ericsson [2010/10/27 09:33:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sony Ericsson [2010/10/27 09:31:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Local Settings\Application Data\Roxio [2010/10/27 09:31:39 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\AdmTmp\IETldCache [2010/10/27 08:20:28 | 000,000,000 | ---D | C] -- C:\Program Files\Sony Ericsson [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010/11/18 22:31:15 | 000,000,016 | ---- | M] () -- C:\WINDOWS\System32\dmlconf.dat [2010/11/18 22:30:00 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{F478C670-EB69-4F80-AD10-1F866C9C882A}.job [2010/11/18 22:24:15 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\AdmTmp\Desktop\OTL.exe [2010/11/18 22:09:53 | 000,001,152 | ---- | M] () -- C:\WINDOWS\System32\windrv.sys [2010/11/18 22:09:45 | 000,000,661 | ---- | M] () -- C:\Documents and Settings\AdmTmp\Desktop\SpyNoMore.lnk [2010/11/18 22:01:04 | 000,001,142 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-299502267-1425521274-725345543-10999UA.job [2010/11/18 21:56:18 | 000,462,502 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010/11/18 21:56:18 | 000,078,448 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010/11/18 21:53:33 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010/11/18 21:50:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010/11/18 21:33:40 | 000,061,952 | ---- | M] (Macromedia, Inc.) -- C:\WINDOWS\explorermgr.exe [2010/11/18 21:31:14 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2010/11/18 20:23:52 | 000,001,623 | ---- | M] () -- C:\Documents and Settings\AdmTmp\Desktop\List_Kill'em.lnk [2010/11/18 20:19:57 | 003,285,305 | ---- | M] (g3n-h@ckm@n ) -- C:\Documents and Settings\AdmTmp\Desktop\List_Killem_Install.exe [2010/11/18 19:42:48 | 003,911,434 | R--- | M] () -- C:\Documents and Settings\AdmTmp\Desktop\ComboFix.exe [2010/11/18 11:23:15 | 000,000,327 | RHS- | M] () -- C:\boot.ini [2010/11/18 07:44:27 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{29DA29CD-CCA3-43F3-9D2E-A0A518FF80F6}.job [2010/11/16 21:18:58 | 000,000,759 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Exterminate It!.lnk [2010/11/16 21:01:00 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-299502267-1425521274-725345543-10999Core.job [2010/11/16 14:27:06 | 000,000,699 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010/11/16 13:50:22 | 000,343,020 | ---- | M] () -- C:\Documents and Settings\AdmTmp\Desktop\ToolBarSD.exe [2010/11/16 13:34:11 | 000,006,385 | ---- | M] () -- C:\WINDOWS\wininit.ini [2010/11/16 13:13:49 | 000,000,954 | ---- | M] () -- C:\Documents and Settings\AdmTmp\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk [2010/11/16 13:13:49 | 000,000,936 | ---- | M] () -- C:\Documents and Settings\AdmTmp\Desktop\Spybot - Search & Destroy.lnk [2010/11/16 12:13:03 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\AdmTmp\Local Settings\Application Data\housecall.guid.cache [2010/11/16 11:45:39 | 000,024,416 | ---- | M] (Greatis Software) -- C:\WINDOWS\System32\drivers\regguard.sys [2010/11/16 09:32:19 | 000,000,737 | ---- | M] () -- C:\Documents and Settings\AdmTmp\Desktop\Reanimator.lnk [2010/11/16 08:41:30 | 000,037,600 | ---- | M] (Greatis Software) -- C:\WINDOWS\System32\Partizan.exe [2010/11/16 08:41:30 | 000,035,816 | ---- | M] (Greatis Software) -- C:\WINDOWS\System32\drivers\Partizan.sys [2010/11/16 08:40:53 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2010/11/16 08:40:53 | 000,001,688 | ---- | M] () -- C:\WINDOWS\System32\AUTOEXEC.NT [2010/11/08 21:17:49 | 000,000,692 | ---- | M] () -- C:\Documents and Settings\AdmTmp\Application Data\Microsoft\Internet Explorer\Quick Launch\Infix PDF Editor.lnk [2010/11/08 21:17:48 | 000,000,674 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Infix PDF Editor.lnk [2010/11/08 21:13:41 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\AdmTmp\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/11/08 20:54:52 | 000,249,856 | ---- | M] (TODO: <Company name>) -- C:\WINDOWS\System32\pdfmona.dll [2010/11/08 20:54:52 | 000,051,716 | ---- | M] () -- C:\WINDOWS\System32\pdf995mon.dll [2010/11/08 01:20:24 | 000,089,088 | ---- | M] () -- C:\WINDOWS\MBR.exe [2010/10/29 12:08:27 | 000,000,529 | RHS- | M] () -- C:\WINDOWS\System32\VFsRegister [2010/10/29 11:53:04 | 000,014,848 | -H-- | M] () -- C:\logicinf.bin [2010/10/29 11:53:04 | 000,001,024 | -H-- | M] () -- C:\diskfile1 [2010/10/29 11:52:44 | 000,000,157 | ---- | M] () -- C:\win32log.ini [2010/10/29 11:43:49 | 000,261,432 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010/10/29 11:41:39 | 000,001,709 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\FarStone Total Recovery 7 Pro.lnk [2010/10/29 11:41:19 | 004,194,304 | RH-- | M] () -- C:\spc_kern [2010/10/29 11:41:19 | 000,000,000 | RH-- | M] () -- C:\tasks.ini [2010/10/27 13:16:37 | 000,089,716 | ---- | M] () -- C:\WINDOWS\hpoins06.dat [2010/10/27 10:04:16 | 037,065,048 | ---- | M] () -- C:\Documents and Settings\AdmTmp\My Documents\Update_Service_Setup-2.10.11.10.exe [2010/10/27 09:37:00 | 000,001,802 | ---- | M] () -- C:\Documents and Settings\AdmTmp\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk [2010/10/27 09:37:00 | 000,001,607 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk [2010/10/27 09:36:25 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2010/10/27 09:31:44 | 000,000,818 | ---- | M] () -- C:\Documents and Settings\AdmTmp\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2010/10/27 08:33:59 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2010/11/18 22:09:53 | 000,001,152 | ---- | C] () -- C:\WINDOWS\System32\windrv.sys [2010/11/18 22:09:45 | 000,000,661 | ---- | C] () -- C:\Documents and Settings\AdmTmp\Desktop\SpyNoMore.lnk [2010/11/18 21:33:40 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\dmlconf.dat [2010/11/18 20:23:52 | 000,001,623 | ---- | C] () -- C:\Documents and Settings\AdmTmp\Desktop\List_Kill'em.lnk [2010/11/18 19:38:48 | 003,911,434 | R--- | C] () -- C:\Documents and Settings\AdmTmp\Desktop\ComboFix.exe [2010/11/18 11:23:15 | 000,000,210 | ---- | C] () -- C:\Boot.bak [2010/11/18 11:23:11 | 000,261,936 | RHS- | C] () -- C:\cmldr [2010/11/18 11:20:22 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe [2010/11/18 11:20:19 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe [2010/11/18 11:20:19 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2010/11/18 11:20:19 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2010/11/18 11:20:19 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2010/11/16 21:18:58 | 000,000,759 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Exterminate It!.lnk [2010/11/16 14:27:06 | 000,000,699 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010/11/16 14:19:47 | 000,343,020 | ---- | C] () -- C:\Documents and Settings\AdmTmp\Desktop\ToolBarSD.exe [2010/11/16 13:13:49 | 000,000,954 | ---- | C] () -- C:\Documents and Settings\AdmTmp\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk [2010/11/16 13:13:49 | 000,000,936 | ---- | C] () -- C:\Documents and Settings\AdmTmp\Desktop\Spybot - Search & Destroy.lnk [2010/11/16 12:13:03 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\AdmTmp\Local Settings\Application Data\housecall.guid.cache [2010/11/16 08:40:48 | 000,000,737 | ---- | C] () -- C:\Documents and Settings\AdmTmp\Desktop\Reanimator.lnk [2010/11/08 20:54:52 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll [2010/11/03 18:15:43 | 001,391,616 | ---- | C] () -- C:\WINDOWS\System32\ActPDF.dll [2010/11/03 18:15:09 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\PrtPass.exe [2010/11/03 18:15:08 | 000,691,200 | ---- | C] () -- C:\WINDOWS\System32\PrintLog.exe [2010/11/03 18:15:08 | 000,097,016 | ---- | C] () -- C:\WINDOWS\System32\Cancel.wav [2010/11/03 18:15:08 | 000,010,398 | ---- | C] () -- C:\WINDOWS\System32\START.WAV [2010/11/03 18:15:08 | 000,004,486 | ---- | C] () -- C:\WINDOWS\System32\FINISH.WAV [2010/11/03 18:15:06 | 000,000,692 | ---- | C] () -- C:\Documents and Settings\AdmTmp\Application Data\Microsoft\Internet Explorer\Quick Launch\Infix PDF Editor.lnk [2010/11/03 18:15:06 | 000,000,674 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Infix PDF Editor.lnk [2010/10/29 11:53:04 | 000,001,024 | -H-- | C] () -- C:\diskfile1 [2010/10/29 11:52:44 | 000,000,157 | ---- | C] () -- C:\win32log.ini [2010/10/29 11:41:39 | 000,001,709 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\FarStone Total Recovery 7 Pro.lnk [2010/10/29 11:41:37 | 000,438,840 | R--- | C] () -- C:\PEMGR [2010/10/29 11:41:19 | 000,014,848 | -H-- | C] () -- C:\logicinf.bin [2010/10/29 11:41:19 | 000,000,000 | RH-- | C] () -- C:\tasks.ini [2010/10/29 11:41:16 | 000,086,056 | ---- | C] () -- C:\WINDOWS\System32\drivers\dcsnap.sys [2010/10/29 11:41:15 | 004,194,304 | RH-- | C] () -- C:\spc_kern [2010/10/29 11:41:15 | 003,145,728 | RH-- | C] () -- C:\spc_init [2010/10/29 11:41:15 | 000,030,972 | ---- | C] () -- C:\FARSBOOT.BIO [2010/10/29 11:41:15 | 000,000,512 | ---- | C] () -- C:\FARSBOOT.BIN [2010/10/29 11:41:15 | 000,000,388 | ---- | C] () -- C:\DCMBRBIN [2010/10/29 11:40:28 | 000,000,529 | RHS- | C] () -- C:\WINDOWS\System32\VFsRegister [2010/10/29 11:39:58 | 000,020,824 | R--- | C] () -- C:\WINDOWS\System32\drivers\FarMntIo.sys [2010/10/27 13:16:16 | 000,089,716 | ---- | C] () -- C:\WINDOWS\hpoins06.dat [2010/10/27 13:16:15 | 000,005,389 | ---- | C] () -- C:\WINDOWS\hpomdl06.dat [2010/10/27 12:51:12 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\AdmTmp\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/10/27 10:03:48 | 037,065,048 | ---- | C] () -- C:\Documents and Settings\AdmTmp\My Documents\Update_Service_Setup-2.10.11.10.exe [2010/10/27 09:37:00 | 000,001,802 | ---- | C] () -- C:\Documents and Settings\AdmTmp\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk [2010/10/27 09:37:00 | 000,001,607 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk [2010/10/27 09:36:25 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2010/09/20 13:30:13 | 000,000,067 | ---- | C] () -- C:\WINDOWS\SpotAuditor.INI [2010/09/01 15:32:20 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll [2010/08/27 13:05:27 | 000,007,482 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log [2010/06/29 13:25:22 | 000,589,480 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat [2010/06/11 13:22:28 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\DWFPORTMON3.DLL.del [2010/06/11 12:47:46 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL [2010/06/11 12:47:45 | 000,006,385 | ---- | C] () -- C:\WINDOWS\wininit.ini [2010/06/11 12:36:17 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\custmon32.dll [2010/05/12 11:54:49 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2010/04/14 15:45:22 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll [2009/01/05 15:44:10 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini [2008/04/14 13:00:00 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll [2008/04/14 13:00:00 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll [2008/04/14 13:00:00 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll [2008/04/14 13:00:00 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll [2008/04/14 13:00:00 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll [2007/09/27 18:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini [2007/09/27 18:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini [2007/09/27 18:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini [2007/07/03 20:22:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini [2006/09/24 22:02:34 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll [2006/09/24 22:02:34 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll [2001/07/06 14:30:00 | 000,003,425 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini [2000/01/07 01:00:00 | 000,022,224 | ---- | C] () -- C:\WINDOWS\System32\proclsvr.drv < End of report >

de plus en mode normal, OTL est systhématiquement supprimé par mon antivirus ???

J'ai toujours ces mêmes alertes : wmplayer.exe et setup_wm.exe dans le répertoire c:\Program Files\Windows Media Player détecté W32/NGVCK ????

Je suis en mode sans échec et donc pas d'alertes avec ce mode. Je passe en mode normal et t'informe du comportement de mon pc portable.